Receiving & decrypting
What happens when mail arrives, and why only you can read it.
When someone emails your MailGate address, the message is encrypted to you specifically before it's ever stored. When you open it in the app, it's decrypted for you automatically. You don't manage keys or click "decrypt" — it just reads like normal email.
Why only you can read it
MailGate uses a scheme where your email address itself is the encryption identity. Anyone can encrypt a message to you@mailgate.sh without any key exchange, but only your account through the attested secure enclave that can decrypt it.
The practical guarantees:
- The company running MailGate cannot read your mail.
- Someone who steals the storage database gets only ciphertext.
- There's no master key at any single party that unlocks everyone's inbox.
This is the Seal encryption system combined with a hardware enclave whose code is verified on-chain. You can find the plain-language version in What is MailGate ?.
Subjects and search
Subject lines and headers are also encrypted. Search still works, but it's a privacy-preserving subject search, not full-text:
- Searching by words in the subject works.
- Full body text search is not available, by design — bodies stay encrypted.
The first email is slow — that's expected
Your very first inbound email after sign-up can take ~30 seconds to arrive. Account creation has to be confirmed on-chain and your encryption identity has to be bound before the first message can be delivered. This is a one-time warm-up. Later mail arrives promptly.
When something looks wrong
- A message showing scrambled / ciphertext text instead of readable content is not normal — see Decryption failures.
- A toll-gated message can sit in a pending state for a few seconds while payment confirms — that's normal.
Folders and actions
You get the usual: Inbox, Archive, Trash, Spam. You can mark read/unread, star, archive, restore, hard-delete, empty trash, and view messages as threaded conversations.