FAQ

General

1.1 This is all for free, so what's the catch?

dismail.de services are free for use, but are not for free. Keeping the servers up and running requires more than simple maintenance and keeping the whole system up and running is very expensive and is a lot of work. So there is no catch, but please consider making a donation (monthly if possible) to cover the costs.

1.2 I forgot my password! Can you recover it?

We can not recover your password, all passwords are salted and hashed.

1.3 I forgot my password! Can you reset it?

No, we will never ever reset your password on request and there is no self service password reset. Any such request will just be ignored, if you forget your password you will lose your account. Implementing a secure and sane password reset is more complex than one might think as you need at least a second factor (biometrics, SMS, OTP, ...). Just sending a password reset link or sending the old or new password are actually security loopholes.
Please use a password manager to generate and store your passwords. KeePass is available for various platforms.

1.4 dismail.de services has all those shiny "A+", so dismail.de is very secure, isn't it?

No, nothing is secure. Sounds trite, but that's how it is. Something can be more secure for a particular usecase than something else, at a certain time under certain conditions, but there is no such thing like a secure internet service. Don't trust anyone who claims their services are secure (Yes, I know there is a "secure" in dismail's slogan, gaah!).
That said, for what good are those tests and what does all that mean? All those tests can only scratch the surface and give only a small impression of how (carefully) a service is set up.

1.5 Is there a warrant canary on your website?

No, because they make no sense, really. In Germany a "gag order" is legally not possible. But just assuming Germany came up with something like the Patriot Act, don't you think they will just force me to update the warrant canary? You can not rely on it and you are forced to rely on speculation to decide what the meaning of a missing or changed canary is. Relying on a warrant canary is just another false sense of security or safeness. If you really care, then you should use any computer and any internet service as if the warrant canary has been removed. Or maybe you shouldn't use it at all.

1.6 dismail.de is about privacy, so I am totaly anonymous when using dismail.de services, am I?

No, please do not confuse privacy with anonymity.

1.7 I am using Tor, now I am totaly anonymous when using dismail.de, am I?

There were, are and will be several attacks, bugs or personal failures that can lead to full de-anonymization.

XMPP

2.1 How do I create an XMPP account at dismail.de?

Please use the webform or your XMPP client to create an XMPP account on dismail.de

2.2 I have registered an account on dismail.de, what next?

There is a huge list of client software available. For best experience use any of these clients:

• Conversations (android)
• Siskin IM, ChatSecure, Monal (iOS)
• Dino (BSD, Linux)
• gajim (BSD, Linux, Windows)
• The webchat on dismail.de

You can find a more comprehensive list of XMPP clients on xmpp.org

2.3 I have registered an account on dismail.de and I am using my favorit XMPP client, what next?

Now you can chat with friends on XMPP based services. Your friends do not have a JabberID? Well, tell them about XMPP and dismail.de ;)

2.4 How can I change my password?

You can change your password using any full-featured IM client, such as Conversations, Adium, Gajim, Pidgin, Psi or here.

2.5 I don't need my account any longer. Can you delete it?

You can delete your account with any full featured client or here.

2.6 Does dismail.de support chatrooms?

Yes, in Jabber these are known often as Multi-User conferences, or 'MUCs' for short. Usually you will find the option to join rooms in the menu of your client (e.g. "Join chat" in Pidgin). At dismail.de the MUC service is rooms.dismail.de (e.g., our "help room" is support@rooms.dismail.de).

EMAIL

3.1 I have created an account, but I can not log into my email account.

Actually you have created an XMPP account. To be able to use it also as an email account
please send a message with your XMPP client or the webchat to activation@dismail.de and ask for email activation (you need to use your dismail.de account). Please don't expect an immediate answer.

3.2 What about two-factor authentication?

You can activate two-factor authentication for webmail in the settings of your account. This will help to prevent (email) account theft, if someone somehow obtain your regular password. All other logins are still usable with your regular password, and it won't stop anyone who knows your password from reading/sending emails, but that's not what it's meant for.
During the activation process your will get some backupcodes, put them in a safe place, otherwise you will lose access to your email account if you lose your device or delete the OTP APP. You can use any APP that uses TOTP (for example andOTP or FreeOTP).

Don't use untrusted devices to login, regardless of 2FA and the way it is implemented, or you have lost.

3.3 How to use PGP with the webmail client?

Don't use it or only use it if you know what you are doing. The functionality is very limited and not very user friendly. Please also note that all keys are stored in the browsers local profile storage. Use a client like thunderbird instead.

3.4 Which other email provider do you recomend?

I don't want to recommend any, but here is a serverlist, please decide for yourself.