Any NEW E-Mail Providers out there

[zimmermanfan]

Quote:

Originally Posted by www.safe-mail.eu

q) Can I access my mail through POP3/IMAP?

a) Yes, with a premium account you can login with your favorite mail client through POP3/IMAP.

That makes the free account virtually unusable. The small space means an MUA must poll for messages every 10 min or so. But if free users are blocked, then they must frequently login, manually, over the web.

From a security standpoint, free is better because payments can compromise anonymity. It's good that crypto-currency is accepted, but that's not fool-proof.

Offering paypal is a very bad idea. Not only is it bad for security, but paypal is terribly unethical. Paypal (now owned by CISPA-supporting eBay) voluntarily blocked donations going to wikileaks. Not to mention their atrocious customer service. Safe-mail.eu should be boycotting paypal, not supporting it considering your customers have some respect for civil liberties.

I suggest pop3 on the free accounts, and taking crypto-currency donations. That way donors are not linked to a particular account, and don't compromise anonymity.

[north]

protonmail is still not availible for the public, isnt it? do i need an invite?

[janusz]

It is available, no need for an invite.
I opened an account, but I found it unusable (may be my fault).

[rmannam]

Please explain "unusable".
Have you reported the unusable issue it to ProtonMail Admin?

[jarland]

Quote:

Originally Posted by jl66

DANE (DnsSec), encrypted calendars and contacts, encrypted emails in servers, notes, Extended Validation certificate, decent price per month, opensource, activate or deactivate pop/imap, etc...

What email service is open source and how is an EV SSL certificate a feature? No offense just a lot of that makes no sense.

[jl66]

Quote:

Originally Posted by jarland

What email service is open source and how is an EV SSL certificate a feature? No offense just a lot of that makes no sense.

Roundcube is OpenSource and some email services use it, or even they add some more features and they are also OpenSource.
EV SSL certificate give us more security against false certificates and interception, so I consider it a feature:
https://www.grc.com/fingerprints.htm
https://www.grc.com/ssl/ev.htm

[SafeMail]

Quote:

Originally Posted by jl66

Roundcube is OpenSource and some email services use it, or even they add some more features and they are also OpenSource.
EV SSL certificate give us more security against false certificates and interception, so I consider it a feature:
https://www.grc.com/fingerprints.htm
https://www.grc.com/ssl/ev.htm

You do know what a EV SSL is? It is extended verification, that's all. That means they check if the domains WHOIS is the same as the company address and they call you if it is you. That's it! After that you get a green bar and it has the same features as a normal SSL. They can also be intercepted and WHOIS can be changed after the verification.

It gives you nothing more then a nice green bar with your name company in it. It only costs you 20-160 times more then a normal one

[north]

Quote:

Originally Posted by janusz

It is available, no need for an invite.
I opened an account, but I found it unusable (may be my fault).

sure?

Code:

Request an invite for a
free ProtonMail account.

Due to high demand, we have hit our capacity limit. We are adding servers constantly and will send you an invitation as soon as possible.

https://protonmail.com/create-account = https://protonmail.com/invite

[jl66]

Quote:

Originally Posted by SafeMail

You do know what a EV SSL is? It is extended verification, that's all. That means they check if the domains WHOIS is the same as the company address and they call you if it is you. That's it! After that you get a green bar and it has the same features as a normal SSL. They can also be intercepted and WHOIS can be changed after the verification.

It gives you nothing more then a nice green bar with your name company in it. It only costs you 20-160 times more then a normal one

Did you read the links?, maybe it could be a surprise for you.

[SafeMail]

Quote:

Originally Posted by jl66

Did you read the links?, maybe it could be a surprise for you.

I did, did you read this:

Quote:

Any EV site being intercepted will LOSE its green EV display status!
(It will show as “secure”, but it won't show as EV.)

How does a user know that you had an EV when it is still saying that it is secure?

As i said, i can be intercepted also and give it a status that it is secure. A false one. And then we didn't discussed the IE problem yet

[jarland]

Quote:

Originally Posted by jl66

Roundcube is OpenSource and some email services use it, or even they add some more features and they are also OpenSource.
EV SSL certificate give us more security against false certificates and interception, so I consider it a feature:
https://www.grc.com/fingerprints.htm
https://www.grc.com/ssl/ev.htm

I mean, this is pure opinion but the reason I don't consider these features:

1. Roundcube can be installed on a personal system at any time and used to connect to any service that supports IMAP/SMTP. As a feature it seems mostly irrelevant to me. I've come to accept it as a basic requirement or easily set up myself if not provided.

2. I would encourage people to not consider EV SSL as something that can boost a provider from "untrusted" to "trusted." But that's the thing, that's most of what it is supposed to do is encourage a level of trust. Plenty of scammers and terrible developers are capable of obtaining this. It doesn't measure skill, it doesn't judge intent, and it doesn't validate your business plan. It merely means "I am who I say I am." SSL security, regardless of the certificate type, can be compromised at the client system and that will always be the primary battleground for security, something no provider can ever truly protect you from.

I assure you that if anyone wants to distribute malware that intercepts the SSL connection on your system and maintains the green bar in your browser, they can absolutely do so. You have to think that local malware can have a multi-tiered approach to malicious activity, one of which can just as easily be alteration to your browser. I'm quite confident in saying that the only barrier to a proof of concept is motivation. Right now that just isn't a big playground for malware in general, many are still content with the good old "lock up your system for ransom money" scam

But anyway.... on the topic subject... I'll raise my hand as new since 2012

[jl66]

Quote:

Originally Posted by SafeMail

I did, did you read this:



How does a user know that you had an EV when it is still saying that it is secure?

As i said, i can be intercepted also and give it a status that it is secure. A false one. And then we didn't discussed the IE problem yet

Of course, it means the opposite, it will only appears as a "secure website" but not in green or EV, please read it

In other words, this site — WWW.GRC.COM — uses extended validation certificates. If you are viewing this site through a properly designed web browser, you can only see the green EV indication if the connection is NOT being intercepted!

[SafeMail]

Quote:

Originally Posted by jl66

Of course, it means the opposite, it will only appears as a "secure website" but not in green or EV, please read it

In other words, this site — WWW.GRC.COM — uses extended validation certificates. If you are viewing this site through a properly designed web browser, you can only see the green EV indication if the connection is NOT being intercepted!

I fully understand bro, but how would a NEW user know that I had an EV if it shows as secure while it has been intercepted? Because that is what it is saying...that it shows secure without green bar. So a new user still thinks the site is safe to use and that i have installed a normal SSL. If you turn it that way then an EV has no value at all except that it is more expensive.

[jl66]

What I mean is that browsing some website I could only see the padlock and https (only a secure website but who knows if the certificate is compromised or a mitm attack is hidden, I could only check sha fingerprint in it and compare with the original) OR I could see the "entire bar" in green (as we can see when an EV certificate is working), and so it's fast to know that you are safe if the entire bar is green thanks to the EV certificate.
If I know that this website has an EV certificate and my browser (not explorer) is not showing entirely in green then something is happening...
If some service offers to the clients this EV certificate then we know!

[FredOnline]

Quote:

Originally Posted by SafeMail

You could try our service which is located at https://www.safe-mail.eu but i don't know if it is accepted if I'm doing this. I have asked the admin if i can make a thread here, so I'm waiting on that.

Looking at your website, and the image of someone with a hoody on and the face obscured.

It looks rather intimidating to me.

Is that the image you wish to portray for your service, and do you hope that image will attract a particular type of user?