This might come out as a bit of a rant, but I just wanted to post it here anyway since it’s the only social media I use.
Recently, I’ve been making some steps to improve my privacy. GrapheneOS, Linux on my PC, open source software, moving away from Google stuff. So, next logical step was for me to switch away from Gmail. I went with Tutanota, since they’re based in EU, their mobile app is on F-Droid and doesn’t require Google Play Services. So I made an account, switched a bunch of my private account e-mails from Gmail to Tuta, and was basically done. Two days later, I wake up to a “invalid credentials” message. I checked the option to remember my password on my PC, so I thought it was weird. I checked my phone, and it turns out I was logged out of the app too. I tried changing my password with recovery code, thinking something went wrong (though unlikely since I used a password manager), but I got an error on that one too. So I contacted Tutanota, almost a week ago. No response.
I tried looking on various sites to check if people had a similar issue. I found a few reports on Reddit. The moderator of Tuta says to contact the e-mail address that I sent a message to already, but people complained that they haven’t gotten a response either. I found out that similar reports were happening for a while now, accounts being flagged for seemingly no reason. I found one post from October, 2024, from a frustrated user. He said he was in the same situation, and when he finally got the reply, Tutanota said they can’t do anything. When I found that post, I was really disheartened. I’ve already went back on a bunch of accounts to @gmail.com account, for safety, but there is still a few that I’m not even able to access because they use e-mail 2fa. Some of them being accounts for various government public services.
So this one gave me a pause on my privacy journey. I never encountered problems like this one before. A service blocking my account without any message or warning. No contact from support. Being locked out of my accounts. I’ve lost a lot of enthusiasm to replace a few proprietary services that I have left.
Instead of having your online accounts registered directly to your @tuta.io address (or your gmail address, or any webmail address), buy a domain name and have the accounts registered to that and then set the DNS to forward all mail from that domain to your webmail account of choice. That way, if the webmail service fucks up, the worst-case scenario is that you change the forwarding again and you’ve only lost the contents of the previous emails sent, not access to receive future ones.
(Caveat: when you send an email it’ll by default be coming from your webmail provider address, not your custom domain address, and I’m not sure how to fix that – I’ve only recently started switching to the scheme myself – but if your main issue is receiving 2FA emails and such that’s not a big deal.)
That’s mostly just a setting in the provider to verify your domain. Most out it behind a paywall though.
You’ll need to set a few DNS entries so that places know that server is allowed to send email from those servers.