- Регистрация
- 31.12.2019
- Сообщения
- 7,535
- Реакции
- 36
Отличная статья об Анонимный e-mail. Обсуждаем максимально защищённую и надёжную почту.
Список для обсуждений:
digdeeper.neocities.org/ghost/emailrus.html#encryption
Таблица со сравниением разных сервисов
prxbx.com/email/
https://dismail.de/serverlist.html
Список бесплатных почтовых серверов
To be clear: This list does not want to make any statement about the quality of the email providers or their services. It takes more than just encryption, to provide a secure and reliable email service.
This is a manually created list which might be outdated in some places. In addition, test results may be wrong for various reasons. Please take into account the fact that email providers have to be very cautious when modifying there servers, e.g. to not lock out old clients and to avoid problems when receiving or sending emails.
So, please don't take this list too seriously, and/or try to ...
... understand the test results and the implications they might have:
Please feel free to send links, corrections or extra infos to: [email protected] (email/xmpp)
Last update: 2020-01-02
Changes:
Список для обсуждений:
- Google, Яндекс, Outlook, Yahoo -
- Hushmail -
- VFEmail -
- FastMail -
- ProtonMail -
- Scryptmail (сдох)-
- Criptext -
- Soverin -
- SAFe-mail (safe-mail.net) -
- OpenMailBox (сдох) -
- Runbox -
- Mailfence -
- Safe-Mail (safe-mail.nl) -
- Neomailbox -
- Mailbox.org -
- Secmail.pro -
- CTemplar -
- KolabNow -
- Teknik -
- Tutanota -
- Autistici -
- StartMail -
- Dismail -
- Cock.li -
- Paranoid.email -
- CounterMail -
- Posteo -
- Disroot -
- Elude -
- RiseUp -
- Временный e-mail -
digdeeper.neocities.org/ghost/emailrus.html#encryption
Таблица со сравниением разных сервисов
prxbx.com/email/
https://dismail.de/serverlist.html
Список бесплатных почтовых серверов
To be clear: This list does not want to make any statement about the quality of the email providers or their services. It takes more than just encryption, to provide a secure and reliable email service.
This is a manually created list which might be outdated in some places. In addition, test results may be wrong for various reasons. Please take into account the fact that email providers have to be very cautious when modifying there servers, e.g. to not lock out old clients and to avoid problems when receiving or sending emails.
So, please don't take this list too seriously, and/or try to ...
... understand the test results and the implications they might have:
- [1] MECSA Technical Details
- [3] Understanding the CryptCheck results (IMAPS,POP3S,SMTPS,SMTP and HTTPS)
- [5] STARTTLS Everywhere - prevent/detect downgrade attacks and interception by hosting a preload list.
- [6] MTA-STS - RFC 8461 (prevent/detect downgrade attacks and interception by publishing MTA-STS policy via HTTPS) has just been relased (September 2018).
It is currently rarely used, partly because it is quite new (first draft 2016) and partly because it has some very unusual aspects, to say the least.
Even those who submitted the draft (e.g yahoo, google and microsoft) are not using it.
Please be aware that a published record does not automatically mean that it will actually be used. - [8] Sender Policy Framework (SPF) - RFC7208 (publish the Sender Policy via DNS Record to help receiving hosts to check authorization)":
"No" - no SPF record
"Neutral" - must be treated exactly like "none", but some spam filters use it
"Softfail" - treated as somewhere between "Reject" and "Neutral"
"Reject" reject message during the SMTP transaction (don't!), or use it for spam rating. - [10] Multi-factor authentication (MFA):
"granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism".
Some claim to have the only correct/secure implementation, but offer insecure reset functions. I don't want to score such things.
So, the list only indicates whether there is any kind of MFA or not, regardless of the way it is implemented. - more to come
Last update: 2020-01-02
Changes:
- 2020-01-02: updated: systemausfall.org - SMTP ? -> A; HSTS No -> Yes
- 2020-01-02: updated: lavabit.com - Security Headers F -> D; Mozilla Observatory F -> D+
- 2020-01-02: updated: disroot.org - SMTPS X -> 84 (A)
- 2019-12-12: updated: mail.de - Cookies 4 -> 0; Third-party requests: 6 -> 0; Third-parties contacted: 5 -> 0
- 2019-12-08: updated: mailbox.org - Mozilla Observatory B+ > A+
- 2019-11-21: updated: snopyta.org - MECSA 5.0/5.0; 5.0/5.0; 5.0/5.0
- 2019-11-16: added: snopyta.org, nixnet.email
- 2019-11-16: updated: mailfence.com - SMTP A(84) -> A+(84); Security Headers A+ -> A; MTA-STS No -> Yes; Mozilla Observatory D+ -> B+; Security Headers F -> A; Referrers Leaked: Yes -> No; Cookies 3 -> 1
- 2019-10-10: removed: boum.org
- 2019-10-06: added: vivaldi.net
- 2019-09-27: updated: tutanota.com - SMTP A(84) -> B(69); Security Headers A+ -> A
- 2019-09-25: updated: simbamail.de - MECSA 3.0/5.0; 0.0/5.0; 1.0/5.0 -> 0.0/5.0; 4.0/5.0; 2.5/5.0; SMTP ToDo -> No TLS; IMAPS ToDo -> No TLS; POP3 ToDo -> No TLS; SMTPS ToDo -> DMARC No -> Yes; No TLS; Mozilla Observatory F -> B+; CryptCheck B -> A; Security Headers F -> A; HSTS No -> Yes; Referrers Leaked: Leaked -> Partially; Cookies 1 -> 0; Third-party requests: 8 -> 0; Third-parties contacted: 7 -> 0; Google Captcha
- 2019-09-25: updated: free.de - MECSA 0.0/5.0; 3.0/5.0 0.0/5.0 -> 4.0/5.0; 3.0/5.0; 2.0/5.0
- 2019-09-20: updated: disroot.org - MFA No -> Yes
- 2019-09-20: updated: protonmail.com - MECSA 4.5/5.0; 5.0/5.0; 5.0/5.0 -> 5.0/5.0; 5.0/5.0; 5.0/5.0; DANE No -> Yes; MTA-STS No -> Yes; Crypt Check A -> A+; Referrers Leaked: Leaked -> Partially; Third-party requests: 4 -> 1; Third-parties contacted: 4 -> 1; CAA No -> Yes
- 2019-08-30: updated: runbox.com - MECSA 4.0/5.0; 3.5/5.0; 3.5/5.0 -> 4.0/5.0; 4.5/5.0; 5.0/5.0
- 2019-07-16: updated: gmx.de- MECSA - 5.0/5.0; 3.5/5.0; 2.0/5.0 -> 5.0/5.0; 4.5/5.0; 4.0/5.0
- 2019-07-16: updated: disroot.org - STARTTLS Queued -> No; riseup.net - STARTTLS Queued -> No;
- 2019-05-20: updated: tutanota.com - Mozilla Observatory B -> A+; CryptCheck B -> A+; Security Headers B -> A+; Referrers Leaked Yes -> No; Cookies 2 -> 0
- 2019-05-20: updated: mailjunky.de - Mozilla Observatory F -> B; SSL Labs B -> A+; CryptCheck C -> A+; Security Headers C -> A; HSTS No -> Yes; CAA No -> Yes
- 2019-05-20: updated: mailbox.org - Mozilla Observatory A+ -> B+
- 2019-05-01: updated: protonmail.com - MECSA 4.0/5.0; 4.5/5.0; 5.0/5.0 4.5/5.0; -> 5.0/5.0; 5.0/5.0
- 2019-04-10: updated: systemausfall.org - MECSA 4.0/5.0; 3.5/5.0; 3.5/5.0 -> 4.0/5.0; 4.5/5.0; 5.0/5.0; MTA-STS No -> Yes
- 2019-04-10: updated: protonmail.com - MECSA 4.5/5.0; 5.0/5.0; 5.0/5.0 -> 4.0/5.0; 4.5/5.0; 5.0/5.0
- 2019-04-10: updated: disroot.org - Mozilla Observatory B -> B-; MTA-STS No -> Testing; MECSA 4.5/5.0; 5.0/5.0; 5.0/5.0 -> 5.0/5.0; 5.0/5.0; 5.0/5.0
- 2019-04-10: updated: mailjunky.de MTA-STS No -> Yes
- 2019-03-15: updated: riseup.net - MECSA 4.0/5.0; 4.5/5.0; 5.0/5.0 -> 5.0/5.0; 5.0/5.0; 5.0/5.0
- 2019-03-07: updated: protonmail.com - MECSA 4.0/5.0; 4.5/5.0; 5.0/5.0 -> 4.5/5.0; 5.0/5.0; 5.0/5.0
- 2019-03-04: updated: free.de - MECSA 3.0/5.0; 3.0/5.0; 1.0/5.0 -> 0.0/5.0; 3.0/5.0; 0.0/5.0
- 2019-02-27: updated: web.de - MECSA 5.0/5.0; 3.5/5.0; 2.0/5.0 -> 5.0/5.0; 4.5/5.0; 4.0/5.0
- 2019-02-27: updated: freenet.de - MECSA 5.0/5.0; 0.0/5.0; 2.0/5.0 -> 5.0/5.0; 3.5/5.0; 2.0/5.0
- 2019-02-26: updated: DANE No -> Yes: disroot.org, riseup.net
- 2019-02-25: updated: IMAPS, POP3S, SMTPS, SMTP - adding actual score.
- 2019-02-25: updated: systemli.org - IMAPS, POP3S, SMTPS, SMTP B -> A; yandex.ru - SMTPS F -> C; tutanota.com SMTP B -> Ai; startmail.com IMAPS F -> C; ok.de SMTPS B -> A+; SMTP B -> A+; gandi.net - IMAPS, POP3, SMTPS, SMTP C -> B; immerda.ch AMTPS F -> Ai, mailcow.de SMTP C -> B
- 2019-02-05: updated: mailbox.org - Mozilla Observatory B+ -> A+
- 2019-01-29: updated: STARTTLS Everywhere - mail.de Queued -> Yes; mailbox.org Queued -> Yes; systemli.org Queued -> Yes
- 2019-01-29: removed: Email Security Grader: as noted earlier - Some test results are just plain wrong, for example: for most serious providers the SMTP, IMAP and POP Server addresses are wrong, ESG just assumes they're on the MX Servers. The Open Relay Test results are wrong, if they hit a greylister, or if the provider rejects after the "DATA" part (mail.de). The MX Connection Test result is wrong if some kind of "fake MX" is involved (mailbox.org) ...
I'll keep it in the list for now, but will probably remove the column in the future.. - 2019-01-15: updated: Email Security Grader - posteo.org 78% -> 82%; mailbox.org 91% -> 87%
- 2019-01-10: added: 2FA - the answer to every single security threat these days (not). Or is it still the NextGen UTM Security (nightmare) Hardware Firewall Appliance with DPI, IDS, IPS, Deep Learning Protection, Sandboxing, Lightning Protection and whatnot? Quite unbeatable ... sorry I digress. So, here it is - the 2FA column.
- 2019-01-07: updated: STARTTLS Everywhere - mail.com Queued -> Yes; systemausfall.org Queued -> Yes; tutanota.com Queued -> Yes
- 2018-12-26: updated: mail.de - MTA-STS Testing -> Yes; SPF Neutral -> Softfail
- 2018-12-14: added: schokokeks.org
- 2018-11-29: updated: outlook.com - MECSA 3.0/5.0; 4.5/5.0; 3.5/5.0 -> 4.0/5.0; 4.5/5.0; 5.0/5.0
- 2018-11-26: added: Email Security Grader is online again
- 2018-11-17: updated: riseup.org IMAPS Timeout -> A; POP3S Timeout -> A; CryptCheck Timeout -> A
- 2018-11-16: updated: mailbox.org - Cookies 1 -> 3
- 2018-11-15: updated: mailbox.org - Referrers leaked No -> Partially; Cookies 2 -> 1; IMAPS A -> A+; POP3S A -> A+
- 2018-11-15: removed: Email Security Grader is down for days now
- 2018-11-10: updated: STARTTLS Everywhere - disroot.org No -> Queued; tutanota.com No -> Queued; AOL No -> Yes; web.de No -> Queued;
- 2018-11-10: updated: icloud.com - added MECSA
- 2018-11-08: updated: free.de - added MECSA
- 2018-11-07: updated: the SPF column has been updated. "No" - no SPF record; "Neutral" - must be treated exactly like "none", but some spam filters use it; "Softfail" - treated as somewhere between "Reject" and "Neutral"; "Reject" reject message during the SMTP transaction, or use it for spam rating (recommended)
- 2018-10-07: updated: systemausfall.org - SPF No -> Softfail; MECSA PHISHING AND IDENTITY THEFT 2.5 -> 3.5
- 2018-11-06: updated: the DMARC column has been updated. "No" - no DMARC record; "Disabled" - DMARC Record with "p=none" and no reporting email address; "Report only" - DMARC Record with "p=none" and reporting email address; "Quarantine" deliver to the "spam folder"; "Reject" reject message during the SMTP transaction
- 2018-11-06: updated: riseup.net - Mozilla Observatory B -> A+, Referrers Leaked No -> Yes
- 2018-10-28: removed: vmail.me (Vmail is shutting down its services)
- 2018-10-26: updated: mailbox.org - CAA No -> Yes; MTA-STS No -> Testing; Mozilla Observatory B -> B+, Referrers leaked Yes -> No (Thanks mailbox.org for sending the updates)
- 2018-10-25: added: tuffmail.com
- 2018-10-11: removed: openmailbox.org (down for more than 1 month)
- 2018-10-11: updated: systemausfall.org - added MECSA; StartTLS Everywhere No -> Queued; DKIM ToDo -> Yes; Hostname Mismatch on MX is gone
- 2018-10-08: updated: systemli.org - MTA-STS Testing -> Yes
- 2018-10-07: updated: safe-mail.net - added MECSA
- 2018-10-02: updated: riseup.net, web.de, yahoo.com, mail.com - MTA-STS No -> Testing
- 2018-10-01: updated: mail.de - SMTPS F -> B; SMTP timeout -> B; MTA-STS No -> Testing; STARTTLS Everywhere No -> Queued; Referrers Leaked -> No; Third-party requests 10 -> 6; Third-parties contacted 6 -> 5; Email Security Grader is wrong about the Open Relay Test. So, the overall result is wrong. (Thanks to mail.de for the update and the clarification)
- 2018-10-01: updated: posteo.de - Email Security Grader 87% -> 78%
- 2018-09:27: removed: freemail.ox.io (will be shut down as of 1st December 2018)
- 2018-09-17: updated: disroot.org - IMAPS M -> A; POP3S M -> A (was previously checked with a wrong DNS name, hence the M)
- 2018-09-14: added: mail.de - comment: Punkt 2 in der Datenschutzerklärung beachten.
- 2018-09-14: removed: 1984.is (Is not an email provider)
- 2018-09-14: updated: pobox.com IMAPS C -> B; POP3S C -> B; SMTPS C -> B; Mozilla Observatory F -> B+; Security Headers F -> A; htbridge A -> A+
- 2018-09-14: updated: web.de: Mozilla Observatory C -> F; gmx.de Mozilla Observatory C -> F; vodafone.de D -> F
- 2018-09-14: updated: cock.li Email Security Grader 80% -> 87%
- 2018-09-12: updated: posteo.de - Email Security Grader 91% -> 87% (mx01 Reverse DNS Test failed; mx02 migration?); IMAPS C -> A+; POP3S C -> A+; SMTPS C -> A+; SMTP F -> A (Thumbs up)
- 2018-09-12: updated: autistici.org - added MECSA
- 2018-09-11: updated: cock.li - SFP No -> Yes; Cookies 4 -> 2; Third-party requests 2 -> 0; Third-parties contacted 2 -> 0
- 2018-09-11: updated: dismail.de - StartTLS Everywhere Queued -> Yes
- 2018-09-11: added: netcologne.de
- 2018-09-03: updated: zoho.eu - Mozilla Observatory D -> F; IMAPS B -> F; POP3S B -> F; SMTPS B -> F; SMTP B -> what a mess
- 2018-09-03: added: GeoIP column
- 2018-09-03: added: zoho.com
- 2018-08-31: updated: StartTLS Everywhere No -> Queued: systemli.org, protonmail.com, riseup.net, lavabit.com, posteo.de, mailjunky.de, runbox.com
- 2018-08-20: updated: mail.de - IMAPS F -> B; POP3S F -> B
- 2018-08-18: updated: mailfence.com - DMARC - disabled -> Yes
- 2018-08-02: updated: mailbox.org - StartTLS Everywhere No -> Queued
- 2018-07-24: Added STARTTLS Everywhere column
- 2018-07-23: Added MTA-STS (protecting STARTTLS) column
- 2018-06-29: It seems that some providers have started blocking TLS-Scans (tls.imirhil.fr) instead of improving their configuration.
- 2018-06-29: added: netcup.net/de (netcup, you can't possibly be serious (SSLv3, DES3, MD5, RC4 ...?))
- 2018-06-15: updated: riseup.net - added MECSA; Mozilla Observatory C+ -> B; Security Headers D -> A; Referrers Leaked -> No
- 2018-06-15: updated: danwin1210.me - MECSA 4.0 / 5.0; 4.5 / 5.0; 5.0 / 5.0 -> 0.0 / 5.0; 4.0 / 5.0; 3.5 / 5.0; IMAPS, POP3S, SMTPS A -> B; Crypt Check A -> B; Security Headers D -> A; Mozilla Observatory D+ -> D-; Referrers leaked: Yes -> Partially;
- 2018-06-15: added: mc-free.com, simbamail.de, rediffmail.com, anpa.de ... (ongoing)
- 2018-06-15: updated: kolabnow.com - added MECSA; SMTP B -> A; CryptCheck Timeout -> A+
- 2018-06-14: added: ok.de
- 2018-06-06: updated: DMARC - gmail.com No -> Disabled; fastmail.com No -> Disabled; yandex.ru No -> Disabled
- 2018-06-04: added: mecsa for directbox.com
- 2018-06-04: updated: directbox.com - DMARC No -> Disabled; DKIM ToDo -> Yes; Mozilla Observatory B -> B+
- 2018-06-02: added: mailjunky.de; mailjunky.de
- 2018-05-27: added: mecsa for yandex.ru
- 2018-05-24: updated: mailfence.com - IMAPS "B" -> "A"; POP3S "B" -> "A"; SMTPS "B" -> "A"; SMTP "B" -> "A"; CryptCheck "B" -> "A+"
- 2018-04-20: updated: systemli.org - IMAPS "A" -> "B"; POP3S "A" -> "B"; SMTPS "A" -> "B"; SMTP "A" -> "B"; Mozilla Observatory "B" -> "A+"; securityheaders "B" -> "A"; Referrers "Leaked" -> "No"; Cookies "2" -> "0"
- 2018-03-28: updated: posteo.de - mecsa "5.0/5.0; 4.5/5.0; 4.0/5.0" -> "5.0/5.0; 5.0/5.0; 5.0/5.0"; IMAPS "A+" -> "C"; POP3S "A+" -> C; DMARC "No" -> Disabled
- 2018-03-24: updated: arcor.de - mecsa "0.0/5.0; 3.0/5.0; 0.0/5.0" -> "4.0/5.0; 3.0/5.0; 2.0/5.0"; securityheaders "F" -> "D"
- 2018-03-24: updated: emailn.de - mecsa "4.0/5.0 ; 3.0/ 5.0 / 2.0/5.0" -> "4.0/5.0; 0.0/5.0; 2.0/5.0"
- 2018-03-24: updated: systemli.org - mecsa "4.5/5.0; 4.5/5.0; 5.0/5.0" -> "5.0/5.0; 5.0/5.0; 5.0/5.0"
- 2018-03-16: updated: tutanota.com - htbridge "A" -> "A+"; CryptCheck "C" -> "B"
- 2018-02-20: added: teknik.io
- 2018-02-17: added: mecsa for fastmail.com; hushmail.com (hushmail.me)
- 2018-02-17: added: mecsa for lavabit.com
- 2018-02-13: updated: disroot.org - mecsa "4.5/5.0; 4.5/5.0 4.0/5.0" -> "4.5/5.0; 5.0/5.0; 5.0/5.0"; DMARC "No" -> "disabled"; Referrers "Yes" -> "No"; securityheaders "B" -> "A"
- 2018-02-08: updated: mailcow.de - Mozilla Observatory "F" -> "B"; securityheaders "C" -> "B"; Referrers leaked: "Yes" -> "No"; Cookies "2" -> "1"; Third-party requests "2" -> "0"; Third-parties "2" -> "0"
- 2018-02-06: added: biomail.de, greensta.de
- 2018-02-05: added: free.de
- 2018-02-01: added: goneo.de
- 2018-01-31: added: online.de (1und1.de)
- 2018-01-20: added: hosted.mailcow.de
- 2018-01-18: updated: mailfence.com - mecsa "3.0/5.0; 4.5/5.0 3.5/5.0" -> "4.0/5.0; 4.5/5.0; 5.0/5.0" - IMAPS; POP3S; SMTPS "C" -> "B"
- 2018-01-16: added: eclipso.de
- 2018-01-15: added: strato.de, countermail.com
- 2018-01-14: added: 1984.is, islandnet.com, unseen.is, ownbay.net
- 2018-01-13: added: safe-mail.net, pobox.com
- 2018-01-12: added: Email Security Grader
- 2018-01-12: added: gandi.net
- 2018-01-12: updated: mailfence.com - DMARC - "No" -> "Disabled"
- 2018-01-06: added: inbox.com, cox.net, virginmedia.com
- 2018-01-05: added: danwin1210.me
- 2018-01-04: added: mecsa for aol.com
- 2018-01-01: added: mecsa for t-online.de
- 2017-12-29: added: mecsa for keemail.me (tutanota.de), systemli.org, posteo.de, startmail.com
- 2017-12-28: added: mecsa for web.de, netcourrier.com
- 2017-12-28: added: aktivix.org, artikel-140.nl, lavabit.com, boum.org, cryptix.de, immerda.ch, systemausfall.org, netcourrier.com, aikq.de
- 2017-12-27: added: mecsa for runbox.com
- 2017-12-27: added: cock.li, riseup.net, systemli.org, so36.net, yandex.ru, zoho.eu, mail.com, fastmail.com, hushmail.com, mail.ru, mail.lilo.org, freemail.ox.io, vmail.me, autistici.org, artikel-140.nl
- 2017-12-26: added: mecsa for mail.de, arcor.de and gmx.de (Michael)
- 2017-12-24: Initial list