Founded in 2009, Posteo is a respected secure email provider based in Germany. The service is very affordable, yet goes above and beyond to ensure the privacy of its users. This is particularly important today when even organizations like the International Monetary Fund (IMF) believe that your personal data should become a public good (with appropriate protection for your privacy, however that might work).
In addition to their strong encryption options, Posteo also supports the SMTP, POP, and IMAP protocols. This means you can use Posteo on any device, with any email client that supports these protocols.
Based in | Germany |
Storage | 2 – 20 GB |
Price | €1.00/mo. |
Free Tier | None |
Website | Posteo.de |
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Configurable spam filter
- Migration service for moving from another email service to Posteo
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocol + Two-Factor Authentication
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- Germany is a 14 Eyes country
- No trial or free version
- Cryptocurrency payments not supported
https://Posteo.de/
Today we’re going to take a good look at Posteo. Depending on your threat model and other needs, it could well be the secure email service you have been looking for.
Posteo features overview
More than just secure email, Posteo provides a suite of services. You get secure:
- Email with attachment browser and photo streaming
- Calendar
- Address Book (contacts)
- Secure Notes
Like Mailfence, Posteo aims to offer a fully-featured alternative to Gmail. Interesting features of Posteo include:
- Reliance on a true “green energy” source from Greenpeace Energy.
- Their anonymized payment system, which separates your personal payment information from your account information.
- Easy integration with many email services and clients
- SMTP, POP, IMAP, CalDAV, CardDAV support
Posteo company information
Posteo is headquartered in Berlin, Germany, where it has been operating since 2009. The company prides itself on the fact that it’s entirely self-financed, with no loans, debts, or foreign investors.
Their services are anonymized to the maximum extent practical, in line with their company vision, which is,
…to provide an impetus for greater security, privacy and sustainability on the internet, and offer alternatives.
Thanks to their focus on this vision, their userbase exploded after the Snowden leaks in 2013. Since then, they have continued to push forward. In 2014, they became the first German company to publish a Transparency Report. They were also the first company in the world to implement DANE, DNS-Based Authentication of Named Entities.
On the sustainability front, Posteo relies on real “green energy” from Greenpeace Energy. They recycle paper and use energy-efficient hardware. They even manage their money in a sustainable way. See their Sustainability page for more information.
Posteo technical specifications
Posteo uses a range of encryption algorithms and techniques, some of which are user options. These include:
- TLS with Perfect Forward Secrecy (PFS)
- DANE/TLSA
- HTTP Strict Transport Security HSTS
- SSH
- Optional Two-Factor Authentication (2FA) with TOTP support
- dm-crypt/LUKS encryption on the mail servers
- Optional on-server email encryption with RSA, AES, HMAC, and bcrypt hashing
- Optional inbound message encryption with S/MIME or OpenPGP
- SMTP, POP, IMAP
- CalDAV and CardDAV
Posteo also explains on their encryption page that they have undergone “an external, multi-level security audit” performed by Cure53. Cure53 is a reputable cybersecurity firm that also conducts VPN security audits, such we discovered in our ExpressVPN review.
While Posteo provides a secure service, end-to-end (E2E) encryption of your messages is not provided by default. They go to great lengths to protect your data, but as they put it,
In addition to our measures, you can also become active yourself – securing your emails’ content using personal end-to-end encryption.
To use E2E encryption, you need to install the Open Source app, Mailvelope. Instructions for enabling and using email encryption are here.
Posteo hands-on testing
For this Posteo review, I used the standard version without any extra storage or optional elements.
Signing up for Posteo
The experience of signing up for Posteo was somewhat different than that of other email services I’ve used. It was not difficult, just a bit confusing and unusual. See the Plans and Pricing section of this article for more details.
The look and feel of Posteo
Posteo has a pretty standard user interface. It is based on an Open Source email client called Roundcube, but has been modified to include the additional functionality that Posteo provides. In the following sections we’ll examine the interface and various elements, starting with email.
The email section of Posteo is pretty standard. It includes the options you are most likely to need displayed where you can easily find them. Assuming you are not using end-to-end encryption, creating, sending, and receiving messages is simple.
Here’s the basic layout of emails in the Posteo inbox:
Posteo has a spam filter that will protect you from known spam sources. In Settings you can configure the filter by entering email addresses that are not spam. In effect, you create a white list of email addresses that should be ignored by the spam filter.
Sending and receiving messages
Sending and receiving messages works as you would expect. However, you may have more options than normal, given all the customization and preferences. Here’s what the New Message window looks like, with HTML message formatting selected:
If you are going to send or receive an end-to-end encrypted message, things get a lot more complicated. For full instructions on using Mailvelope to encrypt/decrypt messages, visit the Mailvelope Help page.
If you are considering moving over to Posteo from another mail service, you can take advantage of their migration service. This can bring over your email and the file structure from up to three other email services.
NOTE: For additional security, you can tell Posteo to encrypt your mailbox. However, if you do this, and subsequently lose your password, no one, not even Posteo Support, can recover your encrypted messages. Furthermore, you will no longer be able to retrieve mail on other email clients. Lastly, I’ve seen reports that encrypting your mailbox prevents the search function from working.
New: Attachment browser with photo stream
Towards the end of 2020, Posteo introduced a new feature: the attachment browser. As the name implies, it allows you to view attachments separate from the emails they are attached to.
As you can see in the image above, the attachment browser can display attachments as a file list. If you click the Images icon, you will instead see all the attached images as a photo stream. The attachment browser adds a lot of flexibility to the way you can handle attachments. For all the details, read this blog post.
Address book
The Posteo Address Book has all the features you would expect in a modern email service. This includes the ability to store a photo and personal info about each contact, as well as synchronization and Group features.
Beyond that, Posteo can import your contacts from many other services. It can even encrypt your Address Book, such that not even Posteo can view your contacts. As with encrypting your mailbox, if you lose the encryption password, your contacts are lost beyond retrieval.
Calendar
Pretty much everything I just told you about the Address Book applies to the Calendar as well. It has all the features you would expect. This includes the ability to import your data from other calendars, merge external calendar feeds into your calendar, share items, view it on other devices, and receive reminders.
As you might expect by now, you can also migrate calendar data from other services and encrypt your Posteo calendar. Finally, you have the same risk of losing everything if you misplace the password for the calendar.
Notes
The Posteo Notes section works a little differently than the other sections of Posteo. It gives you the basic functions you would expect.
Interestingly, Notes seems like a separate application that works with Posteo rather than being closely integrated into the product. For example, Notes will resize itself to fit whatever size screen it is on, unlike other sections of Posteo. In addition, if you activate the Additional Email Protection feature, Notes stops working.
Posteo options
Posteo offers a vast number of options you can use to tweak the service for your particular needs. To get to them, click the Settings icon in any Posteo window. This takes you to the My Account page:
As you can see, there are a ton of options you can select, far more than we could discuss here. Clicking the Preferences icon likewise gives you another huge set of things you can configure.
If you are looking for an email service that you can configure the way you want, Posteo could be that service.
No mobile and desktop apps
Posteo does not have any mobile or desktop apps. To work with the Posteo system you can use the browser interface on desktops, or a third-party email client on desktops or mobile devices.
While the browser interface may serve your needs on a full-sized desktop computer, you will definitely want to use a third-party app with mobile devices. Posteo’s mobile browser interface is not responsive or adaptive to smaller screens.
When using the browser interface on a mobile device, you can only see a part of the interface at a time, making it really annoying to try to use Posteo this way. Here is an example of what the browser interface looks like on a Samsung Galaxy S9+, a phone with a high-quality, hi-resolution display:
Not ideal for mobile users.
Posteo support
The Posteo Support team has a good reputation. The only drawback is that they do not have a support ticket system, nor any kind of live chat. They may need 24 hours or more to get back to you. This can leave you in limbo, wondering when someone will help or if anyone has seen your request.
One thing that particularly stands out about Posteo Support is their incredibly extensive and usable written documentation. The website itself is full of useful information designed to tell you everything you might want to know about Posteo before you send them any money.
The Help section also has a ton of how-to and troubleshooting information. If you ever run into problems with Posteo, I recommend taking a few minutes to search the site and the help system first. Chances are good you will find the answer to your question without having to send an email to Support.
Posteo pricing and plans
Posteo has a single pricing plan with a few options. The plan is very affordable, at one 1 Euro per month. However, there is no free trial offered and you must pay for a minimum of 12 months up front. You do have the “Right of Revocation,” which works like a 14-day, no questions asked, money-back guarantee. Plus you can cancel at any time and get a prorated refund of any unused credit.
You can pay for your account by PayPal, credit card, bank transfer, and by sending physical cash in the mail. When you sign up and enter your payment details, you get partial access to the service. Full access is granted once your payment is processed by the company.
I found the whole Posteo signup process to be somewhat clumsy and confusing. However, there is a good reason for this. Posteo supports completely anonymous registration and dissociates your payments from your account. If you pay with a credit card, PayPal, or some other digital method, they manually separate the payment information from the record of your account. This means that there is no personally identifiable information connected with your account:
Since our founding in 2009 we use our own anonymisation process for all payment processes that completely separates them from accounts.
You can find out more about this anonymization process here. Nonetheless, you can still purchase an account with an anonymous payment method for added safety.
If you value privacy and security, this separation of personal data from your email account surely justifies some small inconvenience and delay at signup time.
Does Posteo keep logs?
In terms of respecting user privacy through minimal logging, Posteo does pretty well. Here’s one section from their privacy policy:
In conformity with the law, we strictly do not collect and save any IP addresses that could be traced back to customers. This was independently confirmed in an audit report by the German Federal Commissioner for Data Protection. We also do not collect your IP address if you visit our website or if you use our contact form or webmailer. We also do not collect or save your IP address if you use an external client to retrieve your emails via IMAP or POP3 or to transmit messages via SMTP to be delivered by us. In the communication between email servers via SMTP, we come to know the IP addresses of other email servers (for example IP addresses from GMX and Gmail servers). The IP addresses of provider servers are only logged in the logfiles when errors occur and deleted after 7 days.
We exclusively record errors that occur when sending and receiving emails to quickly identify and correct technical disruptions and errors. We delete this data, which cannot be traced back to an individual, automatically after 7 days. In addition, we create generic, anonymised system usage and capacity statistics. These statistics also do not contain any personal information or IP addresses.
Reading through the privacy policy, I did not identify anything alarming. It’s also great to see email services undergoing third-party audits, which is a trend we’ve discussed with no logs VPN providers, such as NordVPN and ProtonVPN.
Seeing that Posteo protects your privacy is reassuring in the face of recent hacks of German government email accounts by the Russians. It isn’t just US-based mail services that are being targeted by state-sponsored attackers.
You can also see the Posteo Transparency Report, which discloses the data requests they’ve received and processed. Lastly, as we’ve noted before, if you are concerned about your IP address being logged, simply use a good VPN service to hide it. Two of our top recommendations are NordVPN and Surfshark.
Should you consider Posteo?
Okay. The question is, “Should you consider Posteo?” The answer is, “Probably.”
This is a company that really goes out of its way to provide a secure email service. They’ve been around for more than 10 years and have a solid reputation. The service is rich with features and offers a huge amount of options you can customize for your needs.
On the other hand, all that customizability makes it more complicated.
Do you want extra encryption on the email stored on their servers, or do you want to be able to work with your email on your phone?
Do you want to encrypt your contacts so that no one, not even Posteo can see them? Or perhaps you want Posteo Support to be able to recover them for you if you lose your password…
What I’m saying is that you will need to put some thought and effort into getting Posteo to work the way you want it to. This is in contrast to other email providers that are maximum security by default – no customization necessary.
Which leads us to…
Posteo alternatives
If Posteo isn’t the answer for you, which services should you investigate instead? Surely, one service to check out is ProtonMail.
ProtonMail has similar features to Posteo, including strong security, and end-to-end encryption, but without so many options. It also offers a way to send encrypted messages outside the system without the headaches of PGP. To learn more, check out our ProtonMail review.
Tutanota is another email service to consider. It too has similar features, with fewer setup hassles, along with default end-to-end encryption and the ability to send encrypted messages without all that PGP fun. Learn more in our updated Tutanota review.
Lastly, Mailfence is another good option we’ve covered that is also feature-rich. However, it does not offer the same level of (high) security as Tutanota or ProtonMail. Curious? Here’s our revised Mailfence review.
Posteo review conclusion
Posteo is a very privacy and security-conscious product that will work well for many types of users.
It offers lots of scope for customization if you are willing to invest the time to customize the service to your liking. Posteo is also the most socially conscious email service I’ve run into so far, if considerations like sustainable energy and finance are important to you.
You can learn more about Posteo on their website here.
And here is a list of other secure email services that we have reviewed:
- ProtonMail Review
- Tutanota Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Fastmail Review
- Runbox Review
- StartMail Review
This review was last updated on January 19, 2024.
Luka
This review was the reason I decided to test drive Posteo.de. (It says that review was written in January 2024, but I think I came across this article somewhere around end of 2022 or maybe January 2023…) Anyway…
Since then, I have been actively using postoe.de for personal communication only. I just wanted to share a few points in case someone outside EU zone reads and is interested in signing up for the service.
First, I agree with all pros in the article. They are all true for me. This review really reflects what posteo.de is except a couple of inaccurate and missing information – most likely- because at the time of the review some features were not implemented but became available after the review was posted or updated. Corrections and additions are as follows :
* posteo.com option is indeed available, along with posteo.net and posteo.org. More than 30 country domain extension are available, i.e. com.br .co.uk etc. to create aliases.
* There is a spam folder and user gets to choose how they want to handle (options either by posteo or by user themselves) This is superior to mainstream email providers as even if you choose incoming emails to be handled by automatic filters, posteo logs rejected emails for you to see. Just like some business email hosting services do. I haven’t received any spam in the last 12 months or so, but I tested it by forwarding spam emails from another account to my posteo account. Nothing escapes. It works.
* It is true that custom domains are not allowed, but the reason is not incapacity. This is on purpose and well explained in their f.a.q. which is something still superior to any existing encrypted email service in the market. I don’t need custom domains because posteo is for my very personal, confidential communications that truly matter to me.
* It is also true that they don’t have a native phone app, but posteo by design seems to aim data economy and all their security and privacy features and capabilities must base on this principle. No random, futile logging, tracking, usage of software hardware if there are already secure and efficient alternatives. This is how I understand the principle… Like most people, I also use FairEmail app for example, which is literally the only secure and private email client for Android.
Also in the review, it is stated that browser interface is not good on mobile, but it worked fine for me when I tested it in 2023 via FireFox Android and Brave. Maybe they fixed it before I signed up, or maybe it is causing issues on some phones, I wouldn’t know. In any case, with FaireEmail no need to go through browser thing anyways. I have no clue for IOS though. Never had one.
*You can actually purchase S/MIME certificate with posteo just for a few bucks even for all your aliases. I couldn’t believe my eyes at first, but I can assure you, it is true. It would have been a sin if I hadn’t purchased one.
As I said above, the RP. review accurately reflects what posteo is: Top-notch security and privacy AND anonymity. In my opinion, it is the perfect choice for personal use, just like I do. Therefore, I want to focus on more what bothers me below and what I am not very satisfied with:
* posteo ( while I am writing this comment) still doesn’t have the option to create app specific password. This incredibly necessary feature seems to render TOTP, 2FA and other very strict security features and encryption meaningless in my opinion, if a third party app is used. I am not sure how they justify this. By chance I had a few exchanges online with a couple of random posteo users from Europe in late 2022 and one of them told me that posteo customer service never gave them an answer to this question (He was pretty pissed) and the second person I exchanged with (He said he resides in Germany) told me that he sent customer service an email, and they replied with a short message that they were considering to implement this feature. He said he moved to another service after that response because he also had custom domains to transfer, which posteo does not support. I never dared to contact customer service about my issues, so, I tend to believe these guys.
* posteo interface is straight basic roundcube. I had seen this before with vivaldi.net years ago. I really liked it back then. When I saw it in posteo I was very happy in the beginning but soon realized that a lot of basic roundcube features that are actually available and make life easier for the user are not present in posteo. For instance, there really isn’t an option to change the layout. I have to use the classical horizontal pane, which is inarguably the least convenient option. There is no way to change it to vertical 3 pane layout like in any other mail basic mail service. Even a company like vivaldi.net had that years ago. That is very frustrating for me. It is really difficult to work in posteo web mailer with the current layout.
*With posteo you might feel like you are on a deserted island. No movement or communication about the service, no independent information source other than native posteo website help pages, no event announcements, no public user discussion forum, newsletter etc., the usual stuff that the North American audience is familiar with. Radio silence unless you intentionally contact customer service.
That’s it! That’s all I have to say about my experience. I recommend this service.
Nick
I’m very happy with Posteo!
Alex
Since autumn 2023 posteo has .com addresses and a spam folder and spam-log. See posteo.de/en/blog
alan
Posteo + DavX + Fair Email + Openkey Chain is the ultimate email privacy setup with PGP encryption
As
Hello
Now Posteo offers the possibility to configure a “standard” spam folder.
A.
Ari
Tried to sign up with Posteo tonight. Got as far as the confirmation page. They wouldn’t accept my US-credit card. Tried THREE times, including answering their anti-spam questions. Never took. Shouldn’t be that hard to buy a service. I’ll look elsewhere.
Daaaamien
Flawless on iPhone as well.
Damien
When you create an account, it is written explicitly that Posteo cannot recover your password if you loose it. This is by purpose, for security reasons.
ShoppingForEmail
Hello, thanks for these articles – very helpful.
In the list under the “Pros” heading, it says that Posteo encrypts subject lines.
But when I clicked the “Mailvelope Help page” link further down, that page emphasized that it does not encrypt subject lines.
I would presume the Mailvelope page is the most accurate. Any thoughts?
Sven Taylor
I think when Heinrich wrote this, he was referring to encrypting the inbox at rest (not in transit with messages) from here:
“With Posteo, you have the possibility to encrypt all the email data in your account at the click of a button. The encryption encompasses not only the content and attachments for all emails, but also the corresponding metadata (email header, sender, recipient, time, subject, etc.).”
So I deleted that bullet point as it could be confusing.
Jonathon Poppleton
Can somebody recommend an email client for iPhone that respects privacy. I’m happy with Posteo and managed to sync my email contacts with my phone contacts. I don’t like keeping contacts in iCloud or gmail.
Hans
I cannot agree more!
Hans
Don’t know what you mean.
I’m using my aliases for years now. Of course they don’t get deleted.
Hans
None.
Using K9 for mail (there are others), and davx5 for cantact and agenda sync. Work flawlessly and secure.
Hans
Strange, using Posteo for years, never had a single spam-message.
Dan
Can you login with an alias address? or just with the main email address?
Hans
You can (and should imo).
zorro
no you can NOT !