After years of self-hosting my mail, I finally came to the conclusion that it was time to move my mail. I want to take the opportunity to thank the Mailcow creators for their hard work and their excellent product. I did this with a heavy heart, and those of you wondering why might read on.
A while ago I decided that I had enough of IT. It was time for a new type of job, something that took me out of the office and actually is going to take me places. That’s why I decided to study journalism, an industry that unfortunately has a subpar track record recently. Knowing that - somewhere in the (far) future - I might get under the investigating glass of certain organizations (not to mention source protection), it was time to look into my personal assets and their security.
Mails are like postal cards, you should encrypt them
Unfortunately, an ideal world doesn’t exist and it probably never will. Despite that, I will at least try to do everything within my power to get it right. It’s for the same reason that I steered clear from social media from the beginning. Back to the story though. While Mailcow has technically an encrypted mailstore, I didn’t feel comfortable that it was server side. Everyone that manage to get a copy of the server image has my mails, contacts and appointments - the key is on the very same disk. All of them. This is something that can be done relatively easily without my knowledge. Again - I don’t expect this to happen - but I have to take my precautions. One publication about certain regimes and enough interest could have been raised.
That led me to the search of a self-hosted encrypted mailstack, with at least the same user friendliness as Mailcow. Spoiler alert: it doesn’t exist. There was an open source re-implemtation of the Protonmail server called Neutron, but is has long been abandoned. Some of you might point out that you could frankinstein a custom solution, using a script to encrypt every incoming mail using PGP. I don’t want that. What I want is something that just works and is user friendly on the user end. That it takes some more time to maintain on the backend is not a problem for me. And besides that - privacy shouldn’t be a privilege for only the most tech-savvy users amongst us.
However, out of all the solutions out there, only one provider ticks the box. Protonmail. The downside of it being a centralized solution, while it is my strong belief that mail should be de-centralized. Again, there is no other option that ticks the boxes for me.
I think - if such an ‘end-to-end encrypted’ communication suite ever needs to be built open source, there needs to be a new protocol with it that accounts for the encryption. Maybe even homomorphic encryption to enable full-text search. A while ago I had the idea to base it off off the JMAP-protocol. It’s true that mails to other providers will still be send in plain text, but at the very least there is a convenient option to send an encrypted email as a last resort. However, building such a solution is a massive undertaking as you need to write back-end parts from scratch.
I feel like there is a gap here that needs to be closed. Unfortunately, I don’t have the resources to build it, which left me with the only option available at the moment.
However, as Mailcow gets bigger, it might be something to consider for the (far) future.
For now: So long, and thanks for all the fish. I felt the need to share this.
For those of you wondering: Protonmail is not going to release their back-end source code because of security competitive concerns.