

Free secure email with unlimited space - TuxLyn
https://xfsmail.com/register.html

======
brongondwana
Meh - no TLS on oubound email, no DKIM, no SPF.

Received: from mail.xfsmail.com (MAIL.XFSMAIL.com [46.32.252.200]) by
mx1.messagingengine.com (Postfix) with ESMTP id 68701F20E80

X-Spam-hits: BAYES_80 2, HTML_MESSAGE 0.001, RP_MATCHES_RCVD -0.473, LANGUAGES
unknown, BAYES_USED user, SA_VERSION 3.3.2

At least it used TLS on the return email:

Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com
[66.111.4.28]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No
client certificate requested) by mail.xfsmail.com (Postfix) with ESMTPS id
348821446D7

And noticed the DKIM and SPF on my email:

X-Spam-Status: No, score=-2 tagged_above=-999 required=6.31
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham

\----

It didn't send me an SMS after signup, or appear to have any method to stop a
botnet signing up few thousand accounts and going on a spamming run. It
happens to us all.

I do wonder how they are planning to fund their hobby if it gets popular.

(disclaimer, I've worked for FastMail for nearly 10 years - I have a decent
idea what goes into running an email service)

~~~
TuxLyn
Thank you for doing this test. I've contacted XFSmail about this. Hopefually
they can fix this issues.

------
joelrunyon
At this point, I'm not really sure I can trust the "free" services, as there's
always a "catch" or changes in TOS down the road when they want/need to make
money.

I'm moving my main email to fastmail [1]. It's worth $10/year to not get ads
shoved in my face or wonder who owns my data.

[1] [http://fastmail.fm](http://fastmail.fm)

------
eps
Physical address points at a virtual office company. No About page, want
personal details, offer a free deal that too good... Sold!

------
bdfh42
Question is - who do you trust?

How many national spy agencies are currently planning to roll out "free" email
services sold on being secure?

Much safer to assume that every such service has been compromised and keep
your private messages private. I suppose the "bad guys" have plans of their
own but historical events have shown that they do not in fact have to be all
that careful as there is so much "noise" out there.

------
TuxLyn
They use 256-bit with TLS 1.0 and support IMAPS, POP3S and SMTP which you can
use with Thunderbird and also RoundCube web mail. Tested it my self works very
well ^_^ In fact I found it better working for me then some premium services
like HushMail.com or free service like Safe-Mail.net I'm very happy to find
something that finaly just work without too many registration questions or
phone activation.

------
jlgaddis
I'm being pedantic but encrypted != secure, of course.

~~~
beachwood23
Of course it doesn't. This email service doesn't do anything that other email
services don't offer

------
bjoernd
They are virus-scanning and spam-filtering my email. So they at least have the
ability to read all my email. Doesn't sound secure to me.

~~~
fredgrott
every server passing email to the next server in the hop has the same
problem..

The security is what controls exist not only in the severs between you and
your email provider but also what controls are in place with the email
provider.

~~~
bjoernd
True. That's why you should use end-to-end encryption for your mail.

There's a reason I'm sceptical about these things: over here in Germany, the
government is trying to establish a nation-wide email service (DE-mail) that
is supposed to be so secure that you can even use it for government
interaction such as filing your taxes. They even argue that they are using
encryption to protect your mail. However, they explicitly say that encryption
of course only happens between servers and that your email can of course be
read on the servers, making all security useless.

This might not be the same as xfsmail, but it doesn't feel secure to me. In
general I'm less worried about some random attacker trying to hack into the
providers' servers than into provider employees reading my email.

