I was researching WebMail providers, and noticed that most WebMail providers recommended in privacy communities are labelled as proprietary by AlternativeTo.

I made a list of WebMail providers, private or not, to see which ones were actually open source:

Proprietary

AOL Mail: Free

Cock.li: Free

CounterMail: Paid

Fastmail: Paid

GMX Mail: Free

Gmail: Free

HEY Email: Paid

Hushmail: Paid

iCloud Mail: Free

Mail.com: Free

Mailbox.org: Paid

Mailfence: Freemium

Outlook.com: Freemium

Posteo: Paid

Rediffmail: Paid

Riseup: Free

Runbox: Paid

Soverin: Paid

StartMail: Paid

Yahoo! Mail: Freemium

Yandex Mail: Freemium

Zoho Mail: Freemium

Open source

Criptext: Free

Disroot: Free

Forward Email: Freemium

Infomaniak kMail: Freemium

Kolab Now: Paid

Lavabit: Paid

Mailpile: Free

Proton Mail: Freemium

Roundcube: Free

Skiff/Notion: Freemium

Tuta: Freemium

Unless I’m missing something, it seems like people overlook this when deciding on WebMail providers. Is it a distinction between a proprietary backend server and a proprietary app, or is there a different way to decide if a WebMail provider is proprietary vs. open source? Lavabit was labelled proprietary by AlternativeTo, but open source by Wikipedia.

Note

If I have labelled an open source WebMail provider as proprietary by mistake, please provide evidence by linking to the source code, and I will happily change it.

Posteo is in fact open source.

Most “privacy” webmail providers, such as ProtonMail, Tutanota, and mainstream services like Gmail, Yahoo Mail, Outlook, and AOL Mail, are labeled as proprietary because they use closed-source software, meaning the code isn’t publicly available for review. These services operate on controlled servers, with features and infrastructures managed entirely by the company. The proprietary nature allows them to implement unique features and monetization strategies, but it also requires users to trust the company’s privacy and security practices without independent verification. This contrasts with open-source alternatives where users can inspect and verify the code themselves.

It is very difficult to run an email provider and not get banned by the others. Google, Microsoft, and Apple control the US market, for example. If they decide your domain is spam, you suddenly can’t email anyone with a Gmail or Hotmail or Apple account. Avoiding getting banned means you have to regulate your own outgoing emails very carefully, rate-limit them just right, and yet also build up a reputation of trustworthiness by sending a lot of emails that don’t get marked as spam.

The only privacy-secure way to do your email would be DIY but this risks getting banned like… all the time.

Personally, I recommend having your own domain and setting up MX records to a reliable email provider that is not one of the big ones and ideally offers some kind of theoretical inbox protection (please note that they could always still read everything if they just copied all incoming messages to another database as well).

Email is itself not very secure. You can use GPG to make it better but most people won’t know how to receive your messages or send secure ones. For security, I recommend using a dedicated e2e chat service or in-person communication.

Yea, people mostly equate email to an electronic letter, but it’s more like an electronic postcard. Anyone handling it can simply read it.
So you’ll want encryption, too. So either you get everyone to use PGP/GPG or get them to use a privacy-by-default provider.
Good luck with the first option and I’m not sure how interoperable the various providers are, so in the worst case you’d have to rally everyone to the same provider.

Wave
link
fedilink
15M

deleted by creator

I use Proton but tbh I don’t really know if there is a more privacy focused one.

Rene Raggl
link
fedilink
65M

@Charger8232 Lists from #Alternativeto (which this is based on) are usually not very reliable and show information that just isn’t correct on a service or often includes services that are not real Alternatives to what you were looking for in the first place. The only thing that helps against that is doing your own research.

To pick out one example (I don’t have time to them all): they list #Posteo as being proprietary which just isn’t correct. That company is as #opensource as they come.

@Charger8232 @g0nz4 I guess in that case “proprietary” refers to the owners of the platform itself but not to the code of software. But then, they should make the distinction between proprietary/communitary and open source/proprietary code. Even between free/paid services. So, IMO that list from alternativeto is confusing.

Autonomous User
link
fedilink
1
edit-2
5M

deleted by creator

lemmyreader
link
fedilink
125M
  • Skiff = Notion now, I doubt that it will be open source, but happy to see source code.
  • Lavabit open source ? Where’s the code ?
  • Roundcube is webmail software, not a webmail provider.
  • Mailpile is email software for desktops, not a webmail provider.
FediGauff
link
fedilink
05M
Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 2.97K Posts
  • 74.6K Comments
  • Modlog