Google provides some amazing tools, but at what cost to our privacy? One of the biggest blockers in eliminating the grip Google has on me has been to find a reliable and affordable replacement for email (and hopefully, other tools we tend to lump in with it, like calendar, documents, tasks, etc).
I used ProtonMail for about a year, but the free version is very limited (3 folders/labels, no filters, broken contacts design), and the paid version at $5/mo is more than I want to spend on just email. They keep promising a calendar, but even when it rolls out it'll take awhile to iron out the bugs, and they offer none of the other services Google does, paid or not.
Then I discovered Mailbox.org, another email provider that values enhanced security and privacy over serving up ads. After spending the last week getting it setup the way I want it, I think I've finally found my replacement for Gmail et al.
Register for an account and off you go.. easy peasy. Once you're in, click the gear icon and change your features. There's a nice little slider to increase mail and cloud (document) storage, and it shows what other features are enabled to. Pay is "as you go", and there's quite a few options depending on just how much of a geek you are... or what your privacy requirements are.
As you can see, I have a whopping $2 in my account, good for 2 months of basic usage. The free 30 day account ain't bad for trying it out, but hey I'm rolling in washingtons over here. 💸
Using Your Own Domain
Setup is far easier if you just use the default mailbox.org domain, buuuut.. I love to complicate things. Seriously though, after changing gmail.com to protonmail.com and now to mailbox.org (and being realistic that I may want to change services again someday, and since I already have a domain for this blog), it just makes sense to make this the last email address change I'll ever have to make.
Mailbox.org provides a detailed doc on setting up e-mail addresses for your domain. You'll definitely have to be comfortable configuring your own domain setup, but it's not that hard if you're willing to do some research. I can only share what I do personally.
My domain name is currently registered with Namecheap, which I configured to forward all traffic to the DigitalOcean nameservers, where I host this blog. Everything (web traffic, emails, etc) goes through Namecheap to DO, where the actual config is done.
The first thing you'll see in Mailbox.org when you try to setup an alias to your own domain is a warning telling you to add a TXT record to your DNS settings. They have to do that to verify you have access to the domain, otherwise anyone could claim any domain for their own. That would be Bad.
After you've proven you're the owner, you see this instead. Now you can add some MX records to your DNS settings, directing all traffic from (in my case) DigitalOcean to Mailbox.org's several servers (note the "priority" setting). 🐢🐢🐢🌎
But wait, there's more! You may have proven who you are to Mailbox.org, but that's not enough for other providers like Gmail, who will mark your messages as possible spam and unceremoniously dump them in the recipient's spam folder. Fun.
To fix that, you need another DNS entry. It seems that every problem in the world is fixable with one more DNS entry. Use a tool like this one to check for an SPF record - if you don't find one, you need one, and you can find instructions here.
Let that take effect, then check it with the website again, and everything should be much greener and happier. Either this tells Gmail how to check Mailbox.org to verify you, or it causes Mailbox.org to attach some meta data to requests that Gmail uses, or... whatever. I don't care, my stuff ain't going to spam anymore. 💚
Here's my full DNS records, which might help someone. Not sure why the bottom 3 NS records are in there, but I think they were there by default so I'm leaving 'em. There's also a reference in their docs to adding a record for DKIM, but that doesn't seem to be necessary... maybe I'll revisit it later.
Syncing Mail, Calendar, Contacts, Tasks to Your Phone
I found an app called DAVx5 that lets you sync your calendar, contacts, and todo items, and in practice it seems to be working well so far.
- Disable "battery optimization" per the app's suggestion, and allow the app to run in the background, otherwise I don't see how it'll allow updates.
- On the right bottom, press the orange "+" symbol.
- Choose “Login with URL and user name”.
base url: https://dav.mailbox.org
user name: your mailbox.org primary email
password: your mailbox.org password (not thrilled with having to supply my password instead of a per-app code where permissions can be restricted)
- Give the name an account if it prompts you (I can't remember..).
- You should be prompted to allow certain permissions, like calendar, tasks and contacts. Might as well, otherwise it probably can't do what it needs to do.
- You should see CardDAV (for syncing contacts) and CalDAV (for syncing calendars and tasks).
- Choose the folders to sync.
When I used the default "email" app that came with the flavor of Android running on a Huawei phone, it automatically sync'd up with emails based on whatever magic DAVx5 does. After changing phones and losing access to whatever default app that was, I changed over to BlueMail and really like it.
You'll have to enter your email and password, but according to BlueMail, that data never lands in BlueMail's hands, nor do emails land on their servers.
- BlueMail uses SSL, STARTTLS and OAuth enforcing certificate check by default.
- BlueMail sends and receives emails directly to and from the user's email server.
- Passwords are never transferred to the BlueMail’s servers.
- Emails are never stored on BlueMail's servers.
Also, Apple appears to be screwing BlueMail over, so that's pretty weird.
Test the Calendar and Contact apps
You should be able to use the Google Calendar app like you would for any other calendar, instead of the ugly default Android calendar app. Create an entry on Mailbox.org, let it sync (you can set that in the mobile app), and make sure it carried over. Same goes for contacts too...
Don't forget to go into the Google Calendar app settings (if you use it) and uncheck the calendar built into Gmail, otherwise you'll have two personal calendars showing. Unless you want that. Whatever. 🙄
I use Trello and have no intention of using Mailbox.org tasks, so I'm not sure if the above tool integrates tasks with whatever is built into Android or not. You might have to find a separate tool like OpenTasks (note, I have not used that tool and have no idea how or if it works).
Other Features (disposable addresses, security, etc)
They also provide a bunch of other awesome sauce right out of the box. I've pondered just what the heck ultimately happens to our digital life, and so have they apparently. I don't know how they confirm my death, but presumably once they receive a request to release it, they can (at your instruction) grant it or delete it. Not sure how it'd hold up in court, but it's interesting.
The built-in disposable addresses are awesome as well. I spent a few hours porting my online accounts to my new email, and closed quite a few that I hadn't used in a long time. That is an incredibly painful and frustrating experience, especially when there's no obvious way to even close the account. So, at the very least, I spun up a disposable address, changed it in those services and confirmed it, then deleted the address. At that point, they're effectively dead to me. 👍
So far I'm super happy with this service, and consider $1/mo a steal for an ad-free, creepy-dig-through-my-data-free experience. If I need more aliases, cloud space, or convince my wife to jump on board with the "team" settings, I'll gladly play $2.50/mo for it too.