Ask Slashdot: Advice For a Yahoo Mail Refugee

New submitter ma1wrbu5tr writes: Very shortly after the announcement of Verizon's acquisition of Yahoo, two things happened that caught my attention. First, I was sent an email that basically said "these are our new Terms of Service and if you don't agree to them, you have until June 8th to close your account". Subsequently, I noticed that when working in my mailbox via the browser, I kept seeing messages in the status bar saying "uploading..." and "upload complete". I understand that Y! has started advertising heavily in the webmail app but I find these "uploads" disturbing. I've since broken out a pop client and have downloaded 15 years worth of mail and am going through to ensure there are no other online accounts tied to that address. My question to slashdotters is this: "What paid or free secure email service do you recommend as a replacement and why?" I'm on the hunt for an email service that supports encryption, has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping.

Take Marissa's advice

[OffTheLip]

Use gmail.

Re:Take Marissa's advice

[Anonymous Coward]

Gmail is great in terms of reliability, spam filtering (best I've found), and features. But if you're looking for privacy, the only company that's probably worse in my mind is Facebook.

Re:

[mysidia]

Gmail is great period. Regarding privacy; I think their major advantage is they are HONEST, where some of the other more egregious offenders are more concealed.

You DO have privacy in the sense that your neighbor and random people at Google cannot look at your E-mail.
You don't give a whole lot up, Although we do know they WILL collect keywords in your e-mail and use it to build a statistical model about you.

If that concerns you, then your best option is to SELF-HOST your E-mail on your own server or

Re:

[mysidia]

I'm curious, why does this data collection by Gmail NOT bother you?

Why should it bother me? I and most people already use Google search, so they have a great many potential opportunities to collect data.

Because my data is on their servers anyways: As far as I'm concerned Google is considered a trusted party.
If their security practices as a company are not sound, then their E-mail servers can be compromised, and then my RAW data is out in the hands of adversaries,
SO trust is implicit. Onc

If you want privacy, use G Suite

[mellon]

The Terms of Service are actually pretty strict, and Google has extremely good data center security hygiene. The ToS on gmail are much more lax, even though it's the same software.

Re:Take Marissa's advice

[swillden]

Gmail is great in terms of reliability, spam filtering (best I've found), and features. But if you're looking for privacy, the only company that's probably worse in my mind is Facebook.

What do you mean, specifically, by privacy?

If you want to keep your family, friends, neighbors, etc. out of your email, then Gmail is great. Security is excellent, especially if you enable two-factor.

If you want to keep random hackers out of your email, then Gmail is great. Security is excellent, especially if you enable two-factor.

If you want to keep your ISP out of your email, then Gmail is great. It uses TLS connections for all client communications, and also with whatever other email servers it talks to that support it. Gmail-to-gmail communications is definitely encrypted all the time, both in transit and in storage.

If you want to keep the FBI/Police out of your email, then Gmail is as good as any US-based email provider can be. They all have to provide data in response to proper subpoenas and warrants, and Google's lawyers scrutinize requests carefully.

If you want to keep the NSA out of your email, then it's hard to say, but I suspect Gmail is quite good. Snowden revealed that the NSA was tapping Google's internal fiber, but Google has since moved to comprehensive point-to-point encryption. It's not completely impossible that the NSA has compromised the key management system that enables that, but it's actually pretty unlikely. I would assert that on this measure Gmail is as good as any large US-based email provider can be. Smaller ones may slide by the NSA because they're not interesting... but if they do become interesting they'll almost certainly be easier to pop than Google is.

(As an aside: If the NSA is targeting you specifically for surveillance, as opposed to just sweeping you up in the dragnet, you should just give up on electronic communications entirely.)

If you want to keep Google's advertising profile analytics software out of your email, then Gmail is awful. Your email will be scanned by systems that try to work out what you might be interested in buying, and this data will be correlated with web searches (if you don't have web history disabled), and data from other Google products. The resulting information will be used by Google (not by advertisers; they don't get access to the treasure trove) to show you ads for things you might want to buy, instead of things that you almost certainly don't want to buy.

Re:

[ma1wrbu5tr]

LOL @ NSA. It's not quite as bad as all that. My biggest concern is all of the unreported or belatedly reported breaches. Supporting encryption and having a good Privacy Policy are important as well.

Re:

[swillden]

If you want to not hand over your phone number to Google, then GMail is...

(The damn thing keeps bugging me to add one.)

But you don't actually have to, right?

FWIW, the reason it wants a phone number is for a recovery method in case you lose your password. That may not be a concern for you, but it happens to huge numbers of users and when it happens it generates significant costs for Google, since other last-ditch account recovery methods all involve an employee's time.

That said, yes, if you don't want to provide a phone number, then GMail is annoying. That issue never occurred to me, because I don't have a problem provid

Re:Take Marissa's advice

[Calydor]

Thirded.

Had GMail since it was invite-only, and yes - Google will scan your email for advertisement, but if all you use it for is forum updates, Slashdot notifications, signing up for games etc., then what are you honestly afraid they'll find?

I know this borders on the whole "If you have nothing to hide" mentality, but seriously, it's email. If you're sending sensitive information, use a different MEDIUM, not a different PROVIDER.

Re:

[mjwx]

Thirded.

Had GMail since it was invite-only, and yes - Google will scan your email for advertisement, but if all you use it for is forum updates, Slashdot notifications, signing up for games etc., then what are you honestly afraid they'll find?

I know this borders on the whole "If you have nothing to hide" mentality, but seriously, it's email. If you're sending sensitive information, use a different MEDIUM, not a different PROVIDER.

I'm not worried about Google, they're the only free mail service that gives you a reasonable assurance that the data they sell is anonymised (I don't trust any mail provider not to be selling my data unless I control it). For anyone who I think is going to abuse my email, they get a hotmail address I've had since 1998. Nothing but spam or pron site password resets go there now. I have got a 4 letter hotmail address.

The biggest problem with GMail is that its nigh upon impossible to get a unique address no

Re:

[lgw]

Take Marissa's advice
Use gmail.

I'd stick with one of the big providers, if you're going to use web mail at all. I switched from gmail to outlook.com, partly to live a Google-free life, but mostly because the gmail UI kept getting worse and worse. But certainly the latter is subjective, as is one's tolerance for an all-intrusive panopticon.

Re:

[SpaghettiPattern]

I switched from gmail to outlook.com, partly to live a Google-free life...

Out of the frying pan into the fire.

Re:

[lgw]

Microsoft isn't a panopticon. They don't mine your browsing habits, search history, email, phone location history, etc the way Google and Facebook do. Perhaps just lack of competence to do so.

Google knows your age, race, religion, where you live, where you work, you're sexual preference, your income, your political views, and so on. All in databases the government can take control of at their whim (the government doesn't need their own Muslim database).

Re:

[farble1670]

Google knows your age, race, religion, where you live, where you work, you're sexual preference, your income, your political views, and so on. All in databases the government can take control of at their whim (the government doesn't need their own Muslim database).

Has the govt taken control of their DBs? No.
Would they like to take control of Google's DBs? Yes.

Ergo, they are not able to do so.

Could it happen? Sure.
Could any data store be hacked and stolen? Yes
Is Google less secure than any other of the thousands of data stores that contain your personal data? You decide (hint: no).

Re:

[lgw]

Ergo, they are not able to do so.

Could it happen? Sure.

You contradict yourself.

They are certainly able to as they have more guns than Google. That's how you do threat modeling. They currently choose not to (perhaps because thNSA already has all the data? Hard to know.)

If we keep the sort of government we don't have to fear, then all is good. But if the government goes full totalitarian (and we're really not that far off), suddenly everything changes.

Re:

[lgw]

The sad thing is, Stalin's regime shows that just about anything can be deemed after the fact to be anti-social and grounds for execution. The less there is on record about me, the better, even if the government never cares about me specifically.

Re:

[Gavagai80]

It's actually shocking how little google knows. I've made no attempt to hide anything from them, but when I check what they think my advertising preference interests are, they've got so many things absurdly wrong.

Re:

[ma1wrbu5tr]

This is satire, right?

Re:

[CronoCloud]

I switched from gmail to outlook.com, partly to live a Google-free life, but mostly because the gmail UI kept getting worse and worse.

What is this "Gmail UI" you speak of? My Gmail UI on the desktop looks like this:

http://www.claws-mail.org/scre... [claws-mail.org]

In other words, I have a hard time understanding complaints about the Gmail UI since people DON'T have to use it. That's what IMAP is for, so you can use Gmail with a proper e-mail client.

You also don't see ads that way AND that enables you to archive locally if you want and use your choice of secure e-mail methods (PGP or S/MIME).

Run your own

[Z00L00K]

Run your own mail server, that's the only way you can be reasonably sure that you have control over your mail.

Re:Run your own

[Anonymous Coward]

Run your own mail server, that's the only way you can be reasonably sure that you have control over your mail.

I second what Hillary says.

(Is it a stretch to mention the captcha is 'dwelling', as in run your own server in your dwelling?)

Re: Run your own

[Anonymous Coward]

"Sure?"

Running a good, reliable mail server yourself is hard to do well. Doing good spam filtering is harder. Being secure/hackproof, harder still.

Running your own server if you're an amateur is a terrible idea.

Sure, you COULD spend a huge amount of time learning how to do this well, and a lot of time keeping up with patches an maintainence. But it's likely the highest cost option if you value your time at all.

Re:

[unixisc]

Of course. Everybody is a whiz at Sendmail, Dovecot and the like. But it sure beats having your email in 'the cloud'!

Re:

[captaindomon]

Running your own server doesn't ensure you have control over your email. In fact, unless you have hired, 24x7 technicians you trust, and are running it in a hardened data center you built yourself, etc. you probably have more leaks to your server to bad actors than you do using one of the big providers.

None

[110010001000]

People are REALLY going to hate this, but there is no 100% secure network service. Computer networks were designed for sharing information between nodes. The idea of keeping others out of that sharing was added on later. On a large interconnected network like the Internet it is impossible to do 100%. I can feel the nerd rage boiling here and the claims that "you don't know what you are talking about!". But save it. Reality tells us otherwise. If it is on a network, it isn't secure.

Re:

[Drethon]

People are REALLY going to hate this, but there is no 100% secure network service. Computer networks were designed for sharing information between nodes. The idea of keeping others out of that sharing was added on later. On a large interconnected network like the Internet it is impossible to do 100%. I can feel the nerd rage boiling here and the claims that "you don't know what you are talking about!". But save it. Reality tells us otherwise. If it is on a network, it isn't secure.

This, the only truly secure network device has been disconnected form the network. The most secure network devices make it very difficult for the authorized user to access the system and extremely difficult for anyone else to access. Just about everything a network device does to make it easier to access and use just makes it less secure.

Re:

[JustAnotherOldGuy]

This, the only truly secure network device has been disconnected form the network.

True, but that kinda rules out email as a thing.

Re:

[headhot]

Google has been pretty good about discussing compromises and offering a host of 2FA techniques. Google is in no means 100% transparent, but after the Chinese hacking attack on dissidence, and the Snowden stuff, Google has stepped up on security options and access notifications.

Re:

[110010001000]

Google is reading and scanning all your email. Give me a break.

Re:

[trg83]

Yes, but they hate competition in doing so, so they try pretty hard to secure it from all other parties!

Re:

[farble1670]

Google is reading and scanning all your email. Give me a break.

Obviously if the author is coming from Y! Mail, this isn't their concern. They are asking about security from 3rd parties. So yes, contrary to your snide remark, discussions about 2FA and security notifications are relevant here.

Re:

[JustAnotherOldGuy]

People are REALLY going to hate this, but there is no 100% secure network service.

For once, Binary Bro is correct. (Statistically it had to happen sooner or later.)

But it's true: there is no 100% secure network service, no matter whether you use an established provider like GMail or run your own private domain mail service.

Re:

[110010001000]

Wrong. I am always 100% correct. You must be thinking of my brother, 110011001000

Re:

[110010001000]

It is completely relevant. I don't recommend any paid or free secure email service because there isn't any.

Don't be obtuse

[bradley13]

Don't be obtuse.

Of course there's no perfect security. You know, if a burglar wants to get into you house badly enough, he'll get in. So why bother locking your door? In fact, just leave your front door open... Oh, change all of your PINs to 1234 and your passwords to "password" while you're at it. After all, if there's no perfect security, why have any security.

The point of TFS is finding a service that is as secure as reasonably possible, while still being useful.

Re:

[110010001000]

What is as "secure as reasonably possible"? It either is secure, or it isn't. No email service is secure. You might as well use Gmail. Or stick with Yahoo. Or host your own. What is the difference? None of them are secure.

Re:

[Minupla]

We could define "secure as reasonably possible" as "occupying a value in a coordinate plane with one axis containing ease of use, and the other being risk (comprising an overall scoring for confidentiality, availability & integrity (in a data non-alteration sense, not a moral sense)) so as to minimize the risk axis while keeping the ease of use axis below a value that 75% of people would find acceptable".

That work for everyone?

Min

Re:

[110010001000]

Oh in that case I recommend Hotmail.

Re:

[Minupla]

And maybe that works fine for you, it does my mother. Nothing wrong with using a solution that meets your needs and satisfies your risk tolerance. Companies make exactly that sort of trade-off all the time. The issue comes when they're not honest about one of those two variables.

Min

Don't Match

[ZiakII]

has a good Privacy Policy and free

Don't match in my experience.

Email the wrong tool for privacy

[DickBreath]

If you want privacy, isn't email the wrong tool? Isn't email like a post card that anyone can read in transit?

If you want private communications, look for a different way, a private way, to communicate.

If you want convenient email for casual use, try GMail. For example, Google will find things in your email, like confirmation emails of your upcoming flights, and then Google will be sure to remind you on your smart phone. But I don't treat communication with my airline the same as I might treat communication with other parties.

Re:

[tepples]

If you want privacy, isn't email the wrong tool? Isn't email like a post card that anyone can read in transit?

Mail in a PGP or S/MIME envelope can't be read in transit.

If you want private communications, look for a different way, a private way, to communicate.

Someone supporting a product, service, or free software project still needs some means for users to contact him. What's the private way to provide support to members of the public? A web-based issue tracker would still need email so that users can log in without a password, such as when resetting a forgotten or compromised password.

Re:

[jader3rd]

Isn't email like a post card that anyone can read in transit?

Most email servers connect to each other via an encrypted channel. So the emails aren't in plain text whilst in transit.

Re:

[swillden]

Isn't email like a post card that anyone can read in transit?

Most email servers connect to each other via an encrypted channel. So the emails aren't in plain text whilst in transit.

Unfortunately it's really not "most email servers", but only "some email servers". Most all of the big ones do use SSMTP, though, so most email is transferred via an encrypted channel.

I'm just staying with Yahoo mail

[jfdavis668]

I haven't had any issues. Unless they make major changes, I see no reason to move on.

Re:

[DickBreath]

Same here. I won't be closing my hundreds of email accounts on Yahoo. I haven't used them in a decade. I see no reason to change them, close them, move them, or take any action whatsoever.

When the big Yahoo email breach occurred, how many people had the following questions?
1. I wonder how many of my email accounts (that I haven't used in years) are affected?
2. I wonder what percent of the breached accounts are my email accounts that I haven't used in years?

Re:

[rmdingler]

ATT/Yahoo email account.

It should be interesting, if nothing else, since the new Overlord is an ATT competitor, and Verizon has been recently in the news [networkworld.com] shuttering up their own email activities.

Re:

[jfdavis668]

Yes, Verizon is moving their email accounts onto AOL servers.

Fastmail

[ebonum]

Not free, but it works well. Note: Servers are in NY.

Re:

[thevirtualcat]

I second this.

I use two

[mhollis]

I use Apple for personal email. I have had a mac.com email address since Apple came out with it. Their current server name is "me.com" and Apple does not advertise in this service, as it is a paid-for service. It allows pop3 as well as IMAP.

For professional email, I use gmail. Google does a great job of excising spam. It is advertiser-supported email, but I never use a web browser for my gmail account. Instead, I use the pop3 function. It propagates to my cell phone, my desktop and my tablet. When I delete something on my cell phone, it deletes on my tablet, but not on my desktop. For a free service, I do not think you can do any better than gmail.

Re:

[swillden]

It is advertiser-supported email, but I never use a web browser for my gmail account.

I don't have any problem with the advertiser-supported email model, or with Google (I work for Google), but it's worth pointing out that these things you put together in one sentence are not related. Not using a web browser doesn't prevent gmail from analyzing your emails to identify your interests. It does prevent gmail from showing you ads in the webmail UI (aside: using Inbox does, too, since for whatever reason there are no ads in that Gmail UI), but if Google can correlate your email and other traffic

Gmail + Thunderbird

[Snotnose]

I've got 2 gmail accounts (no, snotnose@gmal.com is not one of them). I connect to them via Thunderbird, which downloads the messages to my local hard drive. It's worked like a champ for some 8 years or so.

Re:

[Anonymous Coward]

Be careful, as Thunderbird DOWNLOADS all folders, emails, and attachments by default. Including your SPAM folder. One of our users had thunderbird and our AV system went nuts because it was downloading the trojan attachments to the spam emails.

I did a little digging but there was not clear answer on stopping it from downloading attachments by default.

Re:

[unixisc]

I make sure it's an imap, rather than a pop3 connection, so that I don't lose what's online. Years ago, while on one of my Linux experiments, where I had KDE, I used Kmail once, and it acted only as a pop3 connection, and all my email was sucked up from the server. Later, when that hard disc got somehow corrupted forcing me to re-install, I lost all those emails.

Fastmail

[jeauxkewl]

Fastmail for the win. Reasonably priced, don't think they are going anywhere and have been ultra-reliable. I've been with them about 15 years.

Completely agree

[Calibax]

I've been with Fastmail since it was in beta in 2001. The company ONLY does email and associated services. This means they are focused on making it work correctly and users having a good features. I would never consider moving.

Re:

[ma1wrbu5tr]

Thanks for replying. I will check them out.

Won't matter to me

[p51d007]

I've had a yahoo address so long, it still ends in @sbcglobal.net All I use it for is online garbage...let all the junk go there from sites that require an email address to do anything.

Re:

[Bigbutt]

Me too. My first "free" email account. I'd sent a joke out at work to friends and someone forwarded it to someone who didn't like it and complained to my boss. I popped out and snagged a rocketmail account and used that for my joke, and other things email. Then a yahoo account for one of my mailing lists for when I quit the job.

[John]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[ma1wrbu5tr]

Thank you. I hadn't run across that in my searches previously. Added to the short list for further investigation.

G Suite or Office 365

[JeffTL]

I have used G Suite for several years - Gmail running my domain's email. I get even more storage than regular Gmail, no ads, and I can still access my mail as an Exchange account on my iPhone so I can get push mail on Apple Mail. Before that, I had a hosted Exchange account with GoDaddy that did the job alright. Today if I wanted to go the hosted Exchange route I'd probably just do Microsoft Office 365's business plans that include email - either the $5 one that just gives you Exchange and OneDrive, or t

Roll your own

[RyoShin]

I'm on the hunt for an email service that supports encryption, has a good Privacy Policy, and doesn't have a history of breaches or allowing snooping.

You don't want any of the free offerings (like Gmail) then. As far as I know, every mail service that is free does snooping for advertising, whether it's directly in their web client or used elsewhere.

I don't have any paid services to recommend (and even these may or may not come with data slurping) but you could always try rolling your own. Domain names are c

Re:

[SnarkSide]

Running your own mail server isn't for everyone, but I'd say absolutely you have to own the domain if you want control. If someone else owns the domain that your account depends on, you have no control over the future of your own account. This is the fundamental error I made 18+ years ago when I started calling Yahoo my permanent email address and thinking only my employer addresses were transitory.

Re:

[RyoShin]

Indeed. I recall having a lot of problems when I used my .edu address for stuff in college and then graduated.

For those that might be squeamish running their own, I believe Gmail offers a way to use its service with your own domain, but I don't know if that costs money (and they might still do data collection even if it does, which is why I didn't mention it in OP.) I imagine other e-mail providers offer similar options.

Re:

[ma1wrbu5tr]

I had previously ruled out the "Clinton Option" but you make a good case and bring up some ideas I hadn't considered. Thanks for replying.

Use Gmail--and here is why

[ebrandsberg]

The main issue with e-mail is that it has two parties involved. If either of the parties is compromised in a communication, then it doesn't matter how secure the other party is. Due to the sheer volume of people using Gmail, it is likely they already have a copy of most of your mail anyway. By using Gmail just like so many other people, you at least only have one system potentially snooping on you. If you believe that you are more secure using other systems, you are likely wrong.

Re:

[Anonymous Coward]

That's a reason for nobody to use gmail, not a reason for everybody to use it.

Your own website

[Topwiz]

You could create your own website and use the email services that come with the hosting package.

Email simply is not secure

[buss_error]

Look, email is not secure. Not at all. Any other way to thinking about it is a lie.

You see, email has to connect with just anybody. That means you can't exchange email freely, you have to have an agreed security frame work if you want email to work. Even TLS is no real protection.

That being said, I'll upload an ansible script to set up a multi-tenet mail config you can run on any linux cloud provider or you can use only of the many that are already around.

Proton Mail

[Rick Schumann]

I've had the same question recently and the answer I got was Proton Mail, based in Switzerland. Fully encrypted end-to-end. I'm surprised someone else hasn't mentioned it by now.

Re:

[sorenstoutner]

I run my own email server, but if I wasnâ(TM)t able to I would likely use FastMail [fastmail.com] or ProtonMail [protonmail.com].

Proton Mail

[ControlsGeek]

Proton Mail is hosted in Switzerland has end to end encryption with Android and IOS app support and has withstood denial of service attacks from suspected state sponsored hacking.
  Just the fact that a state actor tried to take them down is a reason to consider them.

Don't just get a mail provider. Get an address.

[grnbrg]

You are already going through the pain of changing your address. Make sure you don't have to do it again some time in the future. Mail providers change policies or shut down, sometimes without warning.

Go ahead, and pick a mail provider that you like. But also go out and buy a personal domain. You'll probably be able to find one you like for $10 per year, and you can find DNS providers that will do mail re-direction for free. Have a wildcard redirect set to send any email sent to the domain forwarded to the new mail address. Don't like the way the provider is now doing things? Get a new provider and email address, and change the redirect.

Re:

[eric2hill]

To add on to this great advice, PAY for G Suite. It's $50/year for the mailbox, completely ad-free, and comes with business support. It doesn't support complete integration like the free gmail account (Play family sharing is a particular pain point), but it's the best anti-spam solution available today and that's worth the money alone. Add to it the benefits of Drive, Photos, Hangouts, etc and it's a fantastic value for the money.

Don't rely on an email service for encryption

[hackel]

If you want encryption, you really need to just do it yourself. When you do, it doesn't make any difference which provider you use. I would use Gmail simply because they are so huge, the reliability shouldn't be an issue. It works with any standard IMAP client, and since your messages are encrypted, Google can't even scrape them to profile you. Also make sure you are using your own domain name, so that you can easily change providers should you ever wish to.

ProtonMail

[bradley13]

I'm looking around as well, and what I read about ProtonMail [protonmail.com] is pretty convincing. They offer free or paid accounts, promise no logging, and they're located in Switzerland.

Private Server

[duke_cheetah2003]

Follow in the steps of Ms. Secretary Clinton and put together your own private email server!

I did that like 20 years ago when it wasn't as popular.

Re:

[Chewbacon]

That's a lot of work and a lot of room for error. Not worth it unless you really don't want to answer to anyone about email. You can get it done on AWS.

fetchmail + sendmail + imapd + horde

[Orgasmatron]

Build or rent a server, load it up. Fetchmail can fetch mail from any POP or IMAP provider, if you want to go that route. Or, you can accept mail directly through sendmail, which is not trivial and requires a domain.

If you don't want to lose control of your email address ever again, you can register a domain and either host it yourself, or find a commercial host that will work with customer domains.

Outgoing with sendmail is easy, or your incoming host will usually provide it too, if you prefer that.

Horde

buy a domain, get a hosting service

[gosand]

A lot of hosting services provide plenty of space. They come with free email accounts too, so you can set up 'throwaway' emails like donotspamme@yourdomain.com that you can use for services that might spam you.

Shop around for the hosting providers that have what you want. I use fetchmail to pull mine down locally, and pine as my client (yes, for real), but there are plenty of email clients or webmail options on your provider.

Best of all, you can keep your domain and you control it.

Protonmail

[TheOuterLinux]

It's available via web and on mobile devices, including iOS 8 if you have an older phone. You get 500 MB storage free, uses two passwords (one for account and one for mailbox), and the providers themselves cannot recover your mailbox passwords. You can tag your emails, make folders, identifies spam, and has an easy way to report bugs/features. They also have a bounty program for hacking with no success and are protected by Swiss privacy laws. It was made by CERN and MIT. The servers are located in a bunker 1000 meters below the Swiss Alps that use end-to-end encryption and 4096-bit SSL certificates. No cloud hosting and they manage their own stuff. https://protonmail.com/securit... [protonmail.com] The only problem is that it uses Azure. I'm not an M$ at all, but it's either this or Enigmail with Thunderbird and Protonmail is very easy to use and the customer support is awesome whether you're a paying member or not.

Re:

[110010001000]

Aren't they the geniuses who thought it was a good idea to pay blackmail to stop a DDoS? How does it use Azure though? I thought they ran their own servers and didn't use the "Cloud"

Re:

[TheOuterLinux]

https://protonmail.com/blog/protonmail-ddos-attacks/

My bad on the Azure thing. I got it confused with Tresorit.

Proton Mail is a great Alternative

[evolutionary]

Where Google basically mines your data en masse and gives it out to US government agencies, Proton Mail is in Switzerland and is not subject to involuntary data request from USA government requests. (Of course they could do it voluntarily but it would really hurt their rep if word got out) https://protonmail.com/ [protonmail.com]

President Trump's preferred alternative...

[evolutionary]

Fresh from Russia: https://mail.yandex.com/ [yandex.com]

Email Privacy/Security

[mattmarlowe]

If all you care about is convenience and price, gmail is the best bet.

However, gmail has a few weak points:
- Governments and corporations assume you are using it, if you become a target, first thing they do is sue or force google to give them a copy of all your email. You may not find out about it until after the fact. Basically, using gmail/google means you are OK with the surveillance state being able to grab all the details about your digital life whenever it wants.
- Hackers assume that getting access to email is the best path in social networking and they have put together an extensive trick list focusing on gmail since everyone uses it. And, if they gain access, are you sure you would know about it or even if google found out about it, that they would tell you? It's in google's interest that everyone forget about the security of their cloud data.
- Gmail gets coordinated with all the other info that google knows about you and google sells info about you to their customers or targets ads for you on behalf of customers. Frankly, even without email, I think google knows enough already.
- Gmail imap is _wierd_ and google will probably shut it down in favor of some google only protocol if they ever can.
- Google is no longer a _good_ company, as it has become bigger, it has started to act more like a Monopoly and that combined with its ownership of android is pushing us more towards a closed internet. I honestly don't want to support Google's growth anymore.

Another option is office 365:
- Microsoft has its issues, but it realizes it really needs to compete in the cloud space.
- Microsoft email integrates well if you have a mobile hardware device like a Surface Pro/Surface Book.
- Exchange sync for contacts/calendar/groupware is hard to compete with.

That said, MS has its own security issues....so the best solution is likely hosting your own email....and for those who don't have the time to be constantly updating, find a good mail software suite that does get updated automatically and which has a good security history. Zimbra might be a good example - there are many others.

Re:

[slaker]

It's fairly trivial to export your messages. You can copy them someplace local via any IMAP client. Contacts from Yahoo aren't bad either, since it'll make a .CSV for you. Putting the messages back on another service isn't horrible once you have those things under your own control.

Re:

[unixisc]

I too had that, and using Thunderbird, I moved all the folders I wanted into other accounts. One thing I forgot - to move my Financial folder into one of the other accounts, and lost everything there. Fortunately, I was able to retrieve the email of my tax preparer, so the damage was not irreversible. But this is what I'd suggest: use Thunderbird to host your yahoo! as well as your other accounts (you do have >1 email account, don't you?), and then move all the emails that are not worth deleting to

Re:

[ma1wrbu5tr]

Thunderbird was my first stop on this adventure. Thanks for replying. (Can you believe all the people suggesting gmail?)

Re:

[ma1wrbu5tr]

I moved everything relevant to the Inbox folder, marked it as unread, and set my pop client to download to my PC. Next step is working on exporting my contacts list.

Re:

[green1]

I think this is really the important bit.

The OP obviously is looking for an email service that is completely different from the one they are migrating from, however expect that it will exist, and probably want it for approximately the same cost (near zero)

I think this may be asking too much.

For a good alternative to Yahoo mail, you could use Gmail, it has all of the same security issues as Yahoo but I don't think it is in any way worse (and arguably I do trust google more than I trust yahoo, though that doe

Re:

[ma1wrbu5tr]

As stated in the post, I'm willing to pay. Just not sure which service to use.

Re:And you were with Yahoo?!?!

[unixisc]

B'cos years ago, Yahoo! was a pretty respectable company, and had loads of good stuff associated, like geocities and yahoo chat! If I recall right, it was even there ahead of Google, and were a pretty good bet when Netscape was floundering. My first webmail account was Netscape.net (under Netscape 4), then yahoo & hotmail.

Things changed, & went downhill once Google pioneered the concept of monetizing everything on the internet - be it email, web pages and so on. The biggest evidence of that is the way MICROSOFT has changed - from a pure software company (plus some hardware) to a Google wannabe.

Re:

[PPH]

Never mind the transport. That will always be compromised. Depend on the security of the strongbox. Understand the motivations of the developer (spyware, compromised by the NSA, Chinese or both) and issues related to secure key exchange.

Prepare to land in the junk folder

[tepples]

Now setting up your own email service isn't all that terribly hard.

Provided you're fine with all your outgoing mail ending up in the junk folder. Even with working SPF and DKIM, deliverability isn't certain if anti-spam measures on recipients' mail servers refuse to accept mail from IP addresses issued by a home ISP.

Re:

[Bigbutt]

I have a remote server I rent. The real problem is the spam filtering isn't the greatest. I generally just create a site-specific address and filter that into a folder and ignore my main mail address feed. 99.9% of it is spam. I counted it up at one point and had about 250,000 spam messages that had been filtered over the course of a month. On top of that, even though I use key based access only, the last time I counted I had 1.2 million attempts to hack ssh over 30 days. I blocked all of Taiwan and install

Re:

[ma1wrbu5tr]

Proton, Hushmail, and a couple others have made the short list. Thanks for reading and replying.

Re:

[ma1wrbu5tr]

Will check it out. Thanks for replying.