ghostBox

Overview

ghostBox positions itself as a tiny, privacy-first email provider built around a radical simplicity: one €5 payment, no recurring subscriptions, no identity verification, and no expiration. Launched as a free-speech-friendly alternative to mainstream providers, it targets users who want email without surveillance capitalism or political content policing. The service runs on a single server hosted in Switzerland and accepts only Monero for payment—making it one of the few truly anonymous email onboarding experiences available in 2026.

The operator maintains a refreshingly blunt public presence, openly admitting that email end-to-end encryption is "a myth" and that ghostBox does not encrypt stored messages beyond disk-level protection. This honesty cuts against the marketing of many "secure email" competitors, though it also means users must bring their own encryption (PGP, etc.) if message confidentiality matters.

Privacy & KYC

ghostBox operates at KYC Tier L1 — Anonymous. Registration requires no name, no phone number, no government ID, and no email verification loop. Users check alias availability by emailing postmaster@ghostbox.cc, then pay €5 in Monero to reserve 256 MiB of storage permanently. The operator explicitly states they cannot recover lost passwords because they cannot verify account ownership—an extreme privacy position that trades convenience for deniability.

• IP logging: The server claims it "doesn't keep logs," though users are advised to use a VPN regardless.
• Jurisdiction: User data is hosted in Switzerland; the operator will only share data if compelled by a Swiss court.
• Content policy: Spam, malware, and CSAM result in immediate deletion, but "controversial" speech is explicitly protected—an unusual stance that has made ghostBox a refuge for users fleeing more restrictive platforms.

Supported assets & payments

ghostBox accepts Monero (XMR) exclusively. This single-asset approach is deliberate: Monero's ring signatures and stealth addresses make payments unlinkable, reinforcing the service's no-KYC ethos. The €5 one-time fee covers storage allocation indefinitely, with no renewal pressure. Notably, the operator allows users to request accounts using temporary emails, creating a fully anonymous onboarding chain—pay with untraceable cryptocurrency, contact through a disposable address, and access via Tor.

Security & custody

ghostBox is a non-custodial email service in the sense that users control their client configuration and can download messages via IMAP/POP3, but the server itself retains plaintext message content. Disk encryption protects against physical seizure, not server compromise. Users access mail through standard protocols: SMTP (ports 25/587/465), IMAP (143/993), and POP3 (110/995), with hostname mail.ghostbox.cc. A Tor onion mirror at ghost7whczovqqnabnvzbx24hqnfseyzzdqtzcpkyvbgfmwfgwii6pyd.onion offers SMTP over port 2525 for users requiring network-level anonymity.

The operator's transparency about encryption limitations is commendable, but the technical stack shows signs of solo maintenance: SSL certificate renewals, domain transfers, and Roundcube updates are manually announced rather than automated. DNSSEC and IPv6 were added in 2024, suggesting incremental hardening, yet the single-server architecture remains a centralization risk.

Reliability concerns

ghostBox's operational history reveals a pattern of downtime that should concern prospective users. The July 2025 relocation from Luxembourg to Switzerland caused a five-day outage—the longest in the service's history—with the operator admitting undelivered mail was likely lost. Multiple BuyVM infrastructure faults have caused additional multi-day interruptions. Community reports from early 2026 describe the service going offline for three days without status page updates or responsive support, with contact attempts bouncing.

The operator's update blog shows a telling gap: after frequent 2024-2025 posts, the March 2026 entry reads "Wow, no updates since 2025?" This casual approach to communication, while charming, clashes with email's critical-infrastructure role. Users who depend on reliable delivery may find the trade-off unacceptable despite the privacy benefits.

Who it's for — verdict

ghostBox suits a specific niche: privacy absolutists, free-speech advocates, and cryptocurrency natives who prioritize anonymity over uptime guarantees. The no-KYC onboarding, Monero payments, and Tor access create a genuinely pseudonymous email experience rare in 2026. However, the 47/100 trust score and recurring outages reflect real operational fragility. We recommend ghostBox as a secondary or throwaway email for registrations, newsletters, or non-critical communication—not as a primary mailbox. Users should archive important messages locally via IMAP, run their own PGP encryption, and maintain backup contact methods. For those who can tolerate the reliability trade-offs, ghostBox delivers on its core promise: email without identity.