| Based in | Germany |
| Storage | 2 - 20 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Posteo.de |
Founded in 2009, Posteo is a respected secure email provider based in Germany. The service is very affordable, yet goes above and beyond to ensure the privacy of its users.
In addition to their strong encryption options, Posteo also supports the SMTP, POP, and IMAP protocols. This means you can use Posteo on any device, with any email client that supports these protocols.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Subject, headers, body, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocol + Two-Factor Authentication
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- Germany is a 14 Eyes country
- No trial or free version
- Cryptocurrency payments not supported
https://Posteo.de/
Today we’re going to take a good look at Posteo. Depending on your threat model and other needs, it could well be the secure email service you have been looking for.
Posteo features overview
More than just secure email, Posteo provides a suite of services. You get secure:
- Calendar
- Address Book (contacts)
- Secure Notes
Like Mailfence, Posteo aims to offer a fully-featured alternative to Gmail.
Interesting features of Posteo include:
- Reliance on a true “green energy” source from Greenpeace Energy.
- Their anonymized payment system, which separates your personal payment information from your account information.
- Easy integration with many email services and clients
- SMTP, POP, IMAP, CalDAV, CardDAV support
Posteo company information
Posteo is headquartered in Berlin, Germany, where it has been operating since 2009. The company prides itself on the fact that it’s entirely self-financed, with no loans, debts, or foreign investors.
Their services are anonymized to the maximum extent practical, in line with their company vision, which is,
…to provide an impetus for greater security, privacy and sustainability on the internet, and offer alternatives.
Thanks to their focus on this vision, their userbase exploded after the Snowden leaks in 2013. Since then, they have continued to push forward. In 2014, they became the first German company to publish a Transparency Report. They were also the first company in the world to implement DANE, DNS-Based Authentication of Named Entities (DANE).
On the sustainability front, Posteo relies on real “green energy” from Greenpeace Energy. They recycle paper and use energy-efficient hardware. They even manage their money in a sustainable way. See their Sustainability page for more information.
Posteo technical specifications
Posteo uses a range of encryption algorithms and techniques, some of which are user options. These include:
- TLS with Perfect Forward Secrecy (PFS)
- DANE/TLSA
- HTTP Strict Transport Security HSTS
- SSH
- Optional Two-Factor Authentication (2FA) with TOTP support
- dm-crypt/LUKS encryption on the mail servers
- Optional on-server email encryption with RSA, AES, HMAC, and bcrypt hashing
- Optional inbound message encryption with S/MIME or OpenPGP
- SMTP, POP, IMAP
- CalDAV and CardDAV
Posteo also explains on their encryption page that they have undergone “an external, multi-level security audit” performed by Cure53. Cure53 is a reputable cybersecurity firm that also conducts VPN security audits, such as with the ExpressVPN browser extensions.
While Posteo provides a secure service, end-to-end encryption of your messages is not provided by default. They go to great lengths to protect your data, but as they put it,
In addition to our measures, you can also become active yourself – securing your emails’ content using personal end-to-end encryption.
To use end-to-end encryption, you need to install the Open Source app, Mailvelope. Instructions for enabling and using email encryption are here.
Posteo hands-on testing
For this Posteo review, I used the standard version without any extra storage or optional elements.
Signing up for Posteo
The experience of signing up for Posteo was somewhat different than that of other email services I’ve used. It was not difficult, just a bit confusing and unusual. See the Plans and Pricing section of this article for more details.
The look and feel of Posteo
Posteo has a pretty standard user interface. It is based on an Open Source email client called Roundcube, but has been modified to include the additional functionality that Posteo provides. In the following sections we’ll examine the interface and various elements
The email section of Posteo is pretty standard. It includes the options you are most likely to need displayed where you can easily find them. Assuming you are not using end-to-end encryption, creating, sending, and receiving messages is simple.
Here’s the basic layout of emails in the Posteo inbox:
Sending and receiving messages
Sending and receiving messages works as you would expect. However, you may have more options than normal, given all the customization and preferences. Here’s what the New Message window looks like, with HTML message formatting selected:
If you are going to send or receive an end-to-end encrypted message, things get a lot more complicated. For full instructions on using Mailvelope to encrypt/decrypt messages, visit the Mailvelope Help page.
If you are considering moving over to Posteo from another email service, you can take advantage of their migration service. This can bring over your email and the file structure from up to three other email services.
NOTE: For additional security, you can tell Posteo to encrypt your mailbox. However, if you do this, and subsequently lose your password, no one, not even Posteo Support, can recover your encrypted messages. Furthermore, you will no longer be able to retrieve mail on other email clients. Lastly, I’ve seen reports that encrypting your mailbox prevents the search function from working.
Address book
The Posteo Address Book has all the features you would expect in a modern email service. This includes the ability to store a photo and personal info about each contact, as well as synchronization and Group features.
Beyond that, Posteo can import your contacts from many other services. It can even encrypt your Address Book, such that not even Posteo can view your contacts. As with encrypting your mailbox, if you lose the encryption password, your contacts are lost beyond retrieval.
Calendar
Pretty much everything I just told you about the Address Book applies to the Calendar as well. It has all the features you would expect. This includes the ability to import your data from other calendars, merge external calendar feeds into your calendar, share items, view it on other devices, and receive reminders.
As you might expect by now, you can also migrate calendar data from other services and encrypt your Posteo calendar. Finally, you have the same risk of losing everything if you misplace the password for the calendar.
Notes
The Posteo Notes section works a little differently than the other sections of Posteo. It gives you the basic functions you would expect.
Interestingly, Notes seems like a separate application that works with Posteo rather than being closely integrated into the product. For example, Notes will resize itself to fit whatever size screen it is on, unlike other sections of Posteo. In addition, if you activate the Additional Email Protection feature, Notes stops working.
Posteo options
Posteo offers a vast number of options you can use to tweak the service for your particular needs. To get to them, click the Settings icon in any Posteo window. This takes you to the My Account page:
As you can see, there are a ton of options you can select, far more than we could discuss here. Clicking the Preferences icon likewise gives you another huge set of things you can configure.
If you are looking for an email service that you can configure the way you want, Posteo could be that service.
No mobile and desktop apps
Posteo does not have any mobile or desktop apps. To work with the Posteo system you can use the browser interface on desktops, or a third-party email client on desktops or mobile devices.
While the browser interface may serve your needs on a full-sized desktop computer, you will definitely want to use a third-party app with mobile devices. That’s because, as of October, 2019, Posteo’s browser interface was not responsive or adaptive to smaller screens.
When using the browser interface on a mobile device, you can only see a part of the interface at a time, making it really annoying to try to use Posteo this way. Here is an example of what the browser interface looks like on a Samsung Galaxy S9+, a phone with a high-quality, hi-resolution display:
Not ideal for mobile users.
Posteo support
The Posteo Support team has a good reputation. The only drawback is that they do not have a support ticket system, nor any kind of live chat. They may need 24 hours or more to get back to you. This can leave you in limbo, wondering when someone will help or if anyone has seen your request.
One thing that particularly stands out about Posteo Support is their incredibly extensive and usable written documentation. The website itself is full of useful information designed to tell you everything you might want to know about Posteo before you send them any money.
The Help section also has a ton of how-to and troubleshooting information. If you ever run into problems with Posteo, I recommend taking a few minutes to search the site and the help system first. Chances are good you will find the answer to your question without having to send an email to Support.
Posteo pricing and plans
Posteo has a single pricing plan with a few options. The plan is very affordable, at one 1 Euro per month. However, there is no free trial offered and you must pay for a minimum of 12 months up front.
You do have the “Right of Revocation,” which works like a 14-day, no questions asked, money-back guarantee. Plus you can cancel at any time and get a prorated refund of any unused credit.
You can pay for your account by PayPal, credit card, bank transfer, and by sending physical cash in the mail.
When you sign up and enter your payment details, you get partial access to the service. Full access is granted once your payment is processed by the company.
I found the whole Posteo signup process to be somewhat clumsy and confusing. However, there is a good reason for this. Posteo supports completely anonymous registration and dissociates your payments from your account. If you pay with a credit card, PayPal, or some other digital method, they manually separate the payment information from the record of your account. This means that there is no personally identifiable information connected with your account:
We separate payment data and email accounts from each other. We thereby do not connect any personal information to the email accounts. This effectively prevents data theft and ensures the use of our email service in line with data reduction principles.
If you value privacy and security, this separation of personal data from your email account surely justifies some small inconvenience and delay at signup time.
Does Posteo keep logs?
In terms of respecting user privacy through minimal logging, Posteo does pretty well.
Here’s one section from their privacy policy:
In conformity with the law, we strictly do not collect and save any IP addresses that could be traced back to customers.. This was independently confirmed in an audit report by the German Federal Commissioner for Data Protection. We also do not collect your IP address if you visit our website or if you use our contact form or webmailer. We also do not collect or save your IP address if you use an external client to retrieve your emails via IMAP or POP3 or to transmit messages via SMTP to be delivered by us. In the communication between email servers via SMTP, we come to know the IP addresses of other email servers (for example IP addresses from GMX and Gmail servers). The IP addresses of provider servers are only logged in the logfiles when errors occur and deleted after 7 days.
We exclusively record errors that occur when sending and receiving emails to quickly identify and correct technical disruptions and errors. We delete this data, which cannot be traced back to an individual, automatically after 7 days. In addition, we create generic, anonymised system usage and capacity statistics. These statistics also do not contain any personal information or IP addresses.
Reading through the privacy policy, I did not identify anything alarming. It’s also great to see email services undergoing third-party audits, which is a trend we’ve discussed with no logs VPN providers.
You can also see the Posteo Transparency Report, which discloses the data requests they’ve received and processed. Lastly, as we’ve noted before, if you are concerned about your IP address being logged, simply use a good VPN service to hide it.
Should you consider Posteo?
Okay. The question is, “Should you consider Posteo?” The answer is, “Probably.”
This is a company that really goes out of their way to provide a secure email service. They’ve been around for 10 years and have a solid reputation. The service is rich with features and offers a huge amount of options you can customize for your needs.
On the other hand, all that customizability makes it more complicated.
Do you want extra encryption on the email stored on their servers, or do you want to be able to work with your email on your phone?
Do you want to encrypt your contacts so that no one, not even Posteo can see them? Or perhaps you want Posteo Support to be able to recover them for you if you lose your password…
What I’m saying is that you will need to put some thought and effort into getting Posteo to work the way you want it. This is in contrast to other email providers that are maximum security by default – no customization necessary.
Which leads us to…
Posteo alternatives
If Posteo isn’t the answer for you, which services should you investigate instead? Surely, one service to check out is ProtonMail.
ProtonMail has similar features to Posteo, including strong security, and end-to-end encryption, but without so many options. It also offers a way to send encrypted messages outside the system without the headaches of PGP.
Tutanota is another email service to consider. It too has similar features, with fewer setup hassles, along with default end-to-end encryption and the ability to send encrypted messages without all that PGP fun.
Lastly, Mailfence is another good option we’ve covered that is also feature-rich. However, it does not offer the same level of (high) security as Tutanota or ProtonMail.
Posteo review conclusion
Posteo is a very privacy and security-conscious product that will work well for many types of users.
It offers lots of scope for customization if you are willing to invest the time to customize the service to your liking. Posteo is also the most socially-conscious email service I’ve run into so far, if considerations like sustainable energy and finance are important to you.
You can learn more about Posteo on their website here.
-
Rating
(3)
Posteo is highly underrated in my opinion. If you ignore the difference of DIY encryption vs the plug-and-play of Proton and Tutanota; Posteo wins hands down. Completely anonymous – proton is but tutanota logs registration sign-up ISP address. You have IMAP, caldav sync, various levels of encryption even for non-encrypted incoming mail, crypto storage feature, aliases, very clear no holds barred privacy policy (unlike Mailbox.org which has a very aggressive no holds barred data collection policy) and you have the greatest bang for your buck anonymous encrypted email / PIM service available. For me its the perfect daily driver. For most sensitive data / business comms I use Proton. Otherwise Posteo is the Swiss army knife made in Germany.
Posteo support is non-existent. I emailed them two weeks ago, and then again a week ago, and they have not responded at all. Just completely ignored.
I email them on a regular basis turn-around time has been 2-3 day at most and I always have very long requests – 3 extensive questions at a time. Support is not nearly as prompt as the 24 hour turn-around Proton support but it’s not terrible on my experience.
I agree with the non-existent comment. Opened a new account last Friday. It was weekend for Posteo. Everything went fine…their operations are smooth. On their (Monday) business day, my username was rejected. Their rationale, “potential for misuse”. I explained have had the username with Gmail for 15 years plus. Sent 5 communications, finally asking for refund. Absolutely no response, other than the automated msg “enquiry received”. It is currently late Thursday (their business day).
If you want to terminate your account you can go to Settings > Termination.
You’ll be given the option to get the money that’s left on your account back, to donate it to Posteo, or to donate it to an NGO (part of Posteo’s income also goes to certain NGOs).
Have been using Posteo now for 2 years or so. Very reliable service. Don’t think I have ever had a ‘down hour’ with them, let alone a down day (and use them daily, apart from perhaps holidays)
Very good guides on their website.
I certainly can recommend them, especially if you want to use an email client like Thunderbird (not possible for example with Tutanota – I know Tutanota have their reasons for this; am just pointing this out).
I signed up for posteo on October 31. During the 10 days I have had an account, I couldn’t access the servers on 2 different occasions for at least an hour. I don’t know exactly how long each occurence was because I had other things to do. Today, I checked for 2 hours before giving up. It was up when I came back home 5 hours later. But I can’t live with this many long outages. Anyone else experience this?
@ MCcoffee,
I’d experienced the same with posteo at least one in the first week of NOV. 2019. Don’t know the reason and it was surely on their end in a no connection.
But it’s my first time ever in having trouble accessing posteo in over 3 years use there.
It’s not normal for it to happen I can attest to this.
Give it another month and see, you should contact their support and advise them of your issue. Possibly postponing your decision to leave. Refunds are for any full months left you have, or in-full within the first 14 days of an account’s open/start.
https://posteo.de/en/help/how-do-i-terminate-cancel
–
I have a slow internet’s speed and use a VPN on top of it.
Posteo will time out (like), showing an error when I’m in my account sometimes.
It recovers quickly and is only momentarily that this error box shows and then I can continue on – otherwise it’s hung up thus the error on the account page.
I feel this is a server (their side) issue again, as I’m active in my account when it happens – not like my browser has many windows open and I’ve gone back in the mail interface window again.
–
Another thing I’ve noticed is uploading attachments (images, documents, pdf’s) with both services of the free Tutanota and Posteo paid.
Tutanota has server issues and will not complete an upload, (though it looks as if it has uploaded super fast), till the sending of the message with an attachment added is hit with “looks like your not connected to the internet”.
You can’t save the message (draft) with an attachment added – only deleting any and all attachments can it be saved then as texts.
* To date almost a year in, Tutanota Free has failed to send a message with an attachment added to it for me… Sad !
–
Posteo will upload my attachments in time and sometimes it’s really hit and miss to sending them. I’m able to save a (draft) with an added attachment(s) most of the time.
It’s more of with sending in a time-out issue and I guess because of my slow internet speed. Local daily time (here and germany) seems important as to the time of day here when a Posteo send of message with attachment is being successful, midnight to 7AM for me local.
Posteo has never failed to send out a message with an attachment added – though sporadic and temperamental it seems considering both servers.
Greetings ; )
Sven thanks so much!
Please keep up the good work. Thank you for responding to my questions. Prior to your Posteo article I paid for my first email alternative to Gmail I chose to pay 1 Eur a month for posteo. Your article you made recently as well convinced me I made the right decision.
I plan to fully delete my Google Account I’ve had since Gmail was in beta in 3-5 years. Maybe earlier God willing.
Thanks for everything. I ended up choosing Posteo and one of the big reasons why was: I researched who the founders were. I liked their vision, they seem genuinely like they are trying to improve the world and to create a green and sustainable product. This was the cherry on top of all the other pros you listed (call me an idealist).
—
https://posteo.de/en/site/features#featuressustainability
Thanks!
..
Nothing wrong with being an idealist, that’s good stuff. I’m glad to have helped you along the way.
Hello,
thanks for review.
Please write Runbox and Mailbox reviews too.
https://www.theverge.com/2019/10/21/20925065/nordvpn-server-breach-vpn-traffic-exposed-encryption
NordVPN Hacked? Can you comment something about this,I’m concerned because i use this vpn thanks to your recommendation,
Best wishes,
Looking into this…
Hi Michael,
Sven’s only going to know what you and I also find out being said.
From your link supplied-
“for a limited period of time, only in that isolated region,” Tom Okman, a member of NordVPN’s tech advisory board, told The Verge.
Okman says NordVPN usually changes the server each user is connected to every five minutes or so, but that users get to pick which country they are connecting through. That means users likely would have only been impacted for intermittent periods of time. The breach also could have only impacted users who were connecting through Finland, which is where the breached server was located.
–
Excerpts – NordVPN Official Response
https://nordvpn.com/blog/official-response-datacenter-breach/
We are not trying to undermine the severity of the issue.
We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers. We are taking all the necessary means to enhance our security.
.
We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program.
We double-checked that no other server could possibly be exploited this way and started creating a process to move all of our servers to RAM, which is to be completed next year.
We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else.
With this incident, we learned important lessons about security, communication, and marketing.
{Comments are open at the link supplied, very well say something there about your being concerned of their lapse in good sense as you’ve recommended them to family and friends}
.
I’d say Nord will only become stronger because of the weakness realized today. It knows it’s in an packed elevator sized space and has just ripped one eye-rubbing – nose holding – – stink…
Funny enough I asked the same question! Worrying… what does it mean.
I also saw this article recently (April 26): makes me nervous. NordVPN behaving strangely
–
https://www.theregister.co.uk/2019/04/26/nordvpn_strange_traffic_domains/
–
Is this a honeypot? Backdoors?
I am not sure what to think. I just wanted a good cheap VEEP and now I might be in DEEP with the state of the Five EYES and the NSA GUYS. I hope to God NordVPN doesn’t LIE. I hope Sven never DIE.
#RapGod
Thanks,
..
Guys, I’d say remain calm. NordVPN is a big provider that has undergone lots of scrutiny, including a full audit by PWC, which was released less than a year ago. It checks out. Regarding the latest security issue, it could have affected one server out of thousands. But even then, this only relates to TLS keys and NordVPN uses perfect forward secrecy, which means decrypting old traffic is not possible. Worst case scenario is a hacker could have attempted to impersonate a NordVPN server, but that’s not easy or probable in the wild. Remain calm.
AGREED – calm down if your in a panic state.
If your worked up – research it, or even look for another VPN. You haven’t lost that much money to be able to justify a ‘move on’ to another VPN have you ?
– What better timing to check out a New VPN close to the best prices of the year given.
Black Friday – Cyber Monday…
Your recent article on this issue worked better than a Xanax.
Sensationalized headlines and being heavily in the front page of a lot of news aggregators + reading comments almost made me think buying a 1 year+ sub was a bad idea. I feel INFORMED now.
Huge difference between Posteo and ProtonMail: Posteo is self-supported and financed by its users only (hence the absence of free-tier), while ProtonMail is dependent on external investors (and has been harshly criticized for that), which is always bad for privacy. This essential aspect shall be covered in this review.
Disclosure: i’m a happy user of posteo.
Yep, we stated in this review, “The company prides itself on the fact that it’s entirely self-financed, with no loans, debts, or foreign investors.”
Regarding ProtonMail, we also dug deep into the investor situation, where we found millions of dollars coming in from United States venture capital firms and millions from government agencies (European Union). This is discussed in the ProtonMail review.
I have been using Posteo for couple of years and really and very unfortunately my advice is : stay away from it. Do you want your email flooded with spam like “wonderful Russian brunette wants to meet you, reply and I will send you my pics” and NO you do not need to surf adult sites to get these. Their spam filter simply does NOT work. I have sent over a hundred of these emails back to Posteo to review as the company ask for and nope nothing changed. These spams are not just annoying they are a security threat as they may contain scripts or viruses. Really STAY AWAY FROM POSTEO.
Guy L, I’m having a different problem with posteo. Have you found a service you like?
You can create a filter by going to Settings > Filter.
Also, I think you can create a spam folder, to which your filter could move filtered messages to, by going to Settings > Folder.
No you cannot create any spam folder as clearly stated in the review above. What you can do is sent back spams to be “analyzed” by the company. I have done so with more than 100 of them and no your email keep being flooded by emails from nowhere “beautiful Russian brunette wants to know you” these emails are a security threat and the company basically does nothing satisfactoty to solve this problem. Spams that would immediately be detected in a not private at all email service like Google.
Hey Sven, can you do a review of https://ctemplar.com
Thank you very much Sven for this review, just like you promised! 🙂
Hey Sven, please do a review of SurfShark VPN! Eagerly awaited.
Yep, it’s coming eventually.
Based in UK. Nothing else worth noting.
Dear Thanks for bringing up Posteo email. I need to point out few misconceptions about the things you mentioned.
1. First all you can signup for Posteo without paying a penny. I signed up like that and used it for a week before moving to Posteo completely.
2. “It is ideal for mobile users”- Why would you use an email on mobile browser?. Posteo has a very good setup for iOS and Android devices. On iOS it syncs the mail, contacts and even notes natively. You just need to follow their setup instructions. On Android you can use it with K-9 Mail and you can sync contacts / calendar with davx5. It is way better than Tutanota or Protonmail Apps.
Please look into these and update the article 🙂
FYI : I am using Posteo for 3 years after closing my account with Tutanota.
Excellent article as always Sven. Looking forward to a complete and through review of all Instant Messengers!
– A Satisfied Reader