Mail1Click is a free encryption email service with a simple and easy to use interface. Encryption and decryption automatically materializes in the background, there is no need to click on any special button but both parts have to be using Mail1Click to send and read encrypted emails. Data stored in the email server is kept secure using AES256-bit.
Communicating in the same server without sending any data across the Internet is first rate security since we all now know that spy agencies from around the world wiretap emails as they transit fibre optic cables.
I checked Mail1Click email headers when sending external messages and they do not show the sender’s computer IP, this is replaced with Mail1Click own mail server IP, identifying itself as located in Germany hosted by a company called Contabo, although Mail1Click company headquarters are in the United Arab Emirates.
If you send a message to a non Mail1Click address the recipient will receive an email with the default subject “New Encrypted Message” and a link instructing him to visit Mail1Click to be able to read the message setting up an account with a nickname and a password. That is all the private information Mail1Click requires from you, nothing, not even your name or a secondary email address.
The positive points I see in Mail1Click are that the service has been optimized for smartphone and tablet access, there is an Android app in Google Play and an optional Chrome browser addon. In case of problems support is provided via a ticket system but be warned that forgotten passwords can not be recovered. I also liked their antispam protection, this is not mentioned anywhere in their FAQ but when you receive an email from an unknown source the sender has to manually validate the message by clicking on a link and entering a captcha.
There is also a Windows email client available for download, when I attempted to install it in my computer I was asked to install Microsoft Visual Basic Power Pack first and after a few download errors I gave up.
The email interface has a rich text editor to create eye pleasing messages with attachments, what you will not find is a draft folder where messages are saved for later use, it is either write and send straight away, or don’t write anything. Even for a basic email service I felt that a Drafts folder was needed.
What I did not like of Mail1Click starts with them sending default HTML messages to non Mail1Click account holders. Email clients in high security environments should disable HTML formatted emails because it might contain malicious code. But this is not a big issue, those messages only include a sign up link, when converted to text it will not change much.
Mail1Click is a nice idea to bring encryption to the masses that have no computer knowledge and people who are only willing to dedicate zero effort to secure their emails, but with no code audit it is impossible to really know how secure everything is, not to mention the possibility of the company being legally compelled by a government to set up a backdoor in the server.
I was disappointed because there really isn’t any free encryption email service out there that I can recommend and I hoped Mail1Click could change that. I am going to stick with my local OpenPGP encryption keys, a VPN service (to hide email headers IP) and a non USA email service.
At the end of the day, if you haven’t access to the back end server you are not in control, high security means to never trust your encryption keys to anybody.