FAQ

General

1.0 Why is the service called "dismail"?

The name derives from the old English verb "to dismail", meaning to remove armour or lay down arms, symbolizing peace and freedom while also forming a wordplay with "mail".

1.1 This is all for free, so what's the catch?

dismail.de services are free to use. Operating the infrastructure requires time and resources, but there is no catch and no hidden business model. If you find the project useful, you may consider supporting it with a voluntary contribution.

1.2 Why are new registrations limited?

Decentralized communication systems such as email and XMPP work best when many independent providers exist instead of a few large ones. If too many users concentrate on a single service, this recreates the same centralization problems that decentralized systems are meant to avoid.

dismail is operated by a single person and therefore has natural limits. Restricting growth helps keep the service stable, maintainable and sustainable for the long term.

The goal of dismail is to contribute to a decentralized ecosystem, not to become a large central service.

If you are looking for an account and registration is closed, the best option is to use another provider or run your own service.

1.3 I forgot my password! Can you recover it?

We cannot recover your password, all passwords are salted and hashed.

1.4 I forgot my password! Can you reset it?

No, we will never reset your password on request and there is no self service password reset. Such requests will be ignored, if you forget your password you will lose your account. Implementing a secure and sane password reset is more complex than one might think as you need at least a second factor (biometrics, SMS, OTP, ...). Just sending a password reset link or sending the old or new password are actually security loopholes.
Please use a password manager to generate and store your passwords. KeePass is available for various platforms.
This design intentionally avoids account recovery mechanisms that could be abused to take over accounts.

1.5 dismail.de services has all those shiny "A+", so dismail.de is very secure, isn't it?

No, nothing is secure. Sounds trite, but that's how it is. Something can be more secure for a particular use case than something else, at a certain time under certain conditions, but there is no such thing like a secure internet service. Don't trust anyone who claims their services are secure (Yes, I know there was a "secure" in dismail's slogan).
That said, for what good are those tests and what does all that mean? All those tests can only scratch the surface and give only a small impression of how (carefully) a service is set up.

1.6 Is there a warrant canary on your website?

No, because they make no sense, really. In Germany a "gag order" is legally not possible. But just assuming Germany came up with something like the Patriot Act, don't you think they will just force me to update the warrant canary? You can not rely on it and you are forced to rely on speculation to decide what the meaning of a missing or changed canary is. Relying on a warrant canary is just another false sense of security or safeness. If you really care, then you should use any computer and any internet service as if the warrant canary has been removed. Or maybe you shouldn't use it at all.

1.7 dismail.de is about privacy, so I am totally anonymous when using dismail.de services, am I?

No, please do not confuse privacy with anonymity.

1.8 I am using Tor, now I am totally anonymous when using dismail.de, am I?

There were, are, and will be several attacks, bugs or personal failures that can lead to full de-anonymization.

1.9 Can the operator read my emails or messages?

In principle, yes. Server operators always have technical access to the systems. Privacy therefore relies on trust and on the use of end-to-end encryption such as PGP or OMEMO.

1.10 What happens if dismail.de shuts down?

Users should always keep local backups of important data and be prepared to migrate to another service if necessary. The service is operated by a single person and continuity cannot be guaranteed.

1.11 Do you keep logs?

Some technical logging is necessary for operating the services. Details depend on the service and are documented in the privacy policy.

XMPP

2.1 How do I create an XMPP account at dismail.de?

Please use the webform to create an account. Some XMPP clients also support in-band registration.

2.2 I have registered an account on dismail.de, what next?

There is a huge list of client software available. For best experience use any of these clients:

You can find a more comprehensive list of XMPP clients on xmpp.org

2.3 I have registered an account on dismail.de and I am using my favorite XMPP client, what next?

Now you can chat with friends on XMPP based services. If your friends do not yet have a JabberID, tell them about XMPP.

2.4 How can I change my password?

You can change your password using any full-featured IM client, such as Conversations, Adium, Gajim, Pidgin, Psi or here.

2.5 I don't need my account any longer. Can you delete it?

You can delete your account with any full-featured client or here.

2.6 Does dismail.de support chatrooms?

Yes, in Jabber these are known often as Multi-User conferences, or 'MUCs' for short. Usually you will find the option to join rooms in the menu of your client (e.g. "Join chat" in Pidgin). At dismail.de the MUC service is rooms.dismail.de (e.g., our "help room" is support@rooms.dismail.de).

Email

3.1 I have created an account, but I can not log into my email account.

Actually you have created an XMPP account. To be able to use it also as an email account
please send a message with your XMPP client or the webchat to activation@dismail.de and ask for email activation (you need to use your dismail.de account). Please don't expect an immediate answer.

3.2 What about two-factor authentication?

You can activate two-factor authentication for webmail in the settings of your account. This will help to prevent (email) account theft, if someone somehow obtains your regular password. All other logins are still usable with your regular password, and it won't stop anyone who knows your password from reading/sending emails, but that's not what it's meant for.
During the activation process your will get some backup codes, put them in a safe place, otherwise you may lose access to your email account if you lose your device or delete the OTP APP. You can use any APP that uses TOTP (for example andOTP or FreeOTP).

Don't use untrusted devices to login, regardless of 2FA and the way it is implemented, or you have lost.

3.3 How to use PGP with the webmail client?

Don't use it or only use it if you know what you are doing. The functionality is very limited and not very user friendly. Please also note that all keys are stored in the browsers local profile storage. Use a client like thunderbird instead.

3.4 Which other email provider do you recommend?

I don't want to recommend any, but here is a serverlist, please decide for yourself.

social