• Step 1: Move to an Encrypted Email Provider
• Step 2: Custom Domains. You Should Own Your Email.
• Step 3: The Compartmentalization System
• Step 4: Never Disclose Your Primary Domain
• Step 5: Don’t Use Proton’s Domain as Your Email Address
• Step 6: Back Up Everything Offline
• The Complete Picture
• Getting Started

Email was never designed to be private. The protocol was created in the early 1970s to send messages between researchers. Today, we use it to confirm our identities, access our bank accounts, and communicate about the most sensitive parts of our lives. All on infrastructure that was never built for any of that.

Traditional email providers like Gmail, Yahoo, and Outlook can read every message you send. They encrypt data in transit, but they hold the keys. There is no end-to-end encryption protecting your content. A malicious employee, a criminal hacker, or a court order can expose everything you’ve ever written. Gmail was literally scanning every message to serve you ads for years.

This is not theoretical. In 2016, a breach at Yahoo exposed over 500 million accounts. In 2021, a Yandex employee was caught selling access to targeted users’ inboxes. Your email is a single point of failure for your entire digital life, and most people are running it on infrastructure they don’t control, with a provider that can read everything.

I’m a big fan of Michael Bazzell’s work and have learned a lot from him, especially from his book Extreme Privacy. It’s one of the most comprehensive guides on the topic. I wanted to distill the email chapter into something more digestible, with a few of my own opinions on where I’d do things differently.

Let’s walk through a practical email system that gives you real privacy without making you look like you’re hiding something.

§Step 1: Move to an Encrypted Email Provider

The foundation of this entire system is switching to Proton Mail.

Proton Mail provides true zero-knowledge end-to-end encryption. Your emails are encrypted on your device before they’re stored on Proton’s servers. Even with a court order, a Proton employee cannot view your message content. If a breach occurs at Proton, the attacker gets a pile of encrypted data that’s useless to them.

Compare that to Google: a court order hands over your entire inbox without resistance. A breach exposes everything in plain text.

There’s a nuance here. If you send a message from your Proton account to someone on Gmail, you lose most of the end-to-end protection once it leaves Proton’s ecosystem. But your historical archive, years of sensitive emails, remains encrypted and protected. That alone makes it worth the switch.

I recommend Proton’s paid business plan. The reason will become clear soon: it allows you to attach up to 15 custom domains and gives you access to SimpleLogin Premium. That’s the backbone of the entire strategy.

Bazzell also recommends Tuta as a secondary provider, and I agree you should create a free account there as a backup. The idea is simple: if Proton ever suspends your account or goes down, you have a fallback. Tuta uses the same zero-knowledge encryption model, is based in Germany, and doesn’t respond to U.S. court orders. Keep it ready in free status.

§Step 2: Custom Domains. You Should Own Your Email.

This is the single most important step, and the one most people skip.

When you use john.doe@protonmail.com or john.doe@gmail.com, you’re renting your email identity from a third party. If they terminate your account, suspend you for “suspicious activity,” or simply shut down, you lose that email address forever, and every account tied to it.

When you own your domain, you control the address. If Proton kicks you out tomorrow, you point your domain’s DNS to Tuta and keep your email flowing within hours. No one needs to know you changed providers.

Buy your domains through Spaceship. Their UX is clean, they offer WHOIS privacy by default and for free, and you can pay with bitcoin. Pricing is competitive, roughly $10/year per domain depending on availability.

What Bazzell Gets Right

Bazzell recommends purchasing multiple domains and attaching them to your encrypted email provider with catch-all support. This means any email sent to anything@yourdomain.com lands in your inbox. You can create unlimited receiving addresses without configuring each one. medical@yourdomain.com, vehicle@yourdomain.com, receipts@yourdomain.com. They all arrive in one place.

He also recommends registering domains semi-anonymously: using a shortened version of your name, registering while at a hotel (so the address on file is not your real home), and providing the hotel’s phone number. If you’re going to register domains, these are smart habits.

Where I Disagree with Bazzell

Bazzell uses .work as an example TLD for his generic domain (like securemail.work). He frames it as a cheap way to test the strategy. I think this is a mistake for daily use.

Uncommon TLDs like .work, .biz, or .xyz draw attention. When a merchant or service provider sees an email address ending in .work, it registers as unusual. Most people have .com or maybe .net addresses. Anything outside of that can trigger manual review flags, get your orders flagged for fraud verification (potential KYC request), or simply make customer support suspicious. On top of that, some service providers use outdated validation rules and will reject uncommon TLDs as invalid email addresses entirely, meaning you may not be able to use your email at all with certain services. The whole point of this system is to look normal. A weird TLD does the opposite.

Stick with .com wherever possible. Yes, short .com domains are harder to find. You’ll need to get creative with your naming. But the payoff is that nobody will ever think twice about your email address.

§Step 3: The Compartmentalization System

Here’s where my approach diverges from the book significantly. Bazzell organizes around two domains: one real-name domain and one generic domain. I think you need more categories and a more deliberate separation.

Let me walk through my recommended setup using our friend John Doe as the example.

Category 1: Personal (Family & Friends)

Domain: Something tied to your real name, like johndoe.com

Email address: john@johndoe.com

This is your personal communication domain. You’ll give this address to family, close friends, and colleagues who know your real identity. Since you’re emailing people who already know who you are, there’s no reason to hide behind an alias. As Bazzell correctly points out, if someone targets your account with a court order, they can see who you’re communicating with even if they can’t read the content. Your identity would be easy to infer anyway.

This domain should be registered under your real name (or a reasonable variation of it). If you ever need to prove account ownership to your provider, you’ll need to be able to verify your identity.

Set this up in Proton Mail with catch-all enabled so you can receive from any address at the domain.

One important note: even with an encrypted provider like Proton Mail, email should not be your default communication channel with family and friends. Use Signal for that. Signal provides end-to-end encryption by default, disappearing messages, and leaves practically no metadata behind. Email, even encrypted email, is inherently a less secure protocol for real-time conversation. Your personal domain is for the situations where email is required: shared documents, formal communication, coordinating with schools or service providers, things that don’t belong in a chat app. For everything else, Signal is the better tool.

If your circle is stuck on iMessage or WhatsApp, there are practical ways to get them to switch. I’ll share more on that in a future post.

Category 2: Financial Services & Important Logins

Domain: A separate custom domain that does NOT use your full real name.

This is for banking, brokerage accounts, exchanges, insurance. Anything financial.

Here’s my reasoning: let’s say your bank gets breached. If your email on file is john@johndoe.com, the attacker now has your full name and your personal domain, which connects to your family, your personal life, everything.

Instead, use only a shortened version of your first name paired with a domain that looks like a company or uses a fake surname:

• john@doeconsulting.com

• jd@hartfield.com

• j@meridianmail.com

The point is that even if this email leaks in a breach, it doesn’t obviously trace back to “John Doe” and doesn’t share a domain with your personal communications. An attacker sees what looks like a small business email. A dead end.

Register this domain separately and add it as another custom domain in your Proton Mail account.

Category 3: Online Shopping & Subscriptions

Domain: A fake business name on a .com domain.

This is for Amazon, online retailers, subscription services. Anywhere you buy regularly and need to send/receive emails from that address (order confirmations, returns, customer support).

The key here: create a simple landing page for this “business.”

If you’re using support@peaklineservices.com to shop on Amazon and they decide to verify you, having a basic website at peaklineservices.com* *that looks like a real (if boring) small business makes the email address completely unremarkable. A free template from any static site generator, some stock imagery, and generic “consulting” copy is all you need. Bazzell actually mentions this strategy for disinformation purposes. I think it’s just as practical for everyday shopping.

Example of a simple landing page for a fake business domain. A free template, some generic copy, and stock imagery is all it takes to make a custom email domain look completely legitimate.

This is especially important when buying security-sensitive products. If you’re purchasing a hardware wallet from an online retailer, you absolutely do not want your real name and home address linked to that order in a database you don’t control. We’ve seen what happens when this goes wrong. The Ledger data breach exposed names, emails, phone numbers, and physical addresses of hundreds of thousands of customers. Some of those people received threatening letters and phishing attempts at their homes. A fake business domain and a separate shipping address would have kept them off that list entirely.

Use this domain exclusively for commercial interactions. Enable catch-all so you can create per-merchant addresses if you want (amazon@peaklineservices.com, bestbuy@peaklineservices.com).

Category 4: Topic-Specific Domains

Proton’s business plan lets you add up to 15 custom domains. Use them.

For example, I use one specific custom domain for all Bitcoin-related services: exchanges, wallet providers, mining pools, etc. This domain has zero association with my real name.

This matters more than most people think. Bitcoin-related services are high-value targets for data breaches, and they happen regularly. If an exchange or wallet provider gets compromised and your account is tied to john@johndoe.com, you’ve just handed attackers your full real name and a domain that connects to your personal life. If your name is not particularly common, that’s often enough to find you. A dedicated domain with no connection to your identity turns that breach into a dead end.

The same logic applies to any category where a breach would put you at risk:

• Health & medical services

• Travel accounts

• Social media

• Professional/industry accounts

Each domain is a firewall. A breach in one category doesn’t spill over into another. No one can cross-reference your Amazon email with your bank email with your Bitcoin exchange email. They’re all on different domains with different naming conventions.

Category 5: Newsletters, Throwaway Signups & Burner Emails

Tool: SimpleLogin

This is where SimpleLogin earns its place in the system. Use it for anything where:

• You don’t need to send emails from that address

• You’re signing up for a newsletter, a one-time download, or a throwaway form

• You want to be able to kill the address if it starts getting spam

SimpleLogin lets you generate alias addresses that forward to your real Proton Mail inbox. If an alias starts getting abused, you disable it with one click. The sender never sees your real address.

If you have a paid Proton plan, you already have SimpleLogin Premium included. Unlimited aliases, custom options, the works.

Use SimpleLogin for the low-stakes, high-volume stuff. Never use it for anything important like banking or financial services. If SimpleLogin ever went away, you’d lose access to every account tied to those aliases.

§Step 4: Never Disclose Your Primary Domain

This is critical and often overlooked.

Your real-name domain (johndoe.com in our example) should be known only to the people who matter. Family, close friends, trusted colleagues. It should never appear in a merchant database, a newsletter signup form, or a social media profile.

Your primary domain is the connective tissue of your digital identity. If it leaks into a data broker’s database through a single careless signup, it becomes a way to link your real identity across services. Every other domain in your system exists to prevent that exact scenario.

Think of it like your home address. You don’t put it on your business card. You have a P.O. box for that.

Your primary domain is your home address. Everything else is a P.O. box.

§Step 5: Don’t Use Proton’s Domain as Your Email Address

One more opinion that might be controversial: I don’t recommend using @protonmail.com or @proton.me as your visible email address for things beyond personal encrypted communication with other Proton users.

Proton has become associated, unfairly, with people who “have something to hide.” Whether it’s merchants flagging your order for review or a customer support agent raising an eyebrow, a Proton email address can attract the wrong kind of attention in certain contexts.

The goal is to look like a normie. A custom .com domain does exactly that. Nobody questions john@johndoe.com. Plenty of people question john.doe@protonmail.com.

You still use Proton as your email provider. You get all the encryption, all the security. But the world sees a custom domain, not a privacy-branded one.

§Step 6: Back Up Everything Offline

Your email is now encrypted, compartmentalized, and distributed across multiple domains. The last step is making sure you never lose it.

Install Proton Mail Bridge on your computer and connect it to a local email client like Thunderbird. Configure it to download your entire archive. Every message, every folder. This gives you a full offline backup of all your email data.

If Proton ever becomes inaccessible, you still have everything locally. Run the sync weekly or monthly. It takes minutes and could save you years of regret.

§The Complete Picture

Let’s put it all together for John Doe:

All five categories flow into a single Proton Mail inbox. John manages everything from one place. But to the outside world, there’s no connection between any of them.

No single breach compromises his full identity. No merchant sees his real name. No data broker can stitch his profiles together. And if any single service fails, he owns the domains and can redirect them anywhere.

§Getting Started

You don’t need to do all of this in one weekend. Here’s a reasonable sequence:

1. Create a Proton Mail account in your real name and upgrade to the business plan

2. Buy your personal domain (.com) and configure it in Proton

3. Migrate your old email: import everything from Gmail/Yahoo/Outlook into Proton, set up forwarding, then delete the old messages from the legacy provider

4. Buy 2-3 additional domains for financial, shopping, and topic-specific categories

5. Set up SimpleLogin for all the low-stakes stuff

6. Build a simple landing page for your fake business domain

7. Install Proton Bridge and set up offline backups

8. Let new domains age for 30 days before relying on them for outgoing email. Some providers block messages from brand-new domains

This system is more work upfront than just using Gmail. But email is the skeleton key to your entire digital life. Every password reset, every account verification, every sensitive communication flows through it. Spending a few hours to build a proper system is one of the highest-leverage privacy moves you can make.

The goal here is to make sure that when the next breach happens (and it will), the damage is contained, your identity is protected, and you’re in control.