Secure, privacy focused email

Updated: Mar 29 2022

Escaping the clutches of Google in search of a secure, privacy focused email experience is something I’ve wanted to do for a while, but, I’ve lacked the motivation to do it. The thought of untangling the mess of accounts I’ve created as a free G-Suite user is overwhelming, so I’ve kept putting it off.

Hearing Google’s plans to suspend all legacy accounts in July of this year was the push I needed. There’s nothing like a hard deadline to get you in gear.

The past few weeks I’ve spent time researching my options–seeking out a suitable alternative to Google–and getting to grips with a new email provider.

In the process I’ve managaged to consolidate my inboxes into one, regain control of my privacy (to an extent) and turn the lights out on my G-Suite account, once and for all. It’s a project that feels long overdue.

Alternative email to Google #

There are a bunch of better email providers than Google these days. I spent a good while looking into each one and a handful stood out.

ProtonMail is one of the most popular and reputable choices among the privacy community. Based in Switzerland, ProtonMail offers an encrypted email service that’s hard to beat. But, at €6.25/month for a pro account, it’s not the cheapest.

Posteo is listed on all the reviews you’ll read as another great option. Posteo is ad-free, can be used anonymously, and the company has a strong focus on sustainability. Following Pretty Good Privacy (PGP) encryption standards, it’s ticks a lot of the boxes and only costs €1/month. But, with no current support for custom domains, Posteo is perhaps better suited to use for personal email.

Soverin is an independent company based in Amsterdam offering a privacy focused mailbox for €3.25/month. For that you get unlimited domains and aliases using plus-notation. If you’re likely to need lots of email addresses, then it’s one of the best options out there. I’ll add that Soverin’s servers also run on sustainable energy sources.

Tutanota is a small company based in Hannover, Germany, who offer end-to-end encrypted email, calendar, and contacts. If you’re not already aware, Germany’s data privacy policy–the Federal Data Protection Act (Bundesdatenschutzgesetz)–is one of the strictest privacy laws in the world, making it a solid choice for privacy enthusiasts.

Tutanota software is open source, so you can hack around with code and spin up your own Tutanota web client, as you like. This says a lot about how the company approach software development and transparency. Tutanota servers run on 100% renewable energy, making it another sustainable choice.

Judging by Tutanota’s about page, the team are clearly dedicated to protecting the privacy of their customers. It’s reassuring to know that there are no dependencies on external investors or owners, making it unlikely that the company will pivot from its values or sell out to the highest bidder.

Private email, using a Tutanota address, is free, and premium email starts at €1/month per user, for which you get 1 custom domain and 5 aliases. To put this in perspective, with Google Workspace you’ll pay £4.14/month, per user.

Switching to Tutanota #

I took the plunge a few weeks back, setting up a free private account with Tutanota to see if I could get along with it. My intention was always to upgrade to a paid business account if things went well.

First I moved my calendar over from Google and sent the odd email to myself to test features. I sat with Tutanota all week, before giving away my new email address. I wanted to get a feel for the software before committing.

The first thing that struck me about Tutanota is how different it feels to email with Google. The UI isn’t particularly fancy, but it’s clean and simple, which I like. One primary colour accents a modest palette of gray, it feels calm and focused.

Looking back, Google feels bright and busy, packed full of labels and unused extras, all competing for your attention.

I expect Tutanota’s three column desktop layout won’t be for everyone. Coming from Google products, it may feel dated, to some. Personally, I’m into it. The email list view in Tutanota is much less imposing, taking a fraction of the screen than that of Google. For heavy email users this may be a concern. But, if like me, you only receive a handful of emails a day, then it’s more than sufficient.

The responsive layouts are also worth a mention. The app looks great in a browser at any size. At it’s slimmest in the browser, the layout mirrors the iOS app.

Tutanota doesn’t load pictures automatically, which can feel weird at first. You can choose to show images when you open an email, but once you learn about the privacy concerns of images in email, you will think twice about which images you decide to load.

End-to-end encryption #

Tutanota encrypts emails sent to other users by default, but it’s worth noting that sending encrypted emails to an external recipient will require a password. You will then need to share this password with the recipient via an encrypted messaging app, such as Signal or Telegram. Using this password, the recipient will be able to access the email you’ve sent them on Tutanota’s encrypted servers.

I’m pointing this out because it’s easy to think the “end-to-end encrypted email” thing happens automatically, as soon as you hit send. In reality, this is only the case when both the sender and recipient are using Tutanota. If full encryption is something that’s important to you, then you’ll have to get used to sharing passwords, as the large majority aren’t using Tutanota.

The good news is that Tutanota still provides a high level of encryption in transit, and all the emails you receive remain encrypted on Tutanota’s servers. But, if the recipient uses Gmail, Outlook or another unencrypted email service, then any email they receive will be unencrypted at rest. That is, unless you use a password.

Upgrading to Tutanota business #

Last week, I upgraded to Tutanota’s Business Premium subscription (€2/month). I might have gone for Private Premium, but I needed to set up a few different custom domains. One for my personal site and another for practicalhugo.com.

Business Premium gives you unlimited custom domains and 5 aliases, which is more than enough for my needs. If in the future I require more aliases, then I can pick up a 20 pack for another €1/month.

I read some concerns on Reddit about delays with account approval, but I didn’t experience any of this myself. Setting up custom domains was easy enough. I had visions of DNS settings taking forever to propagate, but all went smoothly and everything was working within a few minutes.

This week I set up a separate user (a dedicated inbox) for Local London, as there are a few of us sending emails. For €1/month, the three of us can share an inbox and send emails from our own alias. To put this in perspective, with G-Suite I’d set everyone up as a separate user, so email would have cost a minimum of £12.42/month, for this project alone. Plus, we’d be handing over all our data, in return.

Final thoughts #

Ditching my convoluted G-suite/Workspace set up is something I should have done years ago. Managing multiple inboxes ultimately came at a cost to my time and attention. Now, with one inbox, staying on top of emails is trivial.

But, this project wasn’t just about simplifying my email setup. It was also about moving away from big tech and making more responsible software choices. I’m not 100% there yet, but switching email from Google to Tutanota feels like a huge step towards achieving this goal.

It’s satisfying to know that I’m now backing an independent company, who puts the privacy and security of their customers first. This is the future I want to see, so there’s not much I’d rather invest in.

With a cheaper price tag than Google, it turns out that switching to a secure, private focused email provider can also save you a good bit of money. So, although it took work, it’s was a bit of a no-brainer.

Resources #

Monthly Newsletter

Once a month I curate a newletter for designers and developers interested in static sites, CSS and web performance. Check out past issues to get an idea.