Custom Email Addresses and Upgrading to ProtonMail Plus

Thursday, March 3, 2016 @ 12:04 am

As evident from some of my past blog posts, I am pretty privacy-conscious. Mentioned before, I have been slowly migrating my more sensitive accounts (e.g. banking, retail, professional) to send email messages to my ProtonMail account instead of Gmail (because these messages usually contain my billing address, online orders, contact names/address, etc.). I’ve decided to become a “Premium” ProtonMail member by subscribing for a plan, leading me to gain an increase in storage space, sending limits, and flexibility. Best of all, it allows me to leverage the domains I own as custom email addresses. This post will walk you through the experience.

Not to go into technical details, I decided to commit to ProtonMail based on their A+ SSL score on Qualys SSL Labs, their jurisdiction (Switzerland), their featureset (email search, mobile apps, sleek design, reliability (much more robust now than before, after that DDoS attack), support of custom domains (with a Plus subscription), and the fact that security is integrated in the custom domain setup process). And yes I have accounts with Tutanota (Germany), Openmailbox (France), SIGAINT (Tor Network), Rise Up (US), among others. Switzerland is still my preferred jurisdiction.

Note: ProtonMail does also offer free accounts, which come with 500 MB of storage space, a limit of sending 150 messages/day, and 20 labels. Their free account also provides you an @protonmail.com address.

To my friends: if you email me at my new email address(es), your messages will be stored encrypted, in a datacenter […] located under 1000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack.

Anyways, let’s get started!

This post is an interactive show-and-tell; click on the first image below and then you can proceed to the next image by pressing the right arrow on your keyboard or clicking/tapping on the right arrow on the image. Alternatively you can wait 5 seconds and it’ll automatically go to the next image.

The plans. Note the tiers and the differing features.

After clicking on "Upgrade to Plus", you see a nice breakdown of what you'll be getting, plus a form to fill in your financial information.

The progress dialog. I almost missed this because it took less than 5 seconds to process the payment.

Successfully ugpraded to ProtonMail Plus just like that!

What the updated dashboard now looks like.

With ProtonMail Plus, we get to add a custom domain (and custom email addresses), so let's do that.

First step: typing in your domain name.

I read up on the process before, so I was ready. In short, you will need to go into your host, specifically the Advanced DNS Zone options section. We'll get back to this later.

It's comforting to know additional verification is needed before performing this very important process.

To verify that we actually own the domain (makes perfect sense), we need to add an entry into our DNS Zone file. ProtonMail provides this information quite clearly.

Back into our host, we'll need to input the data. The name field in my case does not accept "@". Instead, I had to insert my domain: domain.com. (including the ending period)

Although the previous step said it may take a day for the DNS to update, it took less than 5 seconds. The next step is to add all the nice email addresses we want to use (up to 5 email addresses on the default ProtonMail Plus plan).

When you input an email address, it will ask you to generate an encryption key. The default setting is High Security (2048-bit), but I like to go for maximum security so I chose 4096-bits.

It took maybe 15 seconds to generate the encryption key.

After you've added an email address, you are able to add more. I added one more for a total of two.

Next step is configuring your domain/host to point to ProtonMail to forward all incoming email messages to their servers. For this we'll need to modify the MX Records.

Back into our host (cPanel in this instance), in the MX Records, we'll add the MX record just as ProtonMail outlined in the previous screenshot.

Next step! This step is required to increase the authenticity of emails sent from your custom domain. For this, we'll need to go back into our hosting and add another DNS record.

The SPF DNS record.

Next step is DKIM signing, which prevents spoofing (aka spammers can't pretend they're you).

Adding a new DNS record yet again.

Finally the last step is optional, but I'd consider it pretty important. Again we'll need to add another DNS record. Be sure to change the "address@yourdomain.com" to your own email address.

Adding the last DNS record.

After adding our custom domain and two custom addresses, this is what the dashboard now looks like!

Click on the addresses tab and you'll see this. Note that your existing ProtonMail address does NOT count towards the 5 custom address, which is nice. Note that you can also add a ProtonMail address (note: you won't be able to remove/disable it, and it WILL count towards your custom address total)

I realized I got a few email messages during this process. It's nice that ProtonMail checks and confirms that you've configured your domain/host properly.

Refresh the page/press Refresh Domain Status and you should see reassuring checkmarks and green buttons.

Let's test the "spammyness" of our new custom email address. Send an email as your custom address through ProtonMail to the provided email address then click on the blue button.

A perfect score.