I am ashamed to admit that I have been using O365 for email. I reasoned that I was familiar with the corporate O365 offering and figured it would be the easiest way to get started.
It was good enough at first but has steadily become worse over the past few years. From UX design that seems to change just because, to the “focused” inbox that decides which emails I need to see, I was becoming increasingly fed up. The final straw was when MS decided to unleash Cortana’s daily briefing, just in case I still had any shred of belief that they care about privacy. Enough is enough.
I had previously considered running my own server which on the surface seems nice when it comes to having absolute control. The downside of having to keep up on security and having your email server “trusted” by others can be either a chore or having to resort to a paid service anyway.
So I looked for an email service that provides a semblance of caring about privacy. ProtonMail in particular caught my attention for a few reasons:
- End-to-end encryption
- No logs
- Swiss privacy laws
- Open source
Setting up the account was very simple. You begin by selecting an @protonmail.com address. The next selection is encryption type: RSA (2048 or 4096 bit) or X25519. After that, I choose the Plus plan in order to use my custom domain and to have a few aliases. After entering credit card information I was signed up and taken to the account home screen.
The next step for me was to add my domain. ProtonMail has a wizard that takes you through the typical domain records setup. After entering the first TXT record for verification, it was only a few minutes before my domain was verified and I was able to begin creating addresses. I was momentarily confused because ProtonMail doesn’t use the terms “primary” and “alias.” Instead, you simply list all of the addresses that you want to have directed into the Inbox. I assume this is because your @protonmail.com address is treated as the primary address. However, you are able to “send as” any of your aliases. Each alias has an option for a unique “signature” for each address.
You are then able to continue with the setup and given the DNS records to plug into your host: MX, SPF, DKIM, and DMARC. You are given the typical warning that record changes may take up to 24 hours to propagate. My updates completed in about 90 minutes. I received a notification email from Proton and my domain emails began to flow.
While waiting for the records to update, I decided to set up two-factor authentication. The options offered are Google, FreeOTP, and Authy. OK, so two choices…
Authy is popular. But one of the first things I noticed is that they can store your tokens for you. Apparently this is a feature that can be turned off, but the idea seems broken on its face.
I downloaded FreeOTP and fired it up. FreeOTP offers a phone unlock code requirement in order to view codes in the app. This prevents someone from grabbing your unlocked phone and acquiring a code. ProtonMail gives you a QR code to scan within FreeOTP which creates the account in FreeOTP.
I also downloaded the ProtonMail app for the phone. My requirements are very basic and it has performed adequately thus far.
If you’re looking for a private email service I can recommend ProtonMail. My only regret is not switching long ago.