Q: What’s the best way to contact you?
A: For user support, users can contact email@example.com. This will open a ticket.
Q: Why does it take so long to receive emails?
A: The most common reason is missing or broken SPF records of the sender’s domain, or the sender not following the domain policy. This triggers greylisting for about half an hour. Please contact the administrator of the sender’s domain and ask about correct settings.
Q: What is the difference between mailchuck.com and bitmessage.ch?
A: They have the opposite (complementary) functionality. bitmessage.ch allows people to use a mail client (or webmail) and access the Bitmessage network, i.e. send/receive messages with other Bitmessage users, and their Bitmessage messages are hosted by bitmessage.ch. Mailchuck allows you to use a Bitmessage client and access the “email network” (send/receive messages with email users), and Mailchuck does not store them other than for transport purposes.
Q: Is the service available in a language other than English?
A: For privacy reasons, we think sticking with English is better. If you prefer a different language, this exposes information about yourself (for example which country you are from).
Q: What features does Mailchuck provide?
A: The basic free account provides the ability to receive emails (which are forwarded to your Bitmessage address). Paid accounts have several more functions:
- receiving attachments
- sending emails
- transparently using PGP
- you can charge people to be able to send you emails
By default, attachments and charging for emails are off and to turn them on, you need to open a ticket. In near future, you will be able to configure them yourself by sending messages from your Bitmessage client (like when registering an account).
Q: How do the attachments work?
A: When turned on, incoming attachments are uploaded to MEGA. We use a slightly modified version of the MEGA API that prevents us from decrypting the contents of the file after being uploaded. Only you, with the link contained in the message, can decrypt it.
Currently, the files have to be deleted manually from MEGA, but in the future, they will be deleted after a fixed period after your Bitcoin client send a confirmation that it received the message.
Q: How does PGP work?
A: Mailchuck offers two modes: server and local. The server mode (default) will generate PGP keys for you and use encryption and signatures for your emails. It works in both ways: incoming and outgoing. The message you will see will contain warnings if the incoming message didn’t have correct encryption / signature. The local mode merely relays messages without modifying PGP data, allowing you to use your own PGP software locally. This is a true end-to-end encryption, but is a bit of a hassle because you need to copy and paste between your bitmessage and PGP clients.
To switch between the two modes, send a message to the registration address and use config as a subject. In the body, specify either
Upon receiving the message, the settings will change accordingly.
Q: How does charging for emails work?
A: You can provide us with a Bitcoin BIP32/BIP44 public key seed (for example from Electrum or Mycelium wallet), and specify a fee amount (in Bitcoins, USD, EUR or GBP). When an email is received from an address that has not paid yet, their email will be rejected on SMTP level, with a request for payment. The public key seed will be used to generate a unique Bitcoin address for each email address. The payment directs the sender to a payment interface hosted on Mailchuck webservers. After receiving the payment, the address will be recorded (actually, a salted hash of sender and email address, to improve privacy) and emails from that address will be let through in the future.
Payment for emails has been suggested occasionally as a way of fighting SPAM. Unfortunately, most of the implementations that exist exacerbate SPAM, because they generate a new email for every received one. Mailchuck rejects the messages on the transport level and leaves it up to the senders’ mail server to deal with it.
Q: How many accounts can I have?
A: You can have as many as you’d like. There is no way for us to tell if accounts belong to the same person.
Q: Does the service offer end-to-end encryption?
A: The default settings (server providing PGP encryption) is not end-to-end: Mailchuck Ltd can, in theory, read the contents of your messages. However, you can change the PGP settings to “local”, and take care of PGP on our side. It is bit of a hassle but you can achive end-to-end encryption this way.
Q: Can my machine be compromised by using Mailchuck?
Q: Do you keep my IP address?
A: The service is carefully designed in a way that the user of Mailchuck never has to expose their IP address to us. The communication between the user and our systems happens exclusively through P2P networks (Bitmessage and Bitcoin). The user can visit our website, but the website itself does not have the ability to access the service, it is purely for informational purposes. The website is static HTML and does not contain any tracking elements. The only dynamic element on the site is the payment interface, but this is supposed to be used by third parties, rather than Mailchuck users (users will receive payment instructions through Bitmessage, and they do not require visiting a website). Even for the third parties, the payment interface is client-side with no payment data being transmitted to the server, so we only see that an IP address is accessing the payment interface, but do not know what payment it is related to. Since the payment interface is client-side, it can be used also for services entirely unrelated to Mailchuck Ltd.
In addition to not knowing your IP address, for payment processing we use our own full Bitcoin node, so the bitcoin addresses are not exposed to third parties either.
Q: Is the service anonymous?
A: This is a complicated question. Neither Bitmessage and Bitcoin require that the user exposes their identity to anyone. However, with sufficient investment, an adversary can narrow down the users’ identities. For example, information from Bitcoin exchanges can include the identities of their customers, or large-scale surveillance may pinpoint the source IP address of a transmission.
There are websites which claim they provide anonymous email service, but for many of them, their level of anonymity is actually much worse than with Mailchuck: they may require that you provide another email address for forwarding, or the website contains tracking elements or executable code that runs on your computer. The core feature of Mailchuck is that all services are only available through P2P networks and other than the Bitmessage/Bitcoin addresses, the user is not required to expose any other information to Mailchuck Ltd. While many of competing services’ idea about anonymity is “Tell us who you are, and we promise we won’t store this information or pass it to anyone”, our approach is “You do not have to tell us who you are.”
If this is not sufficient for you, maybe you can consider using further anonymisation layers for Bitmessage or Bitcoin. Furthermore, our free receive-only service does not require payment, so its anonymity does not depend on the anonymity of Bitcoin.
Q: How do you deal with subpoenas?
A: Subpoena or other requests for information from courts or law enforcement, assuming they are handed in accordance with the appropriate laws, are treated with seriously. Among other things, they provide serious suspicion that the user in question may be involved in criminal activities and can result in a suspension of an account. However, there is not much information that we can offer as a response to the subpoena. The retention period for metadata (logs) is very short and we do not keep the contents of the messages. Furthermore, the metadata does not contain IP addresses of users, because the communication between Mailchuck and the user only occurs through P2P networks. We only have the users’ Bitmessage addresses, and in case of paid services, their Bitcoin addresses. Even if data retention laws forced us to keep the metadata longer, we still would not have other type of information available.
Q: How much does the service cost?
A: Basic account with receive-only functionality is available for free. For any other functionality, you need to upgrade to a paid subscription, which costs one USD per month. The exchange rate between Bitcoin and USD is fetched from the Coindesk Bitcoin Price Index at the time of payment request generation.
Q: What payment methods are available?
A: Currently, Bitcoin payments are fully automated, including payment requests and receipts, in a very secure and private fashion. Payments are processed with zero confirmations and the processing shouldn’t take more than a couple of seconds. We are willing to also take Namecoin, Litecoin or Dash, however due to a lack of library support, there is no automated way to do this and needs to be requested manually by opening a ticket. Receipt would also be processed manually.
Q: I want to have a subscription period of more than one month.
A: If you pay a multiple of the monthly subscription amount, the payment processing will extend your subscription for a multiple of months, and the receipt will reflect this. For example, if you pay 12 times the requested amount, the subscription will be extended by one year. Currently, there is no way to configure this explicitly.
Q: When does the subscription period begin and end?
A: If you have a subscription that hasn’t expired yet, the extended subscription begins when the old one expires. If your subscription already expired or you never had a subscription, the new subscription begins today. The subscription ends one month after the start (e.g. if it starts on the 18th of February, it will end on the 18th of March). If you paid for more than one month, the subscription will end after the respective number of months.
Q: Do you provide consolidated billing?
A: Consolidated billing would expose relationships between users and compromise the privacy of the users. Therefore, it is not supported.
In the future, we may offer email services for customers’ own domains. In such a case, consolidated billing would not be privacy-decreasing and may be available.