Taking Control of Your Email - Part 1: Choosing a Private Email Provider

Email is the backbone of our digital identity, so choosing the right provider is critical. Many people default to free services like Gmail without realizing how those providers monetize their “free” offering. Free email providers typically make you the product – scanning your messages to serve targeted ads or train AI models. For example, Google’s latest Gmail features use its Gemini AI to summarize emails, suggest replies, and even mimic your writing style by analyzing your past messages and Drive files. While convenient, these AI-powered features require full access to your inbox, blurring the line between helpful automation and invasive surveillance. In short, “free” email often comes at the cost of privacy.

Privacy vs. Security – Know the Difference

It’s important to distinguish privacy from security in the email context. Privacy means protecting the content of your emails and personal data from unauthorized access – including by the provider itself – and controlling how that data is used. Security, on the other hand, focuses on keeping your account and communications safe from hackers, breaches, and malware. A service can be secure (e.g. with strong encryption in transit, two-factor authentication, etc.) but still not very private if it mines your inbox for data. Gmail, for instance, has robust security measures yet historically scanned emails for ad targeting; in contrast, a privacy-focused provider might promise not to read your emails at all. Striking the right balance depends on your threat model – essentially, who and what you’re trying to protect against.

Threat Models: Everyday Users vs. High-Risk Individuals.

For an average user, the biggest threats might be phishing attacks, data breaches, or annoying spam. A strong password, reliable spam filtering, and assurance that your inbox isn’t being sold to advertisers might be sufficient. However, for high-risk users such as journalists, activists, or whistleblowers, the threat landscape is more severe. These users may be targets of state-level surveillance or hacking attempts aimed at intercepting sensitive communications. They should seek providers with rigorous privacy protections, minimal data retention, and features like end-to-end encryption (E2EE). They might also favor jurisdictions with strong privacy laws. For example, a journalist may avoid U.S.-based email services due to the potential for government subpoenas or Cloud Act requests, and instead opt for services based in privacy-friendly jurisdictions. In short, everyday users get reasonable security from mainstream providers, but high-risk individuals need the extra privacy guarantees that specialized email services can offer (often at the cost of some convenience).

Jurisdiction and Privacy Laws Matter.

Where your email provider is based can affect your privacy. Different countries’ laws govern how providers handle data and respond to government requests:

• United States: Providers like Gmail (Google) or Outlook.com (Microsoft) fall under U.S. jurisdiction. The U.S. Cloud Act can compel even data stored overseas to be handed over to U.S. authorities. Intelligence-sharing alliances and broad surveillance powers mean that emails on U.S. servers could be accessed by government agencies with the proper legal orders. In practice, U.S. tech companies have to comply with warrants and can be gagged from informing users. This is a concern if you worry about government snooping or secret court orders.
• European Union: EU-based services must abide by the General Data Protection Regulation (GDPR), which enforces strict rules about user consent, data usage, and breach disclosure. Providers in the EU (for example, Germany’s mailbox.org or Belgium’s Mailfence) typically can’t mine your emails for profit under GDPR, and you have legal rights to your data. Law enforcement requests in the EU generally require due process under local laws and judicial oversight. In short, EU providers are constrained to prioritize user privacy and transparently handle personal data.
• Switzerland: Some email companies (like ProtonMail) are based in Switzerland, which has long privacy traditions and is outside EU and U.S. jurisdiction. Swiss law is very protective of communications privacy, and providers cannot easily be forced to reveal content. However, they can be compelled via Swiss court orders to hand over certain data (e.g. metadata or IP logs) for criminal investigations. For instance, ProtonMail once had to comply with a Swiss order (relayed via Europol) to log a particular user’s IP address for a French investigation. The takeaway: Swiss services offer strong privacy by default, but no country is an absolute safe haven against targeted legal orders.
• Australia: Australia-based email providers (like Fastmail) operate under Australian privacy laws. Australia is known to cooperate with U.S. and UK authorities (as part of the “Five Eyes” alliance), and it has laws that could theoretically require tech companies to assist law enforcement (even to the extent of helping decrypt data). On the flip side, Australia’s privacy principles restrict sharing data directly with foreign governments. Fastmail, for example, notes that as an Australian company it must respond to Australian warrants but is forbidden from disclosing data to foreign authorities except through proper Australian legal channels. Fastmail publishes an annual transparency report showing how many requests they receive and commit to “no dragnet access” – meaning they only release specific data for specific lawful requests. In summary, Australian providers strike a middle ground: not under U.S. law, but not as globally protective as Switzerland, operating with legal checks in place.

The Limits of End-to-End Encryption (E2EE).

Encryption is often touted as a silver bullet, but in the real world E2EE email has limitations. True E2EE means your message is encrypted on your device and only decrypted by the recipient – the email provider can’t read the content even if they wanted to. ProtonMail and similar services offer this for emails between users of the same service or via interoperable PGP encryption. This sounds ideal, but consider the caveats:

• Not Universal: Email is an open system; you will inevitably email people who aren’t using the same secure service. Messages between a ProtonMail user and a Gmail user, for example, won’t be end-to-end encrypted (unless you take the extra step of using PGP yourself). As a result, much of your correspondence could still be unencrypted and stored on other providers’ servers.
• Metadata is Exposed: Even with E2EE, certain data can’t be encrypted because it’s needed to deliver the mail. The “envelope” information – sender, recipient, timestamps, subject lines, and mail routing data – remains visible to email servers and potentially to observers. Proton’s own threat model acknowledges that they do have access to metadata like subject lines and sender/recipient info (and can be compelled to share that metadata with authorities). In short, encryption hides what you said but not who you said it to or when.
• Usability and Features: E2EE can clash with everyday usability. Web-based email search, filtering, and smart features (like those AI-powered conveniences) often won’t work on encrypted content, since the server can’t read it. Google even warns that its new AI search can’t operate on fully encrypted emails. Likewise, to use ProtonMail in a desktop client, you need their special Bridge app to decrypt mail locally, as standard IMAP/SMTP can’t handle the zero-access encryption. These extra steps and restrictions mean E2EE email might be less slick and interoperable compared to non-encrypted services.
• Trust and Key Management: E2EE shifts trust to your devices. If your device is compromised (malware, etc.), an attacker could read your messages even if they’re E2EE, or even misuse your keys – no provider can protect you from that. Also, forgetting your encryption passphrase can mean losing access to all your emails permanently (since even the provider can’t reset it).

Bottom line: End-to-end encryption is a powerful tool, especially against mass surveillance. It ensures even your email provider can’t read your content, offering peace of mind for sensitive communications. However, it’s not a cure-all – it doesn’t hide metadata, won’t apply to all your contacts, and can limit features. You should view E2EE as one layer of privacy, not the only one. Many users will find a well-run, non-scanning provider “private enough” for their needs, while high-risk users might insist on E2EE and accept its trade-offs.

Comparing Private Email Providers

To illustrate the considerations above, let’s compare four reputable email services often chosen for their privacy and user-control: ProtonMail, Fastmail, mailbox.org, and Mailfence. All four offer paid plans with custom domain support, and none mine your emails for advertising purposes. But they have different philosophies and feature sets. Here’s how they stack up on key criteria:

• Custom Domain, SPF/DKIM/DMARC: If you have your own domain, you’ll want an email provider that makes it easy to use it. All four providers support custom domains (on their paid tiers) and provide the necessary DNS records for deliverability. This includes MX records to route mail, SPF records to designate their servers as valid senders, DKIM keys to sign your messages, and DMARC policies for handling authentication failures. For example, Fastmail’s setup provides an MX pointing to their mail servers and a TXT for SPF (v=spf1 include:spf.messagingengine.com ?all), along with CNAME records for DKIM keys that let recipients verify your mail is genuinely from your domain. ProtonMail, Mailfence, and mailbox.org similarly guide you through adding SPF/DKIM. In short, all four check this box – you can use [email protected] with proper authentication, which is a must for professional and reliable email.
• Standards-Based Access (IMAP, SMTP, etc.): If you use email apps or clients, support for open protocols is crucial. Fastmail, mailbox.org, and Mailfence all allow standard IMAP and SMTP connections, so you can plug them into apps like Outlook, Thunderbird, or Apple Mail easily. Fastmail additionally helped pioneer the new JMAP protocol (an efficient, modern alternative to IMAP) and fully supports it. ProtonMail is a slight outlier: because it stores mail encrypted, direct IMAP/SMTP access isn’t possible. ProtonMail offers the Proton Bridge application for desktop, which decrypts mail locally so you can use a standard client – but it’s an extra piece of software in the workflow. On mobile, you’d use Proton’s app rather than a generic mail app, unless using something with PGP support. Takeaway: If you value broad compatibility and hassle-free setup in any email app, Fastmail, Mailfence, or mailbox.org have the edge. ProtonMail trades some convenience for its encryption model.
• Paid-Only vs. Free Accounts: Services that are only paid tend to have more consistent sender reputations. Free email services often struggle with spammer abuse – for instance, ProtonMail’s free tier, while great for onboarding new users to privacy, has in the past been exploited by spammers (which could lead to Proton’s domain or IPs getting flagged by some recipients). Mailfence offers a free tier with limited storage; ProtonMail has a free tier too. Fastmail and mailbox.org are essentially paid-only (mailbox.org’s lowest plan is around €1/month, basically the price of a coffee). The upside of a paid-only user base is that spammers are less prevalent (they don’t usually pay for accounts in bulk), which helps keep the service’s outbound email reputation clean. Additionally, the company’s incentives align with you as the customer (not advertisers). All four providers here fund themselves through subscriptions, not ads, which is a good sign for privacy. But Fastmail and mailbox.org avoid the free-tier issue altogether, resulting in a very strong sending reputation – an important factor when your emails shouldn’t land in spam by default.
• Privacy Policy and Transparency: Each of these providers takes privacy seriously, but with nuance. ProtonMail is famously founded on privacy ideals – it doesn’t log IPs by default and can’t read your mailbox content. That said, Proton is clear about what happens under Swiss law: they will comply with lawful orders (e.g., provide available metadata or start logging an IP for a specific account)though they cannot decrypt your mail. ProtonMail publishes transparency reports and has a warrant canary. Mailfence, based in Belgium, similarly touts privacy and even allows you to use the service anonymously (they accept cryptocurrency, for example). Mailfence’s policy is that they don’t scan or sell data, and they too will comply with Belgian court orders if required – but with no mass surveillance thanks to encryption. Mailbox.org, in Germany, is subject to GDPR and has a strong privacy track record; they explicitly don’t use your data for ads and have features to encrypt your inbox (they offer an Opt-In PGP encryption of all stored mails via their Guard feature). Fastmail, in Australia, emphasizes user privacy in a more traditional (non-E2EE) way: they don’t mine your emails, and their Privacy Principles highlight that you own your data. Fastmail is very transparent about how they handle law enforcement requests – e.g., requiring an Australian warrant and rejecting bulk data demands. They also make it clear that some staff, under strict controls, could access data if you request support, but every access is logged and auditedfastmail.com. In summary, all four have solid privacy stances, but ProtonMail and mailbox.org provide extra technical measures (encryption) to reduce trust in the provider, whereas Fastmail and Mailfence rely on policy, law, and user trust (while offering optional encryption tools).
• Open Source & Community: ProtonMail has open-sourced many of its components (cryptographic libraries, mobile apps, and the web client code) so that the community can inspect and even contribute. Mailfence is not fully open-source, but it interoperates with open PGP standards and contributes to the OpenPGP community. Mailbox.org uses lots of open-source software under the hood (their webmail is based on Open-Xchange, and they support open standards robustly). Fastmail is a bit different in that its core software isn’t open source, but the company actively contributes to internet standards. Fastmail engineers co-authored the JMAP standard and pushed it through the IETF, and Fastmail runs on open tech like the Cyrus IMAP server (to which they’ve contributed code). They also sponsor or support various open-source projects. While you can’t self-host the entire Fastmail stack, you know the protocols and formats they use are open. If being able to audit code is your top priority, ProtonMail leads here; if promoting open standards is the goal, Fastmail stands out.
• Cost: All these providers charge reasonable fees for the services they offer, though the pricing models differ. ProtonMail’s Plus plan (suitable for single custom domain use) is around $4-5 per month; Mailfence similarly is a few dollars per month for a plan with custom domain support; mailbox.org starts at €1/month (though for more storage and features you’d likely pay a bit more). Fastmail’s standard plan is $5/month (with discounts if paid annually). The differences in cost are minor when weighed against what you get – and all are inexpensive compared to the value of a reliable, private email. It often comes down to which feature set you need: ProtonMail’s cost also gets you ProtonVPN bundled if you go for their higher tiers, Mailfence bundles some document collaboration tools, mailbox.org provides cloud storage and Office features, and Fastmail focuses on polished email, calendar, and contacts with plenty of storage. In any case, budget should not be a barrier to getting a secure email – for the price of one fancy coffee a month or less, you can have any of these. Fastmail isn’t the cheapest, but it’s competitively priced given its reliability and support.
• Multi-User Support: If you need email for your family or a small business/team, consider how each service handles multiple users. Fastmail offers a Family plan and easily allows adding additional users/mailboxes under one account billing. You can have separate logins for each family member, all under your custom domain, with centralized administration. ProtonMail historically was more single-user oriented, but they now have a Family plan (up to 6 users) and business plans for multiple users on a domain. Proton’s multi-user setup works, though sharing a single domain’s addresses across users requires the right plan. Mailbox.org also supports multiple users (they have a Business offering and you can link accounts for organization use). Mailfence similarly has business accounts for user groups, and even their Pro plan allows a few alias addresses which could serve small-scale needs. In short, Fastmail and ProtonMail both make multi-user management straightforward; mailbox.org and Mailfence can do it but are perhaps a bit more tilted toward either single-user or larger org (in mailbox’s case) scenarios. For a family, Fastmail’s plan is particularly convenient in allowing a pool of storage and addresses to share among users.

Why I Chose Fastmail

All the above providers have strengths, but after careful consideration I decided on Fastmail as my email provider. It best met all of my criteria without significant compromises. Here’s a recap of how Fastmail checks the boxes:

• Custom Domain & DNS: Fastmail makes custom domains a first-class feature. The setup was painless – Fastmail provided clear DNS instructions for my domain, including MX, SPF, DKIM, and even a default DMARC policy. They support multiple domains per account, wildcard addresses, and subdomain addressing. My email now comes from my own domain with proper authentication, improving delivery and professionalism.
• Standards and Compatibility: With Fastmail I can use any email client thanks to full IMAP/SMTP support. On top of that, Fastmail’s support for modern open standards (JMAP for mail, CardDAV/CalDAV for contacts and calendars) ensures I’m not locked into proprietary systems. I can access my email on all my devices and apps – or simply enjoy Fastmail’s excellent web and mobile apps. No bridges or special configurations required for basic use.
• No Ads, No Tracking: Fastmail has no free tier, meaning every user is a paying customer. This gives them zero incentive to scan my data – their business runs on subscription revenue. They explicitly do not serve ads and do not analyze my emails beyond what’s necessary for spam and virus filtering. This peace of mind was important to me after years on “free” Gmail. I’m the customer, not the product.
• Privacy and Trust: I was impressed by Fastmail’s privacy transparency. Their privacy policy and user documentation clearly explain what they do and don’t do with my data. For example, Fastmail’s FAQ states that they never give broad government access to data – only specific, lawful requests are honored, and as an Australian company they cannot directly respond to foreign requests (they must go through Aussie legal process). They also publish a yearly transparency report. While Fastmail doesn’t offer zero-knowledge encryption of my mailbox, I’m comfortable with their long track record and Australian privacy laws. Crucially, Fastmail staff will only access user data if absolutely necessary for support and only with explicit permission – and any such access is logged and audited. This approach, combined with the fact that I can always locally encrypt truly sensitive files or emails if needed, strikes a good balance for me. Fastmail also blocks external image trackers by proxying images and offers alias addresses (Masked Email) to protect my identity on websites, showing they actively innovate on privacy features that matter day-to-day.
• Open Collaboration: While Fastmail isn’t open source software, I value that they contribute to the ecosystem – their leadership on JMAP and involvement with organizations like Let’s Encrypt and standards bodies give me confidence that they care about the future of email beyond just their platform. They’ve been in the email business for over 20 years (founded in 1999!), which means they have experience and stability. Fastmail’s ethos of partnering with digital rights organizations in Australia and supporting privacy causes resonated with me as well.
• Cost for Value: At around $5 per month, Fastmail isn’t the cheapest option, but the value for what I get is outstanding. The service is fast (true to its name), reliable (no deliverability issues so far), and feature-rich (search is instant, calendars and contacts sync perfectly, and I even publish my calendar for others easily). I’m happy to pay the price of a sandwich per month to have rock-solid email hosting that respects my privacy. Additionally, I was able to consolidate: Fastmail replaced my old Gmail and a separate calendar app, and it even can serve as a simple file storage for sharing small files or hosting static websites. Fewer services to juggle is a bonus.
• Multi-User & Organizational Use: I have the option to add my family members under one plan in the future, or host a small organization’s email on Fastmail. User management, aliases, and domain setup all live in one clean admin interface. It’s ready to grow with my needs.

In summary, Fastmail hit the sweet spot: user-centric design, strong privacy stance without sacrificing functionality, and the flexibility of using my own domain. Other providers certainly have their merits (ProtonMail if I needed maximal encryption, mailbox.org if I wanted a budget EU option, etc.), but for my threat model and daily workflow, Fastmail was the best choice.

Part II coming soon!