Open Notes

Adventures in Secure Email

I’ve been trying the various secure email platforms, going through ProtonMail, Tutanota, and Runbox. I’ve had the best experiences with Runbox and have adopted it for my domain.

No complaints with ProtonMail. It works. The marketing is a little hype-y. You need your correspondents to also be on ProtonMail or else they have to share a password with you to open the mail. It’s available via a browser and the ProtonMail app is fairly primitive.

Tutanota has a pretty decent desktop app, a good iOS app, and of course works on the web. There is a level of security to it even if your correspondent doesn’t use it. You can easily share a password with a correspondent and keep that password all through your correspondence. This makes it pretty easy to use in semi-secure or totally-secure modes. Tutanota has been the target of some denial of service attracks, lately, so that got me worried.

I’m going with Runbox now because I can use my own domain name and it was pretty easy to set up. The Runbox helpdesk (I was helped by one of the co-founders) walked me through validating the domain, the CNAME records, etc. It’s secure and encrypted, but not at the level of passworded and encrypted communications like the other platforms. It’s a carbon-neutral company. The servers are in Norway. You can lock selected IP addresses from accessing your account. It’s got a spam filter that can learn from your actions. I wanted a server that was outside the US, out of the Google/Apple universe, free of corporate surveillance, and reasonably secure. I’ve found that in Runbox at a reasonable price.