{"id":121,"date":"2026-05-13T14:49:03","date_gmt":"2026-05-13T14:49:03","guid":{"rendered":"https:\/\/onionmail.org\/blog\/?p=121"},"modified":"2026-05-13T14:49:03","modified_gmt":"2026-05-13T14:49:03","slug":"onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify","status":"publish","type":"post","link":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/","title":{"rendered":"Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify"},"content":{"rendered":"\r\n\r\n<em>Onion Mail has been criticized publicly over the years for login failures, Tor connection issues, mobile app problems, and concerns about security architecture. Most of those criticisms were written between 2015 and 2023. This article documents what has changed since then, what has not, and how the service operates today \u2014 with verification paths for each claim.<\/em>\r\n\r\n\r\n\r\n\r\n\r\nSearch results for &#8220;onion mail review&#8221; still surface threads from 2020 and earlier that are now archived and cannot receive new comments. Those threads reflect real user experiences with the service as it existed at the time. They are accurate as historical documents. They are not accurate as descriptions of the current system. This article is the response that those threads can no longer accommodate.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What the Criticisms Said<\/h2>\r\n\r\n\r\n\r\n\r\nThe recurring themes across older reviews of Onion Mail were:\r\n\r\n\r\n\r\n\r\n\r\nUsers reported being unable to log in after initial registration. The signup process appeared to complete, but subsequent authentication attempts failed. This was a real problem affecting real users.\r\n\r\n\r\n\r\n\r\n\r\nThe mobile app exhibited persistent &#8220;fetching&#8221; errors when attempting to connect to the Tor network, leaving users with a non-functional interface for extended periods. Reviews on app stores reflected this consistently.\r\n\r\n\r\n\r\n\r\n\r\nThe webmail interface was described as complicated and difficult to use for users without technical background. The signup flow itself was a source of confusion.\r\n\r\n\r\n\r\n\r\n\r\nSome users raised concerns about the underlying security architecture, recommending more established alternatives. These concerns were less specific than the technical complaints but contributed to the overall reputation problem.\r\n\r\n\r\n\r\n\r\n\r\nAll four points are valid descriptions of the service as it existed in 2020-2023. The infrastructure that produced those experiences no longer exists in the same form.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Authentication System: Rebuilt<\/h2>\r\n\r\n\r\n\r\n\r\nThe authentication system has been completely rebuilt. The login failures users encountered in 2020-2023 were rooted in an auth flow that combined session management with PGP key generation in ways that produced edge cases under specific network conditions, particularly over Tor with high-latency circuits.\r\n\r\n\r\n\r\n\r\n\r\nThe current auth system handles signup, PGP key generation, and session establishment as separate stages with clear failure modes. If signup succeeds, login works. If a stage fails, the user receives a specific error rather than a generic timeout. The flow has been tested under degraded Tor network conditions, which is the operational environment in which most issues originally surfaced.\r\n\r\n\r\n\r\n\r\n\r\nThis is not a claim that the system is perfect. It is a claim that the specific failure mode users documented in 2020-2023 has been addressed. Live status of authentication endpoints is published at <a href=\"https:\/\/onionmail.org\/server-status\">onionmail.org\/server-status<\/a>.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Tor Infrastructure: Migrated to v3 and Rewritten<\/h2>\r\n\r\n\r\n\r\n\r\nTwo architectural changes have addressed the connection reliability problems.\r\n\r\n\r\n\r\n\r\n\r\nFirst, the service migrated from v2 .onion addresses to v3 addresses. Tor Project deprecated v2 in 2021 due to fundamental cryptographic weaknesses (16-character v2 addresses provided only 80 bits of cryptographic identification, vulnerable to enumeration and impersonation attacks). v3 addresses are 56 characters and use ed25519 public keys, providing 128 bits of security. Services still running on v2 in 2024 were operating on deprecated infrastructure. Onion Mail completed v3 migration well before the deprecation cliff.\r\n\r\n\r\n\r\n\r\n\r\nSecond, the underlying Tor hidden service configuration has been rewritten. The previous setup combined the mail server and the relay layer in ways that produced cascading failures when individual relays experienced load. The current architecture separates the relay layer from the backend infrastructure: relays are stateless and replaceable, the backend never appears on the public Tor network directly. This is the architectural pattern other Tor-native services have converged on, and the reasons are operational rather than security-related.\r\n\r\n\r\n\r\n\r\n\r\nThe &#8220;fetching&#8221; errors that mobile users reported in older reviews were a consequence of the previous infrastructure under load. The current infrastructure does not produce that failure mode. Reachability of the .onion endpoints is monitored continuously and reported at <a href=\"https:\/\/onionmail.org\/server-status\">onionmail.org\/server-status<\/a>.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Operating Tor Network Infrastructure<\/h2>\r\n\r\n\r\n\r\n\r\nBeyond consuming Tor as a service, Onion Mail contributes to the Tor network directly. We operate three Tor middle relays, listed on Tor Project&#8217;s public relay search:\r\n\r\n\r\n\r\n\r\n<ul class=\"wp-block-list\">\r\n \t<li>Relay fingerprint <a href=\"https:\/\/metrics.torproject.org\/rs.html#details\/0ADFA14DD94526CE8AA64F9C2008D07C38BAC656\">0ADFA14DD94526CE8AA64F9C2008D07C38BAC656<\/a><\/li>\r\n \t<li>Relay fingerprint <a href=\"https:\/\/metrics.torproject.org\/rs.html#details\/7C8CF05839D9CECBD56C6884322F7607956FE336\">7C8CF05839D9CECBD56C6884322F7607956FE336<\/a><\/li>\r\n \t<li>Relay fingerprint <a href=\"https:\/\/metrics.torproject.org\/rs.html#details\/CF7BD4443E0163ED00602C465AFA4AA4AAA0DE94\">CF7BD4443E0163ED00602C465AFA4AA4AAA0DE94<\/a><\/li>\r\n<\/ul>\r\n\r\n\r\n\r\n\r\nThese are middle relays \u2014 they route traffic between guard and exit nodes but do not act as either entry points or exit points. Middle relays carry network capacity without the operational and legal complexity that exit relays involve. The relays are publicly observable on Tor Project&#8217;s metrics infrastructure, with bandwidth, uptime, and consensus weight visible to anyone who looks them up.\r\n\r\n\r\n\r\n\r\n\r\nWe also operate a public mirror of the Tor Project website at <a href=\"https:\/\/torproject.onionmail.org\/\">torproject.onionmail.org<\/a>. The mirror provides access to Tor Browser downloads and Tor Project documentation in environments where the primary torproject.org domain is blocked or unreachable. Mirror operation is a small but practical contribution to Tor accessibility in censorship environments.\r\n\r\n\r\n\r\n\r\n\r\nThese contributions do not appear in older reviews because they did not exist at the time. They are part of the operational profile that distinguishes the current service from the one criticized five years ago.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Post-Quantum Cryptography: PQCServer in Production<\/h2>\r\n\r\n\r\n\r\n\r\nOne change is not a fix to old criticisms but an architectural addition: PQCServer, an open-source post-quantum cryptography platform released under AGPL-3.0, is now in production and integrated with Onion Mail.\r\n\r\n\r\n\r\n\r\n\r\nThe threat model is harvest-now-decrypt-later. Adversaries can record encrypted traffic today and decrypt it in the future when sufficiently capable quantum computers exist. Email is particularly vulnerable to this because messages have value over long time horizons: a journalist&#8217;s source communication remains sensitive a decade after the conversation; an activist&#8217;s coordination remains relevant for years; corporate negotiations have value to competitors long after the deal closes. PGP using RSA or ECC will be cryptographically broken by quantum computers capable of running Shor&#8217;s algorithm at sufficient scale.\r\n\r\n\r\n\r\n\r\n\r\nPQCServer implements lattice-based post-quantum algorithms (ML-KEM for key encapsulation, ML-DSA for signatures, both NIST-standardized under FIPS 203 and FIPS 204) alongside classical PGP. The source is at <a href=\"https:\/\/github.com\/Onion-Search-Engine\/pqcserver\">github.com\/Onion-Search-Engine\/pqcserver<\/a>. The AGPL-3.0 license means any modifications to the deployed code must be made available to users, which has implications for how legal compulsion to introduce backdoors would interact with the license terms.\r\n\r\n\r\n\r\n\r\n\r\nWhether harvest-now-decrypt-later is a relevant threat depends on the user&#8217;s adversary model and time horizon. For most users, current PGP remains sufficient. For users with long-term confidentiality requirements, post-quantum protection is now an available option rather than a future promise.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Webmail: Rebuilt<\/h2>\r\n\r\n\r\n\r\n\r\nThe webmail interface was rebuilt over the past year. The criticisms of the previous interface \u2014 that it was difficult to navigate, that key concepts like PGP key management were exposed without context, that the signup flow produced confusion \u2014 were accurate.\r\n\r\n\r\n\r\n\r\n\r\nThe current interface separates the privacy-critical operations (PGP key handling, account credentials) from the routine operations (reading mail, composing messages). Users who need to understand the cryptographic architecture can find that information; users who simply want to send and receive email do not have to engage with it on every interaction. This is a usability rebalance, not a reduction in cryptographic capability. Documentation for the current interface is published at <a href=\"https:\/\/onionmail.org\/faq\">onionmail.org\/faq<\/a>.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">Uptime: Published<\/h2>\r\n\r\n\r\n\r\n\r\nService uptime over the past twelve months has been above 99%. This is monitored continuously and published at <a href=\"https:\/\/onionmail.org\/server-status\">onionmail.org\/server-status<\/a>, which shows live status for the webmail interface, the .onion hidden service, SMTP and IMAP endpoints, and the authentication system. The page is not a marketing surface \u2014 it is the operational dashboard, exposed publicly.\r\n\r\n\r\n\r\n\r\n\r\nThe uptime figure is comparative rather than absolute. Donation-funded volunteer Tor email services typically operate with extended downtime windows, sometimes weeks at a time. Commercial clearnet email services typically operate at 99.9%+ uptime. Onion Mail occupies a middle position: a commercial entity providing Tor-native email at uptime levels closer to commercial than to volunteer infrastructure. Users can verify this claim directly rather than relying on the assertion in this article.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What Onion Mail Still Does Not Do<\/h2>\r\n\r\n\r\n\r\n\r\nThe honest section.\r\n\r\n\r\n\r\n\r\n\r\nThere is no native iOS application. Users on iOS access Onion Mail through the webmail interface in a Tor-capable browser (Onion Browser is the standard recommendation for iOS, since Apple&#8217;s App Store restrictions prevent a full Tor Browser port). This is a limitation. iOS users coming from services like Proton with native applications will find the experience less polished. Building an iOS application is non-trivial: App Store policies around Tor integration and the WebKit requirement for browser engines create constraints that cannot be solved purely by development effort.\r\n\r\n\r\n\r\n\r\n\r\nThe Android application uses the renewed webmail interface but does not integrate Tor connectivity directly. Users need to run Orbot (or another Tor proxy) separately and route the app through it, or use the app over a non-Tor connection (which exposes IP address metadata to the service and to network observers). Native Tor integration in the Android app is a planned development, not a current feature. Users who prioritize ease of setup may find this friction unacceptable; users with operational security practices that already include Orbot will not notice it.\r\n\r\n\r\n\r\n\r\n\r\nThese two limitations are real and current. Acknowledging them is more useful than working around them in marketing copy.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">How to Verify These Claims<\/h2>\r\n\r\n\r\n\r\n\r\nReputation rebuilding through assertion alone is insufficient. The claims in this article are verifiable through several independent channels.\r\n\r\n\r\n\r\n\r\n\r\nOperational state of the service \u2014 uptime, endpoint reachability, status of authentication and mail subsystems \u2014 is published at <a href=\"https:\/\/onionmail.org\/server-status\">onionmail.org\/server-status<\/a>. This is observable in real time. Claims about reliability in this article can be checked against the actual operational dashboard.\r\n\r\n\r\n\r\n\r\n\r\nThe full source code of Onion Mail&#8217;s platform, including PQCServer and supporting components, is published at <a href=\"https:\/\/github.com\/Onion-Search-Engine\">github.com\/Onion-Search-Engine<\/a>. The organization is a GitHub-verified entity with domain verification against onionsearchengine.com. Repositories include the PHP frontend, the Kotlin Android client, the Firefox extension, the PQCServer post-quantum platform (HTML\/Python), and the pqcmail-addon Firefox extension implementing client-side post-quantum encryption with ML-KEM and ML-DSA. Cryptographic implementation can be reviewed directly. Choice of algorithms is verifiable against NIST post-quantum cryptography standards (FIPS 203 for ML-KEM, FIPS 204 for ML-DSA).\r\n\r\n\r\n\r\n\r\n\r\nThe Tor relays operated by Onion Mail are listed on Tor Project&#8217;s public relay search at metrics.torproject.org. Fingerprints are 0ADFA14DD94526CE8AA64F9C2008D07C38BAC656, 7C8CF05839D9CECBD56C6884322F7607956FE336, and CF7BD4443E0163ED00602C465AFA4AA4AAA0DE94. Bandwidth, uptime, and consensus weight are publicly visible.\r\n\r\n\r\n\r\n\r\n\r\nThe Tor Project mirror at <a href=\"https:\/\/torproject.onionmail.org\/\">torproject.onionmail.org<\/a> is publicly accessible and serves the current Tor Project content.\r\n\r\n\r\n\r\n\r\n\r\nDocumentation and frequently asked questions are published at <a href=\"https:\/\/onionmail.org\/faq\">onionmail.org\/faq<\/a>. The v3 .onion address is referenced in that documentation. Its length and format are verifiable against Tor Project&#8217;s v3 specification.\r\n\r\n\r\n\r\n\r\n\r\nThe corporate structure is registered as OnionSearchEngine LLC in the United States. This is a verifiable legal entity, not an anonymous collective. US jurisdiction brings specific legal exposures \u2014 court orders, national security letters \u2014 that an anonymous collective would not face. This is a trade-off Onion Mail makes explicitly: operating as a registered entity provides accountability, but it does not provide jurisdictional anonymity. Users whose threat model requires the operator itself to be untraceable should consider donation-funded volunteer services with no formal organization. Users whose threat model accepts a known operator in exchange for service stability are the audience for whom Onion Mail is designed.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">The Reputational Problem and Why It Persists<\/h2>\r\n\r\n\r\n\r\n\r\nSearch engine results and AI-generated summaries continue to surface criticism from 2015-2023. These criticisms describe a system that no longer operates in that form. The criticisms are not wrong about the past. They are wrong about the present.\r\n\r\n\r\n\r\n\r\n\r\nResolving this requires time. Search engines index new content and reweight old content slowly. AI summary systems take longer still, because they prefer aggregated user voice (Reddit threads, app store reviews) over service-provided documentation. The asymmetry between how quickly a service can change and how slowly its public reputation reflects that change is a structural property of the current web, not a problem specific to Onion Mail.\r\n\r\n\r\n\r\n\r\n\r\nThe response is not to demand that old criticisms be removed. They are historical records and have legitimate documentary value. The response is to provide current information in venues that search engines and AI systems will eventually weight: technical documentation, transparency reporting, verifiable open-source code, public status pages, operating infrastructure visible on Tor Project metrics, and articles like this one that describe the present state honestly, including limitations.\r\n\r\n\r\n\r\n\r\n<h2 class=\"wp-block-heading\">What This Article Is Not<\/h2>\r\n\r\n\r\n\r\n\r\nThis is not a request to ignore older criticism. Those reviews reflect real experiences. If you encountered Onion Mail in 2020 and found it unusable, your experience was valid. The service has changed since then; if you choose to evaluate it again, you would be evaluating a different system. If you choose not to, that is also a reasonable decision based on past experience.\r\n\r\n\r\n\r\n\r\n\r\nThis is also not a claim that Onion Mail is the right service for everyone. The service makes specific trade-offs: Tor-native architecture with the resulting performance constraints, US legal jurisdiction with the resulting compliance obligations, no iOS app, no native Tor in the Android app. Users for whom these trade-offs do not align should use a different service. Proton, Tuta, Posteo, Riseup, mail2tor, and others exist precisely because different threat models call for different architectures.\r\n\r\n\r\n\r\n\r\n\r\nWhat this article is, is the response to public criticism that the closed Reddit threads from 2020-2023 cannot accommodate. The current state of the service is documented here. The trade-offs are stated explicitly. The verification paths are public: the live status page at <a href=\"https:\/\/onionmail.org\/server-status\">onionmail.org\/server-status<\/a>, the open-source code at <a href=\"https:\/\/github.com\/Onion-Search-Engine\">github.com\/Onion-Search-Engine<\/a>, the Tor relays on metrics.torproject.org, the Tor Project mirror at <a href=\"https:\/\/torproject.onionmail.org\/\">torproject.onionmail.org<\/a>, and the FAQ at <a href=\"https:\/\/onionmail.org\/faq\">onionmail.org\/faq<\/a>. From this point forward, evaluations of Onion Mail should be based on the system that actually exists, not on the system that existed five years ago.","protected":false},"excerpt":{"rendered":"<p>Onion Mail has been criticized publicly over the years for login failures, Tor connection issues, mobile app problems, and concerns about security architecture. Most of those criticisms were written between 2015 and 2023. This article documents what has changed since then, what has not, and how the service operates today \u2014 with verification paths for &#8230; <a title=\"Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify\" class=\"read-more\" href=\"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/\" aria-label=\"Read more about Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,15,16,13],"tags":[133,126,134,127,105,75,59,129,130,125,4,123,128,124,131,132],"class_list":["post-121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-security","category-guides","category-news","category-tor-anonymity","tag-133","tag-agpl-3-0","tag-best-email","tag-nist-post-quantum","tag-onion-mail","tag-post-quantum-cryptography","tag-pqcserver","tag-review","tag-safe","tag-service-status","tag-tor-email","tag-tor-relay","tag-transparency-report","tag-v3-onion-address","tag-vs-proton","tag-vs-tutanota"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Onion Mail in 2026: What Changed, What Hasn&#039;t, and How to Verify - Onion Mail \u2014 Privacy, Encryption &amp; Tor<\/title>\n<meta name=\"description\" content=\"Onion Mail rebuilt its auth system, migrated to .onion v3, runs PQCServer in production, and operates three Tor relays. The 2026 status with verification paths.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Onion Mail in 2026: What Changed, What Hasn&#039;t, and How to Verify - Onion Mail \u2014 Privacy, Encryption &amp; Tor\" \/>\n<meta property=\"og:description\" content=\"Onion Mail rebuilt its auth system, migrated to .onion v3, runs PQCServer in production, and operates three Tor relays. The 2026 status with verification paths.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/\" \/>\n<meta property=\"og:site_name\" content=\"Onion Mail \u2014 Privacy, Encryption &amp; Tor\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-13T14:49:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/server-status.png\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"773\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Onion Mail\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Onion Mail\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/\"},\"author\":{\"name\":\"Onion Mail\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#\\\/schema\\\/person\\\/165910c3149db6a9320ddae7d7a17cab\"},\"headline\":\"Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify\",\"datePublished\":\"2026-05-13T14:49:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/\"},\"wordCount\":2294,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/server-status.png\",\"keywords\":[\"2026\",\"agpl-3.0\",\"best email\",\"nist post-quantum\",\"Onion Mail\",\"post-quantum cryptography\",\"PQCServer\",\"review\",\"safe\",\"service status\",\"tor email\",\"tor relay\",\"transparency report\",\"v3 onion address\",\"vs proton\",\"vs tutanota\"],\"articleSection\":[\"Email Security\",\"Guides\",\"News\",\"Tor &amp; Anonymity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/\",\"url\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/\",\"name\":\"Onion Mail in 2026: What Changed, What Hasn't, and How to Verify - Onion Mail \u2014 Privacy, Encryption &amp; Tor\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/server-status.png\",\"datePublished\":\"2026-05-13T14:49:03+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#\\\/schema\\\/person\\\/165910c3149db6a9320ddae7d7a17cab\"},\"description\":\"Onion Mail rebuilt its auth system, migrated to .onion v3, runs PQCServer in production, and operates three Tor relays. The 2026 status with verification paths.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#primaryimage\",\"url\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/server-status.png\",\"contentUrl\":\"https:\\\/\\\/onionmail.org\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/server-status.png\",\"width\":960,\"height\":773,\"caption\":\"Onion Mail in 2026: What Changed, What Hasn't, and How to Verify\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/\",\"name\":\"Onion Mail \u2014 Privacy, Encryption & Tor\",\"description\":\"Anonymous email, PGP encryption and post-quantum security guides\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/#\\\/schema\\\/person\\\/165910c3149db6a9320ddae7d7a17cab\",\"name\":\"Onion Mail\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in\",\"caption\":\"Onion Mail\"},\"sameAs\":[\"https:\\\/\\\/onionmail.org\"],\"url\":\"https:\\\/\\\/onionmail.org\\\/blog\\\/author\\\/adminblogonion\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Onion Mail in 2026: What Changed, What Hasn't, and How to Verify - Onion Mail \u2014 Privacy, Encryption &amp; Tor","description":"Onion Mail rebuilt its auth system, migrated to .onion v3, runs PQCServer in production, and operates three Tor relays. The 2026 status with verification paths.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/","og_locale":"en_US","og_type":"article","og_title":"Onion Mail in 2026: What Changed, What Hasn't, and How to Verify - Onion Mail \u2014 Privacy, Encryption &amp; Tor","og_description":"Onion Mail rebuilt its auth system, migrated to .onion v3, runs PQCServer in production, and operates three Tor relays. The 2026 status with verification paths.","og_url":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/","og_site_name":"Onion Mail \u2014 Privacy, Encryption &amp; Tor","article_published_time":"2026-05-13T14:49:03+00:00","og_image":[{"width":960,"height":773,"url":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/server-status.png","type":"image\/png"}],"author":"Onion Mail","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Onion Mail","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#article","isPartOf":{"@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/"},"author":{"name":"Onion Mail","@id":"https:\/\/onionmail.org\/blog\/#\/schema\/person\/165910c3149db6a9320ddae7d7a17cab"},"headline":"Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify","datePublished":"2026-05-13T14:49:03+00:00","mainEntityOfPage":{"@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/"},"wordCount":2294,"commentCount":0,"image":{"@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#primaryimage"},"thumbnailUrl":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/server-status.png","keywords":["2026","agpl-3.0","best email","nist post-quantum","Onion Mail","post-quantum cryptography","PQCServer","review","safe","service status","tor email","tor relay","transparency report","v3 onion address","vs proton","vs tutanota"],"articleSection":["Email Security","Guides","News","Tor &amp; Anonymity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/","url":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/","name":"Onion Mail in 2026: What Changed, What Hasn't, and How to Verify - Onion Mail \u2014 Privacy, Encryption &amp; Tor","isPartOf":{"@id":"https:\/\/onionmail.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#primaryimage"},"image":{"@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#primaryimage"},"thumbnailUrl":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/server-status.png","datePublished":"2026-05-13T14:49:03+00:00","author":{"@id":"https:\/\/onionmail.org\/blog\/#\/schema\/person\/165910c3149db6a9320ddae7d7a17cab"},"description":"Onion Mail rebuilt its auth system, migrated to .onion v3, runs PQCServer in production, and operates three Tor relays. The 2026 status with verification paths.","breadcrumb":{"@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#primaryimage","url":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/server-status.png","contentUrl":"https:\/\/onionmail.org\/wp-content\/uploads\/2026\/05\/server-status.png","width":960,"height":773,"caption":"Onion Mail in 2026: What Changed, What Hasn't, and How to Verify"},{"@type":"BreadcrumbList","@id":"https:\/\/onionmail.org\/blog\/onion-mail-in-2026-what-changed-what-hasnt-and-how-to-verify\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onionmail.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Onion Mail in 2026: What Changed, What Hasn&#8217;t, and How to Verify"}]},{"@type":"WebSite","@id":"https:\/\/onionmail.org\/blog\/#website","url":"https:\/\/onionmail.org\/blog\/","name":"Onion Mail \u2014 Privacy, Encryption & Tor","description":"Anonymous email, PGP encryption and post-quantum security guides","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onionmail.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onionmail.org\/blog\/#\/schema\/person\/165910c3149db6a9320ddae7d7a17cab","name":"Onion Mail","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in","url":"https:\/\/secure.gravatar.com\/avatar\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f7d6948c15418aed2d5fc684c551bb93fe70d354338e034960230227dad93ec9?s=96&d=initials&r=g&initials=in","caption":"Onion Mail"},"sameAs":["https:\/\/onionmail.org"],"url":"https:\/\/onionmail.org\/blog\/author\/adminblogonion\/"}]}},"_links":{"self":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts\/121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/comments?post=121"}],"version-history":[{"count":1,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts\/121\/revisions"}],"predecessor-version":[{"id":123,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/posts\/121\/revisions\/123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/media\/122"}],"wp:attachment":[{"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/media?parent=121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/categories?post=121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onionmail.org\/blog\/wp-json\/wp\/v2\/tags?post=121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}