If you're not already aware, there's a few options for providers with differing features. I believe most are compatible with IMAP, and several allow you to use your own domain.
https://www.privacytools.io/#email
​
​
​
​
​
If anonymity is paramount for you, the best you can do is open a free account at Tutanota (and encourage your correspondents to do the same).
Tutanota does not ask for any identifying information at all when opening an account : no phone number, no previous email address, nothing.
If you want to be even more secure, open your account through the Tor browser (not your usual browser), and only ever access it through Tor. This way, your real IP address will never even reach Tutanota.
They don't log it anyway, and they would not give any data to authorities unless there was criminal activity involved and they were served an order by German courts (it's a German company).
On top of this, you can exchange end-to-end encrypted email in a very simple way. You just need to share a password with your correspondent, which has to be done outside of Tutanota.
Even better, if both you and your correspondent open a Tutanota account (and again, it's free), then all your communication will be automatically end-to-end encrypted, without the need to exchange a password.
You can ask for help on r/tutanota at any time. I will be there with other users.
If you have an email client that works well for you, then it might not a huge problem. I prefer webmail, and when you have multiple accounts from the same provider, you have to keep track of which account you are logged into, which I found annoying.
I think you should think about your threat model. Who/what are you trying to protect your emails from? Your family? Big tech companies? Spammers? And what do you want them to not do with your email? Look at them? Use them to harm you?
If you just want to prevent a person from getting access to ALL of your emails, I think your setup could work. Even if one of your accounts is compromised, your other accounts will likely be safe.
A lot of people in the privacy-related subreddits want to prevent Google from knowing all about their life. If this is part of your threat model, then you might not want to use Gmail for everything.
Aliases: "An email alias (or alias for short) is an email address that doesn't store emails: all emails sent to an alias are forwarded to your personal email." (From SimpleLogin's website)
People will tell you that you should use a particular service, but I think you just have to spend some time thinking about your threat model. Once you've done that you'll be able to identity specific problems with your setup, if there are any. And you're more likely to get specific answers with a specific question.
That's true.
https://www.neomailbox.com/about/transparency
Transparency Report
Neomailbox Warrant Canary
The following statement is true on October 1st, 2017: Neomailbox has never released any customer data to any government agency or other entity.
This statement will be updated on the 1st of every month. Exercise caution if this page disappears, changes significantly in content, or is outdated.
Statistics on electronic surveillance by the Swiss Post and Telecommunications Surveillance Service for past years covering all of Switzerland can be found via the links below.
2014: Realtime Internet surveillance: 12 cases, Metadata requests: 18 cases 2013: Realtime Internet surveillance: 21 cases, Metadata requests: 32 cases
Actually it was used as base components for first pilot release. Developing process brings 2nd release based on BitMask with full encryption. Since 4 December we are on 3rd release.
Few more useful tips if you are so interested in software: https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server
You can find more recommendations on alternativeTo. Other free plans I looked at before my recent mail switch were from zoho, which doesnt support imap, disroot, whoose website looks janky in my opinion, and cock.li, for witch you need an invite.
You purchased an invite to Cock.li ? If you give in to such scams, don't complain about being... scammed. Invites are given out for free by people you know, that is if you manage to get one, which is next to impossible.
There is zero reason to open an account at Cock.li. If you're interested in security and privacy, select a serious provider, not an irresponsible prankster.
It's not a new buzz. It's an Internet meme which refuses to die. The guy even has the gall to write, on his website :
>Invites are here! Find any existing cock.li user to be invited.
>
>https://cock.li/register
Of course, there's no link behind the "here" and there's no way to "find" a cock.li user to get an invite.
Jeez watching this made my IQ drop. Some of what he said was factual (and also true about literally every legal email provider ever), but some was just ridiculous. People just accept crap like this as truth at face value? He just says a bunch of stuff that barely borders on and then makes wild conclusions that don't match up. And he thinks "seeing" an IP is the same as "logging" an IP address *facepalm*
"Proton's claims about not logging IP addresses was complete bullcrap..."
lol wut.
Anyway, can't say anymore or my brain will hurt. u/sushibest can you please tell me what "problems" (even though most of what he says is either misunderstood or just flat out false) applies to Proton but does NOT apply to cock.li...? Would love to know.
This website is truly gold to choose an email provider.
I went with Posteo a few weeeks ago after having reading it.
Mailbox.org is often suggested on Reddit and Protonmail also but if you read carefully what the author wrote, those 2 email providers are not really oriented privacy if you read their T&C's .Mailbox.org for, e.g, which is often compared to Posteo, logs many information that are seriously not required.
>This won't protect me if someone has access to my password since they can log in and view the decrypted emails.
If a hacker (or anyone, really) has access to your password, then it's game over for you. You could have the strongest possible encryption, that it would be useless : if the hacker has your password, he is you to the system.
To be more specific, the hacker needs all your identifiers. This also means your email (usually), but this is trivial to get. It may also mean your 2FA secret, or the code generated by your 2FA system. This is an extra hurdle, similar to a second password, if you like. So it's always useful to activate 2FA where available.
However, and I'm saying that in case you're not aware of it, because many people are not, it's completely useless to start using an encrypted email provider if you don't have a password manager, and use different, long and random passwords for each account.
Many people think an encrypted email provider is a magic wand that will protect them from everything. It's not. If you use "password123" as your password for all your accounts, including Posteo, it's a given that at some point, someone will hack into a junk website with low security you have an account at, and use your identifiers to steal your Posteo account.
Hundreds of websites of major corporations with supposedly good security have been broken, so lesser sites are even more at risk.
For the rest of your questions, this might be a good starting point :
You must have made a mistake. You probably registered a different address, possibly with a different Tutanota domain.
>Do you delete inactive accounts / recycle email addresses ?
>
>A deleted email address (also if it is an alias) will not be recycled for security reasons. There must be no possibility that someone else is able to register your previously used email address, and then, by accident, receive a confidential email that was meant for you.
>
>Free of charge accounts are deleted after an inactive period of six months. A regular login is necessary to prevent automatic deletion. We delete such accounts for security reasons and also to allow us offering free of charge Tutanota accounts at all. However, the email addresses of such deleted accounts may be taken over into another paid account and re-used as email aliases or additional user addresses if you still have the valid login credentials.
>
>https://tutanota.com/faq#inactive-accounts
I think that the e-mail comming to gmail can be forwarded to protonmail. But when you reply, the recipient see your protonmail address. Maybe you can reply from gmail if the original message is retained there? Unsure if it can be done to send from protonmail using GMAIL SMTP server. (as a paid client use their bridge app to download mail to client - https://protonmail.com/support/knowledge-base/imap-smtp-and-pop3-setup/ which you set to use gmail's smtp? - if possible)
Here's a piece of advice I can give
Firstly, don't look for a private email service: there is none. the email protocol was never designed with privacy in mind. Every email provider out there that I know still has to turn over user data if law enforcement comes knocking. this is usually not an issue, but in case you want to be the next Edward Snowden then don't use email.
Both protonmail and <strong>cock.li</strong> have turned over user data to comply with warrents. That is no fault of them, and in an ideal world it's definitely the right thing to do
However, I will note that protonmail asks for your god darn phone number on sign up. Like seriously? You're losing points on the privacy aspect before I even finish creating my account!
If you truely want to be private, then I would highly suggest using burner emails - temporary emails used only once. There's lots of good sites out there such as guerillamail which provide one-use email addresses.
For long term correspondence, then I'd suggest using signal. Even if the FBI comes knocking the most the can do is provide your last login time.
TL:DR - Email just plain sucks
PS: Don't use gmail if you care about privacy. It's literally ran by a company whose entire business model is selling you data
While I do still use it,
i don't fully agree with the UI part :).
I still feel like it's unfinished product.
Here are my points:
https://www.notion.so/Mailbox-org-review-eb63bdae7cf94c99bcd92bbc8b023134
Since metadata can't be protected that well, the only way to send secure emails is private encryption. Avoid Protonmail or Tutanota (at least their free version), they can still read foreign emails if they want to. They're good within their domains tho. Allegedly.
In order to encrypt emails in a convenient and secure way, you can use DeltaChat with a trusty provider, like e.foundation or disroot.org
Indeed, the Russian government has ordered a partial block of ProtonMail, preventing some Russian mail servers from reaching us. We have managed to restore services at this time. More information about the block and our recommendations can be found here: https://protonmail.com/blog/russia-block/
If you're not afraid of setting up your own email server, then I'd recommend Mail-in-a-box for you.
This is a newbie-friendly email system setup script, with its own control panel. It also handles DNS for your domain (it has DNS authoritative server), and basically is very easy to use.
You can setup as many email accounts on as many domains as you want, on a simple cheap VPS.
ProtonMail provides IMAP access and macOS support with Protonmail Bridge. It can integrate with Apple Mail.
Hello u/Zlivovitch, I am the founder & CEO of CTemplar.
We publicly state that we use the same encryption Protonmail uses, not Tutanota. And we don't hide it. In fact, we've publically written about this and you can read about it here. We also express their gratitude for their service, and in other places, we recommend using them. You suggested several times we have malicious intent toward them however there is none. I view Protonmail as a fellow soldier in the war to protect people’s privacy & security. We might be a good fit for some people and not for others. We are not trying to become the next Gmail, we are seeking to serve a small group of people who want a specific type of secure email.
Kind Regards,
There is no way to do this, as far as I know.
I assume you want a specific person to receive that warning, not all your correspondents.
If your email provider or email client allow this, you could write an automatic answer for that person alone. But anyone with a minimum of technical knowledge would see it is fake : since it would come from your email address, it would be obvious the incoming mail has, indeed, arrived.
You could, however, write an automatic answer saying the message has not been read, and has been deleted upon arrival ; and it could even be true, if you create a rule to that effect.
But unless I'm mistaken, there's no way to fake the actual technical message that the sender receives when the destination address does not exist, for instance, or if the server rejects it for another, technical reason.
Maybe you can fake it if you have your own custom domain, and your host allows it, I don't know.
There is, however, a workaround, but you would need to set it up in advance.
Open an account at the alias provider and remailer Anonaddy. Link it to your main email account. Only give Anonaddy aliases to persons, or sites, which you want to be able to block in the future.
If one particular sender annoys you, you can either "deactivate" his alias, and you won't receive his emails, without him being warned of it ; or, you can "delete" it, you won't receive his emails, and he'll be warned they did not arrive (I think the actual error message says the address does not exist).
So-called "deleted" aliases can be undeleted later, if you so wish.
I use Mailfence as a personal email, but also have implemented it as my default business email, it has been 4 years now. Can't explain how much of a peace of mind I have... under belgian jurisdiction, very safe. absolutely recommended.
I'm sorry but I'm not even going to bother addressing that.
He's lambasting Mailbox for using in browser javascript for encryption and decryption which is exactly what Posteo, (and all other mail providers offering encryption in the browser of any kind), who he praises and clearly "trusts", does.
https://posteo.de/en/site/features#leistungendatenschutz
He's entitled to his opinions as much as everyone else, but his arguement(s) make(s) no sense from a logical perspective.
>What are you referring to ? Unless there's some special feature of Posteo I'm not aware of, this is not possible, and it does not even mean anything.
It may surprise you, but some e-mail providers actually have features that they don't advertise. I can only guess that a very good reason is that some features don't fully work as intended in some cases, so best not advertise them, but just leave them in. I know because I also do this on my e-mail hosting service. And yes, there are providers that allow you to connect other e-mail accounts to them via IMAP and/or POP. (Even Gmail has this feature via POP).
​
>What you link, through the IMAP protocol, to an email account, is an email client. That is, a software program which sits on your computer, or phone, and communicates with that email account, sending emails through it, and retrieving them so they can be managed locally.
"a software program which sits on your computer" is not the only thing that can access and account via IMAP. There are online services that can connect to other accounts using IMAP. In fact, a lot of webmail clients ARE IMAP clients. Take RoundCube, the webmail used by Posteo, for example. You will see the first line in the description on their website that RoundCube "...is a browser-based multilingual IMAP client "
Posteo is probably using this RoundCube plugin to give its users the ability to add IMAP accounts to their "browser-based multilingual IMAP client" (RoundCube)
I know you're helpful in these topics, so I feel you should know about this so you can help others better.
To the best of my knowledge, your best options are OnionMail and cock.li
For your privacy not to be compromised you need the ability to create the account using Tails or Tor and not being required to provide any information.
Tutanota also complies with the above, but you can only use it through is web portal, so you cannot integrate this provider with your own client side encryption.
Both OnionMail and cock.li will allow you to communicate with their servers using POP via Tor circuits, so you can use PGP encryption in your email client.
OnionMail goes one step further because you HAVE TO create the account using a hidden service and it DOES NOT allow you to communicate with the POP server WITHOUT using Tor, so it forces you to be disciplined.
I reccomend using Fastmail my man, try it for 30 days free and you can cancel any time. I tried it and decided to get it and I never turned back.
this is a 10% discount link if you're interested.