Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Bmail - Confused

LEBUserJoeLEBUserJoe Member
edited May 24 in General

Bmail.ag i’ve seen it pop up on the ad’s page here and it made me curious and was even tempted to buy but don’t you think it’s minimum misleading or if not completely false?

"Proton Mail, Tutanota, and others encrypt your stored email. That is genuinely useful. But they all share the same fundamental limitation: when an email arrives from Gmail, Outlook, or any external sender, it hits their servers as plaintext SMTP. The provider's software processes that plaintext before encrypting it at rest.

This means the provider's servers, and by extension the provider's employees, the provider's hosting infrastructure, and anyone who compromises that infrastructure, have a window where they can see your mail. The promise is that they won't look. But the architecture does not prevent it.

bmail eliminates that window entirely. Incoming mail never touches a normal server process. It enters an SGX secure enclave directly, where the TLS connection terminates inside hardware-isolated memory that no one, including bmail, can access. This is not a policy. It is a physical constraint enforced by the CPU.”

This is one of there core quotes on there front-page which is highly misleading. If any machine of this nature in this manner incluidng bmail’s anyone with “compromised” machine could simply change route of SMTP mail and receive in plain text, existing email MAY be secure, but they don’t make such distinctions.

Then there’s this one

"Your IP never reaches
our backend or our staff
Most encrypted services protect your message contents but still log your IP, fingerprint your browser, and hand the URLs you click to their analytics. bmail terminates your traffic inside an SGX enclave the staff can't snapshot — so the privacy story doesn't end at the message body.”

Again another entirely false statement? not logging sure but to claim my IP magically never touches there infrastructure at any level loadbalancer, web server etc is bizarre claim?

I’m not sure, interested in opinions as I’m never against a new mail provider but don’t want to buy into a AI project and rely on it, if it’s not here long-term.

e.g how do you salt IP’s if IP’s never touch your infrastructure?

"Rate limiting without retaining IPs

Signup throttles use a count-min sketch keyed by salted SHA-256 of the IP. The salt rotates daily, the sketch resets on window boundaries, and no individual IP is ever persisted. We can stop floods without remembering who you are."

Thanked by 1NameBig

Comments

  • LeviLevi Member

    If company states one and there is no independant third party audit - asume it is all lies.

  • MurvMurv Member, Megathread Squad

    But hey, you can get great emails such as [email protected]

    Thanked by 3MannDude RIYAD tux
  • the_doctorthe_doctor Member

    @LEBUserJoe said:
    Bmail.ag i’ve seen it pop up on the ad’s page here and it made me curious and was even tempted to buy but don’t you think it’s minimum misleading or if not completely false?

    "Proton Mail, Tutanota, and others encrypt your stored email. That is genuinely useful. But they all share the same fundamental limitation: when an email arrives from Gmail, Outlook, or any external sender, it hits their servers as plaintext SMTP. The provider's software processes that plaintext before encrypting it at rest.

    This means the provider's servers, and by extension the provider's employees, the provider's hosting infrastructure, and anyone who compromises that infrastructure, have a window where they can see your mail. The promise is that they won't look. But the architecture does not prevent it.

    bmail eliminates that window entirely. Incoming mail never touches a normal server process. It enters an SGX secure enclave directly, where the TLS connection terminates inside hardware-isolated memory that no one, including bmail, can access. This is not a policy. It is a physical constraint enforced by the CPU.”

    This is one of there core quotes on there front-page which is highly misleading. If any machine of this nature in this manner incluidng bmail’s anyone with “compromised” machine could simply change route of SMTP mail and receive in plain text, existing email MAY be secure, but they don’t make such distinctions.

    Then there’s this one

    "Your IP never reaches
    our backend or our staff
    Most encrypted services protect your message contents but still log your IP, fingerprint your browser, and hand the URLs you click to their analytics. bmail terminates your traffic inside an SGX enclave the staff can't snapshot — so the privacy story doesn't end at the message body.”

    Again another entirely false statement? not logging sure but to claim my IP magically never touches there infrastructure at any level loadbalancer, web server etc is bizarre claim?

    I’m not sure, interested in opinions as I’m never against a new mail provider but don’t want to buy into a AI project and rely on it, if it’s not here long-term.

    e.g how do you salt IP’s if IP’s never touch your infrastructure?

    "Rate limiting without retaining IPs

    Signup throttles use a count-min sketch keyed by salted SHA-256 of the IP. The salt rotates daily, the sketch resets on window boundaries, and no individual IP is ever persisted. We can stop floods without remembering who you are."

    signed up out of interest but can't send mails to my new bmail address and there doesn't seem to be a support... also if you pay it's unclear how much storage you get:

    Your message could not be delivered for more than 3 hour(s).
It will be retried until it is 2 day(s) old.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: TLSA lookup error for smtp.bmail.ag:25
Reporting-MTA: dns; domain.com
X-Postfix-Queue-ID: EC5607E0EE
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sat, 23 May 2026 13:14:32 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: delayed
Status: 4.7.5
Diagnostic-Code: X-Postfix; TLSA lookup error for smtp.bmail.ag:25
Will-Retry-Until: Mon, 25 May 2026 13:14:32 +0200 (CEST)
  • luckypenguinluckypenguin Member

    From:
    https://vp.net/l/en-US/about

    MARK KARPELÈS
    Chief Protocol Officer

    Former CEO of Mt. Gox — the world's first and largest Bitcoin exchange. Deep expertise in distributed systems at scale.

    Also: Deep expertise in mass exit scam :smiley:

    Thanked by 8tentor NameBig LEBUserJoe sillycat Murv gbzret4d the_doctor AudioDoge
  • LEBUserJoeLEBUserJoe Member

    @the_doctor said:

    @LEBUserJoe said:
    Bmail.ag i’ve seen it pop up on the ad’s page here and it made me curious and was even tempted to buy but don’t you think it’s minimum misleading or if not completely false?

    "Proton Mail, Tutanota, and others encrypt your stored email. That is genuinely useful. But they all share the same fundamental limitation: when an email arrives from Gmail, Outlook, or any external sender, it hits their servers as plaintext SMTP. The provider's software processes that plaintext before encrypting it at rest.

    This means the provider's servers, and by extension the provider's employees, the provider's hosting infrastructure, and anyone who compromises that infrastructure, have a window where they can see your mail. The promise is that they won't look. But the architecture does not prevent it.

    bmail eliminates that window entirely. Incoming mail never touches a normal server process. It enters an SGX secure enclave directly, where the TLS connection terminates inside hardware-isolated memory that no one, including bmail, can access. This is not a policy. It is a physical constraint enforced by the CPU.”

    This is one of there core quotes on there front-page which is highly misleading. If any machine of this nature in this manner incluidng bmail’s anyone with “compromised” machine could simply change route of SMTP mail and receive in plain text, existing email MAY be secure, but they don’t make such distinctions.

    Then there’s this one

    "Your IP never reaches
    our backend or our staff
    Most encrypted services protect your message contents but still log your IP, fingerprint your browser, and hand the URLs you click to their analytics. bmail terminates your traffic inside an SGX enclave the staff can't snapshot — so the privacy story doesn't end at the message body.”

    Again another entirely false statement? not logging sure but to claim my IP magically never touches there infrastructure at any level loadbalancer, web server etc is bizarre claim?

    I’m not sure, interested in opinions as I’m never against a new mail provider but don’t want to buy into a AI project and rely on it, if it’s not here long-term.

    e.g how do you salt IP’s if IP’s never touch your infrastructure?

    "Rate limiting without retaining IPs

    Signup throttles use a count-min sketch keyed by salted SHA-256 of the IP. The salt rotates daily, the sketch resets on window boundaries, and no individual IP is ever persisted. We can stop floods without remembering who you are."

    signed up out of interest but can't send mails to my new bmail address and there doesn't seem to be a support... also if you pay it's unclear how much storage you get:

    Your message could not be delivered for more than 3 hour(s).
It will be retried until it is 2 day(s) old.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<[email protected]>: TLSA lookup error for smtp.bmail.ag:25
Reporting-MTA: dns; domain.com
X-Postfix-Queue-ID: EC5607E0EE
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Sat, 23 May 2026 13:14:32 +0200 (CEST)

Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: delayed
Status: 4.7.5
Diagnostic-Code: X-Postfix; TLSA lookup error for smtp.bmail.ag:25
Will-Retry-Until: Mon, 25 May 2026 13:14:32 +0200 (CEST)

    Don’t want to be wrong but with the heavy AI UI design, and writing on the home-page wouldnt shock me if entire codebase is a few claude prompts

  • LEBUserJoeLEBUserJoe Member

    @luckypenguin said:
    From:
    https://vp.net/l/en-US/about

    MARK KARPELÈS
    Chief Protocol Officer

    Former CEO of Mt. Gox — the world's first and largest Bitcoin exchange. Deep expertise in distributed systems at scale.

    Also: Deep expertise in mass exit scam :smiley:

    Well I was already leaning to a no after reading there page, knowing this it’s a F*** no, cant believe they associate with such people, and even worse use it as logic for “trust” of there services. Funny.

  • totally_not_bannedtotally_not_banned Member

    You basically already figured it out @OP. Lot's of big words with very little substance. Basically just bullshit bingo in the hope of impressing somebody enough to hand over money.

Sign In or Register to comment.