Posteo has a backdoor to bypass users 2FA
2FA only applies to the web interface. If you enable 2FA it is still not enabled on mobile devices. This means that Posteo has a way to bypass your 2FA that they utilize to remove 2FA when you visit using a mobile device. Posteo’s implementation of 2FA doesn’t offer very much added security.
Posteo’s code is troubling
Posteo does not have a traditional spam filter. They scan your incoming emails and they decide if it is spam or not for you. If they think it’s spam then Posteo will reject it and notify the sender. If Posteo thinks it is not spam then they send it into your inbox. They feel you should review all your emails so they dont allow you to sort incoming emails to a spam folder. If you use Posteo as your primary email you’ll eventually end up with pages of spam emails in your inbox to go through each day.
Posteo does not use “Zero-Knowledge Password” technology. This means that they know your username and password and they can log into your account using your login information. This also means that if Posteo is hacked then the attacker will be able to log into your account and decrypt all your data. If a court order is issued Posteo is able to give law enforcement your username and password allowing everything to be decrypted.
Posteo does not have SRI enabled. This means that an attacker can inject malicious scripts revealing the user’s username/password. They encrypt metadata but it’s done in a way that Posteo has access to it. They claim that they provide anonymous payment processing with their unique payment implementation. This is a smart implementation that protects users if Posteo get’s hacked and all users data is stolen. However, Posteo can connect accounts with users payments.
Posteo’s Users Do Not Like Posteo
Some users report that the user interface is painful and ugly. Posteo uses free software called Mailvelope in the web interface, which is running Roundcube. Since they use someone else’s free webmail this means that the painful and ugly appearance that bother their users will likely never be upgraded. Posteo users have reported the email service does not always work on weekends and when it does work it is very slow.
Other Issues With Posteo
Posteo does not support custom domains, cryptocurrencies or provide an onion address. What Posteo has done is taken freely available software and cleverly marketed it to users for $1/month. A user could create their own