Protonmail as a Long Term User

I have been a Protonmail user for close to a year now. Im not a free user, I'm a paid user. I use Protonmail as my custom domain email provider, as opposed to using a standard @protonmail.com address.

For the most part, it works as advertised: encrypted email that the provider cannot read (once it is encrypted on the server), client side decryption, a good set of features, and access to an IMAP bridge (the Linux bridge is in beta test, but you can request access). Their full feature list is quite impressive, though they are a bit expensive.

There are a few issues I have with them, though. And it's becoming enough to want to change email providers.

Introduction

I own my own domain, and have had my own domain for over a decade. Originally I purchased my domain through GoDaddy alongside web hosting, with this webhosting I paid for POP3 email service.

A few years ago I decided it was time to move on to IMAP. At the time the only IMAP service that GoDaddy provided was a stripped down version of Office 365 (which, to be fair, nowadays is a good monetary price for Office 365). I used that service for about a year, and found the service to be lacking. After the year was up, I switched to GSuite. While the service was excellent, I eventually became aware of the privacy problems of using Google (even commercial Google), and decided it was time to lock down my privacy a bit. This is when I found out about Protonmail. I looked over their features, and as soon as I saw the IMAP Bridge was available for Linux, I jumped on board.

I have been a Professional Protonmail user for about 10 months, since October 19, 2017. I bought a couple months one-off to try the service out, before buying a year's worth of Professional; I paid US$75 (which works out to $6.25/mo). It is very pricey for an email service, but for the security it is about as good as it can reasonably get.

However, after almost a year of Protonmail, I'm finding the service to be just as lacking as Office 365 was, and I'm looking to move on. I have a different provider in mind that I will try later when my service runs out.

My Email Provider Requirements

Before I will consider an email provider, it must meet all of the following prerequisites:

I have a personalized domain that I have held onto for over a decade, and it has become a part of my private identity. As such, I intend to use this domain as part of my email service.

Domain support must also have “Catch-All” support. Ie if I set up an email box “sprocket@foo.com” and I'm emailed at “sprocket1@foo.com” I want to be able to read it.

This is the other big one. I detest webmail, and am not satisfied unless I can use an email client (like Thunderbird) to download my email to a local hard drive.

What good is IMAP if I can't store a lot of email on the server? Size requirements are fairly modest, but a few gigabytes are nice.

Though I don't have anything to hide, it doesn't mean I want people to be able to snoop without my knowledge. Some form of server-side at-rest encryption is required. In-transit encryption is also required. The email provider also needs a strong record of resisting unlawful government intrusion, as well as ISP interference and interception.**

Other Important Features

It would be nice if I could sync a contact list and calendar with CalDAV/CardDAV.

I'm old school and I sort my email in various folders and subfolders. Labeling is nice, too, but I prefer using folders and subfolders.

The ability to send and read email as plain text is important from a security perspective. Some email content just cannot be trusted.

It needs to be cost competitive. This definition is subjective, and has evolved over time.

File sync, akin to Google Drive, would be nice, but not strictly required.

Protonmail Breakdown

So, that said, how does Protonmail do?

Protonmail definitely has custom domain support as long as you use their Plus plan. However, the truly useful features (multiple identities, a catch-all plan, and so on) require their more expensive Professional plan. Unfortunately the Professional plan is also less granular in terms of add-ons (like additional storage). You end up paying more for less, just to have catch-all.

By default, Protonmail does not support IMAP/SMTP support. However, paying customers have access to the Protonmail Bridge.

This is here my biggest gripes come from, which I will talk about later in this post.

Protonmail has a good amount of storage space for the price. By default, you get 5 GB of storage, which unless you are sending many, many pictures by email constantly (Hi, Mom!) should be sufficient. You have the option of buying more, though the amount of granularity varies with your account plan. From a cost/gigabyte perspective, Protonmail is pricey, however you do get a discount for pre-purchasing a year in advance.

Protonmail is basically the gold standard for privacy focus. As soon as the email server receives it, it encrypts it with an OpenPGP key (either one that you provide, or one that it generates), stores it in your mailbox, and supposedly deletes the unencrypted version from the server. Only a valid password will unlock the contents of the email. You can further bolster this by having a separate account password AND mailbox password. Do be careful though, if you lose your passwords, your email does become lost.

Emails sent to other Protonmail users are also encrypted by default.

It's also possible to import (via the web interface) OpenPGP keys that you provide yourself, either public or private.

On top of this, via the web interface you have additional privacy features you can use for non-PM users. You can encrypt the email, and send them a link to open via their web browser to decrypt. You can also set up self-destructing emails that delete themselves after a defined amount of time.

With the exception of emails that you receive, all of the actual encrypting and decrypting is done via client-side encryption, to minimize anyone else besides the intended recipients from reading.

All of this is on top of transport-encryption, a must in this day and age.

Needless to say they hit it out of the park if you like web clients. Using an email client, though, is a lot clunkier (see below for more details)

It's worth noting that you still need to trust OTHER parties to make sure their communication is secured.

Straight up, Protonmail does not do this. The web client does keep a local contact list, but its not possible to keep it synchronized with a local email client or contact list.

Yep, Protonmail does this, with caveats. You can have up to 25 labels and 25 folders, though it quickly becomes unwieldy in the web interface. Any given email can have as many labels as possible, but only one folder. Subfolders aren't a thing though, which breaks how I like to sort my email. However, using an email client will cause emails to get duplicated.

Yep, Protonmail does this.

This is subjective, but I feel Protonmail is a bit pricey if you want the Professional plan (especially if you want Catch-All support like I do).

Protonmail does provide an Android and iOS app for accessing email. Other than opening up a web browser or using the IMAP bridge on a desktop/laptop, this is the only way to portably check your email. You aren't allowed to use a different email client on Android or iOS.

IMAP Bridge Support

I'm appreciative that Protonmail takes security seriously. To maximize this, they provide an IMAP bridge. The bridge is software that runs on your local machine that acts as a relay between your email client and the Protonmail servers. For it to work, your software of choice needs to be able to ping this bridge, and the bridge software is responsible for downloading your messages and feeding it to the email client.

However, it is far from perfect, and is my greatest source of frustration with the service.

As a Linux user, they don't advertise that the bridge software is available. Its true, the Linux Protonmail Bridge client is still a Beta (version 1.0.6 as of this post), and you have to ask to use it. The bridge itself is closed source software, so if you are a FLOSS-hardcore person, automatically that rules the bridge out. It runs as a “small” app (about 130MB of RAM on my system) that you minimally interface with; there also exists a CLI version which I haven't used. Set up your bridge connection, get a bridge password (different from your account and mailbox password), and point your email client to the localhost (127.0.0.1) + specified ports.

Depending on your email client and system security, this may go smooth (Thunderbird, Evolution, Kmail all seem to connect without issue) or not at all (I could not get Geary to connect). This is where the problems with the bridge begin; if your email client cannot connect to the bridge at all, then you cannot download your email to your email client.

You will need to run the bridge on every single machine that might conceivably connect. There is no way to connect to the bridge over a network, as the bridge defaults to using IP address 127.0.0.1 (aka local host). Therefore you can't just set up a home server to run the bridge, and have all of your local machines connect to it.

Syncing is the real killer of the bridge. More often than not, an email sync will simply fail without reason. It doesn't matter which email client, it will throw out errors. This applies to both downloading emails to read, and moving emails across different folders (and even deleting them). When sync does work, it is often delayed a significant amount of time (upwards of tens of minutes). The most annoying part is when I tell my email client to delete an email or move the email to a local folder. Oftentimes, it simply commands Protonmail to simply unmark the email as flagged for a folder, and the email will not be deleted from the actual server. It will then show up in the “All Mail” folder, still taking up email storage space.

The problems are exacerbated when you try to use the bridge on more than one computer at once. Maybe this is a restriction that Protonmail imposes? I'm not sure.

One of the reasons I wanted IMAP support in the first place was to better centralize my email for future reference. As long as the email is secured from prying eyes (in Protonmail's case, it is), I consider that a win, and I can safely store my decades' worth of email online without fear of losing it to a hard drive crash locally.

Unfortunately, problems arise when I try to push email from local storage to the server. Copying email from local storage to Protonmail rarely works well unless it is copied over one email at a time. Trying to move dozens, hundreds, or thousands of emails over in one big batch simply does not work. The reverse is also true, trying to sync a remote email box that contains more than a couple dozen emails simply fails without reason, and frequently. The error logs are next to useless for diagnosing this too. This has made it difficult to store my decades of email online, and later be able to retrieve it.

I've also seen Protonmail fail to sync email that is encrypted with PGP keys that it does not know about, or if the email is somehow corrupted. To me this is a fail; maybe I want the email uploaded to the server unencrypted or in a damaged state. This seems to not be a problem if you use Enigmail.

I unfortunately have to conclude that, while the IMAP Bridge works, it doesn't work well. If you compare it from this perspective to Gmail, Outlook.com, and other email providers, it easily pales in comparison performance wise.

Conclusion

My ultimate conclusion with Protonmail is this.

It is great at protecting your privacy.

It is within expectations if you interface with your email via webmail and webmail alone (or the Android/iOS client)

It is not so great if you want to use IMAP, contact sync, calendar sync, or storage space.

After the end of my current subscription term, I will be moving to a different provider and trying them out.

**I'm no fool, I completely understand that unencrypted emails can (and are) intercepted in transit. My worry isn't government-sponsored intercepts, as they likely have the means to break any encryption available, though that is a good thing to worry about regardless. My worry is my ISP and email provider not acting in my best interest. Most ISPs are notoriously bad for this, and unfortunately both my cable internet provider and my cell phone provider intercept unencrypted data.

#Protonmail