That One Privacy Guy’s – Guide to Choosing the Best Email Service (for you)

Disclaimer: The below guide is my opinion, which I will try to provide as many examples for and as much evidence as possible to support. I reference my Email Comparison Chart throughout much of this post, not so much for shameless self promotion, but because I believe it to be a solid resource to determine if an Email service meets your criteria and to assist you in deciding which is best for you. Much of this guide is relevant and therefore repeated in the other guides I have on That One Privacy Site. If you just want an ELI5, read the bolded segments throughout the guide for the highlights. If you want to go down the rabbit hole on this topic, read on, and buckle up – this is going to be long.

TABLE OF CONTENTS

I. INTRODUCTION

II. A WORD ABOUT TRUST

III. A WORD ABOUT EMAIL AFFILIATES

IV. IF YOU’RE CONCERNED WITH PRIVACY

A. MORE ON TRUST

B. MORE ON AFFILIATES

C. JURISDICTION

D. LOGGING

E. PAYMENTS AND COMMUNICATION

F. EMAIL BY ITS NATURE IS NOT SECURE OR PRIVATE

G. FREE AND OPEN SOURCE SOFTWARE

H. ENCRYPTION AND OTHER FEATURES

I. WEBSITES AND YOUR PRIVACY

V. IF YOU’RE CONCERNED WITH SECURITY

VI. CLEARING UP MISCONCEPTIONS

I. INTRODUCTION:

The following is intended to be a detailed guide to answer the question, “How do I choose the best Email service (for me)?” The reason this is a hard thing to help people with, is that their needs and level of technical knowledge vary greatly – there is no one perfect Email service, they all have at least some flaws and some will just flat out be better for different people.

I very well might have forgotten to add a section I intended to, said something that needs clarification, or was just sleepy when I wrote parts of this guide, so I intend to update and expand it as needed.

I’m assuming that if you’re reading this far, you have at least SOME knowledge as to the basics of what Email is, so I won’t cover that here.

II. A WORD ABOUT TRUST

No matter what reason you want an Email service, you want to know that the service you choose is trustworthy and is not compromising your communications. Even if you’re only concerned with the casual sending of messages or other non-privacy uses, keep reading. I’ll get more into this in the “Privacy” section, but it’s important for everyone to be exposed to it at least a little.

A preface regarding privacy and trust, from a Reddit thread I made a while back. This applies to every company, but I would suggest especially so for Email services.

We live in a society where privacy is undervalued and under assault daily. Some people eventually notice this and discover that they do value their own. They set out on a pilgrimage of sorts to educate themselves and learn about tools to help them protect it (as I did when I started my project). Because we depend on each other for direction and others to write software and run services to help keep us secure – TRUST AND TRANSPARENCY – are paramount. However, transparency comes before trust.

III. A WORD ABOUT EMAIL AFFILIATES

You may have started your search for an Email service by looking for “Email service reviews” in your search engine of choice. if you had, you would have gotten page upon page of what seem to be harmless review sites, top 10 or blog style reviews of different Email services. You may even be coming here for confirmation of what you were told on those sites. The sites making these recommendations are, in almost every case, paid by the services they review and recommend. They are beginning their business relationship with you, with what essentially amounts to a lie. The technical term for this kind of marketing is “native advertising” and it’s abuse is a huge problem in the Email service industry. (Link specifically referring to VPN affiliates, but it is every bit as relevant in the realm of Email services).

I purposefully made a point to capture this kind of data on my Email Comparison Chart. There you can find information on services that have affiliate programs, the specific policies they have for them and whether or not the affiliates act ethically, essentially what the services tolerate from those representing them, when it comes to persuading YOU to buy into the information they put out.

Note that not all affiliates have to be bad actors and simply having an affiliate program is not necessarily grounds for mistrust of an Email service, but rather when those services allow their resellers to generate referrals by hook or by crook. If you see a service appear over and over again on the kinds of sites mentioned above, there is a good chance they are making money from, and are perfectly okay with these kinds of deceptive practices as a part of their business model. They often will claim that it’s just the affiliate doing this, and that they can’t control what others do. This is false. Affiliates, like anyone entering into a business relationship with someone, agree to certain terms put forth by the service hiring them. If a company doesn’t expect and enforce certain standards from their affiliates (not spamming, not breaking copyright, disclosing who they are, etc), they are approving these methods, and are not worthy of your trust. If they are willing to lie to you before you even buy into their service, the stage is set for them to be dishonest with you when you interact with them on a normal basis as a customer.

IV. IF YOU’RE CONCERNED WITH PRIVACY

a. More on Trust

As a lawyer represents your legal interests, an Email service (among others) represents your privacy interests. If a lawyer does something to violate your trust or is not honest about some aspect of their representation that could affect you, you would discard them and you’d be right to do so. Likewise with an Email service. There are many out there that are not worth your time or money. Unlike a lawyer, an Email service can be put together and promoted by anyone with access to a computer, the key difference being that you would never even see their face.

If you are looking for an Email service for privacy purposes, you already believe you cannot trust certain parties. Those parties might be big corporations who offer tempting free services but collect and analyze your communications, or maybe even an oppressive government whose unlawful surveillance is encroaching on your rights. You are being put in a position where you must rely on someone other than yourself for protection and the last thing you need is one more party that you can’t trust.

This decision is an important one, and not just any Email service is worthy of that trust. You’re trusting them to know what they’re doing – to be able to operate a competent service that will protect your privacy. You are trusting them to be responsive to new technical and geopolitical threats to their operation. You’re trusting them to be honest with you in the way they do business so that when you are shopping and comparing, you are getting accurate information.

b. More on Affiliates

In the main section at the beginning of this guide, I talked about affiliate practices, so I will only briefly mention it here. If you choose a company with an affiliate program, choose one that expects and enforces good behavior from their reselling partners. You can usually read their affiliate terms on their site. If they are not publicly visible, they should respond with this information when asked. If not, or if they play games with you, look elsewhere. More information on affiliate policies and behavior can be found on my Email Comparison Chart.

c. Jurisdiction

In the last few years, certain revelations have been made manifest regarding the mass surveillance programs of various countries around the globe. These countries are known as the five, nine, and fourteen eyes. These countries not only spy on their own citizens where they can get away with it, but they spy on each others, and swap notes to bypass governmental restrictions on power. If a service, or the people who run a service, is based in one of these countries, it’s not unreasonable to expect that they may be susceptible to unlawful searches and compromises made in the name of national security. That said, if your threat model includes protection from such actions, choosing a company incorporated outside of these jurisdictions probably would not be adequate to protect you – as such actors have vast resources, and if singled out, you would need to worry about more than your Email service (by relying on other tools such as PGP, S/MIME, paying very close attention to your opsec, etc). Where the servers you’re communicating through and the people who operate / have control of them are located are more important than where a company is incorporated, to protect yourself from government overreach.

Other countries are not part of the spy collaboration mentioned above, but still have issues with government limitations on internet freedom and free speech. Avoid countries with limited internet freedom. The degree of internet freedom a country has can also be found under “jurisdiction” on my sheet.

d. Logging

When you send communications through an Email service, you are not sending your message directly to your recipient, but are routing it through the service itself (similar to how a postal service processes mail before sending it out). The Email service is a “man in the middle” who you are trusting with your communication data and metadata. Some Email companies choose to log this data. There are many reasons for doing so, some more legitimate than others. Some services record this to protect themselves legally in the case they are approached by authorities. Some companies keep minimal connection logs to aid them in maintaining servers. Some will even sell your data to third parties as part of their business model. If your concern is privacy, you most likely do not want your browsing habits and connection data being recorded. Choose a service that specifically states that they do not keep logs, AND which types they do not keep. Make sure they do not keep ANY kind of log. Many services claim to not keep logs, but are vague, and upon closer inspection actually do keep certain types, so be wary of such promises until you’ve confirmed it for yourself in their respective terms and privacy policies.

e. Payments and Communication

Assuming privacy is your priority, when you go to pay for your Email service, there are many methods available, but only a few worth consideration. Services that offer the ability to pay by Crypto Currency, cash, or misc gift cards are the best way to ensure that you are kept as anonymous as possible. if these services require more personal information than an email address, look the other direction – this is information they’re recording about you that may be used at best to sell to third parties, at worst to later identify you.

Some services offer a PGP key for additional privacy. This is a nice thing to have if you want to be able to communicate with them using encryption.