Openmailbox.org is a secure email provider and file storage service based in France that is owned by the firm SASU Initix. Being based in France is not particularly comforting for privacy reasons, due to the nation’s surveillance hungry government and intelligence practices.
The French government has been criticized by Human Rights Watch for its mandatory data retention directives, and French surveillance laws passed in 2014 and 2015 give the government overreaching access to sensitive private data without transparency or judicial oversight.
The rest of this review is based on an analysis of its policies and is designed to inform anybody that might already have an account and is wondering whether to keep on renewing their current subscription.
OpenMailBox.org how much does it cost?
OpenMailBox is a cloud services provider that promises to give its users' privacy by leaving their data alone. Users can opt to get either a free account with 5 GB of storage space or a premium paid account with 500 GB of storage for 4.99 Euros per month (the equivalent of $5.80).
There can be no doubt that 5 GB of storage space is extremely generous for free. However, it is worth noting that since the developers of OpenMailBox decided to change the firm from a non-profit organization to a Limited company - the number of features available in the free service has shrunk.
Thus anyone who wants access to features like IMAP/POP/SMTP, custom domain hosting, and unlimited contacts, will need to pay for the full version. On the other hand, if you are happy to access your emails via the firm’s webmail client - this service might be worth considering.
Below you will find the full list of features available with a paid account. However, it is worth noting that the free service is a massively stripped back version with only the bare essentials.
- Cloud storage
- Unlimited contacts
- Unlimited calendar events
- Custom domains
- No ads
- Webmail platform
- Two-factor authentication
OpenMailBox.org is based in France which raises some concerns when it comes to privacy. The nation is part of the greater Nine Eyes surveillance treaty and it has passed a number of surveillance laws that permit government snoops to access communications data without the need for a warrant.
The OpenMailBox website claims that all customer data is stored on servers in “privacy respectful countries.” However, it is not particularly transparent about where those servers are. The service is also rather lacking in any actual technical information regarding how customer data is secured.
Under the circumstances you are left to trust the firm, and, we see no real reason to trust it considering the somewhat deceptive statements on its home page.
The ToS explicitly forbids users from using the service to “send unsolicited, bulk or libellous messages or messages with the purpose of promoting illegal activities or intended to be harmful or destructive, to breach privacy or intellectual property rights, or which contain abusive, fraudulent, language or any other type of content prohibited by law.” While not explicitly stated, one can only presume that if the firm is presented with a warrant it will comply with law enforcement if it is believed that one of those illegal activities has been carried out by a subscriber. In fact, the firm reminds users that they could be liable:
“We do not filter or censor the content that you send or receive via our services, and therefore, we cannot be held responsible for the distribution thereof. The account provided to you belongs to you and you are fully responsible for it; it must not be shared, sold or made available to any third party under any circumstances; otherwise, you may be held liable.”
OpenMailBox.org claims to run on a completely open-source (freemium) software, and it does appear to be some sort of Unix virtual mail solution implemented with RoundCube.
However, we were unable to find any evidence of the code for OpenMailBox published online (we couldn’t even find it on Github), and it does not appear to have been audited to check whether it is actually secure.
Thus any claims made by its developer Pierre Barre must be taken with a pinch of salt. For all we currently know it could be completely insecure or full of backdoors.
All data that passes from your browser to the webmail portal is protected with HTTPS encryption, and we checked its TLS security using Qualys SSL Labs. The good news is that the service scored an A+, this is a very high score that indicates that the service will protect your data while it is in transit from your browser to its servers.
Unfortunately, however, we were completely unable to verify how data is stored on its servers and there is no mention of its website of it using encryption for emails that are at rest, or whether that encryption is performed on the fly.
PGP functionality is available within the webmail client, so users can send emails with end-to-end encryption. This will remove any fears about how emails are being stored at rest by putting full control over the contents of emails in the hands of the sender and recipient.
Unfortunately IMAP and POP are only available on the paid account, which means that you will have to stick to the web client if you do not want to pay.
Getting an account with OpenMailBox.org should be easy. However, we tried to set up a free account to get a sense of how the service works and was completely unable to get an account. Both free and paid sign up portals take you to the same page and neither will allow you to get an account right now.
This is confusing because there is no news on its Twitter about the service being down. In fact, the last few messages from the service claim it was down but is going to be back up shortly:
Admittedly, that was ten months ago, however, the website appears to be up to date and current…
Sadly, however, the sign-up process is completely broken at the moment and we were unable to start an account. We have no idea whether this is temporary or whether the service is actually now unavailable to new users. And we could not find out by contacting the firm.
We attempted to contact customer support to find out whether there is a temporary problem with the sign-up portal for OpenMailBox.org. We also wanted to know whether existing customers are able to keep using the service successfully.
Sadly, we were completely unable to get any response from the site’s developers (we tried three times). For this reason, we must presume that this service is no longer manned and should be avoided.
OpenMailBox is an email service that has received a fair amount of both criticism and praise over the years. Many consumers have complained about performance and reliability with this email service, and its current problems certainly ring alarm bells.
When it comes to privacy and security, this service is hard to trust. It is said to be open source, but we couldn't find evidence of the code having been published and it does not appear to have been audited.
It is possible that new accounts are no longer available, but that existing account can still be used. However, under the circumstances, we would recommend that existing customers jump ship to a more reliable and trustworthy service (there are cheaper services on the market that are much more transparent).
This service has no customer support, and it is possible that if you do pay to renew your existing subscription - the service might suddenly go offline and you could lose your money.