Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

Does Guard use the Web of Trust

PGP uses the “Web of Trust” for the mutual signing of encryption keys to ensure users can verify and trust the authenticity of other users. How does this work with mailbox.org Guard?

There is currently no support implemented in mailbox.org Guard for the management and analysis of keys received from other users or from potentially unsafe third-party repositories.

Instead, mailbox.org Guard operates on the basis that you will retrieve public keys directly from your communication partners and then manually add them to your key ring. Currently, we are relying on your judgement to only import valid keys that do not require external signing.

Before you import a new PGP key, it is vital that you review the additional information that comes with it. Please verify with your communication partner the fingerprint and other security attributes using a secure second channel, such as by phone, text, messenger, or snail mail.