Mailfence is a Belgium based email service that supports PGP without any third party software or addons. This allows you to send encrypted messages to and from user of Protonmail, Thunderbird w/ Enigmail or any other platform that supports PGP. With Mailfence, you do all of this from the web interface with little to no configuration required.
Mailfence Key Store
Mailfence has a built-in key store to hold your private key and any public keys you acquire throughout your emailing journey. Your private key is, of course, encrypted with a password that you choose. Even though Mailfence has access to your keys, they cannot use them to decrypt or sign messages without your private key password. This means that any PGP encrypted emails you send through Mailfence re protected with that password, so make it strong.
The login password is completely separate from your private key password. Protonmail does this by using your login password to secure your private keys. It’s similar to how Protonmail handled it in the past with their two password mode.
Sending emails to outside PGP recipients
Encrypting to outside PGP recipients is simple enough, first add your recipient’s public key to your key store which is as easy as clicking on it and choosing “Add to key store”.
When you click the encryption button, you send back an encrypted reply. Don’t forget to attach your public key so they can send an encrypted email back to you!
When you get an email back, you will be prompted to decrypt the message by supplying your private key password. This is the default state of encrypted messages, Mailfence can only see that there is an email and any metadata associated with it. They cannot see the content without that password, so keep it safe.
Sending emails to normies from Mailfence
Similar to Protonmail, emails can be encrypted to outside parties, that have no way of utilizing PGP, with a symmetric password. This password has to reach the recipient through another communication means. It would be completely pointless if an employee at Mailfence could open up two of your emails: one encrypted and one with the password.
What the recipient gets is also very similar to Protonmail. The recipient will receive a link to decrypt the message on Mailfence’s servers.
The recipient is brought to a page asking for the password you agreed to beforehand after clicking on the link. After entering the password, the message will be readable. The recipient has the option to send back an encrypted reply back to the original sender. The message will be deleted from the server and the link will no longer work after after a predetermined amount of time.
The reply sent back to your Mailfence account is encrypted by default. It has to be decrypted by the same password the recipient used to decrypt their message.
Mailfence is another great email service for sending secure emails. The only main issues we found with it was the inability to create an account without using an alternative email. Trying to get around it with a temporary email platform is also not possible because they block most of them. This means if you want to create an account, you need to make an account on another email platform first. It’s also not possible to remove the alternate email, so make sure you secure that email.
Speaking of security, Mailfence supports Two Factor Authentication (2FA) on account login and has no weird password requirements. We successfully tested a 100 character password with letters, symbols, and numbers with no issues.
With a paid Mailfence account, you get aliases, custom domains and IMAPS/POPS support. More details on that here: https://mailfence.com/index.jsp#plans