From e76331d17ff91c04f2df35f1c31fd2380116b927e1c87592d8ef62d65a00e97d Mon Sep 17 00:00:00 2001 From: Nicholas Johnson Date: Tue, 14 Feb 2023 00:00:00 +0000 Subject: Convert refs: using-email --- content/entry/using-email.md | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) (limited to 'content') diff --git a/content/entry/using-email.md b/content/entry/using-email.md index a843894..f466106 100644 --- a/content/entry/using-email.md +++ b/content/entry/using-email.md @@ -2,13 +2,12 @@ title: "Using Email" date: 2020-10-29T00:00:00 draft: false -makerefs: false --- # Preface -Email is a very old internet standard, predating the world wide web. It was first defined in 1982. It was updated[1] in 2008 and remains in widespread use. It's not a great protocol by today's standards, but we're all stuck with it. You almost certainly already have an email account. Although everyone has an email account, not everyone understands how email works or how to make the most of their account. Almost everyone with an email account just chose the first free, convenient option available for an email service provider. I know that's what I did at first. Most people just use Gmail, Outlook, Yahoo, AOL, or one of the other top providers. Knowing this has motivated me to write this post because I fear that others are missing out on a better email experience. +[Email](https://tools.ietf.org/html/rfc5321) is a very old internet standard, predating the world wide web. It was first defined in 1982. It was updated in 2008 and remains in widespread use. It's not a great protocol by today's standards, but we're all stuck with it. You almost certainly already have an email account. Although everyone has an email account, not everyone understands how email works or how to make the most of their account. Almost everyone with an email account just chose the first free, convenient option available for an email service provider. I know that's what I did at first. Most people just use Gmail, Outlook, Yahoo, AOL, or one of the other top providers. Knowing this has motivated me to write this post because I fear that others are missing out on a better email experience. # Choosing an Email Service Provider -The first step before using email is choosing an email service provider. Email is a federated[2] protocol. This means that no single entity "owns" email. If you want, you can create your own email provider and use it. Instead of john@gmail.com, your domain would be something like john@johnsdomain.com. But running your own mail server can be expensive and time-consuming. Mail servers also have many moving parts and require maintenance, so I won't be writing about how to set up your own mail server. It's just not a realistic option for non-technical users of email. +The first step before using email is choosing an email service provider. Email is a [federated](https://www.wikipedia.org/wiki/Federation_%28information_technology%29) protocol. This means that no single entity "owns" email. If you want, you can create your own email provider and use it. Instead of john@gmail.com, your domain would be something like john@johnsdomain.com. But running your own mail server can be expensive and time-consuming. Mail servers also have many moving parts and require maintenance, so I won't be writing about how to set up your own mail server. It's just not a realistic option for non-technical users of email. The best alternative to self-hosting is to pick an email service provider wisely. This list is obviously subjective, but here are some criteria which a good email service provider will meet: @@ -28,7 +27,7 @@ The best alternative to self-hosting is to pick an email service provider wisely * Migration support ## Free Software -The first and most important requirement is that the email provider uses exclusively free software. This means their website and webmail portal do not require proprietary JavaScript[3]. JavaScript licenses should be included somewhere on the site or it should work without JavaScript enabled. Also, all backend software should be free. In other words, if an email provider uses Mac or Windows to host the email server, it's as good as garbage and you shouldn't touch it with a ten foot pole. It should probably run on GNU/Linux or FreeBSD. Good email providers support IMAP and POP3 for accessing email. Those protocols allow you to access emails from your own email client[4] on any device. More on that later. Now onto security and privacy. +The first and most important requirement is that the email provider uses exclusively free software. This means their website and webmail portal do not require [proprietary JavaScript](https://www.gnu.org/philosophy/javascript-trap.en.html). JavaScript licenses should be included somewhere on the site or it should work without JavaScript enabled. Also, all backend software should be free. In other words, if an email provider uses Mac or Windows to host the email server, it's as good as garbage and you shouldn't touch it with a ten foot pole. It should probably run on GNU/Linux or FreeBSD. Good email providers support IMAP and POP3 for accessing email. Those protocols allow you to access emails from your own [email client](https://www.wikipedia.org/wiki/Email_client) on any device. More on that later. Now onto security and privacy. ## Privacy and Security The email provider should have a policy of not keeping logs. This brings me to my next and important point that the email provider needs to reside within a privacy-respecting country. The legal requirements for collecting logs and sharing user data are going to differ depending on which country it's in. Using an email provider based in the US or the UK is a very bad idea. Those countries don't have strong privacy considerations and your email data (and metadata) won't be safe. Email providers in those countries can't guarantee safety of your emails. You can get a lot of information about what data is collected just by actually reading the Terms of Service when you sign up. Don't use an email provider like Gmail, Outlook, or Yahoo that logs all your emails and sells them to advertisers. If it's in the Terms of Service that the service shares non-trivial data with third parties, then that email service is garbage and you shouldn't use it. In fact, good email providers will never share any data without a court order first. In order to take an email provider's claims of protecting your data seriously, the email provider should have a transparency report providing as much detail as is legal about what information they can be forced to turn over, when, and how often it actually happens. @@ -43,7 +42,7 @@ I've gone over some of the technical details, but I haven't mentioned the busine Nothing I've mentioned gives you a 100% guarantee that the email provider is secure, will stay in operation, doesn't sell your data to advertisers, or is competent. But the more criteria that the email provider meets, the better the chances that it's a good one. At some point you have to say "Okay, this email service meets so many criteria of being ethical that it either actually operates ethically or is so good at faking it I could never hope to tell the difference anyway". Once you do enough research where you can confidently say that, then you should consider using it. There are other features email services provide that I haven't mentioned such as email aliasing and email storage space. Those depend heavily on how you use email and if I listed all possible features of an email service, I'd never finish this post. But I think I have covered some of the key features to look for when choosing an email service. # Using an Email Client -The most common way by far to access email nowadays is using webmail which is a shame. Webmail is when you access your email account in the browser. Remember that email predates the web, so it doesn't rely on the web at all. It's just that people have been spoiled by web apps and never need to leave the browser environment any more. Using an email client, also known as a user agent, is a more satisfying way to use email. It provides functionality such as easy account navigation, email filtering, email flagging, calendaring, contacts, and more. Webmail also provides the same features, but often requires running proprietary JavaScript to accomplish the same tasks. Using an email client gives you a single, unified user experience that you can customize to your liking for all email accounts, even if the accounts are on different email services. Using an email client empowers you to use inbound encryption, managing your encryption keys yourself. I just want to quickly mention that Protonmail[5] requires installing a proprietary bridge application[6] for IMAP and SMTP support. If you want to use Protonmail with your own email client, you'll have to install their software. I'm not trying to pick on them in particular. I just want to point out it's more secure to use email clients that work for any email provider, not client programs that the specific email service has home-brewed even if they are free software programs. Individualized email clients and client-related programs likely have less code review and less scrutiny which means you're less secure using them. Some good email clients are Thunderbird[7], Evolution[8] or Mutt[9] if you prefer a terminal. Microsoft Outlook[10] is common, but it is proprietary. Don't use it. +The most common way by far to access email nowadays is using webmail which is a shame. Webmail is when you access your email account in the browser. Remember that email predates the web, so it doesn't rely on the web at all. It's just that people have been spoiled by web apps and never need to leave the browser environment any more. Using an email client, also known as a user agent, is a more satisfying way to use email. It provides functionality such as easy account navigation, email filtering, email flagging, calendaring, contacts, and more. Webmail also provides the same features, but often requires running proprietary JavaScript to accomplish the same tasks. Using an email client gives you a single, unified user experience that you can customize to your liking for all email accounts, even if the accounts are on different email services. Using an email client empowers you to use inbound encryption, managing your encryption keys yourself. I just want to quickly mention that [Protonmail](https://protonmail.com) requires installing a [proprietary bridge application](https://protonmail.com/bridge) for IMAP and SMTP support. If you want to use Protonmail with your own email client, you'll have to install their software. I'm not trying to pick on them in particular. I just want to point out it's more secure to use email clients that work for any email provider, not client programs that the specific email service has home-brewed even if they are free software programs. Individualized email clients and client-related programs likely have less code review and less scrutiny which means you're less secure using them. Some good email clients are [Thunderbird](https://www.thunderbird.net), [Evolution](https://www.wikipedia.org/wiki/Evolution_%28software%29) or [Mutt](http://www.mutt.org) if you prefer a terminal. [Microsoft Outlook](https://www.wikipedia.org/wiki/Microsoft_Outlook) is common, but it is proprietary. Don't use it. ## POP3 Since most email users have been totally spoiled by the web, they have never heard the terms POP3 and IMAP. When you use an email client, you will have a choice of which protocol you prefer. POP stands for Post Office Protocol. The first version of POP was created in 1984. POP3 fetches emails from the remote email server, then deletes them from the server. It can be configured not to do that, but that's its main benefit. If you only check email from a single device and you don't want your emails hanging around on someone else's computer, then POP is the way to go. Sent emails are stored in the client you sent them. Deleted emails are only deleted in the client you deleted them in. So POP is not a good protocol if you are using multiple devices to check email. It doesn't try to sync across devices. POP is also good to use if you have very little space allocated to you on the remote server, but you regularly send and receive large email attachments. @@ -52,7 +51,7 @@ Since most email users have been totally spoiled by the web, they have never hea IMAP stands for Internet Messaging Access Protocol. It was created in 1986. IMAP makes use of the remote email server. All messages are stored on the remote server. When you delete an email, it is deleted on the server. When you send an email, it is stored on the server. When you read an email, the server marks it as read. If you switch devices, your email inbox will look the same. It has a consistent experience across multiple devices. This is probably what you want to use most of the time. # Email Use Cases -Even if you follow this guide on picking an email service and you use an email client and use 2-factor authentication and inbound encrypt all your emails and use POP3, it's likely that your correspondents are using Gmail, Outlook and Yahoo. Even though you could have the most secure email setup short of self-hosting, everyone you email is still using proprietary JavaScript with no 2FA unencrypted webmail with every email being parsed and sold to advertisers and mass surveilled. My point is don't use email for personal correspondence. The fact is email is just an old insecure protocol. It doesn't even use end to end encryption because it comes from a different era. You can use PGP to encrypt your emails, but it has so many problems[11] that I can't recommend it for regular use. Almost no one uses it, it's difficult to use, and has many downsides. If you have to use email for personal or business correspondence, use PGP to encrypt. But the best advice I can give is just to avoid using email. +Even if you follow this guide on picking an email service and you use an email client and use 2-factor authentication and inbound encrypt all your emails and use POP3, it's likely that your correspondents are using Gmail, Outlook and Yahoo. Even though you could have the most secure email setup short of self-hosting, everyone you email is still using proprietary JavaScript with no 2FA unencrypted webmail with every email being parsed and sold to advertisers and mass surveilled. My point is don't use email for personal correspondence. The fact is email is just an old insecure protocol. It doesn't even use end to end encryption because it comes from a different era. You can use [PGP to encrypt your emails, but it has so many problems](https://secushare.org/PGP) that I can't recommend it for regular use. Almost no one uses it, it's difficult to use, and has many downsides. If you have to use email for personal or business correspondence, use PGP to encrypt. But the best advice I can give is just to avoid using email. ## Email Privacy The best time to use email is when it's required. When you're signing up for a website that requires email for instance. You don't have to only have 1 email account either. I use several email aliases depending on the purpose. You can use different email accounts for every service you sign up for if you want. There's throwaway email accounts available if you need to send or receive email quickly and then ditch the account. I wouldn't recommend using email for receiving newsletters or information that you have another way of accessing. I might make another post talking about RSS, but it's basically a web feed. RSS readers can pull content from all the websites that support RSS that you're interested in without you actually visiting those sites. It's a similar experience to using an email client, but with less of a digital footprint. With email, your email server has a record of which feeds you are subscribed to. With RSS, there is no "account". No digital footprint showing you subscribed to that feed is necessarily created. If you anonymize RSS over Tor, then even a passive adversary like your ISP will have a hard time figuring out which news feeds you read. Even if you just visit the news site directly, that's still arguably better for your privacy in terms of minimizing your digital footprint. @@ -64,17 +63,3 @@ If and how you segregate out your email accounts is up to you. This is just an o # Motivation Those are my tips for getting the most out of email. It's a lot of information to take in, but I wanted to be thorough. My motivation for writing this post as I said in the beginning was seeing the way most people use email. Until we have a widespread protocol that supersedes email, we should at least get the most out of it. And the way most people are using email right now is the absolute worst way to use it. There's a lot of things in computing that aren't harder to do a different way, it's just that people haven't been shown the better way of doing things. Most people don't know anything beyond webmail despite the fact that email predates the web. I wrote this post to promote my preferred way of using email. I hope you have found it useful. - - -Link(s): -[1: https://tools.ietf.org/html/rfc5321](https://tools.ietf.org/html/rfc5321) -[2: https://www.wikipedia.org/wiki/Federation_%28information_technology%29](https://www.wikipedia.org/wiki/Federation_%28information_technology%29) -[3: https://www.gnu.org/philosophy/javascript-trap.en.html](https://www.gnu.org/philosophy/javascript-trap.en.html) -[4: https://www.wikipedia.org/wiki/Email_client](https://www.wikipedia.org/wiki/Email_client) -[5: https://protonmail.com](https://protonmail.com) -[6: https://protonmail.com/bridge](https://protonmail.com/bridge) -[7: https://www.thunderbird.net](https://www.thunderbird.net) -[8: https://www.wikipedia.org/wiki/Evolution_(software)](https://www.wikipedia.org/wiki/Evolution_(software)) -[9: http://www.mutt.org](http://www.mutt.org) -[10: https://www.wikipedia.org/wiki/Microsoft_Outlook](https://www.wikipedia.org/wiki/Microsoft_Outlook) -[11: https://secushare.org/PGP](https://secushare.org/PGP) -- cgit v1.2.3