ATL BitLab LogoATL BitLab

Three Things About Email You Lost Control of (and How to Fix It) - The Sovereign Computing Show (SOV004)

Tuesday, February 11, 2025

Discover how to regain control over your email in this episode of the Sovereign Computing Show with Jordan Bravo and Stephen DeLorme. They outline the three main points of control we've lost in the modern age. Learn about domain separation, alternate email providers, and the power of email aliases to protect your privacy and digital life. Jordan and Stephen provide actionable tips and tools, including how to use SimpleLogin for email aliases, employing different email clients, and even self-hosting your email server.

Chapters

  • 00:00 Introduction to the Sovereign Computing Show
  • 00:16 Sponsorship and Community at ATL BitLab
  • 01:24 The Google Account Horror Story
  • 05:24 The Importance of Email in Modern Life
  • 15:06 Custom Domain Names for Email Sovereignty
  • 19:39 Alternative Email Service Providers
  • 23:52 Email Server Provisioning
  • 24:05 Challenges of Traditional Email Servers
  • 24:30 Modern Email Pricing Models
  • 24:46 Email Usage Preferences
  • 25:14 Alternate Service Providers
  • 25:26 Introduction to Email Aliases
  • 25:58 Spam and Data Breaches
  • 27:16 Risks of Using the Same Email Address
  • 29:52 SimpleLogin: A Solution for Aliases
  • 37:14 Self-Hosting Email Servers
  • 40:36 Email Clients and Local Backups
  • 44:40 Open Protocols and Final Thoughts
  • 45:24 Conclusion and Listener Engagement

Links

Transcript

[00:00:00]

Jordan Bravo: Welcome to the Sovereign Computing Show, presented by ATL BitLab. I'm Jordan Bravo, and this is a podcast where we teach you how to take back control of your devices. Sovereign Computing means you own your technology, not the other way around.

Stephen DeLorme: This episode is sponsored by ATL BitLab. ATL BitLab is Atlanta's freedom tech hacker space. We have co working desks, conference rooms, event space, maker tools, and tons of coffee. There is a very active community here in the lab. Every Wednesday night is Bitcoin night here in Atlanta. We also have meetups for cyber security, artificial intelligence, decentralized identity, product design, and more.

We offer day passes and nomad passes for people who need to use the lab only occasionally, as well as memberships for people who plan to use the lab more regularly, such as myself. One of the best things about having a BitLab membership isn't the amenities, it's the people. Surrounding yourself with a community helps you learn faster and helps you build better.

[00:01:00] Your creativity becomes amplified when you work in this space, that's what I think at least. If you're interested in becoming a member or supporting this space, please visit us at atlbitlab. com. That's A T L B I T L A B dot com. Alright, on to our show.

Jordan Bravo: Welcome to the Sovereign Computing Show.

I'm Jordan Bravo, and I'm here today with Stephen DeLorme.

Stephen DeLorme: Hey, how's it going?

Jordan Bravo: Today, we are going to start off with an article. For those of you who are watching the video, we're going to put it up on screen. If you're just listening, we're going to summarize it here for you. this article is actually from 2022, but don't worry.

It's still relevant in 2025. If you haven't heard this already, this is really scary. What happened was during COVID, there was a man who had a Google account and he was doing a telehealth conference call with his doctor because his son, [00:02:00] his baby was sick and his baby son had a rash in his groin.

And so per the doctor's request, he used his phone to take a picture of the baby's groin area with the rash and send it to the doctor so the doctor could evaluate it and prescribe medication or whatever the doctor needs to do to treat it and diagnose it. And what happened then was Google automatically detected his account that picture that he took as child sexual abuse material known as CSAM. It closed his account, his Google account, notified the authorities so that he had to explain to the police that he was not in fact a child pornographer or using any kind of child sexual abuse material. Now, the police. Google's automated systems cleared him of any wrongdoing, because he obviously didn't do anything that Google had thought he did, but Google's automated systems were so sure of [00:03:00] it. The problem is, even further, was that once the police cleared him of any wrongdoing, Google refused to reinstate his account. And this guy, unfortunately, had his entire life in Google. He had his, he had Google Fi as his internet service provider. His phone was a Android phone . He had a Google account.

All of his pictures and documents were uploaded to Google drive and Google photos. And so when this guy was cut off from his Google account permanently by Google for a problem, a crime or a wrongdoing that he did not in fact do, it was devastating to his life. Try to imagine if you were suddenly permanently locked out of your email, your photos, your cloud hosting, your internet access, and your phone service, This is going to be a massive problem in your life . Think about how all of the other [00:04:00] services in your life, the various dozens or hundreds of websites and services that you've signed up for. They all require you to be able to log into your email in order to authenticate, whether that's signing in the first place or resetting your password. So this guy while what happened to him was a tragedy, it could have been a lot less terrible for him if he didn't have all of his eggs in one basket, so to speak.

He had a single point of failure where Google was acting as a All of these different services for him. And when they did something that impacted him negatively by cutting him off, it was devastating to his life. And the extent of the damage was massive. Stephen, do you have anything that you wanted to comment on this article?

Stephen DeLorme: Oh, I don't think so. I think you pretty much summarized it pretty well. A whole other interesting topic for like maybe some far off [00:05:00] episode is like How you actually combat CSAM and also protect the privacy of good people, right? But that's like a whole, whole other thing that we're not even getting into today. But this guy was falsely accused, cleared of wrongdoing, and lost everything.

Even if it was just one thing just his family photos or just his internet access or just his email, that would be just as disruptive.

Jordan Bravo: Yes, so we are going to focus on the email part of it today, but you're right, this is wider reaching than email. But as we'll see, email is a critical service. I already mentioned a little bit how email is your gateway into all of your other services because that's for better or for worse. In the modern era, this is just how we sign up for services and authenticate with them is via our email address.

So if we don't have access to our email address we don't have access to many other things.

Stephen DeLorme: And for some reason, they, everybody thinks that they've [00:06:00] invented the email killer and it just never seems to happen. I don't know, it's this really resilient technology in our lives too. Yeah, a lot of like business communication has moved on to stuff like Slack and Microsoft teams and certainly social media marketing is like it's a whole other thing now, but I don't know.

Email marketing is still very much alive and it's like a default notification system for many services. So it just, it's this very resilient piece of technology that. Has not gone away and I don't see it going away anytime soon.

Jordan Bravo: I agree. Although I would I approach email in a way that might be different from a lot of people, but I think it's a good approach and I'd like to advocate for it.

So here's my pitch. Email is good for certain things and specifically it is good for communicating with non humans. So if we want to sign up for [00:07:00] a new service and they need our email address and we create a password and that's how we're authenticating, then that's a great use for it. Another thing might be, like you just mentioned, a newsletter where you're again Signing up for.

Or something, you're putting your email address in a database, and then an automated program is sending you an email that you can read. Neither of these cases is you communicating to another human being who's reading it on their end. Although this is what email originally started for, I would argue that there are much better technologies for that. We talked about instant messengers in our last episode, and I would guess that most people, when they're talking to their friends and family every day, they're going Are you using instant messengers or, SMS, I put it in that category as well. But the point is, people don't email each other for things like, can you come pick me up at eight?

It's not, it's just not how it works. Email is asynchronous as they call it. Now in business, email is still used at a lot of places, but from my experience, [00:08:00] the, even that is going by the wayside. It's been replaced by Slack and Microsoft Teams and these kinds of things for good reason. So I think email has a place in our toolbox of being how we sign up for services. In fact, it's crucial there, right? You can't really get away from it. But I would argue that you don't want to give your email address to any people that are like human beings. And if somebody does need your email address use an alias.

And we're going to talk more about that and how powerful a concept that is. But essentially, if you have a single email address and you use it everywhere, it is really easy to be hacked. Scammed, spammed, and also have people stalk you. Like it's, it can lead to a huge invasion of privacy. So there's a whole bunch of reasons why we don't want to do this. And we're going to go into the details of how we can take those steps, be more [00:09:00] self sovereign with our email, protect our privacy, and also in inoculate ourselves against future single points of failure, like in this Google article that we talked about.

Stephen DeLorme: All right, let's get into it. So I guess when we think about being cut off from our accounts being cut off, we'll just focus on the email part of it. A lot of people are probably going to be using something like Gmail. Remember when it was just like a clever little experiment and it seemed. Cute in like 2005 or six or whatever it was that Oh, wow, that Google thing they also have an email and it seemed pretty adorable and harmless at the time, but now it's become, I don't know, I don't know the statistics, but it must be the number one used email service in the world.

But I guess the thing is it didn't just become the number one used email service in terms of [00:10:00] sending and receiving emails. And also storing the data itself, but also in terms of your client. We would have been using a multitude of different mail clients in the late nineties and early two thousands, but Gmail has become the number one ESP email service provider and also the number one email client itself, because I think a lot of people are just using it in the web browser or they're using it as an app on their phone or something.

Jordan Bravo: Agreed. I don't know the statistics off top of my head, but I get the sense that. Gmail is the most widely used email provider, at least in the United States.

Stephen DeLorme: Yeah.

Yeah. Again, your mileage may vary overseas. I feel like it's become not only the default for like individuals, just, I feel like everybody has a Gmail, but it's also the default for businesses, like it's hard to come across businesses that don't use it.

If they do, it might be like, I don't know, the outlook cloud or something to that effect, but at least for most like smaller, younger [00:11:00] businesses that I find in the U S tend to default to Gmail and G like Gmail business or whatever. And most just like individuals I find use Gmail.

Jordan Bravo: Before we started recording, you mentioned there were three areas or categories in which you could reduce single point of failure. Do you mind enumerating those?

Stephen DeLorme: Yeah, so yeah we came up with these on the fly, but the, I think what we came up with was the idea that, okay, Gmail is being three things. One that you go to the gmail. com. You log into your email there. So it's actually a client. You're actually typing up your emails and reading your emails there in your browser.

So that's where your email client is. It's like the interface through which you send the emails, receive the emails, all that good stuff. So Gmail is a client. That's number one. Number two, they are they're a naming system. If I have Stephen 1 2 3 4 5, com, [00:12:00] I don't, and I don't know who that is, but um, if I have Stephen 1 2 3 4 5 @ com, they own gmail. com. And so by extension, they also own that name that's in front of it. They all, they own all the usernames are with Gmail. They're temporarily giving it to you as a service, right? But that they're in on a technical level, they own that.

So they own the naming system. That's number two. Number three, they actually own the data itself because we're not downloading emails onto our computers anymore, we're just going to a website and fetching them from there dynamically. They actually keep track of all that data.

So it's the email service. The email naming and the email data they own all three of those things.

Jordan Bravo: I'd like to create a metaphor here and this is, I'm coming up with this on the fly. Bear with me if it's rough and maybe you can expand upon it. But it would be if you lived in a home and the homeowners association, [00:13:00] controlled it set out rules for what you can and can't do in your home. It's as if the homeowners, homeowners association also was the owner of your mortgage. So that when you pay every month if you didn't pay, for example, you would be in default to the homeowners association. And now let's say that same home, that same organization that you that was a homeowners association and also your bank, essentially your mortgage provider, let's say they also provided you your. Home insurance. Now, let's say they also owned your car and you were making payments to them for your car. Now, let's say you also worked for them. You could see here how if you were to anger this organization, they could really destroy your life. You could suddenly find yourself homeless, jobless, without insurance, carless. So that seems a little more concrete for people, but I bet most people when they use Gmail, they don't realize that Gmail is [00:14:00] providing all of these different pieces. For convenience, it's understandable why they're so popular. They make it super easy. But could see how in that metaphor, I'm torturing a little bit, so forgive me, but if you were to have your insurance with one company and your mortgage with another company, and your homeowner's association was a different company, you might have a problem with one of them. But you'd be okay with the others and you could work out that problem or maybe get a new provider, maybe you're having a problem with your mortgage provider and you don't agree with their actions or payments or whatever.

You could find a new mortgage provider, maybe you could refinance, get a different rate and you're not going to risk losing your car and your health insurance and your job and all of that stuff.

Stephen DeLorme: Yeah. Yeah. I think that's a good metaphor. It's yeah, you're it's all a lot of eggs in one basket there.

So which maybe one of these should we attack first? If we want to think about system [00:15:00] an email naming system, an email service and email data itself, which one should we attack first?

Jordan Bravo: I say, let's talk about the domain name first, because even if you. So if you want to still want to use Google on the back end, for example, you can use it with a custom domain name.

And I would argue that's a step in the right direction.

Stephen DeLorme: Yeah. Yeah.

Jordan Bravo: So some people already know this because maybe they have their own custom domain name hooked up to Google or they have a business that where they do that as well. But if you have a at gmail. com domain name for your email, there's something that you can, there's a step you can take that.

That really gives you a lot of, lot more sovereignty with your email and that is to have a custom domain name. So if I am, for example, using jordan123@gmail.Com and I decide I want to keep using, I want to make as minimal changes as possible because I'm busy and I don't have a lot of time. So what is one step that I can do? What I can do is I [00:16:00] can buy a custom domain name and domain names are almost never free. And I'm only putting that almost in there because I'm sure you could find some exception to the rule, but let's just say domain names are not free. You have to pay for them. If you've never bought a website domain name before, you have to register it with the international registration organization. But in any case, you buy your domain name, you can get them very cheap. And then you go into your Gmail settings and you basically just plug in the right info. And next thing you know, I can have, instead of Jordan at gmail. com, I can have Jordan at bravo. com or whatever email uh, whatever domain name I've purchased.

Stephen DeLorme: Yeah. And it gets a little technical too, because. So you go into Gmail, you tell them you want to use a custom domain. They're going to give you some stuff that you're going to go put in. You're going to go back to the domain name website. And uh, you're going to put in some information there.

Like you're going to have to put in the -- copy and paste in like the basically the domain to [00:17:00] Google's mail servers and all their like backup mail servers. Um, And usually there's a SPF sender protection framework, which basically signals to the rest of the, people, receiving emails from you that yes, Google's mail server is authorized to send on my behalf. There's the DKIM, the Digital Key Identity Management. Actually, I'm not sure Google supports that or not. I know other mail clients support it or not. But there's a whole bunch of, different types of metadata they might ask you to add. So you'll be tweaking kind of things on both copied and pasted the appropriate details into your domain name settings and into your Google settings, then it, should basically work and then you don't really have to mess with it again. And I think just to make clear the point of why this is important is that. In the future, if you need to leave gmail, maybe this is because of some, catastrophic situation where you've been falsely accused of something and kicked off the platform, [00:18:00] or maybe it's just a situation where you just want to use a different service provider.

For whatever reason, you get to maintain that name. So you don't have to be like emailing everybody. Hey, I changed my emails. Use this email in the future. Whatever. I don't check this old one anymore, having to go update your email at a thousand different websites. You can just maintain the same name at whatever domain. com. You have ownership of that name. You can take it with you, whether you're using Gmail or whether you're using somebody else.

Jordan Bravo: And to expand upon that a little more, Let's say I have jordan at bravo. com it's, and I'm still using Gmail under the hood. Now let's say Gmail, let's say Google cuts me off from my account. I can no longer access. Previous emails that I've received. I can't sign into Gmail anymore. However, what I can then do is I could find a replacement provider, whether, I won't name [00:19:00] them now. We'll go into that later, but I find a replacement email provider. And then I just go through that same process is when I set it up with Google, with Gmail, I just set it up with this new provider. And then going forward. All my email, any email sent to that domain name or sent to that email address will still come to me. And this is great because now I'm not going to be locked out of any of my services.

So if I have to reset a password or somebody needs to send me an email from that point forward, I'm still going to receive it at my same email address, but at my new email provider.

Stephen DeLorme: Yeah. And would this be a good place to maybe segue into aliases?

Jordan Bravo: Before we segue into aliases. I'd like to talk about are there other email providers that we Have used that we might recommend or that have a good reputation

Stephen DeLorme: Cool.

So this might segways and instead to the kind of solving the other problem. So we've solved the email naming problem by getting our own domain name, right? [00:20:00] Now we're gonna solve. Okay, the actual email service itself, the sending and the receiving of the emails. I'll say for me, it's, I'm always a shill for proton.

Because I personally use their products and like them. I think we talked, I think we talked in another episode about just their calendar product as well as they're just using the contact system, but they originally started as an email platform. And I think what the original value out of proton mail was that their platform is end to end encrypted.

And so if you're not familiar with end to end encrypted. It means that basically means that your email data is, encrypted using your private key. So Proton doesn't really have a way of reading your emails because they're all encrypted with your key. It also encrypts it when you're sending it to other people.

So if like Jordan and I send each other an email our emails are automatically encrypted with our private keys.

Um,

so even if someone managed to successfully eavesdrop on us,

while [00:21:00] the email's in transit, they wouldn't be able to read it.

So I personally like Proton and I'm trying to think of other services.

I've heard of one called Tutanota, I think, that has a similar kind of privacy proposition as Protonmail, but I've never personally used them. So yeah, what about you in terms of alternate email service providers?

Jordan Bravo: I think Proton is great. I know that they also allow you to use a custom domain name. With your Proton email, so you can have any domain name and under the hood it's ProtonMail. I use one that's not super well known. It's called Migadu, M I G A D U dot com.

(Multiple): M A G. M I G M I G. Wait, hold on. M A G. M I G. Oh, M I G. D A U.

Jordan Bravo: excuse me. G A M I G [00:22:00] A D U dot com. Yeah.

Stephen DeLorme: That's why nobody's heard of them.

Their name is so weird.

Jordan Bravo: Yeah, it's a weird name. I think they're Swiss. And they might not seem very I don't know. special at first because they don't have end to end encryption like Proton for example, but they are small enough that they're not a honeypot for surveillance and they don't abuse you, google for example, if you have a problem Try calling their customer service.

Good luck. Like they don't care. You're one of billions of people. Migadu has, they're small enough that they will respond to customer service requests and complaints. They're very reasonably priced and you can have as many domain names mapped to it as you want. So for a price of, I think I pay 19 a year. I can have not only as many email addresses as I want, but as many domain names as I want as well. [00:23:00] And so I've used it for email addresses for myself, for my businesses that I've done, for basically everything. And it only cost me 19 a year. They do provide a webmail you can log in the browser, but their webmail is bare bones, and I prefer to use it by connecting a client, which, we'll get into why you might wanna do that.

Stephen DeLorme: Man the, it's like they haven't updated this in for those listening, I'm looking at the page. It says, can I pay with Bitcoin at all? And so we do not offer onsite payment with Bitcoins and they camel case it. Interesting.

Jordan Bravo: Yeah, it's a very old school way of writing Bitcoin.

Stephen DeLorme: That is a really powerful price. Like it's a very low price. There's five gigabytes on the plan I'm reading here on the site. They're almost like giving you like a little like section of an email server and like you can provision as many email [00:24:00] names as you need to in your little fiefdom there.

Jordan Bravo: That's right.

Stephen DeLorme: That's pretty cool. I remember a long time ago at a, at an old job, we had a email, like server, where we were renting out and. was, a little bit difficult and technical to manage at times. And I'm not, this service may be easier, but there was something really incredibly powerful about just being able to spin up as many emails as you need to, and once getting into I don't know the new way of doing things where you have to. Pay for every single user. Like pretty much everybody has adopted this like cloud first business pricing model where you pay like a minimum of 6 per user or whatever. Ends up stacking up and being very prohibitive.

Jordan Bravo: Agreed.

So this isn't going to be for everyone, but this is for people who have a similar approach to email as I do, which is, I'm not using this to send gigabytes of files, photos, videos, etc. I'm only using [00:25:00] email to register for services and maybe occasionally archive receipts and stuff like that. Oh, mostly text based communications.

Stephen DeLorme: That's really cool service. So these are some alternate service providers that we've looked at here. Are there any more we should cover or should we? Segue into something else.

Jordan Bravo: I think we're, we've covered the service providers. Let's go now to aliases.

Stephen DeLorme: Yeah. And so we've solved our kind of second problem there of, being cut off from the actual sending and the receiving of the email, I think aliases gets into something that's a little bit more back on the naming side of things. The basic problem as I would describe it is that once you own this name Stephen at whatever domain. com and [00:26:00] you, once this email gets out there into the world you're just, you're going to get all kinds of spam, right?

You list your email on a website. A spider tracks it, like a web spider crawler picks up your email, starts adding you to a bunch of lists. So that becomes a huge problem. You start getting tons of spam and if you're using Gmail, then maybe the spam is solved for you, but. Otherwise, you're just going to be getting tons of mail. Once you start filtering out spam, you have to worry about like false positives, all these things. So then you also have the idea of like data breaches of maybe your email is not published anywhere on the web, but somebody that you use, like a legitimate company that you do business with, you've given them your email, so they have your email recorded so that you can log in and out of the website, their website gets hacked, email then gets leaked out onto the dark web or whatever. So then people still managed to find out about your email. You have this other kind of threat, which is what if this company that you're doing business with you thinks legitimate, [00:27:00] they're actually behind the scenes, just selling your data. And I think it's a lot more common than we think. So they ended up selling your email and somehow again, your email ends up either in the hands of like third party marketers or it ends up in the hands of, again, some real shady people. No matter what you end up doing, just by giving anyone your email, you run the risk of your email getting sold to marketers or criminals or whatever. And so how do we solve that?

Jordan Bravo: And I'd like to ask people to think about. What could the potential problem be with giving the same email address to every single site that you up for? You are standing in line at a restaurant to order something to go and they ask for your email address. You're creating an account on DoorDash et cetera, et cetera. I would encourage you to think about it and try to come up with it on your own, but now I'm going to spoil it for [00:28:00] you. What happens is, every single time you do that it's resting in someone else's database, someone else's computer. And companies eventually get hacked. The bigger the company, the more likely they are to get hacked. And when they are hacked, In fact, your email address, if it's, worst thing that you can have is your first name and then your last name at gmail. com. That one is just so easy for spammers because somebody breaches a database, this is a juicy set of data that the hacker has gotten, right? This will be sold on the dark web. And now the person who bought that data, they have your email address, they have the site you used. And then they, and now they have your first and last name. Now they can search the web and they can try to break in at other websites using that same email address and same password. And most people, if they are not using a password manager to manage different passwords for them, that same password will likely work on all of the other sites. And [00:29:00] so this would be coming back to what we originally talked about.

How your email address is your gateway to the rest of all of your accounts. would be an example where you might even have trouble resetting your account if they were to able to break into your email. For example, if I was jordanbravo at gmail. com and I use that on, let's say, and then my password. Now I've used that same password when I log into my Gmail account, right? So now when Netflix's database is breached, now the hackers have that email and password and they know it's Gmail. So now they go to gmail. com and they log in with Jordan Bravo and that same password and boom, now they're into my email.

Now they changed my email password to lock me out and now they wreck absolute havoc on my digital life because they control my email address.

Stephen DeLorme: So the whole aliasing system is our solution to this. And for those just [00:30:00] listening, I'm pulling up SimpleLogin's website up on the screen there, because they're a service that I use. and I'm not sure if there's other aliasing services we should come up with. I'm not sure if they like. Like I remember doing this a long time ago back when I had, access to a server where I was like provisioning different usernames and filters and forwarding addresses like back in the day, this would be, you'd be making like forwarding addresses on your email server. Addresses that would automatically forward other addresses, right? But obviously that became a lot harder once we started moving to, like online cloud hosted email platforms. So these aliasing systems came around and do you want to get into what this exactly does?

Jordan Bravo: Yeah. And. did use a couple before SimpleLogin and they're honestly not worth mentioning because one went out of business and the other one is not nearly as good.

So SimpleLogin is by far the best [00:31:00] that I've tried. And what SimpleLogin does is you have, you create an account with your real email address. That's the one where you actually log in, and then you, and then SimpleLogin will, any time you want, it will create an email address for you that points, that forwards email to your real email address. So if I'm creating an account on Facebook, I would create, I would sign into SimpleLogin with my real email address, and then I would say, generate me an email, and it'll create it. at alias. com and if I'm creating an account on Netflix it would create Netflix at alias. com and it's not going to literally say alias.

com but it's going to just Put in whatever email address doesn't matter, right? It's just filler basically. But behind the scenes, it's forwarded to my real email address. So I log into my email as usual, [00:32:00] and I get emails from all of those different addresses that I've used. I want to use a different one for each site, for each service that I've signed up for. what's really cool about this is that. can then toggle on or off each of those emails. So let's say I start getting spam from one of these emails that I've created and signed up with a site for I can just turn it off with the click of a button and now I'm no longer getting email from them. And I know where that spam came from. I know that this particular site sold my data. So maybe I don't want to do business with them in the future.

Stephen DeLorme: Yeah, it's, and it sounds complicated, right? But it's actually pretty easy. Once you get it set up. SimpleLogin just has a little browser extension.

And so any website you go to like how your password manager will put a little icon next to any input field and offer to fill the password for you. SimpleLogin will do the same thing for any email input field. It'll give you like a easy option to just generate a new email. And like the default ones are the, they're just like these like [00:33:00] randomly generated strings, like these like long, complicated looking domain names. But if you have your own custom domain you can actually use your own custom domain with SimpleLogin, which is really cool. Because then like you're getting it before about like owning your name on the internet could just do something like I could have like Facebook at Stephen.

com and meetup at Stephen, Stephen. com, all of these different things. And yeah, I think that the real powerful thing about this is that if one of those emails does fall into the wrong hands, I can just cut it off. I can just turn it off and stop receiving to that email. So one, I'll know who sold me out and then I'll be able to turn it off and actually stop the inflow of spam.

Jordan Bravo: Yes. And this is part of the sovereign computing mindset of thinking long term about points of failure. And so even though we both love SimpleLogin as a service, and we hope that the company continues on for the [00:34:00] foreseeable future, We want to think, what if they go out of business someday? What if they stop existing? And that's why you would want to use your custom domain name with them. So you don't have to use a custom domain name. If you're getting overwhelmed by all of the different suggestions here today, you don't have to do that. You can just go to simplelogin. io right now and sign up for an account for free and just use the basic defaults out of the box. But that would be a, what I just illustrated would be an example of. Being of pulling apart those eggs in one basket and having, not having a single point of failure.

Stephen DeLorme: Yeah. And they, they're now owned by proton. It integrates very nicely with proton individual and like the ProtonMail, like business suite which is really nice, but I learned something new that you are telling me you can actually. SimpleLogin into your like outside password manager.

Jordan Bravo: So I use Bitwarden and Bitwarden has great integration with SimpleLogin. So when I go to a new [00:35:00] website that I, that's asking me to sign up for with an email and password, for example I click on my Bitwarden extension in my browser and it will automatically generate, it will, it's connected to my SimpleLogin account and it will automatically generate a unique email address for that website and then save it in my password manager.

So then my password is automatically generated. My email address is automatically generated and it's saved along with the URL of that website.

Stephen DeLorme: Cool. I was going to look if I could find API documentation, but they may not have it on there, but yeah, so that is really cool that way you don't need to be like stuck on their front end if you don't want to be.

Yeah, and you could also go like probably, if you're pretty technical, you could build your own forwarding system, but with this service built out, it's a no brainer for me to be using something like this.

Jordan Bravo: There is one more thing I'd like to say in SimpleLogin's failure.

Is that. It's actually open source and you can self host it.

Stephen DeLorme: You can self host [00:36:00] SimpleLogin?

Jordan Bravo: Yes, I have not had the time to do that because I've just been so thrilled with their service. And the value for the bang for the buck that you get, I think it's a great deal, very reasonably priced. But on my self sovereign to do list someday, I might try and self host a SimpleLogin server.

Stephen DeLorme: There might be a good way to pivot into kind of solving that other problem of the email data itself and being able to maintain control over that. I'm going to suggest we start with the painful hard way and then move into the easy way maybe.

Jordan Bravo: Okay. And just to contextualize for everybody, we talked about how, if you have your own, if you separate your domain, your email address, domain name from your email provider, then if you were to get cut off from an email provider, You could, going forward, still retain access to your email address by switching providers. But, that doesn't solve the problem of, if [00:37:00] all of my email is on that server, and now I don't have access to it, I can't go backwards into the past and retrieve previously generated emails.

Stephen DeLorme: Yeah.

Jordan Bravo: What we're going to talk about now would be solving that problem.

Stephen DeLorme: Yeah. And the solution is basically self hosting your own email.

If you really don't want to trust there's the hard way and then the easy way. The hard way is self hosting your own email. And. I'm just pulling up here a bit on, on Reddit, an article called why you really don't want to self host your own email server.

And the author goes into a pretty lengthy explanation here all the different stuff you have to go to the main problem they talk about a spam and just being able to have to manage all the spam filters on your own. Then you have to worry about getting sent to spam on other people's machines and all of this.

And so they go into a good bit of detail about all of the different, steps you have to go to and through and broad strokes. But it is a, a painful [00:38:00] operation, at least by if the title at the top of the page indicates anything. So have you tried this before?

Jordan Bravo: I have not tried to self host my own email server yet. Simply, busy, lack of time. I would like to try it in the future so that I can experience it for myself and see if it's too difficult or not. This post was three years ago. Things have, might have gotten a lot easier since. I've also seen mixed reviews online about self hosting your own email.

So I've actually read this post before when I was researching but I've also seen the other end of the spectrum where people say, it's not that hard. Here's a, three line script, or here's a program that does it out of the box for you. While we're talking about that, we should mention MailCow is one of the ones that we talked, we've seen. And then the other one would be Mail in a Box. So if you are interested in self hosting your own email, Mail in a Box or MailCow, I think they do a lot of the work for you.

Stephen DeLorme: That's good. [00:39:00] I'd be curious to learn about what their like spam system is but it looks like I'm looking on the mail in a box and it's got like a little install scripts. Wow, installing a DNS server, DNSSEC signing keys. Huh. interesting. Oh, Roundcube, which is a web client that you can self host. Oh, yeah, that's cool. Looks like it has a lot a lot of stuff packed into this Mail in a Box.

Jordan Bravo: I'd like to throw the question to the audience now. Have you ever self hosted your own email?

Have you thought about it? And if so, what were the results? Please boost in. And also, if you're interested, let me know if you'd like to hear about my efforts to self host email. And if there's enough demand for that, then I can give it a try and report back here on my findings.

Stephen DeLorme: Yeah, that sounds like awesome.

So yeah, boost in, let us know your self hosting email stories.

Jordan Bravo: Stephen, how do people boost in if they want to do that?

Stephen DeLorme: Oh,

yeah. So you boost in, you would go to fountain. [00:40:00] fm or any podcasting 2. 0 app, search for ATL BitLab podcast on fountain. fm. I've got it pulled up on screen for anyone who's watching the video version. Yeah, fountain. fm is probably the best app to use right now.

So about the hard way. I think it might be good to get into the the easy way now, which would really just be like,

Jordan Bravo: so if we don't, if we want to make sure we have access to all of our historical email and we don't have the time or inclination to self host our own email server, what are our options?

Stephen DeLorme: Get a client, get your own client. And this kind of goes back to what we were talking about at the beginning that, that Gmail became the service provider and the client. The client is, again, that interface you actually use to send, receive, read emails. And, a long time ago, we, I think people thought of maybe had a better idea of these as separate things.

Maybe not everybody, but certainly if you're a technical, you did these would [00:41:00] be things like, Microsoft Outlook on windows or Apple mail on the Mac platforms, or it would be maybe, I don't know, some of some kind of Linux client, I'm actually not as familiar with some of older Linux mail clients. You would have actually used like a mail application on your desktop. You would have typed in the the, credentials to log into your mail server, and then you'd be downloading your emails locally. And so this would be actually on your computer. You're like sucking down the emails from the mail server as they come in and having them locally.

And the, that means that if the mail server goes down or you get cut off from the email service provider or anything like that. You still have your emails. They're on your computer. They're stored there local. You have like your own local backup.

Jordan Bravo: Yeah, exactly. And you mentioned Apple mail.

And I think that's probably a lot of people might not realize that they're using Apple mail, but maybe they have Gmail on the back end. That's a great example of how the client that's the front end that you're actually looking [00:42:00] at and the backend server can be decoupled. In other words, they don't have to be the same provider.

And so if you are on your phone, your iPhone, and you have Apple mail. And you'll notice that if you go offline, maybe you're in airplane mode or you lose service, you can still open up your email app, your Apple Mail app and browse through all the emails because they're on your phone, they're on your device locally.

And so if you were to ever permanently lose access to, let's say Gmail in this case, You would then be able to export all of those emails and you'd still have them that you could save anywhere.

Stephen DeLorme: Yeah. I've got Thunderbird pulled up on screen for anyone who's just listening. It's an open source client.

It works on Windows, Linux and Mac OS. And ooh, it looks like they have an Android version as well. I didn't know that. So that's an option. Just if you just want to have that backup you can hook up gmail to this. You can, I believe you can still hook up proton to it. They have a cool bridging thing that allows you that kind of handles the encryption for you and any pop three [00:43:00] or I map.

Those are just like some common protocols for checking mail servers for messages. Like pretty much all of your, major mail service providers will be able to give you the credentials to be able to log into your account using something like Thunderbird. And so yeah, that's a good way to do it.

Of course, the caveat is you do need to keep track of the disk space. It will be actually on your computer and we get used to the idea of wow, this mail provider gave me half a terabyte of storage for free and another half terabyte for, paying, 5 a month or whatever, we get a little spoiled by that, but maybe you actually don't need all your emails stored indefinitely.

Do you really need DoorDash receipts from four years ago, like still stored or whatever? Maybe you actually lighten that digital footprint a little bit. And you're really just, storing stuff that might be more critical for your business.

Like real like legal documents and, things like that, and maybe you don't need all of these, just 10 year old receipts in your email.

Jordan Bravo: Yeah. Agreed. I, this is an approach that we can [00:44:00] apply to all of our digital life, right? We can try to, instead of saving and archiving everything forever, like you said, our DoorDash receipts, are we going to need that in a few months or a few years, like probably not.

So about being thoughtful of, what kind of data trail we want to leave, whether or not we actually need all this archival data stored indefinitely into the future, and just making decisions about that. So in other words, going through and pruning your data from time to time, or just deleting something rather than archiving it as Gmail encouraged us to do from the beginning.

Stephen DeLorme: Yeah.

Jordan Bravo: One more thing I would want to say on the topic of email clients is that this is a recurring theme on the Sovereign Computing Show, which is we talked about or we talked about calendars and contacts, and we mentioned the open protocols. And so email is a great example of this as well. Stephen, you mentioned IMAP as something that is [00:45:00] spoken by all, almost all email providers and email clients. And so that's why you can use Thunderbird or Apple Mail or webmails. These can all speak the same protocol and therefore they can communicate with each other, even though they're not the same company.

Stephen DeLorme: Open protocols are powerful.

Cool. Anything else we should hit on?

Jordan Bravo: I think we covered it. That's all for today. Send us in your boost. You can do that at fountain. fm, or you can go to atlbitlab. com slash podcast. And you can get show notes and transcripts and all the good stuff there.

Stephen DeLorme: All right it's been real y'all.

I hope you enjoyed it. Let us know your feedback in the boosts and we'll see you next time.

Jordan Bravo: Thanks everyone. We'll see you next time.

Stephen DeLorme: Ending music. (sound effects) I'm not going to include that one in the next edit.

Hey, thanks for listening. [00:46:00] I hope you enjoyed this episode. If you want to learn more about anything that we discussed, you can look for links in the show notes that should be in your podcast player, or you can go to atlbitlab. com slash podcast. On a final note, if you found this information useful and you want to help support us, you can always send us a tip in Bitcoin.

Your support really helps us so that we can keep bringing you content like this. All right. Catch you later.