I have been thinking a lot about emails and aliases in the last few days.
Emails are the core identity of one’s online presence. They are everywhere, and form the base for any online service.
For years, I have used a Gmail address.
While it’s convenient and free, it isn’t the best choice for a privacy-focussed individual like me. In the last couple of years, I have started reading more about privacy online and opsec. I have gradually made changes to my workflow, including getting a custom domain based on my name.
My address is hosted on ProtonMail with a custom domain. In my opinion, ProtonMail is the safest email can get, thanks to their built-in PGP encryption and published security details.
Having a custom-domain based email also gives me the flexibility of moving to another email host should there be a need. In the event ProtonMail shuts business, I can always move that domain to a new email host and don’t have to update all of friends and family about a new address.
That’s the beauty of owning a domain-based email address — I get to carry that email identity until the end of the internet.
That’s a standard practice that everyone must adopt. However, isn’t always the case due to lack of domain knowledge.
HEY email is Basecamp’s bet in turning that around. They aim to offer a Gmail-like service that’s easy to get started and manage, and respect users’ privacy. Of course, it’s a paid email service.
I managed to secure my preferred address ([email protected]) on day 2, and it has been a little over a week.
So far, their features are okay. I cannot say they are marvelous. There is a learning curve to the product, as it’s not a traditional single-stream inbox. They have three feeds which constantly need to be juggled between. In particular, their
Paper Trail feed doesn’t differentiate read vs unread emails, which is a road blocker, for me.
Most annoying part is probably that there is no way to have a sender’s emails arrive in two different feeds. Right now, all of their logic is based on sender’s email address. Some businesses user the same address for marketing emails and support. In that case, it’s hard to make sense of where to divert the emails –
The founders say all of this likely to improve in the coming months. As with any product, I know this can improve. Time will tell.
ProtonMail on the other hand, at a fraction of HEY’s cost, fares a lot better. Especially considering the fact that HEY does not offer PGP-encryption.
Encryption is one part of opsec.
I came across a tweet from Pieter many months ago.
He mentioned something an idea that was very intriguing:
Seeing emails as security keys too
What this means is that, in the event an email address gets leaked in a breach, it wouldn’t fall prey to credential stuffing attacks.
I briefly toyed with the idea of using a custom domain with random characters, but later discovered SimpleLogin and AnonAddy. Both services are much better implementations than what I was doing with a custom domain.