# Proton-First Email Replacement Plan (Zero Google)

## Final Stack Choice
- **Inbox + Identity:** Proton Mail (custom domain)
- **Transactional/API Sending:** Resend
- **Inbound routing + aliases:** Proton SimpleLogin
- **DNS + web hosting:** Cloudflare
- **No Google dependencies:** Gmail, Google Workspace, Google SMTP, Google OAuth all removed from critical path

## Architecture
1. Domain DNS remains on Cloudflare.
2. Proton Mail handles human inboxes (founder + ops aliases).
3. SimpleLogin handles alias management and forwarding protections.
4. Resend handles app/automation outbound via API (DKIM/SPF on same domain).
5. Cloudflare Pages hosts docs/tables/slides command hub.

## Operational Checklist

### A) Proton setup (founder action required)
- [ ] Create/upgrade Proton Mail account for business use.
- [ ] Add primary domain in Proton Mail admin.
- [ ] Add DNS records in Cloudflare exactly as Proton requests:
  - [ ] MX
  - [ ] SPF TXT
  - [ ] DKIM CNAMEs
  - [ ] DMARC TXT
- [ ] Create mailboxes/addresses:
  - [ ] hello@repforge.ai
  - [ ] steve@repforge.ai
  - [ ] ops@repforge.ai
- [ ] Enable 2FA + recovery codes (offline backup).

### B) SimpleLogin aliases
- [ ] Enable Proton SimpleLogin.
- [ ] Add domain and create aliases:
  - [ ] inbound@repforge.ai
  - [ ] newsletter@repforge.ai
  - [ ] support@repforge.ai
- [ ] Route aliases to Proton inboxes.

### C) Resend (automation outbound)
- [ ] Create Resend account.
- [ ] Verify sending domain (repforge.ai).
- [ ] Add DKIM/SPF as prompted by Resend.
- [ ] Issue API key and store in `.env`/secret manager.
- [ ] Test send from `noreply@repforge.ai`.

### D) Cutover + safety
- [ ] Update all external profiles and forms to Proton addresses.
- [ ] Enable forwarding from legacy inboxes during transition (if any).
- [ ] Run 7-day monitoring for delivery/bounce/authentication issues.
- [ ] Remove any remaining Gmail login dependencies.

## Day-0 Quick Tests
- [ ] Send and receive internal email (steve -> hello).
- [ ] Send external test (Proton -> personal non-Google inbox).
- [ ] Verify SPF/DKIM/DMARC pass using mail tester.
- [ ] Trigger one automation email from Resend API.

## Blockers (External Auth)
- Proton account login + domain verification
- Resend account login + API key creation