I’ve been reading upon improve security and privacy. I was wondering how many mail addresses you should have. Is it one per social media, one for everything finance, … Next to this, are the mail addresses you use aliases or actual mail addresses and do you create them on outlook, proton or self host the mail server?
I self host my email, and I have one mailbox, but countless addresses. Everything that needs an email address, has its dedicated one. Not because of security considerations (if someone would get into any of my aliases, I’d be fucked either way), but because I find it easier to filter and manage.
Like,if I get an email to
randomwebshop@
, and it hasno relation to said place, I will know that they either sold my data, or were compromised. I can then route it to /dev/null, and then everyone who tries to spam that address will be gone from my inbox.It also makes it easier to tag mail, because I tag based on a property that I control. No reliance on sender, subject, list id or anything that the sender controls.
What’s your mail stack and your take on self-hosting dying?
Currently using postfix + dovecot + rspamd on Debian, but will be migrating to NixOS-mailserver (mostly because I am migrating to NixOS anyway; it’s the exact same stack under the hood, though).
Regarding self-hosting dying: yes and no. I use a relay for some of my outgoing mail, because I have to communicate with people behind allowlists, and I can’t afford to get myself on one. I do not send much mail, so I comfortably fit into the free plan of my relay of choice (smtp2go). Other than a handful of recipients, I have had no trouble sending email anywhere, and I have much more control over what I receive and how by self-hosting. Even if I had to use a relay for most of my outgoing mail, I’d still self-host my e-mail, because it gives me a whole lot more control and privacy. With that said, way back when I started self-hosting, I also had to use a relay for some recipients, for the exact same reason: them using allow-lists. Back then it was my university, now it’s my kids’ school (a curious coincidence, I guess). There were always hosts that played a different game. Sure, they’ve concentrated into Google and Microsoft by now, but I can still send e-mail into those systems, even if through a relay, so self-hosting is still possible, and still gives you plenty of benefits.
I’ve been self-hosting my email for the past… almost 30 years. Today, I think it is easier to do so than 30 years ago. There’s more to set up, but those are well documented, and with solutions like nixos-mailserver, mostly automated away. But the tools got better too! My setup catches a lot more spam now than it did a few decades ago, using a fraction of the resources, and tweaking my spam filters and other properties of the setup are considerably easier too.
That was an interesting read and saddening at the same time. I feel so sorry for the poor guy and all other email selfhoster.
Kind of curious here and sorry for my lack of understanding in IP stack, but isn’t IPv6 going to somehow mitigate that issue?
Isn’t there any other protocol that actually would circumvent that censorship? Like something like I2P? Or is it impossible to forward that kind of traffic over to it?
The internet is already a cesspool of censorship for “security” reason and it’s getting worse over time. Do you have any clue where or how we can join a community/group that somehow fights back those kind of unfair and monopoly behavior of big tech companies ?
Thank you !
isn’t IPv6 going to somehow mitigate that issue?
AFAIK all IPv6 does is ensuring everybody and their dog gets a publicly addressable IP address, plus encryption, but i’m far from an expert.
The self-hosting email frustration arises from years of cartelization under the “it’s to prevent spam” banner (if it was to backdoor encrypted apps they’d go with “think of the children”).
Like something like I2P?
I think I2P is an overlay layer, i haven’t delved into that… i assume it would require that the recipient was on I2P as well. So impractical, to say the least.
Do you have any clue where or how we can join a community/group that somehow fights back those kind of unfair and monopoly behavior of big tech companies ?
It’s a David vs Goliath thing… the EFF does some interesting stuff, maybe they have something of interest to you. Then there’s politicians if a) they actually represent you and b) can grasp the concepts.
I use addy.io to create aliases for different things, and then set up filters in Thunderbird to mark them as they come in so, for example, if I make an account at xyz.com and then I get a bunch of unrelated spam marked as coming from xyz.com, then I know they’ve been selling my info.
I probably have about a dozen or so aliases currently, but they’re pretty loosely organized.
I also use addy but create an alias for everything. Even my wife has one!
I probably will end up with tons eventually, I haven’t been doing it for too long and I don’t sign up for many things lol
Depends on your threat modeling.
I have an address to register in irrelevant sites and the provider is also irrelevant.
I have an address for important use (utilities’ bills, government stuff, friends), currently tuta.
I also have an alias there for occasional registrations.
I’d try proton (has an .onion site) but they force you to supply a phone number or email address on registration, which for me defeats the purpose. They also leak a lot of links to clearnet.
Self-hosting has become increasingly hard but I haven’t tried it.
OP, by “mail addresses,” do you really mean email addresses?
Yes, my apologies, English isn’t my first language
I have my main account adress wich is used only for log in, an a second one adress to use with SimpleLogin.
Then, SimpleLogin has something like 300 aliases.
Ideally I would have one for each service I sign up for but my proton subscription only allows for 10.