black and gray digital device

Transitioning to Mailbox.org to reclaim email privacy

Yes, you do still have control over your online privacy, starting with email. Learn about making Mailbox.org your safer email host.

It’s quite easy to feel hopeless in our digital age. It seems as though daily we are being told that our privacy has been compromised in new ways. But a few days ago I wanted to see how much privacy I could regain, and one obvious starting point came to mind: email. Let’s see why Mailbox.org is a better idea than the alternatives.

First off, ditch Gmail / Outlook

Gmail is a name we are all familiar with, and most of us are registered on it, with some of us using it as our primary email provider. Even if you don’t have an @gmail.com you likely have used Gsuite, their business offering, through an employer or university.

It got its foot in the door early on, and Google is a name that many consumers feel more comfortable with than, say Facebook (not that they should of course).

Over the years, it has matured into a professionally acceptable domain name. Yet with Gmail serving addresses from only one domain, the [email protected] handles are all but gone, leaving newer users with the joy of trying to find an alternative email address.

This often ends up being something like their name, followed by their birth year / graduation year. Those same years are often used in account security questions and passwords.

“Please send business inquiries to [email protected]

That being said, I cannot fault anyone settling for an @gmail.com or @outlook.com address. Using a custom domain with email can be tricky if you don’t understand how DNS works. Microsoft does make it easier for Office 365 subscribers to use their own email domain address, but GoDaddy renewal rates are staggeringly high for a domain registrar, and unfortunately Microsoft forces you to manage your domains through them.

There is, however, a catch to using Gmail for its free convenience.

Gmail’s wonderful, terrifying spam filter

Hosting my mailbox through Gmail was sensible in more than a few ways:

  • Gmail.com web client is slick, easy to use, and customizable
  • Secured with 2FA and SMS verification
  • Large amounts of storage available for “free”
  • AI Spam filter is unmatched, with a 99.9% accuracy rate

It’s true, I have not had spam ever slip through the cracks on Gmail. It’s always set aside in the Junk folder, and even better, Gmail can categorize your emails, and automatically pin important conversations to the top of the list.

When you hear “AI”, generally you should be concerned. Not because of I, Robot, but because AI must be fed data to become more accurate. Gmail is a “free” service, and whenever a service of great convenience comes “free” to you, you should be asking: At what cost?

batch books document education
Photo by Pixabay on Pexels.com

Sure, Google is a large company, and they could theoretically host email accounts freely out of the kindness of their hearts, but you may have glazed over the sixth word of this sentence. Google is a publicly traded entity, and has to be able to justify their infrastructural costs to their stakeholders. Gmail is not a donation service, it’s a data aggregation service, and you are their data.

A tinfoil hat? No I’m not wearing a hat, why do you ask? Sounds uncomfortable.

Seriously, this beautiful assorting of your emails and perfected spam filter is refined by the unimaginable amount of emails Gmail parses on a daily basis. The detection system improves again when those rare gems of meticulously crafted spam, that bypass the filter and land in your mailbox, are manually flagged by you as “Junk”.

Recently, this started to bother me. Sure, I’m just some guy with nothing exciting to hide, but I signed up for an email service — not to have advertising profiles created based off of the emails I exchange, or quite frankly any of the emails I exchange being read by someone outside of the intended recipients

Finding a new home for my personal email

I’ve consistently had my own email address @graysonadams.com, but the home of that mailbox has changed many different times, from popular website hosting providers, to self-hosted (don’t do this), Gmail, Mailgun, and a few more.

The perk of having a custom domain is that I can move my mailbox hosting around, but for my recipients, the email address has been the same for well over 10 years.

Now that I determined Gmail was no longer a safe candidate, I began looking into other options.

Goodbye Gmail, Hello… uh…

I did a lot of digging — honestly, to the point where I almost wanted to give up and just accept my Google-fate. There’s many email services that claim to protect your privacy: ProtonMail, Tutanota, Posteo, and FastMail are just a few name. Truthfully, they’re all great choices, and all better than Gmail for your privacy.

However, some come with caveats. At the time of writing this, the encryption method of Tutanota means you have to use their proprietary applications to access your mail. And respectfully, the UI design language of these proprietary apps seems to be that there isn’t one. I want something that is smooth to operate, has animations and convenience features, and is aesthetic, whereas these proprietary email apps are very utilitarian in practice.

ProtonMail is similar to Tutanova, but they do offer their “Bridge” software, which you can self-host to translate their protocol to IMAP/POP3, allowing the use of your preferred mail client. However, from my research, their Bridge component is notoriously slow. Email is inconvenient enough, and I’d rather not be bogged down by some middleware that does not operate reliably.

Mailbox.org steps up to the plate

Mailbox.org interface
Mailbox.org Logo

Their website is as utilitarian as Tutanota’s mobile apps, but the important difference is that they support IMAP and POP3 natively.

They also support PGP encryption at rest, through a service known as “Mailbox.org Guard”. This means that my emails can be encrypted upon arrival, as well as when they are sent out.

Mailbox.org has a strong stance on privacy, and while they may not have Gmail’s advanced, AI-driven spam filtering, they do still have spam filtering and I am willing to manually sort out some spam if that’s the compromise.

When I registered, their annual fee was only $15/year for 2GB of storage (which I feel is plenty) and 3 email aliases. Thankfully, they also support custom domain names, and so I was able to switch my email address to point to Mailbox.org and within hours I was receiving emails at my new mailbox, far away from the hands of Google.

There was one issue though: I didn’t wish to use their utilitarian web mail client to manage my mailbox. There are numerous benefits to native applications over web applications, and while that gap may be closing, the process of typing in a URL or hunting down the bookmark to log into my mailbox is unappealing, and I wanted something slick and familiar to communicate with.

The search for a better mail client

It should be noted that your email client is just as important as your email host.

Avoid email clients that have automated categorization / enhanced spam filtering, or use the word “AI”. I learned quickly and with great dismay that many of the best designed mail clients actually scrape data or have concerning privacy policies. There are even some that will request API access to your email account, which means they could access your mailbox even when you aren’t using their application. Should their codebase be manipulated by a hacker into something malicious, then your emails could be extracted too without you knowing. Very rarely should you ever grant a service full read access to your personal accounts.

Apple Mail is a fine mail client if I was not using PGP encryption. However, I needed PGP encryption on both iOS and macOS, and that’s when I found Canary Mail.

Switching to Canary Mail app

Canary Mail app
Canary Mail logo

Adopting the design traits of the Apple Mail application and expanding on them, I was relieved to find a programmer who not only understood the importance of privacy, but also the importance of UI and UX.

Canary Mail’s entire pitch is to protect your data by keeping their hands off of it. It does come at a one-time cost of $20 USD, but for me, it was worth it to support the development team of an app whose philosophy resounded with me.

Granted, paying $20 USD for the iOS and macOS app separately does seem a bit steep, but I will personally take that over the monthly or annual subscription models that many other mail apps seem to charge these days.

My new, official, secure email workflow

Mailbox.org encrypts every email in my inbox as it arrives, and lets me encrypt outbound emails if the recipient supports it.

Canary Mail locally decrypts those emails on both my iPhone and Mac.

If anyone were to hack my email, they would be able to read the subject lines, but the message bodies could not be decrypted without knowing my PGP password.

My Gmail now forwards to my Mailbox.org inbox, and while that does mean Google still can parse and record every email routed through that account, new communications had through my Mailbox.org account will not be gazed upon by Google’s automated data aggregators.

While my trust now falls on both Canary Mail and Mailbox.org, I do feel far more confident in their explicit mission and intentions than a company like Google, who at the end of the day is best known for their fantastic data aggregation.

Default image
Grayson Adams
Systems and software engineer in Atlanta, GA, experienced in developing web applications and managing both physical and cloud-based infrastructure.

Newsletter Updates

Enter your email address below to subscribe to the G. BLOG newsletter