Leading Cybersecurity Issue

In 2019, data breaches cost companies over $1.2 trillion, and virtually every data breach began in the exact same way. Data breaches almost always begin with hackers sending an email link that uses a technique called cloaking to bypass email security. An analysis of thousands of live phishing sites found that 95% of the sites used IP cloaking to bypass security, and nearly 100% used some form of cloaking. Can hackers use cloaking to breach your company? If your cloud-based email relies on time-of-click link scanning, you are wide open to attack. All link scanners have a design flaw that makes your company vulnerable to this attack used by 95% of professional phishing sites.

The design flaw makes bypassing security trivial: the hacker's link sends benign content to the link scanner and sends malicious content to everyone else. That's how hackers cloak malicious content with near 100% effectiveness. The largest cybersecurity vendors' link scanning security is easily bypassed due to the following flawed design:

The largest cybersecurity vendors' last step is to hand control back to the hacker's link. Of course your company can easily be hacked with this inherently flawed design.

TocMail's founder discovered an incredibly simple solution to this all-important problem. When the final destination is deemed to be safe, simply send users straight to the final destination, not the original link. Therefore, the original link cannot take users somewhere else. We call this solution "PhishViewer."

The following video demonstrates our patented PhishViewer solution overcomes the design flaw of the link validation used by other cybersecurity vendors.

TocMail is a full-featured email app with PhishViewer security embedded inside.

'TocMail' stands for 'time-of-click mail.' TocMail is the only time-of-click mail capable of defeating the attack that professional hackers use to bypass other cloud-based time-of-click services.

Almost every data breach begins in the exact same way, and now your company can finally stop them. Your company can permanently block the vast majority of hacking in minutes, simply by using TocMail to access emails. Our solution to the leading cybersecurity issue is instant to deploy, simple to use, and uniquely effective.

For more information about data breaches and how to stop them, see our whitepaper entitled Hacking Exposed.


Never Fear Clicking Email Links Again

TocMail employs a two-step design to keep you safe regardless what the hacker's link does:

  • Final Destination is Safe: If the final destination is safe then TocMail sends you straight there (so that the hacker's original link cannot send you anywhere else).
  • Final Destination is Indeterminate: If the final destination's safety is indeterminate, TocMail shows you the name of the owner of the final destination. If the owner is who you expect then click "Proceed" to go straight there. Otherwise, you can delete the email and you were kept safe.

For example, PayPal is one of the most common sites that hacker's duplicate. Here's how TocMail's two-step process puts an end to this:

  • If the hacker's link sends TocMail's scanner to then you will be sent directly to — keeping you safe.
  • If the hacker's link sends TocMail to an indeterminate final destination then you will be shown the owner of that destination. Since the owner will not be "Paypal," you will know to delete the email — keeping you safe.

The following video shows how you can be safe, regardless of what the hacker's link decides.

No matter what the hacker's link decides to do, you can be safe every single time. Simply delete any emails where the owner of the final destination isn't who you expect. With TocMail, you never need to fear clicking email links again.

For technical details click here


PhishViewer Security Simply by Reading Your Emails with Our App

You can protect yourself right now from the most common email hacking attack — free for 30 days. To get started:

  1. Configure your email account to accept password authenticated IMAP access.
  2. Login to your email account using the Login menu option above.
  3. Install the TocMail webapp on your mobile devices for one-click access on phones and tablets.

After the 30 day trial, you will be given the opportunity to continue using TocMail for only $3 per email address per month.


Corporate Address

For immediate assistance, please visit our support center to submit a ticket. For all other inquiries, contact our corporate office below.

TocMail Inc.

3901 NW 79th Ave

Suite 245 #873

Miami, FL 33166



Security and Privacy by Design

TocMail Privacy Policy

TocMail Inc. considers your privacy equally important to your security.

TocMail's core email functionality is built upon the open-source RoundCube platform. This secure email platform has been commercially stable for over a decade, and millions of users currently access their email through RoundCube. To the best of our knowledge, RoundCube doesn't transmit any tracking information to outside third parties.

TocMail's webapp stores the following in our company's internal databases: the IP address of your first login, the IP address of your last login, first login time, last login time, and number of failed logins. We use this information to protect your account against others who may try to access your account.

Caching of your email contents by the TocMail app is done in a secure manner. All caching is done by our proprietary Turbo TocSwitch (which enables our webmail to provide access speeds comparable to native apps). In-memory caching persists for as long as the Turbo TocSwitch is operational; however, in-memory caching is quite secure. On-disk caching is temporarily used for outbound messages. Outbound caches are deleted the moment emails are delivered, resulting in most caching lasting a fraction of a second. Companies that require additional compliance or security measures can take advantage of our Bring Your Own Server program, allowing them to operate TocMail servers on-site in any manner they choose.

Each time a new user signs up, they will be required to complete a Google Captcha. Also, a Google Captcha is required the first time that a new user logs in. This is necessary to protect our users against automated bots. See Google's privacy policy for updated information on how they handle the information collected. Please note that additional captchas are not required after a user has successfully authenticated themselves.

Our company hasn't added any cookies or tracking to our website. However, our website has been constructed using a CSS framework developed by W3Schools. It's possible for this third party to know when you access this site as its resources are downloaded to your browser.

TocChat Privacy Policy

TocMail Inc. only retains your phone number for identity verification purposes when logging into TocChat. We do not sell nor use your phone number for any other reason.

TocChat uses SendBird's messaging infrastructure. SendBird stores the chat exchanges until the respective channels are deleted. In the near future, TocChat will be offering total encryption (both end-to-end and at-rest). With the release of this version, neither SendBird nor TocMail Inc. will have access to any unencrypted forms of your transmissions thereby guaranteeing complete privacy in all respects.