💾 Archived View for gemini.circumlunar.space › users › laur%C3%AB › mail › cotse.gmi captured on 2023-12-28 at 16:20:07. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
A reader has made me aware of this one, and I think it's particularly good so I'm whipping out this review immediately. UPDATE: sorry, it seems I have missed important information - the service is worse than I thought. Read on:
First of all, their website is refreshingly simple and easy to navigate. Compare to something like Proton or Runbox with their huge fonts, random space inbetween, and deceptive slogans. Or Criptext, which doesn't even display anything without enabling JavaScript (Cotse's site has no scripts).
But let's move on to the stuff that actually matters, which is the service's inner workings. Cotse is a paid provider, and you must pay for half a year outright, which comes out to about 4 USD per month (similar to CounterMail). They do not accept bitcoin - but do cash by mail:
We do also accept checks, money orders, and cash sent by regular mail
This is the preferred option from an anonymity perspective. The privacy policy nicely tells advertisers to fuck off, and also admits they will fight any attempts to receive information. But what do they actually log?
And this is where Cotse's cracks begin to show. Their logging page starts with some information about how logging works and why an E-mail service can't operate without any. Cotse even nicely shows you what actual SMTP logs look like:
Nov 18 13:25:23 www mta[12345]: AUTH=server, relay=domain.com [127.0.0.1] (may be forged), authid=account, mech=<type auth="auth" of="of"> Nov 18 13:25:23 www mta[12345]: XXXmpe12345: from=, size=405, class=0, nrcpts=1, msgid=<messageid>, proto=ESMTP, daemon=TLSMTA, relay=domain.com [127.0.0.1] (may be forged) Nov 18 13:25:23 www mta[12346]: XXXmpe12345: to=, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=12345, relay=receivingmachine.domain.com. [receivingmachineIP], dsn=2.0.0, stat=Sent (iAIIPOAb089975 Message accepted for delivery)</messageid></type>
These appear to indicate that the customer IP address is not stored - as in, it's set to 127.0.0.1 (the localhost) and unable to identify you. Unfortunately, on another page, they admit that to be wrong:
- Login IP addresses and associated time stamps. (only available from last five days.)
This is the part that I've missed during the earlier review (a reminder to always dig deep!), and it kind of dooms Cotse. It's too bad, because I really thought I could compliment them on their honesty, but I can't now in good conscience (they're better than most in that department, though). The service is still good, but cannot now compare to the ones which do not keep your IP. Cotse does not store the contents of your messages:
None of our logs record the datastream, as in contents of the email
There are no backups, either:
Automatic backups can compromise your privacy because there is a backup to seize of something you deleted. For this reason we do not back up any user data, neither e-mail nor web space.
Which is actually the only privacy respecting option; thanks to this, you're ensured that after five days, no logs are left. Still, five days is kind of long compared to other services (e.g Disroot) which can manage with 24 hours somehow; but it's still better than what almost everyone out there is doing. E-mail clients are of course supported (if they weren't, I wouldn't even bother reviewing the service) - and you can download the E-mails using POP3, which will also delete them from the server. Lots of domains are available, including using your own. There are many spam filtering options, but you're not required to use any of them so there's no worry of E-mails being randomly rejected (like what Disroot does sometimes). Cotse also has an alias feature similar to RiseUp's:
We give you unlimited addresses in twenty domains plus unlimited addresses in any of your own custom registered domains. This is so you can give each place that requests an e-mail address its own custom address.
However, it does not work as well, because it reveals your real account in the alias:
For much of your email needs, you can create unlimited aliases of the form (alias)@(yourname).cotse.net, without the parentheses.
So, if someone visits Cotse's site and learns how the alias feature works, they can figure out that your main E-mail address is "yourname@cotse.net". Still, the feature should work well against bots. There's no Bible of banned things:
We have a zero tolerance for fraud, spam, harassment, theft, terroristic threats, cracking or DoS attacking other servers, or child porn.
This is less than what any other provider has. Anyway, summarizing: Cotse is a pretty expensive service with good quality. The main flaws are that it stores your IP address for five days and doesn't accept Bitcoin payments. Cotse has been around since 1999 so there's little danger of it going down. It's a good choice if you don't trust the commies - just remember to always use anonymizers when using it!