Summary
addy.io has passed an independent security audit conducted by Securitum. The audit included a web application penetration test and a source code audit. No significant vulnerabilities were identified during testing, and the 2 low-risk issues that were found have been fixed.
Full report: https://addy.io/addy-io-security-audit.pdf
Looks interesting, but I’d be too afraid of the service going under in the future.
-
Some people have suggested using your own domain with addy’s service. If the service goes under, you can switch to another provider.
-
SimpleLogin is now under ProtonMail. This is probably a more assured service, but putting all your eggs in one place may not be a good idea either.
-
Why do you say that?
#AnonAddy has a killer feature that no other mail forwarder has: you give it your PGP public key and it will encrypt every msg to you, thus ensuring that your ESP does not see the contents.
I also like how addy.io ops are securely reachable at their protonmail address. The competition is an embarassment in this regard. When there was a security issue with erine.email, there was no secure way to reach the operator. I would have had to submit to twitter or some other tech giant, naked without encryption.
I would love to know how much a security audit like that costs.