Sending email is structurally unsafe. It’s like sending a postcard. Even if you’re using a desktop app and security certificate loaded, or a web browser with https (encrypted) to access webmail, that only means the data between your PC and the mail server is encrypted. Once within the Google, Microsoft or Amazon email server environment, there is little encryption at all. Govt spy agencies likely love it.
With the Ed Snowden and recent Twitter files revelations, we know big tech companies and the US govt have access to most things now, with emails the easiest elements to intercept in realtime.
But for normal business use it’s hard to go past Google Business mail from $10/mth. Easy to set up, reliable, great mobile app, loads of features and with amazing spam filtering too. MS 365 is another email hosting option for businesses, but I rarely recommend it for small business use.
What about ProtonMail?
For years some would turn to other email providers like protonmail for improved security and privacy, but even here private communications is only guaranteed if the other party is also using protonmail. By default, emails sent to or from a protonmail address, once outside their environment cannot be guaranteed as secure. The network between your PC and the remote recipient uses several paths where the data is unencrypted and able to be intercepted by bad players.
Are there better alternatives?
An alternative email provider we’ve discovered is StartMail. It’s from the people that developed startpage.com They provide a more private means of doing a google search (for free), with a chrome browser extention to improve privacy. This could be a suitable alternative to using Firefox or Brave browsers, assuming you’re not logged into your Google gmail account which automatically means nothing is really private. (We recommend you use Firefox for checking your startmail webmail and never login to your Microsoft, Google Services or others with this same browser.)
The StartPage email services are somewhat similar to protonmail, but easier to use with a better web interface. The $50/yr subscription for their custom domain option is well worth it. Their implimentation of PGP encryption is easy, for complete security. The use of encryption and keys for secure email between two parties is not new. We first used them back in the 90s, but it seems they are rarely used today, even though the need is now higher than ever before.
Selecting the email client software
Desktop email clients from Apple, Mozilla and Microsoft appear to connect fine to StartMail, although Outlook the most buggy since their IMAP implentation is hopeless, since they really want you to use their MS products. Only recently did Microsoft resolve their performance issues with gMail when connecting over IMAP!
What’s left then in terms of finding a safe, stable desktop email client? We used to recommend Thunderbird, although it’s looking really old and clunky now. One software that shows promise on the desktop is EM Client. It has a nice, highly customisable display with all the normal calendar, chat and video meet tools, comparing well with other desktop clients. Even those who use MS, gMail or other popular mail services could consider EM Client for desktop use, instead of Outlook.
For the security and privacy EM Client one of only a handful of desktop email clients that inherently support end-to-end PGP encryption, without the use of add-ons or complex processes. Reference I’ll do a separate video on the benefits and use of this.
The EM Client mobile apps also look nice and perform very well, although Android/IOS mobile is still in beta and missing some contacts, calendar and chat functionality. Note there are some tricks to setting up their desktop client which doesn’t automatically see the startmail server as it does others, but send us a note below and we’ll help out. I’ve asked EMClient to consider adding startmail to their default email server list in new versions.
Overall, Startmail email service + EM Client pairing appears a really nice modern-looking combo for those seeking better performance, security and privacy.
p.s. Also, to better hide who and where you are, running a VPN is a good idea, or preferably, a VPN router that covers everyone in your home or office environment. Activating 2-factor authentication (2FA) when you login to key services is another useful security tool. Most email services, website and hosting companies have a 2FA feature, although this method will soon be replaced with PassKeys meaning you don’t need a cellphone. (Will discuss this separately later).
More to come