I’ve been a ProtonMail user for 6 years already but must admit that I’m one of those that is not liking the direction the company is taking and find it worrying, specially now that they plan to launch an office suite that I don’t need or want.
I run most of my cloud services self-hosted except email but I’m not fully ready (hardware & software - wise) to admin my own encrypted email server although I don’t discard I’ll do so in the future. I already know Tuta and it’s defo another option but my ideal one should be one that could be used directly with email clients like Thunderbird (I don’t mind managing my own GPG keys) so I see Tuta as the retreat option.
So, any ideas for a reliable encrypted email provider other than self-hosting?
It rather depends on what you mean by “encrypted email provider”. Proton don’t do anything magical, incoming emails arrive unencrypted and they just encrypt them for storage. Likewise, outgoing emails may be stored encrypted, but aren’t encrypted on the recipients end. In both cases the email is unencrypted at the remote party’s end.
If you want encrypted email between you and someone else the solution is GPG encryption. It’s not too complicated to set up, but does involve both parties using it, so you’re probably not going to get your bank on board, for instance, but it works between friends. The other big advantage is that it works with any email provider, “encrypted” or not. The very nature of email means that the headers need to remain plaintext so that the mail can be routed, but even proton can see those on incoming or outgoing mails.
Contrary to popular consensus, I’d say that hosting your own mail infrastructure isn’t too difficult if you are willing to make certain compromises. Hosting incoming mail is a case of deploying one or more SMTP servers that can only receive email for your domain and store it on an IMAP server. All these components are well documented (I like postfix for SMTP and Dovecot for IMAP). Register these servers as the MX records for your domain, and you have incoming email. Spam filtering is a separate issue to look into, but quite doable. Outgoing mail is slightly more tricky, but there are various well trusted SMTP relays you can use for that. I have used Amazon’s SES service successfully, and I’m looking at SMTP2Go, as they seem to have a free tier that woud be well suited to a personal email setup. Remember, the incoming and outgoing servers do not need to be the same, which seems to be what trips a lot if people up. You do need the appropriate SPF and DKIM records for the outgoing servers on your domain though.
Yeah, I know emails will navigated unencrypted outside of my server (in case I decide self-host), encryption at rest is muy first priority with the added benefit that those other using the same server (i.e. family) can also get end-2-end encryption
But as I said I’m not ready, my current homelab server is already reaching capacity and I know that a wrongly configured SMTP will get blacklisted and then good luck (happened already once with another domain)
Anyway, I’m not giving up that just yet but in the meantime just wanted to know about other providers as potential alternatives.