Ditching Protonmail - 2023-03-14 (3 min. read)
I’ve been using Protonmail as my email provider since 2017. I changed from GMail after getting tired of having my emails used as a datasource to feed their machine learning models.
Back then, Protonmail was advertising to be the most privacy friendly email provider and bragged about hosting the data in Switzerland. They were also pretty proud of their end-to-end encryption.
I was fine with Protonmail for a while but there is one thing that annoyed me. Because of their end-to-end encryption you have to use their clients to access your emails. This means that if I want to read my emails from my devices I have to use their email client or their webmail client.
They actually have an alternative to that: if you want to use your own email client, like mutt or thunderbird, you can use a small companion app called Proton Mail Bridge that will encrypt/decrypt your emails as they arrive/leave your computer. Of course, this is not available with the free Protonmail plan.
With this, and the fact that you can’t be sure what they do or not with your emails, I decided to give up and selfhost my email server. It is often said to be a PITA to configure your own email server but I was convinced by a friend to do it.
I first decided to try out a bare install of an email server on a Debian server. It is actually pretty simple to do, it’s also well documented online so I will not explain it in detail. You basically just need an MTA (mail transfert agent, e.g. Postfix) and an MDA (mail delivery agent, e.g. Dovecot), an SSL certificate, and to setup RDNS and your DNS records with DKIM, DMARC and SPF entries. With all that setup correctly you should be able to send and receive emails, and to not be considered as spam.
Once my initial setup was working I decided to switch to a dockerized version
so that it’s easier to migrate. The simplest is to use
docker-mailserver.
This docker image includes Postfix, Dovecot, antivirus, antispam, and most of
what you’d want in a personal mailserver. It’s really easy to setup, it also
has plus addressing enabled by default (to be fair it’s just one line in the
Postfix configuration file), so you can use email+site@domain.tld
as your
email address when registering to a website, that way you can tell who leaked
your address if you receive spam, and block emails coming from this address
if necessary.
I’m pretty satisfied with this setup and might start to migrate all my accounts soon.