Pirates are evil? The Marines are righteous? These terms have always changed throughout the course of history! Kids who have never seen peace and kids who have never seen war have different values! Those who stand at the top determine what's wrong and what's right! This very place is neutral ground! Justice will prevail, you say? But of course it will! Whoever wins this war becomes justice! - Donquixote Doflamingo • Pirates are evil? The Marines are righteous? These terms have always changed throughout the course of history! Kids who have never seen peace and kids who have never seen war have different values! Those who stand at the top determine what's wrong

Blog

Mostly en français

❯ NAS

So You Want a Secure Email?

8 min read

So recently (since Gmail just hasn’t really been cutting it recently…) I’ve been thinking about self-hosting my own email server. This would come under the larger umbrella of services I’d like to self-host in the future. But then I started doing some research into my options for securing my email— and let’s just say it’s not as easy as it seems…

Priorities

  1. Security and Privacy— that’s why we’re here right?
  2. Send emails that are reliably received.
  3. Receive Emails reliably.
  4. Be relatively hassle-free.
    • Setup time can be as long as necessary, but maintenance should be very minimal. For something that can be as crucial as email, I don’t want to have to worry about jeopardizing priorities 1 and 2 because I didn’t check on my server that day.
  5. Be able to send emails with my custom domain.
  6. Provide SMTP Access.
    • Not mandatory, but a nice-to-have. This would give me the ultimate flexibility; allowing me to send emails with bots, from websites (like in my contact form), or anything else I may work on in the future.
  7. As cheap as possible— money doesn’t grow on trees you know.

A Word about Self-hosting an SMTP Server

So let’s self-host an email server, no? Well there are two primary reasons why even a seasoned self-hosting professional may not want to self-host an SMTP server.

Email Deliverability

There are so many standards that go into emailing and ensuring deliverability. Just scraping the surface, you’d have to worry about accurately passing:

  1. SPF authentication
  2. DKIM authentication
  3. DMARC authentication
  4. Sender reputation checks

The last one is particularly difficult considering you’re likely using an entirely new static IP address for your server and that’s if (big if) your internet service provider offers and honours the static IP address (Some may require you to pay for this feature, but at least this provides a bit of certainty it’s truly static).

Worst yet, if you fail any one of the authentication or verification checks that go on behind the scenes, the email may still be sent, may not be sent, and which of the two it will be can depend on the email provider, specific email address, time of day, or really anything else. It’s a black box without any error logs. This isn’t to say that you can’t set it up correctly, but with every email you send, you’ll have to worry whether your email was really sent or the recipient is really just ignoring you (at least I’d worry).

Email Receivability

Similarly, you may have to worry about emails never making it into your inbox to begin with. If at any point your server goes offline (due to a change in IP address, loss of power, or loss of internet), then you won’t be receiving any emails. And unlike, say a file upload, if you’re offline at the time of action, the sender has to be kind enough to resend it. Depending on their email service, they may not even get an error that their email wasn’t sent to begin with.

Therefore…

Unless you really, really, know what you’re doing and have a lot of time on your hands, or you just want to learn how email works, it likely isn’t worth it to self-host an SMTP server. This is especially the case because it costs so little nowadays to get a reliable email.

No Self-hosting, Now What?

Well, I’ve narrowed down a couple of options that blend security with my priorities. As far as alternative providers,

Tuta

Tuta is a German-based email provider that’s an industry leader in email encryption.

Strong Points

Tuta fully encrypts same-service (Tuta to Tuta) emails and differentiates itself from the competition by encrypting more stuff1 when it comes to non-same-service (Tuta to non-Tuta) emails. As far as I can tell, this comes down to just the subject line since this is not included in the PGP (Pretty Good Privacy) standard. If you choose to encrypt an email sent outside of Tuta’s services, it will require that the recipient enter a decrypting password in a secure portal.

Also, Tuta has a fully FOSS Android app on F-Droid that doesn’t rely on Google’s notification system. That’s really nice!

Price

There is a free tier, but it’s highly limited (and doesn’t allow for custom domains, so I have to rule it out). But the Revolutionary tier (€3/month paid yearly) gets you at the time of writing:

  • Fully encrypted, no tracking
  • 20 GB storage
  • Unlimited number of calendars
  • Unlimited number of labels
  • 15 extra email addresses
  • 3 custom domains
  • Family option

Drawbacks

There is no SMTP support which hinders flexibility. I use email for the contact form on my website currently, and I wouldn’t be able to port that to Tuta. But it seems like, once upon a time, Tuta had a feature called Secure Connect, which allows users to use their servers to process contact form info from their website. This would be exactly what I would need and I would’ve even overlooked the lack of an SMTP server, however, it seems like they removed this feature just over a year ago… A real shame, but this is a bottleneck for Tuta, a small team needs to prioritize their time and their’s no guarantee that a feature, or even Tuta itself, will exist far into the future.

Also, they are based in Germany— a member of the Fourteen Eyes.

ProtonMail

This is by-in-large the most well-known and famous option. Like Tuta, ProtonMail uses full end-to-end and passwordless encryption for same-service emails. Unlike Tuta, for non-same-service emails, it relies on PGP and leaves the subject line unencrypted (may or may not be important to you).

Strong Points

It’s a large, old company with a good track record that is as reliable as it gets in the privacy space. It gives you access to an SMTP server, but of course, this is not as secure as sending an email directly with ProtonMail.

Depending on how much you want to spend, in addition to an email service you can get:

  • A really good VPN
  • Encrypted password manager
  • Encrypted cloud Storage for photos and documents
  • Encrypted crypto wallet

So yeah, a lot of amenities for a really decent price. If you have or want any of those in addition to an email, it’s a strong selling point. Keep in mind that all but the VPN can be reasonably (and likely advantageously) self-hosted.

Pricing

In order to get all the above “freebies”, the Proton Unlimited Plan will run you CAD $12.49 /month paid yearly and will match Tuta’s 3 custom domains. However, if you don’t need all the extra stuff there is a Mail Plus Plan that will only set you back CA$4.99 /month paid yearly (at the time of writing) which is only 30 cents more (despite offering quite a bit less compared to Tuta). Here’s the full feature list:

  • 15 GB storage
  • 1 user
  • 10 extra email addresses for you
  • Support for 1 custom email domain
  • Unlimited folders and labels
  • 10 hide-my-email aliases
  • Priority customer support

Drawbacks

There’s no FOSS Android app, and the native app uses Google’s notification system (more data for the big guys!). So your best bet is to use the mobile web interface for a truly secure mobile experience, but… I personally often choose not to have a browser on my phone, so that’s a bit of a tough pill to swallow.

Amazon SES (What?)

Yeah, despite being now a multi-trillion-dollar business, it might be more secure than you think.

The idea is to use a mix of your personal server and Amazon SES with encryption. So, you can receive emails directly to your server (I know I’ve advised against this earlier, but receiving is generally more reliable than sending) and then you can send any outgoing emails through Amazon SES to take care of the authentication and leverage their domain reputation. Before the email leaves your server, you can encrypt it using PGP, but do note, they will still see the sender, the recipient, the IP address (unless you obfuscate, like with a VPN), the sent time, etc. That being said, the recipient (just like Amazon themselves) will just see a scrambled mess for an email and they will have to manually decrypt using a key you’ve supplied them. Amazon’s privacy policy likely mentions something about protecting your metadata, but they don’t have nearly the same track record as some of the other providers I’ve spoken of. As soon as there’s a great enough incentive, or until they change their policies, there’s a good chance you’re being watched.

Conclusion

After all that, the question remains, what will I be moving forward with? I’m still on the fence. I think I’d be OK with receiving contact form emails through my Gmail and responding through more secure means, but Proton gives me the ability to have it all in one place (despite the contact form having the same level of security as with Gmail, well minus Google’s peeping eyes). So right now, I’m not sure which I’d choose, and to be honest, I’m not sure if it’s worth it. Email is such an outdated communication standard that has just been grandfathered in, there are free alternative forms of communication that are far more secure with far less headache. Maybe I’ll move away from relying so heavily on emails to begin with…

Footnotes

  1. But not everything. Metadata is still unencrypted, like ProtonMail, but they both handle metadata with a similar level of privacy from what I can discern, i.e. they don’t log your IP address.

Join the Discussion with Remark42

Graph View

Backlinks

  • No backlinks found