Mailfence Review
Offering some light planning capabilities as well as secure email, Mailfence is a pretty interesting provider. Though we don't rate it as highly as some of its competitors, we definitely see a spot for it with some users. Read our full Mailfence review for the details.
Mailfence is a secure email service designed to protect user privacy. It allows you to send encrypted messages, keeping them safe from big corporations and anyone who might be spying on your connection. Mailfence has been doing this for a long time, too, founded all the way back in 1999.
In this Mailfence review, we’re going to see if time brings wisdom as we dissect every aspect of the service. We’ll touch on features, pricing, security, privacy and more, all before giving our verdict. For the most part, Mailfence is a solid service, but if you want to see our favorite secure email provider, head over to our ProtonMail review.
Strengths & Weaknesses
Strengths:
- Multiple encryption options
- Calendars built in
- Free document storage
- Free email plan
- Strong privacy policy
- Clean interface
Weaknesses:
- A little advanced for newcomers
- No native email clients
- Few support options
Features
Mailfence is surprisingly robust when it comes to features. It’s less of an email application and more of a communications and planning platform. Along with encrypted messages, Mailfence comes with a private calendar, user groups and some amount of document storage, depending on your plan.
Where Mailfence stands out most, though, is in customization. Unlike other encrypted email services, you’re not forced to encrypt every message. You can send regular messages over a SSL/TLS channel just fine, or protect them with a password for symmetric encryption.
Mailfence isn’t trying to be the email application you reach for just to send sensitive information. It wants to cover all of your email needs.
There’s one area where Mailfence falls short, though. There is no Mailfence app. No matter if you’re paying or not, you have access to the web application — and the web application alone. If you’re paying, you can see your messages with external email clients, but that’s not an option for free users.
Overall, the features are good, covering everything from backing up your account to customizing your encryption for each message. The problem is that there’s no app, making Mailfence a tough sell for mobile users, in particular.
Mailfence Features Overview
Features
- RSA, AES
- End-to-End Encryption
- Zero Knowledge
- Custom Domain Support
- Android, iOS, Web
- Open Source
- Free Plan
Support
- Knowledgebase
- Paid users only Email Support
- Live Chat Support
- Phone Support
- Subreddit Forum
Pricing
When it comes to pricing, Mailfence takes a different approach than, say, Tutanota (read our Tutanota review). Instead of focusing its lineup on businesses, like most other secure email services do, Mailfence offers four plans for individual users. There are business plans — we’ll get to them in this section — but for the most part, Mailfence is focused on personal use.
Note, the prices in the table below have been converted from euros, based on the exchange rate at the time of writing.
Free | |
Entry | |
Pro | |
Ultra |
There’s a free plan, which already puts Mailfence ahead of Hushmail (read our Hushmail review). It’s as basic as they come, with 500MB of storage for your emails and 500MB of storage for your documents, but it’s nice to have around. Compared to the paid plans, the free version doesn’t include custom domain support, and you can’t use protocols like IMAP and SMTP.
That’s where the paid versions come in. Each paid plan comes with mostly the same features, including custom domain support, phone customer service and email protocol support. The only difference between them is storage space, email aliases and groups.
For most people, the Entry plan is more than enough. With 12GB of document storage, three groups and 10 email aliases, it has everything you need, and at a low price. Of course, the numbers for the Ultra plan are more impressive, but considering you can get a lot more storage space for a lot less with our best cloud storage services, it’s not really an option.
You should start with the free plan, though, even if you plan to upgrade to Entry. That’s because, even though Mailfence offers a free service, there are no refunds.
That said, you can pay with bitcoin and other cryptocurrencies, so at least there are anonymous payment options. Mailfence also donates 15 percent of all Pro and Ultra subscriptions to the Electronic Frontier Foundation and the European Digital Rights group.
Mailfence for Business
Mailfence provides business subscriptions through custom quotes only. Outside of being set up for multiple users, business subscriptions come with a long list of customization options, including integration with SSO services like OneLogin and full white labeling.
Business subscribers also have access to the Mailfence API. For those who don’t want to get their hands too dirty, there’s an account control panel, too.
Ease of Use
Mailfence’s website isn’t the prettiest, but it gets the job done. Signing up for an account is simple. At the bottom of the home page — the only page on the site — you can create an account. No matter if you want to purchase a plan or not, you need to create a free account first. Once it’s activated, you can upgrade.
After logging in for the first time, you’ll land in something similar to an account dashboard, but that’s not quite what it is. It’s a page filled with just about every detail of your account, as well as everything you can do with your account. This page isn’t an eyesore or anything. It just feels like Mailfence dumps an account in your lap, asking you to figure things out.
The problem is that, even after you’ve signed in, you don’t have an email address yet. You can’t create a totally custom email, either.
In the right menu, you’ll see an option to create your new email address. Instead of allowing you to enter what you want, there’s a dropdown with variations on your name and username. The screen says you can edit these values to further customize your options, but when we clicked the “edit” button, it didn’t go anywhere.
It seems broken, frankly, especially because after clicking that button, we were forced to continue clicking back until we reached the login screen. It was annoying, to say the least.
Beyond that, things are much better. Mailfence has a clean interface overall, and although the settings are dense, they’re not formidable. Sending messages can be a little overwhelming, though, especially if you haven’t used asymmetric encryption before. Unlike other encrypted email services, Mailfence doesn’t just automatically encrypt all of your messages.
Instead, you’ll have to generate a key pair in the settings if you want full encryption between OpenPGP services; if sending to a different email service, you’ll have to send a password. Although daunting for newcomers, none of this is difficult to do. The problem is that Mailfence doesn’t explain any of it.
Mailfence lives in this strange gray area when it comes to usability. It’s easy to use, there’s no question about that, with a clean and responsive interface. It’s not exactly accessible, though.
This is a shame because Mailfence has extensive documentation covering every aspect of the service. This documentation just happens to be through a link in the footer of the website, not laid out as a tutorial when you first log in.
Security
Mailfence is an OpenPGP email service, providing end-to-end encryption between two users who’ve shared their public keys. This form of asymmetric encryption is standard for most secure email providers. It’s relatively easy to use, reliable and — above all else — secure. Plus, OpenPGP is open source, which is always a good thing.
That’s the baseline for email security. Mailfence goes a bit further. At rest, your email is encrypted using a private key. However, you can manage multiple key pairs using Mailfence’s integrated keystore. That allows you to import existing keys if you’re coming from another application or manage multiple pairs if you have a need to do so.
For encryption, you can use RSA or ECC, which is encrypted using a password that Mailfence has zero knowledge of. If you’re sending an email to someone who doesn’t know how to use a key pair, you can send a password-protected message no matter what provider they’re using.
In short, instead of asymmetric encryption, these messages use symmetric encryption, where a single shared key — in this case, a password — is shared between the users.
Mailfence’s most unique feature, though, has to be digital signatures. You can digitally sign OpenPGP messages you send with your private key. Essentially, once the message is decrypted on the recipient’s end, Mailfence will check a hash of the private key signature against a hash of the private key used to encrypt the message. If they match, all is well. If not, the message is considered void.
Outside of all the high-level encryption, Mailfence has some practical security measures, too, including two-factor authentication with support for the best 2FA apps, perfect forward secrecy and SSL/TLS encryption for messages in transit, no matter if you’re using OpenPGP or not.
Mailfence also forces SMTP on all outgoing messages, making plaintext messages and things like TLS downgrade attacks impossible.
Privacy
It’s clear that Mailfence’s privacy policy was written by a person, not a lawyer. If the information isn’t in a bulleted list, it’s explained in a paragraph with no more than a few sentences, all free of legal jargon.
At the top of its privacy policy, Mailfence makes it clear that it doesn’t cooperate with law enforcement outside Belgium, where Mailfence is based. Even then, it often turns down requests for user data. Furthermore, none of your information is sold or traded to third parties.
However, it’s important to get this out of the way upfront: Mailfence does collect some of your information. That includes your IP address, message IDs, addresses for the sender and recipient, email subject lines, your browser version, the country you’re connecting from and timestamps for all of your messages. That’s in addition to the external email you enter when you register for an account, along with your payment information and full name.
When it comes to protection from government agencies, Mailfence has a transparency report. Since the start of the service, it has had 43 requests for information and it provided user information in 27 of those cases.
Privacy is a tricky subject, and Mailfence is caught in the middle of its own messiness. Data collection still happens, even if Mailfence isn’t sharing that data with other sources. We know secure email services can get by with a lot less — Tutanota is a good example of that — so with Mailfence, we’re left asking, “why?”
Belgium is part of the 14 eyes, and although that’s not a telltale mark of a privacy-unfriendly service, it does raise a few eyebrows. We trust Mailfence, given its multiple decades as a service. The fact that it sticks on the privacy point so much is strange, though, especially when there are other email providers that collect less data.
The Verdict
Mailfence gets a lot right from, from top-notch encryption to a robust list of features. For us, it comes down to the email clients and the fact that Mailfence isn’t open source. Those are two glaring issues on an otherwise excellent service. As long as you’re willing to use a third-party email client, though, Mailfence is a home run.
What did you think of this Mailfence review? Are you going to sign up for a free account? Let us know in the comments below and, as always, thanks for reading.
Mailfence FAQ
Does Mailfence Have an App?
No, Mailfence doesn’t have an app. Free users can only access their email through the web application. Paying subscribers have the option to use external email services with a wide range of protocols, including POP, IMAP and SMTP.
Is Mailfence Secure?
Mailfence uses OpenPGP, which provides end-to-end encryption. Messages are encrypted locally on your device before being transmitted over a TLS tunnel. For decades, this has been the standard for encrypted email, making Mailfence a secure service.