Mailbox.org is a German email service with a strong emphasis on privacy and security. Features include full inbox encryption as well as minimal logging and retention of logs.
The service is not free but starts at € 1 per month for 3 email aliases and 2 gigabytes of online storage. A side effect is that the advertisement is not used by the service.
Mailbox.org recently introduced a set of new features. The first adds support for one-time passwords to the service. These passwords only work once before they are no longer valid. Although you can always log in with your master password, using a one-time password may make sense in some situations, such as when you are using a public computer or connecting to a network. public.
One-time passwords work in conjunction with YubiKeys which we first reviewed in 2010. So, whenever you want to log into your mailbox account, you connect the USB device to the computer to do so.
This is only part of it, however. Mailbox.org has also added a four-digit PIN to the process which you need to enter to complete the process. The idea here is that the protection would be relatively weak if only the Yubikey’s one-time username and password were required. The pin adds another layer of protection to the process to improve safety.
Once the new feature is activated, you have three connection options:
- Normal authentication using the account username and password.
- Single password login or Basic authentication.
- One-time password login only.
The system can only be used with Yubikeys ordered from Mailbox.org currently. The company said in a blog post that it is working on a solution to add support for third-party Yubikeys as well.
The second change adds support for custom domains to the service. This means that you can use Mailbox.org to create email addresses using the domains you own.
You need to redirect mail server entries to Mailbox.org before you can do this, which means you need to use the service for all email addresses in that domain.
Another restriction is that all email aliases for that domain will be available under the same Mailbox.org account. If that’s not a problem, follow these steps to configure it:
- Log in to your Mailbox.org account and open settings.
- There you will find an option to add an external address under Create aliases.
- Add a new email address using the domain name you want to use.
- The system will display a security code which you will need to add to the domain’s DNS record.
- Once that is out of the way, you also need to set up the correct MX records. The reason you don’t make the change immediately is because the email will be rejected until the correct security code is set.
- The three servers you need to add are: mxext1.mailbox.org, mxext2.mailbox.org, mxext3.mailbox.org with priorities 10, 10 and 20.
Both changes make sense and improve the usability and security of the service, at least for some users. It’s no good that both features need improvements in the future to improve their appearance. The Yubikey implementation, for example, requires support for third-party Yubikey, while the custom domain feature must support multi-user email addresses for custom domains.