Security
Your email. Your business.
We built Shipmail to be the email host we wanted to use ourselves. That means no data mining, no ad targeting, and security practices we can stand behind.
We don't read your email
Your messages are not scanned, analyzed, or used for advertising. There is no ad-supported tier and never will be.
We don't sell behavioral data
No advertising trackers and no cross-site ad profiles. We use PostHog for website analytics, product milestones, feature flags, and masked session replay, without email content.
We don't sell your data
Your data is used to run your email. That's it. No third-party data brokers, no profiling, no behavioral targeting.
Your data stays yours
Export your email anytime. Delete your account and we delete your data. No lock-in.
We encrypt your email at rest
Stored email can be encrypted with your own key. Only you hold the private key. Not even we can read encrypted messages.
Trust
What you can expect before and after you move.
Email is sensitive infrastructure. Shipmail keeps the operational pieces visible so you know what is handled, what remains under your control, and what happens if you leave.
Deliverability is configured for you
Shipmail creates the DNS records a business domain needs to send cleanly: SPF, DKIM, DMARC, MTA-STS, TLS reporting, and reverse-path alignment. We still expect normal sending behavior from each customer, because reputation depends on what gets sent as well as how the domain is configured.
Portability stays possible
Your domain remains yours, and your mail stays accessible through standard IMAP and SMTP clients. You can export mailbox data, move DNS elsewhere, and keep working from regular email clients instead of a proprietary inbox format.
Leaving does not become a trap
If you cancel, billing stops at the end of the period and you can move the domain to another provider. If you delete the account, customer data is removed, while security audit logs may be retained with personal fields removed.
Security is concrete
Shipmail uses encrypted connections, infrastructure-level encryption at rest, optional mailbox encryption with your own key, brute-force protection, and a Rust-based mail engine with independent security audits.
How it works
How we protect your email.
Encrypted connections
Every connection to Shipmail is encrypted with TLS. IMAP, SMTP, and the web interface all require encrypted connections. Email between servers is encrypted in transit whenever the receiving server supports it.
TLS 1.2+, STARTTLS, implicit TLS on ports 993/465/443
Encrypted storage
You can upload your OpenPGP public key or S/MIME certificate and incoming email is automatically encrypted before it's stored. Your private key never touches our servers.
OpenPGP (AES-256) or S/MIME (AES-256-CBC), user-held private keys
Strict transport security
We enforce MTA-STS in strict mode, which tells other email servers they must use encryption when delivering mail to your mailbox. This prevents downgrade attacks where an attacker forces email to travel unencrypted.
MTA-STS enforce mode, DANE, TLS-RPT daily reporting
Email authentication
Every domain on Shipmail gets DKIM signatures, SPF records, and DMARC policies configured automatically. This stops attackers from sending email that pretends to come from your domain.
DKIM (Ed25519 + RSA), SPF, DMARC, ARC
Spam and phishing protection
A built-in filter checks every incoming message against known spam sources, phishing patterns, and reputation databases. Suspicious messages are flagged before they reach your inbox.
Spamhaus DNSBL, Bayesian classifier, phishing heuristics, greylisting
Brute force protection
Failed login attempts are tracked per IP address. After repeated failures, the IP is automatically blocked. Port scanning and common exploit paths are also detected and blocked.
Automatic IP banning, rate limiting, path-based scan detection
Infrastructure
Built on solid ground.
Written in Rust
The mail server is built in Rust, a programming language designed for safety and performance. It prevents common security vulnerabilities by design rather than relying on manual checks.
Independently audited
The mail engine powering Shipmail has completed two independent security audits by Radically Open Security. The auditors described the codebase as 'robust, well-architected, and cleanly compartmentalized.' Reports are public.
Open protocols
IMAP, SMTP, CalDAV, CardDAV. Standard protocols supported by every major email client. No proprietary apps required, no vendor lock-in. Switch away anytime with your data intact.
Minimal third parties
We use a small number of infrastructure providers: Stripe for payments, Neon for our database, Cloudflare for storage, and AWS SES for outbound relay. Each processes only what's needed to deliver their service.
FAQ
Common questions.
- Is Shipmail end-to-end encrypted like Proton Mail?
- No. Proton Mail encrypts messages on your device before they leave. Shipmail encrypts connections and offers optional encryption of stored email with your own key. Both are valid approaches for different needs. If end-to-end encryption is a hard requirement, Proton Mail is the right choice.
- What happens to my data if I delete my account?
- Your data is deleted. Audit logs are retained with personally identifiable fields removed. See our privacy policy for full details.
- Where is my data stored?
- Our application, database, and mail server run in Germany. Email blob storage uses Cloudflare R2 with a Western Europe location hint, and outbound email is delivered from EU infrastructure. All stored data is encrypted at rest on the infrastructure level.
- Do you comply with GDPR?
- Yes. We collect only what's needed to run the service, we don't sell data, and we honor data export and deletion requests. PostHog analytics events are limited to website usage, product milestones, internal IDs, and plan metadata. Session replay may record public website and product interface copy, interactions, page structure, clicks, scrolling, and redacted URLs for product diagnostics. Form inputs and sensitive values are masked before PostHog receives the recording.