I have been struggling with ProtonMail in various ways for a while now due to some technical issues regarding lost email, unsent drafts, etc. I do not have a very severe threat model- I moved to Proton a while back just to get away from big tech tracking. I have discovered however, that I really would like to use a standard email client on my desktop and store my email locally. This is not possible without paying for the Proton bridge and, at this time, I’m not in a position to pay for email. So given that, if I were to move to a standard-type of free email account, what would be the best choice? Obviously, there’s Gmail, Outlook, iCloud, Yahoo, etc. and I know that they are all terrible in terms of privacy. Are there any others that I should consider? Thanks!
Don’t most of these privacy focused providers not use IMAP/SMTP because they are terrible for privacy?
Could be wrong, but it seems like you have conflicting needs. You want a privacy focused email provider but you want to use non private protocols.
That’s more of a security thing. The privacy aspect that I’m concerned about is the scanning of emails to collect personal data. Google is the worst offender there. I understand that IMAP/SMTP is insecure but, in my case, I don’t have any contacts who use Proton, so my emails are already insecure given that recipients are still using these insecure protocols. So, for me, it’s not worth the headache of being stuck on a web client.
have you looked at the free tier for mailfence.com?
Free tier of mailfence doesn’t allow imap/smtp access like op wanted, only the paid entry 3.50/month plan allowed both.
Take a look at Fastmail.
No free tier available, just for your information.
Thanks for the info. It looks like all the privacy-related email providers are putting IMAP/SMPT on their premium plans. What do you all think of iCloud mail?
Maybe some of the free European companies maybe? gmx perhaps?
Or mail.ee.
So given that, if I were to move to a standard-type of free email account, what would be the best choice?
Points made here are also worth taking into account: Remove Mailbox.org
It’s quite a shame that Proton Bridge is only available for paid users, it also doesn’t make any sense why that is the case (at least to me).
Yeah I missed that. I’m not familiar with “free” providers unfortunately.
For free account, theres cock.li that doesn’t require existing email address nor phone numbers, can even reg via tor and access imap via their onion domain but their collection of available domain for non tor is cringy except maybe 1-2, and judging by the banner at their site now they’re in some kind of trouble with the authorities. Obviously that fully anon type of service would attract some shady users.
Theres also disroot.org that also doesn’t require existing address nor phone number but they’re seems to be political activists leaning to the far left. They’re in the process of enabling encryption at rest with your own keys via lacre. I use them, actually like them and already donated. Since they’re donation based, its not as fast as your typical for profit service and there can be downtime here and there.
Mailbox and posteo aren’t that steep though for their lowest tier $1/month.
You have the ones offering zero knowledge encryption:
- Mailbox.org (paid)
- Protonmail (IMAP is only for paid accounts and only works on desktop)
Then you have the ones that promise to respect your privacy, but can theoretically access your data. Both paid and free ones. Examples are Mailfence, Startmail, Posteo, Infomaniak, Kolab Now, Runbox, Murena, Cock.li, Disroot, and many more.
Then you have some that don’t need any personal data from you to register but are not necessarily “private” (might scan your emails and sell your info to advertisers).
Some good links for further research:
Can Posteo access my data? I was going to take their paid plan and found your comment.
In your opinion, what are the best options currently?
My requirements are simple: two different mail providers—
- can’t read or sell my mails as well as my data
- can be trusted, operating for a long time
- have alias support
- respect user privacy (not talking about e2ee, which only works under the same provider)
- have no ecosystem, not like Proton
Can you please help me with this?
SMTPServiceProvider and Tutanota are excellent privacy-focused email providers with IMAP/SMTP support via bridge apps. They offer end-to-end encryption and don’t monetize user data like mainstream providers.
Tuta doesn’t have a bridge app.
An alternative I have setup myself is:
- Protonmail with PGP keys (public and private)
- Addy.io with my public PGP key
I did this just as a test. When my protonmail subscription ends and I change email provider to one with IMAP/SMTP support I will set the same setup (with new keys). That way, as soon as Addy receives any incoming email, it gets encrypted and forwarded to my email provider which will store the email encrypted.
So I will reply (or not) those emails with a PGP trusted client configured with my PGP keys (public and private) and technically the mail provider should not be able to read those emails (unless I missunderstood anything, because I did not test and I will not have that setup until my proton subscription expires).
This is much better explained from @djkilla in this thread (which recommend to fully read if someone is interested): Is Addy's Lite Plan worth paying for? - #6 by djkilla .
This way I think the trustability of the IMAP/SMTP service does not matter (but feel free to correct me if I am wrong).
Posteo also offers the same zero knowledge encryption that Proton/Mailbox have. Unlike Proton though, this is not on by default and requires activating Email green, secure, simple and ad-free - posteo.de - Encryption
Do note that this type of encryption is not perfect, as the provider can just copy your emails before encrypting them, hence it is not the same as end-to-end encryption, but that’s the case for all encrypted email providers, not Posteo only.
I would say Posteo goes a step further actually. They combine an encryption scheme similar to the one used by Tuta with an PGP (or S/MIME) encryption of incoming email that is like Proton/Mailbox.org. Both are optional and configurable, but if the user activates everything, they kinda get the best of both worlds (and also the downsides of both).
They just don’t support custom domains, but aside from that I can’t really find any issues with their offering. (Myself currently using Proton, though, but always evaluating other options)