Sign in is backed by password hashes and server-issued tokens, with a dedicated password update path.
Security
Simple controls that keep the mailbox flow contained.
minemail uses server-side validation, hashed passwords, session checks, restricted sender domains, and content moderation before account and message changes are saved.
Security surface
- JWT-backed sessions
- Password hashing
- Domain-restricted signup
- Blocked-language checks
Signup and sender email settings are limited to configured mailbox domains.
Signup names, sender names, subjects, and bodies are checked for blocked language before save or send.
Live mode depends on valid provider keys and verified sender configuration, with status visible in app.