Alternative, privacy focused email providers similar to Gmail and 'promotional' mail

BoiBoi

Pelican
(Paid) German provider Posteo runs its own Servers in Germany and (allegedly) does not cooperate with law enforcement. You can even set up the service sending them cash by envelope so that you don't have to reveal your identity to them. Not sure, if this is actually the case, though.
 

Cervantes

Woodpecker
I'm interested in transferring my personal domain away from GoDaddy and over to Epik. However, it's unclear to me that Epik also provides email hosting that will allow me to keep the '[email protected]'sDomain.com' email address that I've had for over 10 years.

Anybody have experience with this? Or is it better to just ditch my old email address and go with a proven-secure provider like ProtonMail?
You a can move to protonmail and still use your own domain. Its easy to do.
 

Cervantes

Woodpecker
Could you explain this in more detail? Everyone who DIY's their own server say it's a piece of cake. But, I have to think it's selection bias.
Setting up the software is easy - but I was getting a lot of spam. So then I had to set up a spam blocking lists that block email from certain compromised transfer agents, and from certain spammy domains. This is a system that has to update itself regularly. Then I had to implement statistical spam filters that detected certain spammy phrases. Detectors themselves have to be updated regularly. Perhaps modern email hosting systems have all this stuff figured out now. But it was a pain to do when I last tried.
 

redbeard

Hummingbird
Moderator
Setting up the software is easy - but I was getting a lot of spam. So then I had to set up a spam blocking lists that block email from certain compromised transfer agents, and from certain spammy domains. This is a system that has to update itself regularly. Then I had to implement statistical spam filters that detected certain spammy phrases. Detectors themselves have to be updated regularly. Perhaps modern email hosting systems have all this stuff figured out now. But it was a pain to do when I last tried.
Gotcha. What did you use to set up the server? I was just looking at Mail-in-a-Box, and they have spam filtering built in.
 

Coja Petrus Uscan

Hummingbird
Gold Member
Long ago I hosted my own email - but that was definitely not worth it. You end up spending lots of time updating it to keep up with the latest trends in spam control.

I think things have come on a bit since then. I don't have any black lists and don't get spammed. But my understanding is to block you just setup the email to use some spam list like Spamhaus and they do the blocking.

Now you need to generate public and private keys on your mail server and put them into your DNS as a SPF and DKIM record. This sets a list or a single IP that is allowed to send email + the signing. Most big-email services put anything into spam that fails SPF and DKIM.

To setup an email server on Ubuntu or similar,

Mail server: https://www.linuxbabe.com/mail-server/setup-basic-postfix-mail-sever-ubuntu
For the SPF DKIM: https://www.linuxbabe.com/mail-server/setting-up-dkim-and-spf

If you want to do your own mails my main recommendation is to make sure it's on a server you will be sticking with for a long time, because it is a bit fiddly. Though I have never had any maintenance in several years of hosting, setting it up again is the second biggest job of moving server for me.

If you want a nice little box to work with, I would recommend this $60 / year, 500GB HDD, 2GB RAM with 10 MB/s line:


I used to have one of these as a torrent box, for emails and to host a couple of straggling client's sites. It is the perfect box to host a few off-the-beaten paths goodies on. Torrents are much faster if you have a box. I used to download to the box, then D/L from there. That way you can be a seed and not a leech. Particularly in my home country, where the upline is 10% of the down - really hampers speeds. Though I don't watch anything now. But you could easily have your emails, torrents (Deluge), Nitter and nodes for Mysterium dVPN and Presearch.

I believe it beats VPSs, which is my experience are sluggish and have issues with getting throttled and being booted off for using too much resources.

You will need to write a script to check the page every five minutes for availability, as they go like hot cakes. There is/was a service that claims to do the same, but I am not sure if it worked.

The owner of the company is also on-side. Here he is tipping the hat to Twitter censorship (Drumpf!?!?)

 

M'bare

Woodpecker
Gold Member
So is there an encrypted app that isn't a honeypot/corrupted to use? People are getting on Signal, but the word is that it's not secure.

What to use besides Protonmail?
 

typtre

Robin
I use msgsafe.io, there is no app for it so you have to use the browser and the interface is a bit so-so. Based in Panama. But I found a table of email services with a rating on every imaginable flaw with regards to security and msgsafe was one that seemed to be most in line with my needs. Cannot find the table right now because the internet is forever ruined by SEO:s trying to make money.
 

PixelFree

Kingfisher
Email should be hosted by you, for you. Get a $3/month VPS and deal with it there.

Because nobody is willing to deal with this service themself, it created the rise of the gmails, yahoo mails, etc. that have been harvesting data and infringing upon our privacy for close to two decades.

I would be happy to pay and have the tech skills. What I don't have is the time for stuffing around with it AND most importantly our lives are all so email dependant these days I can't deal with having my mail offline for a day or (even worse) losing an important email like a bill I need to pay.

I have setup my own mail server before and it wasn't that straight forward. Dealing with Spam was the biggest pain.

Instead of a full SaaS like Gmail et al, or a full IaaS like a VPS / Digital Ocean / Vultr / etc (where they provide a machine and you have to install/update/backup/patch/configure/etc everything from the OS up) is there a middle option?

Similar to a WordPress managed service (e.g. WPEngine, Cloudways) where you still have all the privacy/flexibility but a lot of the day to day maintenance is done for you? I think this is referred to as a PaaS or managed instance/service.
 

Coja Petrus Uscan

Hummingbird
Gold Member
So is there an encrypted app that isn't a honeypot/corrupted to use? People are getting on Signal, but the word is that it's not secure.

What to use besides Protonmail?

I think trying to do anything private on Android is a waste. We've seen the extent of what Facebook et al were picking up via Android - lots of stuff with nothing to do with Facebook.

You need a de-Googled phone. Tutanota have a FOSS mobile app, but I'd steer clear. There are FOSS mail apps like K-9 Mail.

For messaging Element.io seems to be making the most ground. But there is not that much point in going all the way if all your contacts are on Android.
 

Bird

Kingfisher
German provider Posteo runs its own Servers in Germany and (allegedly) does not cooperate with law enforcement.
I don't buy this. If they don't cooperate with law enforcement they will be enforced next.


You can even set up the service sending them cash by envelope so that you don't have to reveal your identity to them.
That only makes sence if you use it along with a VPN and never send personal details by email,
otherwise they see your real IP and can give it to the enforcers.
 

redbeard

Hummingbird
Moderator
Has anyone heard of Helm? It looks like a private email, calendar, & storage solution that you self-host at home on their hardware. It looks very early and doesn't seem like it's open source (yet), but could be something to keep an eye on:
 

Athanasius

Pelican
German-based mailbox.org is less expensive than Protonmail. It includes a calendar and also cloud storage so you can dump Google Drive. I'm not a privacy expert so I can't speak to its security vs. Protonmail.
 

Coja Petrus Uscan

Hummingbird
Gold Member
Answer to this: https://www.rooshvforum.com/threads/paying-for-an-online-e-mail-provider.39422/


What do you use email for? I more-or-less never use email for personal use. It's level of security is very low, looking at it from any angle. You can do all you want to secure your email, but there is a ninety-odd percent chance you are receiving and sending emails to emails hosted by Google, M$ etc.

I use email for two things: work; and personal financial and shopping sites.

There are a few things I would recommend:

1) don't use major services like Gmail
2) don't use services that retain all your data on their servers (like Protonmail without Bridge) - you want to be able to access them via IMAP and scrub them on the mail server
3) use your own domain with a catchall (can accept email to any address on a domain, e.g. [email protected], [email protected]...)
4) delete emails from the mail server once downloaded, sent

On point 2) if you happen to have your centralised 'private' email account subpoenaed - you don't want 10 years of your emails on the server (which you can't search anyway on Protonmail) resting on their server. I run my own mail server and emails are scrubbed from the server after they are downloaded to my computer. So if the feds get access to my server, all they will have is whatever new emails that come in.

I'm not sure what service encompasses all those, but Protonmail using their Bridge will probably do it.

But I think the more imperative aspect to have covered is having a catchall email on your own domain. You can find cheap domain extensions here: https://domz.io/. You can get them from at least $3/year; maybe $1-2. You need to make sure the renewal price is the same price.

There are a number of bodies that are creating profiles on us with up to 10,000 attributes (as of 2017 - https://crackedlabs.org/en/corporate-surveillance). If you are using big tech, you are giving them reams of info. If you care about your digital privacy all of that has to go - Google account, Facebook, IG, Youtube, Whatsapp...

Your data is bound together on certain fingerprints, e.g. email, phone, address, cookies for big tech - trackers and ads. You should use a unique email for every website you sign up to on your catchall domain. If you do this, it will foil a lot of this automatic binding. Also when you buy stuff online have it delivered to different fake names.

Fretting too much about email security is not worth it. Any centalised system will go under if they don't hand over what the feds want. The best solution is hosting it yourself, but then your corespondents will almost definitely be compromised. If you wants relative assurance in private communications you need two people communicating via Matrix/Element, with both users on either Linux or Graphene/Calyx.
 

Coja Petrus Uscan

Hummingbird
Gold Member
Using a catchall can lead to lots of spam in your inbox, I did it once and never again.

I've not had problems with this. I think this may be because advances have been made with anti-spam measures in the last several years.

In the Postfix mail server you can exclude emails from catchall as so in /etc/postfix/virtual:

[email protected] error:nouser 550 User unknown
@rvf.am username
 

skullmask

Woodpecker
Fretting too much about email security is not worth it. Any centalised system will go under if they don't hand over what the feds want. The best solution is hosting it yourself, but then your corespondents will almost definitely be compromised. If you wants relative assurance in private communications you need two people communicating via Matrix/Element, with both users on either Linux or Graphene/Calyx.

I've just set up my own private email server because I want to get rid of my gmail. I'm pretty new at this though, so I really don't know what I'm doing. I used the following tutorial to do it, using a script provided in it to set my email server up:

 
Top