Additional [brief notes](notes.html)

# Brief Notes on Email

_If you don't pay for the product... you are the product._

Self-hosting email is one of the most painful things I've attempted in my
journey for privacy and security online.  IP reputation is simply something
that I'm not willing to pay for, in terms of time or money.

Of the cloud-hosted options, there are few good choices.

Gmail, Outlook, and Yahoo have excelent IP reputation and full suite of
features, but are products I avoid because of advertising and data collection.

I only consider services which:

1. express that privacy is a major concern
2. take measures to reduce provider access to content (such as client-side
   encryption)
3. have a reasonably secure reputation for reliability and customer service
4. can accept mail at my domain for at least 5 users (my immediate family)

I arrived at Swiss-based [ProtonMail](https://www.protonmail.com) in 2016, and
now use it for my family as well.  There are other fine options as well, but I
cannot reccomend any (which are still in business) because I have not used
them.

Features which I appreciate are:

- excelent IP reputation
- client-side encryption of mail contents
- key autodiscovery, supporting the very few other users who also encrypt mail
- local writing assistant (AI in the browser)
- an adequate (though not unlimited) limit for domains and aliases

It's not free (for my needs).  I have a Visionary account, though I could make due
(uncomfortably) with the Family account as well.  The key differenciator for me
is the number of domains, as the domain must be bound to the account to send
mail from it.  My use case is unusual though, and most people will be perfectly
comfortable with the free plan as long as they periodically delete old mail.

Generally, I appreciate what email once was, and despise what it has become.
Conveniant as it is, email should not be one's username.  I also get vastly
more unwanted email than I do legitimate.  Even amongst the legitimate email,
almost all of it is automated.  Correspondance from humans, or even relevent
(and appreciated) automated notifications make up a fraction of 1% of all my
email.

I am forced to keep up with my email inbox (the same way I keep up with my
physical mailbox), for fear of missing some renewal notice.  However, I will
never send anything of importance over either - as there is no expectation of
privacy in the mail (electronic or otherwise).  Almost all mail passes
unencrypted from server to server.

Even though I cannot have the level of privacy I want, I will continue to use
privacy-focused services like ProtonMail for as long as I can afford to do so.
I'm not a shady guy, but I still want privacy.

Furthermore, consider this.  The means to have completely private email has
existed for over 30 years, and the understanding of how to make it ubiquitous
and easy for consumers has existed for almost as long.  The overhead required
to implement these features has been greatly reduced, and even the smallest
client devices have been capable of bearing the compute burden of encryption
for more than 15 years. The reason we don't have email privacy is because email
providers don't want it.  For most of us, even the secure and respectable
providers will (or at least up until very recently did) use your emails to
better target ads.  Regulation helps, but they are not a complete solution and
they are not applied equally to all.

For long-term sustainability, it's important to rely on providers who, even if
they aren't perfect, have values that align with your own.