Need a privacy focused email provider

Sorry, maybe I couldn’t clarify my thoughts before. But now with time, I have clearer thoughts.
See, Gmail and Outlook sell our data; that’s why these are free of cost. So, if I have to pay for any service I want, I can give my full trust to the provider company, though, as they are not such a big company and always have a risk of shutting down; still, I want to use the most trusted one.

Most of the encryptions only work for sending and receiving mails under the same provider or PGP-encrypted other providers. Nearly all emails I’m going to receive will come from either Gmail or Outlook, so no encryption will work here. Besides that, I’m not sharing any sensitive information through mail.

The main thing I am looking for in every email provider is whether I can trust them or not, and it totally depends on my mind; like I trust Tuta over Proton (just an example); maybe Proton has better infrastructure, better encryption, and more services to offer, but I don’t like Proton. As I use the mail app mainly on my mobile, I don’t have any experience with web-based mail providers.

Again, I am so sorry if there is still some unclarification from my side.

Yeah, StartMail is better than FastMail. Previously, I thought about going with Fastmail due to their mobile app support, but after discovering its con, I cancelled my plan.

After discovering what?

You probably need to really clarify on what you’re looking for.

Also got to remember that email are inherited insecure. It was created in the 70’s without encryption in mind and it stays that way. To at least have some privacy, both party the sender and the receiver got to locally pgp encrypt. Those so called “encrypted” providers like proton, tuta or whatever doesn’t clearly mention the caveat with their “encryption” service; it’ll only be encrypted within their network so proton with proton, tuta with tuta, or if the sender locally pgp encrypt. If your usual mails mostly involves incoming receipts, login notif, 2fa codes etc then from providers pov they’re unencrypted. Facebook, twitter, paypal or whatever won’t pgp encrypt their mail sent to you. Yes it’ll be encrypted in transit but even gmail encrypt in transit, we’re really looking for e2e encryption if to really be sure of privacy. If proton or tuta or posteo or mailbox or whatever want to be nefarious, they could in theory make a copy of the unencrypted mail the moment it reaches their server and no one would be the wiser to know anything. It all boils down to trust. But even if you really trust the provider and if the mails is mostly login notif, receipts etc then you won’t be sure if they don’t be nefarious behind your back silently making a copy so stop trying to use email for 2-way private conversation, use proper encryption protocol like signal instead.

2 Likes

Why not Google Workspace or M365 Business? You have the security and privacy, not E2EE but still data is yours unlike consumer editions.

It is based on Australia which comes under 5 eyes country and also they don’t have zero knowledge encryption so they can read my mails. I feel Startmail is better for same type of usages.

Thanks for describing. Yeah, I know that emails are not for secure conversation. But nowadays, most of the websites ask for email addresses for signups, so choosing a mail provider that doesn’t read my mails as well as keep user accounts secure is necessary. There is no practicality of military-grade privacy for a regular user, which is only applicable under the same mail provider. At the end of the day, most of the mails come from either Gmail or Outlook, so bye-bye encryption!
See, my vision about mail providers is somewhat clear now.

  1. The mail provider doesn’t sell my data.
  2. The provider can’t read my mail (if possible).
  3. Don’t focus on building their own ecosystem.
  4. Also have multiple alias support in the paid plan.
  5. Last but not least, they can be trustworthy.

By discussing this topic, I’ve come to this point: I just need two different mail providers that are trustworthy and have enough privacy for user data.

I am moving away from Proton and Tuta for mainly two reasons:

  • There is no practicality of their strongest encryption for most of the people.
  • I don’t like to use any ecosystem product; Proton already has its own ecosystem, and Tuta is following it. If Tuta has no plan for Tuta Drive, I can stay here, but they are planning to bring it.

Maybe my requirements are changing again and again, but with the help of many discussions, I’m clearing my thoughts and sorting my requirements.

As of now, I’m going with your 1st suggestion, Mailbox.org, for my professional use. I want to buy the light plan but am not sure if they have any option of buying aliases like Posteo.

Thank you :smile:

I don’t need business products; I want to use products that are made for individuals. Adding to this, I quit Google and Microsoft a long time ago, so I don’t want to go back.

What is the difference to you? MS and Google are selling licenses per seat only and they clearly mentioned years ago that if you want to use your own domain, you need to swith to business products.

With business products you have more control over your data, and that is a problem for you? Also, as mentioned many times before Google and MS business products are totally different from what they are offering to consumers.

If you use Proton business which is pretty affordable in my opinion you can add new users.

if you want to use your own domain, you need to swith to business products.

I never said that I want to use my own domain. I just want two email provider which are privacy focused but no need of that encryption which only works under same mail provider.

Still, I’ll check out those business products. Thanks :slight_smile:

No thanks, I don’t like Proton products.

Why not just stick with Tuta as your 2nd provider? None of the reasons you list actually affect you.

I understand its a personal choice but at this point you have said no to half a dozen suggestions, so I am not sure you will ever find one to meet your seemingly mercurial requirments. You may need to accept no option is going to be the perfect fit.

They just have ridiculous ideas about their setup.

Their conditions exclude anyone working on an “ecosystem”, yet they are fine with mailbox (which is making an ecosystem with their cloud storage and office suite). Then they say they will look into business plans by Google and MS, which by definition are ecosystem players.

They don’t seem to know that email alone is not a profitable service, and usually serves as lock in to sell other ecosystem products and/or productivity suite. Only a business looking to fail would not make an ecosystem.

I do think the OP needs to reflect a bit more on what their actual threat model and trust requirements are.

4 Likes

I think there are two major privacy points in email: email encryption and account security.

Email Encryption: Emails are not made for secure communications; still, if any user wants the highest level of privacy while communicating via mail, then there are many providers for that. But a mail receiver has no role in this; encryption totally depends on the sender. According to my mail usages, I am a receiver most of the time, so encryption is not for me.

Account and data security: There is also this point, which most of the users forget. Nowadays, emails are mostly used for bank statements, doctor appointments, account verification, etc., rather than communication, so much personal data is already stored in mailboxes. With zero-knowledge encryption, even if someone gets access to the server, they can’t access user data. If the government asks for any specific user data, they can provide copies of the latest mails but not the old mails stored in the mailbox.

Every email provider can save an unencrypted copy of emails if they want, and users can only trust them that they will not do anything like this, so we can’t do anything in this, but we can secure our mailboxes so that no one can access our data from the mailbox.

My requirement was a secure mailbox, not secure communication, so I chose Proton, Tuta, and Mailbox because these providers only have zero-knowledge encryption.

Yeah, Tuta is my 2nd provider, but what about the 1st provider? Actually, I need two accounts; I can use the same mail provider in both places, but I don’t want that. Except Tuta, Proton and Mailbox are left.

Copied from my reddit post on same topic:

I think there are two major privacy points in email: email encryption and account security.

Email Encryption: Emails are not made for secure communications; still, if any user wants the highest level of privacy while communicating via mail, then there are many providers for that. But a mail receiver has no role in this; encryption totally depends on the sender. According to my mail usages, I am a receiver most of the time, so encryption is not for me.

Account and data security: There is also this point, which most of the users forget. Nowadays, emails are mostly used for bank statements, doctor appointments, account verification, etc., rather than communication, so much personal data is already stored in mailboxes. With zero-knowledge encryption, even if someone gets access to the server, they can’t access user data. If the government asks for any specific user data, they can provide copies of the latest mails but not the old mails stored in the mailbox.

Every email provider can save an unencrypted copy of emails if they want, and users can only trust them that they will not do anything like this, so we can’t do anything in this, but we can secure our mailboxes so that no one can access our data from the mailbox.

My requirement was a secure mailbox, not secure communication, so I chose Proton, Tuta, and Mailbox because these providers only have zero-knowledge encryption.

I think it can help you to understand my needs.

So you are fine with Proton, Tuta, and Mailbox then right? I was confused by this in your post:

Then either of Tuta or Proton is fine with being your primary account (I am not very familiar with Mailbox). They have great account protection features (security keys, FIDO, etc.) and good encryption.

Proton is a bit aggressive with banning unpaid accounts if you trigger their anti spam, but can be used to send PGP mails to anyone.

Tuta can only send E2EE mails to other Tuta users, no PGP.

Choose what looks better to you ig.

I had thought you said you were going with mailbox.

If you are still looking though I think @Anon47486929 summed it up well…