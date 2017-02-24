Hacker News new | comments | show | ask | jobs | submit login
Cloudflare and FastMail: Your info is safe (fastmail.com)
50 points by jsingleton 1 hour ago | hide | past | web | 18 comments | favorite





Is it better to use two different domains for API and static content then, in order for cookies to be only sent to the API domain/subdomain? That way, if there are requests to the static content that's served by a CDN (ie: Cloudflare), it won't contain sensitive cookie information?

This is good practice anyway because it avoids the overhead of sending cookies for static content when they're not needed.

Cloudflare forces a cfduid cookie no matter what, even on pure-static-caching

I'm wondering if Fastmail provides better deliverability of incoming emails (have issues with lost emails in free Gmail account)?

Also if something goes wrong is there a mitigation plan in place to recover data and restore access of the user?

That's another major concern - to lose access to the account and not be able to recover it - because Gmail has no support.

Since FastMail is a paid service, FastMail has actual customer service. Additionally, they have information about your payment methods on file, so they have more information that can be used to verify your identity than the average free service. I do not know their specific policy on what level of identity confirmation is required though, if they do indeed allow account recovery in this manner.

You can, of course, get an account recovery code, or reset using your phone, as is pretty common.

A key difference though, regarding support, is that if your account gets suspended, there's a path with real humans to get it reactivated. Most Google account issues I've heard of aren't "loss of password" so much as "Google has banned you and has no appeal process".

Regarding deliverability of incoming mail, I will say I've found their web client refreshes faster when inbound mail comes in than Gmail, and when waiting for mail from other common services I've found they arrive faster since switching from Gmail.

> I've found their web client refreshes faster when inbound mail comes in than Gmail

Yes! One of my favorite FastMail features. Same is true for push notifications. I now get annoyed at the delay on my work accounts (G Suite).

Thanks FastMail folks. I still use Gmail primarily (multiple labels per message feature), but I pay for an account so that you're still around when I need you to be.

Would one of the apparently many happy FM subscribers share details of what kind of security they provide?

(It bears repeating: No email can be very secure.)

https://www.fastmail.com/help/ourservice/security.html

- happy FM subscriber for 3 years

Now that is how a company pro-actively communicates to their userbase and the public at large! Honest information but inspiring confidence in their platform as well as their support. Well done fastmail! Kudos!!

Fuck. I use cloud flare for MX records to ensure I don't completely rely on FastMail for everything.

Pretty sure they're not affected by this thing - it was just http proxy rewriting logic.

(having said that - you may as well rely on us for MX records if all the delivery is coming to us - our DNS infrastructure is more widely distributed than basically anything else for exactly that reason)

That shouldn't be relevant to this bug, though.

Thank you FM. A happy subscriber

For when a FastMail guy shows up here: Thanks for the note on this. And hugs, because I love you.

- Happy customer since November.

Thanks for the hugs gang. A bunch of us have been at M3AAWG working on email deliverability and security standards just this week - sitting in a coffee shop in San Mateo right now before flying back to Melbourne again tonight!

Another very happy customer since last year! I even like the UI of the webmail. Very snappy!

Group hug! FastMail is amazing.

