Mailfence Review – Is It Secure Enough?

What Is Mailfence?

Mailfence offers a secure email service that specifically caters to people who want extra privacy and security while they’re sending and receiving messages to and from their contacts. The project is an ambitious one, considering that Mailfence doesn’t just cater to individuals but also entities such as universities and businesses.

The best way to think about Mailfence is that it’s similar to Gmail but with better privacy and security features. Of course, no email service is perfect.

In this Mailfence review, we’ll examine whether this encrypted email service is worth your support.

Mailfence homepage

What Is a Secure Email Service?

Secure email is just a regular email service with the addition of encryption. Typically, when you want to send an email message, the service you use to send the message has to use either HTTP or SMTP to actually send the message. The message then has to make its way to an email server, which usually works either with IMAP or the POP3 protocol. The recipient of the message then pulls your message from that email server with the help of an email client such as Outlook or Gmail.

The problem is that SMTP transfers messages in plain-text and POP3/IMAP don’t use encryption when they store messages on a given web server.

To combat this problem, the market has seen the rise of secure/private email service providers that add encryption to sensitive information.

With encrypted email service providers, Open PGP is used to encrypt the messages to be sent. Then, the SMTP protocol is bolstered with the help of SSL/TLS encryption so that messages have boosted security while they’re in transit. Finally, the POP3/IMAP protocols get SSL/TLS encryption as well so that pulling messages from the email server is safe and private.

Mailfence Pro’s Vs Cons

Pros

  • Anonymous payment options
  • Nice user interface
  • OpenPGP Keystore support available
  • 2FA support available
  • Email header IP address removal feature available
  • Password protection support for messages
  • Synchronization support with other popular email clients
  • IMAP, POP and SMTP support available
  • Extra features such as Groups, Calendar, Contacts, Documents and Messages
  • OpenPGP encryption support
  • End-to-end encryption support
  • Digital signatures support
  • Two-factor authentication
  • Servers located in Belgium

Cons

  • No default inbox encryption at rest
  • The company logs data, including IP addresses
  • Closed source

Mailfence Price

Mailfence offers four different pricing tiers:

  • Free
  • Entry at €2.50 (or approximately $2.91 USD) per month
  • Pro at €7.50 (approximately $8.74 USD) per month
  • Ultra at €25 (approximately $29.12 USD) per month

The free plan allows users to have 500 MB of email storage. There is another 500 MB of storage available for documents and other files, but since you want to use an encrypted email service, the documents storage might not be worth much to you. Mailfence’s free version only offers the email channel as customer support and excludes essential protocols such as SMTP and IMAP.

The paid plans include custom domain support and different forms of customer support, such as email and phone. Each of the paid plans offers the same features. The only thing different about them is the amount of online space you get to use, in addition to email addresses and groups.

If you’re like most people, you will probably have a decent time with the entry plan, which costs less than $3 per month. For that amount, you will get around 12 GB of space for storing documents, along with 10 email aliases and three groups. For the price, we believe that the entry-level tier is a good value for the money.

a laptop with a mail client open, the laptop is space grey

You can always go with the Ultra plan if you feel like you need higher numbers for any of the features mentioned above. Still, it’s best to begin your journey by signing up for the free plan since that is ideal for testing out the service before shelling out any money. Once you’re comfortable with the free plan, you can then think about signing up for the entry plan and move forward from there according to your needs.

Pro Tip:

Do keep in mind that Mailfence doesn’t really have a refund policy. So, you should take advantage of its free tier before you eventually decide to become a paid member. They also have a 2 week trial for the paid plans, so make the most of it and give it a real test.

Business users can get the same deal but have access to advanced features such as control panel, Mailfence API, white labeling services, and SSO services.

Mailfence Features

As a private email service, Mailfence has all of the features you could need. Then, in the paid versions, it adds more features such as more document storage, groups, calendar, contacts and messaging options. The service makes use of the OpenPGP protocol for encryption, which has become the industry standard. Mailfence also has support for digital signatures, which add an extra layer of security to your overall data and messages.

As far as messaging protocols go, Mailfence has support for POP, IMAP and SMTP. If there’s another email client that you’d like to synchronize your data with, Mailfence can do that both on the mobile and desktop platforms.

a person using both his laptop and his phone to check his email at the same time due to work overload

Apart from that, Mailfence has support for digitally signing email messages with the help of OpenPGP. It also has ActiveSync and CardDAV support. The business version has more customization options and you can send messages with encryption without using PGP. Furthermore, Mailfence has a built-in keystore feature that makes it easy for users to manage their OpenPGP encryption keys.

There are many other email management features as well, such as shared inbox support, an anti-spam component, a blacklisting and whitelisting feature, two-factor authentication, digital signatures, data recovery and archiving.

How Easy Is It To Use Mailfence?

a happy female smiling with white teeth after seeing her email while talking on a phone

Compared to other popular email providers like Microsoft Outlook or Google’s Gmail, Mailfence’s private email service is fairly easy to use. The process of creating an account is straightforward and the dashboard shows you all the information you need to manage your messages and files properly.

Now, all that information on a single page can become overwhelming for some, and this is where Mailfence needs to put in some much-needed work to make the service easy to use for everyone. Once you’ve created your Mailfence account, you need to select a new email address.

To do that, you need to navigate to the specific page via the menu. This process may or may not go smoothly depending on how customized you want your email address to be. Once you’re done with that, though, you should be able to deal with the overall interface.

Mailfence uses asymmetric encryption, which means you will have a public key and a private key for your messages. This concept should be easy if you’re familiar with how encrypted email services work. We should mention here that Mailfence does not use encryption for your messages automatically by default. To take advantage of full encryption between different OpenPGP email services, you must generate the required key pair through the settings menu.

Overall, though, Mailfence is easy to use but could use some improvements for users who don’t know how its encryption support works.

For Messages (any email service’s bread and butter), you have the three-column layout that most email service providers now use by default. On the left side of the Messages screen, you have all the usual items such as folders marked Inbox, Sent and Trash, among other sections.

Since Mailfence provides more security and privacy than other standard email service providers (and it does that through encryption), you should learn how to take advantage of that.

This is important:

For encryption, you will have to generate encryption keys. You have to do this before you think about receiving or sending email messages from the new service.

So, go to the Mailfence website, sign in, then click the icon that appears in the top-right corner of the screen. Now, click Settings from the menu and then click on Encryption from the left-corner menu. The new page will have everything you need to generate encryption keys for encrypted messages. Don’t forget to follow all the other steps that appear on the screen to complete the process fully.

You can always go to the Messages section and then click the button that says New, type your message and then click Encryption to add encryption to your message via a wizard (that helps you with everything). Then, click Sign & Send to have more security through digital signatures.

Mailfence provides options to send/receive messages without either of these features as well.

How Does Mailfence Secure My Email?

a person holding a smartphone with the mail client open showcasing a mail logo

All good private email service providers, including Mailfence, offer end-to-end encryption to any two users with their public encryption keys shared. This is what’s known as asymmetric encryption. Mailfence uses OpenPGP for that purpose, which is pretty good in terms of reliability and security.

But Mailfence does one better as well. It uses a private encryption key to perform encryption on your messages when at rest.

With a built-in Keystore feature, users can manage more than one encryption key pair. Not all users will require this feature, but it’s there for anyone who needs that extra level of security with end-to-end encrypted messages.

Mailfence has support for RSA and ECC, as well. With this type of encryption, users have to use a password to protect their email messages and then give that password to the person they want to communicate with.

Mailfence works on a zero-knowledge environment policy, which means it doesn’t know anything about your encryption keys or passwords. This type of password protection for email messages is known as symmetric encryption. It is useful in cases where the two users in question don’t know much about private-public encryption keys.

One other way Mailfence provides security for your messages is through digital signatures. Sign any OpenPGP message digitally with the private key, and you are all set. Once the receiver gets the message, Mailfence will compare the hash of the private encryption key of the message you sent with the message the receiver got. If they don’t match, it will void the message.

There are other security protocols, as well. You can use the two-factor authentication support along with SSL/TLS encryption and perfect forward secrecy for all your messages that are moving from one place to another without even using OpenPGP. To protect against TLS downgrade attempts, Mailfence uses SMTP for messages you send out to others.

Mailfence vs Tutanota

Tutanota homepage

Unlike Gmail or Yahoo, Mailfence and Tutanota both target users who want more privacy when communicating with other people on the internet. Since there aren’t many services in this niche, Tutanota and Mailfence have become fierce competitors in the market for privacy-conscious email services.

Tutanota has a better reputation in the industry because of its work and the fact that it has desktop and mobile apps, while Mailfence does not. Mailfence also doesn’t offer full encryption since it doesn’t touch messages that users send/receive in plain-text. Tutanota provides full encryption even for messages that are at rest.

Tutanota also gets out of your way when it comes to encryption because it doesn’t require users to manage any encryption keys. Mailfence does require you to manage them.

Everything related to encryption management happens in the background when you’re using Tutanota. That is not the case with Mailfence.

But Mailfence trumps Tutanota when it comes to supporting Large, Medium, and Small Businesses via stability and reliability at an economical price.

Tutanota can get fairly pricey if one includes the cost of various add-ons.

Mailfence also has a better set of encryption options on offer when compared to Tutanota. It has a full API for tasks such as access monitoring and is based in Belgium, which in comparison to Tutanota (which is based in Germany), is better as far as user privacy is concerned. More specifically, the chances of law enforcement agencies asking for user data in Germany is greater than in Belgium. And while law enforcement agencies rarely ask email service providers for data, it is always a plus to know that even if they did, the service you have signed up for would be able to better defend you than a competitor.

Mailfence vs ProtonMail

ProtonMail homepage

Like Tutanota, ProtonMail also offers its services to the same market as Mailfence. And just like Tuotanota, ProtonMail gets out of your way to make it easier for you to use OpenPGP to encrypt your messages and get more privacy.

That is the major difference between ProtonMail and Mailfence. ProtonMail’s end-to-end encrypted email service is open-source and free, though it does have paid options.

From a privacy and anonymity standpoint, ProtonMail is more reliable than Mailfence since ProtonMail does not record any IP address or other information on its customers.

Note:

ProtonMail makes use of end-to-end encryption to such an extent that no one except you can decrypt your messages. And, since it doesn’t keep any information on you, if you lose your password, you lose your account as ProtonMail can’t help you.

Its paid version comes with a VPN, auto-reply and customer filter settings, which you can’t find in Mailfence. Unlike Mailfence, ProtonMail is open-source, which means that it is likely more private and secure than Mailfence since its code is available for public scrutiny.

But Mailfence has numerous benefits of its own. Protonmail may be the flashier of the two but as far as functional features go, Mailfence has ProtonMail beat.

Mailfence is also more transparent about its privacy policy than ProtonMail. ProtonMail says that it has no access to user data but if you read their privacy policy a bit more closely, the email service mentions it accesses email metadata, meaning the service can access the IP address from where the user receives a message, the email addresses of the recipient and sender in addition to message subject and send/receive times.

Mailfence also has better additional features, at no extra cost, such as Calendar, Notes, IMAP/POP, OpenPGP interoperability, YubiKey support.

Mailfence also has a better customer support and allows users to import their own private encryption keys for PGP and send/receive unencrypted messages. ProtonMail offers none of that.

Mailfence Mobile Web App

Mailfence, as mentioned in this review, doesn’t have a mobile app. But it does have a responsive web app. The web app has certain limitations such as lack of push notifications, no Settings and Calendar features and bugs. But overall, it does make Mailfence usable on mobile platforms.

Moreover, as time goes on, it is only going to get better.

As far as the UI is concerned, the mobile web app has a blue theme and a fairly minimalist interface. It doesn’t overwhelm the user with tons of options. But that may be because it currently does not have many to offer.

You do get access to the standard features though. There is the Inbox section, the sent section, Trash, Drafts and Spam. You can also avail the Documents feature via the mobile web app. As with the desktop web browser version, you get access to additional features such as Contacts and the previously mentioned Documents.

An image featuring main page section in Mailfence mobile web app

An image featuring my documents section in Mailfence mobile web app

To start using the mobile web app just go to app.mailfence.com from your mobile device.

Then input your username and password to get going. The home screen will automatically open the Inbox tab for you and you can use the little blue button in the bottom right corner of the screen to start composing a message. On the lower-left corner you have the search functionality.

An image featuring inbox section in Mailfence mobile web app

An image featuring compose message section in Mailfence mobile web app

This is important:

Keep in mind though that if you have not generated a personal encryption key for your account then you can’t do that via that mobile web app. Go to the desktop version to get one.

Who Is Behind/Running Mailfence?

a man in a shadow showcasing him thinking

ContactOffice Group SA is the company behind Mailfence. It is located in Belgium and came into existence around 1999. The company launched its Mailfence email product in 2013.

Mailfence operates and owns its own servers, and all of them are located in Belgium, a country that is not known to be strict about observing its citizens’ data when compared to other countries in Europe and North America. The government is also not known for using NSLs or gag orders to extract data from various organizations.

Moreover, Mailfence has a dedicated page for people who want more information on its transparency. It even maintains a Warrant Canary, disclosing updates about the legal requests it has received.

You can read updates from the Warrant Canary here.

However, Belgium does form a part of the Fourteen Eyes alliance, which means it can cooperate with other countries if they ask for data from any of the country’s email service providers.

Still, Mailfence maintains that it does not cooperate with any law enforcement agency that is outside the country. It also says it does not sell user data to third party marketing companies. However, it does collect some data for its own use.

This data could include message IDs, IP addresses, sender/receiver addresses, subject lines and web browser information. This is in addition to your name and payment information, along with the country of origin, when you sign up for the service itself.

How To Send and Receive Secure Email?

a person using a white tablet to check his mail

If you need to use a secure email service to send/receive secure messages, you can get a Mailfence account through the company’s website.

Once you have your Mailfence login details, you can send end-to-end encrypted messages to your contacts and they can receive messages with encryption if they’re also on the Mailfence platform.

There are lots of other private email providers that offer end-to-end encryption, such as ProtonMail and Tuotanota, and you should read some more secure email reviews to decide which of these email providers offer the most transparency and privacy features.

Conclusion: Mailfence Review

Considering the functions that a privacy-focused email service is supposed to accomplish, Mailfence gets many things right. Its encryption technologies are dependable and offer plenty of features for advanced users.

Even though Mailfence is closed source, the service is easy to use for beginners and with the release of its new mobile app (for iOS and Android), it is just getting better and better.

If you have any questions about this review, feel free to ask them in the comments section below.

Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment