I would like to be smarter about who does all that network transmission of my email.
Threat model: I do not want to give up my personal behaviour data too cheaply to train someone else’s algorithm. My behaviour data is a resource that I will charge a premium for as long as I am allowed to. Hence for me, no gmail.com, no outlook.com, no yahoo.com, no hotmail.com. Google mail exists and is free, but that is effectively selling my personal data to faceless foreign corporations. Given that I have the privilege of income, I will happily pay a premium to not be a data point for them. In practice, many my contacts insist on using gmail, so I am not entirely depriving Google of my delicious data by opting out, but I will hopefully reduce their prying, and facilitate other opting out? Also why not reward companies with less icky business models by voting with my dollar?
Alternatives: If I had time I could host my own encryption-friendly mail server, but life is short and I am not THAT passionate. Middle ground: Pay a reputable email provider in a good jurisdiction to provide my email services for a reasonable price. To that end, here are some reasonably-reputable 3rd party email providers offering a selection of different trade-offs in price and privacy.
TODO: distinguish between hosting a MTA (i.e. SMTP) server which will send/receive emails ,and hosting a server host mails which let my mail client read received messages (e.g. over IMAP). The former is hard and thankless, and the latter is not so bad, plus can use someone else’s SMTP server.
What exactly secure email might be is complicated, but tl;dr: do not use email for political dissidence or illegal things, because there are just too many weak links, and your entire correspondence history is on the line every time. Governments can typically get at at least one recipient any email. With that said, there are degrees to awfulness, and I prefer less gross corporate spyware in my life, and to at least increase the cost of state spying so I still think it is worth trying to find less icky mail servers. These are some commonly cited harm reductions:
- Favourable jurisdiction. Good idea. I favour options who in principle won’t give up my email without telling me because of legal protections.
- GPG encryption of messages to people in my chain of trust has the virtue of needing no help from my email host, in principle. I am unconvinced gpg email is practically worthwhile. If I were to give it a go, I would prefer to use an email client that supported it. Combo host-and-client systems like gmail are not conducive to cunning processing of the thing.
- Other host-proof encryption: The host cannot see my emails in storage, but without the tedious key exchange step of GPG. Also probably not worthwhile; whether the email hosts can be trusted truly handle that mail without snooping before it gets encrypted is a question of trust and law. Email is just hard to do gracefully.
Recently the surveillance environment has continued to deteriorate, and I’m revising my priority for encryption upwards, despite the qualms. I am now prepared to pay more to make it less convenient for mass surveillance, using host-proof encryption providers such as tutanota and protonmail. I still stand ready to send a GPG encrypted message to someone one day.
The trigger is that the EU appears to be sliding into mass mail interception and surveillance. See Chatcontrol.eu for background on that.
Protonmail in principle can’t give up your email because they (claim to) never1 see your unencrypted data: This is less convenient than a standard host, but in certain worlds might be fun/useful, especially in a post-chatcontrol world.
USP: paying customers can access their encrypted mail with a normal mail client via an encryption app, the Bridge
Annoyingly, as with all the host-proof email providers, these folks do not interoperate with other host-proof encryption systems.
tutanota is similar to protonmail, in the sense of being encryption heavy for what that is worth. Since they are domiciled in Germany, inside the EU, they may now, or soon, suffer from a legal requirement to spy on their customers. I wonder if the technical barriers they have erected in this case will be sufficient? You must rely on their in-house mail-client; there is no support for a classic mail client on this service.
posteo is a pro-privacy german email host. I forget if they are actually encrypted. Major shortcoming: you cannot use custom domains, and so must have an address @posteo.something, which is not ideal for my purposes.
Our guiding principles regarding email have been to use centralized servers as little as possible and store the least amount of encrypted data needed to deliver a full-feature email service. We also wanted to support sending and receiving emails from outside the network (from Gmail, Yahoo, etc.) so that the Telios platform could become a viable alternative for users looking to migrate from services like Gmail.
Users hold the encryption keys, not Telios. Your encrypted emails are stored in a decentralized storage service called Sia, and pinned on IPFS. This enables users to store and share data in a way that is secure, efficient, and scalable.
GANDI (affiliate link) is a french DNS host which has diversified into other server stuff. They stand in for a bevy of interchangeable generic mail hosts. If you already host your domains with them it is convenient to host email as well; see the mail docs. The service is full featured and obviously supports custom domains. It is missing one or two things that would be nice (catch-all addresses and CalDAV) but is perfectly functional AFAICS, and extremely cheap. They will likely soon be implicated in mass surveillance of mailboxes, however, because of being in the EU.
eclipso is another German provider, so once again in a (previously?) relatively favourable jurisdiction. They have lots of features, suspiciously many features really, including, weird unique ones (email-fax gateway, email-physical mail gateway…). Custom domains are only available on the “business” plan at EUR6/month which is fine, but actually I just freaked out at how service-packed they are and ran away.
fastmail is easy to set up and simple. A potential is that they are run out of Australia, whose respect for privacy and due process is on a downward slide. Since I am not trying to conduct illegal business by email, this is not a dealbreaker per se, but all else being equal, why jump aboard a sinking ship when there are similarly priced alternatives in better jurisdictions without such grim disregard for transparency and due process? There would need to be some serious compensating virtue which I cannot see right now.
Maybe Gohosting would provide such a compensating virtue, such that it would be worthwhile to use an Australian host. They are a local operation who are small enough to have the virtue that I can phone them up and complain to a real person if anything happens that I get sad about. I could be persuaded that the personal relationship of a small scale local provider mitigates some of the nastiness of the bulk surveillance economy. HT Luke Snarl for mentioning these folks.
On that note, Hey promise a radical redesign of the email experience and promise much fancy eye candy. Sadly, they are in a terrible jurisdiction (USA) but maybe the value add is good. Is it good enough to justify keeping your email in the NSA browsing library? Not sure, did not try.
Kolabnow is a Swiss provider of email and groupware services, with a reasonably favourable jurisdiction and they wave the flag for privacy a lot. I was using them for a long time, but no longer. Reason: I got locked out of my email for a crucial 3.5 days due to a UX fail followed by a server glitch on the Christmas holiday. I have switched mail providers now, to GANDI, which is not as primo, but is cheaper. Service before that was excellent, so this may have been unfortunate timing rather than a preventable cockup but … too late now. By the time I got the explanation out of the service contact my email was all in France and I cannot be bothered moving it back.
Running my own email server
- Running dovecot as a local only IMAP server on OS X
- Mailbox Formats
- dbox Mailbox Format
- Maildir Mailbox Format
- Fun fact: Dovecot supports Replication
- isync: free IMAP and MailDir mailbox synchronizer
- OfflineIMAP/offlineimap3: Read/sync your IMAP mailboxes (python3)
- OfflineIMAP community’s website
- Some real use cases
- Maildir format should work in a sync folder.
Mailpiler is a webserver which provides a front-end to a MySQL index of all your emails. Is that what you want? Are you spending your time wisely?
I am curious about what never means — external mail to you does not arrive encrypted↩︎