Does anyone use gmail + PGP ? if the two parties understand how to send encrypted messages over web clients, isn't that still secure ? I haven't heard much about PGP for the past 5+ years. I realize PGP itself isn't a protocol, but there used to be a system where you'd publish your public key (irrespective of what protocol (RSA, ECDSA, etc) you use) somewhere and anyone could send you encrypted messages and paste the base64 text into insecure clients.
I agree that the search in Fastmail is fairly bad - it does have an 'advanced' menu option that isn't immediately obvious, but it's still not super great.
You made me panic when you mentioned Spam false positives, as I've never really bothered checking that folder!
Thankfully I don't appear to have any so far. Better than bloody GMail arbitrarily deciding that subscriptions and emails I've long-since received from various sources being suddenly spam... .
I've been using Tutanota for almost a year now and it's pretty good. I'm no expert on encryption but that part also seems pretty solid [0,1]. NordVPN "leans towards" TN over PM, but only for convenience and not security (that's more or less equal between the two)[2]. However, PM is based in Switzerland (not bound by GDPR), while TN is in Germany (bound by GDPR and other privacy laws that the EU is really progressive in pushing, compared to the rest of the world)[2]. That said, PM is what Cambridge Analytica was using to overthrow governments so I suppose that has to be pretty secure[3].
PM pricing is €48-288/y while TN is €12-60/y[4,5]. Both have freemium options too; I'm paying €12/y for TN just to receive support (more to be able to message them with feedback, really).
My only complaints w/TN is that it's a bit slow; notifications will remain even seconds after I'd read the mail, and sometimes (especially in the beginning) I would hit "Del" twice or more for the same email because it would remain in my inbox, ultimately accidentally deleting the emails after it in my inbox (something I noticed only after refreshing the tab, which -- annoyingly but also securely -- would cause me to have to log in again).
I ultimately went with TN because of one thing, however: I can export emails. Yes, it's a hassle, and yes, I have to generally do it by hand, bundle by bundle, but I love being able to have all my emails archived offline. Plus, with their new (beta) desktop client, this should be even easier[6]. I'm staying with them for now because they're the only ones (that I know of) who encrypt both your emails and your contacts, as well as the subjects, contents, and attachments of all the emails you send[7]. This is HUGE for me. However, the moment a better service comes along who does all this and who is smoother, faster, I won't mind switching ship. Especially because the name is so annoying to tell people, especially over the phone ("Puta? Duda? T like Dom or like Tom?"). Yes, I get it means "secure message" in Latin, but come on now. Just use a simple word already. Or do what PM did and enable a neat shorthand domain (pm.me, how neat is that?[8]). Though they also do offer custom domain names so I suppose this isn't too much of an issue, I just haven't had time to properly look into this yet.
After reading this thread though I'm curious to find out more about FastMail. But Australia, uhhh... Five Eyes, no thank you.
ProtonMail also encrypts emails, contacts, contents, attachments, of all emails you send and receive, with end-to-end encryption.
However, the most important differentiator is the trust model. ProtonMail has Address Verification, which means it is trust on first use, which is significantly more secure than the trust on every use model Tutanota uses for key distribution. Details here: https://www.reddit.com/r/ProtonMail/comments/b84kd3/why_is_p...
My biggest issue with Tutanota is there's no IMAP support. I don't wish to jump through hoops to get my mail out easily and in standard formats if I want to leave a service. That's why I won't use it. Same goes for ProtonMail, which is slightly better but has a tedious IMAP bridge to be installed and used for paid accounts.
I do not use email for discussing sensitive topics. It is not the right tool for the job.