Tag: email

Why People Are Leaving Gmail for Protonmail More Than Ever Before

Why I ditched Gmail for Proton Mail

Chris Thomas

Google is the most popular email provider (Gmail) contributes  about 70% of the email traffic on earth and being one of the oldest mass adopted email service (passing 20 years old is a worth achievement for any application, especially a “free” one.

As a cyber security digital expert, I have raved about the free service, its novel cloud-based structure, and how and why is

While I’m tickled to have been an early adopter of now-successful technology, though, it’s important to know when enough is enough. For me, that time has come, and I’m moving my primary digital correspondence to privacy-focused Swiss provider Proton Mail. It’s been a long time coming.

Should I, or should I not be popular?

Google is a Mega Monopoly Email Provider: Legal, but is it Ethical?

We’ve seen a lot go down in the privacy and security realms over the last two decades. Google’s been far from the only culprit, but as the default search engine for most browsers and the curator of Android, the Play Store, Google Analytics, reCaptchas, and more, the Big G has more data on the average North American user than any other corporation.

I’m as far from paranoid as any internet user, and even I use a VPN (primarily for spoofing IP geolocation); while I don’t do anything nefarious, and nobody’s tracking me for anything other than advertising, I prefer knowing I’m a little safer from bad actors that can hijack the content I’m viewing and thus possibly my hardware.

But Google creeps me out, and I’m no longer comfortable using Gmail. The successors to the FAANG stocks, the MAMAA companies (Meta, Apple, Microsoft, Amazon, and Alphabet) own a considerable amount of not just forward-facing web resources but also the underlying infrastructure most of the world’s internet relies on. I can’t avoid my data passing through the Google Cloud or Amazon Web Services, but I can limit what sites and apps I actively engage with.

Gmail’s interface is fine, I guess, if somewhat cluttered and not very attractive

Google’s always innocent until it’s not

Until 2017, Google automatically scanned Gmail accounts for keywords that it then used to personalize ads within the platform and probably outside it, too. Here’s why that should terrify you:

  • It had likely been happening since Gmail’s launch
  • Scans included messages from non-Gmail accounts, presumably contributing to shadow accounts containing data on those users
  • Widespread publicity via a 2013 Microsoft ad campaign and lawsuit the same year failed to stop it
  • Google’s proposed settlement was rejected for being overly vague and failing to promise proper disclosure of data harvesting practices
  • What else is Google doing that we haven’t learned about?

I’m under no misconception that I can extricate myself entirely from Google’s clutches; It’s too ubiquitous, and tons of common apps and services rely on its wide range of services. But I’ll do what I can, which includes moving to Proton Mail, a privacy-centric email provider with encrypted, underground servers, practically the polar opposite of Alphabet Inc.

Google paid over $26 billion in 2021 to remain the default search engine in various browsers

The surprisingly easy switch to Proton Mail

Why Proton Mail is my new favorite email provider

My own Proton account has been used as a backup since 2018. Moat recently though, it has now become my primary email for both personal and business.

I tested a trial of ProtonVPN a few years afo (ProtonVPN was a bit slow back then, but I and other cyber security expert highly recommend it as one of today’s top VPNs) due to its increased infrastructure and massive much faster speed. They have quadrupled the number of Servers globally since 2021).

I made the jump many years ago (2018) and highly recommend it to all of you going forward – primarily due to Proton’s comprehensive set of features, as well as the policies it enacts to keep your data private.

Among Proton’s consumer-friendly practices:

  • It opposes data harvesting, ads, and trackers (even the subversive tracking that comes from opening third-party-hosted images)
  • It falls under Switzerland’s privacy jurisdiction and isn’t subject to US surveillance
  • Theoretically, no other human can view your emails. In fact, if you lose and need to reset your password, you’ll lose access to previous messages, an impressive layer of security against hacking
  • Support for end-to-end encryption between Proton users and password protection for external emails
  • complete, constantly improving feature set, including cross-platform apps, cloud storage, and a calendar
  • Open-source encryption (including optional PGP signing) and independent auditing to ensure strict adherence to standards

A few clicks, and I never have to access my Gmail page again

Compared to my first brief look years ago, Proton’s UI and general implementation have matured significantly. It was also a breeze to sit back and observe how easy it was to have over 100 (128 and counting!) forward over 100 (121 and counting!) of my Client’s perform the action of transferring each of their current Gmail messages to their now-primary Proton address, and the calendar appears to have integrated well, with alerts showing up consistently on both Android and iPhones without problems.

They are perfectly happy with the features provided by Proton’s most affordable tier, the Mail Plus plan. You can create 10 separate addresses and even a custom domain, as well as shorten the default existing domain to pm.me (because @protonmail.com is, admittedly, a bit of a mouthful).

It includes 15GB of storage, unlimited folders and filters, and can do everything I ever wanted my Gmail account to do. Most importantly, it keeps their permanent correspondence out of Alphabet’s umbrella and especially any private or confidential emails, as well as people who send it to them that don’t even use Gmail!

Proton offers diverse Subscription Plans (including Free!)

You can actually use Proton Mail entirely for free, although it does have restrictions: You are limited to 150 emails per day and 1GB of storage, can’t create custom addresses or domains, and won’t have access to the calendar, or the encrypted password manager and unlimited VPN offered by the Proton Unlimited subscription. But even the free tier is visually and more private and securr, as well as overall being much better than Gmail.

Committing to 1 or 2 years of the $5/month low tier drops the price to $4 or $3.50, respectively.

The Unlimited tier will set you back $10 or $8 per month at those same subscription lengths and afford you 500GB of storage, 15 custom addresses, 3 custom domains, and unlimited VPN and Proton Pass (its password manager) access. There is also a six-user family plan starting at $30 and three tiers of slightly more business-focused options.

But I’m really not advertising for Proton here. I’m just choosing to actively take my digital footprint back into my own hands in a way many of us haven’t done since Gmail’s massive rise over a decade ago. It’s well overdue, and over the few weeks I’ve used Proton Mail full-time, I can’t say I regret it or will ever look back.

Proton Mail: Encrypted Email

Proton AG

COMMUNICATION

Price: Free

4.4

Download

Sky@GeeksByTheHour.com

DMARC: What Is It & Why Is February 1, 2024 Important?

DMARC

For 2024, Google and Yahoo are rolling out updated guidelines for bulk email senders, aimed at boosting deliverability and fighting the good fight against spam. This is good news: not only will it positively impact your deliverability, it’s easy to implement.

Why the update?

It’s simple: to create a cleaner, more secure environment for both senders and recipients. The new requirements fall into three key categories:

  • Authentication: Email authentication verifies you’re a legitimate sender, not a spammer. If you’re sending emails already, you’ve probably already taken the first step by setting up SPF (sender policy framework) and DKIM (domainkeys identified mail) records, even if you weren’t sure what they did. Now, the next crucial step is publishing a DMARC policy.

  • Simple unsubscribes: No more requiring users to authenticate or navigate labyrinthine unsubscribe processes. One-click unsubscribe provides a better user experience. Luckily, if you’ve already been offering this option, you’re already ahead of the curve!

  • Spam complaints: If you’re diligently collecting opt-ins with proper consent, spam complaints likely won’t be a concern. But it’s always good practice to maintain a healthy email list and engage your audience thoughtfully.

So what is DMARC?

  • The DMARC policy (Domain-based Message Authentication, Reporting & Conformance) acts as your email’s official security document, telling the world how to handle messages claiming to be from your domain.
  • Setting it up properly is essential today because many Email List Providers (such as small businesses) are already being surprised that their E-Mail Success % Rates Are Decreasing Just This Week (Google and Yahoo Domain Emails Began Enforcement On February 2nd, 2024).By February 1, 2024, publish your DMARC policy with your domain provider. Ensure this TXT record is added to your DNS settings with “yourdomain.com” replaced with your actual company domain:

    Hostname: _dmarc.yourdomain.com          Value: v=DMARC1; p=none;

    It is actually straight-forward for most technical savvy folks whether you manage DNS yourself or need to put in a ticket so that your IT team can handle the DNS settings. (You can learn even more about DMARC records, including other options like adding a “rua” value to designate an email address that will receive DMARC reports, in Google’s documentation here.

    These new email requirements might seem like extra hurdles, but they’re ultimately a positive step towards a more reliable and enjoyable email experience for everyone. By taking the small steps outlined above, you can ensure your business thrives under the new rules, reaching your target audience effectively and building lasting relationships.
    TECHNICAL DETAILS ABOUT DMARC IF YOU WANT TO DIVE DEEPER:

  1. Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources.
  2. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.
  3. WHY SHOULD ORGANIZATIONS LIKE YOURS BE INTERESTED IN DMARC?
Phishing and Spearphishing are among the top attack vectors for any organization dealing with PII (Personal Identifying Information), which can lead to identity impact, financial fraud, or even protected health information (PHI) breaches and Health Insurance Portability and Accountability Act (HIPAA) fines --> why? Because many individuals in the "black market" underground will access, buy, and sell that PII for non-Citizens/those who do not have health insurance-->they will be using it for their own "services" with fake ID presented as the same name and person that your company revealed their PII.                  
                
Summary: Your/Your Company liability can be far more reaching than you could ever imagine. It happens every day in the United States where "Joe" walks up to the urgent care or hospital needing emergency care with someone else's ID/SSN/healthcare insurance information all for the right price!
  4. Fraudulent emails are easy to design and cheap to send, which gives threat actors incentive to use repeated email attacks. DMARC provides an automated approach to reducing fraudulent email, before it ever reaches an employee’s inbox. In addition, DMARC helps prevent adversaries sending email to your organization or others purportedly from your staff.
  5. HOW DOES DMARC WORK? 
DMARC removes guesswork from the receiver’s handling of emails from non-authoritative email servers, reducing the user’s exposure to potentially fraudulent and harmful messages. A DMARC policy allows a sender to indicate that their emails are protected by Sender Policy Framework (SPF) and/or Domain Keys Identified Message (DKIM), both of which are industry-recognized email authentication techniques. DMARC also provides instructions on how the receiver should handle emails that fail to pass SPF or DKIM authentication. Options include sending the email to quarantine or rejecting it entirely.
  6. DMARC provides the receiver with an email address to provide feedback to the sender. 
Potential feedback can include that the sender’s email was rejected/quarantined by the receiver or that a threat actor is attempting to imitate the sender’s domain.
  7. HOW CAN I ADOPT DMARC ON MY DOMAIN?                                                                                        
Savvy organizations that adopt DMARC do so in strategic stages, with feedback loops between IT departments and their staff (depending on the size of the organization of course!). Because DMARC can block third parties delivering mail on the purported sender’s behalf, some intended messages may be flagged as illegitimate in some cases - which is a very small price to pay (risk vs. reward) in cybersecurity honestly.
Below Are A Few Steps Organizations Can Take To Ease Into DMARC Over Time:
1. Deploy DKIM & SPF in reporting-only mode first, listing known authorized email servers (such as vendors and trusted internal/external Partners).
2. Collect and review reports to identify unknown email servers.
3. Work with business units and IT staff to identify servers and determine their legitimacy.
4. Update DMARC policy flags to “quarantine” then to “reject” as confidence increases that most or all legitimate
servers have been accounted for.