• 1boiledpotato@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      63
      ·
      6 months ago

      Recently I added a custom domain to my protonmail account and during the procedure it makes you do this steps (adding SPD, DKIM and DMARC) to pass all the steps. They tell you exactly what records you have to add, where to add them and what the content should be. These guys are great

      • SupraMario@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        6 months ago

        Yep, setup mine about a year ago now, since I’m trying to get rid of Google completely, and it walks you through all of this. It was really well done setup.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        6 months ago

        Same with Tuta, which I did last weekend. Still evaluating the service for now before telling everyone to switch to my new custom domain (I’m forwarding everything from my old domain for now).

        • GbyBE@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          I tried Tuta when it was still called Tutanota, but it was rather cumbersome to use. The mobile and desktop app would work reasonably well, but searching through your emails was a pain.

          It also wasn’t possible to use any email client on the pc. Proton also doesn’t offer IMAP access, but they do have a bridge you can install for that, enabling the use of almost any mail client.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            Yeah, searching on Tuta sucks because it has to be done client-side since everything is encrypted on the server. With ProtonMail, the subject line is unencrypted, so it can search that without your key.

            And I thought I’d care about email clients, but I honestly really don’t. They’re just so heavy and I don’t use email enough to need power user features.

            I used Proton for a couple years and it was good, but decided on Tuta because Proton raised their prices and I honestly don’t need the rest of their stuff.

            • GbyBE@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              In that case it sounds like Tuta is the right choice for you. I just wanted to make sure you knew about the drawbacks. For me the search thing is what killed it, because I regularly search older emails.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                ·
                6 months ago

                Yup, it’s definitely appreciated.

                And honestly, the only things that draw me to Tuta over Proton are:

                • price - €3/month; family plan is €3/person; Proton is $4/month (reasonable), family is $24/month (kind of a lot)
                • custom domains - Tuta supports 3 on lowest paid plan, Proton supports 1; I want at least 2 (family + personal project)
                • Monero - I like the idea of digital cash, and this is the closest I’ve seen; I currently don’t have any, so not a deal breaker

                So mostly cost. But there’s a lot of stuff I like about Proton:

                • Simple Login
                • VPN
                • more polished experience
                • bridge

                I can host my own Simple Login, Mullvad VPN has more locations, and I don’t use email all that often anyway.

                I’d switch to Proton if they:

                • added more custom domains to Mail Plus
                • had a Mail Plus family plan (ideally piecemeal like Tuta)

                Monero is nice but not a deal breaker, and I’m okay with Proton being a little more expensive due to brand recognition.

    • ferret@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      All domains you purchase through cloudflare have a fancy button on the gui to add dmarc and dkim that just say “reject” so people can’t pretend to email from your domain, pretty neat feature imo. (Not actually useful if you are trying to use it as a custom email domain though, lol)

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      6 months ago

      My email provider (Migadu) gave me all the DNS entries I needed when I signed up my domain to them.

      • fine_sandy_bottom@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        6 months ago

        I think they all do?

        I don’t really understand the need for a guide TBH. If you can set your mx then you can do the rest, and your provider will tell you if it’s not done.

  • _sideffect@lemmy.world
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    2
    ·
    6 months ago

    I always worry that it will get bought out by some asshole company and we’ll be even worse off than with Google (if that’s even possible).

    • zkfcfbzr@lemmy.world
      link
      fedilink
      English
      arrow-up
      109
      arrow-down
      2
      ·
      6 months ago

      Hi, this is Andy here, the Founder/CEO of Proton. As former scientists, we don’t do what we’re doing to make the most money (otherwise we wouldn’t have picked science as a profession). There’s no price which we would sell Proton to Google or Facebook. We also don’t need to because thanks to the strong support of the community, Proton has the resources to thrive and grow as an independent organization. Safeguarding this independence is how we ensure that over the long term, we can always put user interest above all else.

      -Protonmail Founder, 2 years ago, for what it’s worth.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        ·
        6 months ago

        Trust, but verify.

        I want to see some assurance. I don’t know Switzerland’s laws, but if there’s a concept of a “social purpose company” or something with actual legal teeth, that would make me a bit more comfortable.

        They’re certainly better than Google, and I like that their products are audited, but words from their founder don’t need much, especially if the founder decides to leave.

        • deweydecibel@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          6 months ago

          You should be aware Tuta won’t let you use a third party client, automatically forward messages, or do a mass export of your email. It’s not impossible to move but they deliberately make it difficult. So does Proton in their own away.

          They’ll say it’s about maintaining the security of your emails and such, but it’s just a vender lock in tactic.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              And they support automatic forwarding to external addresses, provided you’re on a premium plan, which you need to be for a custom domain.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            4
            ·
            6 months ago

            Dang.

            Some good news though:

            Automatic forwarding isn’t an issue IMO since I can do that at the DNS level for custom domains. However, everyone on my plan at the same domain would need to switch at the same time.

            But definitely something to take into account. Hopefully it’s just the immaturity of the product and will get resolved with time. Proton also didn’t have IMAP when it started, and it has a workable bridge now (so bulk export is an option that way). Proton also supports encrypted email forwarding now (encryption probably only applies to internal to Proton forwards), so hopefully Tuta follows suit.

            Maybe I’ll switch to Proton instead, IDK. My emails aren’t that valuable to me long term, so I’d be fine downloading/forwarding the few I care about manually. My primary goal here is to get off Google, and I’m willing to jump through a few hoops to do so (and Tuta is pretty good and pretty inexpensive). But that may not be true for others.

      • deweydecibel@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        Problem is with the way email security is going now, it’s entirely possible in a few years, if your domain/provider isn’t an established one, it will get blocked by others.

        I’ve had a few domain just straight up block some Tutamail emails.

        But here’s the other issue: Proton and Tutanota are both not going to make it easy on you to move your mail.

        • CyberSeeker@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 months ago

          I believe this is already the case; domain reputation is weighted pretty heavily by Gmail and others, so it will take some months before you’ve established enough rep. Following SPF/DMARC/DKIM is crucial, followed with time your domain has been registered and typical outbound volume from your domain.

        • GbyBE@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          I moved away from Tuta, and while getting my mail out wasn’t as straightforward as with regular mail services, it also wasn’t hard.

          Proton offers an IMAP bridge, which will let you use any IMAP client to download your mail and then transfer it somewhere else.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        You can switch MX records but not necessarily your mail storage. You need IMAP for that, and IMAP with Proton currently requires jumping through some hoops and it may be discontinued in the near future.

        They’ve never given any guarantees regarding IMAP and they actually seem to consider it a negative so that remains a dubious point with me.

    • nbailey@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      6 months ago

      It’s unlikely but not impossible. I’ve been using PM with a custom domain for about five years now, and never thought too hard about leaving.

      In an ideal world, a company like ProtonMail would be cooperatively owned by the workers and paying users, sort of like a credit union.

      Pragmatically, they’ve done fine stewardship of the service for the last decade or so they’ve been around. A big part of it is that their value proposition depends on stability and trust. But it could be better.

      • CriticalMiss@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        6 months ago

        GPG has a chicken and egg problem. I have mine publicized on Ubuntu’s key server, which is likely one of the bigger ones (but iirc it is of little relevance as it syncs with other keyservers). Out of the emails I am sent only one of my contacts bothers with encryption. Which is sad, but what can you do? The web mail interfaces rarely if ever support GPG, and even if they do sharing your key with them defeats the purpose.

        • RalfWausE@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Well, there was a time somewhere in the early 10s when i was preaching to everyone who wanted to listen (and especially to those who doesn’t) how important email encryption is. The result? At least half oft my contacts use encryption (but its a pretty nerdy and paranoid bunch anyways)

    • fossphi@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      His notes video is also fantastic! I really wish he made some more videos.

      Also would be interesting to see his take after skiff got bought by notion

  • sramder@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    ·
    6 months ago

    I value my privacy and have an extra $7 to blow every month.

    Bleep boop, this summary has saved you 99.9%… just kidding i’m not a bot and have no idea what the article says ;-)

  • femboy_bird@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    19
    ·
    6 months ago

    I think it is important to understand that email never will be very secure because the standard wasn’t made with modern threat models in mind, if you want to communicate privately and anonymously, you need modern protocols like signal, i also use proton but only because I hate Google, i don’t expect my emails are any more private than they have ever been. I use email only when it is required, I use signal for private communication, overlap is impossible

    • BananaTrifleViolin@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      6 months ago

      Your emails are.more private in the same sense that if you have a letter with something on it, turning it over means someone can’t read it over your shoulder, but they could have read it before it got to you.

      Google has access to the contents of your inbox, Proton mail does not. But the protocols are unchanged and unencrypted email is accessible in transit.

      So moving to Proton is a definite improvement, particularly as email remains a basic means of communication. But as you say if you wand secure communication then it is very flawed.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        6 months ago

        But you can get secure email if you’re the sender (you can choose to encrypt) or it’s coming from someone else at Proton.

        But yeah, there should be a secure alternative, perhaps an amendment to SMTP where only the “to” address is available. If I have the public key of the receiver (negotiation of that could be part of the protocol), I can encrypt everything else and my email could still be routed properly.

        • kevincox@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Yeah, this is one of the things that I quite like about Proton. It provides a migration path. You start sending and receiving plain-text mail (then encrypted before saving) but now you can use an open standard protocol to start communicating securely and Proton can slowly lose the ability to read much of your email.

          IDK if the other “easy encrypted” providers just use standard PGP.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            6 months ago

            AFAIK, Proton’s standard is PGP, they just manage the keys for you (I’m guessing keys are AES encrypted and decrypted on the client) (source):

            Proton Mail’s end-to-end encryption is based on an open-source version of PGP.

            Tuta doesn’t use PGP, but it uses open encryption standards for it. So it’s a wash IMO since both are only used for internal emails (within their respective platforms).

            For messages to external email addresses, they use pretty much the same thing: password-protected access through their platform (i.e. you click a link to Proton or Tuta and enter the password to decrypt).

            I don’t know about other email services, but those two both seem pretty good, regardless of whether PGP or GPG is used internally. I haven’t reviewed the source code of either, but both have open clients so maybe I’ll get around to it at some point.

            • kevincox@lemmy.ml
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              I think you are agreeing with me. I like Proton because it uses a standard protocol and it provides a migration path from unencrypted to encrypted.

              PGP and GPG are effectively synonyms in this context. (GPG is just an implementation of PGP)

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                6 months ago

                Yes, agreeing in general, just with some clarifications. I think clarifications are important when talking about a product focused on privacy and security.

                I was responding to this part:

                IDK if the other “easy encrypted” providers just use standard PGP.

                Proton uses standard PGP AFAIK (and yes, PGP vs GPG is irrelevant), so your subject line and attachment names are not end-to-end encrypted:

                All Proton Mail data at rest and in transit is encrypted. However, subject lines in Proton Mail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end-to-end encrypted.

                Depending on your threat model, this may or may not be an issue.

                At least one other provider (Tuta in my example) doesn’t use PGP internally because using SMTP internally w/ PGP for the body leaks the subject line and other metadata. Neither have released the source to their backend, and I haven’t read the client code, so I don’t know if there are any other concerns.

                That I think Proton is absolutely fantastic, and I used it for a few years with absolutely no issue. I do think it’s important to be accurate, though, since others may not like the tradeoffs. Proton has a bunch of other benefits as well over alternatives, such as:

                • IMAP bridge - you can use whatever email client you want and back up emails yourself - this does decrypt your email though, so you’d need to account for that
                • automatic forwarding - seems to just work as expected
                • other bundled services - I’ve used their VPN, and they have a few other things other providers don’t (e.g. encrypted storage)

                Proton… standard protocol

                Yeah, any email provider will use standard SMTP, otherwise it’s not email. The differences are whatever happens after it reaches Proton’s servers.

    • vividspecter@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      It’s useful to minimize data leaks too, since (especially when combined with simple login etc) you can avoid giving out your real address ever.

  • PlexSheep@infosec.pub
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    6 months ago

    I recently migrated my email hosting away from proton. I paid for unlimited for almost a year, but I just couldn’t take the missing features anymore. Maybe some of the missing features can be justified by security reasons, but some is just laughable.

    If you want to use a proper email client, you need to host proton bridge in your local computer. You can only host imap and SMTP on localhost. Headless is not really supported, so good luck if you want your server to email you logs. Use VMs or docker containers? Fuck you.

    On android, the only option is using their crappy mail client. For example, this client has not functionality to select all Mail from a folder if you want to archive it or mark as read. You have to select every single Mail one at a time.

    Proton drive can only be used over the Webinterface or with some windows (gui) client. No automating your backups to be pushed there.

    I switched to mailbox.org, which has weird 2fa but besides that makes my happy by just working with the damn standards. Not like email transfer is unencrypted when using STARTLS. Security is important, but for me personally, usuability has to be at least good enough.

    • iiGxC@slrpnk.net
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      Agreed. I switched to tuta, which doesn’t depend on google play services on android, and is on fdroid.

      I also switched cause protonvpn doesn’t have ipv6, and on linux requires networkmanager (i use iwd), and you can’t use wireguard without downloading files and configuring wireguard yourself. Mullvad has been much better

  • malloc@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    1
    ·
    6 months ago

    I have been exploring self hosting my email.

    Docker mail server for backend. Roundcube for web ui

    Still keeping accounts at mainstream providers though as backup, especially for outgoing mail.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      15
      ·
      6 months ago

      You can just use a custom domain at Tuta, Proton, or any of the other email providers until you decide to self-host. Honestly, I don’t think self-hosting is worth it, I value the spam filtering and uptime that major providers offer.

      • PlutoniumAcid@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        What happens when you self host email but your home is offline just as someone tries to send you an email?

        Will their mail bounce? Vanish?

        • Swarfega@lemm.ee
          link
          fedilink
          English
          arrow-up
          9
          ·
          6 months ago

          The sending mail server will keep trying for a period of time. Eventually though it will give up and return the email to the sender with an error message.

    • Yer Ma@lemm.ee
      link
      fedilink
      English
      arrow-up
      10
      ·
      6 months ago

      Register a domain, Postfix, spamassassin, freebsd jails… Do it like we did in the early 2000s, it never got better

    • AtariDump@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      6 months ago

      Don’t.

      Not only is it not worth the hassle most home ISPs block port 25 to avoid compromised computers sending out spam.

  • azalty@jlai.lu
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    6 months ago

    Didn’t know google did shady things with our mail, but yea I shouldn’t be surprised

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      12
      ·
      6 months ago

      Move it to a custom domain and host it at Proton or Tuta. That way it’s a pain once, and then you don’t have to switch email addresses ever again.

    • Swarfega@lemm.ee
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      6 months ago

      Yes, a royal pain in the ass. However. I did it recently but the way I did it means any future moves, of all my 300+ websites that I have logins for, is now done in seconds.

      I signed up for SimpleLogin and a custom domain. I then went around creating aliases for all these sites. Changing the sites is indeed the worst part. Still, this is the last time I will ever do it. All my aliases were pointing to my Gmail account. Once I’d finished I settled on Proton. I just moved all my aliases to my Proton email address.

      No one knows my Proton email address other than SimpleLogin.

      I haven’t yet, but I can now ditch Gmail. I still keep the account for a number of reasons but none are for emails.

      I’ve also been testing Tutamail. I can get aliases to go to multiple mailboxes. I have the ability to respond to the emails from either Tuta or Proton and the recipient is none the wiser of where my mailbox resides.

    • dracs@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      It certainly can be a bit involved. When I moved from Gmail address to my own personal domain I did it slowly over a few months.

      I set my Gmail address to automatically forward to my new email address. Then I setup a quick filter which added a label on everything that had been forwarded. Once a week or so I would look at all the emails that had been forwarded and update them to my new email (or delete them if unwanted).

    • Bogasse@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      My only criteria when switching email was to be able to use my own domain name. Now I almost don’t receive anything on my gmail and I can transparently switch provider. I think it was a relevant move, I won’t move to self hosting but I could ! :)

  • andrew_bidlaw@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    6 months ago

    Some services don’t send verification letters to Proton and it’s site banned by the address in fucked-up authoritarian countries, both for having less control over what it is and easy registration. I want them to explore some multi-site hydra approach so they can’t get put out of the game that easily. Moving your emails here means you can’t rely on a hope it would work tomorrow.

  • Jeena@jemmy.jeena.net
    link
    fedilink
    English
    arrow-up
    4
    ·
    6 months ago

    I was looking at it too but went for https://mxroute.com/ because they offer a very minimalistic plan without up selling.

    I also found some vaucher where I paid $45 for three years with 10GB mail, unlimited domains and email addresses.

    • VonReposti@feddit.dk
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      Does mxroute support a multi-user setup, say one for each family member?

      I’m currently looking at switching to a new provider and haven’t found the perfect replacement yet.

      • Jeena@jemmy.jeena.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        I’m not sure what you mean. I’m using it for my family but I’m setting up the Email addresses, so I don’t think every family member can be admin, no.

      • Matt@lemdro.id
        link
        fedilink
        English
        arrow-up
        2
        ·
        6 months ago

        Yes. With MXroute, you pay for storage and can create as many accounts, emails, aliases, etc. as you want.

      • fine_sandy_bottom@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        I recently migrated from fastmail to mxroute.

        Fastmail is amazing & beautiful but their pricing is just obnoxious now.

        mxroute is perfectly serviceable, if a little clunky, and a fraction of the cost.

    • Cras@feddit.uk
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      Proton shilling on Lemmy is huge business. I have nothing to say one way or the other on the products but it really puts me off.

  • Mrkawfee@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    What do people think about paying for cloud storage with Proton? Is it safer than Dropbox?

    • capital@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      2
      ·
      6 months ago

      Just encrypt before upload and you don’t even need to worry about it.

      • Plaksys@feddit.de
        link
        fedilink
        English
        arrow-up
        5
        ·
        6 months ago

        But Proton makes encryption the default and way easier and accessible for most people.

      • magikmw@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        For cold storage it makes sense, but I always consider UX - there’s not enough solutions that make private key encryption, especially remote, as easy as opening a link or mounting to a directory.

        I’ve used s3ql before, and it’s really nice for making the encryption transparent. Not something pre-encrypting before dropbox upload can provide.
        More, you wanna share those files via dropbox native tools? The recipient better have your private key or you need to reencrypt specifically for them.

        Mentioned tool: https://github.com/s3ql/s3ql

        • capital@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          I’ve used Cryptomator in the past which was pretty easy.

          Rclone has a way to mount on windows and Linux which I haven’t used personally but I imagine that works like mounting any storage.

          True that it makes all share options moot but I prefer to handle that myself.