- Mail: Level 1
This means the connections between the user and the server are always encrypted, StartTLS is used to exchange mails with other servers whenever available and we use a cacert-signed certificate. The server doesn't add the IP address of a user sending a mail through its service anywhere in the email (level 2), but we have not yet implemented certificate pinning for other level 2 compliant servers. IMAPS is available as an enclaved hidden Tor service on 4xxjkcq535yjalls.onion
- Webmail: Level 3
- Certificates: Level 2
This means we don't allow weak ciphers and private keys are only stored encrypted. PFS (forward-secrecy) is partially implemented, but needs more work.
- Filesystem: Level 3
This means the operating systems its configurations and all user date is stored encrypted with a strong passphrase. Swap is encrypted with a random key on boot.
- Logging: Level 3
This means no logs of any kind are stored. We do sometimes temporarily switch on logging for debugging purposes.
- Users: Level 2
This means users are forced to use strong passwords and there is a seperate VM for shell accounts. Shell accounts are not isolated from eachother (level 3), we're a community server.
- Evaluation of policy compliance: Level 1
This means we have no fixed periodic checks for compliance, the last update was 2014/25/5, the one before was on 2013/06/02.