How Secure Email Works
End-to-End Encryption and PGP Keys
To send and receive end-to-end encrypted email, users enable encryption in their account settings
and generate PGP keys using the built-in key manager. These keys allow you to decide exactly who
you trust to exchange encrypted messages with.
Only the intended recipient can decrypt an end-to-end encrypted message. This is the only way
to be certain that email content remains private from sender to recipient. In the early days of
encrypted email, users exchanged keys in person to verify identity. Today, managing your own
PGP keys allows secure communication with users on any email platform that supports OpenPGP.
Where i3.net Fits In
Encryption is fundamental to i3.net email. All connections to our servers are encrypted,
and all data associated with your account is encrypted at rest. Access to your email,
contacts, and calendar requires your username and password—only you can decrypt your data.
We cannot read your mail. Our infrastructure and services are audited and designed to meet
or exceed modern security standards, except where those standards would require logging
user activity, which we do not do.
Using a VPN with Email
VPN providers always know your real IP address and the information you supplied at signup.
With i3.net, your IP address is masked by default. All email is sent and received from our
servers, not directly from your device. We do not collect personal information during signup.
What Is Encrypted—and What Is Not
In i3.net email, message bodies and attachments are fully encrypted and scanned for viruses
and malware, both inbound and outbound. Subject lines and sender/recipient addresses are
encrypted in transit but cannot be end-to-end encrypted, as they must remain visible for
email routing.
Never place sensitive information in the subject line.
Encryption in Transit (TLS)
Nearly all modern email providers encrypt email in transit using TLS (Transport Layer Security).
i3.net supports TLS versions 1.2 and 1.3 to comply with HIPAA, NIST 800-53, and other
high-security environments.
Providers that rely on legacy TLS versions for outdated systems (such as Windows 7)
are not supported. These older protocols contain known vulnerabilities that can be exploited
by attackers.
Email to Governments, Corporations, and Organizations
Email sent to or from governments, corporations, and large organizations is typically encrypted
in transit but routinely scanned and stored by internal security systems. Privacy policy phrases
such as “to improve service,” “for training,” or “with partners” often indicate where email
content may be shared.
Some communications with government officials may be retained as public records.
What This Means in Practice
Virtually all email today is encrypted in transit, regardless of provider. However, most major
email providers can read the messages you send or receive, and organizations and governments
routinely monitor email on their systems.
i3.net cannot read your mail. Messages stored on our servers are encrypted,
and messages exchanged between i3.net users are end-to-end encrypted.
Sending Encrypted Email to Others
You can send end-to-end encrypted email to almost anyone by enabling encryption in settings
and generating your PGP keys. You control your keys and decide who you trust to exchange
encrypted messages with.
Encryption is optional on a per-recipient basis. You choose when and with whom your messages
are encrypted.