When I wrote about privacy focused email services nearly a month ago now, I wrote about how no email service is perfect. I believe this is still the case. Emailing in terms of protocol and security still has a long way to go from being perfect.
Originally, I used ProtonMail and I have a paid plan for it, with brett.icu going through ProtonMail also. Some of the advantages to the service that made ProtonMail desirable to me include it’s support for custom domains and it being particularly mainstream. I have said it before but I’d dare to say ProtonMail is as big as something like NordVPN when it comes to privacy software.
As I further begin to get closer to a more free, private and secure online life - I try to find options that will keep me in the long term, 5-10 years at most. I started off using ProtonMail and Tutanota as they were the top 2 recommended services at the time. However there are peeves with the services that involved me having to look somewhere else. Particular issues with these two services included:
- ProtonMail has limited email client support, and Tutanota only supports it’s own email client.
- ProtonMail, albeit security focused, has good privacy mitigations but the service I moved to has something more desirable.
- ProtonMail also gets iffy and asks for a phone number or other verification when you register though a TOR client.
- On a mobile device, ProtonMail is NOT on F-Droid.
- Tutanota’s space limit is tiny for a free account.
- Tutanota does not integrate PGP for outsider emails.
- ProtonMail is pretty costly for bigger plans.
- Tutanota constantly was put under cyberattacks recently, this made accessing important emails difficult.
- Emails from outside their service dont encrypt, and can be seen by the other sender.
As an email service on their own, they function okay… but they are not what I am looking for. I want an email service that is reputable, can integrate with other email clients, provides good security, and does not ask for any information. And if it is paid, it should be cheap. This is where Posteo comes in.
Why did I pick Posteo?
Posteo has been around for nearly 12 years (!!!) starting in 2009, is cheap in price at €1 (£0.80) a month, and is supported on other email clients out of the box. It’s also based in Europe, which is preferable for me who lives in a European country. In terms of security and privacy features, Posteo has a lot! Although there are some things you need to be worth noting about (read next section).
Posteo requires no personal information to sign-up, and you can even pay via mailing them cash. I set my account up on the TOR network very easily, and even if you pay with bank transfer, they claim personally identifiable info is stripped and cannot be associated to an email account. The best privacy feature I’ve seen from them though is their ‘crypto mail storage’ where all emails, attachments and metadata are encrypted with the user’s password as the key. This makes any of the data unreadable to Posteo. The downside is this feature cannot be deactivated by them. Even if this is on, email clients can still be used.
In terms of security, it is less automated than something like ProtonMail and can be a bit complicated. Posteo relies on you using S/MIME and your own PGP key for encryption of emails. In your account settings it will tell you how to set one up, there is also a public key directory that they run to allow automatic gathering of keys of other addresses. There is also the ability to deactivate support for other clients, and only use the webmail with 2-factor authentication and crypto storage for a completely airtight email setup.
Posteo is easily manageable on multiple devices even with a Tor connection, and for my account I use it only on Tor. With one purchase, I can have 1 address and 3 alias addresses. I have been using the aliases to split identities up for accounts I use. FairEmail is a good email client I use on my phone for free software emailing.
Little noteworthy extras
- Existing users can make anonymous vouchers, to register their friends for a year.
- Completely reliant on green energy
- Two Factor Authentication (TOTP)
- No ads, no mailing lists by default
- Transparency log for court orders and security reports
Why it may not be for you
Posteo does not automate the encryption process as much as ProtonMail, nor does it focus on simplifying the process for it’s users. If you are looking for a free in price email service then this also won’t be for you. If you have a history of forgetting login information or losing data, using this service may mean bad luck for you also. Posteo is also not as mainstream and may raise suspicions, but for friends to friends it’s very effective. But, I do heavily consider trying Posteo sometime, you wont be disappointed.>> Home