Security is paramount to the operation of Here are some of the features already in place, with improvements planned in the future.


  • Logs (metadata) are kept for between 24 and 48 hours.
  • Email contents are kept for about 1 hour (while they are being relayed).
  • All servers handling the data use full disk encryption.
  • All servers are physical rather than virtual machines.

Transport encryption

  • Email servers have TLS and certificates signed by Comodo CA
  • Communication between email server and bitmessage daemon goes through an OpenVPN tunnel

Email security

  • Emails are scanned for viruses with clamav
  • The domain has correctly configured SPF and DKIM records and outbound emails have DKIM signatures
  • Inbound email is greylisted (in combination with SPF checking)
  • IPs of servers are checked against multiple DNSBL
  • Outbound email is throttled to 1 message per minute per user. This is to prevent spamming and may change in the future.