Does MXRoute encrypt emails at rest? If so who has access to the keys?
Great question!
They are not stored in such a way, rather they are stored in default Dovecot maildir format.
Edit: To add to this, it does mean that your email is completely exposed to our admins (this is a standard practice, and should be assumed the same for any service that does not express otherwise). However, it would be wrong of me to say this without expressing “why” we do not want to read your email. Reading your email makes us legally liable for their contents, and this is not a sound business practice. We prefer money over knowledge of that which is not ours to know, and the liability that is coupled with it.
Also… email isn’t a secure thing anyway. For decades, SMTP exchanged messages in clear text – visible to anyone who happened to be snooping the wire. Likewise, they were stored in clear text on the recipient’s server (and any intermediary relay, for at least a little while). You had to take additional steps, such as S/MIME or PGP, to obfuscate messages on the wire and in storage.
It’s only within the past few years that SMTP conversations between MTAs (message transfer agents – all the servers in the path) have supported SSL/TLS. These days, most MTAs will attempt to use TLS for message exchange and fall back to clear text only if the TLS setup fails. But the use of TLS on the wire in no way guarantees that messages in storage will be encrypted. They won’t. You still have to use a message encryption tool for that.
All that is to say this: given the age and design of email on the Internet, you should assume that it isn’t a private communications mechanism. Unless, of course, you and your senders/recipients agree to use something like S/MIME or PGP.