I’ve been a ProtonMail user for 6 years already but must admit that I’m one of those that is not liking the direction the company is taking and find it worrying, specially now that they plan to launch an office suite that I don’t need or want.
I run most of my cloud services self-hosted except email but I’m not fully ready (hardware & software - wise) to admin my own encrypted email server although I don’t discard I’ll do so in the future. I already know Tuta and it’s defo another option but my ideal one should be one that could be used directly with email clients like Thunderbird (I don’t mind managing my own GPG keys) so I see Tuta as the retreat option.
So, any ideas for a reliable encrypted email provider other than self-hosting?
You must log in or # to comment.
I ditched Proton (and their weirdo CEO) for Fastmail and I’ve been very happy with them
It rather depends on what you mean by “encrypted email provider”. Proton don’t do anything magical, incoming emails arrive unencrypted and they just encrypt them for storage. Likewise, outgoing emails may be stored encrypted, but aren’t encrypted on the recipients end. In both cases the email is unencrypted at the remote party’s end.
If you want encrypted email between you and someone else the solution is GPG encryption. It’s not too complicated to set up, but does involve both parties using it, so you’re probably not going to get your bank on board, for instance, but it works between friends. The other big advantage is that it works with any email provider, “encrypted” or not. The very nature of email means that the headers need to remain plaintext so that the mail can be routed, but even proton can see those on incoming or outgoing mails.
Contrary to popular consensus, I’d say that hosting your own mail infrastructure isn’t too difficult if you are willing to make certain compromises. Hosting incoming mail is a case of deploying one or more SMTP servers that can only receive email for your domain and store it on an IMAP server. All these components are well documented (I like postfix for SMTP and Dovecot for IMAP). Register these servers as the MX records for your domain, and you have incoming email. Spam filtering is a separate issue to look into, but quite doable. Outgoing mail is slightly more tricky, but there are various well trusted SMTP relays you can use for that. I have used Amazon’s SES service successfully, and I’m looking at SMTP2Go, as they seem to have a free tier that woud be well suited to a personal email setup. Remember, the incoming and outgoing servers do not need to be the same, which seems to be what trips a lot if people up. You do need the appropriate SPF and DKIM records for the outgoing servers on your domain though.
Yeah, I know emails will navigated unencrypted outside of my server (in case I decide self-host), encryption at rest is muy first priority with the added benefit that those other using the same server (i.e. family) can also get end-2-end encryption
But as I said I’m not ready, my current homelab server is already reaching capacity and I know that a wrongly configured SMTP will get blacklisted and then good luck (happened already once with another domain)
Anyway, I’m not giving up that just yet but in the meantime just wanted to know about other providers as potential alternatives.
It is extremely difficult to self host emails, mainly because most servers will not have you whitelisted, or will blacklist your server as soon as you send something even slightly weird in your headers, which you will do as you learn how to configure whatever thing you find.
You will need to register your domain, acquire a trusted certificate and register dns records with all this information to even hope to have an email be delivered to someone’s inbox if they are not on your server. Lookup SPF on wikipedia.
so unless you want to only send emails to accounts handled by you you will need to publish a lot of information just to be able to communicate with others.
I suggest you pay someone that is not proton if you are not happy with them. You can always layer gpg ontop of any other email account, thunderbird does that by default with two flags.
I would echo others advice to avoid self-hosting emails, as it’s just impractical and frankly just won’t work properly for reasons you can’t control.
We far as mail providers go, I don’t know if mailbox.org meets your requirements for “encrypted”, but have a look at them.
Mine concern with self-hosting is on how unpractical it will become overtime, I self host already several services but I’m sort of aware that going the route of self-hosting with regards to email it’s going to involve being a bit more hands-on.
Thanks for the heads-up on Mailbox.org, looks interesting and it’s good see another European service on this space. Wished they offered an option for Email-only (with contacts maybe as long as I can sync them with my server) with higher storage capacity. From their website the bigger capacity plans include and online drive and an office suite, things I already have solutions for I don’t want/need a third-party to be in charge of.
The impracticality of mail self-hosting has nothing to do with the actual host, or the service on the host. Those are like any other service. It’s about getting others (Google, yahoo, whoever) to accept emails from you and not consider it spam. If they stop accepting mail from you, or never even start, you can’t even do much about it. You might have to write individual requests for basically every major mail host. Mails will fail to send, a lot. So it’s not up to you to fix this when it doesn’t work, you realy on them to white list you. It’s just not gonna work.
As for Mailbox: the “standard” mail plan includes a very small drive-like storage (5 GB I think?), but it’s mostly mail storage (10 GB) and you can add on as many GB as you like (0.20 € each I think).
Cool, I may test their basic plan and see how it goes. And yeah, I’m aware of the issue of email servers being blacklisted, I indeed did the experiment before moving to Proton and experienced precisely that.