I have been using and recommending the privacy-centric ProtonMail (now branded Proton.me) to friends, family, and colleagues for many years. But when I launched this Thinking Privacy blog site, using WordPress, I encountered an apparent dilemma caused by these coincident facts:
- I needed my WordPress site to be able to send outgoing emails, both to me as the system administrator, and potentially to subscribers, contributors, etc.
- I wanted those emails to come from an @thinkingprivacy.com address for consistent branding.
- I wanted my domain’s email to be hosted by Proton. The ProtonMail service intentionally does not support SMTP. The automatic encryption system they use depends on their own client software.
- Therefore, it appears at first that you can’t use Proton accounts at all with WordPress.
- Yet philosophically, I refused to use Gmail, MS Live email, or any other popular “free” email service that’s part of the global Surveillance Economy just to work around this technical limitation. The irony would be intolerable.
- [DON’T DO THIS!] There is a somewhat well-known and unsupported workaround which others have blogged about using. That is to install the ProtonMail “Bridge” application on the server hosting WordPress, and send through that. This has huge problems, detailed below.
I found a solution that is still secure and not privacy-invasive.
To start, I configured my custom domain name (thinkingprivacy.com) in my Proton.me account so I could create email addresses within it. Since I already had a “Mail Plus” level account there, this didn’t cost me anything more.
The Proton website stepped me through the several changes I needed to make to my DNS records (registered through DreamHost, as always), to first verify I owned the domain, and then to enable the SPF, DKIM, and DMARC authentication features for Email.
Next, I found that the MailerSend.com service’s free tier includes what I needed to get started with this low-volume blog. Unlike many of the other bulk/marketing email systems, MailerSend has an SMTP service! So once I went through the similar DNS domain verification process and set up SPF & DKIM with them also, I quickly got approved for sending THROUGH MailerSend with addresses @thinkingprivacy.com using special SMTP credentials over TLS.
So the end results are exactly what I needed, and what many other blog sites need too.
I can send and receive email using Proton.me with my accounts, and that is completely independent of MailerSend and my WordPress site. But my WordPress site can also send OUTBOUND messages that come from my domain. If anyone replies to such a message, because my DNS MX records point back to Proton’s servers, I’ll receive that directly.
Further, the MailerSend.com system has NO ACCESS to my Proton account or email contents (except of course seeing the messages going out through their system). Conversely, Proton doesn’t have to approve or have any access to my MailerSend account. If I ever want to change one of those services to another provider, I can do so without affecting the other.
What is wrong with the Proton Bridge workaround some others use?
The Proton Bridge application is specifically designed to allow their customers to send and receive encrypted email through Proton while using a “standard” email client application. Therefore, the Bridge, which is supposed to be installed on the customer’s local machine, does the encryption/decryption between the email app and Proton’s servers.
But configuring the Bridge on a server, such as a WordPress host is prohibited by their terms of support — for good reasons. Doing so involves stupidly risky things including putting the Proton account’s password in cleartext on the server. There are other potential risks and technical unreliabilities also.
We could argue that there are potential ways that Proton could redesign the Bridge to improve that, or that they could choose to provide an SMTP gateway themselves. But doing that would reduce the level of automatic encryption they provide, so they’re not likely to be motivated that way.
Privacy Settings in MailerSend.com
By the way, in my MailerSend.com configuration, I disabled all user tracking! This was inspired by how Bruce Schneier uses MailChimp to send his excellent monthly newsletter, but with tracking disabled.
Get My Referral Bonus – Try Proton’s “Mail Plus” Service at no cost to you!
I’ve been using ProtonMail for years, first on free tier, and for the last 5 years as a happily paying customer. By following my Proton.me referral link, you can get 30 days of their “Mail Plus” plan at no cost to you. That’s definitely enough time to try out the techniques I’ve described in this article.
Hi Guys.
Hope there is still some one giving answers on here as this is one of the only pages coming up on a google search to fix this issue . .
I am also having to get over this issue, my question is how did you get it to work with adding a second spf record ? as i understand it you can not have 2 spf records
and can you recall how long it took for the mailersend to verify, as after around 12 hours there was no change. (i know it says upto 24 hours)
many thanks
VG
Hi VG Global.
In my DNS for the domain, it’s a single TXT for the SPF record, but it contains 2 include: statements, one for mailsend and one for protonmail. This is described on Proton’s configuration instructions page at https://proton.me/support/anti-spoofing-custom-domain . It says, quote:
The “include:_spf.protonmail.ch” part of the text string means that you allow Proton Mail servers to send on behalf of your domain. If you want to keep an existing SPF record, simply add the “include:_spf.protonmail.ch” text string to it right of your existing record, after the “v=spf1”.
As for the delay to verify, it was short enough that I don’t recall now. If it had taken a long time I might’ve been frustrated and remember it. 🙂
Hello,
I just want to thank you a lot for what you have shared.
I was in the same situation, wanting to use Proton and also use a specific email address for the automatic emails sent from my website. I tried creating an email with my website hosting service but it was interfering with the DNS records of Proton that I previously added.
I followed your informations about MailerSend and it works perfectly.
Thank you again, as it was a bit of a puzzle to me before reading your post.
I wish you the best!
Hi yoann. I think I emailed you separately back when you commented, but just in case I didn’t, thanks for being the first commenter on my blog!