Why We're Different — Security Dashboard
Most email services promise security. Onion Mail shows you — every time you log in — whether your connection, encryption, and account are actually protecting you right now.
They promise security. You have to trust them.
ProtonMail and Tuta tell you their servers are secure. But how do you know if your connection is encrypted right now? If your PGP is actually working? If your IP is being logged?
You don't. You just hope.
We show you your security status in real time.
Every time you open your inbox, five widgets tell you exactly what's protected and what isn't. No guessing. No hoping. If something is wrong, we tell you — and we show you how to fix it immediately.
What each widget tells you
This isn't a settings page buried in a menu. It's the first thing you see every time you open your inbox. Here's what each indicator actually means.
🔴 Insecure Connection — Tor Status
We detect in real time whether you're connected via our .onion address or the public internet. If you're on clearnet, we show you your IP — so you see exactly what we'd have to provide if legally required. No surprises.
Privacy🔴 PGP Disabled — Encryption Status
Every Onion Mail account supports automatic PGP. This widget shows whether it's active. If it's off, your messages are stored as readable text on our servers. We'll never hide that from you — the warning is right there on every login.
Encryption🟢 2FA Protected — Login Security
Two-Factor Authentication protects your account from unauthorized access even if your password is compromised. This widget shows you at a glance whether it's enabled. If it isn't, we make sure you notice.
Security🟡 Tox Restore — Recovery without a Phone
We never ask for your phone number — not even for account recovery. Instead, you can link a Tox ID: a decentralized P2P protocol that lets you recover your account without revealing any personal information. No Tox ID? We warn you before you lose access.
RecoveryWhat happens when everything is green
When all five widgets show no warnings, here's what that means in practice — including when we receive a legal order.
You connect via .onion
Your traffic goes through the Tor network. Your ISP sees only that you use Tor. We see only a Tor exit node — not your IP address.
PGP encrypts your messages
Every email stored on our servers is encrypted with your public key. Without your private key, it's unreadable — including to our administrators.
We receive a legal order
Authorities request data associated with your account. We comply with all valid legal orders — we are not an outlaw service.
We have nothing useful to give
No IP address. No readable message content. No personal data. Just an encrypted blob requiring your private key. The dashboard warned you this would happen.
Native Tor .onion Access
Unlike ProtonMail which only offers a Tor mirror, Onion Mail was built from the ground up for the onion network. Your entire session — login, reading, sending — happens inside Tor without any clearnet fallback.
Automatic PGP on Every Account
You don't need to be a cryptography expert. PGP encryption is set up automatically for every account. The dashboard tells you immediately if it's not active — and guides you to enable it in one click.
Radical Transparency
We show you your connection IP, your encryption status, your 2FA state — all on the inbox screen. If you're exposed, you know it. We believe informed users are safer users.
How we compare on anonymity
A direct comparison on the features that actually matter for privacy.
| Feature | 🧅 Onion Mail | ProtonMail | Tuta |
|---|---|---|---|
| Real-time security dashboard | ✓ Every login | ✗ | ✗ |
| Native .onion access | ✓ Built-in | Partial — mirror only | ✗ |
| Automatic PGP encryption | ✓ All accounts | Partial — optional | ✗ Proprietary protocol |
| Register without phone number | ✓ Always | Sometimes required | ✓ |
| Register from Tor (new accounts) | ✓ | ✗ Blocked | ✓ |
| Anonymous payments (Monero) | ✓ XMR, BTC, ETH | Bitcoin only | ✗ |
| IMAP/SMTP external clients | ✓ | ✓ | ✗ |
| Phone-free account recovery | ✓ Via Tox P2P | Partial | Partial |
What happens if authorities request your data
We comply with valid legal orders. Here's what that means in practice — and why it depends entirely on you.
🔐 If you followed our warnings (Tor + PGP active)
We have no IP address associated with your account — we only ever saw a Tor exit node. Your messages are PGP-encrypted and unreadable without your private key, which we never hold. We have nothing useful to provide.
⚠️ If you ignored our warnings
If you connected without Tor, your IP was logged — the security dashboard warned you about this every single time you logged in. If PGP was disabled, message metadata may be readable.
We don't hide this. That is the entire point of the dashboard.
📋 Our position
We cooperate with law enforcement when legally required. We are not a service designed to facilitate illegal activity. We are a service designed so that users who follow our guidance have nothing to fear — because there is nothing to hand over.
We actively warn users when their configuration leaves data exposed. If a user chooses to ignore those warnings, that is their decision and their responsibility.
Ready to see your security status?
Create a free account and see the dashboard for yourself.
No phone number. No personal data. Ready in under two minutes.