Posteo Review

Julie Cole
Julie Cole | Contributing Writer
Last updated: December 4, 2020
Posteo review
Disclaimer: Affiliate links help us produce good content. Learn more.

Security was not a concern for the people who developed email. As such, there are flaws to the system that persists to this day and make it an incredibly easy target for hackers and surveillance teams alike (not to mention Google, who actively sell off their users’ email contents to turn a profit).

Posteo is one of many services that claim to provide a private and secure approach to email. As such, we’re going to hold it up to the light and see whether these claims can be trusted.

What is Posteo?

Posteo is a German-based email provider built by husband-and-wife team Patrik and Sabrina Löhr. It is a subscription-based service that aims to offer a truly private email experience, and it is now in its tenth year of operation.

The Löhrs were able to demonstrate their commitment to user privacy in an altercation with the police. In summer 2013, Bavarian officials issued a warrant for Posteo to turn over information about an account holder who was using the service for illegal means.

Instead of surrendering to police intimidation, however, the Löhrs stuck to their guns and took their battle to court. (The warrant, it turned out, did not grant access to their full office.)

It was a relatively high-profile case in Germany at the time, and such an active defense against law enforcement is commendable in terms of staying true to one’s mission statement.

Dedicated though they may be, though, is their software any good? Our Posteo review now take a closer look at how it all works to see how it fares under scrutiny.

Posteo features

Posteo earns all its revenue through its monthly subscription charge of 1.00 per month. This means that it has no use for ads, and there will thus be no ads cluttering up your inbox.

As with Gmail, Posteo allows users to send attachments up to 50 MB in size, and its total inbox storage is 2 GB. You can also pay an extra €0.25 if you want to upgrade that to 20 GB.

Unlike many decentralized email providers, Posteo also has calendar and address book functions, and these can be safeguarded at the click of a button using an AES encryption cipher. (In fact, all of your saved data can be encrypted using the same technology if you wish.)

Posteo supports IMAP, which allows you to synchronize your emails to your mobile device. This makes up for a lack of custom Android or iOS app for Posteo, although that certainly remains a drawback in its own right.

Most importantly, Posteo supports end-to-end encryption (E2EE), which is the gold standard for email communications.

How does Posteo work?

Posteo’s E2EE works in the traditional method, wherein a secret key is shared between contacts – usually communicated outside the main email service – that is used to encrypt and then decrypt the cleartext within the email.

In other words, it’s like a password that prevents man-in-the-middle attacks, eavesdropping, or any other form of interception.

The service is engineered to prioritize privacy above all else. Unlike many other subscription services (even VPN providers), it doesn’t even log your payment details or the IP address you’ve used to visit the site, meaning that it fool-proofs your information against any possible data seizures

However, while it does not log your own IP address, it will log the IP address of anyone you’re sending an email to if they aren’t using Posteo.

According to its privacy policy, though, these logs are stored to identify any technical corruptions on its servers, and they are then deleted after seven days.

Is Posteo secure?

On paper at least, Posteo is incredibly secure. E2EE is a tough nut to crack, especially when it’s backed up by AES encryption, which is the same cipher (though possibly not the same model) used by the US government.

What’s more, users may enable two-factor authentication at the access point, meaning that if anyone were to get into their Posteo account – even physically getting hold of the device it’s on – then there is still a massive roadblock in the way of accessing the emails.

One issue with the E2EE method used by Posteo, however, is that it does not use the Diffie–Hellman key exchange, which is an algorithm that randomly creates a passphrase for encrypted emails that is deleted shortly thereafter.

Of course, this is more time-consuming for anyone, but in terms of email security, it’s as good as it gets.

The only major quibble we noticed is that the company is registered in Germany, a 14 Eyes member state whose intelligence agency, the Bundesnachrichtendienst (BND), frequently co-operates with the NSA and GCHQ. This, of course, is a major security risk.

Is Posteo anonymous?

At the start of this article, we mentioned the Löhrs’ refusal to surrender Posteo information to the authorities. In the years since, Posteo has received dozens of further requests by the BND, only some of which have been granted.

The ones that were granted, however, only provided information on user access times, which gives the authorities very little to work with.

Posteo’s transparency report concedes that some mailboxes were affected by telecommunications surveillance by the BND, but also that these actions were reversed when the Löhrs sought legal action against the authorities.

Indeed, Posteo’s privacy features are impressive in general. As all your metadata is encrypted (which also stumped the BND), there is little chance of your privacy being compromised in such a way.

That they do not store your IP address also makes it much harder to lose any of your personally identifiable information to the BND or any other legal bodies.

Possibly the best thing in terms of Posteo’s privacy credentials is that you can actually hand-deliver your annual subscription fee to the Posteo office in Berlin.

Of course, this means you can make your payments without a paper trail, therefore keeping your identity as anonymous as possible.


Throughout our Posteo review, we have been deeply impressed with this email provider that, for just €1.00 per month, gives you some truly powerful encryption software to work with.

We love the developers’ grand gestures of publicly denying law enforcement and seeking legal action, as well as their smaller gestures such as inviting users into their office to pay anonymously.

As such, this appears to be a mostly great secure email provider that we’re confident that you should be able to trust.

Leave a Reply

Your email address will not be published.

  1. John Public

    They are terminating my subscription for absolutely no reason and have not responded to requests as to why they have done so. (In fact they rarely respond to ANY requests for info). They effectively kept my money. AVOID THIS SERVICE.

    1. Tommo

      I have been using this service for 9 years. When I ask I question I get a real reply from real people. My bet is your subscription payment went astray or you have an ulterior reason for giving posteo a poor rating

  2. Jacques

    There is the theory the “features” and in practice what something is. Do you want your email flooded with spam in the sytle of “Beautiful Ukrainian lady wants to meet you”? Their spam filter which in theory is “trained by such messages” simply do NOT work. These emails may contain embedded viruses. They would be rapidly identify in services like gmail or outlook. For this reason unless you want to meet fake Eastern European ladies I cannot recommend. A security threat for sure.

    1. avatar
      Julie Cole Author

      Hi there Jacques,

      Thanks for your comments. Here, we consider it a balancing act. Some of the features, like spam blocking, may not be the most effective, but we feel that its security and encryption abilities are really worth investing in. Thanks again for reading!

      1. Carl

        I have used for half a decade and have absolutely no spam in my inbox. I did have one issue years ago where they would not deliver non-spam mails from a NZ provider and I had to go to a different provider in order to receive those mails since they do not have a whitelist-feature.

        Other than that spam is absolutely no issue. You will forget what it was like

  3. wasp77

    You also get 2 email aliases on top of [email protected] (more for an extra fee) – where you can select from a long list of other top level domains aside from .de and .net.
    That and you can also use [email protected]

    They also support connecting remotely from both starttls and ssl/tls.

    Or you could turn remote connections off completely and just do the web-ui if you want.

  4. Shan87

    For as low as €12.00 a year, I’d be more than happy to pay for my email, especially when the security system is so up-to-date.

  5. Signofv

    It’s very interesting that you have the option of hand-delivering your annual payment to Posteo. I have yet to hear about something like this for such a service. Considering it’s so cheap this service is a no-brainer if you ask me.

  6. Toni Salinas Valles

    I didn’t know email was such a problem. I don’t mind paying for email if it’s as secure as Posteo sounds. I think it will be a good addition to my VPN and other security measures. Another reason why VPNPRO always is the place to go for reliable information about cybersecurity and related news.

Table of Contents:
Thanks for your opinion!
Your comment will be checked for spam and approved as soon as possible.