Everything you need to know!

Get started

How do I register a GMX-Mail account?

You can register for GMX-Mail here. Upon registration you can choose whether you would like a free or paid account. Please check our pricing page for details on all available subscriptions.

If a captcha is presented during the registration process, please check here if you need help solving the captcha.

Are emails to other GMX-Mail users always encrypted?

Yes, when sending emails from GMX-Mail to GMX-Mail, all emails are encrypted automatically end-to-end on your device. You do not have to enter any passwords.

How can I send unencrypted emails by default?

You can choose the 'Default delivery': Encrypted ('Confidential') or not encrypted ('Not confidential'). You can also switch whether an email is encrypted or not when composing the email by clicking on the lock symbol. Emails to other GMX-Mail users are always encrypted by default.

Can GMX-Mail encrypt emails to other email services (external recipients)?

Yes. GMX-Mail uses a preshared password for sending an encrypted message to an external recipient, i.e. to someone who does not use GMX-Mail.

Here we explain how to switch the default so that emails to external recipients are sent not encrypted and without a password.

How to create alias email addresses?

If using one of the paid plans, you can add aliases to your account. You can also switch to larger alias packages. Refer to our pricing page for details.

Click on 'Show Email Aliases'. Click on the plus symbol to add aliases. A pop-up opens where you can type the alias you want to add. Click on the three-dot button to choose the domain for your alias. This can be any of the GMX-Mail domains or of your custom email domains that you have added to your GMX-Mail account.

Please note: It is technically not possible to delete aliases with a GMX-Mail domain. These can only be deactivated. Deactivated aliases remain linked to your account in case you want to activate them again in the future. When you are using your own domain with GMX-Mail, you can delete aliases with your custom email domain and create new ones.

If you need more than five aliases, you need to buy a larger alias package here, even if the aliases are deactivated.

You can change the default sending address to your own domain alias (or any other alias) by changing the default sender here in your mailbox→ 'Default Sender'. This will make your alias the default sender. However, the main address of your GMX-Mail account (name in tab) will remain unchanged.

To change the alias upon sending an email, click on 'SHOW'. Then click on the pen symbol next to the sender and choose the alias you want to send an email from.

General questions

Does GMX-Mail use renewable energy?

Yes, GMX-Mail is a green email service that relies exclusively on renewable energy for all email systems.

Is GMX-Mail certified?

GMX-Mail was subject to an extensive penetration test by the SySS GmbH in November 2013. During the tests the experts were not able to access the system or to retrieve any confidential data.

Can I use GMX-Mail for my business?

Yes, GMX-Mail offers secure business email accounts with lots of whitelabel customizations. You can place the login for your employees directly on your website with a whitelabel domain. GMX-Mail also offers Secure Connect, an open source encrypted contact form so clients can get in touch with you confidentially directly on your website. Learn here how to use GMX-Mail in your organization or company with your custom email domain.

Here's a list of all whitelabel customizations for business use. Here's an instruction how to whitelabel GMX-Mail for your business, how to add the encrypted contact form Secure Connect to your website and more.

Can I customize the design of GMX-Mail?

Yes, you can customize the logo and colors in GMX-Mail when you book whitelabel.

Can I whitelabel the GMX-Mail design for my business?

Yes, GMX-Mail supports extensive customization options for business use such as custom colors, custom logo, custom text in the message to external recipients and more. To customize GMX-Mail, you need to book the Whitelabel feature.

What is Secure Connect?

Secure Connect is an open source encrypted contact form which enables every visitor of your website to contact you confidentially. Check here how to book Secure Connect and how to send an encrypted message via Secure Connect.

Is GMX-Mail compliant with the GDPR?

Yes, GMX-Mail as an encrypted email service is perfectly suited for any business that would like to use a GDPR-compliant email service.

Does GMX-Mail offer a data processing agreement according to the GDPR?

Yes, right after registration of a business account you will find a data processing agreement directly in GMX-Mail under Settings -> Subscription.

Is a calendar included in GMX-Mail?

Yes, an encrypted calendar is integrated into the GMX-Mail mail client.

My calendar events differ by some hours between different devices. How can I fix this?

Please check that the time zones of your devices are in sync, including daylight saving time.

If you are using Firefox/Tor Browser with resistFingerprinting option in about:config, this automatically resets the browser time zone to UTC, which then leads to sync issues.

Can I use GMX-Mail for team collaboration?

Yes, GMX-Mail will include a whole set of collaboration options such as working together on task lists and documents in the future. You can already book this collaboration tool. Right now it is called 'sharing feature' as you can now share your encrypted calendars as well as email templates with other paid accounts. This is the first step, more collaboration options will be added in the future.

Can we integrate GMX-Mail into our own product?

The GMX-Mail clients use REST services but there is no public documentation for that API or for a library, yet. Keep in mind that when user data is stored in or read from GMX-Mail, it has to be encrypted/decrypted on the client. You may of course dig into the open source code of GMX-Mail and integrate with your product, but at this time we can not provide any support for this. We will add a public API documentation in the future.

How do I switch the date format from US to the European format (UK)?

The date format for your mailbox as well as your calendar is picked either from your language settings in GMX-Mail or from your system/browser settings. If you pick 'English' under 'Settings' -> 'Appearance', the American date format is displayed. If you pick 'Automatic' under languages, the date format of your browser/system is displayed. If you pick any other language, e.g. French, the date format of this language, e.g. French, is displayed.


How can I upgrade a Free account and book additional features?
upgrade downgrade Free Premium Teams Pro book subscription storage alias

You can switch the subscription in GMX-Mail by upgrading or downgrading. After upgrading you can also book further extensions such as larger storage or alias packages, users, the Business feature and more.

What payment methods does GMX-Mail support?

When booking a paid subscription in GMX-Mail, you can pay via Credit Card (Visa, Mastercard, American Express), via PayPal or via bank transfer. Payment via bank transfer is only available for business customers in the EU.

If you have problems paying for your GMX-Mail subscription, please contact our sales team.

Your GMX-Mail Password

GMX-Mail secures my private key with my password. Can you access my password?
recovery reset password

No. When a password is used for authentication (login), it is not necessary that it is known to the server you want to authenticate with. The server only needs a fingerprint (hash) of your password. With GMX-Mail your hash for authentication is calculated by your browser and only the hash is being sent. Your password never travels the Internet in plain text and it is never seen by our server. As hashes are non-invertible, the server is unable to reconstruct your password from the hash. The server is not able to decrypt your message, but still able to log you in.

Recommended for further reading: Learn how GMX-Mail automates the encryption process while leaving you in full control of your encrypted data.

I can't access my account. What can I do?
password second factor lost login access recovery code reset

If you can't login to your account, this has been caused by one of the following reasons:

  • You forgot your password or lost your second factor: Please read How do I reset my password or second factor?.
  • Your account got suspended due to unpaid invoices: Your account may be suspended if you don't pay your open bills for a long time. Just contact us in English or French if you want to continue using your account and include the email address of your suspended GMX-Mail account.
  • Your account was disabled due to another reason: Some accounts get disabled due to a violation of our Terms of Service. You can contact us in English or French if you think that we made a mistake. Please include the email address of your suspended GMX-Mail account.

Our secure password reset feature enables you to reset your account yourself. Please write down your recovery code somewhere safe.

My password was stolen. What should I do now?

If you think your password was disclosed to someone else but you can still log into your account, please do the following:

  • Change your password in 'Settings' -> 'Login' -> 'Password'.
  • Update your recovery code in 'Settings' -> 'Login' -> 'Recovery code'.

If the attacker had been logged in as well, changing the password automatically logs them out.

We encourage you to always use 2FA with your accounts as it makes it close to impossible for an attacker to log into your account.

If you can not log into your account any more, please check this FAQ.

Where can I view my recovery code?

Go to Settings - Login and click on the pen symbol next to 'Recovery Code' to show the code or update it. To do this, you need to enter your password.

What hashing function is used for the password?

Your password is salted and hashed with Bcrypt on your device before being transmitted to GMX-Mail. Bcrypt is the most reliable method because brute-force attacks need much more time in comparison to conventional methods such as MD5 or SHA. With this method we guarantee an integrated confidentiality and we allow you to access and decrypt your emails from desktops and mobile devices instantly.

How do I choose a strong password?

GMX-Mail uses a password strength indicator that takes several aspects of a password into consideration to make sure your chosen password is a perfect match for your secure email account. You can find additional tips on how to choose a strong password here.

GMX-Mail has no limitations in regard to the password length or used characters; all unicode characters are respected.

How does the passphrase generator work?

A secure password is one that is random enough that it cannot be guessed in a feasible amount of time. But random strings of alphanumeric characters are hard to remember. That's why we have implemented a passphrase generator that finds a good balance between security and memorability. The generator chooses six easy words from a huge curated list and outputs a passphrase that is secure as well as easy to type and remember. Here are more tips on how to create and remember a strong password.

Does GMX-Mail support two-factor authentication (2FA)?

Yes, GMX-Mail supports two-factor authentication with U2F and TOTP. Here are details on how to set up your second factor in GMX-Mail.

Can I unlock the app with a pin or biometrics (fingerprint, Face ID)?

Yes, you can secure the stored app login with a pin, pattern or biometrics (fingerprint, Face ID etc.) after activating this feature. Please go to Settings -> Login -> Credentials encryption mode to activate this. This option will only show after you have stored your login credentials in the GMX-Mail app. You will find more details here.

When I log out of GMX-Mail, the browser or app always logs in again. What can I do to stop this?

If you click on 'Logout', you log out. Please note: If you have previously saved the password, you are now logged out, but the password is still saved for automatic login. To 'unsave' the password, please log out. The login screen appears, click on 'More' and 'Delete credentials'.

Security and Privacy

Where does the encryption process take place?

Encryption and decryption of data always happens locally on your device upon login. All data is end-to-end encrypted and only you can access the data with your password.

What is encrypted and what can you read?

GMX-Mail encrypts all data stored in your mailbox (contacts, emails, email signature, inbox rules, invoice data, payment method, certificate and private keys of your own domains). When sending an email, GMX-Mail encrypts subject, content and attachments automatically.

You can find a detailed explanation about what is encrypted in GMX-Mail on our security page.

We can read only the following metadata:

  • sender email address
  • recipient email address
  • date of the email

We are looking into possibilities to hide the metadata in the future as well.

Where are my keys generated and how is my private key secured?

Your private and your public keys are generated locally within your browser upon registration. Your private key is encrypted with your password. This way your login password receives the status of the private key. The key is encrypted so strong that only you can use the key for encrypting and decrypting data. This is why a strong password is essential. An automatic password check on the client makes sure that you use a strong password. Your password is never transmitted to the server in plain text. It is salted and then hashed with bcrypt locally on your device so that neither the server nor we have access to your password. With this innovative design you can access your encrypted inbox from any device (desktop, mobile) easily.

What encryption algorithms does GMX-Mail use?

For the email encryption between users, GMX-Mail uses a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm. GMX-Mail uses AES with a length of 128 bit and RSA with 2048 bit. Emails to external recipients are encrypted symmetrically with AES 128 bit.

How are my emails encrypted with GMX-Mail?

GMX-Mail automatically encrypts all emails stored in your mailbox. Emails between GMX-Mail users are automatically encrypted end-to-end, emails to external users can be secured with the help of a password. Here we explain the differences between a confidential (end-to-end encrypted) and a non-confidential email.

Independent of the end-to-end encryption, the transport between client and GMX-Mail servers is secured with TLS to maximize security.

Where are the GMX-Mail servers located?

The GMX-Mail servers are located in secure and ISO27001 certified data centers in France. All saved data are subject to the strict French privacy protection laws. Independent of that all data is end-to-end encrypted and cannot be read by the GMX-Mail GmbH as the provider or by any third party.

Does GMX-Mail log IP addresses or can I use my encrypted mailbox anonymously?

By default, we do not log IP addresses when you log in or when you send an email. The IP addresses of sent and received emails are stripped so that your location remains unknown.

We only log IP addresses of individual accounts in case of serious criminal acts such as murder, child pornography, robbery, bomb threats and blackmail after being served a valid court order by a French judge. You can find details on this as well as on French data protection rights on our blog.

Learn on our blog how GMX-Mail fights illegal mass surveillance by providing an anonymous email service. Upon registration you do not need to provide any personal data (e.g. no phone number required). We will also make it possible to pay for GMX-Mail with Bitcoin.

Is my address book within GMX-Mail encrypted?

Yes, all data within GMX-Mail is end-to-end encrypted and only accessible with your password. Scanning and profiling of your data is not possible.

Why is automatic image loading blocked in GMX-Mail?

GMX-Mail does not load pictures automatically when you open an email. When you load external images manually, please note that

  • someone knows that you read the email.
  • someone may add cookies to your browser (if your browser is not configured to reject them).
  • someone may track your location with your IP address.
  • someone may track parameters of your device.
One of my emails is displaying a phishing warning. What does it mean?

Phishing is a name or type of online scam in which criminals try to look like a legitimate sender in order to get your data such as credentials or credit card data. Phishers use very sophisticated psychological techniques and develop very realistic copies of real websites and emails.

If you see a phishing banner, it means that some parts of this email match our phishing signatures after other users reported similar emails as phishing. Please be extremely careful with such messages. Usually phishing emails contain a special link to the website which looks real but it actually is not. If you think that the email is legitimate and you opened the link, please make sure to check the full website URL: Check that you see all of it, sometimes only one part or one character may be swapped.

You can mark an email as not phishing so you will not see the warning message any more for this email.

We never send you emails with links where you need to type in your password. We encourage you to always protect your login credentials with 2FA as this makes it close to impossible for an attacker to log into your account.

If you already fell for a phishing attack, please check this FAQ.

One of my emails has a warning saying mail authentication is missing or failed. What does it mean?

We require all messages to be authenticated. Without authentication, the email could be coming from anyone or could be modified so you should always treat such emails with scrutiny. If you see a message where the authentication has failed (red warning banner), you should be especially careful as it means that this email was likely faked.

App, client, instructions

Where do I find the Settings?

The Settings are in the navigation menu to the left.

How can I change the language in GMX-Mail?

The language in GMX-Mail is taken automatically from your browser or system settings. Please change the language there. Alternatively, you can go to 'Settings' -> 'Appearance' to switch the displayed language for GMX-Mail.

How can I zoom in the GMX-Mail app?

In the apps, you can zoom with a double tap. We plan to improve this behavior further.

Calendar event alarms on my iOS device are no longer being received. What can I do?

In case the GMX-Mail app is force closed, iOS does not let the app receive new alarms via silent notifications. To receive calendar event notifications again, please open the app so that it stays in the background.

My GMX-Mail app on Android was disabled, but I don't see a new version on F-Droid. What can I do?

You need to update your F-Droid repository to see the newest version of the GMX-Mail Android app.

Why does the GMX-Mail app ask me to update WebView?

WebView is a system app on Android devices which allows us to display web content inside the GMX-Mail app. Newer versions let us use newer technologies to make the app smaller, faster, more beautiful and more reliable. If you experiencing issues or bugs with the Android app, updating WebView has a good chance to help.

Can I change the notification sound for the Android app?

Yes, users have full control over notifications through the app system settings. On your phone go to 'Apps', select 'GMX-Mail' and change the notification for new emails there.

How can I use GMX-Mail with multiple users at the same time?

In the mobile app, you can currently only login with one user. To switch to another user, you must log out and log in again. You can login with multiple users in the browser by opening several tabs or windows. In the desktop clients, you can also open several windows to login with multiple users.

Why do I see "Could not access secret storage" in the desktop client?

GMX-Mail desktop app uses system keychain to be able to encrypt sensitive details such as credentials and alarms. On Linux there must be an app installed which provides secret storage (org.freedesktop.secrets interface). This is usually set up together with the rest of the desktop environment but sometimes it requires manual setup. Installing GNOME Seahorse and configuring keychain there should be sufficient. KeePassXC is another provider which can be used but it must be additionally configured.

Is it possible to merge several GMX-Mail email addresses in one account?
address multiple several merge

Yes, you can add existing email addresses (e.g. Alice2, Alice3) as aliases or users to a paid account (Alice1):

  1. Delete the email accounts (e.g. Alice2, Alice3)
  2. Upon deletion, it is important to enter the 'Target account address' (Alice1).
  3. Then login to the stated target email account (Alice 1). Go to Settings → Email → Email aliases. Click on 'SHOW EMAIL ALIASES', click on the plus symbol, and add the deleted email address(es) here. Alternatively, you can add the address(es) as user(s) under Settings → User management by clicking on 'Add user'.

Please note: You are only transferring the email addresses. Emails and contacts stored in the deleted accounts (Alice2, Alice3) are being deleted. Please export important emails before deleting the accounts.

Is there a dark theme in GMX-Mail?

Yes. Before logging in, click on 'More' and 'Switch color theme' to switch to the dark theme. This works in all GMX-Mail clients (web, desktop, apps). Alternatively, you can go to 'Settings' -> 'Appearance' to switch to the dark theme. To add a custom theme, you need to book whitelabel.

Why does GMX-Mail not use PGP?

Current encryption standards like PGP and S/MIME have several issues that we plan to address with GMX-Mail. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

In addition, it is important to us that the subject line in emails is also encrypted. That's why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy. You can find more information on why GMX-Mail does not use PGP here.

We also see the importance that GMX-Mail needs to be interoperable with other encryption solutions. We will develop an API so that GMX-Mail users can communicate with users of other secure services confidentially in the future.

What browsers does GMX-Mail support? Via what browsers can external recipients check their encrypted emails?

GMX-Mail supports the current version of the following browsers:

  • Firefox (desktop)
  • Opera (desktop, Android)
  • Chrome (desktop, Android)
  • Safari (desktop, iOS)
  • Microsoft Edge (desktop)
What is the maximum size for emails and attachments?

The size of emails with attachments sent via GMX-Mail is limited to 25 MB at the moment.

Can I retrieve my GMX-Mail emails via IMAP to another email client?
gmail outlook yahoo thunderbird redirect

This is not possible as we could not guarantee end-to-end encryption for your data. Instead GMX-Mail offers email desktop clients for Linux, Mac OS and Windows as well as a web client and apps for Android and iOS.

As an external recipient, can I re-access my emails later?

Yes, you can always access the emails sent via GMX-Mail through the link from your latest notification email. Old notification links from the same sender are de-activated for security reasons. Your exchanged password, however, stays unchanged as long as the sender does not change it. If you have saved the password upon accessing your confidential emails in your browser, you do not have to re-enter it.

What are the benefits of adding another user to my account?

If you add another user to your account (family member, partner, team member etc.), you get the following benefits:

  • Share alias packages,
  • Share storage packages,
  • Use the same admin settings such as Spam rules and custom domains,
  • Reset passwords or second login factors for each other (admin status required).

Here are more details on user management. If you do not need these sharing options, you can also upgrade accounts individually. Please check our pricing calculator for details. 

Furthermore, we have recently added a sharing feature for the encrypted calendar which we will extend in the future. Sharing of entire calendars only works with other paid GMX-Mail accounts.

Can I add alias email addresses to GMX-Mail?
alias user

Email aliases are additional email addresses that you can use with the same mailbox without having to switch accounts. Aliases are included in all paid plans of GMX-Mail. If you upgrade to Premium (€1 per month), you can add up to 5 aliases.

Can I use a custom email domain with GMX-Mail?

Yes, any paid subscription of GMX-Mail comes with custom email domain support. Multiple domain support is also available in GMX-Mail. Please check our pricing page for details.

Please refer to our how-to to learn how to add your own email domains to your GMX-Mail account and how to make sure that your records (MX, SPF, TXT, DKIM, DMARC, CNAME) are set up correctly in your DNS as well as how to activate/deactive catch-all and more.

Does GMX-Mail use a spam filter?
false spam block legit newsletter blacklist whitelist receive

Yes, GMX-Mail uses a spam filter to keep your mailbox free from spam. We are improving this filter continuously. Should you receive spam emails in your inbox, you can also configure your own spam rules here to deny or allow certain email addresses or domains. If a sender is blocked (rejected) by the spam filter, you can allow the sender for your account.

In paid accounts, only admins can create spam rules that are being applied across all users.

Does GMX-Mail support inbox rules for filtering incoming emails?

Yes, GMX-Mail supports an unlimited number of inbox rules / filters for paid accounts. Check our how-to to see how to set up inbox rules.

Are emails in Trash and Spam folder deleted?

Yes, all emails in Trash or Spam are automatically deleted 30 days after the emails were moved to these folders. You can also manually empty these folders with one click. Please note: Emails deleted from Trash or Spam folders are physically deleted and can't be restored.

Are there email limits to protect GMX-Mail from being abused by spammers?

Yes, GMX-Mail uses different variables to calculate email limits for individual accounts. This is necessary to protect our free and anonymous email service from spammers who try to abuse GMX-Mail. If spammers were able to abuse GMX-Mail, it would harm all GMX-Mail users - ie GMX-Mail domains could end up on email spam lists, which we have to prevent under all circumstances.

If you receive the following message in your GMX-Mail account "It looks like you exceeded the number of allowed emails. Please try again later.", the anti-spam protection method has stopped your account temporarily from sending new emails. Please wait a day or two to send new emails again.

If you need to send more emails immediately, please upgrade to our affordable Premium version (1 Euro per month) as limits for paying users are much higher. Simply click on 'Premium' in your side menu bar of GMX-Mail.

Please note that GMX-Mail is not meant for sending out mass mailings such as newsletters. Please read our Terms & Conditions for details.

Are email addresses stored automatically in contacts when sending an email?

Yes, email addresses are automatically added to your encrypted GMX-Mail address book when sending an email unless you deactivate this feature. You'll find details here.

Does GMX-Mail support export and import of emails, contacts and calendars?

Emails: You can export/download individual emails or batch-export emails by using multi-select. Email import is not yet possible. We plan to support email import as well as an even easier export function with our new secure desktop clients.

Contacts: You can import and export contacts via Card.

Calendars: You can import and export calendars via .ics. Login with a browser and click on the three-dot button next to the calendar you wish to import data to or you wish to export.

Is it possible to edit GMX-Mail emails (HTML editing)?

Yes, GMX-Mail supports HTML editing options (embed images, add lists, bold, italics, underline, monospace, add hyperlinks, align the text left, center, right, justified, change text size, remove all formatting).

Can I receive notifications to another email account about incoming emails?

Yes, with a paid subscription you can set up email notifications to any email address under 'Settings' - 'Email' - 'Notifications'. You will be informed about new emails once until you log in. Only if you have logged in to view this email, GMX-Mail will send another notification to keep notification emails to a minimum.

As a Free user, you can receive push notifications in the browser, the Android & iOS app as well as the desktop clients.


If I upgrade to Premium, can I downgrade to free again?
Premium Free subscribe unsubscribe

Yes, you can downgrade back to free anytime. Before this, you need to disable all extra bookings. You can keep your main GMX-Mail email address as a free account.

Check here to see how you can upgrade or downgrade and how to add or disable extra bookings (aliases, storage, additional users).

My newly created account has been put on hold for 48 hours after registration. What should I do?

Some accounts are automatically marked for approval upon sign-up to prevent abuse. This often affects IPs from VPN services or Tor as spammers try to bypass our anti-spam protection method by abusing these services. Please read here why the 48-hour wait is necessary to protect your privacy to the maximum with a truly anonymous email service.

During these 48 hours emails cannot be sent or received. Please do not share your new email address before the blocking has been lifted automatically.

I don't receive confirmation emails from services or newsletters. What can I do?

Please check whether the sender was blocked by following this instruction.

Sometimes newly created email addresses are put on hold for 48 hours to prevent abuse. It is important that you do not share your email address until this block is lifted automatically. If you do use the email address to register elsewhere or sign up for newsletters before the block is lifted, this service will send you a confirmation email, which will bounce with a temporary error. This might lead to problems registering with this service, even in the future.

I can't register with my GMX-Mail email address at an online service. What can I do?

Most websites and online services let you register with your chosen GMX-Mail email address just fine. Unfortunately, we have received reports by users that some websites block GMX-Mail email addresses for registrations. Please check these options to resolve this situation.

How do I solve the GMX-Mail Captcha upon registration?

GMX-Mail uses its own Captcha so that we do not have to depend on using Google Captcha. This enables us to offer an email service without any links to Google.

The GMX-Mail Captcha shows a clock. You need to enter the displayed time with four numerals, including the colon in the middle. If the displayed time is 8.30 for example, you have to enter 08:30 or 20:30 exactly.

How do I delete my GMX-Mail account?

To delete your account, go to Settings - Subscription - Delete Account. You need to enter your password upon deletion.

Please note: Deleted GMX-Mail accounts can't be restored. Deleted email addresses are blocked for registration and can't be used again.

Setting up a second factor (2FA) in GMX-Mail

We recommend setting up 2FA because of its security benefits. Learn in our online security guide how 2FA helps you to keep your emails safe from hackers.

Registering your second factor

You can connect your second factor with GMX-Mail in Settings -> Login. As admin you can setup second factors for your users in Settings -> User management.

GMX-Mail currently supports the following second factor types:

  • Security keys (U2F), e.g. Yubikey. U2F is currently supported by Chrome, Opera, and Firefox.
  • TOTP with an authenticator app such as FreeOTP+, andOTP, Authenticator, Authy etc. If setting up a second factor with TOTP fails, please make sure that the time is synced between your devices.
  • We plan to support more second factor types. Please let us know via social media which ones you prefer!

Second factors can be added by administrators and users, but only admins can remove assigned second factors.

Note: If you lose your second factor, you will no longer be able to login to your account. To prevent this, you can add multiple second factors. Additionally, please note down the recovery code shown to you when adding a second factor.

Authenticating with your second factor

During login you have to authenticate with one of your second factors. Alternatively, you may also accept that session from another logged in client. If your browser does not support the second factor you had registered, you can only accept the session from another client.

How to reset your second factor if you lose it

For resetting your second factor, you will need your personal recovery code and your password. You can view and also update your recovery code in Settings -> Login.

If you have lost your second factor, click on More -> Lost account access on the login page. There you will have to enter your recovery code as well as your password to delete all your second factors.