stevegattuso

I'm a programmer who enjoys learning/talking about cities 🌆, energy ⚡️, (vegan) cooking 🍃, biking 🚲, traveling 🚞, and creating a more sustainable economy 🏴‍☠️. This website is an always-in-progress repository for documenting my latest ideas and projects.

Email

Considerations for maintaining privacy and autonomy over your email.

Why does this matter?

There are a few reasons you should care about where you host your email:

Picking a provider

I switched over to Fastmail back in 2014 and have been happy with them as a provider ever since. A few things that I’ve really enjoyed:

A major downside of Fastmail to be aware of is that it is based out of Australia, a member of the Five Eyes alliance and a host to some pretty draconian data privacy laws. Depending on your threat model, this may or may not be a dealbreaker. Proton Mail is a frequently-mentioned alternative that may be worth investigating. I haven’t tried them out yet because I’ve been happy with Fastmail, but if I were to start my search anew they would be top of my list of candidates.

An important feature to keep an eye out for when investigating providers is the ability to create one-off email addresses. Fastmail, for example, allows me to create email addresses like something@steve.stevegattuso.me. This allows me to create a unique email address for every service, making it a little bit harder for companies who sell my data to link my identity between services4. They recently released masked email which takes this a step further by allowing users to generate more anonymous email addresses and easily disable/block them. This is a great feature, but keep in mind it can be a form of vendor lock-in, as these generated email addresses are not as portable as a domain-specific email address like something@yourdomain.com.

Why not self host?

If you feel technically capable of doing so, you can and should do so! I’ve chosen not to go down this path due to the relative complexity involved in setting up and properly maintaining the suite of software required for a functional/modern email stack. If you’re brave and want to go down this path, docker-mailserver looks to be an interesting project to start your investigation with.

  1. For this reason I’d also recommend using an email address on your own custom domain name + never using a “Sign In With X” authentication option. Always sign up for accounts using your email address unless there is no other option. 

  2. See this post from John Gruber discussing some of the privacy dangers that can come arise from a problematic email provider and client

  3. Note that, since 2017, Google claims that they do not use the contents of your email to target ads. This sounds great, however there is nothing preventing them from changing this policy in the future. 

  4. This is a form of practicing digital illegibility