Posteo (email provider)

Hey folks, jumping in here as a long-time Posteo user (since like 2018 or whenever). I get why Proton/Tuta fans are hyping this “they can intercept decrypted emails” thing. This feels like the classic “our E2EE is better than yours” flex. But let’s be real. Posteo actually gives you more practical control and flexibility if you set it up right, and it’s not some shady half-measure like the thread makes it sound.

First off, mangomango and the others are missing the inbound encryption feature (which nerd touched on, good call). You just upload your public PGP or S/MIME key once in the settings — takes two minutes — and boom, Posteo automatically encrypts every single new incoming email with it right when it hits their servers. Even if the sender is some random Gmail user blasting plaintext. After that point, the emails sit on Posteo’s servers fully encrypted. Posteo literally cannot read them anymore, because they don’t have your private key.

Same with their crypto mail storage option — flips on in one click and encrypts your entire existing mailbox plus metadata with a key tied to your password. Again, decrypted only when you access it. Combine both and your stuff is protected on their end way beyond basic TLS. Now, the “real-time intercept when logged in” bit? Sure, if you’re sloppy and just using their basic webmail without the S/MIME plugin or proper PGP setup, the server handles the decryption for your session (over TLS, obviously). But who does that in 2026? Use Thunderbird, K9-Mail, Apple Mail, or any IMAP client with your own keys — decryption happens on your device, not on Posteo’s servers. That’s the beauty of Posteo, it doesn’t lock you into their app or force some proprietary bridge like Proton does. You get full open-standard PGP and S/MIME support (nice bonus for Apple users). No vendor lock-in, no “ trust us, our closed-source client is secure. ”