Encrypted IMAP (S/MIME)
Motorical's encrypted mailboxes use industry-standard S/MIME encryption (RFC 5652) with AES-256 to provide zero-knowledge email storage.
Zero-Knowledge Architecture
Our servers never have access to your private decryption keys. All encryption happens transparently:
- Incoming email is encrypted with your public key before being stored
- Only your private key can decrypt the stored email
- The server stores and serves only ciphertext via IMAP
- Decryption happens in your email client
:::danger Important If you lose your private key, encrypted emails cannot be recovered. Always backup your certificates. :::
Security Specifications
| Property | Value |
|---|---|
| Encryption Standard | S/MIME (RFC 5652) |
| Cipher | AES-256 |
| Key Sizes | RSA 2048 or 4096 bit |
| Protocol | IMAP over SSL/TLS (port 993) |
| TLS Version | 1.2+ required |
Certificate Management
Generate a New Certificate
Use the built-in certificate generator for quick setup. Certificates are automatically configured for your mailbox.
Upload an Existing Certificate
Upload your own PKCS#12 (.p12) certificate file. Supports password-protected certificates.
Download Certificate
Download certificates in PKCS#12 format for:
- Email client configuration (Thunderbird, Outlook, Apple Mail)
- Sharing public certificates with correspondents
Certificate Validation Checklist
- Certificate matches your domain/email address
- Certificate has not expired
- Certificate chain is complete
- Certificate works with your email client
DNS Configuration
Update your domain's DNS records to route emails through Motorical:
Required MX Record:
Type: MX
Name: @ (or your subdomain)
Value: mail.motorical.com
Priority: 10
TTL: 3600
Optional SPF Record (for better deliverability):
Type: TXT
Name: @
Value: "v=spf1 include:mail.motorical.com ~all"
Verify DNS propagation:
dig MX yourdomain.com
nslookup -type=MX yourdomain.com