Liberate your e-mail pt.1

by on under email
4 minute read

Email

You and I need to have a serious talk about email. I have liberated my email and want to share the experience with you, so you are informed enough to decide whether you want to do the same.

The bad

Currently, the top 10 percent of all mx records mainly consist of Google, with GoDaddy in the second position, as can be gathered from these statistics*:

Mailserver Count % Of total
mailstore1.secureserver.net 22,989,327 2,53%
smtp.secureserver.net 22,984,706 2,54%
aspmx.l.google.com 10,141,392 1,11%
alt1.aspmx.l.google.com 9,878,764 1,09%
alt1.aspmx.l.google.com 9,800,303 1,08%
aspmx2.googlemail.com 5,607,263 0,62%
aspmx3.googlemail.com 5,477,548 0,60%
mail.b-io.co 4,449,479 0.49%
alt3.aspmx.l.google.com 4,121,725 0,45%
alt4.aspmx.l.google.com 4,057,221 0,45%

This is bad for a couple of reasons:

  • Neither Google, nor GoDaddy give a flying f*ck about your privacy
  • It’s centralization at its worst
  • Everything stored at a few parties, really?

Let’s walk through these arguments:

The first argument, privacy, should be obvious. Facebook is very hostile towards user privacy, but Google is even worse. Gmail is offered free of charge, since you are the product. You are an awesome human being - you deserve better. Way better.

And so do the human beings you exchange messages with! Perhaps you haven’t thought of this before, but with the usage of Gmail, you also made the choice for the other parties. Every message they send to you - a Gmail user - gets stored on the servers of the big bad G, only to be kept an indefinite amount of time. And logically, this also goes for every message you send to them.

The second argument, centralization, is against the design of the world wide web. It’s supposed to be a place to share knowledge, collaborate and to be used to heighten the efficiency of our daily lives. It sure as hell wasn’t meant to be controlled by a handful of commercial parties.

Furthermore, while perhaps convenient, it’s bad that a few select parties have a huge amount of data, that combined and intertwined is your whole digital persona.

The ugly

Email itself is an old fashioned protocol. It was never designed to mitigate modern threats, nor is it designed to be free of eavesdropping. While more and more mailservers use traffic encryption (TLS) to exchange messages, this is still optional.

A different initiative, GPG - allowing to encrypt the content of the message itself - has failed miserably, because it’s too hard to use for the average user. It’s easy to make mistakes, especially with frequent usage. And while it allows encryption of the message content, it doesn’t do anything about the metadata (to, from, subject, etc).

The good

Last, but certainly not least: this is not the end. It sure as hell isn’t too late. The tide can still be turned! And even easier: you can still reclaim the ownership of your mailbox and make sure that your privacy - and the privacy of your contacts - is still respected.

Mainly, there are a couple of ways that aren’t hard, to reclaim your inbox:

  • Host your own email server; probably the hardest, but also the most efficient. You could setup your own server at home, throw OpenBSD on it alongside with Dovecot and OpenSMTPd - or use a script like Caesonia to help you with the installation.
  • Go with a privacy friendly provider; much less of a hassle. Popular providers include Mailbox, Mailfence, Fastmail, Tutanota and Protonmail - with the latter two not supporting IMAP, POP3 and SMTP directly.
  • Get yourself a Helm; store your email in the comfort of your home without the hassle of setting and maintaining your own server. It does require setup and maintenance via a mobile app, uses Docker containers internally and is comes in at 299 USD and 99 USD/year from the second year site.

Closing thought

Over the next weeks weeks, I’ll be writing more articles and insights into liberating your mailbox, hosting your own server and reclaiming your inbox. Feel free to ask me for help, via mail (prefer to mail with non-Gmail addresses, haha) hello@h3artbl33d.nl, via Twitter or Mastodon.

Statistics about mailserver/mx usage come from securitytrails.com

email, reclaim, inbox, privacy