If anyone can find any other established provider that have all our privacy and security features, we will give that person $10k as a reward! --Simon Persson Founder Countermail
Security at countermail is the best anywhere
- Anonymous email headers
- End to end encryption
- Diskless webservers
- Encrypted storage for mailserver
- All mail is encrypted with the users public key before being stored.
- MITM Protection (Man-in-the-middle attack)
- encrypted contacts and calendar.
- Filters, autoresponders and alias email addresses
My initial concern was about how they use Java. Java has this reputation (deserved or not) of being a security risk. They explain this very well why they use Java for email encryption. This only affects webmail, if you're using IMAP with a client like Thunderbird it's not a concern.
If you don't want to install Java in your everyday firefox browser there are a few solutions.
- Portable Firefox - Install the portable version of Firefox and Java.
- Countermail has even built a pre-built version for Windows to download.
- Run NoScript addon and whitelist Countermail.
- More info about Java Security info from Countermail.
The webmail interface only support inline PGP, but there are buttons to View / Download so it's an extra click to see a PGP/MIME encrypted email. Using a client like Thunderbird and Enigmail, there's no difference.
Countermail has a few things no one else does on their Tools page encrypt, decrypt, verify, analyze SSL cert, PGP packet analyzer, plus a few more pgp tools.
Contacts and the calendar are encrypted. Key management is integrated with the Contacts app. Calendar is also kept encrypted with plan to support CalDev calendar syncing in the future.
Countermail encrypts your email with your public key. Unlike Startmail who uses their own key to encrypt incoming mail. That means ALL of your incoming email is encrypted with your public key when it arrives and is stored on disk. This is completely transparent and doesn't affect forwarding or replying to unencrypted emails.All keys generated by Countermail are 4096 bit.
The security, encryption methods, no logs, payment data destroyed after 14 days, bitcoin is available and the USB key / keyfile option available (for a little extra), the security for emails intransit and inplace, really don't think being in the 14 Eyes Spy Cartel matters at this point.