Looking for advice on Mail Provider service

Response-Msg-05:

CORRECTION :

... use 4Kbits-RSA strength based OpenPGP key for now , (as many client does-not support more than that, by-default, unless you compile with your own custom configurations to use higher-strength key),

be aware : actual recommendations by actual experts who are concerned about people's communication safety, cryptographic-weaknesses, etc, is to use : 16Kbits key , & this was recommended many years ago,

but openPGP related app devs are not including that higher strength support by-default , as higher-strength key based decryption does use lots of computing resources & time),

and my suggestion is : use OpenPGP compliant email-clients in your devices, computers,

( see above , i specified which email-client software/app can be used for which OS / HW platforms : in Android use K-9 & OpenKeychain , in iOS/iPhone use CanaryMail (for now, & turn-OFF the "COPILOT" inside CanaryMail, as it does not properly give credits to open-source devs, etc, etc) , in Windows / macOS use the Thunderbird email-client ... by the way, you need to configure each email-clients further , to make them act/perform based on security , by default they are not-configured to act based on more-security ).

...

Is the only way to get end-to-end encryption to use a secure service like ProtonMail?

Yes, due to the nature of the IMAP protocol. End to end encryption is incompatible with it.

Furthermore: the only way to ensure encryption remains intact is for messages between Proton Mail users. Once an email is sent to a Google Mail account holder (for example) protection offered by that encryption ceases.

Any recommendations for an email provider who will not be continually mining your personal information?

Apple does not mine your personal information; they have no interest in monetizing you. You bought an Apple product, so they already got your money 🙂 However, iCloud Mail cannot implement end-to-end encryption for the reasons above.

Read iCloud data security overview - Apple Support and Sign or encrypt emails in Mail on Mac - Apple Support but it seems you already know that information.

Response-Msg-01:

Emails go from one email-server to another by using the protocol SMTP (over the port 25).

Older STANDARDS/rules that were created for transferring emails via SMTP , allow email service to function in various types of (server & network related) situations, absence of features or presence of features, network connection situations, direct-delivery or store-relay based delivery, etc, etc, etc various factors.

So even though SMTP can use secure/encrypted connection from one server to another server , it can be forced to downgrade the connection mode to use non-encrypted email exchange/transfer mode aka open email exchange/transfer mode, by some server or person / entity in the middle of connection . So emails from one server to another may or may-not be exchanged securely/encrypted.

So, when email sender & receiver are using same email-server (aka: same email domain), then eml server can just copy email from one folder to another, etc , so such users can communicate relatively securely , but negative side is : such remote email-server's admin, & their partners or sub-contractors etc who others who are allowed to service email-server , can view/copy email content.

So icloud, gmail, yahoo, hotmail, outlook, etc etc (cloud based, or remote hosting server based, etc) email service provider's all emails can be accessed by their own admins, partners, sub-contractors, etc, etc, etc, etc, etc.

they mine + harvest + collect various data , meta-data, etc etc.

Below four links are showing Human-rights violation & government's corruptions & abuse:

https://en.wikipedia.org/wiki/Stellar_Wind

https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29

https://en.wikipedia.org/wiki/ECHELON

https://en.wikipedia.org/wiki/XKeyscore

Now about email-client app/software & protocols : email sending & email receiving ... what an email user does , uses other set of protocols / connections , email-client does not use SMTP (port 25 based email transfer traffic) , atleast when a user do not use/have their own email server.

If a user or you own/have your own email-server running/operating inside your own premise/home/office etc, (not in remote hosting, not in remote cloud etc server , etc , but instead eml-server is running inside your local home/office location) server / computer , then your own/local email-server & email-client can allow you to use (port 25) SMTP based email sending directly into another remote email-server, as long as you remain inside your own LAN (Local Area network) side. But Better is to allow email-server itself to handle email-sending matters, instead of doing it from the email-client software/app.

IMAP (port 143) / IMAPS (port 993) protocol/connection allows to view/copy/delete existing or received emails inside an email account inside an email-server , & IMAP / IMPAS also allows to view/delete/create email-folders under your email-account, .. etc , etc ... the software that does this IMAP / IMAPS handling is called "email client", such as "Apple Mail", "Thunderbird", etc, etc, etc. Note: IMAP & IMAPS are very close/similar protocols, IMAP does not use encryption, & IMAPS does use encryption.

The port 110 based POP or port 995 based POPS protocol / connection can allow email-clients to either: download/copy emails from server into your email-client software/app, or allow email-clients to move the email from server into email-client by erasing it in email-server. Note: POP / POP3 / POP3S / POPS are very close/similar protocols, the POP / POP3 does not use encryption, & POPS / POP3S does use encryption.

The SMTPS (port 465) or Mail-Submission (port 587) protocol / connection is used by email-clients to put your newly-created/composed-email into the OUTBOX folder under your email-account inside a remote (or local) email server. When email server completes sending it, then eml-server moves that email into the "SENT" folder under your email-account inside the email-server. Note: the SMTPS & SMTP are two different type of protocols. SMTP is used by email-servers to transfer email into another email-server, & SMTPS is used by email-clients & email-server, to put email into OUTBOX folder.

https://en.wikipedia.org/wiki/Comparison_of_email_clients

https://www.Thunderbird.net/en-US/thunderbird/all/

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

...

Response-Msg-02:

... pls see my earlier message ...

Email-server operator can set rule(s) to forcefully use IMAPS or POPS or POP3S (these protocols use secure encrypted connection) for all users , and disables IMAP (as its not encrypted, aka: its open) , and disables POP / POP3 (as its not-encrypted, aka: its open) , then someone in middle cannot force the connection to use non-encrypted connection . But some email server operators forgets to properly fine-tune email-servers, forgets to disable POP & IMAP (non-encrypted aka open) protocols, or do not know how to do so, etc. The risk still exists : someone in middle to downgrade SMTP security to view/copy email content, or do store-&-relay related storage to view/copy emails, etc, etc.

Some email-servers have webpage based interface to view/read/send/delete/create email inside an email-sever, such is known as : webmail , webmail service , web-UI , web-browser-client , web-client . If such email-server service provider does not support email-clients that can use IMAPS, SMTPS protocols , then such email-service providers are called : webmail-only server or webmail-only email service-provider , etc. Protonmail is webmail-only for free-account users, & forces to use special proxy type of app with special abilities to exchange emails in between protonmail email-server & user's email-client software (via short/small use of IMAPS / SMTPS). There are many other webmail service provider other than protonmail, such as: HushMail, Tutanota, Zoho-Mail, Mailfence, Excite-Mail, etc.

https://en.wikipedia.org/wiki/Comparison_of_webmail_providers

https://en.wikipedia.org/wiki/Webmail

Someone can host their own email server in their own premise/office/home, etc, aka: on-premise email server , self-hosting email-server , etc etc. So email-service users who will/are using your own email-server, can view/access/use their emails securely , as long as they send/receive email only to email-address under your own domain, which is hosted inside your own premise . With sufficient security in place, & with sufficient management, a user or a family can create more secure email services. Your users can download K-9 (soon to become thunderbird) email-client in Android phone, You users can download CanarayMail etc email-client in iOS/iPhone etc devices , your users can download Thunderbird email-client in macOS or in Windows , to use your own email-server based email-services securely . You will need to register for your own domain-name (pls dont use GoDaddy, as their various options are overpriced) from domain-registration service provider companies , obtain two internet routable IP-address from your local ISP by openinig/subscribing for "Business" category internet service line into your own home/office / premise, & request your ISP to setup "rDNS" record with your domain name, & assign rDNS to those two IP-addresses, which you obtained/rented/received from your ISP . Then Setup router, to assign fixed local IP-adrs to your local (one or two) computers, setup router to pass routable ip-address traffic to specific local computer, setup router to port-forward specific ports into specific ip-addres. Obtain free SSL certificates from "LetsEncrypt" for your various sub-domains & hosts. Then download+use your choice of open-source linux or unix based OS (operating-system), then start web-hosting control-panel software (aka: server-management software), & those allows you to setup+configure your basic website, & configure your email-server, etc etc . Use one or two laptop or PC or mac computer(s), etc to use them as your email-server & web-server. If you use small or power-efficient computers, small or power-efficient routers , small or power-efficient modem, etc then you can use UPS device to keep powering them if electricity becomes unavailable for some reason. More info here : .

https://en.wikipedia.org/wiki/Comparison_of_web_hosting_control_panels

https://en.wikipedia.org/wiki/Web_hosting_control_panel

https://en.wikipedia.org/wiki/Comparison_of_mail_servers

https://en.wikipedia.org/wiki/List_of_mail_server_software

https://en.wikipedia.org/wiki/Let%27s_Encrypt

https://github.com/zerossl/zerossl

Apple's various server programs : About macOS Server 5.7.1 and later - Apple Support , https://apps.apple.com/us/app/macos-server/id883878097?mt=12

Setup webserver on macOS Monterey : Setting up a local web server on macOS 12… - Apple Community

Load MacPorts in macOS : https://www.macports.org/install.php ( do not use HomeBrew, Homebrew shares usage data with Google to store forever ).

Install a simple web-server in macOS : sudo port install simple-web-server

Then you may load postfix mail server, by using this command in Terminal : sudo port install mail-server

More info : https://github.com/essandess/macOS-Open-Source-Server

...

Response-Msg-04:

... pls see my earlier message(s) ...

so my suggestion to this discussion topic's poster is : use 4Kbits-RSA strength based OpenPGP compliant email-clients in your devices, computers,

( see above , i specified which email-client can be used for which OS/HW platforms : in Android use K-9 & OpenKeychain , in iOS/iPhone use CanaryMail (for now) , in Windows / macOS use the Thunderbird email-client ... by the way configure each email-clients further , to act/peform based on security , by default they are not-configured to act based on more-security ).

Keep on using yahoo for now . Setup/create a openpgp key-pair for your yahoo mail in Thunderbird, then transfer that key into mobile phone's email-client.

If you use OpenPGP based ENCRYPTED EMAILS in between your family members, then Yahoo/Verizon's admins, partners, sub-contractors, etc etc etc etc etc cannot see the email's content/body instantly or very quickly.

But try to setup+use your own email server in your own home/premise/office, ( see above , i explained ).

BuildItStout wrote:

Our office uses Microsoft Exchange. I assume Microsoft is not reading all of our business correspondence. But I don't know how secure this service is. I assume it is much better than Gmail or a Yahoo account. However I am looking for a personal email account that has some level of security to it.

How about Microsoft Exchange? You can get a personal Office 365 account for about $5/month. Apple Mail actually has better support for Exchange than for iCloud. But iCloud is fine too.

Email is inherently insecure. It's a communication protocol. Once you click "send", you should assume that your message will be made public. If you haven't been bitted by that fact yet, it is only a matter of time. Don't send anything via e-mail that you wouldn't feel comfortable posting anywhere else on the internet.

Response-Msg-03:

... pls see my earlier message ...

in above mentioned all email-server services / solutions , user's email content can be seen by email-service provider's admin, etc, etc.

So email's content itself need to be encrypted, by the sender, for the receiver.

Sender & receiver need to have+use their own digital key (aka: certificate) to encrypt & to decrypt.

OpenPGP based solutions, OpenPGP based GnuPG / GPG based solutions, & the original PGP based solutions (from which OpenPGP was created) , can encrypt email's content, and can decrypt email's content.

SMIME certificate based solution can also encrypt email's content.

https://en.wikipedia.org/wiki/OpenPGP

OpenPGP allows end-to-end encryption in between a pair of user (sender & receiver) , and SMIME allows a group (or a business) & it's members / employees to communicate encryptedly.

When emails are encrypted with OpenPGP / PGP / GPG, then others in the middle of internet connection path, can only see encrypted / scrambled content which has random letters & numbers & symbols etc & not-meaningful message , so others cannot see actual content of email body , ( unless someone in middle of internet path have the key / cert to decrypt ).

When OpenPGP encryption mechanism is used, then email-server's admin, partners, sub-contractors, etc etc etc cannot (instantly) see email's content , even if two person used gmail / yahoo / hotmail / outlook / protonmail / on-premise / self-host based etc email services.

If weak strength OpenPGP / PGP / GPG encryption are used, then very powerful computers can find decrypt key & can decrypt & obtain actual message, not-instantly but after some time.

When SMIME based encryption is used, and if the email-server is located in a cloud or in a remote host server, then remote location's or cloud service provider's admins, partners, sub-contractors, etc, etc etc etc can view/access/copy emails.

When SMIME based encryption is used, and if the email-server is located in your own or in a very very very trustworthy person's premise , or on-premise , or self-hosted , then only you (or that trustworthy-person) can view/access emails , no one else can view/access.

Anything thats not in your own hand/home/control , is by definition , not-secure.

No matter how much sugar-coated words or carrot they hang in front of you or no matter how much they ridicule / contradict you.

Remote hosting aka CLOUD based service providers & their businesses & profits have ballooned & become filthy+dirty rich, abusive, manipulative, liars, etc, they even fund corrupt lecturers to lecture on how "secure" things are in CLOUD / remote hosting. Cloud/ remote hosting can give other/fast-sharing etc benefits, but not on real security. They invent things (and brainwashes all) to assist remote/cloud stuff further, but not assist to improve user's on-premise / self-hosted solutions.

Not only USA's 4th-Amendment, also worldwide, UN have setup clear agreements & rules, for all countries, by using UDHR (universal declaration of human rights) , where every member countries have signed to uphold those UDHR rules & agreements, which includes Privacy-Rights,

but biggest violator country(s), each have more power than UN itself.

A significant percent of ppl in World is operating willingly & unwillingly & coercively to participate in corrupt & harmful & human-rights violating activities.

https://www.un.org/en/universal-declaration-human-rights/

https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

https://www.aclu.org/united-states-bill-rights-first-10-amendments-constitution

https://www.law.cornell.edu/wex/fourth_amendment

https://www.britannica.com/topic/Fourth-Amendment

https://en.wikipedia.org/wiki/Spying_on_United_Nations_leaders_by_United_States_diplomats

We ware shirt, jacket, socks, shoes/sandels etc to protect us from harsh weather, thats what civilized person, culture or community do for safety & protection.

Encryption is the shirt/jacket/socks/shoe/sandel inside internet cyberworld / digital world to protect us from harsh things inside internet.

https://en.wikipedia.org/wiki/Encryption

If encryption(s) are broken easily or allowed to be broken by special-peoples (by using backdoors), then they will inject harmful data , conflicting data , crashing/collision/malfunction data inside vehicles safety, plane travel safety, financial transaction safety, health-care safety, etc etc etc when it will be necessary by corrupt group of people in govt to do so ... harmful or unethical hackers will find those backdoors & abuse ... & create massive loss for people's life & safety. This already happened, USA's NSA allowed their certain sub-contractors to leak their invented malware publicly, then those malware were abusively used (by harmful+unethical hackers) on other nations.

https://en.wikipedia.org/wiki/Equation_Group

https://en.wikipedia.org/wiki/Backdoor_(computing)

...

More info on using Thunderbird email-client's tab based builtin web-browse,r for accessing webmail(s) services : https://stackoverflow.com/questions/63253091/

More on server creation/setup, etc : https://github.com/atErik/Server-Admin-Scripts/wiki

More on self-hosted, on-premise, etc solutions, apps, software, etc : https://github.com/awesome-selfhosted/awesome-selfhosted