How it works
Posteo is a flat one-euro-a-month mailbox out of Berlin, founded in 2009 and still owned by its operators with no outside investors. Sign-up asks for a username and a password — no name, no recovery address, no phone, no IP. The webmail is a hardened Roundcube instance with Mailvelope wiring in PGP encryption at the browser. IMAP, POP3 and SMTP work with any third-party client; calendars and contacts ride on standard CalDAV and CardDAV. The mailbox is two gigabytes by default, optionally inflated by paid increments, and stored on AES-encrypted disks in German data centres. Every server-to-server hop falls back through TLS with DANE/TLSA pinning and DNSSEC. Users can also enable a per-mailbox encryption layer that wraps body, headers and address book in a key derived from the account password — the operator cannot read what it cannot decrypt.
KYC & privacy
There is no KYC at any tier. Posteo doesn't ask for personal data at signup and does not store IP addresses in headers or server logs. Payment is the more interesting half: bank transfer, SEPA, PayPal and credit cards all work, but each option is run through what Posteo calls a "one-time code" pipeline that severs the payment record from the account row after settlement. The genuinely anonymous lane is the one its press kit mentions least loudly: send a one-euro coin in an envelope to a Berlin PO box with the account reference on a slip, and the company applies the credit without ever learning the sender's bank, card, or name. Court orders are honoured under German law — a 2019 Federal Constitutional Court ruling forces providers to begin logging IPs prospectively when a judge demands it — but the underlying architecture means there is usually nothing historical to seize.
Strengths and limits
The strengths are stubborn: a sixteen-year operating record without a publicly documented breach, a transparency report published every year since 2014 in machine-readable XML and JSON, BSI certification under TR-03108 for secure mail transport, and a 2017 inspection by the German Federal Commissioner for Data Protection that called the anonymous payment system out by name. The limits are also stubborn. The service is closed source beyond a few published components; advanced search and spam tooling are thin compared with mainstream rivals; storage starts at two gigabytes and scales by paid increments; there is no native mobile app and no onion address; and the 2019 court ruling means a judge can order targeted logging that Posteo will then be obliged to perform. The trade is clear, and it has not changed.
Verdict
Posteo is what a privacy-respecting email service looks like when the operator never raised outside money, never sold, and never grew loud enough to lose its original posture. It is not the option for users who need a vendor mobile app, or who want open source bottom to top. For everyone else willing to drop a coin in an envelope, this is one of the calmer mailboxes on the open web.
Posteo is the option you choose when you want a serious mailbox that simply does not know you, and you can live without a vendor mobile app or open-source guarantees from the operator. The 2019 court ruling on prospective IP logging is the lone caveat that keeps it short of the top shelf. Grade: B+ (8.1/10). Trust: TRUSTED.
