Oddbean

Pro/Con of “Private” Email Protonmail Pro: Allows Tor, Many use it so network effect of proton to proton encryption Con: Huge increases in data handoffs to governments makes you question how much data they can get, some question if it’s a honeypot. Even if not, you’re potentially targeted for even being there, and they have a bad track record. Tutanota Pros: Better track record than Protonmail Cons: Bans Tor and many VPNs. Severe Browser fingerprinting annoyance when signing up. They auto-delete your account if you don’t login for 6 months, but you can get around this by adding 2-factor authentication TOTP with KeePass XC Skiff Pro: Fast sign-ups, very easy to get a burner account Con: They use Cloudflare. Cloudflare intercepts all traffic, so 0% private. This company is essentially propaganda. Mail in a Box (software) This is self-hosting using open source software on a VPS Pro: More private than any provider. It does most of the setup work for you Con: Requires $5 to 15 a month on a VPS (but can be split among friends). VPS provider can still access emails by snapshots of memory. Unless you put it in a docker container, you can’t do anything else on the VPS Luke Smith Scripts (software) Pro: Fast way to get an email VPS setup Con: Requires it to be put directly on the server, which can mess up OTHER things you got going on there, like using aaPanel aaPanel (software) Pro: Easy to manage a lot of services going on, including WordPress or databases with your email Con: Not worth setting up this whole thing up for JUST email. Follow on Nostr for more!

https://proton.me/legal/privacy I think for most use cases their security is pretty good. The transparency seems to show a fairly proportional increase in accommodation of requests as the user base has expanded. Almost anything is better than running unencrypted traffic through your ISP directly.

Protonmail has your private keys😃 And... Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk.

Not perfect. In the case of the disclosure of information about the French activist, Proton stated that if he had used the Proton VPN in conjunction with the email service there would have been no viable information to disclose. Improper use of the technology isn’t the fault of the provider necessarily, but having the necessary technology to attain the privacy claims of the system integrated together would be a logical, but rarely utilized approach to product development.

Account Activity: Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times. We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to your Account, or from Proton Mail to external unencrypted email services, are scanned for spam and viruses to pursue the legitimate interest of protecting the integrity of our Services and users. Such inbound messages are scanned for spam in memory, and then encrypted and written to disk

I don't know what are you asking for. Why is it more secure using Gmail + GPG or Delta.Chat ? Your keys your data. Protonmail scans your emails and possesses your private keys. Why I don't use Gmail? I don't like it.

the last 3 all share the con that comes with VPS, but you only list them for the first. can be mitigated by running on non-shared servers. even at home on a #raspberryPi if you feel like tackling the non-dialup-ip problem

Self-custody your email! https://hub.docker.com/r/mailserver/docker-mailserver#! Its a bit of a nuisance setting it all up, and you need some kind of domain name. But do it once and put a Tor hidden service in front of it for access and you've got your own Protonmail. TLS is enabled by default, too. If you need to hide your IP, don't do this, you need a hosted service and your ability to protect the contents of your email against snooping is minimal then.

Any free options that allows separate clients like using smtp? nostr:nevent1qqs9maky3nkn2yv7ysgxsrg7tacfw8lcvnx2edvpj675gsfj0wyhnuspz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzptpldtlpwkflvxqs2y76exs7238g0wwwjxe86dac3mzclw4fq992qvzqqqqqqyty422y

Sorry - this is total BS. The poster doesn't know what they're talking about. Cloudflare is a CDN and doesn't see your traffic. It also never would see any plaintext data. Laughably ridiculous here.

Hey! I'm one of the founders of Skiff. Your post here is completely technically incorrect (total BS) 1. Cloudflare doesn't intercept traffic. They're a CDN, and ProtonMail has been considering using them as well (see reddit threads). 2. Google Tutanota in the news this week. Pretty big miss on this one. 3. Not sure what you mean by "better track record" too. Anyway, please don't share advice unless you know what you're talking about.

Amazing write up. Do you see any issues regarding mailbox warmup with the VPS routes? I know for businesses it’s critical that they send tons of test emails to ensure they’re not marked as spam as well as setting up DKIM DMARC etc

I am a little confused by your question. You have to setup dkim and dmarc and SPF records to avoid spam filters. Services like mail-tester.com can help you test it. Then send tests to proton or corrupt gmail, ect

Warming up meaning sending sufficient email traffic that is recognized as not spam by other service providers so that it can be used for any purpose including business. It is very common for new domains to be marked as spam if they don’t do it properly