The temporary mailbox enables secure communication with everyone who has an e-mail address, world-wide. This mechanism has been designed to promote the sending of encrypted e-mails over the Internet, and avoid the interception of messages by third parties.
If you send an encrypted message to someone without a known public PGP key, this person (the external user) will receive two emails. At first an e-mail containing a link to a login form for their temporary Guard mailbox.
A second email will contain the password for their temporary Guard mailbox and an additional message added by the sender:
They can open the link in a web browser and log in to mailbox.org using the password sent to them in a second, separate e-mail and, if enabled, the additional PIN transmitted by you, the sender.
Once the external user has logged in, they can read and reply to any encrypted e-mail they may have received. The connection to the temporary mailbox is secured via https and any e-mails sent from there will be encrypted automatically.
If the external user happens to actually use PGP and you just didn’t know their key when sending them an e-mail, they have the option to download the generated keys after login and import it in theire email client. mailbox.org Guard will then send any future communication directly and securely encrypted to their e-mail address, without any further need for a temporary mailboxNote: to use the features described in this article, you must have the mailbox.org Guard enabled.
Hurdles of encrypted communication
You may know this: You would like to communicate securely with your friends, business partners and family without your messages being read, archived and modified by third parties. Unfortunately, your communication partner may not have the time to deal with secure communication, encryption is too complicated or too much effort.
If the Guard cannot find a suitable OpenPGP key for the recipient's email address when creating an encrypted email, it will show this with a green human icon (here: between the recipient's email address and the result of the transport encryption check):
If you send this contact an encrypted e-mail, we will automatically create a temporary mailbox for them.
Our answer - the temporary mailbox!
Through the temporary mailbox, we enable secure e-mail communication with every contact worldwide. We thus prevent your e-mails from being sent unencrypted and read or modified on the way. If you send your communication partner an encrypted e-mail for the first time and the Guard cannot assign a PGP key to this e-mail address, we will provide a temporary mailbox for the recipient.
The recipient does not receive the content of the confidential message as an unencrypted e-mail, but an e-mail with a link to a temporary mailbox:
The recipient can then call up the link he received with the first e-mail in the browser.
Since this e-mail with the link to the temporary mailbox is sent in an unencrypted e-mail, this e-mail could of course be read and intercepted. You should therefore additionally secure access to the temporary mailbox with a PIN - which is explained in the following section.
As the sender, you can display the PIN number again later. Open the sent message in the "Sent items" folder, then click on the message settings menu (three horizontal bars) and select "Check assigned PIN".
In this temporary mailbox, which is equipped with all our security features, your communication partner can read and answer the encrypted e-mail. His replies are also automatically encrypted!
As soon as the addressee opens the link (and verifies himself with the PIN if necessary), he must create a password for his temporary mailbox. The password can then no longer be changed. The reason for this regulation is that we can only guarantee the security of encrypted communication under these conditions. Otherwise a third party could misuse the password forgetting function necessary for the password reset in order to gain access to this temporary mailbox of the addressee.
Since the further, encrypted communication runs via this temporary mailbox, it is imperative that your communication partner memorizes his password well!
Temporary mailboxes are deleted after one year of inactivity.
|Content by Label|