I have been using and recommending the privacy-centric ProtonMail (now branded Proton.me) to friends, family, and colleagues for many years. But when I launched this Thinking Privacy blog site, using WordPress, I encountered an apparent dilemma caused by these coincident facts:
- I needed my WordPress site to be able to send outgoing emails, both to me as the system administrator, and potentially to subscribers, contributors, etc.
- I wanted those emails to come from an @thinkingprivacy.com address for consistent branding.
- I wanted my domain’s email to be hosted by Proton. The ProtonMail service intentionally does not support SMTP. The automatic encryption system they use depends on their own client software.
- Therefore, it appears at first that you can’t use Proton accounts at all with WordPress.
- Yet philosophically, I refused to use Gmail, MS Live email, or any other popular “free” email service that’s part of the global Surveillance Economy just to work around this technical limitation. The irony would be intolerable.
- [DON’T DO THIS!] There is a somewhat well-known and unsupported workaround which others have blogged about using. That is to install the ProtonMail “Bridge” application on the server hosting WordPress, and send through that. This has huge problems, detailed below.
I found a solution that is still secure and not privacy-invasive.
To start, I configured my custom domain name (thinkingprivacy.com) in my Proton.me account so I could create email addresses within it. Since I already had a “Mail Plus” level account there, this didn’t cost me anything more.
The Proton website stepped me through the several changes I needed to make to my DNS records (registered through DreamHost, as always), to first verify I owned the domain, and then to enable the SPF, DKIM, and DMARC authentication features for Email.
Next, I found that the MailerSend.com service’s free tier includes what I needed to get started with this low-volume blog. Unlike many of the other bulk/marketing email systems, MailerSend has an SMTP service! So once I went through the similar DNS domain verification process and set up SPF & DKIM with them also, I quickly got approved for sending THROUGH MailerSend with addresses @thinkingprivacy.com using special SMTP credentials over TLS.
So the end results are exactly what I needed, and what many other blog sites need too.
I can send and receive email using Proton.me with my accounts, and that is completely independent of MailerSend and my WordPress site. But my WordPress site can also send OUTBOUND messages that come from my domain. If anyone replies to such a message, because my DNS MX records point back to Proton’s servers, I’ll receive that directly.
Further, the MailerSend.com system has NO ACCESS to my Proton account or email contents (except of course seeing the messages going out through their system). Conversely, Proton doesn’t have to approve or have any access to my MailerSend account. If I ever want to change one of those services to another provider, I can do so without affecting the other.
What is wrong with the Proton Bridge workaround some others use?
The Proton Bridge application is specifically designed to allow their customers to send and receive encrypted email through Proton while using a “standard” email client application. Therefore, the Bridge, which is supposed to be installed on the customer’s local machine, does the encryption/decryption between the email app and Proton’s servers.
But configuring the Bridge on a server, such as a WordPress host is prohibited by their terms of support — for good reasons. Doing so involves risky things including putting the Proton account’s password in cleartext on the server. There are other potential risks and technical unreliabilities also.
We could argue that there are potential ways that Proton could redesign the Bridge to improve that, or that they could choose to provide an SMTP gateway themselves. But doing that would reduce the level of automatic encryption they provide, so they’re not likely to be motivated that way.
Privacy Settings in MailerSend.com
By the way, in my MailerSend.com configuration, I disabled all user tracking! This was inspired by how Bruce Schneier uses MailChimp to send his excellent monthly newsletter, but with tracking disabled.
My Referral Bonus – Try Proton’s “Mail Plus” Service at no cost!
I’ve been using ProtonMail for years, first on free tier, and for the last 4 years as a paying customer. By following my Proton.me referral link, you can get 30 days of their “Mail Plus” plan at no cost to you. That’s definitely enough time to try out the techniques I’ve described in this article.