Skip to main content Skip to navigation

Threat Model

Last updated: July 2025

This threat model outlines what [@fuck.it] protects you from - and what we don’t. We believe in honesty, not false promises.

1. What We Protect Against

  • Email interception via insecure protocols (we use TLS)
  • Unauthorized access to your inbox (we enforce strong login security)
  • Spam, phishing and account abuse (through Open-Xchange’s (OX) advanced filtering and our internal abuse response systems)
  • Server-side attacks (we harden our infrastructure)
  • Metadata collection by advertisers (we don’t use ads or trackers)
  • Unauthorized access to stored files in OX Drive
  • Disruptions from regional outages (via geo-redundant hosting across data centers)

2. What We Don't Protect Against

  • Stupid passwords (use a password manager, please)
  • Local malware or keyloggers on your device
  • Your friend peeking over your shoulder
  • Governments with access to your unlocked device
  • The consequences of emails you send

3. End-to-End Encryption

On supported plans, we offer optional end-to-end encryption via OX Guard, covering emails, attachments and cloud storage. Users can activate and manage encryption settings as needed. Outside of that, data is still encrypted in transit (TLS) and at rest, with no access by unauthorized personnel.

That said, end-to-end encryption is not enabled by default and must be actively used for each message. Without it, your data is encrypted in transit and at rest, but remains accessible to authorized staff if legally required. If privacy is paramount, we strongly encourage the use of OX Guard or compatible third-party tools in your local environment.

Note: As the underlying platform, OX may retain temporarily recoverable message states for disaster recovery or undelete functionality. While deleted messages are generally removed, edge cases exist where partial recovery is technically possible within short timeframes.

4. Legal Access

We comply with valid legal requests. If we’re allowed, we’ll notify you. We do not build backdoors or offer mass access to anyone.

5. Third-Party Services

We work with a hosting company and payment provider. These services only have the data needed to do their jobs. We vet their security but can’t guarantee perfection.

We use Open-Xchange (OX) as our core infrastructure provider. They are GDPR-compliant, ISO-certified and operate under strict access controls. For more, see our Privacy Policy.

6. What You Can Do

  • Use a strong password (and don’t reuse it)
  • Enable any optional security features
  • Encrypt sensitive messages manually
  • Log out on shared devices
  • Enable two-factor authentication if we offer it

7. Security Philosophy

Security isn’t a product - it’s a posture. We do our part. You do yours. Together, it works.

No bullshit.
No guarantees.
Just good security sense.

  • Terms of Service
  • Privacy Policy
  • Acceptable Use Policy
  • Anti-Spam Policy
  • Abuse Policy
  • Threat Model
  • Accessibility
  • Artists
  • Blog
  • FAQ
  • Status
  • Support
  • Imprint
@fuck.it logo horizontal
[@fuck.it] is created by Paradise Circus, Inc.
1178 Broadway, 3rd Floor Ste 4238,
New York, NY 10001, United States

Copyright © 2025 Paradise Circus Inc. All rights reserved. [@fuck.it] and related marks are trademarks or registered trademarks. This site and its contents are protected by copyright, caffeine and a deep distrust of plagiarism. Born on the world wild web. Respect the art.

⚠︎ This site occasionally stutters. Photosensitive souls beware. (Definitely don’t press Alt+i or shake your device)
One cookie. Not tasty. Just functional.
Pure. Secure. Exclusive.
POWERED BY Open-Xchange (OX).
Meet the engine under the hood
Open-Xchange (OX) Logo
Early Access
You’re getting a front-row seat to the evolution. This is the beginning - bold, growing and built with grit, ambition and reckless optimism. Some features are still unfolding. Some surprises may await. But the foundation is strong. Thanks for joining early - and shaping what comes next.