This FAQ section is created to provide a better understanding to XryptoMail users on the
application features and observed behavior. This section will continuously be updated as more inputs are
feedback from XryptoMail users.
Account Setup
What are the email access methods supported by XryptoMail?
Email account setup on XryptoMail may use either IMAP or POP pending your mail server
configuration and support.
IMAP - Internet Messaging Access Protocol allows you to access your email wherever you are,
from any device. When you read an email message using IMAP, you do not actually downloading or storing it on
your device; instead, you are reading it from the email service. As a result, you can check your email from
different devices, and anywhere in the world. IMAP only downloads a message when you click on it, and
attachments are not automatically downloaded. This allows you to check your messages a lot more quickly than POP.
IMAP also allows you to synchronise mail folders between your device and mail client on the web, so that you
see the same folders and messages wherever and however you access your email.
POP - Post Office Protocol is a very simple protocol that only allows downloading new
messages from your Inbox to your local computer. Generally, once transferred, the email are deleted from the
email server. This means that after the email is downloaded, it can only be accessed using the same computer.
If you try to access your email from a different device, the messages that have been previously downloaded won't
be available to you. Sent mail is stored locally on your device, not on the email server.
Differences at a glance
|
IMAP (Internet Messaging Access Protocol) |
POP (Post Office Protocol) |
| Flexibility |
Can view just message headers, then choose which messages to download. |
Have to download all new messages at once. |
| Delete or move a message without having to download it. |
Must download all messages. |
| Download only the body of a message. |
Must download entire message, including attachments. |
| Synchronisation |
View messages in various folders. |
Only view messages from Inbox. |
| Changes made via email client or webmail interface stay in sync. |
Once downloaded, changes can only be made on local email client. |
| Sent mail stays on the server so you can see it from any device. |
Sent mail is stored locally on your PC, not on mail server. |
| Access messages at home, work, and via web. |
Access messages only from a single device. |
| Safety |
All messages kept with multiple redundant copies on mail server |
Once downloaded, the messages exist only on your local device. If it crashes, all the messages are lost. |
What is OAuth2
OAuth2 is an open standard authorization framework that enables applications to obtain
limited access to user accounts on an HTTP service. It works by delegating
user authentication to the service that hosts the user account, and authorizing third-party applications
to access the user account informaton without giving them the passwords. OAuth 2 provides authorization
flows for web and desktop applications, and mobile devices.
Gmail uses OAuth2. If you disable 'Less secure apps' in Gmail Sign-in Security setting,
You must then use OAuth2 method for your Gmail account setup in XryptoMail.
XryptoMail Cryptography
Why is OpenPGP?
OpenPGP is a non-proprietary protocol
for encrypting email communication using public key
cryptography. It is based on the original PGP (Pretty Good Privacy) software. The OpenPGP protocol defines
standard formats for encrypted messages, signatures, and certificates for exchanging public keys.
As an
IETF Proposed Standard RFC 4880, OpenPGP can be
implemented and used by any individual without paying any licensing fees to anyone.
What is Autocrypt?
XryptoMail supports
Autocrypt Level 1 standard.
However only basic features for Autocrypt are implemented. Autocrypt aims to incrementally replace cleartext
email with end-to-end encrypted email. An Autocrypt-specific mail header is sent with each outgoing mail, which
contains among other information, the sender’s public key. Transferring public key in-band means that key
fetching in Autocrypt does not require external infrastructure like OpenPGP keyservers or x509 PKI.
Autocrypt Level 1 specification focuses on the use of Autocrypt on a single device. Users get rudimentary
support on using Autocrypt on more than one device or mail app. This is realized through sending and receiving
an Autocrypt Setup Message, secured by manually entering a long string of numbers.
What is Stealth Message?
Stealth message is an unique implementation for XryptoMail; whereby a received mail is
auto deleted after it has been read. An acknowledge mail is returned to the sender after the message is deleted.
When the recipient first opens a Stealth message, a 30-seconds timer starts to count down.
The message is deleted when this 30-second timer has elapsed. However if the recipient exits the message view
window before the timer timeout, XryptoMail will assume that the recipient has read the message and deleted
it if there is <10 seconds in the countdown timer. Otherwise the recipient may re-open the message to read
until 30-seconds timeout.
Note: Do not include any attachement in Stealth message as it can be accessed with
other mail client that supports openPGP.
General