Do I step back from email privacy?

This is not really relevant. Yes, 99% of people also have a Microsoft account, but it’s not like you must have one too.

Keep in mind that policies are different for these products: MS/Google cannot just freely use data from companies’ business activities, and especially not for marketing. Also your metrics may be a bit skewed, for me about 90% of senders are automated mailers such as Amazon SES and sendgrid.

Personally I believe usage of an aliasing service is far more important. Your identities being connectible (both to advertisers, and to everyone else as various services get hacked regularly) as well as getting spammed are more serious privacy threats than your mail provider having access to some data. Personally I use iCloud for this reason: it hits right on the privacy (acceptable privacy policy, by far the best across every big provider) vs convenience (IMAP/SMTP support, and not broken like gmail) vs price ($1/mo) vs value (unlimited aliases on a trusted domain, custom domains support) chart for me. It’s also pretty “normie-friendly” even if not as common as gmail.

Your priorities may be different of course, just sharing my experience. I don’t think you should give up completely, just try to find the service that best serves your priorities.

Also replying to your later post:

Many mass mailers will queue mails within a time window to reuse SMTP connections, this way reducing their costs. If many mails are queued up for a specific server, they may empty the queue ahead of time.

Gmail offers me easy acceptance, while privacy mail services often lead to multiple questions. There’s always a chance that a system might not accept these domains, whereas there is zero possibility that a system will not accept Gmail.

Secondly, to use multiple email addresses, I need to subscribe to the paid plan of privacy mail services, as domains from alias services are not accepted by most sites here. If I’m paying for a service, I expect better convenience, but even if I take the Proton paid plan, I still face frustrations.

Additionally, my friend and I conducted an experiment where we set up our email addresses in the same services—I used ProtonMail, and he used Gmail. The purpose of the test was to see if there was any time difference in receiving OTPs. Surprisingly, Gmail won; in many services, OTPs arrived at the same time in both email addresses, while in others, the OTP was delivered to the Gmail address earlier than to the ProtonMail address. There’s always a big risk - if there’s any delay in receiving the OTP, it can lead to inconveniences, as the usual time frame to enter the OTP is 30 to 60 seconds.

Yes, that’s true. But the ongoing struggle with privacy mail services makes me consider shifting back to Google, at least for sharing official details. I haven’t faced any problems with personal services like password managers and cloud storage, which is why I’ll continue using privacy mail for those.

I’ve almost eliminated Google from my life. Due to the recent implementation of Play Integrity, I have to start using the Play Store now, but other than that, I’m not using any Google services.

I don’t want to go back to Gmail, but the struggle is really painful for me. Moreover, we’ve seen that in some services, OTPs arrive at the Gmail address 15–20 seconds earlier than at the Proton address. Since OTP is the only verification method used here, there’s always a risk that if the OTP arrives late, it can create issues, as the usual time for entering the generated OTP is between 30–60 seconds.

Interesting, i never faced any issues acceptance of protonmail or even aliases.

Only time I am not sure is with epic games support, but their support form could also just have been broken.

I never knew gmail offered multiple addresses, interesting point.

I never had an email otp that was 60s, that is ridiculously and totally ignores the complexity of delivering email ;D

However in my country the market share of email services that aren’t gmail is probably high compared to others.

You do what ever is okay with your threat model.

Same. Their Pass and SL aliases are blocked regularly, but their main domains are not. It makes just as much sense to block them as it does to block fastmail.com or icloud.com

Like i said, I never had an aliases blocked either

Just my luck then

Me neither.

To me using a privacy email is a clear benefit from gmail/outlook & co. Easy 2 benefits: I don’t get my emails scanned. I don’t have AI being shoved up by default.

the only time aliases were blocked was unironically xiaomi and apple
the rest have accepted aliases

A prominent refuser is GitHub, which does not allow SL addresses and, I think, also blocks Pass aliases. Some niche apps I use, like ListenNotes, also block them because people abuse free trials. Lately, people (myself included) can’t create new X accounts using SL addresses, but that might be something else.

That said, they are more accepted than one would expect. It helps that aliasing has become more popular, and major password managers are integrating it into their products.

I will not sign up for anything nowadays that does not allow shared SL domain unless it is critical. I don’t know what these services expect me to do, but if treating legitimate users who use email aliases as collateral damage works for them, who am I to judge?

If the major benefit of proton/tuta is encrypted email storage, couldn’t you just delete or export your sensitive (or all) emails from gmail/outlook etc?

Would simply storing your emails locally, such as with Thunderbird, not accomplish the same thing? If anything, it sounds better than encrypted email storage since you have full control and even the subject, sender, recipient, etc are kept hidden from outside eyes. It’s also free.

Yes, simply downloading your mails would achieve about the same degree of privacy assuming the services do actually perform the deletion, and you use the device doing this regularly. It does come with the inconvenience that you now can’t read your past emails on other devices. Mail originally worked like this in the age of POP3, persistent mailboxes and IMAP are later developments.

Thats assuming the provider itself doesn’t silently create a shadow copy behind your back, or if the server deleted mail are actually deleted and not shadow stored for 5 years for “audit” reason. Email is still an unsolvable problem. Even proton and tuta can silently intercept and store a shadow copy of that incoming cleartext (from their pov) mail from paypal, your doctor, your water company, your drug dealer etc etc. Using mail is basically we’re really trusting the provider, unless we’re the provider ourself ie selfhosting mail which is easier said than done.

I have my own domain and use my own email server and I have never encountered that.

Self-hosting should be the best for privacy? The potentially frustrating part of that is the outgoing SMTP - both doing everything right and being accepted by major ones who don’t.

Reminder that it’s not all-or-nothing - you can self-host the mailserver yourself but use a service provider as a relay for the outgoing traffic. That way you get a lot of the benefits (privacy and others) of self-hosting but without the most notorious headache.

Common setup for businesses in between the stages of “everything on the SaaS” and “taking care of ourselves”.

You can start even smaller: Keep the mailservers where it is and keep using it for incoming/outgoing. But instead of reading it straight on the server via webmail or the service provider app, start mirroring the entire inbox to your own setup where you actually read and write. Then when you’re comfortable with that you can have the sync also wipe the emails on the remote. You get a gradual transition towards independence where you can stop at any point.

Things also get a lot more flexible and you don’t have as much lock-in. Changing providers for your email is now more like changing ISP or power company instead of like moving houses.

I think the OP pretty much nailed it. I’ve been fascinated by this topic for more than a year now. In that time, I’ve created and even paid for multiple email subscriptions, but the Epstein emails basically convinced me that it’s a waste of time spending this much effort on email. Email is basically too insecure to address. You’re basically at the mercy of the recipient once the email is sent. A lot of focus is on the lack of privacy with Gmail and Hotmail, which is true, but even if Gmail were as private as Proton, the issues that the Epstein emails raised obviously can’t be addressed. As a result, I think there is still a case for having something like Proton, but I wouldn’t use it for any secured communication and be careful with what you send. A lot of famous people’s lives have been turned upside down by Epstein. Who knew old emails could somehow resurface and haunt anyone who was ever associated with Epstein? I would rely more on using Signal and a better idea would be to have the conversation in person for truly sensitive/important stuff.

I think E2EE storage is basically the major selling point of Proton. Email is still important in 2026, and I have no choice but to continue to use it, but I wouldn’t send anything sensitive or important. I think that’s the lesson that I learned from the Epstein emails.

email would be quite private if we all would use PGP encryption keys and open-open source email clients. Disclaimer: I don’t use them, beside the built-in proton encryption keys. Many people has now security hardware keys for passkeys auth, we could also get use to decrypt our email with such keys. Emails providers will still be aware of your social graph and email subjects, but not email content.

if we would watch in media more often cases of unrevealed email and there consequences, like now the Epstein’s, people in general would become more concern about privacy and ask more for easy-to-use privacy tools. I think this will come, it will become when we start to get use to hear that our contact was banned to enter in country due to some emails or DM in social media app, people will ask for more privacy.

some people have some concern about proton becoming an ecosystem of apps, but this is what normal people is able to transit to, they are not gonna go further, easy to use solutions

we, users of this forum, are very concern about privacy. We should in small doses teach about privacy concerns to the people is around us. I switched from wassap to signal in around 2018. I uninstalled wassap. So anyone who wants to communicate to me should use signal, end of the story. Since them many people has asked me why I do not have wassap/instagram… This has been always a good opportunity to open a bit their eyes.

I think we should start asking to our dentist, doctor, tax consultant, lawyer… if they are using a privacy respectful email provider / cloud storage.

I agree with the premise of your post, but let’s get real, it’s not like privacy all of a sudden became a concern. Even Apple, with all of its marketing about privacy, still doesn’t use E2EE with its emails. Neither does Microsoft nor Google. Hope isn’t a strategy. The sad reality is that the Epstein emails are a reminder not to use email for private communication. There are too many points of failure, and then the emails are revealed. I still have a subscription to Proton, and I will continue to use it mostly to receive emails and for general communication. There is still a need for email in 2026, and we should strive to secure it as much as possible. Other than that, I would use Signal and possibly iMessage (iPhones dominate in the US).

The mail usage is slightly different in my country. Email addresses are mostly used for sending documents, invoices, medical reports, transaction alerts, and lastly, OTP verification. Therefore, the traffic is mostly one-way until a user faces any problems and has to contact the service via email. Now, most daily-used services, including identification services, financial services, insurance companies, and more, rely on Gmail or Outlook (business plan). So whatever emails these services send to us are already being seen by those data-harvesting companies.

I’m not planning to stop using privacy-focused mail services completely; I just want to avoid using them for those services that use Gmail or Outlook. The main reason behind this is the difficulty of acceptance. There is always a risk that a service might not accept these privacy mail addresses, so I always have to keep a Gmail address as a backup. I can still compromise on this convenience for better privacy, but it reaches the same point—since businesses are using data-harvesting mail services, I believe I might not be getting the privacy I want.

I strongly support decentralization, so even though I’ll have to use Gmail, I’ll ensure to use different Gmail addresses for different categories of services. Even with privacy mail services, I’m following the same principle, but in this case, I only use aliases from the mail provider services, as I’ve faced many services that don’t easily accept email addresses from email alias services (e.g., Addy, SL). Additionally, I don’t want to rely on two different services (mail provider and email alias service) for important account logins.

Yes, I opted out of that when I first got the option. Personally, I never liked these two big tech companies (I have more disdain for Google), but the current situation confuses me and raises doubts about any practical benefits of using privacy mail services in places where Gmail or Outlook is used for sending emails.

No, there is no issue with Proton, but currently, I’m very confused regarding the Proton Unlimited plan.I always try to keep everything unlink from each other; that gives me another level of satisfaction. Now, all Proton services are being ranked in the top three positions in their categories, so instead of buying Proton services separately, it’s better (and more pocket-friendly) to opt for the Proton Unlimited plan. However, I don’t want to link all the services together; at least I prefer not to link my emails with my password manager and cloud storage.

Honestly speaking, I don’t like to link any two services either, but as every provider focuses on building their own ecosystem of products, I’ve compromised on my preference.

You might ask why I’m not preferring the competitors of Proton services. I’ve tried nearly all popular services in different categories (password manager, cloud storage, email, and VPN).

I liked 1Password, but the recent price hike is stopping me from going with them; I’ve never liked Bitwarden either. The same goes for email. Even though I have email addresses from both Proton and Tuta, I always prefer the Proton app for viewing and sending emails (if any). I tried both Mullvad and Proton VPN; Mullvad provided noticeably slower speeds than Proton. I’ve used both Filen and Proton Drive, where I like Filen more, but there is always a doubt about their sustainability, whereas Proton Drive provides a strong assurance for their future sustainability. So, after all of this, I’ve realized that going with the Proton Unlimited plan makes sense, but integrating everything into a single account is something I never want to do.