Free email providers being banned by Gmail - Alternatives?
- Inicie sesión ou rexístrese para enviar comentarios
Hello everyone,
So I had been using xmail.net and danwin1210.me for a while (both because they have webinterface that works without Javascript and provide Onion address), but recently noticed that people with Gmail can't send or receive emails from me. When I send an email (even a reply to a previously on-going conversation) I get an automatic reply stating the domain is blacklisted. The same happens when they try to send me an email as well.
What free (as in beer) and preferably privacy preserving options do you recommend?
Thanks!
Protonmail has an onion instance: https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/
Works good.
More about it here: https://protonmail.com/tor
I don't have trouble with it communicating with gmail addresses.
I'll bet some of the others like disroot and tutenata have onion addresses, but I'm not sure as I haven't used them.
Thank you for your reply.
I do use protonmail for my "regular" emails, utilities bills and IRS and whatnot. But I do have the need for a "private/anonymous" email account, and Proton usually asks for a phone number if you try to create an account over tor.
Hence me looking for other alternatives.
Oh, I have an anonymous protonmail account besides my regular one. I think I just used one of those one time throwaway online phone numbers to sign up for it. There's yewtu.be videos to show you how.
Other than Protonmail, which has been mentioned, I also use Tutanota. I would give them a shot if you haven't already.
Disroot.org
Posteo.de
These are the only ones I can suggest right now due to other issues,
dismail.de & snopyta.org no longer offer new registrations otherwise they would be decent. too much bandwidth/money required for new registrations...
teknik.io is another other one, not sure if its completely libre though, so beware... even if it is licensed under MIT.
There might be others, but the very top of this post, are two I am almost certain are libre/privacy friendly.
Tutanota has a non-free server last I checked... it also blocks imap/pop3 protocols which is one reason why I am suspicious of them.
There are probably others, but yeah... you can think whatever you wish. That's my position for ya.
>Tutanota has a non-free server last I checked... it also blocks imap/pop3 protocols which is one reason why I am suspicious of them.
The way I understand it, the reason you can't do pop3 or IMAP with tutenata or protonmail is that pop3 and IMAP don't allow for true end to end encryption in cases where the provider does not have a copy of your encryption key. Correct me if I'm wrong.
chaosmonk used to b*tch about that too, back when he was kind enough to grace us with his presence. I should email him. Nearly an entire year away from the forum is a bit too long.
> chaosmonk
I'm afraid he's gone, 'Access denied' circle of Hell style. Can you remember any incantation for that one?
> pop3 and IMAP don't allow for true end to end encryption in cases where the provider does not have a copy of your encryption key.
Not sure what makes you think so, but it sounds contradictory to me: E2E encryption means that your email provider has no interference with the encryption process whatsoever. You need to send your public key (if this is the encryption technique you are referring to) to the other person you are communicating with, and they need to use that public key to encrypt the messages they are sending you. The trick being that once they have encrypted it, only you (or whoever managed to access your private key) can decypher and enjoy the plain text content, so they might be stuck with a 'sent' folder full of unreadable messages they sent you. And vice versa.
But probably you meant some other encryption technique, about which I will certainly be much less knowledgeable.
I'm talking about "encryption as a service", which is what these email providers promote. You can always gpg a message on your end and send your public key to your friend to decrypt. But if you want some cloud-y "service" to claim to E2E for you without sneaking a peak at your naked and unencrypted bits, I'm pretty sure that it won't work with pop3 and IMAP.
Again, I could be wrong. I read a lot of stuff and forget a lot of stuff, and a lot of stuff gets mixed up in my scrambled old brain. Sometimes I think I know something and it turns out to be just a great big pile of horse manure.
I see. Not knowledgeable at all about delegating E2E to an email service provider, I am.
The last thing in town about E2E and convenience seemed to be OMEMO, but that was happening in the XMPP galaxy: https://xmpp.org/extensions/xep-0384.html.
Tutanota has a non-free server last I checked... it also blocks imap/pop3 protocols which is one reason why I am suspicious of them.
Tutanota do not "block" IMAP or POP3, they just do not support these protocols, the access to a Tutanota mailbox is only possible via a web browser using their Javascript, or via an app which is based on Element (so include Chrome).
Besides, their "ciphered emails" are not really email as they are only on Tutanota's servers. When Tutanota users want to send email to non-Tutanota users, the non-Tutanota users receive an email with a link to Tutanota's website to enter a password and read the "ciphered email", in an interface that is a subset of the interface visible to Tutanota's users.
Tutanota say they do not use PGP because this does not cipher the subject, does not support forward secrecy and does not support post-quantum encryption. However, the benefits they promote only come via a Javascript that perhaps no one except them really studied and their system is not email (the "ciphered emails" only exists in their server).
If you don't care about ciphering, I guess it could be ok. Personally, I use non-anonymous services only but I use ciphering.
Thanks everyone for those suggestions, though I know about most of these providers. My question is if (in your experience) Gmail has blocked them or not?
I need to exchange emails with people who, in many cases, use Gmail. I need a domain that is OK with them.
Yeah, I am not a fan of Google, but it is what it is.
Posteo.de is one I definitely know works, I have done so, many times.
Disroot.org has worked for me also, when communicating with someone I know who uses an ISP email.
Also, it works with gmail as well, no worries on that,
You should be fine.
I still use gmail unfortunately. I don't use my personal email all that much anymore but I'd still like to switch to something that isn't Google. I once thought about self-hosting but it seems like too much of a hassle to get Gmail and others to accept your emails.
I will check out Protonmail, Disroot, and Posteo. I'm not opposed to Tutanota but I prefer to use an offline email client. One of my family members (who, ironically, works for Google) recommended Protonmail.
With protonmail, if you want to deal with mails offline, like through Thunderbird or a similar email program, you're going to have to have a paid account. Protonmail does do a form of IMAP with their protonmail-bridge app, but it's not available for free accounts.
Something to consider before you begin. I pay for an account, but not everyone is going to be willing to.
Thanks for the info. I don't necessarily mind paying for an email account. Looks like it's 4 euros/month, or around $4.50.
posteo.de is 1$ per month, hence why if you are brave enough to pay for protonmail, I highly recommend, not doing that and just instead buying a posteo.de account...
Otherwise, disroot might be the better option.
And if that doesn't suit your needs, idk...
I have heard rumors of protonmail not being trustworthy though on youtube.com, from MentalOutlaw, a youtuber who is into minimalism/foss type stuff.
You may take this info with a grain of salt, but I recommend doing your own research before you use protonmail, check to see if the people who say this have any evidence aka...
That is my hopefully final word on the subject of protonmail.
;)
But yeah, be careful! :)
I did hear some bad things about Protonmail a few months ago but I didn't really look into it.
I might go with Posteo, as I doubt Protonmail provides any extra features that I would use. How does Disroot compare to the paid options?
I should add, I don't really care much about email encryption, as I don't use my personal email that much to communicate with other people. It's more for receiving bills and stuff.
Disroot doesn't cost a dime unless you want more than 2GB of cloud storage or more than 1GB of email storage or both more,
Unless, you want to donate...
Which I did once, long ago...
However, sometimes registration is disabled on occasion, so do so asap if you need it now.
If I recall correctly, they don't allow it on weekends most of the time due to time constraints.
As for the paid options comparison of proton, posteo and disroot, I have no answer,
gpg might be possible to use on there, but I never tried except with curve25519, which does not work... yet, unless that's changed in last year.
I think it works with other curves though,
Again, you may want to research it somewhere. Hope this helps.
You want to be careful where their headquarters are and where their physical servers are located. The US and Germany are very very bad, nearly as bad as China. They can get secret court orders to decrypt all your communications with almost no effort, and you won't know a thing. The only reason I avoid some of the services that are mentioned here are because of the geography, otherwise they are outstanding services.
Mental Outlaw has pointed out the metadata problems with protonmail's webmail interface, but both he and the company acknowledge you shouldn't really be using a web interface if you want truly private communications. Whatever service you use, whether it's protonmail or others, you need to use an offline mail reader, and need to do it behind a VPN - if you want something that approaches actual privacy. And you need to be very careful about where those VPN servers are located as well. In the US or Germany or China, the government can grab those servers easier than you can change channels on your TV.
But it looks like Swiss law isn't that great either: https://protonmail.com/blog/climate-activist-arrest/. Though it does seem to be better than US, Germany, etc. I wonder why so many of these email services are based in Germany.
Anyway, my personal email address is mainly for receiving bills, signing up for stuff, etc. I use it to communicate with an actual person maybe once a month or less. I don't have any real expectations of privacy when using email.
As I said, even protonmail admits that you have to use a VPN or they will be required to turn over their limited server logs showing your IP address. Using a trusted VPN or protonmail's onion service would be the way to go about it. Swiss VPNs are apparently still shielded from the country's requirements to turn over data.
It's all ridiculously complicated and the laws are constantly shifting. In reality, it's probably not possible to continue to use any email with a true guarantee of privacy, especially now that we know from revelations the past few weeks that Tor's relay nodes are being compromised by some large government actor which operates hundreds of the nodes.
the best email provider for YOU is YOU. hosts like protonmail and riseup are lame and should not be trusted
sudo apt-get install postfix
and configure that. with imap too
make sure to:
* get PTR record correct:
host youripaddressaddress
this will resolve to something set by your isp (or you, if your isp is awesome). set myhostname in postfix config to that
* set A/AAAA records correctly
ideally, the PTR record for your IP should resolve to the same address as A/AAAA, but you don't need to. most ISPs don't let you change it, but you can set myhostname in postfix to whatever your isp gives you, while having everything else different
* set SPF correctly
* set up DMARC correctly
* set up DKIM correctly (use opendkim)
https://www.mail-tester.com/ is a really great way to check if you mail is configured properly. many public email providers even fail this test. libreboot.org mail (self-hosted in my lab) gets a 10/10 score!
email self-hosting is easier than most people think.
the above is basic advice but there are great guides online for how to do it
edit:
and don't host mail on a dynamic IP. do it on a static ip. the reason this is important is because many public mail hosts block mail from dynamic ips due to spam. also, the SPF record must be correct as your your IP, and changing it all the time can be annoying
if you need static IPs, get a decent ISP, or get an L2TP/VPN tunnel to route static IPv4/v6 subnets (works on CGNAT too). you can set up openl2tp/openvpn on any vps hosting provider; don't use the vps to host anything, except the tunnel connection. so the vps is basically being used as a 2nd isp. with that, you could also host your own dns, but i recommend having 3 dns servers if possible (instead of 2), where the main one is outside of your network, one is in your network, and the 3rd is in yet another network
2 dns hosts is the minimum though. also, you can cheat by having 2 dns addresses both actually being the same machine, where that machine has 2 public IP addresses (4, if doing IPv6 aswell). but i don't recommend that
if self-hosting dns, what you want is an "authoritative-only name server". bind9 is a good, conservative choice of named
edit2:
and on the off-chance that you do "cheat" and have ns1/ns2 on the same machine, and it's the *same machine as the mail server*, make sure that all the IPs resolving to/from that name server are in your SPF records. i recommend having ns1/ns2 not on the mail server. which means at least 2 IPs (4 if IPv6. because 2 are IPv4 and 2 are IPv6) if ns1/ns2 are the same machine, but if doing it right, therefore you'd need 3 IPs (6 if doing IPv6)
edit3:
and you should be doing ipv6
edit 4:
one last thing before i go:
it's possible to set up smtp/imap auth through pam, if you use pam on your mail server. also:
if doing mail for multiple domain names, where you have e.g. johndoe at domain.com and johndoe at domain2.com, set up virtual aliases. otherwise, johndoe will be the same account on both domains
edit 5:
also, for encrypted smtp/imap auth, you can use certbot/letsencrypt just fine
ok bye. good luck!
This is fantastic, thank you Leah.
You probably live in a country where you can trust your government and your ISPs and VPS providers. I do not. In my country, nearly all data is gathered up and used against us 24/7 by secret court order. I have to look to foreign services in certain jurisdictions and onion services for any small hope of privacy.
But some of your steps could be tweaked to use foreign VPS providers in specific geographic locations. There's a lot that would go into it, including setting up multiple DNS servers via foreign VPS, and the costs could get quite high. But it's worth looking into - maybe it could be shared with a group of people, and numerous people could pay to share the cost burden and to share the email service.
I have thought about self-hosting. Setting up Postfix/Dovecot is probably not that hard, but from what I've read, getting your email address to be accepted (and stay accepted) by other providers like Gmail is painful.
yeah that's why i mentioned about mail-tester.com
it tells you what you configured wrong. look at what i wrote and search around to find info online about how to set it up properly. digital ocean (vps provider) often has nice guides on their site, for everything (and you can follow them without using digital ocean)
by the way, to the other person: lowendbox.com is a nice site for finding cheap, overseas vps providers. then you can set up l2tp/vpn on that, to route static IPs if you want to host email at home
if you live in a repressive country, your isp would probably run tcpdump a lot and analyze, so probably better set up an *encrypted* vpn
but it can be done. email is low traffic too, so the vps can just be a cheap one, simply for routing IPv4/6 subnets
edit:
also, for tcp connections only, ssh is a nice protocol for encrypted tunnelling. you can use the program "autossh" which restarts the connection automatically, whenever ssh flakes out. a bit ghetto but can be useful when you want to quickly test something without setting up something more complicated like openvpn
government censors might overlook ssh and try to mess with vpn connections. so autossh might even be something you want to use, for tunnel connections to host services in a repressive country.
edit 2:
and it's possible btw to disguise ssh over port 443 and make it look like https traffic. and a decent vps will give you multiple IPv4/6 addresses so you'd still be able to have an httpd on another ip, if you wanted to host a website too
@Leah:
That's nice of you, but when you want to add something, I think it's better to make new posts instead of editing existing posts, because editing existing posts will not reach people who use the mailing list* instead of the web forum, if I recall correctly.
While Posteo doesn't look bad, one downside is that it doesn't allow custom domains. I like the idea of using a custom domain so I don't have to keep switching email addresses when I want to switch providers or in case a provider shuts down.
Has anyone tried mailbox.org?
I did once, but be aware, it is not open source.
So, just be aware of this, and do some research if you can.
I think I'm going to try mailbox.org. While fully free software is nice to have, being able to use a free software IMAP client is good enough for me. Unlike posteo.de, they allow custom domains which makes switching providers relatively easy.
Edit: Another pro of mailbox.org is that you can use your own PGP key to encrypt the mailbox. You can provide the public key, but keep the private key locally. I haven't tried it yet but plan on doing so once I decide on a custom domain.
When you use OVH as registrar, with a one time fee, you can get a number of mailboxes (5 Go storage per mailbox) that you can use as long as you renew the domain (5, 25, 100 or unlimited number, from 6 to 35 euros tax included). You can access your mailboxes by POP, IMAP or their roundcube interface. You can also setup up to 2000 redirections per domain. I have been using that for more than 15 years without issue. Not free but almost.
EDIT: Of course you need the non-free JS of their website to setup your account and any admin task (create mail box, change password, create/modify/delete redirection). Names in their websites are confusing, you need to go to "web cloud", "order" and the option is called "MX Plan". Fortunately, in the last 15 years, it changed only once, so once you have found what you need it is ok.
Actually I might go with runbox.com instead. It's cheaper for a plan that supports custom domains.
Doesn't posteo.de have custom domain options?
Last I checked, runbox had quite a few cookies.
It does not, unfortunately. I'm also considering Migadu and Mailfence. Do you have any opinion on those? Migadu is interesting because the plans limit the number of messages in/out rather than number of addresses or domains. They also say that they offer a student discount. They do not encrypt mailboxes, but that relies on trusting the provider anyway.
EDIT: I contacted Migadu, and they offer a 50% discount for two years for students. This is a very attractive option now.
Doesn't posteo.de have custom domain options?
No.
Tutanota doesn't work with Tor. I've tried a million times and all IP's are banned during registration.
I think Protonmail works with Tor.
This I never knew, makes it even more clear people should avoid it like the plague... given it already has a non-free server, etc...
None of these options we've discussed here should be avoided like the plague. They are all a million times less evil than gmail. There are really only minor differences between any of them when compared to the obscene and outrageous abuses of gmail.
Agreed. I always see negative comments about all of these email providers, which is why I just kept using GMail even though it is clearly much worse. I'm avoiding Tutanota because I want IMAP support, but overall it doesn't seem like a bad provider.
Perhaps we should consider this: https://e.foundation/ecloud/
/e/ is providing a deggogled OS for android phones - it is not all free software (e.g. drivers and *one* app: maps), but they do offer a supposedly good alternative to 'ordinary' android-based OS.
They also offer free email, storage, calendar, online office suit etc. If you need more than 1GB of storage, they offer affordable solutions (starting at 1.99 $ a month for 20GB). Servers are locate din Europe, the services are GDPR compliant etc.
I just recently learned about this option. Please help investigating the potential.
>"I just recently learned about this option. Please help investigating the potential."
Looks pretty cool actually. It's just Nextcloud plus OnlyOffice, so any of us could set it up and run it ourselves. However, their free plan and their plans costing from $1.99 for 20GB to $7.99 a month for 256GB is probably cheaper than renting VPS space. I'll sign up for a free plan and report back on my experiences. Thanks for the tip!
Edit: Wow, this is amazing! Sign up takes about 1 minute, and then you are looking at your dashboard. Email, calendar, documents, contacts. I uploaded a document and clicked to open it and it opened perfectly formatted in OnlyOffice online. Email sending and receiving is fast. The web interfaces are well designed and easy to understand. Moving around the dashboard is quick, with no real noticeable lags. Sign-up only requires an email address, no phone number.
Overall, I'd give it a very positive recommendation in this first look. I would need to know more about their encryption and privacy policies before I decided to use it extensively. But it looks great otherwise.
With Nextcloud, can you make sure that everything is ciphered locally, so the server only gets ciphered things?
My solution for calendar and contacts is self-hosting of CalDav/CardDav server with freedombox, using the "Pioneer box", no non-free software at all, the most difficult part is registering a domain and pointing the DNS to your machine.
My solution for documents is self hosting with Seafile (less easy to setup but not that difficult), now hosted on a machine that has some non-free firmware, but still much better than anything in the cloud.
Disroot.org not good? thegood.cloud not good?
Also, fair enough, anything is better than gmail and email providers like them...
You all raise an excellent point regarding this.
I'll give a try to Disroot with a NextCloud desktop client, to see whether it supports the encryption.
NextCloud seems very popular but I rarely hear about the server trust aspect. With a server not under your own control, you have no clue what it is doing exactly, so you should not have to trust it.
I have not tried that yet but I have interest in Tahoe-LAFS: if you run the gateway, you don't need to trust the machines that store your data. That sounds promising.
I use rclone with these services, and others, so no worries. :)
Aka, you don't need nextcloud or owncloud for these. :)
I agree: signing in and getting started was very easy.
Did you have time to see the 'Privacy' page under 'Settings'?
In my case it says that my data are stored in Finland and that two administrators have access to my data. Does this mean that those two administrators have access to my data in plain text?
I don't have enough knowledge to determine whether the information given there means it is private to use. By private I mean that others can't access my data.
Do you have a useful impression of whether it's secure? By secure I mean that Data will not be lost - in general or to someone else - even with a server breakdown.
To be honest, I try to encrypt everything I upload to the cloud as well, also. Just in case the cloud storage gets hacked which is idk, possible?
But probably not the usual.. ;)
gpg encryption aka...
For those who maybe wonder how to use mail-tester.com without enabling its spooky javascript (Scroogle Craplytics included), you need to make up an address of this format:
test-[9-character-lowercase-alphanumeric-string]@srv1.mail-tester.com
send an email to it and then paste that address at mail-tester.com and click the button (or go straight to https://www.mail-tester.com/test-[9-character-string]).
Perhaps the string doesn't even have to be 9 character alphanumeric? That's just what mail-tester's javascript generates by default.
I can wrap it up in a Haketilo fix if there's demand.
A useful service, btw. Shame I didn't know about it back when fighting mail filters... I wonder if there're tools to easily self-host something similar...
Does anyone here have an opinion on Migadu?
- Inicie sesión ou rexístrese para enviar comentarios