Does there exist a good email service?
I’m a simple man with few requirements, and yet, the search for a half-decent email service goes on…
by spitemim, 2022-08-25
I have been using Protonmail for an embarassingly long time now. Yes, I know they handed over the data of protestors to the police. Yes, I know they removed all references to not logging your IP on their site. But having so many accounts tied to one of my Protonmail addresses means that if I’m going to make the switch, the solution had better be good. For an email service to be good, it needs to fit the following requirements:
- Supports IMAP/SMTP
- Transparent about data breaches, subpoenas, FBI raids, etc.
- Mail doesn’t go to spam when trying to email normies
- Free (unless it’s a REALLY good service)
- Half-decent support for if my account breaks
- Tries their best to be private (encrypting drives and such)
There are already really cool sites explaining the flaws with most email services, but I just want to share my personal gripes in this post.
In this post, we’re going to find out how the services I’ve used/considered using actually stack up against these requirements.
Gmail supports IMAP/SMTP, is free, probably has okay-ish support, and unless I start sending out spam, my messages likely won’t get insta-dumped into the spam folder for most normies. However, any self-respecting person owes it to themself to stop using it. Especially considering the most recent Gmail horror stories, like the dad whose Google account got permanently banned for taking medical photos of his son’s groin area for his pediatrician. Not only is everything you send over Gmail being constantly monitored by neural networks that might banish you forever over a false positive (and later refuse to reinstate your account), but the government is pretty much free to help themselves to your data if you fall under any sort of suspicion.
Gmail rating: 0/10
Protonmail is kind of a meme. It’s clear they don’t actually care about the privacy of their users, since they’ve done things like hand over the IP address of a climate activist to the Swiss police, allowing him to be arrested, and subsequently removing all claims that “Protonmail does not log your IP” from their site. Link. It also doesn’t support IMAP/SMTP for free accounts! In an alternate universe where Protonmail at least *pretended* to care about user privacy, I would’ve *considered* buying their premium service, but in the interest of privacy, I have multiple email accounts which I use interchangeable when signing up for stuff. There’s no way I’m buying a premium plan for every single one. And even if I *DID* want to buy all those premium accounts, they don’t accept an actually private cryptocurrency like Monero. You could pay with anonymized bitcoin though.
Their “encryption” is a meme too. Maybe it’s actually stored encrypted on their servers. Maybe mail between two users of Protonmail is perfectly secure. But if you’re sending mail to one of the, I don’t know, INFINITY of other email providers that don’t use the same encryption system Protonmail does, IT’S SITTING IN THE RECIPIENT’S INBOX, UNENCRYPTED!!! The only real way to do encrypted email is encrypt your messages yourself, for example with GPG. Honestly, that’s the only real way to do encrypted anything that doesn’t rely on trust. Given that emails of any consequence should be encrypted, there’s really no need for my email service to brag about a nebulous quality like “encryption”. It just means you have to pay to use their shitty bridge app so you can read your email with a mail client.
Their transparency report is also a joke – we’re let in on the number of total legal orders, contested orders, and complied-with orders per year, but no specific information on the scope or targets of any of these orders. I do have to give them credit, though - they’re contesting more and more orders every year, from 1.1% in 2018, to 6.9% in 2019 (nice), to 19.9% in 2020, to over 21.1% in 2021.
Aside from that, Protonmail is free and doesn’t require a phone number, so I guess it’s decent for burner accounts, and mail sent from a Protonmail address is unlikely to be thrown into spam.
Update 2022-08-28: I recently found a page called Disturbing facts about Protonmail, which outlines a number of ways in which Protonmail is extremely spooky that I didn’t mention here. What’s really interesting is that Proton AG sent an email to this guy’s registrar asking for the article to be taken down, claiming it was “highly defamatory”. I’m surprised this story didn’t blow up.
Protonmail rating: 3/10
I heard about Mailbox.org while reading reddit threads about people trying to find a decent email service. It originally looked decent, until I read what Oreamnos had to say about it on digdeeper.club’s email services article. If we’re going off of his word, Mailbox.org is a crappy service that demands personal information in order to register, collects an exorbitant amount of data, and makes no effort to protect you from authorities. Plus it’s paid – and I’m not going to consider paying for an email service that spies on you even half as much as Oreamnos purports it does.
The only good things that can be said about it is that it’s powered by “eco-friendly energy” and it supports IMAP/SMTP. The first one isn’t a very high bar – Google has been carbon neutral for years now, and the second one isn’t a very high bar either, since the only sites that don’t support it are “encrypted” ones.
Mailbox.org rating: 0/10
Posteo.de actually looks really nice. It seems not to collect much/any unnecessary user data, it supports IMAP/SMTP, and it’s hosted with green energy.
The only problem I see with it is that it’s paid. I could definitely afford its 1 euro/month payment, but not for multiple accounts. For one main account though, it’s affordable, private, and I might consider switching sometime. The only problem with its payment system is it doesn’t seem to accept cryptocurrency. Come on, Posteo.de, how hard is it to accept Monero and stand out from every other mail service?
Posteo.de rating: 7/10
NOTE: my current public email address is registered with cockmail. So I’m probably biased to make it seem better than it actually is.
Cock.li is the closest thing to a decent email service I’ve seen so far. Just read the “How can I trust you?” section on its homepage for the most brutal display of honesty I’ve ever seen from any site that handles sensitive data like emails. You can’t trust an email service that you don’t host yourself. Even if it’s “encrypted” they can still read your emails. The solution for private email is to encrypt messages with GPG.
The biggest criticism of Cockmail constantly thrown around is the December 2015 seizure of Cock.li by German authorities, wherein “SSL keys and private keys and full mail content of all 64,500 of my users, as well as hashed passwords, registration time, and the last seven days of logs were all confiscated and now are in the hands of German authorities.” This incident was pretty bad, but it’s not like it was Cockmail’s fault. Shit happens. I would consider it a positive that this much info about the breach is publicly available. Cockmail’s transparency page is really good. It even supplies the emails in which data was requested.
Cockmail supports SMTP/IMAP, and although it’s free, it requires an invite to register. This isn’t a problem for me, since I have an account from before invites became a thing. I guess you’ll need to ask around if you want an account.
One of the big problems is spam – obviously emails coming from domains like hitler.rocks, horsefucker.org, and cumallover.me are going to get ignored or thrown in spam quite often. There are normal-sounding domains like airmail.cc and firemail.cc, but I imagine they probably get thrown into spam fairly often.
Another big problem is support. Cockmail provides virtually no support, no password resets, no community forums, nothing. Although the Cockmail addresses I’ve used seem to be pretty reliable, if your inbox stops working or you forget your password, you’re simply screwed.
Cockmail rating: 7.5/10
Self-hosting an email server
Self hosting email is something I’ve wanted to do for a long time.
The pros? You have complete control over the email server, the only one who can read your messages is you, and having an email on your domain looks cool.
The cons? Setting up an email server is hard. Setting up an email server RIGHT is double hard. Getting other email services to trust that you’re not a spammer is triple hard, especially with a weird TLD like xyz. It’s also a privacy risk because every site you sign up to with a personal email knows who you are. Therefore, you should probably use a generic email service when signing up for sites, which means you have to find a decent one that supports the bare minimum of features, which means the search continues.
I’ll probably get around to it sometime.
Email is a fundamentally insecure protocol. Hosting it yourself is probably the best solution, but it’s difficult to set up right and difficult to get other email providers to trust you.
No matter what service you use, ALWAYS encrypt your emails. You simply can’t trust