Replacing Gmail with Mailbox.org (and calendar and docs too!)

0

Full article

Google provides some amazing tools, but at what cost to our privacy? One of the biggest blockers in eliminating the grip Google has on me has been to find a reliable and affordable replacement for email (and hopefully, other tools we tend to lump in with it, like calendar, documents, tasks, etc).

I used ProtonMail for about a year, but the free version is very limited (3 folders/labels, no filters, broken contacts design), and the paid version at $5/mo is more than I want to spend on just email. They keep promising a calendar, but even when it rolls out it'll take awhile to iron out the bugs, and they offer none of the other services Google does, paid or not.

Setting an address for your contact is a "premium" feature in ProtonMail ๐Ÿคจ

Then I discovered Mailbox.org, another email provider that values enhanced security and privacy over serving up ads. After spending the last week getting it setup the way I want it, I think I've finally found my replacement for Gmail et al.


Getting Started

Register for an account and off you go.. easy peasy. Once you're in, click the gear icon and change your features. There's a nice little slider to increase mail and cloud (document) storage, and it shows what other features are enabled to. Pay is "as you go", and there's quite a few options depending on just how much of a geek you are... or what your privacy requirements are.

As you can see, I have a whopping $2 in my account, good for 2 months of basic usage. The free 30 day account ain't bad for trying it out, but hey I'm rolling in washingtons over here. ๐Ÿ’ธ


Using Your Own Domain

Setup is far easier if you just use the default mailbox.org domain, buuuut.. I love to complicate things. Seriously though, after changing gmail.com to protonmail.com and now to mailbox.org (and being realistic that I may want to change services again someday, and since I already have a domain for this blog), it just makes sense to make this the last email address change I'll ever have to make.

Mailbox.org provides a detailed doc on setting up e-mail addresses for your domain. You'll definitely have to be comfortable configuring your own domain setup, but it's not that hard if you're willing to do some research. I can only share what I do personally.

My domain name is currently registered with Namecheap, which I configured to forward all traffic to the DigitalOcean nameservers, where I host this blog. Everything (web traffic, emails, etc) goes through Namecheap to DO, where the actual config is done.

The first thing you'll see in Mailbox.org when you try to setup an alias to your own domain is a warning telling you to add a TXT record to your DNS settings. They have to do that to verify you have access to the domain, otherwise anyone could claim any domain for their own. That would be Bad.

After you've proven you're the owner, you see this instead. Now you can add some MX records to your DNS settings, directing all traffic from (in my case) DigitalOcean to Mailbox.org's several servers (note the "priority" setting). ๐Ÿข๐Ÿข๐Ÿข๐ŸŒŽ

But wait, there's more! ย You may have proven who you are to Mailbox.org, but that's not enough for other providers like Gmail, who will mark your messages as possible spam and unceremoniously dump them in the recipient's spam folder. Fun.

To fix that, you need another DNS entry. It seems that every problem in the world is fixable with one more DNS entry. Use a tool like this one to check for an SPF record - if you don't find one, you need one, and you can find instructions here.

Let that take effect, then check it with the website again, and everything should be much greener and happier. Either this tells Gmail how to check Mailbox.org to verify you, or it causes Mailbox.org to attach some meta data to requests that Gmail uses, or... whatever. I don't care, my stuff ain't going to spam anymore. ๐Ÿ’š

Here's my full DNS records, which might help someone. Not sure why the bottom 3 NS records are in there, but I think they were there by default so I'm leaving 'em. There's also a reference in their docs to adding a record for DKIM, but that doesn't seem to be necessary... maybe I'll revisit it later.


Syncing Mail, Calendar, Contacts, Tasks to Your Phone

I found an app called DAVx5 that lets you sync your calendar, contacts, and todo items, and in practice it seems to be working well so far.

Install DAVx5

  1. Disable "battery optimization" per the app's suggestion, and allow the app to run in the background, otherwise I don't see how it'll allow updates.
  2. On the right bottom, press the orange "+" symbol.
  3. Choose โ€œLogin with URL and user nameโ€.
    base url: https://dav.mailbox.org
    user name: your mailbox.org primary email
    password: your mailbox.org password (not thrilled with having to supply my password instead of a per-app code where permissions can be restricted)
  4. Give the name an account if it prompts you (I can't remember..).
  5. You should be prompted to allow certain permissions, like calendar, tasks and contacts. Might as well, otherwise it probably can't do what it needs to do.
  6. You should see CardDAV (for syncing contacts) and CalDAV (for syncing calendars and tasks).
  7. Choose the folders to sync.

Test mail

When I used the default "email" app that came with the flavor of Android running on a Huawei phone, it automatically sync'd up with emails based on whatever magic DAVx5 does. After changing phones and losing access to whatever default app that was, I changed over to BlueMail and really like it.

You'll have to enter your email and password, but according to BlueMail, that data never lands in BlueMail's hands, nor do emails land on their servers.

  1. BlueMail uses SSL, STARTTLS and OAuth enforcing certificate check by default.
  2. BlueMail sends and receives emails directly to and from the user's email server.
  3. Passwords are never transferred to the BlueMailโ€™s servers.
  4. Emails are never stored on BlueMail's servers.
BlueMail to Announce a Secured Solution for Android Devices
BlueMail to announce a secured solution for Android devices

Also, Apple appears to be screwing BlueMail over, so that's pretty weird.

Test the Calendar and Contact apps

You should be able to use the Google Calendar app like you would for any other calendar, instead of the ugly default Android calendar app. Create an entry on Mailbox.org, let it sync (you can set that in the mobile app), and make sure it carried over. Same goes for contacts too...

Don't forget to go into the Google Calendar app settings (if you use it) and uncheck the calendar built into Gmail, otherwise you'll have two personal calendars showing. Unless you want that. Whatever. ๐Ÿ™„

About Tasks...

I use Trello and have no intention of using Mailbox.org tasks, so I'm not sure if the above tool integrates tasks with whatever is built into Android or not. You might have to find a separate tool like OpenTasks (note, I have not used that tool and have no idea how or if it works).


Other Features (disposable addresses, security, etc)

They also provide a bunch of other awesome sauce right out of the box. I've pondered just what the heck ultimately happens to our digital life, and so have they apparently. I don't know how they confirm my death, but presumably once they receive a request to release it, they can (at your instruction) grant it or delete it. Not sure how it'd hold up in court, but it's interesting.

The built-in disposable addresses are awesome as well. I spent a few hours porting my online accounts to my new email, and closed quite a few that I hadn't used in a long time. That is an incredibly painful and frustrating experience, especially when there's no obvious way to even close the account. So, at the very least, I spun up a disposable address, changed it in those services and confirmed it, then deleted the address. At that point, they're effectively dead to me. ๐Ÿ‘

While enabling 2FA, I noticed this message. Since SMS is the least secure way to 2FA (and also won't work if you go outside your coverage area), I was actually glad to see it.

So far I'm super happy with this service, and consider $1/mo a steal for an ad-free, creepy-dig-through-my-data-free experience. If I need more aliases, cloud space, or convince my wife to jump on board with the "team" settings, I'll gladly play $2.50/mo for it too.

Author

Grant Winney

Is there anything more satisfying than sharing knowledge? Of teaching someone and witnessing their "ah ha" moment? I usually write about tech, but no promises. I hope you find something interesting!



Comments