As someone in infosec, how do you handle your personal email?
-
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryption@bobbricoleur
I use tuta mail -
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryptionI'm using standard email solution right now, and want to see if there is good alternative ?
-
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryption@bobbricoleur@infosec.exchange @relay@relay.infosec.exchange I ran a #WildDuck server for a while. I had to use an smtp relay to send because non-ISP source servers tend to score higher on spam filters even with DKIM, SPF and DMARC in place, so it became a game of diminishing returns.
When I got tired of that I just went to Proton like a normie.
-
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryption@bobbricoleur I use proton because AFAICT dovecot 2.4.3 still has TLS/LDAP issues. When that is resolved I'll probably return to self-hosting. What do you use for SPF, DMARC and DKIM?
-
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryption@bobbricoleur proton mail
-
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryption@bobbricoleur proton with my own domain. I love all the services that proton has. It works well from my Graphene OS phone without Google Play. The calendar, Simlelogin,and the email services are my daily goto's. Minus Lumo+, which I signed up for and now have abandoned for multiple reasons.
-
As someone in infosec, how do you handle your personal email?
I got tired of Gmail reading everything, so I built a self-hosted
alternative with:
- X25519 + AES-256-GCM encryption
- Postfix/Dovecot on a French VPS
- SPF/DKIM/DMARC + fail2ban
- An AI cockpit that classifies urgent vs noise
Curious what setups other infosec people use. ProtonMail?
Self-hosted? Something else?
#infosec #email #privacy #selfhosted #encryption@bobbricoleur Self-hosting is always preferred. It is a lot of work. Many mail services still pre-emptively block self-hosting for spam despite spammers not doing self-hosting. It is too easy to add self-hosting to blocklists and some people do this automatically and without cause. Once on it is difficult to get off. Most mail services do collect and retain mail messages. Tuta and proton say they do not retain mail. Tuta and Proton encrypt mail at rest but they possess the keys. Proton may only allow entprise accounts to use smtp. Tuta seems to allow only imaps.
Ymmv.
Bonne chance.
-
@bobbricoleur proton with my own domain. I love all the services that proton has. It works well from my Graphene OS phone without Google Play. The calendar, Simlelogin,and the email services are my daily goto's. Minus Lumo+, which I signed up for and now have abandoned for multiple reasons.
@Prometheus nice to know, any other similar services you know ?
-
@bobbricoleur Self-hosting is always preferred. It is a lot of work. Many mail services still pre-emptively block self-hosting for spam despite spammers not doing self-hosting. It is too easy to add self-hosting to blocklists and some people do this automatically and without cause. Once on it is difficult to get off. Most mail services do collect and retain mail messages. Tuta and proton say they do not retain mail. Tuta and Proton encrypt mail at rest but they possess the keys. Proton may only allow entprise accounts to use smtp. Tuta seems to allow only imaps.
Ymmv.
Bonne chance.
@hotarubiko thanks a lot for this view , very interesting. so basically Proton, provide you the key that they also have in their server ?
-
@bobbricoleur proton mail
@noplasticshower I self-host with Dovecot 2.3 + Postfix on a VPS.
No issues with TLS so far — using Let's Encrypt with SNI for multiple domains.
SPF/DKIM/DMARC all set up with hard fail. Deliverability has been surprisingly good.
Honestly the hardest part was getting the PTR record right with the hosting provider. Once that matched, everything was ok.
What TLS issues are you seeing on 2.4? Curious before I upgrade. -
R relay@relay.infosec.exchange shared this topic
