Mailfence is a privacy-oriented office suite offering secure email, contacts, storage, and more. It is aimed at privacy-conscious individuals, businesses, and universities. We have been a fan of Mailfence ever since we first tested it a few years ago and it continues to grow in popularity. According to the company,
We are happy to share with you that the interest in our service is booming. Signups to Mailfence are more than double the numbers of last year and keep on increasing. We are thrilled to see so many new users coming in, joining the fight for online privacy.
Today I revisit the service to see what’s new since last time around. For this Mailfence review update, I created a new account and started testing, with a focus on the email side of things. My goal was to see how Mailfence compares to other secure email providers.
| Based in | Belgium |
| Storage | 5-50 GB |
| Price | €3.50/mo. |
| Free Tier | Up to 500 MB |
| Website | Mailfence.com |
Note: While reviewing the entire suite of tools provided by Mailfence was not the purpose of this review, from what I saw of it, Mailfence might work as a replacement for Google’s entire G Suite. We already rank it among the best alternatives to Gmail, with many features for all types of users.
Mailfence is also a strong advocate for online privacy, as they note on their website:
…we will lose our right to online privacy if we don’t fight for it. Therefore we pledge to donate 15% of all income of the Pro plan to foundations like the Electronic Frontier Foundation and the European Digital Rights Foundation that fight for the defence of our rights in the digital world.
Mailfence, along with Tutanota and several other European tech companies, published an open letter to the European Parliament on April 15, 2021. The letter warned against the banning of encryption in order to, “fight against child abuse.” The letter lays out a number of grievous problems with the proposed initiative, which will be used to further spy on people around the world.
According to the letter, this initiative would require all private chat messages, and apparently all end-to-end encrypted content, to be automatically screened for illegal content. This would require everything to be decrypted so that the automated systems could read them. The EU would go from being a global model for personal data protection to a global model for mass surveillance. We also see this unfolding in Australia, as we discussed in our guide on the best VPNs for Australia.
Here is an overview of the Pros and Cons we discovered in this Mailfence review:
+ Pros
- Offers end-to-end encryption and digital signatures
- Mobile and web apps
- Data is stored on Belgian servers
- Offers OpenPGP encryption
- Messages, Documents, Calendar, Contacts, and Groups
- SMTP, POP, and IMAP support
- Can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- OpenPGP user keystore
- Great user interface (recently updated)
- Cryptocurrency payment options
– Cons
- Logging of IP address and some other data
- Code is not open source
Website: https://Mailfence.com
Mailfence features overview
Mailfence provides a full suite of services, Messaging, Contacts, Calendars, Groups, and Document storage. They use industry-standard OpenPGP encryption and digital signatures to protect your data and authenticate your messages. With support for messaging protocols like SMTP, POP, and IMAP, Mailfence can synchronize with many popular desktop and mobile email clients.
Interesting features of Mailfence include:
- A built-in Keystore to manage your OpenPGP encryption keys
- The ability to send encrypted messages to users who don’t use PGP
- Ability to digitally sign emails using OpenPGP
- Easy integration with Thunderbird and other email services and clients
- SMTP, POP, IMAP, CalDAV, CardDAV, ActiveSync support
- A heavily-customizable business version
Mailfence company information
Mailfence is a secure email suite that offers end-to-end encryption (through PGP support) and the ability to work with different email clients. It is offered by ContactOffice Group SA, a Belgian company founded in 1999. The founders launched Mailfence in November of 2013. Your data is stored on Mailfence’s own servers in Belgium, which has pros and cons.
Being based in Belgium is good because the country is not part of the Five Eyes intelligence alliance, and does not use National Security Letters (NSLs), gag orders, or other techniques to secretly gather data about users. Mailfence maintains a Transparency Report and Warrant Canary so users can see what legal requests for information it has received in any six-month period.
Being based in Belgium also has drawbacks, however, as a member of the Fourteen Eyes intelligence alliance. In 2016, the Belgian government imposed new data retention rules. These rules force companies to keep track of every transaction within their systems for a period of 12 months in case the authorities want it.
But not any more
On April 22, 2021 the Constitutional Court of Belgium declared the data retention law unconstitutional. Unfortunately, this isn’t the end of the story. Federal justice minister Vincent Van Quickenborne and others inside the government are already hard at work coming up with a new law to track digital communications.
How this will affect services like Mailfence isn’t clear yet. We’ll let you know once we hear more.
Mailfence technical specifications
Mailfence uses strong encryption algorithms to ensure that your messages cannot be read or tampered with. These include:
- OpenPGP for digital signatures and for encrypting your data (PGP-MIME and inline-PGP)
- SSL/TLS, Perfect Forward Secrecy (PFS), MTA-STS and HSTS for protecting your data while in motion
Other supported protocols include SMTP, IMAP, POP, ActiveSync, WebDAV, CalDAV, and LDAP.
Buypass AS is the certificate authority for Mailfence, as explained here.
Mailfence hands-on testing
I created a free account to test out the service for this Mailfence review. The free version gives you all the basic features, while reserving synchronization ability and business-related features (like custom domains) for the paid versions. I suggest you begin your Mailfence experience with the free version since you can easily upgrade when/if you need to.
Let’s get started.
Signing up for Mailfence
Signing up for Mailfence is quick and easy. Go here and click the “Sign up” directly on the homepage.
You’ll need to give Mailfence an existing email address so they can send you an authentication message. This is annoying, but it is far better than being required to cough up a telephone number like you are with some services (Fastmail, for example). Besides, you can use a disposable email account if you don’t want to give them one of your regular addresses.
Once you get here you’ll select your email address from among the options the service provides. And once you get through this, you’ll find yourself at a temporary introductory page. You’ll get all sorts of information about the service to help you get off to a fast start. At the top of the page, you will see icons for email, documents, calendar, and contacts. We’ll start with email:
The look and feel of Mailfence
I’ve had a Mailfence test account for about three years now. The current layout is a nice improvement over the previous versions. The design makes it simple to switch tasks, draft emails, upload documents, manage contacts, and more.
Messages
The design uses the standard 3-column layout for Messages, with the folders you’ll want on the left and the commands you are most likely to need right at the top. And unlike some web-based interfaces I’ve seen, the controls stay at the top of the window as if this were a standard app rather than a browser-based interface.
Creating and managing encryption keys
Before you go any further with Messages, I suggest you set up your encryption keys. You’ll need these before you can send or receive encrypted messages with Mailfence.
Follow these steps in the webmail app:
- Click your icon at the top right of the interface.
- In the shortcut menu that appears, select Settings.
- In the menu that appears on the left side of the window, select Encryption (it is under the Messages heading).
- From here you can Generate a new personal key or Import a key.
To complete the process, follow the steps in the wizard that appears. I won’t go through the complete process of creating, sharing, and using encryption keys here. If you want to see the details, you can see the instructions on the Mailfence website.
Sending and receiving messages
You can create a plain text message with the defaults, or you can click More to see a menu of options, including the ability to use Rich Text Formatting while writing your message.
Once you are done writing your message, you’ll need to decide how you want to send it. You can send the message either encrypted or “in the clear” (with no encryption), and either signed or unsigned.
Click Encryption and a wizard appears that walks you through sending the message either protected by a Password or by OpenPGP encryption.
Click Sign & Send to digitally sign your message before you send it. You can also click the down arrow in that button to send the message without signing it.
Note: If you would like more information on encrypting and signing messages, you can find it here. And we also have a guide on the topic of encrypted email here.
Receiving a message is also easy and works as expected.
Contacts
As any good email program should, Mailfence offers an integrated Contacts feature.
Happily, you don’t need to worry about each contact’s encryption keys here, since they are all managed in the Keystore.
Groups
Once you’ve entered your Contacts, you can create Groups. After setting up a Group, you can add both users and the data they need into that group, making it easy to collaborate.
To create and work with Groups, follow the instructions on this page.
Calendars
Mailfence supports one personal Calendar per user. You also have access to the Calendars associated with any Groups you belong to, as well as external Calendars from other services.
The Mailfence Calendar has a huge range of capabilities. To see what it can do, you can learn more on their website.
Documents
Not surprisingly, Documents is a place where you can upload documents/files so you can access them from any web browser or share them with other Mailfence users.
You can learn more about Documents, including how to use group-oriented features like managing permissions, on the Mailfence website.
Mobile and desktop apps
This is one area where Mailfence lags behind other secure email competitors. Unlike services such as Tutanota, Mailfence does not offer desktop apps. For desktop, the only option is to log in to the webmail portal.
However, for mobile devices, Mailfence now has a dedicated app. This is a progressive web app (PWA), which works on Android and iOS devices with certain browsers. Here is what you can do with the Mailfence mobile app:
- Access all of the Mailfence components: Mail, Contacts, Calendar and Documents.
- Send & receive encrypted emails
- Access private & group workspaces
Because the mobile “app” is a web page, whether you can use it or not depends on which mobile browser you have and how it’s configured. Right now, you can not use the mobile PWA with Firefox, DuckDuckGo, or Brave browsers. It currently works with Chrome and Safari browsers.
Mailfence business features
Describing Mailfence for Business is a bit tough. That’s because, as they describe it,
With Mailfence for Business you get a customized version of the Mailfence secure and private email solution in order to adapt it to the specific security and usage needs of your organization or business.
In other words, their team will work with you to make Mailfence the perfect fit for your business needs. Here is a partial list of the customizations you can request:
- The graphic presentation including your logo and the look of your login page
- Storage space based on your organization’s specific needs
- Integration with external services
- A custom control panel for managing accounts
- And of course your own custom email domain names
The Mailfence for Business API allows you to automate many tasks and integrate with LDAP, Active Directory, and CAS.
Contact Mailfence Support for the latest specification or request specific features.
Support
Like other reviewers and users, I’ve found Mailfence Support to be great if you need any assistance. They are quick to respond and give quality answers to your questions. Of course, users with the higher-level plans (Pro and Ultra) will get faster service than those Free plan users.
The Mailfence Knowledge Base is a good addition to their Support system. It provides useful information on a wide range of topics including tutorials and step-by-step instructions. You can also find regular documentation on most any aspect of the product.
Mailfence plans and prices
Mailfence offers four pricing plans in total: Free, Entry, Pro and Ultra. While you would probably find the Free plan too limited to use as your main email account, it is sufficient to get a feel for Mailfence before committing to a subscription.
Mailfence supports all major payment options. For situations where you require additional privacy, you can pay for your subscription using the Bitcoin and Litecoin cryptocurrencies. Registering for the service with an anonymous email account (for the recovery address) and paying with cryptocurrency will give you an additional layer of privacy on top of what’s already provided by Mailfence.
Should you consider Mailfence?
While many secure email services are somewhat restrictive with features, Mailfence is a fully-featured alternative to Gmail.
Whether you are a regular privacy-conscious user or managing a business team, Mailfence can cater to your needs. Aside from basics like the price and whether it offers all the features you need, there are two other things to consider with Mailfence:
- Do you want to use built-in encryption or manage your own?
- Does the Mailfence threat model match your needs?
Let’s examine each of these questions.
1. Do you want to use built-in encryption or to manage your own?
As you’ve seen in this review, Mailfence uses PGP encryption (via the OpenPGP standard) and a built-in Keystore to give you complete control over the encryption of your data. Once you’ve got your encryption keys set up and shared properly, working with encrypted messages is easy. But as you’ve also seen, there can be a significant amount of work required to create and manage keys so that you can use PGP encryption with others.
Other end-to-end encrypted services like Tutanota handle all that encryption setup and management in the background. But with a solution like this, you lose some of the control you might want to have. You also have to trust the email service to not do anything sneaky in the background. It is up to you to decide which way you want to handle your encryption.
2. Does the Mailfence threat model match your needs?
To know if a secure email service will meet your needs, you have to understand the kinds of threats you want to protect against. Once you know that, you can evaluate whether or not any given service can meet those needs.
One of the nice things about Mailfence is that they have long published their threat model. Here is a summary of their model:
Mailfence protects against:
- Eavesdropping on your connection
- Mass surveillance
- Message forgery / tampering attacks
- Compromised account
- Data theft
Mailfence does NOT protect against:
- A compromised device
- A compromised or forgotten passphrase
- Sophisticated Man-in-the-Middle attacks
- Attacks by powerful state adversaries (NSA and similar heavy hitters)
The Mailfence website has more info on these topics if you want to learn more.
Mailfence FAQ
Here are some frequently asked questions about Mailfence.
Does Mailfence store emails encrypted at rest?
Mailfence has been promising to add an option for full encryption at rest of the entire inbox and all emails. However, as of now, this is not an option and your inbox is not stored encrypted at rest.
Does Mailfence have an app?
Mailfence does not have a desktop app. They do have mobile apps, in the form of a Progressive Web Application (PWA). To find out more about what that actually means, visit this Mailfence blog page.
What are some Mailfence alternatives?
Mailfence is a powerful secure email suite, but it may not be what you want. Fortunately, you have a few different options to consider.
If you like the secure nature of Mailfence and its additional features, such as Calendar and Documents, but don’t want to manage encryption keys, you might want to read our Tutanota review.
Do you like that Mailfence supports PGP and integrates with other apps, but don’t want all the complexity of the Mailfence suite? Then check out our ProtonMail review.
Mailfence review conclusion
This concludes our Mailfence review. To recap, if a secure email suite with full PGP control and interoperability is what you seek, Mailfence could be the solution. It has all the features and options that you are likely to need, whether you are looking to manage the mail for an entire organization, or just want a great service for personal use.
With 500 MB of free account storage, you can test drive Mailfence for free here >>
https://mailfence.com/
Alternatives to Mailfence
If you want to check out some other secure email services, see the reviews below:
ProtonMail Review
Tutanota Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
This Mailfence review was last updated August 12, 2023.
I cannot edit my key which has been expired. What can I do?
The steps of modifying OpenPGP keypair expiration date are mentioned in the following KB article: https://kb.mailfence.com/kb/modify-expiration-openpgp-key/
In case the process fails, please send screenshot of the error message or steps to reproduce the issue to our support by email (https://mailfence.com/en/contact.jsp).
Kind regards,
Mailfence Team
Hello. I haven’t been able to access my email for a week now. the main page of the site does not open as if it does not exist for me, while the support page works fine. maybe you blocked some ip maybe something else. thanks. (ERR_ADDRESS_UNREACHABLE)
Hello Annett,
If you still have the problem, please send your IP address to our support @ mailfence com address and we’ll investigate
Thanks,
Mailfence team
I was looking for a secure mail provider for my scientific studies and I was pleased to discover that we have Mailfence in Belgium. I am not disappointed and I think the Documents option is really a plus (I don’t have to use Dropbox to get my files).
Dear Emma,
We thank you for this feedback. Did you know we also offer Calendar, Contacts, Polls and Chat ?
We remain at your service.
Mailfence Team
Hello there, my case with mailfence is kind of curious, all of the new emails that comes to my inbox should be in BOLD but for some reason my last email appeared as if it was already read. And the red dot only appeared after I clicked on email to see it’s content and again it wasn’t BOLD in the first place. So should I take it as a bug or as third party intervention?
Hello,
Could you please check your Settings (Messages > General > View) and unselect threads?
Feel free to contact our support (support[at]mailfence[dot]com) if the issue persists or with any other questions you might have!
Regards,
Mailfence Team
I just went through the signup process that frustratingly — and with stunning absence of transparency to the user (me) — ended with the message copied below. Hardly a useful explanation.
Fyi, I am located in the US. It’s possible that the US is a banned country for Mailfence registration, but that seems highly unlikely because the review article I read in detail did not mention anything about that. The alternate email domain I used for activation/recovery was iCloud (which obviously would not be banned). The browser I used was literally downloaded and installed just hours ago, so obviously that was not the problem either.
So, this has been a lot of wasted effort, and has created an impression that Mailfence is an unreliable operation. Rather than wait 24 hours (you aren’t compensating me for my time, right Mailfence?), I will just move along to the #2 finisher in the “11 Best Private and Secure Email Services for 2022” list on this site.
The failure message Mailfence put up when I went through the registration process:
Sorry, the registration failed for at least one of the following reasons:
A potential abuse was detected
Registration is temporarily closed for your country or your IP address
A banned/disposable email domain was used as activation & recovery email address
Your browser is outdated: try with a more recent browser
Please retry in 24 hours. If the registration fails again, contact the support.
Hello,
We’re sorry to read that. We do our best to provide the best services. Feel free to contact our support (support[at]mailfence[dot]com) and ask them to create an account for you. They’ll make a commercial gesture.
Regards,
Mailfence Team
After being a Gmail user for life, I was skeptical about trying Mailfence. I figured why should I pay for e-mail when I’ve always gotten it for free. Well Gmail and Yahoo both offer upgraded e-mail and I did not care for either. Mailfence has been so easy to use, easy to get in touch with support, and downright useful.
Dear Sarah,
Thank you for this feedback.
We’ll work every day at offering the best secure email with respect for privacy
We remain at your service.
Regards,
Mailfence Team
I am waiting for a reply from the support@mailfence.com. My email account was unexpectedly temporarily suspended. I have used this email account for over five years. I need the support team to contact me promptly.
username: Galindo
Dear,
Your account was temporary suspended because the automated internal anti-abuse/anti-phishing/anti-spam system has triggered some alarms based on abnormal/suspicious email sending.
It has been reactivated after further investigation.
Let us know if you need anything more.
Mailfence Team
I have been paid this company for Entry Subscription , they took my money and did NOT activated me the subscription, I asked them for the refund and they don’t refund me , they refuse to answer, stay a way of their service
Dear Caroline,
Could you give me your username, we will investigate and get back to you.
Regards,
Mailfence Team
I’ve been with Mailfence for a number of years, and never had any issues. The past year however the service has just gotten worse. I have constant errors and cannot always get logged in from my devices using IMAP, their support just emails me with the response that my password is wrong. Even though I device logs in 50% of the time.
The don’t seem to understand that if i’m getting logged in half the time, then my password cant be wrong.
I will leave the service this year, as it is proving to be more trouble than its worth.
My subscription stops in September, after two years of various annoying glitches. When dealing with support, they always want a screenshot after I clearly explained the issue. Apparently, I’m the only customer with such unique issues. Another time they wanted a video which they claimed they could not open. I’m now using Protonmail which I had several years ago (which has improved) and after two months seems flawless.
Dear Pace,
I am sorry to read about this. Did you check the ‘Connections History’ tab of your settings. It shows all connections through different protocols. One potential explanation for your problems could be the following Sometimes an account encounters connection issues because one client (an old phone or old PC) still connects from time to time with an old password. This generates a string of erroneous connections, that makes our application block the IP address that connects (and thus also the emailclient with corrects password).
Has the ability to pay by cryptocurrency been removed from Mailfence? I don’t see the option anywhere.
Dear,
Mailfence still supports BTC and LTC as payment mode.
Could you login and check? It should appear as one of the payment modes when upgrading. Please get back to our support if ever you do not manage to upgrade and we’ll help you directly.
Mailfence is just awful.
I got an account about 6 months ago. It worked okay for maybe three weeks, and then I could no longer sign in. I received the following notice:
Your account is temporarily suspended for one of the following reasons :
You did not connect since at least 210 days.
An anormal activity was spotted on your account.
Your subscription has expired and you did not renew it.
The administration staff experienced credit card problems when trying to process the payment.
Please contact the support by e-mail to solve this issue.
None of the above-listed “reasons” were applicable to my account. So, I’ve contacted “support” now about a dozen times and sometimes I may get a note claiming they’re still “investigating it.” Mind you, I’d already migrated many emails and contacts into this mailfence account, and now for the past 6 months still cannot access them.
Conclusion: They are not “investigating” sh**. They simply harvested ( read: stolen) my contacts/info and email files, and so there go my business contacts and my private information to this sh***y, fraud of a company.
Dear, We are sorry to hear about your issue, but as communicated directly via email and other channels, your account was flagged for illicit use and was blocked consequently since it was used for activities that infringe our Terms of Use
AFAIK, Tutanota can’t access your inbox even if a German court tells them to.
AFAIK, ProtonMail can’t access your inbox even if a Swiss court tells them to.
I like Mailfence’s UI. But I can’t find if they can access your inbox if a Belgian court tells them to….
Dear,
As explained in our transparancy report we do collaborate with legal authorities only when receiving an injunction from a belgian judge. Information request we obtain is for meta data. https://blog.mailfence.com/transparency-report-and-warrant-canary/
I was less than pleased to find that Mailfence has at least one undocumented limitation. I signed up for the Entry plan and began happily adding external email accounts for POP retrieval and storage in Mailfence. When I tried to add my sixth external POP account, it displayed a message that an upgrade is required to add more. I searched their help and marketing pages to see if this limitation was documented. I didn’t find it, so I submitted a ticket. The response was that only 5 external POP email addresses are allowed with the Entry plan. They also said that they would inform someone responsible for documentation about the omission. Yeah, right. Upgrading to the next higher subscription plan is TRIPLE the cost of the Entry plan. Totally not worth it to be able to add a few more external POP email addresses. Time to move on, I guess. Buyer beware.
Dear Tinker,
We are sorry for the bad surprise. In our experience, 5 Pop accounts covers the needs of regular users. This is the first time in the more than 20 years of operations of our company that someone hits the limit on number of mail accounts that can be downloaded in Pop towards our account. That’s why it is not advertised as one of the main limits in our documentation.
Regards,
Mailfence Team
Dear Greta,
We thank you for this feedback
Encryption at rest is at the top of our priorities and is presently is testing phase. It will be included in the coming months
I’ve spend the last 3 days trying to get a business account set up with Mailfence. They require an alternate email to both verify you and to make contact should you lose your email. They have completely violated my privacy by sending my name, my business name, my email address at Mailfence… Privacy be damned. I just sent them another email politely requesting them to stop sending email to alternate email. I’m not feeling too polite to say the least. It’s entirely screwy how Mailfence doesn’t offer a straighforward way to sign up for a paid account from the get go. Oddly enough, I wrote to support from my Mailfence email but they wrote back at both my email addresses exposing personal info to the alternate carrier. Grrr. No idea why they would do such an egregious thing but I’m none too happy about it. The whole purpose of Mailfence was for privacy. That’s shot now.
Dear Soapbox,
We exchanged about this issue via the support and apologize for the inconvenience caused. The alternative emailaddress is used among other for password recovery and in order to notify users that get blocked out of their account because of payment issues.
We forwarded your issue internally
Respectfully
Mailfence Support
I tried contacting support, but got no answer. Sven, do you know if Mailfence allows users to use 3rd party spam tools like SpamHero.com to filter email prior to arriving at Mailfence?
Thanks,
Don
Hi Don, I’m not sure on that one, but I’d think that their support would get back to you.
Sven does Mailfence encrypt Subject lines?
No, it relies on PGP, which does not support encrypted subject lines. If you want encrypted subject lines, check out Tutanota. But note that this will only work sending an encrypted email from one Tutanota account to another Tutanota account (need to stay within the Tutanota ecosystem).
One thing that might be of use to some is to create the account with some obscure, non-obvious username and use it only for logging in. Then create an alternate e-mail address on the account to use for actual e-mail. If someone targets your account, they can try to log in with the e-mail address you use and they will never get anywhere at all. For example, use zenzizenzizenzic3.14159265@protonmail.com for your login and john.doe@protonmail.com for your e-mail address.
I didn’t think of this until after I created and started using my ProtonMail account. I no longer try to use my login e-mail address to send e-mail. All anyone sees is the alternate addresses so that might help.
I also use +aliases pretty heavily. Whenever I sign up anything, I’ll add a +form to make it simpler to filter e-mail into the correct tag and folder. ProtonMail handles this well, but not all services do. Interestingly enough, the e-mail provider we use for our company e-mail uses a ‘-‘ instead of a ‘+’ for this. This can be very useful for entering an e-mail address in a web page since many reject e-mails with a ‘+’ as being invalid.
According to [https://medium.com/swlh/mailfence-end-to-end-encryption-fee40f3965c9]
Mailfence does not really provide end-to-end confidential email service.
Even PGP-encrypted messages are stored in plain on their servers, and who knows where else.
I hadn’t noticed that before.
I have a mailfence account that I’ve been trying out with the idea of moving my company’s e-mail to it. I just sent an encryped test message from my mailfence account to my protonmail account. You are right — it was sent encrypted, but as the “View Source” shows on the message I sent, it is not stored encrypted! I never would have thought about checking this.
On the other hand, the e-mail that does arrive encrypted naturally remains encrypted on the server.
Hi Sven – Thanks so much for this valuable insight as I am currently researching a secure alternative to my existing email. I was just wondering if you have any comments, research, or insight into the “Sekur” Swiss based email and secure messenger service?
We have not tested Sekur yet, but perhaps later this year.