from GaryGhost@lemmy.world to privacy@lemmy.ml on 10 Jan 03:24
https://lemmy.world/post/41402116
I made my first and only account with tutamail and within 48 hours it was disabled due to abuse. It really bothered me because I had forwarded now deleted emails for storage, updated many accounts including my doctors with the new tuta email. The next time I try to login it tells me that my password is wrong or can’t login. I waisted my time trying to change the password and when I contacted support they send me this:
Hi there,
Thank you for your email.
Your account was flagged as an abusive signup by our system and it was therefore suspended. We have reviewed this case and we cannot make an exception. Please understand that we block some signups based on many different criteria in order to ensure the quality of our service.
Please feel free to register a different account.
Why the hell would I make another one? I signed up my one account the same day that I discovered them. I used a VPN, as if that’s anything new. “I can make another account” really? So they can delete it again?
Obviously I should have tested their client before going all in. Who cares about privacy when random assholes can just wipe my data or read my emails. I needed to vent. Fuck you tutamail
threaded - newest
They can’t read your emails though, Tuta uses zero-knowledge encryption, it was something else that got you flagged. Did you send a lot of consecutive emails?
For the sake of accuracy: Incoming emails from external services are initially not encrypted. It’s only truly zero knowledge for either emails sent by another tuta user, or for emails that have already been received.
That being said, they don’t record this information unless specifically required by a court order, which to my knowledge has never happened. I understand that they make the decision of whether your account is spam within 48 hours, and after that it is in the clear. I created my account over Tor, didn’t use it much at all for the first few days, and have been using it fine since. That’s only one data point of course.
You are talking about End-to-End Encryption. Zero-Knowledge Encryption means they don’t have access to your mailbox because they don’t know the password, it’s not stored on their server, they only know the hash it generates (which is used to verify you know the password, but the password itself is never exposed).
Even though they can’t get inside your mailbox they know all the incoming and outgoing metadata (addresses of emails sent/received) so they know your traffic (there is no way to encrypt metadata anyway, it would be like giving a letter to a mailman but not telling him who to deliver it to), but, say, court orders them to give access to your mailbox, they have no way of doing it, only someone with your password can read your emails.
To be explicit. If its not e2e, it’s sent and recieved and logged in plaintext. Tuta can opt to encrypt it, then store it, after the fact. But you cant verify that they do. Even though they claim to. Only messages (which is not mail) between tuta customers are e2e as i understand it.
Use signal. (Or for mail: i am going to shill purelymail which is awesome)
Stored emails are encrypted in any service, the difference from Tuta, Proton, Atomic, etc, to Gmail, Outlook, Yahoo and others, is that they don’t have the decryption key. But yeah, technically any of them could make a copy of unencrypted emails you receive and send (the later don’t even need to since they have the key), but they can’t do it retroactively. Proton had a few third party audits checking their services, but afaik Tuta hasn’t.
That’s pretty annoying.
I had a similar experience today with two other services. The bot detection systems these sites are using is completely broken.
I’ve had my tuta account for a while so never had that issue with them. But I don’t appreciate the way they handled your issue. I wouldn’t use tuta if I was treated like that.
That’s why I closed my Tuta account and sign for Posteo. Couldn’t be more satisfied!
Was it a free account, or paid? Tuta is pretty strict with the free accounts especially when new. I definitely would not consider using Tuta free for anything long term, they’ll just come up with all sorts of reasons to restrict or disable your account.
I’ve read they don’t do that sort of thing with paid accounts but can’t confirm, only ever used their free accounts for temp usage.
It’s absolute bullshit that they refuse to reopen when the user reaches out for a solution. Just replying with an autoreply, probably without even actually looking in to it, telling the user to basically fuck off is as scummy as it gets.
Never had any problems with my paid tuta accounts
Same. Signed up for one service and the Tuta account was gone within 2 days. Fuck em. It’s one thing to know your account can disappear at any time, it’s another to know they have a consistent history of doing it. I will never consider them a legitimate option for email nor recommend them to anyone.
My guess is that whatever VPN server your connected to had someone else who was spamming or doing something else they weren’t supposed to. This caused the email addresses associated with that IP to be flagged.
One of the drawbacks to a VPN is you share your IP with strangers who sometimes do stuff you get penalized for.
Kinda seems like internet 101 that they should either explicitly state they don’t support emails created on VPNs or that they won’t blanket ban a VPN IP address.
Why? Both of those options are worse. You can’t be a privacy respecting service and not allow VPNs. If you do allow VPNs, it is going to force you to sometimes blanket ban an IP because bad actors use VPNs as well.
Typically this only happens on free VPN servers because people who abuse these services also realize they are going to get banned. The easiest solution is to use a premium VPN or signup with your actual IP address (depending on your threat model).
It pays in the long run to have your own domain for your email. Most providers can host your domain for a (usually) small fee, then you will never lose your addresses, even if your provider disappears.
Can you please provide an example of such provider?
Proton, Gmail, Outlook (or Copilot, they’re probably calling it by now), my own email service Port87, all offer custom domain support. I definitely would recommend against whatever you get offered in the checkout process of your domain name, cause it’s usually very low quality hosting.
So if I make my own domain, user@funkylemmy.com, then I can ask Gmail to host it, and when I’m tired of google, I can ask another provider?
Yes, you change your DNS settings so that your domain points to the new provider servers and recreate your email addresses there. You won’t have the old emails unless you backed them up and restored them but the address will be the same.
Where do I begin?
I made a video for it. :) It shows how to set up Port87, but the process should be pretty similar for other providers.
youtu.be/C1FSFhF-1F4
Yes, exactly.
Once you own the domain, you can swap out the infrastructure behind it any time you wish. You’re not locked to any email service.
Yep. :) All you have to do is change some DNS entries, and the new provider will start receiving mail for the same address.
This is definitely the best protection. If the provider drops you, you move your domain to another provider. But, as far as I know, while almost all email providers will host your personal domain, none that I know of will do it on the free plans. But your email is your identity. You should be willing to pay for it, especially if you host it on a provider that otherwise won’t make any money on you.
There are a couple of downsides. If you forget, or are unable, to renew your domain, you lose it and your emails. Make sure another family member or friend can pay the renewal for you if, for some reason, you cannot.
While your own domain makes it far less likely that your email will be canceled (because you can move it), abuse of your domain can result in your losing your domain name and your email, especially before it has earned a reputation.
Which brings up another IMPORTANT point. If you use your own domain name, then you must set up your DNS records to protect your domain from spoofers and spammers so it doesn’t get blacklisted or, worse, doesn’t cause cancellation of your domain name. Scammers and spammers WILL try to send email using your domain name. You need to tell email clients to toss these rogue emails and give them the means to determine spoofing and unauthorized use. Read this: https://www.valimail.com/blog/dmarc-dkim-spf-explained/
Also, be aware that SpamAssassin considers .com, .net, and .org TLDs to be far safer than .world, .online, .blog, and most others. Using one of these newer TLDs results in a higher spam score, and your email is more likely to end up in the spam folder if it reaches the magic score of 5. A new age TLD can add as much as 1 point to the spam calculation depending on the email provider receiving your email.
So your own domain name is safer but costs money and requires more work.
Usually the provider will provide a step by step guide to set up the entries in DNS for DKIM and DMARC, so you shouldn’t need to understand what they are, but it definitely helps. :)
(Also, if a provider doesn’t support DKIM or walk you through setting it up, I would not recommend them.)
.
A .com is like $9 a year.
.
At the moment I’m typing this, these great domain names are available:
Oh and if you want spicy ones that are expensive:
.
- @bad_news@lemmy.billiam.net
Screenshotted just in case.
I had a few Tuta accounts suspended when tying to create an anonymous Google account. Eventually, I did get a stable Tuta which I have had for months.
Not something the average person wants to hear when it comes to creating a personal email account
K
It wasn’t criticism aimed at you btw, just that it doesn’t inspire a lot of confidence in an email provider to hear that they are likely to suspend accounts
It’s all good. No offense taken.
I had an account, but got sick for a whole year or so. When I tried to come back, they had taken the account down, and I could only access with an old emergency code I didn’t have anymore - I ‘only’ had my user/password.
I guess I had less than 40 emails, so the account didn’t cause space problems, or anything. But I managed to get a few other essential services bound to tuta before I got ill. That was unfortunate.
I won’t be dealing with a corporation that treats mail accounts casually as if they were not an important ‘anchor’ for other internet services. A small mail account should never be taken down for ‘not using it enough’. No tuta business crap again. disroot.org are the shit for me. Cool guys, and they still had my ~8yo account running without me using it until now…
You cant create accounts for anything with a vpn active now days but once you’ve created it on your bare ip you can use a vpn.
Yeah they deleted an acct of mine for inactivity, then when I replaced it they flagged the new one for manual review saying “this addr cannot send/receive emails until it is cleared, please email us at [support acct] using [the very acct that cannot send mail, ffs].” Like dude how can I email you from the email on your servers that you have blocked from sending email? How does that make sense to you?
Anyway I made a Disroot acct which is better for me because IMAP support. They flagged me for review too, but then approved TWO different emails without all that horse shit from Tuta. Their sign up site can be a bit confusing (in particular their “human check” just says “weak password” unless you hit the character count so just max that out, but as a result of this confusion I’m using a 64char long randomly generated pass so, yay) but other than that they’ve been great so far.
They look awesome, while signing up they were closed for the weekend because everyone needs a break. Thats actually awesome, im excited