Recommendation for Email-Provider - eviltoast

It’s me again with another question for recommendation 🙈 This time I am searching for a new Email-Provider:

Currently I am using mailbox.org (privacy-friendly provider based in Germany). Since my subscription is comming to an end there, I tought about switching to proton mail-plus. What I like about them is, that they have an easy way of creating alias-emails and also support the option to use your own domain.

But maybe you gals and guys have another great provider which offers good features for a good price.

Also: I dont need Cloud-Storage or anything like that, so just mail is fine.

Thx in regards :)

      • SandbagTiara2816@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        15
        ·
        2 months ago

        I use Proton and really like it, but I don’t know how to go about using my own domain (though I am interested in it). How difficult is it for someone without webdev and self hosting experience to get set up?

        • vu2tum@lemmy.radio
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          Step 1. Get your own domain. I bought from porkbun. This was a difficult choice for me, having heard /read cases of domain hijacking by unethical domain sellers. Porkbun had decent reviews. Step2. Follow instructions on protonmail custom domains. Wait for all the greyed out tags to turn green. I was impatient and my domain was marked as spam by Spamhaus. Had to open ticket with them to get off their list step3: enjoy!

          additional steps. I moved my dns provider to cloudflare if you wish to go that route.

  • gaael@lemmy.world
    link
    fedilink
    arrow-up
    27
    arrow-down
    1
    ·
    2 months ago

    Just a reminder: with Proton you can’t use IMAP for your email client, you either need their mail client (mobile) or bridge app (desktop).

    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 months ago

      While technically true, bridge is ultimately an IMAP server you run yourself … and they do have good reasons for this design.

        • hanke@feddit.nu
          link
          fedilink
          arrow-up
          7
          ·
          2 months ago

          Imap and end to end encryption are not possible at the same time.

          Bridge exposes an IMAP interface but encrypts everything as Proton would, had you used the web client.

          It solves a technical limitation.

          • andylicious1337@lemmy.worldOP
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            oh so only when using their client I have the e2ee for the emails on their server? kind of makes sence but def. a point to take into consideration.

            • hanke@feddit.nu
              link
              fedilink
              arrow-up
              5
              ·
              2 months ago

              No, I think you are misunderstanding my poor explanation.

              Your emails are encrypted at rest on their server regardless if you use the web client or IMAP through the bridge.

              The thing is that the encryption layer must happen at some point in time when you communicate with their API:s. In the web client this encryption is built-in. IMAP on the other hand does not support this type of end to end encryption, so the bridge adds this layer for you.

              So you communicate unencrypted locally between your email client (Thunderbird for example) and the Protonmail bridge that you have installed locally on your computer. Then Protonmail bridge encrypts and decrypts all emails for you. So to your email client, it seems like a normal email server, but in reality everything is encrypted.

              (Standard “encrypted email” disclaimer: Your emails are not encrypted in transit unless both parties, sending and receiving, are set up for encryption. Email is otherwise not end to end encrypted in transit)

    • Thetimefarm@lemm.ee
      link
      fedilink
      arrow-up
      9
      ·
      2 months ago

      Has any more evidence ever been produced to show Tuta is a honeypot? The guy who made the original claim is in jail for 14 years for passing on secrets while he was director of RCMP intelligence.

    • akilou@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      2 months ago

      Why did Proton adding a Bitcoin wallet cause you to look elsewhere? If it’s a product you’re not interested in, just don’t use it. Otherwise you’re stuck using providers that offer exactly what you want, no more and no less, which seems like such a narrow needle to thread, you’ll never find something or can’t stick with it for long.

    • chappedafloat@lemmy.wtf
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      2 months ago

      I dont think it matters if an email service is a honeypot because if you want E2EE communication then use Signal, not email. And if you are sending emails to other email providers then there’s probably not E2EE and it’s unecessary to be a honeypot because the metadata can be collected anyway very easily. Almost all data passes through Google/Microsoft/Amazon/Cloudflare.

  • shaserlark@sh.itjust.works
    link
    fedilink
    arrow-up
    18
    arrow-down
    1
    ·
    2 months ago

    Somehow I always end up hating Proton. I was using TOR Browser to create an account and they wouldn’t let me. I had to give either another email or my phone number, and I’m not willing to do either. I even tried creating a throwaway with mailbox.org (works using TOR) and sending the confirmation email there but it never arrived, so I gave up on Proton.

    I also tried Tuta and they wouldn’t let me create an account at all using TOR. So eventually I’m sticking with mailbox.org

    • EherNicht@feddit.org
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      This also provides you with more freedom as in freedom as you aren’t forced to use their Clients/Apps.

      • shaserlark@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        2 months ago

        Yeah I think it’s cool that you can even take control of your private keys. Although I’m thinking it also adds another point of failure / exposure if not done correctly.

      • yonder@sh.itjust.works
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        Yeah. One of the major reasons I never plan to use Proton or Tutanota is that none of my email apps will work and I will rely on whatever interface they provide.

  • boerbiet@feddit.nl
    link
    fedilink
    arrow-up
    14
    ·
    2 months ago

    I have both Proton Unlimited and Mailbox. I prefer keeping my Mailbox account for mail, calendar and contacts. With Proton, I’d have to use their apps or some bridge, whereas Mailbox can be used with any app. I also have multiple domains connected with Mailbox and use plenty of aliases, so I don’t really see why Proton would be better in that regard.

    I don’t have any suggestions to add, but as someone who subscribes to both, I was simply wondering what Mailbox lacks compared to Proton in your opinion.

    • TrenchcoatFullOfBats@belfry.rip
      link
      fedilink
      arrow-up
      10
      ·
      2 months ago

      Another vote for Runbox. Been using them for almost 5 years now with no issues. They are also an employee owned co-op if that is of interest.

    • chappedafloat@lemmy.wtf
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      Can I open an account with TOR browser and pay with monero without having to give any info like a secondary email or phone number?

    • andylicious1337@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      I looked inyo runbox and it looks like a really good option. what concerns me is, that it is hosted in Norway and that Norway is part of the “Fourteen Eyes alliance”. Would you still recommend it?

  • The Quuuuuill@slrpnk.net
    link
    fedilink
    English
    arrow-up
    10
    ·
    2 months ago

    Proton, Tuta, Mailbox.org, Posteo

    All are equal in terms of their overall quality of service, just different in what advantages they offer (except for Mailbox.org and Posteo. They’re just offering standards compliant email servers without any bullshit and let you roll your own encryption)

    • chappedafloat@lemmy.wtf
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      They are very cheap, only $1 for 10 aliases and then then $0.1/month for any additional aliases. But can’t pay with monero.

  • MangoPenguin@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    2 months ago

    they have an easy way of creating alias-emails

    With mailbox.org and other normal mail providers you should just be able to set a catch-all address, then you don’t have to create aliases at all, just type “whatever-you-want@mydomain.com

    If an email provider charges you more to create ‘aliases’ run far away and pick something else.

    I wouldn’t switch to Proton personally, they require that you use their own apps or use an IMAP bridge which doesn’t work on Android/iOS. Their ecosystem feels very restrictive.

    I don’t see the point of an encrypted email provider like Proton, since 99% of the emails we all receive aren’t encrypted anyways, and sending encrypted emails only easily works to other proton mail users.

    • andylicious1337@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      oh ok, I have not tried that yet. I have only set up one address which I use yo send and receive from.

      about the encryption: I thought the point with e2ee encryption on proton is mainly, that the mails are stored encrypted one their servers so they can not read them or hand them out to anyone.

      • MangoPenguin@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        2 months ago

        Basically all email is E2EE already since SSL/TLS is usually used for transport, even gmail and similar. But encrypted at rest in theory would help with stopping people from reading emails off the server.

        You also have to trust that Proton truly doesn’t have your keys to decrypt, but I imagine they do since you just login with a username/password combo and that’s enough to decrypt the emails.

        Although I don’t think it matters that much, my email is basically receiving notifications from services I use and occasional emails with a friend about planning a trip or something like that, nothing that particularly needs to be super private, just using a mail provider that isn’t actively scraping my data for ads (aka; gmail) is enough for me.

        For private communications I would use something more suited to that, like any of the reasonable E2EE chat apps.

        • andylicious1337@lemmy.worldOP
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          that’s why I love great communities like this one here. you aks one think, maybe totally overthinking and read an answer like this, which helps you realize the overthinking :)

          thanks for that. what you say makes sence. I really NEED to make a threat-model to find out, what is worth keeping private and what isn’t worth the trouble.

          Thank you :)

    • NaibofTabr@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      Hmm… how does one anonymously pay an internet service provider with cash? Mail it in an unmarked envelope, with just your account name? Roll up to the front door and hand it to the receptionist?

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        2 months ago

        yes. mail

        or crypto like monero

        or prepaid credit cards

        or voucher resellers, etc

  • akilou@sh.itjust.works
    link
    fedilink
    arrow-up
    6
    ·
    2 months ago

    I don’t think the email alias thing comes with Mail Plus, it’s part of Proton Pass. You either need to get Unlimited which includes all of their products or pair mail plus with the paid version of Pass. There’s a chance I’m wrong because I have Unlimited and haven’t really explored it, but look into it before you commit.

  • RagingHungryPanda@lemm.ee
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    2 months ago

    Proton and its services have been pretty good. Some things to know about proton mail:

    • Search is only for titles, as content is encrypted
    • You can do search in the body in your browser. It downloads your email into the browser and searchers locally. It takes a while to do this and build up indexes. I haven’t had too much issue searching for things though.
    • Since they don’t read your email, no automatic calendar events if there isn’t a .ics

    The VPN had been great

    The storage isn’t enough for me to be able to move off of my main cloud provider. There also isn’t a way to pin a file on Android for it - and the 500gGB of space is less than I use

    The Pass app is handy and it’s easy to make aliases, though it often doesn’t know to fill in, doesn’t do it, or something, and I need to open the app to copy paste. Pretty trivial though.

    I’m sticking with them. I don’t really have a reason to leave. The aliases are really nice, the catch is that it’s not easy to have them go to a sub email address that I use - it has to go to your primary email. Not a huge deal though.

    • andylicious1337@lemmy.worldOP
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      i like to have temp-adresses but it is a little to annoying for me to extend them after 90 days 🙈 with proton this is easier since you dont need to remeber that and you can find this option pretty easy when in tge webbrowser of choice.