I really like email. I think it is one of the most important communications media we use, and I think that structurally, it reflects the decentralised nature of the early internet (a subject I come to quite frequently). Even were I not to have this prior affinity for email, it would be hard to deny its centrality as a medium of communication in the modern day, even while instant messaging (e.g. Whatsapp) and other social media (e.g. Snapchat, Instagram) are ever more popular.
Given the aspects of my life which pass through my email inbox, for example: shopping receipts; appointments; interactions with government services; and personal messages, it is important to me that this veritable trove of information on my life and habits is not continually mined by my email provider, with the insights sold on to advertisers, insurers, and governments.
Back in 2010 I decided to register a family domain name, and to set
up the members of my immediate family with email addresses under this
domain. Apart from seeming like a cool thing to do, the main motivating
factor was that, since email was so central, it seemed wrong to me that
it was impossible to “vote with one’s feet” if one’s email address was
inextricably tied to the service provider (for example if you have an
@gmail.com). Only by having a domain of
our own could I choose provider at will, migrating away if I did not
like how the contemporary one behaved.
Having registered the domain I set up the email addresses (and calendars, &c.) on Google Apps, as it was then, since Google was offering the whole suite for free for “organisations” of 25 or fewer accounts. The Google service offering was one with which I was very familiar, having been a Gmail user since it launched in 2004 (back when it was invitation-only).
Google offer a really good service when it comes to email and calendars (not to mention many of the other tools they offer, like Google Docs). This has meant that, while privacy has always been important to me, and I have slowly extricated myself from services which do not respect my privacy, my email was always kept within Google’s realm.
For the last couple of years, however, I have been flirting with alternatives, and have had a strong desire to move my family’s data outside of Google’s reach. I recently read about leaving Gmail , and with the time afforded to me by the Christmas holidays I decided to jump.
The main motivation for this is privacy1. Google’s entire business model is predicated on offering me free (or cheap) services in return for my data, which is sells on to advertisers, insurers, governments, and anyone else who will pay. The things that really spooked me recently was understanding exactly how much knowledge Google has pulled from my emails (things like knowing all my shopping habits since so many services send email receipts), and also the new writing assistance that Gmail offers online, “helping” you to write emails by suggesting words based on other emails you, and others, have written.
Searching for an alternative
The things that were most important to me in looking for a new email provider were privacy, longevity, and good support. The former does not just extend to the business model of the company in question, although this must be a straightforward transaction where I pay them and they supply me with email services, but also the jurisdictions in which they operate. This rules out companies in countries where mass surveillance is the norm (so bye bye five-eyes countries). It also means the companies have to keep their data in jurisdictions which respect privacy. Of all the regions in the world, Europe (or specifically the EU) is heading in the right direction on a privacy front with legislation like the General Data Protection Regulation (GDPR). Switzerland, Germany, Scandinavia, and perhaps the Netherlands seemed best to me from a privacy perspective.
I also needed the provider to allow me to use my own domain and administer my family’s accounts. There would be bonus points to providers offering caldav and carddav services for synchronising calendars and address books, as well as those using primarily open-source software, and having good import tools to make migration easier. Any companies with good webmail interfaces would be nice, too, but I could suffer some degradation on this front since I mostly use local clients.
I explored a couple of options. The first was Fastmail, because they are very highly rated by everyone I have seen use them, and the team really does care about privacy. Unfortunately, they are hosted in Australia, a country which is not only in the five-eyes intelligence-sharing network, but which recently passed a bill  which does away any hope for judicial oversight of surveillance. Fastmail has written online that the bill will not have an impact on its services  but I simply cannot trust a service based in Australia, with servers in the USA, no matter how much I like the team.
With Fastmail out of the running, I looked at ProtonMail, a service whose raison d'être is privacy. ProtonMail is well known, and many people who value their privacy use it. To be honest, however, while I care about my privacy, I am mostly trying to avoid being swept up in mass surveillance, rather than reasonably ordered, court backed, searches — I can see an argument for this being a valid route for law enforcement to pursue. ProtonMail encrypts everything at rest, which is great, but such a strong protection is not as high on my list as basic privacy, and their service was significantly more expensive than some of their competitors.
Four other options remained: Runbox, Mailbox, Posteo, and StartMail. Of these, I chose Runbox as it seemed to be highest rated amongst its users, had a very responsive team when I interacted with them, could support having my own domain name, and seemed to have an active community with good supporting documentation. It is also based in Norway, where the privacy protections seem very strong.
The first stage of migrating to Runbox was to open a new account. Runbox has several different price options, and I have gone for a “medium” account (which gives me a 10GB mailbox). I had to buy “sub-accounts” for my family members separately. I initially thought this system a little confusing but it actually works quite well.
The next stage was to setup 2FA (the lack of 2FA would have taken Runbox out of the running, but I had just assumed that every service would have it), and then import my mail. Luckily Runbox has an IMAP import tool, so I set up all the app passwords, pointed it at Google’s servers, and let it go and do its work. This took several hours to import the c. 25k emails I had on my personal account(s) but we got there in the end. The nasty part was to do with how Gmail handles labels and folders.
One of Google’s big innovations in email was to move past the anachronistic use of “folders” for digital media, which is a hangover from the age of digital filing systems, and move to using labels. Unfortunately IMAP still uses folders, and while some servers (including those of Runbox) support custom flags, the import of emails via IMAP from Google meant I had many copies of each email (one for each label applied, including the automated labels like “Important”).
I mostly rely on search instead of labels for my email, and the only time I really used them was with the automatic filters applied to my incoming messages. So, instead of preserving the tagging system, I opted to move everything into the “Archive” folder.
It’s worth noting that Runbox’s web interface has no concept of an “Archive” (which I found totally bizarre, but I have talked to them about it and it is on the roadmap). Thus I made my own “Archive” folder and told my email clients to use it for archived messages.
Moving more than 30k messages into this folder (because of all the
duplication) was going to be painful if I had to download the messages
to an email client first, then drag-and-drop them into the right folder.
Instead, I decided to learn a little how IMAP works (by interfacing with
it manually via
openssl s_client). Thankfully Runbox’s servers support
MOVE command, so I was not going to have to copy-and-expunge
each message to move it which seemed unnecessarily wasteful and
was not an atomic operation. To perform this en masse, I wrote a
cli to move all the emails
from one folder into another.
Once this was in progress, I also pointed the MX records to the new servers and hey presto, everything worked. Well, except that now I had so many duplicates I was over my storage limits. I won’t bore you with the details, but I started writing a deduplicating command for my CLI, only to discover that Quentin Stafford-Fraser had got there first with quite a comprehensive tool, so I used that instead.
Impressions and conclusions
With my emails all migrated, and deduped, I could take a real look around. I had, of course, already been interacting with the RunBox system, both the management tools and the two webmail client (RB6 and the “beta” RB7, which is open-source).
As I have mentioned previously, Google has done a great job with the Gmail web interface (and I’m not talking about Inbox here, which I never really liked). It’s well-designed, feature-rich, and has the keyboard shortcuts I need to mean that I almost never have to use the mouse, and I get through a lot of emails each day.
Most other services pale in comparison to Google’s offering, but Runbox felt especially bad. RB6 (the current main-line offering) looks like it has not been updated since the early 2000s, if not 1990s. It almost has a Win95 feel to it except that you can hover over menu items and it has some drag-and-drop functionality. There is no concept of archiving emails, it is unclear how to delete folders, the “back” button does not always work as expected. Ultimately I have found it practically unusable. Unfortunately the new beta interface is not much better, and where it has a very updated look (although, in my opinion, it is still very poorly designed) it has lots functionlity when compared to RB6 — no tags, it is perpetually “synching”, and often my emails do not even show up in the inbox.
Overall, from a webmail perspective, this is really dreadful. The management tools are marginally better. The designs are the same as RB6, but the functionality all seems to be there (even though there is no way to force a user to change his or her password on next login so new account setup is a slightly painful experience). One thing it does have going for it, however, is speed. Leaving RB7 and its continual “synching” aside, the Runbox webmail is very fast. I never seem to wait more than a few milliseconds for something to happen, which is great.
Luckily, I am going to be interacting with my email almost exclusively through desktop and mobile clients, over IMAP. I have yet to find an email client that really suits me (and I have tried quite a lot of them), especially since I have decided that I no longer want to use one which stores my emails on their servers (presumably to “make our searching faster” or some such excuse). I am currently using Postbox, which is better than Apple Mail but still not very good.
Overall, whilst the process has been harder than I thought, I am also very pleased with the result. Runbox is a company I think I can trust, and they have been very responsive to all my support queries and forum posts. I live in hope that I may be able to change the direction of the webmail client since it is open-source (although it is written using Angular2, which is a great shame). More than anything else I am just relieved that my family’s data no longer reside within the Google leviathan’s belly, and for that I am willing to suffer a substandard webmail experience.
- The other, which is that Google is an Evil company in my view, will have to wait for a separate article. ↑