title: "e-mail providers - which to choose?"
date: 2021-09-21

i think you guys already know who i am, right?
today we have an interesting subject, however controversial it is, it is very difficult to talk about this subject, because not everyone really follows their privacy policies!
i will try to offer you good services today.


the ip addresses of the user currently connected via imap or pop3 are stored while the device is connected to the server.
but no persistent ip storage then.
all e-mails, unless encrypted by the user, are stored on the disroot servers in plain text.
this means that disroot can read your e-mails.
disroot also uses disk encryption.
records of your activity are stored for a period of 24 hours.
this data is used to help diagnose software issues, maintain system security against intrusions, and monitor platform health.
for e-mail the ip is not stored, while all other records are deleted every day. well, i can't do much better than that, there's not much to talk about.


riseup certainly your service does not spy on you.
ip addresses of any user for any service will not be retained.
sender and recipient metadata are stored, but only for 24 hours maximum, apparently for spam prevention.
riseup also offers the best e-mail alias feature ever, which is free, does not reveal your real account in headers, and you can delete aliases if they are no longer useful or have become spam.
while other providers, such as cock.li or danwin1210, use the more secure v3 onion and e-mail domains, riseup is the only one that provides them for the full range of services.
for me this is a great e-mail provider considering the registration policy, lack of personal data required for registration, onion v3 addresses, unlimited nicknames, e-mail client support and great reliability.
to register, riseup requires an invitation code from a person who already has an account.


countermail now requires an invite code to register, but it's not like riseup, it's a paid service.
the price is $29 for six months and that's the least you can afford. luckily bitcoin is accepted.
javascript must be enabled for logging, but there is no captchas or anonymity blocking.
there is a free layer that is practically useless as it doesn't even support e-mail clients and has many restrictions in terms of e-mail recipients.
after registration, countermail will generate a pgp key pair, which will be used to encrypt all incoming and outgoing e-mails, if possible.
if the recipient is another countermail user, messages are automatically encrypted throughout the journey.
otherwise, they will be sent unprotected from their recipient until they reach the countermail servers and then encrypted back to you.
the problem with all this is that countermail stores its private key on its server.
it looks like you can now delete the private key from your servers and even use your own.
this is the best of both worlds so newbies can rely on countermail encryption while pros do their own.
if we count by value, countermail probably becomes the provider that stores the least amount of data of all of them.
the only way to make it better is to tell us if our e-mails (or their metadata) are stored after download by the e-mail client and/or deletion via webmail, if so, for how long.


the privacy policy is very promising.
posteo does not save any ip addresses that can be traced back to clients.
this was independently confirmed in an audit report by the german federal commissioner for data protection.
also do not collect or save the ip address if an external client to retrieve your e-mails via imap or pop3 or to transmit messages via smtp to be delivered by posteo.
therefore, using an e-mail client, your ip will not be stored. but what about the content of the e-mail? posteo doesn't seem to say directly what is stored and for how long.
when you delete content data, it is deleted immediately. if the data was backed up in one of the daily security backups, it will remain there for another 7 days until it is completely deleted.
you can delete your e-mail anytime and it is gone, except the backup. not bad, you can also encrypt the backup.
besides, they offer the possibility of encrypting all the e-mails that are saved in the posteo individually with the account password.


currently entries are by invitation only.
cock.li supports e-mail clients, does not ask for personal information, allows registration and use using tor and other privacy services, and is run by "some guy", not a company.
imap and smtp logs include: when an e-mail is sent, the username, destination e-mail address and connection information when you connect to imap, which address ip and username you are logging in with, and if that login was successful
these, according to cock.li's privacy policy, are stored for 48 to 72 hours. when you visit the site, cock.li stores this information: http access logs containing your ip address, user agent and type/location of your requests.
they say it's not related to your account, but it would be trivial to connect them.
cock.li's privacy policy isn't a bit clear on this point, but it looks like you can manually delete all your data in addition to your registration information and it will be deleted immediately.
removing the latter requires deleting your account, but even so, the data will be kept for 30 days.
cock.li is to be congratulated for its honesty. the privacy policy and terms of service are short and to the point.