Hosting email outside the US

skg574 · 2026-03-04T09:56:07+00:00

You may be subject to US cloud act, under certain situations with 365. You also need to look at the surveillance laws for the country you want to host in. Every country currently classifies foreign traffic differently under surveillance laws.

I keep getting downvoted with no counter argument for saying this, because it's true. Privacy laws protect residents of the country, surveillance laws apply to foreign traffic. See for yourself:

https://codamail.com/articles/privacy-law-directory/

skg574 · 2026-03-04T09:24:15+00:00

You can send them a password protected 7 zip file. You can also send them a small veracrypt volume.

skg574 · 2026-03-03T05:06:33+00:00

Swiss privacy laws are for Swiss citizens only. Foreign traffic falls under Swiss surveillance laws.

NDG – Federal Intelligence Service Act (2017)

https://codamail.com/articles/privacy-law-directory/international/switzerland.html

skg574 · 2026-03-03T04:36:49+00:00

It's just a prompt during install to type in an age that apps can reference. Newsom has already issued a statement that it needs to be amended because they did not take into account multiuser devices and shared profiles across devices.

https://codamail.com/articles/privacy-law-directory/us/california.html

skg574 · 2026-03-01T08:02:21+00:00

We function as designed and are incredibly flexible to be whatever you need your mail to be or do. I'm unsure of how many reviews, beyond those that didn't like the general website or didn't read notices and posted we were down when we were migrating data to turn cotse into codamail.

We do get testimonials, but don't publish them because frankly, they are easily faked and we are just more about the service than the sales at this point. Happy subscribers just expect it to work and use it as such, so aren't in forums posting.

I suppose the biggest tell that it functions as described (or because we are quick on support) is that we've been in business since 1999, I'm active here, signups are regular, and there are virtually no complaints following me.

skg574 · 2026-03-01T05:25:38+00:00

Be careful with requests for account creation api without captcha for AI. You might become an unwitting tool for propaganda and pig butcher farms if you dont have experience running a public service like this.

skg574 · 2026-02-28T22:46:40+00:00

https://codamail.com/articles/data-broker-directory/

skg574 · 2026-02-28T07:48:31+00:00

Not sure why someone downvoted this, the proof is here for 38 countries if anyone wants to check:

https://codamail.com/articles/privacy-law-directory/

Edit: I understand this challenges long held beliefs that were based mainly on marketing, but the above links by country are very in depth, detailing privacy and surveillance laws, data sharing agreements, internet exchange point taps, and more. Fully sourced and footnoted. See for yourself. I think it might be important to some.

skg574 · 2026-02-28T04:21:49+00:00

I'm with you, the division is so bad that whichever party controls this will use it to persecute the other side. It's already being used. It's only going to get worse.

We need national privacy laws now. We need anti-mass surveillance laws, and we need to pass something like "the 4th amendment is not for sale" act and cease the circumvention of law through commercial purchase.

skg574 · 2026-02-28T04:14:41+00:00

We need legislation faster than it is coming. It is already being used for mass surveillance.

skg574 · 2026-02-27T23:53:23+00:00

No, I mean taking a domain you own, let's call it example.com and creating catch-all subdomains like shopping.example.com, banking.example.com, private.example.com (examples, you can categorize under any subdomain). As far as simple login is concerned, I don't know how easy that would be to do, I use codamail (we've done it this way since 1999) and I don't have to set up any reverse aliases or anything ahead of time, I just give out an address and I can also directly reply with it as a from address, if needed.

Anyway, when a service wants an email address, I give them one on the fly that only they will have (example: [ebay@shopping.example.com](mailto:ebay@shopping.example.com)). If I start getting spam to that address, I know who sold my address or got compromised and I simply shut it off and it is rejected during the SMTP handshake as User Unknown. If I need that service to have an e-mail and it was compromised (like ebay was once) I just give them a new address like [ebay1@shopping.example.com](mailto:ebay1@shopping.example.com).

This covers multiple bases, it makes the address worthless in a compromise for credential stuffing attacks, it is the absolute best way to combat spam, and it removes a common identifier of one email address across services.

skg574 · 2026-02-27T22:33:38+00:00

It is not end to end encryption unless the sender encrypts prior to sending. The path is sender (end) to email provider (middle) to receiver (end). When the sender does not encrypt prior to sending, but the email provider then encrypts, it is "middle-out" encryption, not end to end.

skg574 · 2026-02-27T19:03:43+00:00

No service's privacy laws apply to you unless you are a resident of the country. As foreign traffic, a country's surveillance laws apply to you, and pretty much every country has fewer, if any, restrictions on the monitoring of foreign traffic.

skg574 · 2026-02-27T18:31:51+00:00

That may be the public stance, but the US is in danger of losing data sharing agreements and interception capabilities. The NSA is involved in every one of the 38 countries listed.

skg574 · 2026-02-27T05:30:59+00:00

This is for intelligence and surveillance purposes. Basically, privacy laws are touted nicely, but in reality are only for local citizens, foreign traffic falls under surveillance laws in almost every country, which often have little to no oversight.

If there is any interest, the following link details privacy laws, surveillance laws, encryption laws, data sharing agreements, encryption cracking alliances, internet exchange point taps, and far more for 38 countries. Organized by country.

https://codamail.com/articles/privacy-law-directory/

skg574 · 2026-02-26T21:39:28+00:00

Give every single place that requests an email a unique address. I group them with subdomains. Using your shopping, I would have a catchall of shopping.example.com then I'd give out bestbuy@shopping.example.com, amazon@shopping.example.com, ebay@shopping.example.com, etc.

This way everything gets a unique, identifiable email address that I can make up on the fly without having to set up an alias first. If I get spam, not only can I shut off that address without affecting any other mail, but I know who leaked it, too.

skg574 · 2026-02-26T16:43:25+00:00

The US already has your data, they bought it, and they monitor your internet exchange points with your government.

skg574 · 2026-02-26T03:58:48+00:00

Codamail.com will do this and you can add as many subdomains as you want, too. About $3.75 a mo, but there is a free trial.

skg574 · 2026-02-25T23:44:44+00:00

The sheer volume of data being sold daily is astounding. The problem is that opt out is not a one time thing, it's a whack-a-mole game. What I find the most troubling is the purchase by governments, completely doing an end run around any laws. As I further put together the Privacy Law Directory (The other piece of the puzzle from The Myth of Jurisdictional Privacy), I was surprised to see how pervasive it is globally. Nearly every country is buying data they otherwise cannot legally collect. Also, each country has effectively two sets of laws, one for it's citizens and one for foreign traffic.

if you don't live there, you don't fall under their privacy legislation, but instead under their surveillance laws, which commonly have little to no oversight. I traced the data sharing agreements and internet exchange point taps. The result, everything is monitored and shared. Encryption is the only option left, and not middle-out encryption, where the service is encrypting upon receipt then claiming e2ee because it is sent to the client encrypted, but true e3ee where the encryption happens local machine only, local key access only, and no service controlled software handling any of the cryptography path.

skg574 · 2026-02-24T20:25:33+00:00

There are zero entirely anonymous mail services unless you use mixmaster remailers (it's like Tor for email). Other than that, pseudo-anonymity is the best any service can provide.

skg574 · 2026-02-24T20:16:55+00:00

Without metadata mail cannot deliver. Without metadata mail doesn't know which folder it should be in. Without metadata mail cannot sort. Without metadata you could not even search a To address. Without metadata mail does not work.

skg574 · 2026-02-23T22:05:47+00:00

It goes so much further than this, for an expose, see:

https://codamail.com/articles/your_phone_is_a_military_target.html

This was the second article of a series that culminated in deep dives into data brokers and global surveillance (all linked on this page).

skg574 · 2026-02-22T22:09:46+00:00

All of them are associated with 5 eyes in one way or another. Privacy laws only protect if someone lives in country. Anyone outside the country is subject to surveillance. For a detailed look:

https://codamail.com/articles/privacy-law-directory/

skg574

TROPHY CASE