[bjoernd]

True. That's why you should use end-to-end encryption for your mail.

There's a reason I'm sceptical about these things: over here in Germany, the government is trying to establish a nation-wide email service (DE-mail) that is supposed to be so secure that you can even use it for government interaction such as filing your taxes. They even argue that they are using encryption to protect your mail. However, they explicitly say that encryption of course only happens between servers and that your email can of course be read on the servers, making all security useless.

This might not be the same as xfsmail, but it doesn't feel secure to me. In general I'm less worried about some random attacker trying to hack into the providers' servers than into provider employees reading my email.