1. Where can I upgrade my account or buy premium services?
Login to your account, click on "Buy premium services" in your left menu*. If your account have expired you will be automatically redirected to the Order page after you entered the correct username and password. When you buy premium subscriptions, your premium time will be added to your account expire date, you can find the expire date under Settings / Personal information. You will be notified, by email, of a pending expiration 10 days before your account's expire date. A second email will be sent to you 3 days before the expire date.
*=if you already have a premium account, you should click on "Add/Renew services" in the left menu.
2. What payments do you accept?
-Credit card or prepaid-cards/gift cards* (based on VISA or Mastercard)
-Wire transfer (bank transfer)
In early 2013 we are going to add BitCoin as a payment option.
We do not accept MoneyGram, WesternUnion or Cash-payments.
* = if you are using a gift card or prepaid card, make sure it's valid for international payments.
Also see our FAQ #50: How do I pay anonymously?
3. What's the cost for your service?
You can find our prices here.
. If you want to see the prices in your local currency, you can use this converter
. Our prices are in USD (american dollars), tax included.
4. I'm using MacOS and I can't read encrypted email?
- Make sure you use Safari
-You may test your java here:
- Make sure you have the correct applet setting, start Finder, press Shift + Command + U and klick on "Java Preferences". Select "In their own process [x]" under the General-tab, see picture here
. Also restart your web browser.
- Try updating your Java version, using Apple software update
- If you are using MacOS version 10.7.x you need to install this:http://support.apple.com/kb/DL1421
5. I can only login once, the next time I don't get any login window?
If you are using the web browser FireFox, version 3.6.14, you may have trouble with the login. This problem is caused by a bug in FireFox. If you restart the web browser you will be able to login again. This bug was not present in Firefox version 3.6.13.
6. I can't login with Internet Explorer 9?
You need to update your Java version to 1.60.24, or newer. Please go to http://www.java.com
7. How do I know that the Java applet is correct?
You can validate the CounterMail-Engine, our Java applet, by looking at the information window you see the first time you register or login to your account. You will be notified by a popup window that informs you about our Java-applet.
This is how it should look like on Windows (you may have another language on your computer),
you should click Run on this.
If you for some reason get a window where it says:
"The digital signature cannot be verified by a trusted source..." (look at the picture below), then it's not correct, do not accept this, click on Cancel and contact us.
Incorrect (this could only happen if someone created a fake one!)
Where are soon going to add pictures for MacOs and Linux.
If you are familiar with cryptographic hashes you can always find them here:
8. Can I send email to anyone using CounterMail?
Yes, CounterMail works just like a regular web email account, like Hotmail and Gmail, but with more security and privacy features.
9. Can I send encrypted email to anyone using CounterMail?
Both Yes and No, sending encrypted email is easiest between two CounterMail users. When email is sent between CounterMail users, the encryption is seamless and exactly like regular email use.
If you send email from a CounterMail account to a regular email account, like Hotmail, the text will not be encrypted, but it will still be digitally signed with you public key and your IP-address will always be anonymous. If you send email to a person that have a public PGP/OpenPGP-key you can first import his/her key and then the email will be encrypted automatically, or if that person uses another OpenPGP email provider, like Hushmail or Cyber-rights, it will also be encrypted.
10. How do you handle unencrypted email?
If you receive or send an unencrypted email (like Hotmail or Gmail), it will be encrypted with your public key when our server detects the unencrypted email. Attachments will also be encrypted. Our detection script is scheduled to run every hour, every day. The unencrypted email will be securely overwritten when the new encrypted copy is finished. If you want to disable this script from running on your folders, go to Settings / Folder Preferences / and uncheck "[x] Enable encryption on plaintext email". This will decrease the security , since all non-PGP emails will be stored on our servers in unencrypted form.
11. Where can I change my password?
You can change your password under Settings/Personal information, then click on the button [Password]. Keep in mind that if you change your password, a new IMAP-key will be generated. The IMAP-key is used in external email clients, like ThunderBird, or if you use an email client in your mobile.
12. Can I send email from a local client like Thunderbird, Outlook or Apple mail?
Yes, but we can only guarantee full support with Thunderbird. For premium members we have an IMAP server (incoming mail) and an SMTP server (outgoing mail) that you can use.
For mobile devices see FAQ#24
For Apple Mail, see http://www.gpgtools.org/
, currently GPGMail
do not work with MacOS 10.8.x but they are working on a fix. Otherwise it's the same settings as below.
You must first install ThunderBird and EnigMail
In ThunderBird, go to the Tools menu -> Account settings -> Account actions -> Add account, enter your name and email address, but do not enter your "password", click [Continue], click [Manual config], then see the following picture
for IMAP settings:
We also recommend using character encoding UTF-8 in Thunderbird:
Go to Tools menu -> Options -> Display -> Formatting -> [Advanced] under Character Encoding, change Outgoing & Incoming Mail to Unicode (UTF-8). Click Ok and Ok again.
Export & Import your keys into EnigMail
- Go to Settings / Personal Information
- If you use our USB-key you must deactivate it now by clicking [Remove USB], otherwise you can continue to 3. If you have more than one USB-key activated on your account you must de-activate them all
- Click [Show keys] and enter your password (the keys will now be exportable)
- Click [Save PrivKey] and save it on your computer, default filename is "privkey.asc"
- If you use our USB-key you must Activate it now by clicking [Activate USB], otherwise you can continue to 5. if you have more than one USB-key activated on your account you must activate them all
- Click on [Contacts] at the top menu, select the keys you want to export and click on [Export keys], save the file (pubkeys.asc) on your computer
- From ThunderBird, go to menu OpenPGP -> Key management
- From Key management window, menu File -> Import keys from file, browse to your local "pubkeys.asc" file
- From Key management window, menu File -> Import keys from file, browse to your local "privkey.asc" file, you will now be asked for a password, use your normal password
MS Outlook uses the same settings as Thunderbird, except the authentication type, which must be Plain/Normal (non-encrypted password). To get this plain text key you must contact us. Outlook 2007-2010 do not have any good free PGP plugin, so you will not be able to read encrypted email. The commercial application Symantec PGP Desktop have a plugin for Outlook.
|Incoming IMAP-server:||Outgoing SMTP-server:|
|IMAP: imap1.countermail.com||SMTP: imap1.countermail.com|
|Auth type: Cram-MD5 (Encrypted password)||Auth type: Cram-MD5 (Encrypted password)|
|Security: "SSL/TLS" on port 993||Security: "SSL/TLS" on port 465|
|Username: email@example.com (lowercase)||Username: firstname.lastname@example.org (lowercase)|
|Password: your IMAP-key* (not your password)||Password: your IMAP-key* (not your password)|
|Picture with the settings||Picture with the settings|
*Your IMAP-key can be found under Settings / Personal Information by clicking [Show keys], you can then copy and paste it into the account settings. The IMAP-key is always 32 characters long.
If you change your password, or activate a USB key, a new IMAP-key will be generated and you need to update the password-field with the new IMAP-key, in all your external mail clients, like Thunderbird or mobile devices.
13. What personal information is required when I sign up?
We don't ask for any personal information when you sign up for a CounterMail account, some will be required if you choose to purchase services by credit card. Countermail store your payment information for 14 days, after this period they are automatically deleted.
14. What happens when my account expires? When will it be deleted?
If your account have expired, all new emails will bounce and the sender will get a notification email that his/her email did not reach the recipient. Expired Trial accounts will be automatically deleted 12 months after
the expire date. Your account will remain intact until it is deleted. Premium accounts will be deleted 2 years after the expire date. Expired Domain accounts will not be deleted automatically, the domain administrator have to do this.
15. Can I delete my private key from your server and store it on my own computer?
Yes, go to Settings/Personal Information and click on [Delete Privkey]. For security reasons you will get a window asking for your password, after you entered the correct password, you will be asked where you want to store your private key, select location and Save. Keep in mind that if you lose your private key, all your email data will be lost.
16. Why do I get the error message: "Could not store path!"?
In most cases, this is caused by some firewall on your computer which is blocking our Java applet for outgoing traffic. Try to disable your firewall temporarily to see if it helps.
17. Can I use my CounterMail-account with email forms on my homepage?
Yes, if you have a premium account. Read more here
18. What web browsers do you support?
Our webmail works with most web browsers. However we recommend using FireFox, and FireFox also have our higest priority. You also need Java version 1.40 or newer, but version 1.6.x is recommended, www.java.com
19. Can a Hushmail or Cyber-Rights user send secure email to a CounterMail user?
Yes, but you must upload your public key to the Hush Key Server Network.See video on
1. Login to your CounterMail account and go to [Settings] -> Personal Information
2. On the Publickey row, copy the whole publickey text in the right column (see this example
3. Go to www.hushtools.com
4. Click on Key Management in the upper right meny
5. In the left menu, click on the option Upload a public key
6. Paste your public key in the text box indicated
7. Click on the dropdown box which says [Click here to check...] to select a UserID for your public key. Select your @countermail email, if you also want to use your @cmail.nu address you should repeat step 1-10 after you're finished with the @countermail email.
8. Click on the button [Click here to upload your public key]
9. You will shortly receive an email confirming upload of the public key. The instructions in that email must be followed.
10. The key will then be activated, and any email sent to you by a Hushmail user will automatically be encrypted.
20. How can I import mail from GMail/Hotmail?
Go to Settings / POP3 Fetch mail and Add a new server, use the following settings:
Alias: Short description (optional, not important)
Password: your password
Connection type: Use TLS
Store in folder: Select which CM-folder you want to download to
Leave mail on server: Check this if you want to delete the downloaded emails from Gmail's server
Click [Add server], select the Gmail server and click on [Import mail].
Same as GMAIL, except the two settings below:
21. How can I be sure that hackers cannot break into my email?
As long as you keep your password strong, safe and unique they won't be able to do that, however if you login to a computer that's infected with a virus or trojan, there is a chance that they could sniff your password. If you use our USB Key
increase the security to an even higer level, and make it much harder for trojans and viruses. You should also learn how to validate CounterMail
22. Does CounterMail have a cryptographic "back door"?
No, there is no cryptographic "back door" that provides access to CounterMail accounts. We can't pick an encrypted message off the server and read it. Your encrypted email can only be decrypted with your own secret passphrase and private key.
You can also analyze the OpenPGP packets, by copy and paste the raw email text on this web site: www.pgpdump.net
23. Can I access my account while using proxy connection or VPN?
It depends on your connection, If your connection changes the IP-address after you logged in, you will be logged out with an "invalid session" message. This is done to prevent session hijacking. The TOR network will cause problems since it is could change your IP-address during your session. You can disable the IP-protection under Settings / Personal Information and uncheck "Lock session to IP-address". Make sure that your VPN does not block Java, you can test your java here: www.java.com
24. Can I use your service on my mobile phone?
You can not use our normal webmail through a mobile, mobiles do not support Java applets. But many mobile have a built in email client. You need a premium membership to be able to use it on mobile phones. Click here for Android-instructions
. You can find more information about iPhone/iPad here
. Blackberry mobiles do not support secure password authentication, Cram-MD5 (sometimes called "Encrypted password"), you must use a special plain-password-key on Blackberry, email us if we should generate such key for your Blackberry, you still need premium membership.
25. Can I send mass-email/newsletters with your service?
We have these limitations when emailing:
1. Max 50 recipients/mail
2. Max 10 outgoing emails/120 seconds
3. All recipient must have approved to your newsletter*.
*If you send newsletters to email addresses that have not "opt-in" (been approved from the owner), it will be classified as Spam, and your account could be closed.
26. Is my Calendar encrypted?
Yes, your calendar is private and all textfields (event title & event text) is protected with strong OpenPGP encryption.
27. Are my Contacts encrypted?
Yes, your Contacts is private and all fields is protected with strong OpenPGP encryption.
28. What happens after the trial period ends?
Your account will be locked for 12 months until payment is done, nobody else can register the same name during this period. After 12 months without any payment it will be securely deleted.
29. How much email can I store?
Normally it's 250 megabytes, but you can buy more, please look at our Services-page
Our free-to-try accounts have a 3 megabyte limit.
30. How big attachments can I send/receive?
You can receive up to 20 megabytes in size for all users, including all attachments. You can send attachments of up to 16 megabytes. Our free accounts have a 2 megabyte limit for attachments.
31. What are the requirements for the USB-key?
Read more about the USB-key here: https://countermail.com/?p=keyfile
32. How does CounterMail handle attachments?
Attachments sent between CounterMail users are encrypted and transferred as normal text messages. All attachments is fully encrypted and secured between CounterMail or other OpenPGP users.
33. Does CounterMail offer digital signatures?
Yes, CounterMail will automatically sign sign email, messages and files. This allows CounterMail users to verify that the email received originated from the account listed in the address line of their inboxes. A digital signature lets the recipients of the email know who has sent a particular email.
34. Can non-CounterMail users verify my signature?
Yes, to verify such email, non-CounterMail users should:
1. Visit CounterMail at: https://countermail.com/?p=tools
2. Copy and paste the entire email into the form.
3. Click "Verify signature" and see the result.
This will assure non-CounterMail users that the message originated from the true owner of the indicated CounterMail address. It will also assure that the message contents have not been modified during transmission.
35. Is the encryption really secure?
Yes, 2048 bits OpenPGP is considered secure, even for government agencies, and if that changes we can increase to 4096 bits.
To the best of publicly available information, there is no known method which will allow a person or group to break OpenPGP:s encryption by cryptographic or computational means.
Our encryption is done locally on your computer, before anything leaves your computer, so if someone is listening on your internet connection, it won't lead to much. When you login to our web server your login name is encrypted with our public key, it's only our web server that can decrypt your login name, and our diskless web server do not store IP-addresses, so it's impossible to trace IP-addresses to a certain account. It does'nt matter if someone see's that your IP-address is connected to our web server, because the login name is still heavily protected. You can read more about our servers here
36. How can I forward emails?
See video on
37. How can I create an autoresponse message?
See video on
For pure email notifications see #49.
38. How can I create my own spam filter?
See video on
39. When I click on the Login button nothing happens? No login window appears
Make sure your Java is working: www.java.com
40. How do I add my friends public PGP key? (my friend is not using Countermail)
Go to Contacts and enter the e-mail address in the "E-mail" field and then paste the public key in the "Public key" field, click on Add Contact. If you got an error message, make sure the e-mail is included in the public key userID's. You can use www.pgpdump.net
to list the userID's.
41. When do my account expire?
You can find the Expire date under Settings / Personal Information. You will be notified by email of a pending expiration 10 days before your account expires. A second email will be sent to you 3 days before the expire date. You can buy premium services by clicking on "Buy premium services" in your left menu. If your account have expired you will be automatically redirected to the Order page. When you buy premium subscriptions, your premium time will be added to your expire date. Expired accounts will NOT be deleted directly, see FAQ#14
42. How do you handle court orders? What information can you provide them with?
Countermail will not accept an order from any organization or investigative agency that is outside Sweden. If we get a court order from the Swedish police, we can give them some account data, but most of the data is only available in encrypted form*. We don't log IP-addresses. We don't store account passwords. Since we are using end-to-end encryption, the encryption/decryption process will be done locally on the users computer, not on our servers, so there is no need for us to store passwords. The payment information for premium accounts is stored for 14 days.
*The following data is encrypted: email bodies, email attachments, your Private Key, all data under Contacts, all data in your Calendar and all POP3 information. The following data is not encrypted (in stored emails): Header-fields like From, To, Subject, Date, and Folder names. The reason for this is that the SMTP & IMAP protocols can not handle encrypted headers. We are going to add a feature to convert a whole folder to a database, all info in "database-folders" will be 100% encrypted. The disadvantage with a "database-folder" is that it will only be accessible from our web mail interface.
43. How do I block certain senders?
Add a new Message filter rule where you select the email addresses that you want to block. See this example
. If you have other filter rules you must move the blocking rule to the top of your filter list.
44. I have forgotten my password, can you help me?
45. How does your alias-function work? (email pseudonym)
Read more here: https://countermail.com/?p=alias
46. How do I delete my account?
If you have a free Trial account, it will be deleted automatically after 12 months.
You can NOT delete a Trial account on demand. This is because we want to reduce the risk of false PGP-key exchanges or user identification.
If you have a premium account
(paid account), do this:
1. Login to your webmail account (you must login with our webmail interface)
2. Send a signed and encrypted email to email@example.com with the following text:
"I want to permanently delete my account "firstname.lastname@example.org" and all its contents.
I understand that this action is permanent and irreversible."
47. What are the password requirements?
The length must be minimum 7 characters and maximum 128 characters, it's UTF-8 so you can use special characters and characters from almost any language.
48. Can I use my own domain with Countermail?
Yes, if you have your own domain, you can transfer all email handling to our server.
We can not host web pages for your domain (A-record), we can only host the email handling (MX-record).
- You can't register domains through us, you must first do this through a domain registrar
- To be able to use a domain account you must first have a premium account
- You purchase the domain option the same way you purchase premum services
- You can purchase multiple domains to a single premium account
The price for using your own domain is a $10 one-time setup fee per domain.
If you want different logins (separate accounts with separate Inboxes) you need to purchase one premium account per login. We have discounts if you buy 5 premium accounts (or more), contact us for these discounts.
As a domain administrator, you can:
-Create unlimited aliases
for your own domain, e.g email@example.com
-View status or your accounts
Before we can receive mail for your domain, you will need to configure the MX records. Mail Exchanger (MX) records are the part of DNS records
which direct email to specific email servers. You can change these through your web host or domain registrars control panel. The MX records for CounterMail is:
Mail server name: db1.countermail.com
Priority level: 10
You should remove all other MX-pointers for your domain, only keeping the above. Changing the MX records will not affect your existing web
hosting. It is not necessary to point other DNS records (e.g. A records) to a different IP address, or to transfer existing web hosting.
Please note that you must log out and log in once before the domain will be visible on your account.
These are the steps you need to do after the domain option purchase:
1. Log out from your account and log in again
2. Go to Settings / Personal Info and add all domain aliases you
have on your domain
3. Change the MX record in your domain registrars control panel
Now you have to wait until the MX-change is finished on your
DNS-servers, depending on the DNS-cache, it could take a few hours.
If you have a separate domain account, you must login with name: "firstname.lastname@example.org".
49. How do I activate new email notification?
See this page: https://countermail.com/?p=mailnotify
For more advanced filter functions see #37.
50. How do I pay anonymously?
Here are some alternatives:
Buy a prepaid VISA/Mastercard (sometimes called Giftcard)
NOTE! Before you buy such a card, make sure it's valid for international payments! The Nordic countries have a card called SpendOn
, but other countries may have simliar cards.
Do a cash wire transfer (bank transfer)
Go to an exchanger or bank office that can do cash wire transfers, some examples:
Nordic countries - ForEx
USA - TravelEx
Use your own credit card, PayPal or LR account
and avoid sending any sensitive emails for the first 14 days! These are the instructions for this:
1. Login to your account and click on "Buy premium service" in the left menu, if your account already have expired you will be automatically redirected to the order page.
2. Select your premium time on the order page, select payment method, go to next page, enter name and other info and go to the checkout page. Make sure you don't enter your main Countermail-account email in any email field, but you can enter your Countermail member-alias in the email fields, it will look something like "email@example.com".
3. After the payment is done, you will be redirected back to our activation page, this is the only place where you should enter your main Countermail-account name.
4. Login to your account and check that is was upgraded, you can do this by going to Settings/Personal info and check the expire date.
5. Select your memberXXXX alias on the same page (Settings/Personal info), delete it by clicking [Delete]. The next time you login, you will have a new random member-alias generated, this is ok.
We only store payment info for 14 days, after this period there will be no link between your payment and the account you purchased, as long as you don't enter your main Countermail-account email on the Checkout page.
51. How do I send an email?
Click the [New mail] button at the top. See the following page for information about the Compose window:
52. What is the Safebox?
It's a password manager. Read more here.
53. Why must you use java for end to end encryption?
So there is no alternative for web browser based encryption. Regarding the security with Java read more here
54. How do I add a non-Countermail public key?
1. Select and Copy the public key text into clipboard (memory):
If the key is attached as a file, you must first download it from the email and then open the file with some text editor, like Notepad or Wordpad.
2. Click on the "Contacts"-button in the upper menu
3. Enter the email address in the E-mail field, the email must be connected to the public key*
4. Paste the public key into the Public key-field
5. Click on [Add contact]
*=You can use www.pgpdump.net
to see the email addresses connected to the public key