[tor-talk] Tor-friendly, Bitcoin-friendly paid e-mail

john doe johndoe65534 at mail.com
Wed Aug 8 17:26:30 UTC 2018


On 8/8/2018 6:22 PM, Need Secure Mail wrote:
> Grizzled long-time Tor user here. I seek basic, reliable POP/IMAP/SMTP
> service with an option to use my own domain (to avoid lock-in with a
> provider), from a well-established provider who will not likely disappear
> *and* will never block my account for Tor logins, demand selfies with
> gov-id, etc. I am willing to pay a reasonable amount, because TANSTAAFL. I
> will NOT use credit cards, Paypal, or any such horrible monstrosity.
> 
> Here is what I found so far. The following list is not in any way
> intended to be comprehensive. I've spent many hours searching the web,
> winnowing things down. I invite discussion.
> 
> Observed TLSA (DANE) implementation status is listed, due to this being
> (unfortunately) the only standardized means to prevent STARTTLS downgrade
> attacks.
> 
> When multiple currency-of-account options are offered, I list prices
> in the currency most favorable to the user at current exchange rates.
> Much as I can, I try to list the effective *actual* cost to the user,
> per month, if paid on an annual basis. This may differ from the
> advertised price.
> 
> I am not affiliated with any of the below-listed companies; I receive
> no compensation if you sign up for any of them.
> 
> Without further ado, here is my current shortlist:
> 
> # https://mailbox.org/en/
> 
> - Effective price: €1.01/month (€1 + 1% Bitpay fee; prepay annually)
> - By: Heinlein Support GmbH
> - Jurisdiction: Germany (EU; Fourteen Eyes)
> - .onion site (POP3/IMAP/SMTP/XMPP; no web): kqiafglit242fygz.onion
> - Working DNSSEC/TLSA: https://dane.sys4.de/smtp/mailbox.org
> 
> I found this through the Tor trac,[0] which is probably the very best
> advertising for them. Everything looks pretty good from a technical
> perspective. Price is reasonable.
> 
> I like how the signup form asks for a name, but explicitly says it does
> not need to be your "real name".
> 
> Though I have not yet tested this, it looks like you can attach one domain
> to the account for each alias; and the €1/month account provides three
> aliases. This could make a cost-effective home/work identity solution
> for an individual with a limited budget.
> 
> A 30-day trial account limits features, but allows POP/IMAP/SMTP access.
> I will give this a spin, and pay them money if it works out.
> 
> I do wish that they were not in a Fourteen Eyes country.
> 
> [0] https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor
> 
> # https://mailfence.com/
> 
> - Effective price: About $3.25/month (prepay annually)
> - By: ContactOffice Group sa
> - Jurisdiction: Belgium (EU; Fourteen Eyes)
> - .onion site: Promised, but not actually existing.[1]
> - No DNSSEC, thus no TLSA: https://dane.sys4.de/smtp/mailfence.com
> 
> Before I found mailbox.org, I signed up for this and almost paid for an
> account. For the most inexpensive account, I was offered payment options
> of €2.50/month or $2.77/month, both paid annually. That exchange rate
> is moderately favorable to USD; so I selected $2.77/month.
> 
> *Then*, I saw the amount of Bitcoin they demanded: 0.005142968 BTC,
> allegedly for $33.30. That works out to a Bitcoin exchange rate of
> $6474.86/BTC. At that exact moment, my desktop ticker was showing an
> average exchange rate of $7591.24/BTC. Thus, they offered me a HORRIBLE
> exchange rate, almost 15% under market! This makes the effective account
> price $39.04/year, or $3.25/month.
> 
> How many people use a desktop calculator to check the exchange rate? Well,
> you need to wake up pretty early to fool me.
> 
> Mailfence's free accounts do not offer POP/IMAP/SMTP access; so I am
> unable to fully test their services without paying. I prefer Mailbox's
> arrangement with a time-limited trial account. I am totally uninterested
> in webmail; how am I supposed to test a service without POP/IMAP/SMTP
> access?
> 
> [1] https://blog.mailfence.com/send-email-anonymously-mailfence-tor/
> Text: "Note: we also plan to release an onion domain for Mailfence
> in the future."  Comments: "Yes, we do plan to provide a Tor
> hidden service. However, this currently is not in our priority
> list." (2017-02-27)
> 
> # https://protonmail.com/
> 
> - Effective price: $4.00/month (prepaid annually)
> - By: Proton Technologies, SA
> - Jurisdiction: Switzerland
> - Standard PGP, standard algorithms: No homebrew crypto!
> - Can communicate with GPG users.
> - POP/IMAP/SMTP access requires "Bridge" proxy software.
> - .onion site (mail login only): https://protonirockerxow.onion/login
> - DNSSEC, but no DANE/TLSA: https://dane.sys4.de/smtp/protonmail.ch
> 
> Ok, everybody knows Protonmail. As a longtime PGP/GPG user, I love
> Protonmail 3.14 because I can direct n00bs to it as a user-friendly
> PGP mail solution[2] which Just Works. However, it does not meet *my*
> needs. I need my local GPG. I need a dropbox which can be accessed
> through POP/IMAP and polled from my crontab, with sending via SMTP. No
> web browsers, no "Bridge".
> 
> Also: The price is reasonable for the full-featured service they offer;
> however, it is way too high for the services I myself need.
> 
> If Protonmail offered a no-frills POP box on their Swiss servers for
> $2/month, or even $3/month for a Swiss price premium, I would jump for
> that in a heartbeat.
> 
> **PSA: Non-technical people, PLEASE sign up for Protonmail and STOP
> SENDING UNENCRYPTED PERSONAL COMMUNICATIONS.** Seriously. Die-hard Gmail
> fans I unsuccessfully badgered about this for years have fallen in love
> with Protonmail. It is that easy.
> 
> [2] "Introducing Address Verification and Full PGP Support" (2018-07-25)
> https://protonmail.com/blog/address-verification-pgp-support/
> 
> # Hushmail (beneath linking)
> 
> If you compromise your allegedly encrypted mail service even once, *ever*,
> even for the account of an alleged heinous criminal, then I will not even
> look at you. That just shows all your fancy software is so much security
> theater -- a waste of CPU cycles. AVOID.
> 
> Mentioned only because a disturbing number of sites are still linking to
> this as "private e-mail". No, thanks. I would rather use Gmail and have my
> privacy raped openly, without illusions.
> 
> [3] Many sites/articles, example: "Encrypted E-Mail Company Hushmail
> Spills to Feds" (2007-11-07)
> https://www.wired.com/2007/11/encrypted-e-mai/
> 
> # https://runbox.com/
> 
> - Effective price: About $3/month (prepaid annually), including a stamp
> - By: Runbox Solutions AS - Jurisdiction: Norway (EU; Nine Eyes)
> - No Bitcoin payments (they do accept cash in the mail)
> - No .onion site
> - No DNSSEC, thus no TLSA: https://dane.sys4.de/smtp/runbox.com
> 
> Mentioned because I have experience with them. Some good, some bad.
> 
> According to their support@, "Using Tor is no problem at all"
> (2017-03-01). User report: I never had any problems with Torified logins.
> 
> They do have very good support.
> 
> # https://unseen.is/
> 
> - Price: High
> - Jurisdiction: Iceland
> - Apparently custom crypto protocol (?)
> - Apparently no POP/IMAP/SMTP
> - No DNSSEC, thus no TLSA: https://dane.sys4.de/smtp/unseen.is
> 
> Mentioned because Iceland. Does anybody know a reliable, well-established
> Icelandic company offering no-frills POP boxes for €1/month? I have
> searched...
> 
> # (lots of results for search query "swiss e-mail")
> 
> - Price: High
> - Jurisdiction: Switzerland (allegedly)
> - Other characteristics: ???
> 
> I stopped looking when I saw the price. I am willing to pay for e-mail;
> but my needs are very basic, and I do not want to be ripped off for a
> simple POP box. I listed this just to demonstrate a point: I searched
> for Swiss e-mail (to get outside E.U./Fourteen Eyes territories), and
> found a bunch of sites offering basic e-mail for $10-20/month. WTF? I
> know Switzerland is expensive; but it is not 10x as expensive as Germany!
> 
> ----
> 
> Any good ones I missed? Please tell me, before I commit to something!
> 
> Sent with ProtonMail Secure Email.
> 
> 
> 

Hi,

I might be missing the point, but why not doing it your self?
You already have a domain name, you would need to configure your own 
e-mail server, tor, AV, spam filtering  and so on....
If you use imap/smtp ... you also need to take in considaration the 
security of the client being used.

Why do you need imap and pop3?

-- 
John Doe


More information about the tor-talk mailing list