vmail.me - SSL webmail service

Discussion in 'other software & services' started by luciddream, Aug 6, 2012.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

  2. NGRhodes

    NGRhodes Registered Member

    why is it recommended ?
  3. luciddream

    luciddream Registered Member

    ... because I said so.

    really, It encrypts your emails with no need to use a client like Outlook/Thunderbird and thumb through settings to accomplish the same, and have the client sucking up resources real-time as well. Easier/less bulky to use.

    Most webmail services, like GMail & AIM won't do this, and are susceptible to that MITM. It's encrypted when you sign in, but then you'll see that goes away once you're in there.

    Though I guess I can't say with vmail it's "end to end" since that relies on the receiver holding down their end as well.
  4. NGRhodes

    NGRhodes Registered Member

    Thunderbird sets up secure connections to Gmail by default using its new account wizard.
    Browser or mail client, they will both be sucking up resources.

    "Gmail is set to use the 'Always use https' setting by default"

    It can't do unless you provide them with a valid decryption key, e.g. using gpg or a direct SSL connection.
  5. hugsy

    hugsy Registered Member

    I had problems sending from gmx.com to vmail.me. Other way works fine.
  6. luciddream

    luciddream Registered Member

    Yeah, but the thinking is you'll have the browser open doing stuff already, so nothing extra added. Then when you're done, it's closed, whereas that client keeps running in the background using up resources all the time. But then again I'm not perpetually expecting emails. If your job depends on replying quickly to them... then it's the only way to go. Depends on your needs.

    Gmail... I just don't trust anything Google, period.

    There are other good privacy related things about vmail too. One can read about it all on the homepage. All traces of logs deleted within 3 months... that's something you won't get with a Google product. In fact I doubt they ever delete any piece of info. they ever obtain about you. No info. shared with 3'rd parties/no targeted adds (likewise, something you won't get elsewhere). Less header information (no IP). A virtual keyboard to login.

    The most private/anonymous webmail service there is, probably. And I figured such a thing would be welcome info. in a place like this.
  7. Wroll

    Wroll Registered Member

    How do they earn money?
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Not true at all, I'd argue Gmail from a security standpoint is more secure than most online banking websites. It enables SSL/TLS by default, and deploys two-factor auth for clients using their webmail interface. As SSL/TLS is enabled by default, unless you are spoofing their certificates there is no MITM possible.

    Google stores identifiable user data for 9 months. Email and profile data is scrubbed 60 days after deletion of account. Also why 3 months? Most privacy based webmail systems will scrub as soon as possible and only log system level information.

    I do not agree. I still have not been able to ascertain how they fund themselves if they do not share information. Also from their website

     Our privacy policy is being drafted.
  9. luciddream

    luciddream Registered Member

    Okay scratch GMail as far as the SSL goes. I know it applies to AIM and most webmail though.

    Not sure how they make money, or "if" they do. I know registration is very limited. For a month straight (about) no one was able to create an account. So that's a sign of very limited resources/servers. I'd be more suspicious if this wasn't the case.

    Google, on the other hand, has already proven (time and time again) that they cannot be trusted with people's information.
  10. luciddream

    luciddream Registered Member

    A lot of companies don't earn much (if any) money when they first start up. They depend on getting a good company model out there first. Then when they gain more users/interest, you'll see them start with the adds... though perhaps not of the targeted variety in this case. Or the developers could have another cash crop/money maker, and this is just like a hobby project for them.

    I wouldn't doubt that this is the case here. Due to what I pointed out about the very limited server space, and until I see evidence otherwise, they get the benefit of the doubt from me at this point.

    Google on the other hand... that ship has sailed long ago. I don't understand how anyone in a place like this would use any of their products given their track record of abusing users info./privacy.
    Last edited: Aug 8, 2012
  11. shuverisan

    shuverisan Registered Member

    Just spotted this thread. I was playing with vmail for a few weeks for a writeup so I'll add a few things.

    -no ip addresses in headers (webmail AND smtp)
    -no client user agent in headers
    -logs purged after 3 months
    -light and attractive interface
    -allows their smtp to be used with non-vmail sender domains so for ex., you can send mail using vmail's smtp but receive using yahoo's imap/pop.
    -default ssl connection (but mail is not stored encrypted on their server, it's not end to end encryption).

    -webmail interface is still VERY basic.
    -logs purged after 3 months
    -reliability. vmail is down surprisingly often. The site is down as of now and all of yesterday I was getting mail-undeliverable rejections due to a missing spam file in their /etc directory. o_O Last week there was a full 24 hours when I got nothing but 502 when trying to log on.

    I contacted them about their privacy policy and funding (2 separate emails) and the next day received a response that they're trying to work all the bugs out before drafting a privacy policy. I haven't heard anything about how they support themselves. Maybe when they're back online?
  12. luciddream

    luciddream Registered Member

    Yeah it is down right now, but this is the first I've ever seen it be. I think they're basically in beta phase of operations right now. Server capacity seems very limited and they seem to be still working out details/bugs. They don't even have their privacy policy fleshed out completely yet.

    Probably not a good idea to rely (solely) on them right now. But I say give them some time to iron this stuff out, and it's a good service going forward. I think I'll keep using my ISP's webmail mainly and keep my vmail accts. on standby.

    I would use GMail if it wasn't Google. I love the features & the encryption/tech implemented. I feel the same way about Chrome. I love the built-in security it offers via privileges/restrictions, and tabbed sandboxing... but I just don't trust Google.
  13. Snowden

    Snowden Registered Member

    I've noticed their stability has improved since the migration to roundcube. But, I now have to go to vmail.me/webmail in order to login. Clicking login on their main site gives me a password error.

    But, yeah, it bothers me as well that they don't have a privacy policy.
Thread Status:
Not open for further replies.