OpenMailBox.org how much does it cost?
OpenMailBox is a cloud services provider that promises to give its users' privacy by leaving their data alone. Users can opt to get either a free account with 5 GB of storage space or a premium paid account with 500 GB of storage for 4.99 Euros per month (the equivalent of $5.80).
There can be no doubt that 5 GB of storage space is extremely generous for free. However, it is worth noting that since the developers of OpenMailBox decided to change the firm from a non-profit organization to a Limited company - the number of features available in the free service has shrunk.
Thus anyone who wants access to features like IMAP/POP/SMTP, custom domain hosting, and unlimited contacts, will need to pay for the full version. On the other hand, if you are happy to access your emails via the firm’s webmail client - this service might be worth considering.
Features
Below you will find the full list of features available with a paid account. However, it is worth noting that the free service is a massively stripped back version with only the bare essentials.
- Cloud storage
- IMAP/POP/SMTP
- Unlimited contacts
- Unlimited calendar events
- Custom domains
- No ads
- Webmail platform
- Two-factor authentication
Privacy
OpenMailBox.org is based in France which raises some concerns when it comes to privacy. The nation is part of the greater Nine Eyes surveillance treaty and it has passed a number of surveillance laws that permit government snoops to access communications data without the need for a warrant.
The OpenMailBox website claims that all customer data is stored on servers in “privacy respectful countries.” However, it is not particularly transparent about where those servers are. The service is also rather lacking in any actual technical information regarding how customer data is secured.
We decided to check out the Terms of Service (ToS), because there was no privacy policy document anywhere on its website. The ToS make it clear that OpenMailBox services are indeed subject to French laws, this somewhat calls into question the claims made on its home page. We consider France to be an invasive jurisdiction for a privacy service to be based in; one of the worst in Europe (and comparable in terms of nasty surveillance habits to the US and the UK).
The extremely minimal ToS document does not detail what data may or may not be collected about consumers. Thus while on its home page, it claims that: “Your privacy is respected and your personal data is not used for commercial purposes. Your right, our duty,” it is very hard to verify this due to the lack of a transparent legal privacy policy.
There is no GDPR compliant privacy policy anywhere on its website, and it is hard to ascertain whether the firm amasses any data from users; including in regard to payment processing information. This is a letdown for a service marketed as a privacy service.
Under the circumstances you are left to trust the firm, and, we see no real reason to trust it considering the somewhat deceptive statements on its home page.
The ToS explicitly forbids users from using the service to “send unsolicited, bulk or libellous messages or messages with the purpose of promoting illegal activities or intended to be harmful or destructive, to breach privacy or intellectual property rights, or which contain abusive, fraudulent, language or any other type of content prohibited by law.” While not explicitly stated, one can only presume that if the firm is presented with a warrant it will comply with law enforcement if it is believed that one of those illegal activities has been carried out by a subscriber. In fact, the firm reminds users that they could be liable:
“We do not filter or censor the content that you send or receive via our services, and therefore, we cannot be held responsible for the distribution thereof. The account provided to you belongs to you and you are fully responsible for it; it must not be shared, sold or made available to any third party under any circumstances; otherwise, you may be held liable.”
Security
OpenMailBox.org claims to run on a completely open-source (freemium) software, and it does appear to be some sort of Unix virtual mail solution implemented with RoundCube.
However, we were unable to find any evidence of the code for OpenMailBox published online (we couldn’t even find it on Github), and it does not appear to have been audited to check whether it is actually secure.
Thus any claims made by its developer Pierre Barre must be taken with a pinch of salt. For all we currently know it could be completely insecure or full of backdoors.
All data that passes from your browser to the webmail portal is protected with HTTPS encryption, and we checked its TLS security using Qualys SSL Labs. The good news is that the service scored an A+, this is a very high score that indicates that the service will protect your data while it is in transit from your browser to its servers.
Unfortunately, however, we were completely unable to verify how data is stored on its servers and there is no mention of its website of it using encryption for emails that are at rest, or whether that encryption is performed on the fly.
PGP functionality is available within the webmail client, so users can send emails with end-to-end encryption. This will remove any fears about how emails are being stored at rest by putting full control over the contents of emails in the hands of the sender and recipient.
It is worth noting that because the webmail client is browser-based, it does suffer from vulnerabilities caused by the way that JavaScript code interacts with your browser. This means that it is possible for users to fall victim to a man in the middle attack that forces keys on them. As a result, it will be necessary to use this email service with a stand-alone third-party email client such as Thunderbird in order to use the email service securely.
Unfortunately IMAP and POP are only available on the paid account, which means that you will have to stick to the web client if you do not want to pay.
Setup
Getting an account with OpenMailBox.org should be easy. However, we tried to set up a free account to get a sense of how the service works and was completely unable to get an account. Both free and paid sign up portals take you to the same page and neither will allow you to get an account right now.
This is confusing because there is no news on its Twitter about the service being down. In fact, the last few messages from the service claim it was down but is going to be back up shortly:
Admittedly, that was ten months ago, however, the website appears to be up to date and current…
Sadly, however, the sign-up process is completely broken at the moment and we were unable to start an account. We have no idea whether this is temporary or whether the service is actually now unavailable to new users. And we could not find out by contacting the firm.
Customer support
We attempted to contact customer support to find out whether there is a temporary problem with the sign-up portal for OpenMailBox.org. We also wanted to know whether existing customers are able to keep using the service successfully.
Sadly, we were completely unable to get any response from the site’s developers (we tried three times). For this reason, we must presume that this service is no longer manned and should be avoided.
Conclusion
OpenMailBox is an email service that has received a fair amount of both criticism and praise over the years. Many consumers have complained about performance and reliability with this email service, and its current problems certainly ring alarm bells.
When it comes to privacy and security, this service is hard to trust. It is said to be open source, but we couldn't find evidence of the code having been published and it does not appear to have been audited.
What’s more, the lack of a proper GDPR compliant privacy policy leaves you having to trust the email developers claims. And its base in France is far from ideal, especially if this is where it stores user emails.
It is possible that new accounts are no longer available, but that existing account can still be used. However, under the circumstances, we would recommend that existing customers jump ship to a more reliable and trustworthy service (there are cheaper services on the market that are much more transparent).
This service has no customer support, and it is possible that if you do pay to renew your existing subscription - the service might suddenly go offline and you could lose your money.