Frequently Asked
Questions

To create an account, simply go to the following address: https://onionmail.org/account/create.

No personal information is required; you just need to choose a username and a password.

When you create an account on Onion Mail, it is anonymous; no personal data is requested. However, you must browse anonymously via a VPN or Tor to also be anonymous in terms of your IP address.

Onion Mail accounts are fully anonymous; therefore, we do not store personal data, recovery emails, or phone numbers. If you have not linked a Tox ID to your account, a lost password means the account is permanently lost. Our administrators cannot manually reset passwords or access encrypted mailboxes for security reasons.

If your account is free, it will be blocked after 3 months of inactivity, or it can be blocked if we receive reports of abuse or illegal activities towards third parties.

To delete the account, simply do not use it for 3 months, and it will be automatically deleted.

If the account has been deleted, it is not possible to use the same username for at least 1 year.

Only after 1 year is it possible to reuse the same name.

It depends on how long ago the account was suspended. Free accounts that have been suspended can be restored within 30 days from the date of suspension, for a one-time fee of $10 USD payable anonymously in cryptocurrency (Bitcoin, Ethereum, or Monero).

The account is restored with the original password — if you no longer remember your password, restoring the account will not allow you to log in. After payment is confirmed, the account is manually restored within 24 hours as a free plan.

After 30 days, restore is no longer available and the username remains reserved for 12 months.

You can request a restore at: https://restore.onionmail.org.

Emails are encrypted with the PGP public key you enter in your profile, and connections between client and server are encrypted with end-to-end protocols and SSL connections.

We use end-to-end encryption and PGP encryption.

We use PGP encryption.

Onion Mail natively supports PGP encryption for all accounts. To activate it, upload your PGP public certificate in your profile settings and choose what you want encrypted: incoming emails, outgoing emails, or both.

Once configured, every matching email is encrypted server-side using your public key before storage — meaning only you, the private key holder, can read them. Inside every mailbox a status widget always shows whether your PGP certificate has been uploaded and whether encryption is active, so you always know the current state of your inbox protection. Enabling PGP encryption is your choice — the platform supports it fully and makes it visible, but does not force it.

The entire email is encrypted, both with internal algorithms and with PGP if enabled.

No one outside the user can read the emails, especially if you encrypt them with PGP.

Users will receive the encrypted email and will need to use external software to read it.

If you use Onion Mail, you can open it directly from the browser.

Yes, the Onion Mail code is based on open source platforms.

IP addresses are logged but only appear if you browse in the clear. If you use Tor with the Onion Mail .onion node, no IP addresses are present.

Every activity on Onion Mail can be viewed on the page https://onionmail.org/account/security/events.

This page allows you to understand if you are browsing anonymously or not.

Yes, of course, you can use a VPN and the Tor service.

Onion Mail has a .onion node that you can access.

Our service is based on providing the user with services that allow for anonymity and anonymous browsing.

Therefore, if the user encrypts emails and browses securely with a VPN or Tor, it allows us to have no data to provide.

We provide you with all the tools to verify for yourself that the service is anonymous, if you use it correctly.

Registration is anonymous, and we do not ask for any private information. If you use a VPN or Tor, in the https://onionmail.org/account/security/events section, you will not see any IP address or IP addresses that can be traced back to you.

If you do not want to use our web platform, you can connect to our servers with your trusted program; configurations can be found here: https://onionmail.org/help.

You can use our web interface onionmail.org or use your trusted application.

Yes, of course, you can. You can find the configuration parameters here: https://onionmail.org/help.

Yes, of course, you can create aliases by going to your personal profile: https://onionmail.org/account/identities.

The free plan offers you 50 MB of space, and you can only receive emails, not send them. After 3 months of inactivity, it will be deleted.

If your space is full, or if you want to send emails and not just receive them, you can upgrade: https://upgradeplan.onionmail.org/.

Yes, of course, we offer a cloud storage solution. You can go here: https://oniondrive.org.

By creating an address on Onion Mail, you can send emails both on the standard internet network and on the .onion network.

The .onion emails are received only by .onion addresses, while on the Onion Mail address, it is possible to receive both types of emails.

Receiving emails from Gmail (or any clearnet address) into your Onion Mail inbox works on all plans, including free.

Sending outbound to Gmail from your Onion Mail address requires a premium plan, and delivery goes via our clearnet SMTP infrastructure — not through the Tor network. Note that some services like Gmail may apply additional spam filtering to emails originating from privacy-focused providers. Sending from a .onion-to-.onion address works only between .onion services.

Just visit the following .onion domain: http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion

There is a free plan that offers 50 MB of space and the ability to receive emails but not send them. If not used after 3 months, it will be deleted.

There are three premium plans, all of which include outbound sending, Tox Recovery, and private mailbox visibility:

All premium plans also include Tox Recovery — the only anonymous account recovery system in the email industry, requiring no phone number or personal data. Full details and upgrade: https://upgradeplan.onionmail.org/.

You can pay with traditional methods such as credit/debit cards via Stripe. For anonymous payments, we accept Monero (XMR), Bitcoin (BTC), and Ethereum (ETH). Monero is the recommended option for complete payment anonymity as it is a privacy-focused cryptocurrency by design.

As an anonymous and private service, a refund for a paid plan is not allowed unless the payment was made fraudulently.

If the payment was made fraudulently via card, a refund is provided, and the account is deleted.

Crypto payments are non-refundable.

First, check that you are entering the correct username and password. If you are connecting via Tor or a VPN, try switching to a different exit node as some may have connectivity issues.

If you have forgotten your password and you are on a premium plan with Tox Recovery enabled, you can recover access via Tox P2P — our automated bot will send a secure recovery token directly to your Tox client with no phone number or personal data required. You can link your Tox ID in your Security Dashboard before you need it.

If your account is free and you have not linked a Tox ID, a lost password means the account cannot be recovered. However, if your free account was suspended within the last 30 days, you can restore it for a one-time fee of $10 USD at restore.onionmail.org. Note that the account is restored with your original password — if you no longer remember it, the restore will not grant you access. Free accounts are also automatically deleted after 3 months of inactivity.

Check your spam folder or report the service you're having trouble with, and we will investigate.

You can send us an email at info@onionmail.org or report via chat that the .onion site is not working.

To contact us, you can send an email to info@onionmail.org or via chat.

Onion Mail has been operating since 2017 as part of Onion Search Engine LLC. The service is built on open-source infrastructure and has served thousands of users globally.

Security is structural: emails are encrypted with PGP using your own public key before storage, meaning even our administrators cannot read your messages. The native .onion address ensures that when accessed via Tor, no IP address is ever logged. Registration requires no personal data of any kind.

Reliability depends on how you use it: access via the .onion address with Tor Browser gives you maximum anonymity. Access via clearnet is convenient but logs connection data as standard web traffic. We recommend enabling PGP encryption and linking a Tox ID for account recovery before you need it.

Because we offer an anonymity and privacy service, and some sites want to monitor and control the user.

Each user mailbox is completely isolated and independent — there is no technical connection between accounts. Every user has their own encrypted space that no other user or administrator can access.

We do not monitor email content or spy on user communications, which is what makes Onion Mail a genuine privacy service. However, we take abuse seriously: if illegal activity is reported to us with sufficient evidence, we investigate and can block the account in question. Privacy and anonymity are legal rights — we defend them. Illegal activity directed at third parties is the sole responsibility of the user who commits it.

If illegal activities by our users are reported to us, after an investigation phase, we can block the account.

We do not support illegal activities or abuses of any kind in any way, but we defend people's privacy and anonymity, and this is not illegal.

The Security Dashboard is a set of five status widgets that appear at the top of your inbox every time you log in. It shows you in real time whether your connection, encryption, and account recovery are actually protecting you — not just whether the service is online.

Each widget covers one area: your Tor connection status, PGP encryption, Two-Factor Authentication, Tox Recovery, and account plan. If something is misconfigured or at risk, the widget turns red or yellow and links you directly to the fix.

No. This warning means you are accessing Onion Mail via the regular internet (clearnet) instead of the Tor .onion address. When you connect via clearnet, your IP address is visible to our servers and is logged as standard web traffic.

To make this warning disappear and protect your identity, open Tor Browser and connect to: http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion. When you are on the .onion address, no IP address is ever logged on our side.

A VPN is not sufficient to eliminate this warning — a VPN hides your IP from your ISP, but our servers still see the VPN's IP. Only Tor via the .onion address ensures zero IP logging.

Receiving emails works on all plans regardless of PGP status. The warning is not about whether email delivery works — it's about who controls the encryption keys.

All messages on our servers are encrypted at rest. Without your PGP key, that encryption uses keys held by our infrastructure — meaning the data is protected from external attackers, but could theoretically be decrypted by our administrators or handed over in a readable form in response to a legal order.

When you upload your own PGP public key, emails are re-encrypted using your key before storage. At that point only you — the holder of the corresponding private key — can decrypt them. Not our administrators, not us, not anyone acting on a legal order. That is the difference the warning is pointing to.

You can upload your PGP public key in your account settings under Profile: https://onionmail.org/account/security/gpg.

We comply with all valid legal orders. What we can actually provide depends entirely on how you use the service:

• If you used Tor via .onion: we have no IP address associated with your account — we only ever saw a Tor exit node. There is nothing to hand over.
• If you enabled PGP: your messages are encrypted with your public key and unreadable without your private key, which we never hold. The content is inaccessible to us.
• If you connected via clearnet without PGP: your IP was logged and message metadata may be readable. The Security Dashboard warned you about this every time you logged in.

We are not an outlaw service. We are a service designed so that users who follow our guidance have nothing to fear — because there is genuinely nothing for us to hand over.

Tox Recovery is our phone-free account recovery system, available on all premium plans. Instead of a phone number or backup email — both of which would compromise your anonymity — you link a Tox ID: a decentralized P2P identifier. If you lose your password, our automated bot sends a secure recovery token directly to your Tox client.

The dashboard warns you when Tox Recovery is not linked because without it, a lost password means permanent loss of access to your account. We cannot manually reset passwords for anonymous accounts — there is no personal data to verify your identity against. Setting up Tox Recovery before you need it takes two minutes and is the only safety net available.

If you are on a free plan without Tox Recovery and your account has been suspended, there is one last option: you can restore it within 30 days of suspension for a one-time $10 fee at restore.onionmail.org — but only if you still remember your original password.

You can link your Tox ID at: https://onionmail.org/account/.