Get encrypted email with top-notch security

Emails are encrypted using OpenPGP (from Pretty Good Privacy), the open source gold standard for secure and speedy end-to-end encryption of email content. OpenPGP has not been cracked since its introduction, meaning it is considered completely secure. Encrypted communication provides the greatest level of security and makes the sender, recipient, subject (metadata) and content inaccessible to unauthorized parties.

PGP email encryption uses two interdependent keys for encryption and decryption – one public and one private. The public key is sent to the communication partner, ‘locking‘ their message so that only the person with the private key can decrypt it – which is why the private key should remain secret. This principle of complementary keys ensures the highest level of security.

OpenPGP email is a globally recognized encryption procedure and is therefore ideal for encrypted communication across countries and systems. Other encryption processes only offer one-way communication within the respective encryption program and are often not transparent in terms of security and functionality. OpenPGP, on the other hand, has made its procedure and functionality known in a comprehensive manner.

By disclosing how the process works and the source code behind it, GMX encryption is made transparent. It is also audited by external security experts. All this guarantees the security of the procedure – even with better usability.

Because only browser-based encryption enables true end-to-end encryption, GMX has deliberately opted for this type of procedure. Encryption takes place directly on the user’s computer and not on the provider’s end. The partnership with Mailvelope has also ensured that encryption technology and user data always remain separate.

The Mailvelope browser extension offers further security options. The graphical security background, displayed during all stages of encrypted communication, can be individually customized. This allows users to check to make sure the window has not been manipulated. Another security feature is Mailvelope’s security protocol, which can be viewed via the settings. This logs all of the user’s actions with the browser extension. The 'OK' displayed in the browser extension informs the user when they are accessing the extension via the security window.

Yes, email attachments like pictures and other files are also encrypted with OpenPGP.

Mailvelope creates and manages the keys and stores them locally in the device’s browser extension. Access from outside the computer is not possible.

No. Browser-based storage means that all important data is stored by the user. Neither government agencies, nor GMX, nor Mailvelope have access to the encrypted email content. Even court decisions on data delivery will remain ineffective because of this.

No. Decryption only makes the content temporarily and locally visible on a device, and must take place every time the email is opened.

Encrypted communication complements transport encryption and offers protection even if the email leaves the secure email made within the European network. Even if emails are sent abroad, and to email providers with weaker data protection regulations and without encrypted connection paths, complete data protection can be ensured because only the authorized recipient will be able to decrypt the message.

Browser-based encryption ensures that the encryption takes place locally on the user’s computer and not in the provider’s infrastructure, unlike the server-side method. The cooperation with Mailvelope also ensures that all security-relevant data such as keys or associated passwords are outside GMX’s sphere of influence. This guarantees the separation of encryption technology and user data.

OpenPGP is an encryption standard used worldwide that is compatible with different systems and provides the highest level of security. Transparency and long-term security are ensured through the disclosure of the source code and functionality of encrypted communication, as well as through monitoring by external security service providers.

Yes, the encrypted email process was checked by external security service providers.

Use the PGP check number (or ‘fingerprint‘) to be sure that a key actually belongs to the specified sender. When you confirm a new contact for encrypted communication, an 'i' will appear next to their email address. Clicking on the 'i' will display your contact’s fingerprint. To make sure that it actually belongs to the specified sender, have your contact confirm it in person or over the phone.

GMX signs all keys stored in the key directory with its public key to guarantee their authenticity. To check whether a key has been signed by GMX, import the GMX key in the Mailvelope browser extension options. The corresponding fingerprint is: C394 C011 0A17 0954 47F1 5F0D 1DA4 1713 9553.

All encrypted messages are digitally signed by the sender by default. The signature states that the email originates from the specified sender and that the content has not been manipulated during transmission. You can check whether a signature is valid in the lower left-hand area of an encrypted email.

Yes, encrypted communication is also possible with other email providers, as long as they also use OpenPGP.

Encrypted emails that you have received can be found as usual in your mailbox – encrypted emails sent by you can be found in the 'Sent' folder. Encrypted emails are marked with a lock icon for easy differentiation.

You will be able to tell if you’re reading or writing an encrypted email thanks to its colorful background. This background can be customized to make it your own. The 'OK' displayed in the browser extension indicates when you are accessing the extension via the security window. For more information, please visit our help page about receiving and reading encrypted email.

Yes, this is possible with no problem. However, please note that copied content is decrypted in the cache. The decrypted content can therefore still be retrieved after having logged out if the cache has not been emptied or overwritten.

Yes, as long as encrypted communication has been set up with the destination mailbox. If the target mailbox is an email provider other than GMX, the encrypted communication may not be offered or the setup process may be more complicated.

After setup, your public key is stored by default in the GMX Key Directory to simplify communication. When you enter your recipient address, this is automatically detected and your public key is made available to the sender. If you do not want your keys to be stored in the Key Directory, you can revoke your consent in the mailbox 'Settings' under 'Encryption' > 'Privacy'.