all-in-one privacy solution":["Proton Unlimited es una solución de privacidad todo en uno"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Sin anuncios. Privacidad por defecto."],"People before profits":["Primero las personas, luego los beneficios"],"Security through transparency":["Seguridad con transparencia"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Las mejores ofertas de Proton Mail en el ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["El único servicio de correo electrónico del mundo respaldado por la comunidad"]},"specialoffer:limited":{"${ hours } hour":["${ hours } hora","${ hours } horas"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Tiempo restante: ${ hoursLeft }, ${ minutesLeft } y ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuto","${ minutes } minutos"],"${ seconds } second":["${ seconds } segundo","${ seconds } segundos"],"Limited time offer":["Oferta por tiempo limitado"]},"specialoffer:listitem":{"Create multiple addresses":["Cree múltiples direcciones"],"Hide-my-email aliases":["Seudónimos de hide-my-email"],"Quickly unsubscribe from newsletters":["Cancele suscripciones a boletines rápidamente"],"Use your own domain name":["Use su propio dominio"]},"specialoffer:logos":{"As featured in":["Tal como aparece en"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Obtenga un correo electrónico cifrado que protege su privacidad"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Oferta de Black Friday de Proton Mail: hasta un 40% de descuento"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Aproveche las rebajas de Black Friday y obtenga suscripciones de Proton Mail con hasta un 40 % de descuento. Encontrará las mejores ofertas en planes de correo electrónico seguro cifrado de extremo a extremo."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Rebajas de Black Friday en Proton Mail | Hasta un 40 % de descuento en correo electrónico seguro"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["*Con un costo de ${ TOTAL_SUM } durante el primer año"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Con un costo de ${ TOTAL_SUM } durante los primeros 2 años"],"30-day money-back guarantee":["Garantía de devolución de dinero de 30 días"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Con un costo de ${ TOTAL_SUM } durante los primeros 2 años"],"Billed at ${ TOTAL_SUM } for the first year":["Con un costo de ${ TOTAL_SUM } durante el primer año"],"You save ${ SAVE_SUM }":["Ahorre ${ SAVE_SUM }"]},"specialoffer:off":{"${ DISCOUNT } off":["-${ DISCOUNT }"],"${ PERCENT_OFF } off":["-${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Amo mi Proton Mail"],"My favorite email service":["Mi servicio de correo electrónico favorito"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Gracias Proton por mantenernos a salvo en el complicado universo de Internet."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Obtiene aquello por lo que paga. En el caso de la gran tecnología, cuando uno no paga nada, se acostumbra. Dejé de usar Gmail y cambié a @ProtonMail"]},"specialoffer:time":{"Days":["Días"],"Hours":["Horas"],"Min":["min"]},"specialoffer:title":{"And much more":["Y mucho más"],"Make your inbox yours":["Personalice su bandeja de entrada"],"Safe from trackers":["A salvo de rastreadores"],"Stay organized":["Mantenga el orden"],"Black Friday email deals":["Ofertas en correo electrónico del Black Friday"],"Don’t just take our word for it":["No confíe solo en nuestra palabra"],"Our story":["Nuestra historia"],"Transfer your data from Google in one click":["Transfiera sus datos de Google con un solo clic"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Acceda a contenido bloqueado y navegue de forma privada. Incluye ${ TOTAL_SERVERS } servidores en más de ${ TOTAL_COUNTRIES } países, conecta hasta 10 dispositivos, acceda a servicios de transmisión en todo el mundo, malware y bloqueador de anuncios, y más."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Comparta su calendario con familiares, amigos y compañeros fácilmente y consulte calendarios externos."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Incluye compatibilidad con 1 dominio de correo electrónico personalizado, 10 direcciones de correo electrónico, 10 seudónimos de hide-my-email, posibilidad de compartir calendario, etc."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Incluye compatibilidad con 3 dominios de correo electrónico personalizado, 15 direcciones de correo electrónico, seudónimos ilimitados de hide-my-email, posibilidad de compartir calendario, etc."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Administre hasta 25 calendarios, apps móviles, protegido con cifrado de extremo a extremo, importación de calendario con 1 clic desde Google y más."]},"Status banner":{"Learn more":["Más información"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Tenga en cuenta que, en este momento, estamos experimentando problemas con el servicio ${ issues[0] }."],"We are experiencing issues with one or more services at the moment.":["En este momento, tenemos problemas con uno o más servicios."]},"suggestions":{"Suggestions":["Sugerencias"]},"Support":{"Sub category":["Subacategoria","Subcategorías"]},"Support article":{"${ article.readingTime } min":["${ article.readingTime } minuto","${ article.readingTime } minutos"],"${ readingTime } min":["${ readingTime } minuto","${ readingTime } minutos"],"Category":["Categoría","Categorías"],"Didn’t find what you were looking for?":["¿No encontró lo que buscaba?"],"General contact":["Contacto general"],"Get help":["Obtener ayuda"],"Legal contact":["Contacto legal"],"Media contact":["Contacto para medios"],"Partnerships contact":["Contacto para colaboradores"],"Reading":["Lectura"]},"Support categories":{"Browse Proton product support":["Explore el soporte de productos de Proton"]},"Support category":{"There is no article in this category yet.":["Todavía no hay ningún artículo en esta categoría."]},"Support troubleshooting":{"--- Select ---":["--- Seleccionar ---"],"Adding and importing contacts":["Agregar e importar contactos"],"App version":["Versión de la app"],"Automatically save contacts":["Guardar contactos automáticamente"],"Bridge connection issues with Outlook, Apple Mail or Thunderbird":["Problemas de conexión de Bridge con Outlook, Apple Mail o Thunderbird"],"Browser":["Navegador"],"Check if this helps":["Compruebe si le sirve"],"Choose a category for your question":["Elija la categoría de su pregunta"],"Connectivity errors on Android and iOS":["Errores de conexión en Android y iOS"],"Contacts":["Contactos"],"Custom domain":["Dominio personalizado"],"Desktop notifications":["Notificaciones de escritorio"],"Did this solve your issue ?":["¿Resolvió su problema?"],"Difference between Combined Addresses Mode and Split Addresses Mode":["Diferencia entre el modo de direcciones combinadas y el de direcciones divididas"],"Differences between addresses, aliases, and sub-users":["Diferencias entre direcciones, alias y subusuarios"],"Email notifications":["Notificaciones de correo electrónico"],"Email tracking protection":["Protección de rastreo de correos electrónicos"],"Encryption":["Cifrado"],"Encryption keys management":["Gestión de claves de cifrado"],"Faster assistance is just a few clicks away — please make your selections":["Obtenga ayuda más rápidamente con tan solo unos clics. Haga su selección."],"How to avoid receiving spam messages":["Cómo evitar recibir mensajes de spam"],"How to block unwanted email":["Cómo bloquear correos electrónicos no deseados"],"How to configure your email client for Bridge":["Cómo configurar su cliente de correo electrónico para Bridge"],"How to create contact groups":["Cómo crear grupos de contactos"],"How to create or edit CSV contacts":["Cómo crear o editar contactos CSV"],"How to install Proton Mail Bridge":["Cómo instalar Proton Mail Bridge"],"How to merge duplicate contacts":["Cómo fusionar contactos duplicados"],"How to send encrypted messages to external users":["Cómo enviar mensajes encriptados a usuarios externos"],"How to set up a custom domain":["Cómo configurar un dominio personalizado"],"How to unsubscribe from Apple’s TestFlight notification emails":["Cómo cancelar la suscripción a los correos electrónicos de notificación de TestFlight de Apple"],"How to use auto-reply":["Cómo utilizar la respuesta automática"],"How to use filters":["Cómo utilizar los filtros"],"How to use folders and labels":["Cómo utilizar las carpetas y las etiquetas"],"How to use PGP encryption":["Cómo usar el cifrado PGP"],"Invalid password error while setting email client for Bridge":["Error de contraseña no válida al configurar el cliente de correo electrónico para Bridge"],"Login security notification alerts":["Notificación de alerta de seguridad de incio de sesión"],"Manage mailbox appearance":["Gestión de la apariencia del buzón"],"Mobile connectivity and synchronization":["Conexión y sincronización móviles"],"No, contact support":["No, contactar a soporte"],"Notifications":["Notificaciones"],"Other":["Otro"],"Problems with deleting messages":["Problemas con la eliminación de mensajes"],"Problems with moving messages":["Problemas para mover mensajes"],"Problems with read/unread message status":["Problemas con el estado de mensaje leído/sin leer"],"Proton Mail Bridge":["Proton Mail Bridge"],"Proton Mail settings":["Configuración de Proton Mail"],"Push notifications not arriving":["No llegan las notificaciones push"],"Sending and receiving messages":["Envío y recepción de mensajes"],"Sending and receiving messages limitations":["Limitaciones al envío y recepción de mensajes"],"Sending and receiving troubleshooting":["Solución de problemas de envío y recepción"],"Spam filtering, Allow and Block lists":["Filtro de spam y listas de permitidos y bloqueados"],"Sub-users and organizations":["Subusuarios y organizaciones"],"Thank you for your feedback":["Gracias por sus comentarios"],"Troubleshooting":["Solución de problemas"],"Verify custom domain records & anti-spoofing":["Verificación de registros de dominios personalizados y antisuplantación"],"What can we help with ?":["¿En qué podemos ayudar?"],"What if your domain records fail (TXT, MX, SPF, DKIM, DMARC)":["Qué ocurre si los registros de dominio fallan (TXT, MX, SPF, DKIM, DMARC)"],"What is encrypted on Proton Mail":["Qué es el cifrado en Proton Mail"],"Yes":["Sí"]},"support_modal_search_query":{"How to use a custom domain?":["¿Cómo utilizar un dominio personalizado?"],"Search query":["Consulta"]},"support_modal_search_result":{"Search result":["Resultado de la búsqueda"]},"support_modal_title":{"Blog search":["Búsqueda en el blog"],"Support search":["Búsqueda en la sección de soporte"]},"support_search_button":{"Search":["Buscar"]},"support_search_i_am_looking_for":{"I'm looking for":["Busco"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Para una resolución más rápida, reporte el problema desde la app Bridge: Ayuda > Reportar un problema."],"Information":["Información"]},"SupportForm:option":{"Account Security":["Seguridad de la cuenta"],"Contacts":["Contactos"],"Custom email domain":["Dominio de correo electrónico personalizado"],"Email delivery and Spam":["Entrega de correo electrónico y spam"],"Encryption":["Cifrado"],"Login and password":["Inicio de sesión y contraseña"],"Merge aliases and accounts":["Combinar alias y cuentas"],"Migrate to Proton":["Migrar a Proton"],"Notifications":["Notificaciones"],"Other":["Otros"],"Plans and billing":["Planes y facturación"],"Proton for Business":["Proton for Business"],"Sign up":["Regístrese"],"Storage":["Almacenamiento"],"Users, addresses, and identities":["Usuarios, direcciones e identidades"]},"SupportForm:optionIntro":{"Select a topic":["Seleccione un tema"]},"swiss_baseed_feature":{"Swiss based":["Con sede en Suiza"]},"Testimonial":{"Awards":["Premios"],"Customers":["Clientes"],"Featured":["Destacados"],"Go to testimonial source":["Ir a la fuente testimonial"],"Reviews":["Reseñas"],"Videos":["Videos"]},"Text":{"Find the plan that's right for you":["Encuentre el plan adecuado para usted"],"If you need help, check out our ${ supportLink }.":["Si necesita ayuda, consulte nuestra ${ supportLink }."],"Included feature":["Característica incluida"],"The page you’re looking for might have been removed, or it could be an\nold link.":["Es posible que la página que busca haya sido eliminada o que sea un\nenlace antiguo."],"Ultimate feature":["Característica definitiva"]},"Title":{"On this page":["En esta página"],"Related articles":["Artículos relacionados"],"Share ${ thisPage }":["Compartir ${ thisPage }"],"Thank you!":["¡Gracias!"],"this page":["esta página"]},"Tooltip":{"More information":["Más información"]},"tooltip_calendar":{"Create up to 20 custom & shareable encrypted calendars. On top of that, add up to 5 calendars from friends, family, colleagues, and organizations.":["Cree hasta 20 calendarios personalizados, compartibles y cifrados. Agregue hasta 5 calendarios de amigos, familiares, colegas y organizaciones."]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Acceda a contenido bloqueado y navegue en privado. Tendrá a su disposición más de ${ TOTAL_SERVERS } servidores en más de ${ TOTAL_COUNTRIES } países, VPN de máxima velocidad, ${ TOTAL_VPN_CONNECTIONS } conexiones VPN, servicios de streaming en todo el mundo, bloqueadores de malware y de anuncios, y mucho más."],"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, 10 VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Acceda a contenido bloqueado y navegue en privado. Tendrá a su disposición más de ${ TOTAL_SERVERS } servidores en más de ${ TOTAL_COUNTRIES } países, VPN de máxima velocidad, 10 conexiones VPN, servicios de streaming en todo el mundo, bloqueadores de malware y de anuncios, y mucho más."]},"Vault definition":{"A vault in Proton Pass is an encrypted digital container that contains your items. An item can be a login, an alias, a secured note.":["Una bóveda de Proton Pass es un contenedor digital cifrado que contiene elementos, tales como información de inicio de sesión, un alias o una nota protegida."]},"version_history_label":{"Version history":["Historial de versiones"]},"version_history_tooltip":{"Store up to ${ versionHistoryNumber } versions of each file for up to ${ years } years":["Comparta hasta ${ versionHistoryNumber } versiones de cada archivo hasta durante ${ years } años"]},"VideoModal":{"Get started in 2 minutes":["Ponte en marcha en 2 minutos"]},"videosButtonLabel":{"Get started with videos":["Empezar con los videos"]},"vpn_feature_accelerator":{"VPN Accelerator":["Acelerador VPN"]},"vpn_feature_accelerator_tooltip":{"Get the best speeds when you connect over large distances.":["Obtenga las mejores velocidades al conectar a grandes distancias."]},"vpn_feature_custom":{"Custom DNS":["DNS personalizado"]},"vpn_feature_custom_tooltip":{"Use a third-party or self-hosted DNS server instead of DNS servers run by Proton VPN.":["Use un servidor DNS autoalojado o de terceros en lugar de servidores DNS gestionados por Proton VPN."]},"vpn_feature_lan":{"LAN connections":["Conexiones LAN"]},"vpn_feature_lan_tooltip":{"Easily access devices on your local network, such as your printer or LAN server.":["Acceda fácilmente a dispositivos en su red local, como su impresora o servidor LAN."]},"vpn_feature_noads":{"No ads":["Sin anuncios"]},"vpn_features_link":{"View VPN plans":["Ver planes de VPN"]},"vpn_features_useCase":{"Access blocked content and browse privately":["Acceda a contenido bloqueado y navegue de forma privada"]}}},"unleashApi":"https://account.proton.me/api"};
// We need to import data (the framework context) from the server
// This Astro feature with define:vars works well but creates an inline script
// So we can't directly import the initFramework helper, we have to store the context
window.frameworkContext = frameworkContext;
})();
Proton Mail is now more secure against sophisticated attacks | Proton
At Proton(new window), your security is always our first priority. That’s why, in recent months, we have added support for MTA-STS, DANE, WKD, DNS CAA, and much more to Proton Mail(new window) to further enhance your security.
We know that many people, such as journalists, use Proton Mail for sensitive communications and may be targeted by highly sophisticated threat actors. As part of our ongoing security efforts, we have released several new features to improve the security of all Proton Mail users.
This article describes Proton Mail’s new security features and explains how they keep you safe. At the end of the article, we also discuss some of the other upcoming Proton Mail features we have planned for this fall.
Web Key Directory (WKD) – a better way to look up public keys
Quick summary: You’ll be able to send encrypted messages to non-Proton Mail PGP users without having to import their public key. This is another step toward making end-to-end encryption the default for all email communication.
Proton Mail is built on top of the OpenPGP standard(new window), and interoperability has long been a priority for us. This is why we released full PGP interoperability support(new window) for all our mail clients in 2018. However, key discovery has long been a challenge in the OpenPGP ecosystem because it’s difficult to know whether to trust the keys you receive from a public keyserver. A new approach, called Web Key Directory (WKD), leverages the web to allow a domain to serve its own keys via HTTPS. Proton Mail has supported an early version of WKD since 2018, but we have recently revamped our implementation to match the latest specifications. This should allow any WKD client to retrieve keys for addresses on our proton.me, proton.me, and proton.me/mail domains automatically, making it easier for Proton Mail to have end-to-end encryption with non-Proton Mail users.
Brand new, however, is Proton Mail support for external key discovery via WKD. Our servers will now use WKD to look for keys on external domains, meaning that anyone can set up their domain or service for full end-to-end interoperability with Proton Mail. In practical terms, this means you may notice the green padlock that indicates your message is encrypted when you send an email to a non-Proton Mail email address, even if you have not uploaded a key for them. Full WKD support will be rolling out across all Proton Mail apps in the following weeks.
DANE and MTA-STS – thwarting active attackers
Quick summary: We implemented two security “rules” for our servers that basically force other servers to always send encrypted data. This means it’s now much harder for hackers to intercept emails between Proton Mail and non-Proton Mail accounts.
DNS-based Authentication of Named Entities (DANE) and Mail Transport Agent Strict Transport Security (MTA-STS) are two separate web standards that do roughly the same thing: protect email transport encryption (SMTP TLS) from attacks that remove this encryption. For emails sent between Proton Mail accounts, this is less of a concern because message contents are always end-to-end encrypted by default. But to protect messages exchanged between Proton Mail and outside email accounts, it’s important to ensure the transport encryption is secure against this kind of attack.
The problem is that in the early days of the Internet, there was no transport-layer encryption for either the web or email. This meant that emails from your email server to your recipient’s email server were sent in plaintext that anyone monitoring the network could read — no privacy at all. When TLS encryption finally arrived, there were thousands of mail servers that did not understand the new encryption standard. To ensure mail delivery, the standard requires that mail be delivered unencrypted if the remote server does not support encryption.
Therefore, TLS encryption is effective against passive attackers who are recording network traffic. The problem is that the discussion between the servers about encryption support is itself unencrypted, and can therefore be modified by an active attacker. The attacker can delete the message from the destination server which says that it supports encryption and force unencrypted mail delivery, which the attacker can then intercept.
The protocol used for web traffic (HTTP) had a similar problem, and it was largely solved via a standard called HTTP Strict Transport Security (HSTS). This standard allows a website to advertise via an HTTP header that it supports encryption (HTTPS). The browser caches this information for a long time, usually several weeks. While HSTS is a trust-on-first-use (TOFU) mechanism, the long lifetime ensures that transient attacks are usually thwarted, and modern browsers typically have a preloaded list of websites that must use HTTPS to address the TOFU loophole as well.
MTA-STS is HSTS for email. The sending mail server looks up and caches an MTA-STS policy, which tells it that the receiving mail server supports encryption. Once it has this information, it knows to refuse any attempts to downgrade its connection with the destination mail server. It relies on a long cache time to prevent transient attacks.
The downside, however, is that each mail server must maintain its own cache. That cache will also only contain policies for servers it has contacted recently. This works well for popular domains such as proton.me. It is not as effective between small domains with low email traffic. The policies for these domains are unlikely to be cached and can, therefore, be blocked by an attacker who can control DNS lookups. Our MTA-STS implementation works with most of the major email service providers.
DANE works via a different mechanism. With DANE, an email provider publishes DNS records which tell other mail servers that it supports TLS encryption. Even better, it tells the receiving server to expect a certain certificate when connecting to the sending server. This can foil attackers in possession of an otherwise valid TLS certificate for the mail server in question. It also works well for smaller email domains with low traffic because it does not rely on caching. However, it does rely on the security of the DNS system, which means it requires DNS Security Extensions (DNSSEC), and it has had limited adoption as a result.
Both MTA-STS and DANE have their pros and cons, and neither is perfect. However, they each can foil mail delivery encryption downgrade attacks under the right circumstances. So we have implemented both of them for proton.me, proton.me, and proton.me/mail. DANE also gives some protection for the thousands of custom domains we host by securing Proton Mail’s MX records, especially if the custom domain implements DNSSEC.
Expect-CT and Public-Key-Pins-Report-Only – an alarm system against eavesdroppers
Quick summary: These two headers make it easier for us to detect fake certificates and prevent man-in-the-middle attacks against our users.
Expect-CT is a new security header which is, at the moment, only supported by Chrome and Opera browsers. It allows a website to instruct the browser to reject any certificate not found in Certificate Transparency, a read-only public log of certificates which can be audited. Because Expect-CT is an HTTP header, it is a trust-on-first-use protocol that relies on long-term caching to ensure security. While Expect-CT does not prevent a compromised Certificate Authority from issuing a fake certificate, it does limit the damage by forcing the addition of the certificate to the log. The domain owner can then report the fake certificate and attempt to get it revoked.
HTTP Public Key Pinning (HPKP) is an older protocol that is being deprecated by most major browsers because it is too dangerous to use in practice. What HPKP did was allow a website to specify which TLS keys a browser should accept for the site, similar to DANE. However, unlike DANE, HPKP is another trust-on-first-use protocol that relies on a long-lived cache for security. This combination made it extremely easy to destroy one’s site either accidentally or on-purpose by publishing a bad header with a long lifetime.
HPKP, however, has a report-only mode, which is not dangerous and is useful in detecting man-in-the-middle (MITM) attacks or misconfigurations. While the report-only mode is likely to be removed eventually in favor of Expect-CT, we will continue to use it to monitor MITM attacks against our users for as long as it remains supported.
DNS CAA – a check on certificate authorities
Quick summary: Certificate authorities are trusted third parties that issue certificates that verify a site’s servers are legitimate. We’re now using a record that helps prevent certificate authorities from issuing a hacker’s certificate.
Nothing can prevent a compromised certificate authority (CA) from issuing a valid certificate that they should not, which is a fundamental problem with the CA system in general. However, the chances of a CA being tricked into issuing a bad certificate can be reduced by adding a Certificate Authority Authorization (CAA) DNS record. These records specify exactly which CAs, if any, are allowed to issue certificates for a given domain or sub-domain, and are checked by most reputable CAs. This will reduce the odds of an illegitimate Proton Mail certificate being improperly issued and used to create a fake Proton Mail site or launch a man-in-the-middle attack.
New reporting mechanisms to ensure delivery
Quick summary: Extra layers of security can complicate email delivery, so we’ve installed monitoring that will keep an eye out for any issues.
Many of the previous protocols, if deployed incorrectly, can cause serious mail delivery or site accessibility issues. Most also have a mechanism to report policy violations, which is vital for detecting configuration issues and attacks. While we have long monitored other mail delivery and security reports, such as DMARC and Content Security Policy (CSP) violations, with this update we are now also monitoring Expect-CT, HPKP, DNS CAA, and SMTP TLS issues (DANE/MTA-STS). SMTP TLS issues are monitored via TLSRPT, a new standard that reports TLS connectivity problems experienced by applications that send email. This additional monitoring will give us a better awareness of both attacks and non-malicious problems experienced by our users.
Further work
We’ve accomplished a lot in the past few months, but much work remains left to do. Both MTA-STS and WKD support for custom domains hosted at Proton Mail would require domain owners to request new TLS certificates and set up a reverse proxy to Proton Mail. This is inconvenient for our users, and we would like to build an automatic way for custom domain owners to integrate MTA-STS and WKD support.
While DANE and MTA-STS work against downgrade attacks, they do nothing in cases where the remote server does not support TLS, or has not configured MTA-STS/DANE and is under attack. We would also like to allow our users to require that their email be sent externally only over TLS, either as a global setting or for specific contacts.
Upcoming releases
In the coming weeks and months, we will continue to roll out several other significant releases. Many users have asked for multi-user support on our mobile apps. We have heard your requests, and we will be releasing this shortly on Android, with iOS to follow. As part of our security initiatives, we are also conducting an independent security audit of all Proton apps. As these audits are completed in the coming months, we will publish the results and open source even more software. We are developing an encrypted search of message content, and we hope to release this on mobile clients before the end of this year. This feature is also coming to the web version of Proton Mail.
Finally, we continue to work on Proton Mail 4.0, which is a completely redesigned version of Proton Mail’s web app that also features Proton Calendar(new window), a fully encrypted calendar. Because we wanted to get this security release out first, Proton Mail 4.0 is now scheduled for Q4 2019. We will be sharing regular updates on social media, so follow us to get the latest news. We look forward to making Proton Mail not only more secure, but also easier to use!
Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.
Apple’s marketing team has built a powerful association between the iPhone and
privacy. The company’s ad campaigns claim that “what happens on your iPhone,
stays on your iPhone.” And, “Privacy. That’s iPhone.”
But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed
the personal data of as many as 43 million people.
The latest breach is the second major cybersecurity attack to happen in France
in the past month, raising concerns abo
Google Drive makes it easy to share files and folders, but you may have wondered
at some point whether the people you’ve shared a folder with can see your other
folders. We answer this question below and also share some tips for truly secure
link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think
about email privacy.
Today, we’re excited to broaden the horizons of secure communication by
launching the Proton Mail desktop app. Anyone can now use the new Proton Mail
What you do online isn’t private. Everything you do leaves behind some kind of
mark. This trail is often referred to as a digital footprint, and it’s used to
track you in many different ways. In this article, we go over what a digital
footprint is, h
In February 2024, media reported that Indian authorities may decide to block
Proton Mail. Proton Mail is still available in India despite any reports
suggesting otherwise.
In response to hoax bomb threats that were sent through Proton Mail, some
me