Hi everybody,

I’ve had a domain name at Gandi.net for quite a while, which included 5 email addresses as well, hosted on my domain. Now they’re however discontinuing this offer, it will now be €3,99 per month per mailbox.

So, I’ve been looking around a bit. I need a service that allows me to connect it to my own domain name, that actually allows IMAP instead of requiring a special client, and preferably should allow me to put up several mailboxes under the same account since I currently have mailboxes for some of my family members.

Security is not a concern since this is only intended to be used for the email I send and receive under my actual legal name, and I know better than to use email for confidential material.

Zoho Mail seems like a good deal, since they have 10GB per user for only €1,13 a month. I’m just afraid that my emails might end up in spam filters since they’re based in India.

  • nous@programming.dev
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    https://proton.me/ Are worth a look at. The allow custom domains and I believe have IMAP support. Additionally they encrypt everything they store so are very good from a privacy side (at least as far as you can be private using email).

    • Pechente@feddit.de
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      They only sorta provide IMAP. You need to run Proton Bridge on your computer and that program will connect to their service and provide a local IMAP connection to your mail app of choice. It’s all a bit hacky but works well enough.

      • GreyBeard@lemmy.one
        link
        fedilink
        English
        arrow-up
        16
        ·
        1 year ago

        That’s a sign that they aren’t goofing on the encrypted part. If done right, they can’t decrypt your emails to hand them over on IMAP, so a bridge would be necessary to decrypt on your equipment, then hand off the decrypted mail to your IMAP client. It’s nice they offer that solution.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          2
          ·
          1 year ago

          It’s a sign they use non-standard tech and lock you in progressively… while touting encryption at rest as a big advantage, when it doesn’t mean anything for email.

          The Proton bubble is one evil acquisition away from bursting.

          • Kayn@dormi.zone
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            It’s a sign they use non-standard tech

            Is there actually a standard tech for end-to-end encryption for emails? Because if not, then I don’t see what other option they had.

            • lemmyvore@feddit.nl
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              1 year ago

              There is, it’s called OpenPGP. GnuPG (GPG) is a popular implementation of the standard and many email clients integrate with GPG or implement OpenPGP directly.

              To achieve E2E encryption you need to generate a public/private key pair, exchange public keys with the recipient, and then you can encrypt a message that can only be decrypted and read by them.

              To simplify the exchange of keys there are keyservers such as keys.openpgp.org where people can publish their public keys in advance. There are many keyservers and they usually replicate keys among themselves. So when you want to email someone and use E2E your email client can look at the closest keyserver and see if there’s a key for that address already there.

              This approach to E2E is called OTG (On-The-Go). An OTG method can be applied to any insecure channel not just email. For example the OpenPGP keyservers are being used by programmers who work on open source projects to sign their code so their collaborators are sure it came from them, or by Linux distributions to sign the software packages in their “app stores”.

              This is very different from what Proton or Tutanota are doing. They encrypt email at rest while on their server and force you to use non-email protocols when you talk to their servers (instead of standard IMAP/POP/SMTP), but they have no control over messages while in transit to/from other mail servers. Their connections to other servers may or may not be encrypted but if they are it’s only point-to-point for each hop, not E2E. And most other servers do not encrypt email while at rest there. So while email can be called reasonably secure between you and Proton/Tutanota servers, it stops being secure if you actually want to talk to someone who’s not on them.

              To achieve secure email, pick your poison: you can try to convince other people to use an open standard & open tool & open keyservers, or you can try to convince them to use a proprietary server & proprietary tools.

        • anlumo@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          What’s the point with emails that were transmitted unencrypted over the Internet right before that? It’s like sending a post card via mail and then putting it into a safe at the receiver’s side. Sure it’s secure there, but that’s entirely pointless.

          • Kayn@dormi.zone
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            It’s true that there’s no point when emails are unecrypted in transit, but when sent to other Proton Mail users, they’ll be end-to-end encrypted. Additionally you have the option of not sending the email content itself, but rather a link to the encrypted contents.

    • PlexSheep@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I use proton for my domains email too, but consider that their integration with other services is pretty bad. I haven’t found a proper tool for calenders sync, and email sync with thunderbird or other clients requires a extra app.

      The pro of choosing them is that you get all their services: VPN, password manager, storage, calendar.

    • Briongloid@aussie.zone
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      They are great, but much more expensive which was the issue. PurelyMail are the cheapest option.

    • skankhunt42@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I moved to this from tutanota so I could have IMAP. No complaints.

      I like the GPG encryption option they have as it’s basically what I believe tuta does to their mail by default

  • gabe [he/him]@literature.cafe
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    I’ve used zoho before years ago, it’s pretty good. I currently do use proton personally as it has a good mix of stuff, including a VPN.

    • Wolfizen@pawb.social
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Zoho is great, especially for OP’s use case where they want to manage multiple mailboxes under the same domain. The Zoho cpanel can do all that.

      Also Ive never had my outgoing emails rejected.

    • FawkesGil@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Currently using Zoho for my small business and its been great. Bought a domain off of Namecheap for a price of a sandwich and used it on Zoho for free.

    • Engywuck@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Can vouch for Zoho. Cheap and realiable if one doesn’t need encrypted stuff.

    • Notamoosen@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Just adding that the base level is free up to 5 users is you want to sample it a bit before paying for more features.

  • iso@lemy.lol
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    edit-2
    1 year ago

    iCloud Plus if you don’t care kids in Africa and would like simplicity.

    Update: don’t beat me guys I’m using Proton 😢

  • sed11q@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    How hard is it to host your own mail server? From what I can see it look pretty much top tier

    • wth@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      I’ve been running my own mail server for about 15 years now… Let me offer some insights.

      • Its used by me and the family, so I do have other users who expect things to work.
      • I used commodity hardware, with a Linux host (and guest).
      • the mail server runs in a VM, so it is trivial to: stop, copying the VM to USB, restart.
      • Maintaining uptime isn’t too bad, but when the mail server goes down, you need to get onto it quickly. I’ve had power supplies fail, HDD’s fail, memory fail.
      • If you should happen to be out of town when a failure occurs (I’ve had this twice), then the server stays dead until you are back. That does not make your users happy. If its more than 4 days, then the SMTP standard says email is lost.
      • There have also been a few software issues with Zimbra (my current tool) - the stats daemon filled the disk, the upgrader broke permissions all over the place multiple times. Each of these requires time to investigate, research online etc. Snapshotting is awesome! Right now I have a problem where the VM disk file is growing, but the space used inside the VM is not. I have zero’d out free space and compacted the VM but don’t know why it is happening yet. More research needed.
      • You will learn to hate blocklists. There are many, and there are meta blocklists. You have to watch them because at any time, you will be added and your email will silently get dropped. Sometimes the blocklist trashes whole subnets because of a single actor, sometimes even more, and so you will get included due to other bad actors. Getting off a blocklist is hard… you send emails, you fill in web forms, you look for a contact details, you wait… Then some number of days/weeks later, you are off again.
      • You have to learn DKIM, SPF, DMARK, managing DNS etc.
      • I used to use self-signed certs and live with the warnings. Now I used Lets Encrypt, which is awesome!.
      • You can try to get reverse DNS working, but that’s up to your ISP (who usually don’t care, so good luck). No rDNS can be viewed as bad by email recipients so your spam score starts at >0.
      • If you run it at home, you will be part of a block of IPs that are known to be home users, so your spam score starts at >0.
      • I’m lucky in that I run it on a spare public IP address on my server housed at work. But that will need to change soon.

      I started using native Linux mailboxes, later added roundcube (web UI), investigated Mailinabox, but now use zimbra. That gives me calendar/contact sharing, email/calendar/contacts to iOS devices (which is the main way my family get email), and lots more. Moving data from one to the other took a couple of days of effort. (Yeah… I know its supposed to be trivial, but its not when you include tool research, testing, execution one at a time etc).

      Bottom line - you will learn lots, you will lose many weekends and sometimes a weekday here or there as you try to handle emergencies, it will never be set-and-forget.

      My original rational was learning, privacy and my own domain and nicer looking email addresses than john1234@gmail.com. I’m looking for an online alternative as its time to lighten the load, but I have a lot of services that we use in Zimbra.

      Good luck with it!

      • wth@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I forgot to mention - spam isn’t too bad with a well trained SpamAssassin.

        Plus you will need to learn your virtualisation tool really well because of all the networking routes required and operating it on the command line. VBoxManage is your friend, but its just not friendly.

        From a security perspective - I did everything in Linux, and only opened the required ports (plus ssh, which I moved to a random high port number). I have auto-update on for security patches, but NOT for regular patches (because Zimbra tends break things, so you need to snapshot first).

    • Octane@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      You apparently easily get your emails stuck in spam filters if you self-host. Also, you’d need to have 100% uptime for this to work as intended, not particularly easy in my situation.

        • wth@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          While technically that is true, if you have any other users they will be annoyed. And anyone running iOS will almost immediately get regular popups about the mail server being down (because iOS checks for new mail frequently - and yes I know this can be adjusted) and so they will be telling you straight away.

          Also - I’m not convinced that all email servers obey the SMTP standard.

          • SwingingKoala@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            because iOS checks for new mail frequently

            Client behavior has nothing to do with email delivery though. That being said, I run my own mailserver and have MacOS/iOS clients and have never seen a connection error.

            I’m not convinced that all email servers obey the SMTP standard.

            Of course, any idiot can write a broken smtp server that nobody uses.

    • Jamie@jamie.moe
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’ve done it, and I do not recommend it if you actually plan for people to receive your emails.

      • VanillaGorilla@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I managed to adapt for about 95% of mail servers to accept my mails, but it was a lot of work. I’m pretty sure some of those measurements are intended to discourage people from self hosting.

        • Jamie@jamie.moe
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          It took me around 4 hours to get to that point, and sometimes my mail would still go into junk, especially on gmail inboxes.

          • VanillaGorilla@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            You were way faster than me 😂

            Gmail worked for me, but some bigger German providers just refused to accept my mail. I used a website that tested the server config and gave hints how to proceed. That was incredible helpful.

    • jonne@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If you want to make sure people get your emails, and you don’t want to deal with constant spam issues yourself, I’d recommend not running your own.