• United States

Down the rabbit hole, part 4: Securing your email

Oct 18, 20166 mins
Email ClientsOpen SourceSecurity

Want your email to be secure and private? Stay away from mainstream email and consider one of these options.

As I strive to make my life safe and secure from prying eyes, one area stands out as being astoundingly critical: email.

Heck, you can barely go 24 hours without another example of leaked or hacked emails being released to the public. Add to that the recent revelations that Yahoo has been working secretly with United States government agencies to scan all email going through their system, and it quickly becomes clear that the majority of us have email accounts that are not even remotely private or secure.

In case you are sitting there thinking,“Thank goodness I didn’t use Yahoo for my email,” think again. Here is a quote from Andy Yen, co-founder of ProtonMail:

“It does not make sense that U.S. surveillance agencies would serve Yahoo Mail with such an order but ignore Gmail, the world’s largest email provider, or Outlook. There is no doubt that the secret surveillance software is also present in Gmail and Outlook, or at least there is nothing preventing Gmail and Outlook from being forced to comply with a similar directive in the future. From a legal perspective, there is nothing that makes Yahoo particularly vulnerable, or Google particularly invulnerable.”

Now look up at the tabs currently open on your web browser. Is one of those tabs for Yahoo, Gmail, Outlook or one of the other big email providers? Yes? Then the contents of your emails are, in all likelihood, already being scanned, searched, indexed and archived by both your email provider and government agencies.


Follow Bryan Lunduke’s quest to make his digital life as private and secure as possible:


You’re not alone. I have a Gmail account with over 5 GB of email contained within it. Five. Gigs. Of nothing but email. All searchable and indexed by Google (an advertising company) and, highly likely, by other organizations as well.

Gazing upon the almost incomprehensibly large, pile of email sitting on Google’s servers, I have to ask myself: “How did I let it get to this point?” How did I allow such a vast amount of my personal information and communication become accessible to so many without my consent? 

The answer, of course, is simple: I’m lazy, and I like things that work well. 

And Gmail works pretty doggone well.

So, once I started using it, it was hard to stop. Even once I realized I needed to completely cut ties with Gmail (and other similar services), it was hard to do. But eventually, I managed to do it—with the help of some other services that respect a user’s privacy and security.

3 alternatives to mainstream email

There are three email services I’d like to talk about here. I am not fully endorsing any of them. I’m merely presenting the options here, with my views on them, in the hopes that one of these will suit your individual needs.

The first is KolabNow. Located in Switzerland, KolabNow is an email (and calendar, etc.) provider built entirely on open-source components. I’ve used their servive for some time now and am overall quite pleased. I pay a few dollars each month (which may be a tough pill to swallow for those enjoying cost-free services such as Gmail) and get an email system where the company is not scanning or searching my emails. Also, I’m never presented with advertisements. 

The one potential downside to KolabNow is that the emails sitting on the server are not encrypted. KolabNow instead recommends using end-to-end encryption through something like Enigmail (in conjunction with your desktop email client). The thinking goes that even if KolabNow encrypted the emails on the server, the key and passphrase would pass through the web browser anyway, thus giving KolabNow the ability to decrypt and read all of your emails. 

Another email option is ProtonMail. This one does encrypt the email on the server but at a cost: You cannot use ProtonMail with any standard email client (no IMAP/SMTP/POP). 

They do, however, provide an Android (and iOS) client so that you can still email from a mobile device—but only if you utilize the default application stores. They don’t provide a downloadable way to install their custom email client outside of (on Android) the Google Play Store. 

So, while providing increased encryption is good, it is a problem that you can’t, for example, run their email client on a secure mobile system. With no other email clients being supported, this becomes problematic in a hurry. 

The third option is to not use an email provider at all and instead run your own email server using something such as Mail-in-a-Box. Setting it up proved to be fairly straightforward, but I wouldn’t recommend this (at least not currently) for most people. If you don’t have the time, expertise and desire to actively administer your own email server, you’re likely to end up with an insecure system down the line. And that’s just no good.

But if you do have the time (and the know-how), there’s something appealing about having an email server that you control entirely—preferably running on a box sitting in a country with good data privacy laws. Or in a secret bunker in your backyard. 

The long and short of it is that email is, quite simply, not terribly secure. If I need to send or store truly delicate and sensitive data, I’m not going do so via email. (That would be just plain dumb of me.) But I need email—at least for the time being. So, the goal is to make it as secure and private as possible while still being able to send and receive emails on the go. 

All three options here allow that—each with their own advantages.


Bryan Lunduke began his computing life on a friend's Commodore 64, then moved on to a Franklin Ace... and then a 286 running MS-DOS. This was followed by an almost random-seeming string of operating systems: ranging from AmigaOS to OS/2, and even including MacOS 8. Eventually, Bryan tried Linux. And there he stayed. In 2006, Bryan founded the Linux Action Show - growing it into the largest Linux-centric podcast on the planet. He's also the creator of 'Linux Tycoon,' the video game about managing a Linux distribution. Today, he is a writer and works as the Social Media Marketing Manager of SUSE. On this here blog, he seeks to accomplish two goals: 1) To be the voice of reason and practicality in the Linux and Open Source world. 2) To highlight the coolest things happening throughout the world of Linux.