291
top 50 comments
sorted by: hot top controversial new old
[-] voracitude@lemmy.world 85 points 6 months ago

For anyone using a custom domain, or thinking about it, read this: https://dmarcly.com/blog/how-to-implement-dmarc-dkim-spf-to-stop-email-spoofing-phishing-the-definitive-guide

Without these records you're a lot more likely to go to spam, or get rejected outright. If you have questions about it, ask here or DM me and I'll be glad to help.

[-] 1boiledpotato@sh.itjust.works 62 points 6 months ago

Recently I added a custom domain to my protonmail account and during the procedure it makes you do this steps (adding SPD, DKIM and DMARC) to pass all the steps. They tell you exactly what records you have to add, where to add them and what the content should be. These guys are great

[-] SupraMario@lemmy.world 8 points 6 months ago

Yep, setup mine about a year ago now, since I'm trying to get rid of Google completely, and it walks you through all of this. It was really well done setup.

load more comments (5 replies)
load more comments (6 replies)
[-] _sideffect@lemmy.world 42 points 6 months ago

I always worry that it will get bought out by some asshole company and we'll be even worse off than with Google (if that's even possible).

[-] zkfcfbzr@lemmy.world 105 points 6 months ago

Hi, this is Andy here, the Founder/CEO of Proton. As former scientists, we don't do what we're doing to make the most money (otherwise we wouldn't have picked science as a profession). There's no price which we would sell Proton to Google or Facebook. We also don't need to because thanks to the strong support of the community, Proton has the resources to thrive and grow as an independent organization. Safeguarding this independence is how we ensure that over the long term, we can always put user interest above all else.

-Protonmail Founder, 2 years ago, for what it's worth.

[-] bionicjoey@lemmy.ca 91 points 6 months ago

Google's motto used to be "don't be evil"

Companies can change.

load more comments (5 replies)
[-] sugar_in_your_tea@sh.itjust.works 7 points 6 months ago

Trust, but verify.

I want to see some assurance. I don't know Switzerland's laws, but if there's a concept of a "social purpose company" or something with actual legal teeth, that would make me a bit more comfortable.

They're certainly better than Google, and I like that their products are audited, but words from their founder don't need much, especially if the founder decides to leave.

[-] CyberSeeker@discuss.tchncs.de 27 points 6 months ago

That’s the benefit of a custom domain, I suppose; you can always change he provider without changing your email.

[-] sugar_in_your_tea@sh.itjust.works 9 points 6 months ago

Yup, I just signed up for Tuta with a custom domain. If they start sucking, I'll move to Proton or something else.

[-] deweydecibel@lemmy.world 7 points 6 months ago

You should be aware Tuta won't let you use a third party client, automatically forward messages, or do a mass export of your email. It's not impossible to move but they deliberately make it difficult. So does Proton in their own away.

They'll say it's about maintaining the security of your emails and such, but it's just a vender lock in tactic.

[-] Swarfega@lemm.ee 8 points 6 months ago

Proton allows you to export as eml or mbox. Seems fine to me?

load more comments (1 replies)
load more comments (1 replies)
load more comments (6 replies)
[-] nbailey@lemmy.ca 8 points 6 months ago

It’s unlikely but not impossible. I’ve been using PM with a custom domain for about five years now, and never thought too hard about leaving.

In an ideal world, a company like ProtonMail would be cooperatively owned by the workers and paying users, sort of like a credit union.

Pragmatically, they’ve done fine stewardship of the service for the last decade or so they’ve been around. A big part of it is that their value proposition depends on stability and trust. But it could be better.

[-] 1boiledpotato@sh.itjust.works 32 points 6 months ago* (last edited 6 months ago)

Obligatory video from one of the greatest channels youtube has ever seen: By Default - There is no private email

[-] RalfWausE@discuss.tchncs.de 5 points 6 months ago

Has really everyone fogotten that you can use tools like GPG? What fucked up timeline is this?

[-] drislands@lemmy.world 18 points 6 months ago

Honest question: how many email-havers do you think know what GPG is?

load more comments (4 replies)
[-] CriticalMiss@lemmy.world 7 points 6 months ago

GPG has a chicken and egg problem. I have mine publicized on Ubuntu’s key server, which is likely one of the bigger ones (but iirc it is of little relevance as it syncs with other keyservers). Out of the emails I am sent only one of my contacts bothers with encryption. Which is sad, but what can you do? The web mail interfaces rarely if ever support GPG, and even if they do sharing your key with them defeats the purpose.

load more comments (2 replies)
load more comments (2 replies)
[-] sramder@lemmy.world 30 points 6 months ago

I value my privacy and have an extra $7 to blow every month.

Bleep boop, this summary has saved you 99.9%… just kidding i’m not a bot and have no idea what the article says ;-)

[-] sugar_in_your_tea@sh.itjust.works 6 points 6 months ago

You're pretty close, the thing you missed is, "Google is creepy."

load more comments (1 replies)
[-] femboy_bird 19 points 6 months ago

I think it is important to understand that email never will be very secure because the standard wasn't made with modern threat models in mind, if you want to communicate privately and anonymously, you need modern protocols like signal, i also use proton but only because I hate Google, i don't expect my emails are any more private than they have ever been. I use email only when it is required, I use signal for private communication, overlap is impossible

[-] BananaTrifleViolin@lemmy.world 15 points 6 months ago

Your emails are.more private in the same sense that if you have a letter with something on it, turning it over means someone can't read it over your shoulder, but they could have read it before it got to you.

Google has access to the contents of your inbox, Proton mail does not. But the protocols are unchanged and unencrypted email is accessible in transit.

So moving to Proton is a definite improvement, particularly as email remains a basic means of communication. But as you say if you wand secure communication then it is very flawed.

load more comments (5 replies)
load more comments (1 replies)
[-] TropicalDingdong@lemmy.world 12 points 6 months ago

Moving email seems like such a PITA, I don't think I would move unless to self hosting.

[-] Shadow@lemmy.ca 33 points 6 months ago

Self hosting email is even more of a pain.

[-] SanicHegehog@lemm.ee 6 points 6 months ago

Good lord yes

[-] TropicalDingdong@lemmy.world 5 points 6 months ago
[-] sugar_in_your_tea@sh.itjust.works 12 points 6 months ago

Move it to a custom domain and host it at Proton or Tuta. That way it's a pain once, and then you don't have to switch email addresses ever again.

load more comments (3 replies)
[-] Swarfega@lemm.ee 6 points 6 months ago* (last edited 6 months ago)

Yes, a royal pain in the ass. However. I did it recently but the way I did it means any future moves, of all my 300+ websites that I have logins for, is now done in seconds.

I signed up for SimpleLogin and a custom domain. I then went around creating aliases for all these sites. Changing the sites is indeed the worst part. Still, this is the last time I will ever do it. All my aliases were pointing to my Gmail account. Once I'd finished I settled on Proton. I just moved all my aliases to my Proton email address.

No one knows my Proton email address other than SimpleLogin.

I haven't yet, but I can now ditch Gmail. I still keep the account for a number of reasons but none are for emails.

I've also been testing Tutamail. I can get aliases to go to multiple mailboxes. I have the ability to respond to the emails from either Tuta or Proton and the recipient is none the wiser of where my mailbox resides.

load more comments (1 replies)
[-] dracs@programming.dev 5 points 6 months ago

It certainly can be a bit involved. When I moved from Gmail address to my own personal domain I did it slowly over a few months.

I set my Gmail address to automatically forward to my new email address. Then I setup a quick filter which added a label on everything that had been forwarded. Once a week or so I would look at all the emails that had been forwarded and update them to my new email (or delete them if unwanted).

load more comments (1 replies)
load more comments (1 replies)
[-] malloc@lemmy.world 12 points 6 months ago

I have been exploring self hosting my email.

Docker mail server for backend. Roundcube for web ui

Still keeping accounts at mainstream providers though as backup, especially for outgoing mail.

[-] sugar_in_your_tea@sh.itjust.works 15 points 6 months ago

You can just use a custom domain at Tuta, Proton, or any of the other email providers until you decide to self-host. Honestly, I don't think self-hosting is worth it, I value the spam filtering and uptime that major providers offer.

load more comments (2 replies)
[-] JoMomma@lemm.ee 10 points 6 months ago

Register a domain, Postfix, spamassassin, freebsd jails... Do it like we did in the early 2000s, it never got better

[-] AtariDump@lemmy.world 6 points 6 months ago

Don’t.

Not only is it not worth the hassle most home ISPs block port 25 to avoid compromised computers sending out spam.

Friends don't let friends selfhost email.

[-] PlexSheep@infosec.pub 11 points 6 months ago

I recently migrated my email hosting away from proton. I paid for unlimited for almost a year, but I just couldn't take the missing features anymore. Maybe some of the missing features can be justified by security reasons, but some is just laughable.

If you want to use a proper email client, you need to host proton bridge in your local computer. You can only host imap and SMTP on localhost. Headless is not really supported, so good luck if you want your server to email you logs. Use VMs or docker containers? Fuck you.

On android, the only option is using their crappy mail client. For example, this client has not functionality to select all Mail from a folder if you want to archive it or mark as read. You have to select every single Mail one at a time.

Proton drive can only be used over the Webinterface or with some windows (gui) client. No automating your backups to be pushed there.

I switched to mailbox.org, which has weird 2fa but besides that makes my happy by just working with the damn standards. Not like email transfer is unencrypted when using STARTLS. Security is important, but for me personally, usuability has to be at least good enough.

load more comments (1 replies)
[-] andrew_bidlaw@sh.itjust.works 10 points 6 months ago

Some services don't send verification letters to Proton and it's site banned by the address in fucked-up authoritarian countries, both for having less control over what it is and easy registration. I want them to explore some multi-site hydra approach so they can't get put out of the game that easily. Moving your emails here means you can't rely on a hope it would work tomorrow.

[-] Kjev@discuss.tchncs.de 8 points 6 months ago

At the end of the day. The main thing people should be aware of is that Cloud Storage is basically you keeping your data on someone else's computer so you must assume as a rule of thumb that that data is vulnerable even if it is allegedly encrypted.

Now Proton has its own share of controversies which make its advertising of Privacy less trustworthy, at least in my eyes. I won't go into details so feel free to do your own research, it will only take a couple web searches.

I personally also use Proton Mail for work but I always try to never communicate anything through it that I feel is risky in the context of my critical personal info.

Self Hosting is not the best solution when it comes to Mail Servers because of the whole domain trust issue yada yada as far as I am aware. (I don't have the resources or the money to self host so I am going through someone else's shared experience.) But it's definitely the most concrete solution for privacy.

[-] azalty@jlai.lu 8 points 6 months ago* (last edited 6 months ago)

Didn’t know google did shady things with our mail, but yea I shouldn’t be surprised

[-] skeezix@lemmy.world 5 points 6 months ago
load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 25 Apr 2024
291 points (100.0% liked)

Technology

59192 readers
3079 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS