What should I be using for email?

Since June 2009 I’ve been using Gmail for my email, and I have to admit it’s been great. Really convenient, excellent searching facilities, available from anywhere. In terms of ease of use it’s a huge step forward from my old approach, using GNU Emacs’s “vm” package and manually syncing mailboxes between my desktop and laptop as necessary.

bootface_7608

But in light of the latest round of revelations of the NSA taking a giant-sized dump all over the Internet, that’s got to change. I need to take control of my own email. (And no, NSA spies, it’s not because I have something to hide. It’s because my personal correspondence is none of your damned business.)

But I have no idea what I should be using instead — it’s years since I paid any attention to MTAs, largely because Gmail has been so good. So can anyone tell me what I should be using?

Here’s what I need.

  • It has to be open source. Not because I won’t spend money, but because that’s the only way the code can possibly be trusted not to be backdoored.
  • It has to keep archives on my own computers, not on some other entity’s host.
  • It has to be able to build indexes of those archives so I can meaningfully search my email. (I assume I can keep both archives and indexes on encrypted partitions.)
  • It has to support PGP in the most painless possible way, both for signing all my mail and encrypting when sending to someone who I have a key for.
  • I want it to be usable both on my Ubuntu desktop box and my MacBook.
  • I want it to automatically synchronise between those two machines without my needing to do anything.
  • I’d like it to be usable from a mobile device, too, though I’m not sure at the moment how that could work.

Any suggestions? Recommendations? Warnings of what to avoid? Have I forgotten anything?

overly-attached-NSA-girlfriend

29 responses to “What should I be using for email?

  1. One thing I think you should add to your list of requirements is longevity – you don’t want an email host that goes bust in a year, and starts you down this path again. That’s obviously difficult to measure beforehand, so I judge it on how long they’ve been around so far.

    I switched from Gmail to Fastmail (https://www.fastmail.fm) about two years ago and I’ve been fairly happy there. Minimal downtime, good web interface, reasonable pricing. But they’re also located in New York, so probably not great for privacy.

    I think I may end up switching to a Swiss provider. Their laws aren’t perfect, but they seem better than most other countries. ISPs have to keep all email for six months in case a judge issues a warrant, but otherwise their privacy laws seem pretty robust. (http://www.swissinfo.ch/eng/archive/Swiss_log_on_to_email_surveillance.html?cid=3243688)

    There are quite a few Swiss email providers, but I haven’t done much research into who I might switch to yet. I’ve heard good rumblings about MyKolab and Bluemail, but I haven’t done the reading.

    All of which is a roundabout way of saying that I think you should probably look at a Swiss provider. I’ll be following the comments here and thinking about this myself, so I’ll follow-up if I can make a choice.

  2. Well, Alex, if I were looking for another email provider, then I’d take your advice and look into Switzerland. But I want to be more radical than that, and run my own mail system (probably putting the MTA on an always-up server that my employer, who I trust, maintains). There is a very fundamental problem with webmail, which is that it can only do public-key encryption for me if I tell it my private key — which would mean it could decrypt my messages. That won’t do at all.

  3. I’ll give this a more thorough read in a bit but first off —

    Why are you concerned what the NSA is seeing in your email, if you weren’t concerned over what _google_ was doing with your mail? If you were concerned over privacy .. why didn’t you run a mail server at home? (its not too hard to set up .. I’ve been running one for 15 years now on BSDs and Linux machines.) You can get a virtual hosted linux box or run a raspberry pi or beaglebone black, and have some fun learning those environments while you’re at it :)

    Not to mention that email is itself generally spread in _plain text_ across the pipes, so even if you do host your own super private mail service, any correspondance outside of your own sphere will be read by the NSA anyway…

    I’m fairly careful, so I run my own calendar service (a caldav instance of some sort), a mail service (nothing fancy), a wiki, a blog, etc.. keeps ownerhsip of content clear, gives you some control.

    The con of course is maintaining this stuff; running any one service is usually not too hard, and if you’re using any half modern system such as a Debian or BSD you can get auto-updates so you donmt’ get too far behind with patches; but even then, even worrying about patches, or worrying about attackers .. it wears on you. I have set up some services so if unknown IPs hit ‘honey pot’ ports on my system, it bans them. Heck, run your own www-cache but on an alternate weird port#, and if someone hits port 80.. ban them, etc. You can do a lot of fun. But _having_ to worry about that gets to you.

    So you can take on a bit of work, learn some stuff.. and very low cost (an r-pi will run on pennies a day, plus a hard drive if a 32GB SD card is not enough space for you).. but are you willing to take on the effort? :) And the NSA will still get their fingers in, monitoring the actual bits in and out.

    At least in such a case, you get to make them work a bit for it.

  4. I wouldn’t suggest going with syncing between machines (or using one data pool from multiple machines); those are frought with dragons. (ie: using a NAS between two computers, and having Thunderbird watch it.. what if you leave two instances of your mail reader on both?”)

    The question is .. do you want to run a mail server (somewhere), and a mail client on each of your devices? Thats not hard to set up (I and many can give you pointers.) Then you can just point your calendar, email, etc at your own services, and away you go.

    No sync problems, etc.. you’re just accessing the remote (in your basement, or on a trusted friends place, a Amazon instance with encrypted virtual disks, whatever). Indexing and search is dependant upon the server and client, just like any other mail.

    (be nice if gmail would let out their source, for the UI but ah well; there are probably similar ones.)

    Myself, I use alpine (a text console reader) since its lightning fast and I’m very accustomed to how it works; Thunderbird in a pinch whenm I want to feel modern and have pretty looking mail . Both talking to the same mail service in my basement. Calendar I have a web based calendar up, so folks can you use their computers, their phones and tablets, or just hit up the web page to get it. Great stuff.

    Hell, I can give you an account on my boxes, if you trust me any more than the NSA (though I’m in Canada, so a bit of latency perhaps :P)

  5. Mike – oh dear, your avatar got older :O

  6. As Jeff says, although I also run my client on my mail server. That way I’m using Mutt straight into a Postfix Maildir. Can’t get any simpler than that. Hardest bit was setting up sending mail (OpenDKIM and SPF).

    – All open source
    – Archive (backup) wherever you want (I use Tarsnap). And as Jeff says your mail server doesn’t have to be a remote machine, it could be in your basement.
    – Notmuch for indexing and searching
    – GPG is _fairly_ painless
    – Use from any device (including mobile) that supports ssh
    – No need to sync anything

    I’d also suggest taking a look at this though: https://github.com/al3x/sovereign

  7. This ticks all the boxes. Just saw this this morning. Crowd sourced (already fully funded with a few days to go) and open source…

    http://www.indiegogo.com/projects/mailpile-taking-e-mail-back

  8. Jeff understandably asks:

    Why are you concerned what the NSA is seeing in your email, if you
    weren’t concerned over what Google was doing with your mail?

    Well, there are two things to say here.

    First, I’ve been concerned about Google’s omnipresence for a while, so
    that the NSA’s apparent access to my stuff becomes one more straw
    that’s pushed me over the edge.

    But more fundamentally, I made a bargain with Google. I signed up for
    Gmail, allowing them to look at my email for the purposes of targeting
    ads, in exchange for a convenient service at no financial cost. But I
    never made any bargain with the NSA. I never gave them permission,
    like I did with Google. But the bastards just rode in anyway. It’s the
    difference between inviting a friend round to my house and having a
    stranger break in.

    Not to mention that email is itself generally spread in _plain text_
    across the pipes, so even if you do host your own super private mail
    service, any correspondance outside of your own sphere will be read by
    the NSA anyway.

    Well, that’s why PGP has to be part of the solution.

    But even then, even worrying about patches, or worrying about
    attackers … it wears on you.

    Yes, absolutely. This is the real issue. Pulling out of Gmail is going
    to cost me serious time, effort, and emotional investment. It’s going
    to give me a new and tedious thing to think about, not just once, but
    on an ongoing basis. That’s why I’ve stuck with them for so long.

    I keep hoping there’s a Debian distribution that just Does The Right
    Thing.

    The question is … do you want to run a mail server (somewhere), and a
    mail client on each of your devices? That’s not hard to set up (I and
    many can give you pointers.) Then you can just point your calendar,
    email, etc at your own services, and away you go.

    That could be a fallback solution. But I prefer having archives of all
    my mail locally on each machine, so I’m never isolated from my email
    when offline.

    Still, I guess the single-server and no-access-online model is what
    I’ve been using with Gmail, and that’s not been too much of a
    hardship.

    oh dear, your avatar got older

    Well, it’s reflecting reality :-)

  9. To me, the most important thing is to get your own domain name, so that you can configure your MX record to point to whatever mail server you choose.

    Concerns about a mail provider going bust are significantly reduced, if you can switch from one provider to another without having to change your email address.

  10. I run my own IMAP server (cyrus) and SOGo for calendar and webmail. Email on iPhone and Android is fine, no need to manually sync (the days of POP are long over). Calendar synchronisation also works with Android and iPhone, even calendar delegation (so my wife can see my calendar).

    Searching. Well, IMAP supports search on the server, so not all is lost, but Google is probably way better at this (I don’t really use gmail).

    Debian/Ubuntu has packages, but I guess most other distros also (SOGo has updated debs, which I prefer over the ones from Debian testing)

  11. Good point on domain-name, jdege. In fact I do already have that — miketaylor.org.uk — and my academic email address, dino@miketaylor.org.uk, is on that domain. But at the moment, that (like my word address mike@indexdata.com) is forwarded to my Gmail account.

    la23ng, when you say “no need to manually sync”, do you mean because everyone is always online?

  12. I’ve also been thinking about setting up my own MTA, but the more I think about it, the less sense it makes.

    According to the recent leaks, the NSA isn’t just snooping your stored mails, but also traffic between nodes, which means that your emails are still being read, and your efforts have been in vain.

    Chances are that 80-90% of your recipients are on hosted solutions, gmail, hotmail (live or whatever), so your messages are indexed, and again .. In vain.

    The real problem here won’t go away until email is either transformed into an end-to-end encrypted solution, or something else takes its place.

  13. Again, Jimmy, the answer is PGP. The reason to run my own MTA is that there’s no secure way to use PGP with a solution hosted by a third-party, since you have to give them your private key to sign the email with.

  14. Hmmm. First of all, I don’t use webmail at all, just the stock email clients on iOS/Android.

    Syncing email has been a non-issue for me. When I read email, I am typically online (because I just fetched it), and IMAP syncs the read flags, so I won’t see it as read on another account (iOS probably buffer these requests and retries them later).

    The normal iOS IMAP retention period also work well for me. Say I am on my way to an appointment, but forgot the address, which is in the email, and am offline. This happened a few times and every time the email was still on the phone.

    Your mileage may obviously vary, but things worked fine for me even when I didn’t have a 3G flatrate.

  15. IMAP is server hosted, so there is no sync per se.
    POP3 is ‘pull mail’, pulling it to client.

    (You can of course pull from an IMAP server, or pull and also leave it on a POP3 or IMAP server, but it gets messy imho.)

    I’m a fan of leaving it on the server (which is my own box in my basement); I ssh in for most of the funcitons of the server, but can also “NX” or VNC in for remote desktop options (which is very handy.) Mail, calendar, and multimedia serving as well .. run ‘ps3mediaserver’ (which isn’t just for ps3 anymore) or offer some smb or nfs disk mounts out, and your iOS/Android/Xbox/PS3/computers/etc will now be able to browse family pics, music, video, etc.

    Another option is a raspberry pi (say) running raspbmc or one of the pure debians; raspbmc is a nice little media player (plug it into your tv, and into ethernet or wifi, and good to go) and also has some minimal server options; it’ll share out smb mounts happily. I use a media player on phone and such .. so using the treadmill or whatever video or music form the network, and when sitting with babies at night and they’re having trouble staying asleep .. watch video too :P

    So there is a value add to running a server, in addition to replacing your existing services. (I like not depending on anyone, and the ongoing mental tax is not too bad most of the time.)

    Run a simple hardware router as your ISP connectivity, and put a good custom firmware on it (Such as Tomato or Open WRT or whatever), which gets you a pretty hardened surface outright; very minimal visible footprint, and map in only services you wish. Then plug your server into it, and optionally any NAS disks you might want for additional house-wide storage (such as a DNS-325 ‘toaster’, which can have 2 disks plugged into it; it can RAID1 them, or one big disk, or show 2 disks out, to everyone on your LAN (or as few peopel as you like, etc.)

    So .. a r-pi or even a Intel Atom or some low end machine as a server for mail, calendar; a beefier one if you want live transcoding/streaming video serving. A NAS for large storage if you need; good to go. This is a great way to re-use an old machine .. if you’ve got an old desktop from years ago, it coudl make an excellent server.. chances are, your needs are little (for now.) However, older machines eat some power .. running a little Atom or r-pi in a little case in the basement will barely tick on your hydro bill. I also like very quiet .. no big noisey fans.

    The configuration is trouble of course, but its only bad for a few days, and is not too disruptive; you can set it up with only time cost, without breaking your gmail; at some point you can set up ‘fetchmail’ or any number of ways to get mail from gmail to your home box; ie: the home box can pull it, or you can set up a forward at gmail (I think.) Then you can point your mail client (and you’ll try them all, trust me) at your IMAP or POP3 server until you get it right; eventually you can turn off gmail, and advertise your new mail address.

    Using your own domain is 100% the way to go; very cheap as you know, and gives you control in the future; if you’ve been forwarding to gmail, woudl have been handy to have used your non-gmail addresses over time, and then just use gmail as the reader, so people would already be using your own domain .. but if you’ve been passing around the gmail addy, you’ll have to get everyone over eventually. A bit of a nuisance, but not too bad. (people using your ‘old’ gmail addy will still get through, though, so no mail lost. Never lose mail, ever .. I’ve not lost a piece in 25 years :)

    Sorry for rambling; no coffee yet :)

    Start with defining your phases and services; email day 1, calendar (?) day 2, media server day (n); mail server.. do you want imap? pop3?

    I use a mail store of 1 file per save-target (using email name as the target); one file per person, with thousands of emails inside of it; machins nowadays have plenty of cpu and ram, so no problem. Backing it all up to NAS with a cron job is trivial; if you want to back it all up while on the road .. use fetchmail or an scp or the like cronjob to pull to your laptop fully as well, but in general.. I just assume connectivity, but your mileage and requirements are likely different.

    After you’ve jotted down your requirements and which services, you can figure out a matching solution.

    If you don’t want to run your own services, theres probably some options as well; I don’t mean to ‘over pitch’, though; running my own services is second nature to me, but that doesn’t mean its right for everyone.

    Theres also ‘owncloud’ and personal cloud type setups.

    These days, its a big concern of everyone.

  16. Gmail (via IMAP) works well with PGP/GPG.

    The problems with PGP and email is that it’s not exactly easy to setup for your average user, and even when setup it’s not exactly transparent.

    Furthermore, if you send an encrypted email to someone, and their software/provider automatically decrypts it and then stores it as plaintext on a hosted solution, you will be indexed, and your efforts have been in vain.. again :)

    We almost made a good solution in Denmark, with a nationwide digital signature, but then “someone” decided that Nets, who runs N3MID, will retain every users private key on their server, and all i got was this lousy OTP keycard :)

    I’m beginning to think that the only “viable” solution is an end-to-end encrypted, peer-to-peer protocol, i.e. how Skype and Facetime _used to_ work, and to some extent how iMessage works today.

    It might make more sense to setup your own private Jabber server, hand out a few TLS certificates to whomever you wish to communicate securely with, and leave email to Google for the “non sensitive” stuff :)

  17. I’ve been a fan of web-based email since the first time I used web-based email.

    But I suppose the state of spying my require that I change that position eventually.

    Mike, if and when you do make the switch, could you let us know on your blog? Maybe post occasional updates about how it’s going? I’d be interested to read it.

    Thanks.


    Furry cows moo and decompress.

  18. Yep, I’ll blog my way through this.

  19. I have hosted my own domain for 15+ years, partly because I can (and learning by the process), partly because I didn’t want to be dependent of a service (beside the ISP). Current using the following setup:

    MTA: postfix using Maildir delivery
    IMAP server: dovecot 2
    Web mail: roundcube (use only for emergency)
    Clients: Mail (OS X, iPhone)

    The server is debian wheezy distribution. Was running on small 500-1000 MHz machines, now a VM on a Mac Mini.

    I run a simple synchronisation job (csync2) to a backup machine and is using ucarp to switch an master IP between them.

    Searching on the Mac is okay. Subpar on iphone if you use a lot of folders.
    I have used signing from the Mac. Encryption should be possible, but I haven’t tried it. Then again maybe there is backdoor in Mail, so maybe mailpile is the solution to that.

  20. Debian as well; I commonly use..

    MTA: exim4
    Clients: everything under the sun, including an old Atari ;) yay for standards!
    IMAP: uw-imapd (IMAP2 protocol) – University of Washington IMAP server
    Calendar server: davical (which is ical so works with OSX, mobiles, etc., and includes a web CGI as well)

    jeff

  21. One other option, the one I’m currently using, is to handle encryption locally and then send via gmail (or whomever). Thunderbird has the Enigmail plugin (https://www.enigmail.net/home/index.php) to facilitate that process. It’s definitely the cheapest option in terms of time investment, and since the plaintext never leaves your box, privacy is pretty high.

  22. ashevillebeards, surely in that configuration Gmail can’t index your mail, so you can use Google’s searching facilities. Which is 90% of the reason to use Gmail in the first place.

  23. Yeah, true. Acceptable downside for me, but you did specify that fast searchability was a major criterion.

  24. Mike, PGP does NOT solve the NSA problem. The one thing we know the NSA has been doing wholesale is scraping mail *headers* from net traffic, and regardless of whether you and the person you correspond with encrypt your mail, if it is sent with SMTP, the headers, especially the from and to addresses, and of course the IP address of the SMTP server if that’s physically where you are, are in plaintext.

    Also, although you weren’t the one to suggest a Swiss mail host, I’m not sure that gets around the problem either. The question is whether the packets go through the US on their way from country A to country B. I’ve heard they often do. You could try some traceroutes, but then, routes change over time. You could use TOR, but do you know how to configure it to always pick the last intermediary such that the plaintext headers don’t go through the US?

  25. Well isn’t this interesting? This time, even Google is mad:
    “We [Google] are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.

    A Yahoo spokeswoman said, “We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency.”
    Apparently, PRSM, and the other legit-but-shouldnt-be spying programs aren’t nearly enough for the NSA. Well I mean I guess that makes sense–they’re whole business is spying after all.

    So.. yeah.. it seems the NSA might also have built a back-door into Google’s and Yahoo’s data center-intranet-clouds… you know.. where there’s no encryption
    http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html

  26. ack, that had a couple bad typos. Too late to edit though.

  27. If you leave another comment saying what typos you want fixed, I’ll make the changes, and delete this comment, you last and your next.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s