E-Mails in Cloudron - privacy with smtp relay server?
-
I have some e-mail accounts in Cloudron with Postmark as smtp relay server. I am tempted to move another account, because I like self-hosting, but I wanted to ask first if you have concerns about privacy if this concerns not just app notifications or similar that you might send out, but your actual e-mail correspondence, which might even include confidential information.
Does it make a difference if you send them with a generic hosting provider like Gmail, Hosteurope or an smtp provider like Sendgrid or Postmark? After all, the latter services are optimised for marketing e-mails that are per definition semi-public, so I would reckon they have a vested interest in doing e-mail analytics.
I know about the general amount of privacy for e-mails and I know that they could be encrypted, but that is not the point here as this is not related to the decision how to send them out.
-
@ekevu123 Do you have a reason to use a mail relay behind your Cloudron instance? For me, the only use case for a dedicated relay is sending newsletters. In this case, the app is configured to use the relay.
The second use case is a Cloudron instance in a home network without having an additional instance in a data center. -
-
You should only setup a mail relay provider you "trust" . Generic providers are fine, imo. For example, password reset mails are sent via email . Of course, if you have 2fa, your account is still protected.
-
Not really - the privacy issue is the same with any email provider you sent your email through. I don’t have too large of a sending volume and chose a „classic“ mail provider https://mailbox.org in Germany as they are privacy minded and allow sending through your own domain …
-
@necrevistonnezr said in E-Mails in Cloudron - privacy with smtp relay server?:
the privacy issue is the same with any email provider
Emails are the postcards of the internet world. There is no privacy. All the mails content, sender, recipient, attachments and other metadata are readable to any system it passes. Even if you encrypt your message, you can only encrypt the body and possible attachments.
In my opinion the only concern for a relay should be:
- do i trust them to not modify my mails without my consent?
- do i trust them to not store my mails?
- do i trust them to not forward my mails to third parties?
- do i trust them to not read my mails?
-
I looked into this further and have seen that Postmark provides the opportunity to avoid storing the body in their logs. I think that is reasonably safe. And since I already have a business account with them, I am going to attach my private e-mail account there as well.
Thank you for your assistance in this matter!