MacLurker Returns — Secure Email Decision and Migration

Dorothy, aka MacLurker in the live chat room and in our Slack returns to give us an update on her quest for a new secure email service. She told us about the quest back in August 9, 2019 and now she explains how she made her decision and what she’s doing to migrate to the new system. Dorothy is extremely thorough and process-driven, which is really interesting (at least to a nerd like me!)

Recap (where I started)

What I want to accomplish: change to a secure email provider that would get me privacy & anonymity. Get rid of old compromised email address & start new. Improve email sorting & storing. Develop a consistent email schema that separates critical emails from non-critical.

What’s been done since then

Email provider search

I started with Bart’s list of Google alternatives for email. Then did some research, asked questions. I created a template in MS Word to be used for all candidates to ensure that a consistent set of data was collected for each one. And so comparisons were easy. Pasted in review data here also.

Criteria for selection

  • Annual cost
  • Can import contacts/addresses & how
  • Can use native MacOS & IOS email client, supports POP (Post Office Protocol) and IMAP (Internet Message Access Protocol)
  • Can encrypt in transit & at rest & how is it done
  • Company’s priority is privacy, no tracking, no sale of data
  • Responsiveness (if I sent in a question, how long until I got answer?)
  • Reviews

Some providers have a free trial period. You sign up, get all the features, but only for 30 days or so. The trial period varied. Others had a free limited feature you could use as long as you wanted, but need to pay to unlock advanced features.

Final criteria list

I narrowed the options down to 3, which were all very similar.

Also I looked at Runbox, thexyz, and iCloud Mail.

No reason not to use any of them, so I went with my feelings & picked at random. No regrets yet.

I did not get a new personal domain name, as Bart suggested. This would make changing email providers easier in the future. Mainly skipped this because it would be an added level of complication with which I just did not want to deal with right now. Plus I’m lazy. I may regret that decision later, but we’ll see.

Signing up with new provider

First I created a test plan:

Steps to setting up & checking out a new email provider:

  1. Sign up with new provider. 2FA enabled.
  2. Go through all set-up options available & set as desired.
  3. Read User’s Guide
  4. Send some emails back & forth for initial test. Tweak settings as needed.
  5. Buy subscription (to get advanced features like whitelist, filters, & aliases)
  6. Create alias for bacon (spam that I’ve requested).
  7. Create folders & filters for sorting incoming email
  8. Test web access from IOS devices: iPhone & iPad
  9. Set up Mac OS email client to get emails. Test emails to & from. Test sorting into appropriate folders.
  10. Set up IOS email client on iPhone. Test emails to & from. Verify get notifications. Confirmed ease of reading & writing email from iPhone with new provider.
  11. Repeat with iPad.
  12. Change one not-important login to new email. Verify receive messages OK.

Process for changing emails

Get list of accounts to be updated from 1Password

I used the Export function from 1Password (without passwords): File -> Export

You can output your 1Password entries as CSV (comma-separated), TSV (tab-separated), or 1pif (1Password format). If you choose CSV or TSV, you can export specific fields (and not passwords). I selected CSV.

Select one vault. Select which records (or all) to export, then which fields to export. Common Fields list includes: notes, password, title, type, URL, username. But you can select “All Fields” & get all 140 fields. NOTE: remove password. You don’t want that in an unsecured file.

I selected: title, tags, URL, Username, Vault, Notes.

I added additional columns of my own: New email address, if 1Password would need changing, date of update. I plan to fill these in as my change-over proceeds.

Import into Excel.

Now I have list of accounts to update. If I want to use aliases, I can assign here and sort as needed. I can use tags to help classifying, adding new ones as needed.

Also, I can now identify accounts that can be deleted.

Excel file becomes change-over checklist.

Initial pass: change those that can be changed online. Note those that can’t.
Second pass: contact organization & request change/deletion. So far I have requested that two accounts be deleted. I received a response that the deletion was done.

Process for each account

  • Select an account to update
  • Add to note in 1Password: old email/username in case I need to go back, new info if username = email.
  • Log into account. Locate page to update email & user name. Sometimes not easy to find. Look under “My Account”, “Settings”, “Profile”. “Manage Account”.
  • Do changes. Sometime website requires verification of new email, sends an email to new email address with link to verify. Need to verify arrives OK, not logged as spam. Occasionally I had to add to whitelist so verify email arrived.
  • Save changes in 1Password: username (if possible), email for sure.
  • Log out & back in to verify can still get in.
  • Add notes, date of change, to Excel check-list. Indicate: change or deletion successful, no 1Password change required (where user-name was not email & no email on file there), if unable to change something (& what, if follow-up needed).

Problems encountered

Some accounts use email as username. So changing email means changing username; so 1Password change required.

Some don’t allow username to be changed on line. Can be a security problem. Some experts say you need a unique username as well as a unique password for each account. So if you suspect your login has been stolen, it would be nice to be able to change both username & password.

Some don’t allow email to be changed online.

For these, I will probably have to contact each organization individually & see if they will change it for me. May have to delete the account (losing data in the process) & make a new one to get change done.

Another problem: I’m getting bacon type emails on the new system. Like online store notifications. Previously I had these turned off in preferences. It looks like changing the email causes those preferences to be changed. So that added another step to the update process: check email preferences.

I need to note other orgs that need my email & not necessarily a login. I’ve been noting these as they occur to me. Examples: vet, doctors, newsletters subscribed to, library.

Current status

I’m now working through 142 logins, per the above process. About 67% complete. New system working OK, but things confusing now because using 2 systems of email. That should clear up as I proceed.

I change 3-4 accounts a day so the task is not too overwhelming. I anticipate that it will take a month or so to finish. Final clean-up may take longer as I find things/logins I missed. I’m starting to get a feel for how things will work with the new system & liking it so far.

I will probably keep my old email addresses at least a year to ensure that everyone is updated.

1 thought on “MacLurker Returns — Secure Email Decision and Migration

  1. Steve Davidson - January 7, 2020

    This is great stuff — exactly what I had planned to do at the start of the new year for the very same reasons. My criteria matched Dorothy’s very closely (the one difference was that I don’t care about contact/address book importing since I want to keep using my Apple Contacts database). The methodology for evaluation was textbook perfect (I’d like to think I would have used the same myself, but I lack the patience). And the how-to process will help us all not to forget important steps.

    I also liked the Q&A format because Allison (ever the mind reader) asked the same questions I was thinking, so it flowed well (and impedance-matched to my way of assimilating information).

    I do have one request: Would Dorothy be willing to share the raw data — the filled out Word template — either publicly, or privately (Allison knows how to reach me)?

    Kudos for a great, and well-timed, segment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top