This post is a brief guide to help users increase their online anonymity by using more private email services. You can be tracked across websites by using one email; and emails on spyware services like Gmail or Hotmail should be considered insecure and accessible by intelligence services etc. The goal is to use a more private email provider and use more than one email address. Using the same email address on every site also makes it more likely you will be hacked. Hacked website credentials are sold and dumped online. Phishers use these details to try and login to other accounts with your credentials.
It should be noted that email is inherently a poor protocol for private communications. It's generally not worth going overkill on your emails. But it's definitely worth moving away from spyware providers like Gmail and using more than one email address.
Admins can see your email address.
Time needed to improve your email security: 10 minutes - 5 hours (depending on extent).
Free and Simple Solution
The simple solution to increase your email privacy is to use SimpleLogin. This is a service provided by Proton Mail that gives you up to ten email aliases for free. Emails sent to those email addresses are then forwarded to your real email address. For example, with SimpleLogin you may signup to ChristIsKing.cc with the email address christ.is.king.user@simplelogin.io. Simplelogin then forwards this email to your real email address. The benefit is that if any sites you are registered with are hacked or seized by a government, they only have a more non-descript email that they are less likely to be able to tie to your identity or hack other sites you are registered with. It should be noted that this method has the vulnerability of relying on a centralized system, within which we can't know what happens. Proton Mail are also know to comply with requests from law enforcement. To increase privacy, you can host your own version of SimpleLogin, but this is probably not a great choice, as there are other options that are more private.
Alternatives to SimpleLogin are Addy.io and Firefox Relay. Given that SimpleLogin is based in Switzerland, Addy.io is based in The Netherlands and Firefox has become a leftist company that works with Facebook, SimpleLogin is likely the most secure. Further, many of the privacy email providers listed below offer email aliases with paid accounts.
More Advanced Solution
A more robust solution is to use a domain you own with a more private email service. One of the following:
Specifically branded privacy email providers:
https://mailbox.org/en/
https://runbox.com/
https://tutanota.com/
https://disroot.org/en/services/email
https://skiff.com/
https://proton.me/mail
Email services based in states at odds with the West:
https://360.yandex.com/mail/
https://mail.ru/ (not available in English)
Exactly which is the most private can't be said, since we can't know what these entities specifically do with your data. Personally I would avoid Tutanota and Disroot, as they have both made outward leftist statements. I'd also be sceptical of using any US-based service, owing to the size of the spynet in the US. So despite its known history of dealing with law enforcement, I would choose Proton as a specifically branded privacy email provider, due to them being based in Switzerland. Though I personally prefer to use Russian services, as I think they offer better privacy from Western governments. These services also allow for IMAP, which can be accessed over Tor via email clients.
The benefits they offer are they are less likely to be directly plugged into intelligence apparatus and they are less likely to scan your mail.
Once you have chosen a provider you will need to register a domain. The level of privacy you will want to take is your choice, but if you are going this route you may as well buy a domain anonymously, ideally with Monero. You can get the domain from anywhere, but for anonymous domain registrations the gold standard (expensive) is Njalla. Their site runs on Tor, they collect no personal details and you can register without email. Another proven option is Ingocnet. For others that accept Monero, see this.
Once you have the domain, you'll need to set it up with your email provider - search for [{provider} custom domain]. For example, here is the guide for ProtonMail and here is one for Yandex.
You'll then need to configure the domain to be a catch-all email address. This means email to any address on the domain will arrive in one inbox. With this setup, you should use a new email for every website and service you sign up for. This will protect you from hacking and corporate-government spying (see). Search for a guide to setup catch all domains for your provider. For example, here is the guide for ProtonMail. Catch-all the default setting with Yandex.
Self-Hosted Solution
Self-hosting your own email server is likely overkill. I have done this before and the time that can be involved along with the added issue that your outgoing emails will likely end up in many people's spam folder made it too much effort. So if you are going to do it, you will want to do it properly by buying the domain and hosting with Monero. Follow the above outline for registering a domain; and order a VPS from one of these hosts that accept Monero. Finally, follow this or a similar guide to configure your server as an email server.
Accessing Email Via Tor
I think the best solution is to use Yandex and then access your emails via Tor with an email client, like Thunderbird. You probably won't be able to send email from a Yandex-hosted email via an email client, due to captchas. Below are guides for enabling Tor with popular email clients:
Thunderbird: https://addons.thunderbird.net/en-US/thunderbird/addon/torbirdy/
Claws: https://www.claws-mail.org/faq/index.php/Connecting_with_Tor
Evolution: I believe in the settings for each account there is a proxy setting in which you can enter your local Tor IP, which is usually 127.0.0.1:9050
It should be noted that email is inherently a poor protocol for private communications. It's generally not worth going overkill on your emails. But it's definitely worth moving away from spyware providers like Gmail and using more than one email address.
Admins can see your email address.
Time needed to improve your email security: 10 minutes - 5 hours (depending on extent).
Free and Simple Solution
The simple solution to increase your email privacy is to use SimpleLogin. This is a service provided by Proton Mail that gives you up to ten email aliases for free. Emails sent to those email addresses are then forwarded to your real email address. For example, with SimpleLogin you may signup to ChristIsKing.cc with the email address christ.is.king.user@simplelogin.io. Simplelogin then forwards this email to your real email address. The benefit is that if any sites you are registered with are hacked or seized by a government, they only have a more non-descript email that they are less likely to be able to tie to your identity or hack other sites you are registered with. It should be noted that this method has the vulnerability of relying on a centralized system, within which we can't know what happens. Proton Mail are also know to comply with requests from law enforcement. To increase privacy, you can host your own version of SimpleLogin, but this is probably not a great choice, as there are other options that are more private.
Alternatives to SimpleLogin are Addy.io and Firefox Relay. Given that SimpleLogin is based in Switzerland, Addy.io is based in The Netherlands and Firefox has become a leftist company that works with Facebook, SimpleLogin is likely the most secure. Further, many of the privacy email providers listed below offer email aliases with paid accounts.
More Advanced Solution
A more robust solution is to use a domain you own with a more private email service. One of the following:
Specifically branded privacy email providers:
https://mailbox.org/en/
https://runbox.com/
https://tutanota.com/
https://disroot.org/en/services/email
https://skiff.com/
https://proton.me/mail
Email services based in states at odds with the West:
https://360.yandex.com/mail/
https://mail.ru/
(not available in English)Exactly which is the most private can't be said, since we can't know what these entities specifically do with your data. Personally I would avoid Tutanota and Disroot, as they have both made outward leftist statements. I'd also be sceptical of using any US-based service, owing to the size of the spynet in the US. So despite its known history of dealing with law enforcement, I would choose Proton as a specifically branded privacy email provider, due to them being based in Switzerland. Though I personally prefer to use Russian services, as I think they offer better privacy from Western governments. These services also allow for IMAP, which can be accessed over Tor via email clients.
The benefits they offer are they are less likely to be directly plugged into intelligence apparatus and they are less likely to scan your mail.
Once you have chosen a provider you will need to register a domain. The level of privacy you will want to take is your choice, but if you are going this route you may as well buy a domain anonymously, ideally with Monero. You can get the domain from anywhere, but for anonymous domain registrations the gold standard (expensive) is Njalla. Their site runs on Tor, they collect no personal details and you can register without email. Another proven option is Ingocnet. For others that accept Monero, see this.
Once you have the domain, you'll need to set it up with your email provider - search for [{provider} custom domain]. For example, here is the guide for ProtonMail and here is one for Yandex.
You'll then need to configure the domain to be a catch-all email address. This means email to any address on the domain will arrive in one inbox. With this setup, you should use a new email for every website and service you sign up for. This will protect you from hacking and corporate-government spying (see). Search for a guide to setup catch all domains for your provider. For example, here is the guide for ProtonMail. Catch-all the default setting with Yandex.
Self-Hosted Solution
Self-hosting your own email server is likely overkill. I have done this before and the time that can be involved along with the added issue that your outgoing emails will likely end up in many people's spam folder made it too much effort. So if you are going to do it, you will want to do it properly by buying the domain and hosting with Monero. Follow the above outline for registering a domain; and order a VPS from one of these hosts that accept Monero. Finally, follow this or a similar guide to configure your server as an email server.
Accessing Email Via Tor
I think the best solution is to use Yandex and then access your emails via Tor with an email client, like Thunderbird. You probably won't be able to send email from a Yandex-hosted email via an email client, due to captchas. Below are guides for enabling Tor with popular email clients:
Thunderbird: https://addons.thunderbird.net/en-US/thunderbird/addon/torbirdy/
Claws: https://www.claws-mail.org/faq/index.php/Connecting_with_Tor
Evolution: I believe in the settings for each account there is a proxy setting in which you can enter your local Tor IP, which is usually 127.0.0.1:9050
Last edited: