Advice Request What do you guys think about the paid Zoho mail?

[Thales]

I'm thinking about the Zoho mail. It offers aliases and 100GB storage for 10$/month. I would drop MEGA and switch to Zoho. I always encrypt everyhing before I upload to the cloud, so it doesn't matter if Zoho doesn't encrypt by default. It has linux and android support too.
Do you have any experience? Did you get every mail? I had bad experience with msgsafe.io and mailbox.org (couldn't get emails).

 

[Eddie Morra]

I do not use Zoho for file storage and thus I cannot tell you much about that - you'll have to speak to Zoho yourself and/or look at their website information and third-party reviews - however the email service is exceptionally good in my experience (you can add verification features when using a custom domain like SPF records as well).

Apparently, Zoho have Encryption At Rest (EAR) support for content stored:
https://help.zoho.com/portal/community/topic/server-side-at-rest-file-encryption
Secure cloud storage for team files | Zoho WorkDrive
Encryption Process in Zoho CRM

If there's one thing I really like about Zoho, it's the security settings for account authorisation. They support the traditional 2-Factor Authentication (like with SMS verification) but they have other offerings included for Multi-Factor Authentication.

I'm thinking about the Zoho mail. It offers aliases and 100GB storage for 10$/month. I would drop MEGA and switch to Zoho.

If you're only concerned about the data storage capacity, why not consider a combination of MEGA, Google Drive, and Dropbox? All of them offer free plans. As long as you can manage your accounts for them, then you can get an extremely large data storage capacity on the cloud between them all for "free".

Dropbox also have ways to get data storage extensions through invite referrals.

 

[Thales]

I do not use Zoho for file storage and thus I cannot tell you much about that - you'll have to speak to Zoho yourself and/or look at their website information and third-party reviews - however the email service is exceptionally good in my experience (you can add verification features when using a custom domain like SPF records as well).

Apparently, Zoho have Encryption At Rest (EAR) support for content stored:
https://help.zoho.com/portal/community/topic/server-side-at-rest-file-encryption
Secure cloud storage for team files | Zoho WorkDrive
Encryption Process in Zoho CRM

If there's one thing I really like about Zoho, it's the security settings for account authorisation. They support the traditional 2-Factor Authentication (like with SMS verification) but they have other offerings included for Multi-Factor Authentication.


If you're only concerned about the data storage capacity, why not consider a combination of MEGA, Google Drive, and Dropbox? All of them offer free plans. As long as you can manage your accounts for them, then you can get an extremely large data storage capacity on the cloud between them all for "free".

Dropbox also have ways to get data storage extensions through invite referrals.

Yes Zoho has a lot of features.
Anyway I am not looking for free storage options. They are too small. I already have a 200gb from mega (paid). I prefer everything in one place that's why I find Zoho interesting.

 

[Eddie Morra]

Anyway I am not looking for free storage options. They are too small. I already have a 200gb from mega (paid). I prefer everything in one place that's why I find Zoho interesting.

Makes sense to me and I hope you manage to find something that satisfies you in the end... choosing a service out of many can be tricky sometimes.

It appears they do have encryption support and given you are encrypting yourself as well, you're even better off, but I'd contact them first-hand and enquire about it if it is a serious requirement of yours before spending any money.

 

[37507]

The NSA could not crack Zoho back in 2015. (Source) Not sure if this still applies today.

 

[Thales]

I can see MalwareTips staff banned Zoho email address, reason: spam

 

[Eddie Morra]

I can see MalwareTips staff banned Zoho email address, reason: spam

You can always ask @Jack to help you out because he'll be able to overrule the anti-spam.

It was probably done in the past if an unusual amount of spam accounts were created with a Zoho e-mail address (and if not many members here use the Zoho service) or it could just be a built-in XenForo rule which wasn't directly set by the admins here, I do not know, but there's probably a reason for it.

Nonetheless, I am sure if you contact a staff member they'll fix it for you.

 

[Jack]

I can see MalwareTips staff banned Zoho email address, reason: spam

You can always ask @Jack to help you out because he'll be able to overrule the anti-spam.

It was probably done in the past if an unusual amount of spam accounts were created with a Zoho e-mail address (and if not many members here use the Zoho service) or it could just be a built-in XenForo rule which wasn't directly set by the admins here, I do not know, but there's probably a reason for it.

Nonetheless, I am sure if you contact a staff member they'll fix it for you.

I've removed this email from our blacklist.

@zoho.com

 

[Eddie Morra]

Not sure if this still applies today.

I'll reach out to them and ask about the file storage security soon and will post back the response assuming no confidentiality is required if it helps anyone else here.

The government cracking thing was probably to do with things like user account attacking (e.g. brute-forcing) or exploiting the service to gain access for data leakage. As long as they are following safe practices then breaking them will be pretty difficult to do.

Contrary to beliefs, a lot of vulnerabilities is simply because of bad practices in either a run-time/library being used or the services' own in-house content (combined with lack of Q&A and in-house penetration testing and/or stress-testing). Once you start using secure development techniques, everything becomes more robust and difficult to break... but sometimes it comes at the cost of performance, but such is usually unnoticeable on modern environments.

As an example, if we had a web-service relying on SQL, relying blindly on user-submitted data is going to make the possibilities of an SQL injection attack higher. However, once you start removing any "dirt" from data before the SQL query (like when using a parameterized query), the possibility of an SQL injection attack decreases again.

When engineers get lazy that is when problems start to happen, or when management insists they meet a certain deadline which is simply not realistic when following safe guidelines. Sometimes, it could also be budget related.

 

[Thales]

I've removed this email from our blacklist.

@zoho.com

Thank you @Jack

I'll reach out to them and ask about the file storage security soon and will post back the response assuming no confidentiality is required if it helps anyone else here.

Thank you!