https://proton.me/ Are worth a look at. The allow custom domains and I believe have IMAP support. Additionally they encrypt everything they store so are very good from a privacy side (at least as far as you can be private using email).
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
They only sorta provide IMAP. You need to run Proton Bridge on your computer and that program will connect to their service and provide a local IMAP connection to your mail app of choice. It’s all a bit hacky but works well enough.
That's a sign that they aren't goofing on the encrypted part. If done right, they can't decrypt your emails to hand them over on IMAP, so a bridge would be necessary to decrypt on your equipment, then hand off the decrypted mail to your IMAP client. It's nice they offer that solution.
What’s the point with emails that were transmitted unencrypted over the Internet right before that? It’s like sending a post card via mail and then putting it into a safe at the receiver's side. Sure it’s secure there, but that’s entirely pointless.
I wouldn't say it's entirely pointless. You are correct that by the nature of email proton has to be able to read it in transit, there's no avoiding that, it's how email(and SMTP specifically) works. But what it does mean is that proton can honestly say it can't read emails once they move beyond their edge systems. Personally, I don't use email for anything critical or sensitive without additional encryption.
It's true that there's no point when emails are unecrypted in transit, but when sent to other Proton Mail users, they'll be end-to-end encrypted. Additionally you have the option of not sending the email content itself, but rather a link to the encrypted contents.
It's a sign they use non-standard tech and lock you in progressively... while touting encryption at rest as a big advantage, when it doesn't mean anything for email.
The Proton bubble is one evil acquisition away from bursting.
It's a sign they use non-standard tech
Is there actually a standard tech for end-to-end encryption for emails? Because if not, then I don't see what other option they had.
There is, it's called OpenPGP. GnuPG (GPG) is a popular implementation of the standard and many email clients integrate with GPG or implement OpenPGP directly.
To achieve E2E encryption you need to generate a public/private key pair, exchange public keys with the recipient, and then you can encrypt a message that can only be decrypted and read by them.
To simplify the exchange of keys there are keyservers such as keys.openpgp.org where people can publish their public keys in advance. There are many keyservers and they usually replicate keys among themselves. So when you want to email someone and use E2E your email client can look at the closest keyserver and see if there's a key for that address already there.
This approach to E2E is called OTG (On-The-Go). An OTG method can be applied to any insecure channel not just email.
This is very different from what Proton or Tutanota are doing. They encrypt email at rest while on their server and force you to use non-email protocols when you talk to their servers (instead of standard IMAP/POP/SMTP), but they have no control over messages while in transit to/from other mail servers. Their connections to other servers may or may not be encrypted but if they are it's only point-to-point for each hop, not E2E. And most other servers do not encrypt email while at rest there. So while email can be called reasonably secure between you and Proton/Tutanota servers, it stops being secure if you actually want to talk to someone who's not on them.
To achieve secure email, pick your poison: you can try to convince other people to use an open standard & open tool & open keyservers, or you can try to convince them to use a proprietary server & proprietary tools.
Protonmail lets you use PGP
I use proton for my domains email too, but consider that their integration with other services is pretty bad. I haven't found a proper tool for calenders sync, and email sync with thunderbird or other clients requires a extra app.
The pro of choosing them is that you get all their services: VPN, password manager, storage, calendar.
They are great, but much more expensive which was the issue. PurelyMail are the cheapest option.
mailbox.org
I moved to this from tutanota so I could have IMAP. No complaints.
I like the GPG encryption option they have as it's basically what I believe tuta does to their mail by default
I've used zoho before years ago, it's pretty good. I currently do use proton personally as it has a good mix of stuff, including a VPN.
Just adding that the base level is free up to 5 users is you want to sample it a bit before paying for more features.
Zoho is great, especially for OP's use case where they want to manage multiple mailboxes under the same domain. The Zoho cpanel can do all that.
Also Ive never had my outgoing emails rejected.
Can vouch for Zoho. Cheap and realiable if one doesn't need encrypted stuff.
Been using Zoho for years, cheap and reliable.
Migadu, postale.iO, mailbox.org, mxroute
Second mxroute, I got their black friday deal last year and I've liked it.
BF deal is live right meow -10GB, unlimited users/domains, 300 email sends an hour, for $10/year.
I don’t need it, but I’m thinking about buying it anyway.
I've had a great experience with Migadu.com. if your use case is many domains/aliases with light use, it's perfect.
I'm also in the process of leaving Gandi and I've written a post about it here.
If you're ok with leaving your domains and nameservers at Gandi you just need to edit your DNS records and point them to another email service.
Migadu and MXroute work like you described, one account, multiple domains and mailboxes, they charge for what you use (mails and storage) not mailboxes. They will give you the DNS records to add to your nameservers.
You can use imapsync to copy your mail over to the new mailbox.
Check what it will cost to renew your domains, I had a surprise there too.
You can also transfer domains to another registrar, which may offer a free mailbox with it like Gandi used to do.
There are also other options, like using external nameservers. You can do any combo of domain registrar, DNS service and email service you want, ranging from having them all at one provider to using a different provider for each.
mxroute is currently offering a 10GB lifetime account for a hundred bucks US. One time fee.
Iirc netcup offers this too, with additional groupware.
Been using Tutanota for a year now. Never had a problem
Professional Business Email by Namecheap, Inc. €13.69/year (now €10.02/year with coupon).
I use Migadu, they put restrictions on the number of incoming and outgoing emails, not the number of domains or addresses, it's not as cheap as the ones you've mentioned but per year it comes pretty close.
https://purelymail.com/pricing
$10 per year, single email can handle another plan option that is around $5 per year, with $10 minimum payment and 30 day free trial.
How hard is it to host your own mail server? From what I can see it look pretty much top tier
I’ve been running my own mail server for about 15 years now… Let me offer some insights.
- Its used by me and the family, so I do have other users who expect things to work.
- I used commodity hardware, with a Linux host (and guest).
- the mail server runs in a VM, so it is trivial to: stop, copying the VM to USB, restart.
- Maintaining uptime isn’t too bad, but when the mail server goes down, you need to get onto it quickly. I’ve had power supplies fail, HDD’s fail, memory fail.
- If you should happen to be out of town when a failure occurs (I’ve had this twice), then the server stays dead until you are back. That does not make your users happy. If its more than 4 days, then the SMTP standard says email is lost.
- There have also been a few software issues with Zimbra (my current tool) - the stats daemon filled the disk, the upgrader broke permissions all over the place multiple times. Each of these requires time to investigate, research online etc. Snapshotting is awesome! Right now I have a problem where the VM disk file is growing, but the space used inside the VM is not. I have zero’d out free space and compacted the VM but don’t know why it is happening yet. More research needed.
- You will learn to hate blocklists. There are many, and there are meta blocklists. You have to watch them because at any time, you will be added and your email will silently get dropped. Sometimes the blocklist trashes whole subnets because of a single actor, sometimes even more, and so you will get included due to other bad actors. Getting off a blocklist is hard… you send emails, you fill in web forms, you look for a contact details, you wait… Then some number of days/weeks later, you are off again.
- You have to learn DKIM, SPF, DMARK, managing DNS etc.
- I used to use self-signed certs and live with the warnings. Now I used Lets Encrypt, which is awesome!.
- You can try to get reverse DNS working, but that’s up to your ISP (who usually don’t care, so good luck). No rDNS can be viewed as bad by email recipients so your spam score starts at >0.
- If you run it at home, you will be part of a block of IPs that are known to be home users, so your spam score starts at >0.
- I’m lucky in that I run it on a spare public IP address on my server housed at work. But that will need to change soon.
I started using native Linux mailboxes, later added roundcube (web UI), investigated Mailinabox, but now use zimbra. That gives me calendar/contact sharing, email/calendar/contacts to iOS devices (which is the main way my family get email), and lots more. Moving data from one to the other took a couple of days of effort. (Yeah… I know its supposed to be trivial, but its not when you include tool research, testing, execution one at a time etc).
Bottom line - you will learn lots, you will lose many weekends and sometimes a weekday here or there as you try to handle emergencies, it will never be set-and-forget.
My original rational was learning, privacy and my own domain and nicer looking email addresses than john1234@gmail.com. I’m looking for an online alternative as its time to lighten the load, but I have a lot of services that we use in Zimbra.
Good luck with it!
I forgot to mention - spam isn’t too bad with a well trained SpamAssassin.
Plus you will need to learn your virtualisation tool really well because of all the networking routes required and operating it on the command line. VBoxManage is your friend, but its just not friendly.
From a security perspective - I did everything in Linux, and only opened the required ports (plus ssh, which I moved to a random high port number). I have auto-update on for security patches, but NOT for regular patches (because Zimbra tends break things, so you need to snapshot first).
If you want to make sure people get your emails, and you don't want to deal with constant spam issues yourself, I'd recommend not running your own.
I've done it, and I do not recommend it if you actually plan for people to receive your emails.
I managed to adapt for about 95% of mail servers to accept my mails, but it was a lot of work. I'm pretty sure some of those measurements are intended to discourage people from self hosting.
It took me around 4 hours to get to that point, and sometimes my mail would still go into junk, especially on gmail inboxes.
You were way faster than me 😂
Gmail worked for me, but some bigger German providers just refused to accept my mail. I used a website that tested the server config and gave hints how to proceed. That was incredible helpful.
You apparently easily get your emails stuck in spam filters if you self-host. Also, you'd need to have 100% uptime for this to work as intended, not particularly easy in my situation.
The hard part is getting a a host that allows the ports, a “clean / private” static public IP and a matching reverse lookup record for it.
Email servers and spf / dmarc / dkim are not that hard to setup. There is still going to be a “trust” period for some spam filters but if you did everything else right it isn’t too hard other than in bound spam filtering.
iCloud Plus if you don't care kids in Africa and would like simplicity.
Update: don't beat me guys I'm using Proton 😢