Lavabit: Encode Your Emails

UPDATE: Lavabit has now shut down, due pressure from the US government.

To avoid to possibility of having your email hacked into or continuous monitored, you must choose an email provider that does not have access to your emails.

Lavabit is an email provider who’s system is designed to so that even the Lavabit administrators can’t read your e-mail. This is possible because your email is encrypted before it leaves your computer. Lavabit offers free accounts with 1024 MB of storage, and paid account for $8 or $16 per year. Only the paid accounts are encrypted however. You can access your email via a web browser interface, POP or IMAP.Here’s how the company explains the system:

The secure mail storage process uses asymmetric encryption to ensure the privacy of messages while being stored on the Lavabit servers. Asymmetric encryption is a process that uses public key and private key encryption to make messages unreadable without knowing a user’s plaintext password. Presently we use Elliptical Curve Cryptography (ECC) with 512 bits of security to encrypt messages. The private, or decryption, key is then encrypted with a user’s password using the Advanced Encryption Standard (AES) and 256 bits of security. The result is that once a message is stored on our servers in this fashion, it can’t be recovered without knowing a user’s password. This provides a priceless level of security, particularly for customers that use e-mail to exchange sensitive information. You can learn more about our asymmetric encryption technology by reading our white paper on the subject.

Countermail is another private email provider we recommend.


  1. L says

    Lavabit has no problems about stuffing your IP and DNS info into the header even if you are using their web interface to send mail. Not even msn or gmail do that.

    • M says

      If you think that Google doesn’t stuff your IP and/or DNS info into the header, you’re in for a shock.

      MSN doesn’t appear to do this, and I agree that I should be able to expect more from Lavabit than that. I don’t see why my IP should be given to every single person who receives emails from me. Spammers don’t do this, and they don’t have to. So why should I?

  2. Markus Knott says

    Lavabit doesn’t seem to relish dealing with folks who come to register with ’em via the Tor system. Keeps fobbing the registration off with a message that “we have had problems from that address before.” then invoking a snipe hunt message offer that is an undisguised snoop. Not much impressed, me….

Leave a Reply

Your email address will not be published.