PGP email encryption (GnuPG) how it works and how secure and ‘private’ our services really are.
Services provided by any of our members are not meant to be used for illegal activities or other kinds of abuse. If our system administrators notice possible abuse (spam) we will suspend provided services at our discretion. If we receive a court order we can only release information that we actually have like a mail file. So we suggest that everybody use GnuPG(PGP) email encryption, since we do not separately encrypt your mail spool, this is your own responsibility with GnuPG(PGP).
We explicitly say that we do not guarantee your privacy at any point, nobody can! Our servers and services are configured using best security practices to achieve reasonable above average security for your email messages.
While your email is in transit we support TLS for every incoming and outgoing mail server, as long as TLS is supported by the remote server the body of your email message will be not transmitted in clear text. If a server does not support TLS your message will be transmitted in plain text, this is the reason why you should be using GnuPG(PGP) to encrypt the body of your email.
While using GnuPG(PGP) email encryption it does not mean that absolutely no traces can be found of your activities! There is still meta-data generated when you use e-mail services like with who you are mailing with and when, the subject of your message is also not encrypted. We do keep logs, but only for a short time for and technical reasons only, but so does the remote mail server.
Your private key can be generated and stored on our Roundcube webmail server. If you use GnuPG(PGP) via webmail, you can always download your secret key on a USB stick and remove it from the webmail server after using to keep it safe(r). However if you lose your private key you will no longer be able to decrypt your mail.
Or you can choose to use imaps and store your GnuPG(PGP) secret key on your own preferably encrypted computer. This is the best practice since a private key on a webmail server can be ‘captured’ and brute forced if you used a weak short password.
Contact one of our members if you have further questions about our services or if you want an account.
Let’s keep our mail private!