The EU’s NIS2 directive entered enforceable national law across Member States from 17 October 2024, raising the floor on how providers handle user data — and pushing privacy buyers to compare EU encrypted-email services on architecture, not marketing copy. Mailfence, a Belgian OpenPGP suite operated by ContactOffice Group SA since 2013, is one of a small group of European services that pair client-side PGP keys with a real productivity suite (Mail, Calendars, Contacts, Documents, Groups) and standard IMAP/SMTP/CalDAV/CardDAV support. It is also a service whose free tier is too thin to live in and whose mobile UX trails Proton Mail. Here is what Mailfence does well, where it falls short, and who should actually pay for it.
Verdict in one line
Best for: privacy-conscious EU buyers who want client-side OpenPGP keys, a real suite (mail + calendar + contacts + documents + groups) and standard protocols (IMAP/POP/SMTP/CalDAV/CardDAV) under Belgian jurisdiction. Skip if: you want a free daily-driver mailbox, the slickest mobile UX in the category, or a bundled VPN/Drive super-app.
What Mailfence actually is
Mailfence is a paid (with a thin free tier) Belgian private email and productivity suite, launched in 2013 by ContactOffice Group SA — a Belgian company that has run hosted collaboration services since 1999. It uses OpenPGP with client-side key generation and storage, ships Mail, Calendars, Contacts, Documents and Groups in one account, and exposes standard IMAP/POP/SMTP plus CalDAV/CardDAV and ActiveSync.
A few things to fix in your head before reading the rest:
- Suite, not a single mailbox. Where StartMail is “email plus aliases” and nothing else, Mailfence ships a calendar, contacts, document storage and group-collaboration spaces inside the same account. It is closer to “private G-Suite-lite” than to a pure mail provider.
- Client-side OpenPGP keys. This is the most consequential design choice and the cleanest contrast with StartMail. Mailfence generates your private key in the browser, encrypts it locally with your passphrase, and stores the encrypted blob on its servers. The unencrypted private key never lives on Mailfence infrastructure. StartMail manages PGP keys server-side; Mailfence does not.
- Belgian jurisdiction. Mailfence is operated under Belgian and EU law. Belgium is one of the few EU Member States without a mandatory data-retention obligation for email providers — Mailfence highlights this in its public security materials, and it is the single sentence that most differentiates the company’s legal positioning.
- Standard protocols across the stack. IMAP, POP and SMTP for any mail client; CalDAV and CardDAV for any calendar/contacts client; ActiveSync for native push on iOS and Android; OpenPGP for end-to-end encryption with any PGP recipient. There is essentially no proprietary protocol lock-in.
- Native iOS and Android apps. Unlike StartMail, Mailfence ships its own mobile apps. The polish trails Proton Mail’s apps, but they exist.
When I plugged Mailfence into Thunderbird via IMAP, the setup was a five-minute job — paste server settings, generate an app password in the Mailfence web settings, mailbox loads. The PGP-in-browser flow takes longer to learn than StartMail’s server-managed equivalent, but you end up with a private key you actually own.
Pricing — and why the Free tier is a demo, not a plan
Mailfence offers a Free tier with 500 MB of email storage, 500 MB of document storage, one address and limited features — useful for evaluation, not for daily use. Paid tiers (Entry, Pro, Ultra) raise storage, aliases, custom-domain support, group features and business controls. Pricing varies by tier and billing period — verify the current numbers on mailfence.com/en/pricing as of your purchase date.
Plan structure (verify exact prices and storage on the Mailfence pricing page; numbers move):
| Tier | Email storage | Documents | Aliases | Custom domain | Best for |
|---|---|---|---|---|---|
| Free | 500 MB | 500 MB | 1 address | No | Evaluating the suite, low-traffic side mailbox |
| Entry / Personal | Mid GB range | Mid GB range | A few | Optional | Personal daily-driver |
| Pro | Larger GB range | Larger GB range | More | Yes | Power user wanting custom domain + groups |
| Ultra | Largest in lineup | Largest in lineup | Most | Yes | Small team, full collaboration features |
Three honest pricing observations:
- The Free tier is a demo. 500 MB of email and one address is enough to test the PGP flow, the calendar, the document storage and the apps. It is not enough to run a primary mailbox for more than a few weeks of normal traffic. Treat it as a 4–6 week evaluation, not a permanent home.
- Mailfence is generally cheaper than StartMail at equivalent storage. StartMail charges $59.95/year on renewal for a single 10 GB tier. Mailfence’s mid-tier paid plans typically come in below that for comparable storage, and the Pro/Ultra tiers add suite features (calendar, documents, groups) StartMail does not offer at any price.
- Mailfence donates a share of paid subscriptions to digital-rights non-profits including the EFF and EDRi, per its public statements. This is one of the few “ethics-as-positioning” claims in the encrypted-email category that has been on the record for years rather than weeks.
What Mailfence does well
Mailfence’s strongest selling points are client-side OpenPGP key management, a real productivity suite (mail + calendar + contacts + documents + groups), full standard-protocol support (IMAP/POP/SMTP/CalDAV/CardDAV/ActiveSync), Belgian/EU jurisdiction with no email data-retention mandate, and a long operating history under the same operator (ContactOffice Group SA, since 1999).
Client-side OpenPGP keys. This is the architectural headline. Mailfence’s PGP key generation happens in your browser; the private key is encrypted locally with your passphrase before it ever crosses the network, and the unencrypted key is never present on Mailfence servers. That is a meaningfully different trust model from StartMail, where keys live server-side, and from Hushmail, where the trade-off is similar to StartMail’s. For users whose threat model includes “what happens if the provider is compelled to hand over the keys,” Mailfence’s architecture is the cleaner answer in the OpenPGP-IMAP-suite category.
A real suite, not just a mailbox. Calendars (CalDAV), Contacts (CardDAV), Documents (in-account file storage), and Groups (collaborative spaces) ship in the same account. Compared to a single-purpose mail provider, that lets a small team put its calendar, address book and shared docs under the same Belgian jurisdiction without bolting on Google Workspace or Microsoft 365. Proton Mail bundles its own equivalents (Calendar, Drive); Mailfence is the cleaner pick when you want CalDAV/CardDAV exposed to third-party clients rather than Proton’s web-first experience.
Standard protocols across the stack. IMAP, POP and SMTP for any mail client (Thunderbird, Apple Mail, Outlook, K-9 Mail, eM Client, Mimestream). CalDAV and CardDAV for any calendar/contacts client. ActiveSync for native push on iOS and Android. OpenPGP for interoperable end-to-end encryption with any PGP correspondent. No proprietary protocol lock-in — if you ever leave Mailfence, you take your data and your workflow with you.
Belgian jurisdiction with no data-retention mandate. Belgium has no general legal obligation forcing email providers to retain user data — a non-trivial differentiator inside the EU, where most Member States have at least partial retention rules in transposed form. Combined with EU GDPR protection and Mailfence’s published policy of challenging unjustified legal requests, the jurisdiction story is one of the strongest in the category for buyers whose threat model is commercial surveillance and routine legal overreach rather than nation-state attackers.
Operator history. ContactOffice Group SA has run hosted collaboration services since 1999 and Mailfence specifically since 2013. In a category where most “private email” services are under five years old, more than a decade of continuous operation by a known operator is a credibility signal you can verify with a Belgian company registry rather than just a marketing page.
Donations to digital-rights non-profits. Mailfence has long stated that a share of paid subscriptions goes to digital-rights organisations including the Electronic Frontier Foundation and European Digital Rights (EDRi). It is one of the few claims in the sector that pre-dates the current crop of marketing teams.
Where Mailfence falls short
Mailfence’s three most consequential limits are a Free tier too thin to use as a real mailbox, mobile apps that are functional but trail Proton Mail’s polish, and a UI that feels closer to a 2010s webmail than to a 2026 product. None of these matter once you commit to a paid tier and a desktop-first workflow; all of them matter if you are evaluating against Proton Mail on first impressions.
The Free tier is too small for daily use. 500 MB of mail storage and one address are enough to evaluate the PGP and suite flows for a few weeks. Heavy attachment users will fill it in days; even a low-traffic primary inbox will outgrow it within a quarter. If you are looking for a “free, sustainable, encrypted mailbox,” Proton Mail’s 1 GB free tier is more usable; Mailfence’s free tier is best understood as a structured trial.
Mobile UX trails Proton Mail. Mailfence ships native iOS and Android apps and supports ActiveSync for any third-party client, so you have working mobile email. The polish — onboarding, search responsiveness, push notification reliability, contact-picker design — is noticeably behind Proton Mail’s mobile suite. For mobile-first users, this is the single biggest day-to-day friction point.
The web UI feels older than the architecture. Mailfence’s web client is functional, complete and feature-dense, but the visual design and interaction patterns trail more recent webmail clients. If you live in a polished, modern UI all day, the Mailfence web app will feel utilitarian. The trade-off is real: the architecture and protocol support are the strongest in the EU PGP suite category; the surface design is not.
PGP onboarding has a learning curve. Client-side keys are architecturally cleaner, but they put more responsibility on you. You generate the key, you choose the passphrase, you back up the key, and if you lose both passphrase and backup, the encrypted mail is unrecoverable. StartMail’s server-managed model trades security guarantees for simplicity; Mailfence’s client-side model trades simplicity for security guarantees. Pick the one that matches your operational discipline.
No bundled VPN or Drive super-app. Proton Mail Unlimited bundles VPN, Drive, Wallet and Pass into one subscription. Mailfence is mail + suite; it does not pretend to be a privacy super-app. That is a feature, not a bug, for buyers who want a focused service — but it is the wrong purchase if you wanted to consolidate four privacy tools into one bill.
End-to-end is only end-to-end with PGP recipients. This is true for every PGP service and worth stating plainly: a message you send via Mailfence to a Gmail address is encrypted in transit and stored encrypted at rest, but it is not end-to-end encrypted because the recipient has no PGP key. End-to-end works only when both ends speak PGP. The Mailfence interface makes this clear; the architectural fact remains.
Mailfence vs Proton Mail vs StartMail
| Dimension | Mailfence | Proton Mail | StartMail |
|---|---|---|---|
| Free plan | Yes (500 MB mail + 500 MB docs, 1 address) | Yes (1 GB) | No (7-day trial) |
| Encryption architecture | Client-side OpenPGP keys, Belgian-hosted | Zero-knowledge, client-side keys | Server-managed PGP keys |
| Jurisdiction | Belgium (EU, no email data-retention mandate) | Switzerland | Netherlands (EU) |
| Suite scope | Mail + Calendar + Contacts + Documents + Groups | Mail + Calendar + Drive + Wallet + VPN (Unlimited) | Mail only |
| IMAP/POP/SMTP | Native | Bridge only | Native |
| CalDAV/CardDAV | Yes | No (proprietary) | No |
| ActiveSync push | Yes | No | No |
| Native iOS/Android apps | Yes (functional) | Yes (best-in-class polish) | No |
| Aliases on paid plan | Multiple, scales by tier | 10 short (Mail Plus) + SimpleLogin | Unlimited |
| Custom domain | Pro/Ultra | Plus and above | Included |
| Donations to digital-rights non-profits | Yes (EFF, EDRi, on the record) | No equivalent stated commitment | No equivalent stated commitment |
| Best buyer | EU privacy buyer wanting client-side PGP + suite + standard protocols | Privacy buyer wanting full super-app + best mobile apps | Desktop-first buyer wanting unlimited aliases + IMAP under EU law |
Choosing between the three rarely comes down to features in isolation. Mailfence wins specifically when you want client-side OpenPGP keys plus a real productivity suite plus standard CalDAV/CardDAV/IMAP exposure, all under Belgian jurisdiction, at a price that undercuts StartMail and skips Proton’s super-app bundle. Canary Mail targets a different layer entirely (encrypted desktop client, not encrypted provider) and pairs cleanly with Mailfence’s IMAP support if you want Canary’s interface over a Mailfence mailbox.
Who should actually pick Mailfence
Pay for Mailfence if client-side OpenPGP keys, a real suite (calendar/contacts/documents/groups) and standard protocols (IMAP/POP/SMTP/CalDAV/CardDAV) under Belgian/EU jurisdiction matter to you, and if you can live with mobile and web UI polish that trails Proton Mail. Skip Mailfence if you want a polished super-app, the best free tier in the category, or a mobile-first daily driver.
Buy if:
- You want OpenPGP with private keys you actually own, generated and encrypted client-side rather than managed by the provider.
- You want a real privacy suite (mail + calendar + contacts + documents + groups) inside one account under EU law.
- You already use a desktop email client (Thunderbird, Apple Mail, eM Client, Mimestream) and want native IMAP/SMTP plus CalDAV/CardDAV for calendar and contacts.
- You value Belgian jurisdiction and the no-email-data-retention positioning that goes with it.
- You appreciate the donation-to-EFF/EDRi commitment as a signal of operator philosophy.
Skip if:
- You want the slickest mobile email app in the privacy category — go to Proton Mail.
- You want a free tier large enough to live in long-term — go to Proton Mail or Tutanota.
- You want a privacy super-app bundle (VPN + Drive + mail) — go to Proton Mail Unlimited.
- You want unlimited aliases as the headline feature — go to StartMail.
- You want HIPAA-compliant email with a signed BAA for US healthcare workflows — go to Hushmail Healthcare (different buyer profile entirely).
- You want a polished modern desktop client experience first and a private provider second — pair Canary Mail or Thunderbird with any IMAP-friendly provider, including Mailfence.
Alexis Dollé, email expert for 10+ years. Founder of Email Tools. I test every email client and utility myself, then write about them the way I’d explain them to a friend — no marketing fluff, no sponsored rankings, every claim sourced.
LinkedInSources & references
- Mailfence — official product site, suite overview, operator (ContactOffice Group SA) and Belgian operating jurisdiction. mailfence.com
- Mailfence — pricing page, current Free/Entry/Pro/Ultra tier structure, storage, aliases and custom-domain rules. mailfence.com/en/pricing
- Mailfence — security architecture page, OpenPGP key generation, client-side key encryption, two-factor authentication and digital-signature support. mailfence.com/en/security
- Mailfence blog — product, security and policy posts (recent freshness signal). blog.mailfence.com
- European Commission — NIS2 Directive on cybersecurity in the EU (transposed into national law by Member States from 17 October 2024). digital-strategy.ec.europa.eu — NIS2
Frequently asked questions
Is Mailfence truly end-to-end encrypted?
Yes — Mailfence implements OpenPGP with private keys generated and stored client-side, encrypted with your passphrase before they touch the server. That is a stricter architecture than StartMail’s server-managed keys. The caveat: end-to-end only applies to messages you send to other PGP recipients with a known public key. Plain SMTP mail to non-PGP recipients is encrypted in transit and at rest, but not end-to-end.
Does Mailfence offer a free plan?
Yes. Mailfence’s Free tier includes 500 MB of email storage and 500 MB of document storage with one address — enough to evaluate the suite, but not to run a daily mailbox. Paid tiers (Entry, Pro, Ultra) raise storage, aliases and add custom domains, business features and group collaboration.
Where is Mailfence based and which law applies?
Mailfence is operated by ContactOffice Group SA in Belgium, under EU GDPR and Belgian data protection law. Belgium is one of the few EU jurisdictions with no mandatory data-retention law for email providers, which Mailfence highlights in its public positioning.
Does Mailfence work with Thunderbird, Apple Mail, or Outlook?
Yes. Mailfence supports IMAP, POP and SMTP for any standard mail client, plus ActiveSync for push sync to mobile, and CalDAV/CardDAV for Calendar and Contacts. It also ships its own iOS and Android apps for users who prefer native apps over generic IMAP clients.
How does Mailfence compare to Proton Mail?
Proton Mail wins on bundled extras (VPN, Drive, Wallet) and slick mobile-first UX. Mailfence wins on standard protocol support (IMAP/POP/SMTP/CalDAV/CardDAV), client-side OpenPGP keys you actually own, and a Belgian jurisdiction with no email data-retention mandate. Pick Mailfence if you want a real PGP suite that talks to Thunderbird; pick Proton Mail if you want a privacy super-app.
Does Mailfence donate part of subscriptions to non-profits?
Yes. Mailfence has a long-standing public commitment to donate a share of paid subscriptions to digital-rights non-profits including the EFF and the European Digital Rights initiative (EDRi). The exact percentages and recipients are listed on the Mailfence website.
Related: StartMail review 2026 — the closest peer EU PGP review, with the opposite key-custody trade-off (server-managed keys, unlimited aliases, no suite).