VFEmail has been asked many question recently regarding Privacy and Security. This FAQ will be updated as new questions are asked and answered.
VFEmail does not require any sort of identity verification for our accounts. You can even pay by Money Order (for Bronze accounts).
We also provide accounts that will mask your sending IP Address. PGP is another feature provided by VFEmail to encrypt your communication. Our interface is easy to use, and is intended as a stop-gap measure.
We've also introduced the Metadata Mitigator™! This feature creates a new 'envelope sender' for every email you send - mitigating the metadata capturing that has become so prevalent. The 'envelope sender' is not your regular From address, but is primarily used during delivery, and is the data that get's logged on each server your email passes through.
Think of email in the same fashion as sending a package via UPS. The message you compose is a 'Proper' letter, formatted like a busines letter with the Sender and Recipient at the top, and the body of the letter below. That letter is then enclosed in a box, or envelope, where the Sender and Recipient are also written on the outside. When you box is sent, each sorting facility see's who the box is from and to, and processes it along it's way - One can look up a UPS tracking number, and see every facility where the box was processed.
Email works the same way. Instead of sorting facilities, you have servers. Each server records the processing of the email. The 'envelope sender' and 'envelope recipeint', the names on the outside of the box, are the pieces of data that are recorded. By automatically creating a unique 'envelope sender' for every email, the privacy invading recording of that information is mitigated. It's still recorded, but is now meaningless for cataloging and 'degree of separation' processing.
VFEmail's implementation is different from one-time use email addresses in that your From address on the letter itself is not changed. When the recipeint reads their email, everything appears normally. Only the processing servers see a different 'sender'. If there is a delivery error, VFEmail is designed to still be able to route that message back to you. If you want a one-time use address, see 'Aliases' in the FAQ.
PGP is a good solution, but using the Webmail interface for PGP stores your private key on the server, and requires you to send your key password to VFEmail. That subjects your encryption key to interception by a third party.
It protects from interception during transmission, but not from capture at either end.
Not specifically, though VFEmail supports US government data request efforts when in compliance with Federal Law. Based on previous experience, unless you're the target of the investigation, your information is specifically NOT WANTED by the government. VFEmail strives to maintain a secure infrastructure, but it's always possible an interested 3rd party were to illegally gain access to our servers. In that case, you don't want your encryption methods stored on the server. This is also what makes server-based mailbox encryption useless.
Any service that claims to not have acccess to the data you are storing on it is either lying or incompetent. It may not be as easy as opening a folder or doing an 'ls', but it can be done.
'Company Policy' does not apply here. If you're given a legal request, you must comply unless the request is illegal, or you are physically unable to. Read on to find out why the latter will likely never apply.
VFEmail will, on occasion, run a process to remove known phising emails from user's INBOXes in order to protect our users. That process doesn't scan every single mailbox, it uses specific log data to determine who received those emails, then scans those mailboxes to remove the dangerous content- much like specific virus removal software.
It's not. The minute you send your password (your key), they can intercept it and use it themselves.
Look at it this way - You buy a safe deposit box at the bank. How do you access it? You walk into the vault with your key and a bank authority who has a key. They unlock the outside, you unlock your specific box. That's secure. What those online services do is equivalent to giving your key to the teller, and waiting in the lobby for them to bring your stuff out. Lavabit and Mega have solutions which are equivalent to forcing the teller to complete an obstable course between the vault and you, but the end result is the same.
It's not the BEST solution, but it does require a password even after the mailbox has been opened. In addition, due to the extra complexity of how PGP works, I would rather users become familiar with it via Webmail, than download an external PGP program, get confused/frustrated and give up entirely. Once users are comfortable with the Webmail interface, hopefully they'll download their keys and use it locally.
No - but we are now offering mailbox storage on a server in the Netherlands. VFEmail has been operating for over 12 years, and has received subpoenas over that time. NONE of them have ever requested full system access. The most 'invasive' was equivalent to a phone wiretap. Even in that case, VFEmail had to provide assurances that no data other than the target of the investigation would be included. In addition, there is a time limit assigned to the request, and it must be renewed - and approved by a judge. The government doesn't WANT your data - it's illegal and can destroy an entire case. Imagine you're a painter and after a year or more of working on your masterpiece, your told it has to be thrown away because you had too many tools and resources available to you, even though they weren't used. That's what defense lawyers do when US citizens' data is captured illegally or without a proper paper trail.
Most of the below information is not consolidated anywhere else.
Standard procedure. You don't want your target knowing your monitoring their communications. Besides, Snowden may not be the only one under investigation.
Remember back in school when you told your friend you like that girl/guy? Even if they didn't find out, everyone else knew.
Unfortunately, yes. While VFEmail had, and still has, a backup plan, the backup server was being rebuilt when the primary began to fail. Even though we were able to 'hack' the backup server back into service, some data was unfortunately unrecoverable.
This may be where Lavabit may have been a little shortsighted - VFEmail migrated to a ZFS based filesystem many years ago, which allows for easy data replication. Many services still use plain old ext3/ext4 filesystem, and running a 'plain' backup is not efficient or effective for hundreds of thousands of mailboxes. We've actually upgraded mailstore servers at least 3 times, with less than a minute of downtime each time. Backup is not only running, but now runs offsite in case of a disaster.
I know of a recent reboot of a hosted Zimbra system, those users had no access for around 8 hours simply because the ext3/4 filesystem ran an fsck on boot because it hadn't done so for a year. Sometimes even great systems have subpar foundations, or implementations.
There are a few things that can be done to minimize your personal exposure. SMTP is over 20 years old, nothing below is groundbreaking.
We do not suggest encrypting all of your email. Why? There are many features of email that would not be available to users if email were entirely encrypted such as:
Personally, I think if everyone ran a fully encrypted email client/service, Spam would be rampant. There's so much going on on the serverside to combat Spam, I just don't think email clients could cope. At this point, it's best to selectively encrypt email, and keep the majority of your email unencrypted.
We do understand some users may still want to encrypt 100% of their email. To support those users, we're considering adding an option to reject any non-PGP email. Please contact firstname.lastname@example.org if you're interested in this feature.