They are also the main sponsors behind the JMAP protocol  and some open source projects such as the Cyrus IMAP server.
First of all when making such a choice, you have to identify who the enemy is.
If you're talking about global enemies, like the NSA, then IMO without end-to-end encryption you're screwed. And if you're targeted directly, you're screwed regardless, given they have the capability to use whatever vulnerabilities they can find in your router, your phone, your OS, your browser, etc. If it's connected to the Internet, especially if you're being targeted, you're screwed.
Also many European countries have signed on joint cooperation agreements with US intelligence agencies. If for example you're using servers in the UK, it's in no way safer, see: https://en.wikipedia.org/wiki/Five_Eyes
So back to who is the enemy?
For me it's not the NSA or our local intelligence agencies. If I'm being wronged, I've got legal ways to fight back and I don't really care about the NSA.
What I care about is being _profiled_ by unscrupulous companies that may end up selling that data to other actors that may harm my well being. For example insurance companies could deny insurance if they discovered you smoked cigarettes 10 years ago. Or banks changing your credit score based on who your friends are. Or supermarket chains discovering that your daughter is pregnant before everybody else does. This shit is already happening!
I think the general discourse doesn't go in the direction that it should go. Organizations like EFF have been historically anti-government, but very pro corporate and private companies. Which is why I don't trust them fully.
Identify that enemy. If you're an European for example, that enemy is probably not the NSA.
I do prefer non-US alternatives btw, whenever I get that choice. I do so out of a desire to encourage competition and to reward EU companies that do well, as a "voting with your wallet" thing.
But choosing to reject non-US companies for the reason that some of their servers are located in the US, that's frankly childish. Servers located in the US are cost effective. Either provide better alternatives, or otherwise these services will not be able to compete on the global market from a price or latency perspective.
I don't think I'd call EFF either anti-government or pro-corporate. Rather, they have a set of positions around surveillance, the public domain, etc. and side with or against governments or private companies based on those positions.
I donate to them, and in my experience they've been pretty consistent on their positions, but if you've noticed otherwise I'd be curious to know how.
For example when the Facebook and Cambridge Analytica scandal broke loose, that was the perfect opportunity for them to go out against private surveillance, guns blazing. Their reaction was late and with an article like "here's how to protect against Facebook tracking", advising people to opt out in their Settings and to install Privacy Badger, this happening when everybody else was freaking out and doing #DeleteFacebook pieces.
I donated to EFF modest amounts in the past and probably will do so again, because the fights they are fighting are good for us. Maybe they pick their battles, I don't know. But I'm seeing a general pattern in their attacks, which is that they go very light on companies, compared with how they deal with governments.
Maybe it has to do, as always, with their source of funding. I can imagine that they received significant donations from the philanthropists of Silicon Valley. I don't care much though. My general point being that there's too much emphasis lately on government surveillance and control from privacy organizations and less on Google/Facebook surveillance.
I'm glad that there's now mindfulness about it in this community though.
Yeah, but what good would it have done? The privacy battle they're fighting with Facebook and social was lost a long time ago.
This is a very American thing which I can imagine our European counterparts not like, that is govt (USG) is treated as an enemy because it is the most powerful entity in the world. For Europeans, it would Govt AND these mega corporations (because the European govts do not have as much power as the US govt).
This is why in the US, corporations are ignored because they are insignificant on the US soil. And this isn't even a new thing, this opposition of the govt is as old as the founding of the nation.
This is why ACLU will not speak out against censorship of right wing media on Facebook and other companies. Keep in mind ACLU would not have any problem defending the latter against the govt, so it isn't about what the latter represents. It's simply, ACLU is a first amendment right based organization and their focus is preventing govt encroaching on our civil liberties (which is defined by what govt can't do, and not what a person is allowed to do in any circumstances).
Similarly NRA wouldn't care if you got kicked out of a movie theater for being concealed carry, but if a local city tries to ban guns in movie theaters, then NRA would step in.
Well, this isn't entirely accurate. They definitely do chafe at even private restrictions on anything gun. While I don't have time to research this right now, a quick search of "concealed carry in businesses" certainly returns some people complaining that businesses shouldn't be allowed to restrict that. And, if you dug a little deeper, I imagine the NRA would be weighing in there somewhere.
I agree that the NSA is not _my_ enemy and I am probably not being targeted. However, as more people start thinking like that, those that _are_ targeted (journalists, lawyers, activists etc.) will have less options to hide among users of more privacy-aware service providers.
In a way, by using these providers you shield those who need their services the most
>I am probably not being targeted. However, as more people start thinking like that, those that _are_ targeted (journalists, lawyers, activists etc.) will have less options to hide among users of more privacy-aware service providers.
If only child porn / drug peddlers, journalists, lawyers... use tor and other privacy tools at minimum, 3 things WILL happen.
1. Tor, fastmail, ipfs, pgp, full disk encryption... WILL become illegal
2. Anyone using encryption / privacy tools will be raided. Arrest first, find crime later
3. Authorities imprisoning lawyers, journalists... who reveal wrong doings will be too easy. "He used privacy tools" would be enough to pacify the public after-all, "Only criminals have something to hide."
We'll lose the right to keep pins/passwords. Because refusal - privacy = admission of guilt.
I'm a teacher and I know how difficult it is for a kid to speak the truth when the entire class is lying. Adults are not much different.
If people have to choose between their freedom, means of livelihood and doing the right thing, telling the truth or exposing wrong things by the government most wont.
"It is difficult to get a man to understand something, when his salary depends upon his not understanding it!" -Upton Beall Sinclair, Jr.
I believe a National Security Letter would prevent you from ever doing such a thing. 
Can you provide a citation or examples of this? Being pro-civil liberties does not imply anti-government. Those aren't mutually exclusive.
In the US civil liberties are basic freedoms identified in the Bill or Rights and the Constitution. And the Constitution is what established the government in the first place. How is it possible to be pro-civil liberties and anti-government?
You're right, that's bad phrasing on my part.
I explained what I meant here: https://news.ycombinator.com/item?id=18058240
Even the Anti-Federalists, the group that advocated for the establishment of a Bill of Rights were not anti-government.
That's silly, by that definition everyone would be anti-government then. Nobody agrees with the actions the government takes in all situations, not even within the same political party.
If your threat model includes an actual threat from organizations like the NSA, then I'd say you have bigger problems than the choice of email provider.
EDIT: I self host.
My point was that simply selecting an email provider outside the US does not make email safe in any way and that end-to-end encryption is the only way to prevent providers from accessing the content.
So we have focused on building the best thing we can for people who _do_ trust their provider, and also on having a business model which means that we can be a trustworthy provider because we have no secondary "customer" who is actually paying the bills. We don't have split loyalties.
For example, our return mail address labels don't have our names on them... and I use them on the back of the envelope to seal the envelope.
Our trash and recycling is emptied into our bins loose, so all our trash is not isolated to its own bags, it mingles with the rest of the trash.
Neither of these provide a lot of value on their own, but they're easy to do and provide a little value.
If someone sniffs the traffic between Hotmail and my server, it's trivial to see that a Hotmail user talked to me or one of the few others using my email server.
Not true, they have a lot of servers in Europe (Amsterdam).
That doesn't make the issue less valid though, since I think they have a full copy of all the data on both sides of the ocean.
Impementing per-message-encryption would turn us into a dumb blob store. The whole point of FastMail is the value add - fast search, ability to deal with a lot of email quickly, etc.
That and people's devices are basically always on these days, and fetch new email immediately on a push when messages arrive. So if your provider get a subpoena or gets hacked, then a push request will make your device connect with the password, and boom - access granted.
Finally, we don't let people store master passwords on their devices any more, because they get leaked due to hacked devices, so we require people to create app passwords. This would be in direct opposition to many of the other safety things that are done.
(extra finally: phishing protections and antispam solutions are in pretty much direct opposition to the idea of the server not being able to see the content of emails)
> if your provider get a subpoena or gets hacked, then a push request will make your device connect with the password, and boom - access granted
If the message is decrypted only on my device, then that wouldn't matter. I'm guessing endpoint decryption is not what you (or maybe the GP) are talking about, but I don't know what you mean.
> we don't let people store master passwords on their devices any more, because they get leaked due to hacked devices, so we require people to create app passwords. This would be in direct opposition to many of the other safety things that are done
What is an "app password"? If it's just a password stored in an app (and then what is a non-app password? one in a text file?), why wouldn't it be as vulnerable to device hacking?
Also, a couple of genuine questions about what's possible:
> Impementing per-message-encryption would turn us into a dumb blob store. The whole point of FastMail is the value add - fast search, ability to deal with a lot of email quickly, etc.
Email messages arrive in the clear, unavoidably; new messages are always vulnerable. Why not do the processing then - spam filtering, build a search index of hash values, etc.? Then permanently (from the server's perspective) encrypt the old, stored messages, and give endpoint/user the only means of decryption.
> users lose their passwords all the fricking time
> we don't let people store master passwords on their devices any more, because they get leaked due to hacked devices
How do the end-to-end secure messaging applications, such as Signal, handle those issues, if anyone knows?
Oh yeah, sure - if you only decrypt on your device, then that's reasonable. We could encrypt to a public key on delivery. There's services that do that, but FastMail isn't interested in being one of those services. The tradeoffs mean we could do very little. Certainly not a webmail service.
> what's an app password
It's a password that's created by the server and used on only one app. So if you lose your device, you can disable that one password only. Also, there's no chance that you'll reuse it across sites, so it can't leak from other services because you won't be using it there.
It's also limited to just the protocols that are used on that device, so can't be used to reset your password or payment details or install forwarding rules, etc.
> Why not do the processing then - spam filtering, build a search index of hash values, etc.? Then permanently (from the server's perspective) encrypt the old, stored messages
If you can search for keywords and find maching message blobs, that's nearly as good as having plaintext access. If was encrypted to only the endpoint, the usual issues of "you need to download the entire database to search your email" apply, and of course we're doing very little.
> How do the end-to-end secure messaging applications, such as Signal, handle those issues, if anyone knows?
They're not designed to be your long term memory, which simplifies things a lot. You basically lose access to your history. Which might be find if you don't care about the past, but that's not how I see email. Email is your electronic memory, and encryption+lost password means that nobody can get at your memories, not even you!
I like that, because it at least feels more secure to have a password that can only be used once, combined with the ability to go into the settings and shut off any device if it gets lost.
If the threat model does not include a government with the ability to use legal process, it needs to be defined more precisely. In general the US government can use legal process in the US and just straight-up hack into things elsewhere (who's going to raise a diplomatic incident over it? Russia is literally poisoning people, nobody cares, and their military is less powerful than the US's). If your threat model is other governments or just unrelated attackers like advertisers, there are more straightforward approaches.
Also, no, they did not inform their users. They handed over the key and waited for users to notice court documents.
See my previous comment: https://news.ycombinator.com/item?id=13447340#13448609
Would it be possible to explain them (or link me to a document explaining them)?
At that point, why bother? We'd have to run two EU datacentres to have data only in EU, and we'd still be under the same actual legal jurisdiction (Australia) either way, so it would be security theater rather than an actual change in risk. We haven't ever given data to US authorities directly, we point every single request from anyone to the Mutual Assistance Treaty with Australia, and that would be the same regardless of where servers are.
In summary, having servers in the EU is 99% security theater, and the other 1% is pointless unless we had two datacenters who were as reliable as NYI have been for us. We haven't found such partners.
The EU is outside the jurisdiction of FISA courts, whereas New York is not. I am definitely not an expert or lawyer, but I would think this is not just security theater.
I was always hoping that Fastmail offer hosting that is fully in the EU. To me being affected by the Australian, EU, and US jurisdictions is worse than just the Australian and EU jurisdictions. Of course, I would prefer EU-only.
I am extremely happy with Fastmail. But if there was an EU e-mail provider with feature parity, I would probably switch. Not that I expect that that'll happen anytime soon (subdomain addressing and iPhone push notifications are killer features).
The financials of running up two full EU-only datacentres don't make sense for us at the moment given the demographic distribution of our customers. And we haven't had any run-ins with the FISA courts in the nearly 20 years we've been operating.
Of course the past isn't a 100% predictor of the future, but US authorities have always been happy (or at least willing) to accept that our data is under Australian jurisdiction.
Rather, if the US government asks for a particular individuals emails the provider must grant the request provided there is a valid (possibly secret) warrant.
Also, capabilities matter. I have no doubt if they could they would. The Snowden revelations mainly revealed partnerships between service providers and gov agencies. Simply existing in the US does not mean your data is automatically available to 3 letter agencies. It could, but there is no evidence to suggest that it is.
Put a parakeet in a windowless room and close the door. I can reasonably make the statement that the parakeet is perching, looking around, and/or preening its feathers, because that's what parakeets do. I wouldn't need direct observational evidence to make this statement.
Panopticon-level spying is what intelligence agencies do. It's what they've striven to do, as much as possible, without getting caught. The Binney and Snowden leaks corroborate this, and there's no reason to believe they've suddenly stopped trying to. OP doesn't need evidence to make the reasonable claim that intelligence agencies spy on us, and likely do it by hoovering up our data for analysis.
Again, I’m not saying they wouldn’t or wouldn’t like to. But saying “they do EVERYTHING post-Snowden” isn’t a very good argument, and definitely isn’t a fact.
And if the claim is “spy agencies spy” then the country of origin for your data probably doesn’t matter. Invoking “post-Snowden” usually relates to Prism, which was a partnership with specific providers.
Emails older than that are considered abandoned and treated the same as an abandoned storage unit, due to an old law from the time when email was regularly downloaded and purged from the server by local email clients.
I read somewhere that servers located in the US are actually safer from drag net eavesdropping b/c a judicial order is required.
If the US puts enough pressure, they could still cave and comply.
Sign in with your Gmail account & get the same functionality as Google Inbox.
It's hosted on Linode and our servers are load balanced across the world.
Please let me know if you have any questions :)
Google, for whatever else you want to say about them, have first-class security.
By the way, I really like Fastmail - they are very competent. But mail/calender is such an important part of online identity and life, I think people should be careful about who to trust
Avoids catchalls ;).
And if you are not with fadtmail, there’s are several “multiple identities” add-ons for thunderbird (and recently a built in one, though it is still buggy) which let you add from addresses on the fly.
Is there anything you do that helps with this? I was using GApps and I don't think my domain name was too spammy (samlewis.me).
How did you notice this?
- Disclosure, I work for dmarcian
As someone else pointed out, make sure you setup spf, dkim, and all the other jazz. Some providers will host and setup the dns for you but its always best to use your own dns provider as the records are relatively easy to setup.
I got my personal domain (alexn.org) in approximately 2008, so that's older than most people's Gmail accounts ;-)
They do just one thing - email - and do that very, very well.
My biggest issue with the Google Calendar was the syncing rate of 24 hours for iCal feeds. On Fastmail, new events appear quite fast (and I can force the update manually, if I need to).
FastMail sent me an email that said our calendars are not in sync anymore.. way too often.
Did you contact support?
Did you solve the problem by switching to another calendar provider?
Since using Inbox on Android, I can't imagine going back to being notified about every single email. Automatic bundling of messages and the custom rules that you can then set on those bundles is a killer feature. If nobody comes along with a decent alternative before Inbox is shutdown then I don't know what I'll do!
I simply set it up to archive when swiping (which is what Inbox seems to be doing). However, it's notifications are far from as good and you can't archive straight from the notification, which, to me, is a let down.
Furthermore, on iPhone 8 there is an actual loading screen when opening the app. Like, why? Everything is already stored in the phone and it should just look for new mail in the background?
So far from perfect, but what can one do when Google is killing stuff off.
One issue though: you have to be in the apple ecosystem as they do not support, anything but iOS/Mac OS.
Note: I'm not associated with spark in any way.
That is quite scary to be honest and do you know the reason as to why they do this?
My rules list is about three screens tall now.
- No delay send/undo send. Allegedly in the works for ages
- Very buggy editor. Randomly slows to a crawl while composing, scrolls up and down erratically
- Cannot handle very long threads very well. (since unfortunately the business world uses top replies with Html email) E.g., undo can pin a core and crash the page.
- Notifications randomly show up twice and then freeze on screen
Only thing which annoys me is that their push-enabled iOS app does not support multiple accounts. It has been like that for years, I've heard that a new app was in the making, but nothing came out yet.
ProtonMail seems to be another popular alternative, but their E2E encryption claims sound like snake oil to me, but snake oily as it is, it's still a better choice than Gmail.
I like the fact that my mail archive is encrypted even though I don't send encrypted mail to others.
Here are some arguments:
1. if it's encryption in the browser via a web interface, then it's not secure; the moment a web form asks for a password that can be used to decrypt your data, that's the moment your alarms should go off, because in spite of the claimed E2E encryption, their security might actually be worse than Google's
2. with email you're communicating with the world and the email world is not encrypted; what this effectively means is that ProtonMail keeps your email encrypted only while it is at rest; maybe it's better than what Google does, but they can still see whatever comes in or goes out in plain text and you're still relying on their promise to do no harm
3. ProtonMail needs to use a "bridge" in order to be compatible with email clients; this means that access to ProtonMail is non-standard (e.g. SMTP, IMAP) and therefore you still have the lock-in of Gmail, only it's now worse
4. It creates a false sense of security. If you want real information security, better tools are needed; various chat apps are much better, plus actual GPG ... because the PGP model requires a "chain of trust" that you have to maintain yourself for actual security
The big difference from native apps is that native apps are often signed by the developer. While with web apps, there's normally only a more "temporary" form of signing, that is, the TLS session.
Assuming the app developers are better at securing their offline signing keys than TLS server keys, native apps with signatures are indeed more trustworthy. (But are they actually better at this??)
However, you can achieve the same kind of signing on the web with a browser extension: https://github.com/tasn/webext-signed-pages (+ SRI and CSP for subresources)
Also, you might be more likely to get malware browser extensions than OS-level malware. Maybe??
On the upside, the web is more auditable by default (of course you can obfuscate JS and WASM just like you can obfuscate anything, but "view source" is still much easier on the web).
> ProtonMail keeps your email encrypted only while it is at rest
IIRC it's also end-to-end between ProtonMail addresses or something?
The problem is that the web page loads on every request. This means that you, @floatboth, can be targeted with a broken client that leaks your keys next Wednesday between 13:00 and 14:00 and you'll never know it.
A native app is not something that loads every time you open it. And the binary you get is the same binary that everyone else gets and if you suspect something fishy, you still have that binary later for inspection. Compromising an app binary is not impossible mind you, as we could see with fake Apple XCode fooling Chinese developers into submitting infected apps to Apple's store, but it's much, much harder with security conscious users.
Also there's not much difference between highly compiled and obfuscated JS code and binary code. In both cases people start inspecting such apps by sniffing the outputs. Or otherwise it's not such a big jump from JS to assembly for people that do this for a living (e.g. I'm guessing anti-virus companies).
> IIRC it's also end-to-end between ProtonMail addresses or something?
It might be, but encryption that only works between ProtonMail accounts is no longer _email_. It's either a standard, or it's not email and I'm not interested in communicating only with ProtonMail users.
That said, you are correct that the web app is not appropriate when the threat model includes ProtonMail itself (though you can run the web app locally and thus sidestep the problem). The native clients are better suited in that case.
Obviously, compared to free, it's expensive. But in real terms, I pay $70 every 2 years for it - works out about £25 a year for me, which is about the price of a meal out. I think that's worth it for secure and powerful email. I've never found it to be expensive.
I think that is not quite the norm, lots of these hosts (and home internet connections) tend to have rather bad reputations, and chasing down the various RBLs can get really old really fast, especially since the most common response is to silently blackhole so you don't get a bounce.
I used to run my own email server, but found it difficult to get things like push email working reliably, and had a couple of issues with deliverability of emails.
I thought that was a pretty good plan for most people. Unfortunately, they dropped this plan and the cheapest option is now 30$/year.
Honestly, at that price point I would go with Exchange Online for $48/year. --Virtually the same price and yet I would get double the storage and native integration to Outlook on the desktop and mobile.
But I do believe that even these cheaper ones are expensive for what they provide in terms of storage capacity, number of aliases, etc. Costs are supposed to go down over time, and prices too.
(your FastMail subscription also goes towards paying for work on improving the standards and developing open source software to support them)
FREE PLAN - Up to five users. 5GB/User, 25MB attachment limit.
This is to have all 5 users in one "organization".
ZOHO offers full G-suite replacement, free. They have many more applications too.
I used the free plan for a few years, then started paying $24 per year for more storage. What you get for $24 per year is amazing. What you get with the free plan is amazing. Their business model is to impress you with their products enough for you move to a paying plan. They do NOT make money harvesting your personal information and selling it third-parties.
Based in Switzerland, client-side encryption
But anyway, there are other people in the same situation, where they literally can't pay for things online. I just wanted to indicate that I understood the situation. But thanks for the pointers. It looks pretty useful if I ever get in the situation where I could use it.
Besides when you use such a service all your personal emails are stored in servers. One rubber stamp away from total ownage.
Well, yeah. That's true for everything except for hardware you actually own.
They're saying it's better than storing it on Google's servers, not that it's bulletproof.
There really isn't a way to have impenetrable email. It's all about what type and level of risks you're willing to take.
E.g. are you concerned more about rubber stamps or software exploits? Are you more concerned about usage pattern profiles or someone actually reading the content of your messages?
Different people have different priorities and there is no one single best option.
Your criticism regarding functionality might be true, but there is no reason for competitors to charge more.
I'm just a simple email user -- 50 emails per week -- and I don't keep them in my inbox. As soon as I'm done with them, I delete them. A simple 50MB inbox is sufficient for me. I just need an ad-less mail box. For me anything beyond 5$/year is expensive as hell.
Anyway services like Facebook extract around that amount from you via targeted ads, I’m happy to pay if it allows to me to isolate myself from that a bit.
What kind of VPS are you getting for less than $1 a month?
https://mailcow.email/ - dockerized, works with multiple domains, sogo for groupware. Compared to mailinabox's single disk, it has 6 docker volumes to keep track of.
https://mailu.io/ - dockerized, it has a section on kubernetes deployments, which i find weird, but I guess could make sense for companies
https://mailinabox.email/ - no docker, no multiple domains, roundcube, nextcloud for groupware. Main disadvantage or advantage, depending on your perspective is that you need a mailinabox server per domain.
And then this is the more hands on version, which I guess would be sovereign as ansible deployment.
IMHO sovereign puts too many attack vectors on a single machine.
I've had this setup for a couple of years now and it's not failed me. Support TLS, SPF, spam checking, DKIM, can support multiple domains and aliases. Basically anything you can imagine. And, despite the FUD you might hear about not using a cloud service, my mails don't get magically lost into people's spam filters. The initial configuration/learning is steep, but I pretty much never have to touch it once it was working.
1. You need your own domain
2. If you're new to Linux, I'd set up something simpler first, like a web server just to familiarize yourself with your domain tools and your distribution's configuration.
3. A good half-way solution for migrating from Gmail is to set your own server as MX for your domain and forward received E-mail to Gmail. That way you can get familiar with setting up your MTA without worrying about delivery. And, you can start encouraging people to start sending mail to your @domain.com address rather than @gmail.com address. I had this set-up for years before taking the plunge and hosting everything myself.
Be warned, Gmail applies very aggressive filtering to your incoming forwarded mail, even before it reaches your "Spam" folder. This was one of the primary reasons I decided to self-host: I was finally able to compare the list of E-mails I received, through looking at my logs, to the E-mails that ended up making it to Gmail. Gmail's (presumably) spam-filtering was filtering out an unacceptable amount of false positives.
4. Set up your host to deliver locally. You'll be able to verify it's working by using standard unix mail tools running on your host.
5. Set up something nicer for delivery like IMAP, and get your favorite mail client to work. I use Dovecot, but there are plenty of options.
6. Any bells and whistles you want. TLS, SPF, DKIM, Spamassassin, multiple domains. I found at first I was getting a massive amount of spam (thanks for fixing this for me for years, Gmail!) but after a few months of training, Spamassassin is very good and I'm back down to not seeing much anymore.
Hope that helps. To your other question. I spend $5 a month for my VPS, and I can host a lot more than E-mail there.
Are you sure? I am running mailinabox and have multiple domains and accounts with no issue.
I used to run a Sovereign box.
It served me well for 2-3 years, but it got too cumbersome to maintain: they changed their approach to various configuation things (for the better, I'm sure), and threatened to break my setup in the process.
All told, it felt like it had missed the sweet spot between pre-configuration and flexibility, in the end not quite giving you either.
> IMHO sovereign puts too many attack vectors on a single machine.
I turned off most of the attack vectors (I didn't need all the bells and whistles). But yes, they tried too hard, and over-complicated the setup as a result.
It deploys mail server based on modern software stack on your box and you can customize it to fit your demands using recipes suitable for well-known software.
I’m currently on Fastmail and find the service good.
Like others have said, the Android app is not worth installing unless you're okay with limited and, in some cases, poor functionality.
I suppose you can set it up with the Gmail or Outlook Android apps? I've never tried, as this defeats the purpose of not having those companies as your email provider :)
Still searching for a good Android mail app...
K-9 Mail has served me very well over the years!
Edit: Highlights for me:
- IMAP Idle support: e-mails appear instantly, configurable on a by-folder basis.
- Mature and stable: it's been around forever, updates are infrequent, it just works.
- Free software: apache license
- No fanciness: it is very traditional-email oriented. The only "fancy" feature is a unified inbox (showing mails from all your folders), and it can be turned off.
If your e-mail is "complicated" you'll have to spend a bit of time setting everything up. For instance, my server classifies e-mail as it arrives, and I setup different synchronization schedules and notification preferences for different folders. Best time investment of my life.
Give AquaMail a try.
I find it efficient, fast and featureful. I've never noticed any bugs.
The user interface is perhaps not fancy, but IMO not ugly either, and certainly functional.
I've been using it for years, and they keep updating it diligently.
Other clients that caught my eye also were Bluemail or Nine, depending on the need.
On my smartphone I'm using MailDroid Pro. Like Aquamail, I'm using it for several years now, steady updates and good support. The reason I use MailDroid on my smartphone is the anti-spam plug-in (they charge extra for that though).
I thought the same for a while, until I noticed tapping the body of an email changed the top bar options...
Used fastmail for a few years and it is fine although their android app isn't great and hangs a fair bit needing to be restarted.
I eventually paid for the aquamail app which is a significant improvement
The value you put on email is $10/year, so Fastmail doesn't represent good value. Other people obviously think its worth more. Fastmail are providing their service to those people.
Also, ten bucks a year has nothing to do with how much I'd personally be willing to pay for email. It is just my estimation of the amount you could charge people while still keeping healthy profit margins in this industry, however I don't have much domain knowledge regarding email and that figure could be very wrong. I'd love to hear from an expert.
This is only true for companies offering equivalent products, and that is never the case in tech because there are so many intangible factors.
In this case, one of Fastmail's intangible benefits is that they're not Google. Maybe Fastmail's customers think that's worth $50 ... but it has zero impact on Fastmail's costs.
Bzzt. Notice how everyone recommended fastmail and nobody else? It's not a highly competitive free market. It's "hi, can anyone recommend a MacBook cheaper than the one apple make" time.
Free markets reductionism not useful with no serious competitive pressure
Just because a particular provider is good and cheap and has a lot of satisfied customers doesn't make it any less of a free market.
As long as you don't want deliverability to Gmail or Outlook addresses. Though you can pay for Outlook deliverability it seems. They're very pinickety about allowing mail through from self-hosted or even low-traffic shared hosting IME [albeit limited].
There's no way to check before you build out the system, so unless you have an easy way to change IP and ISP then I'd be cautious.
By the way, I was asking for the point of view of an expert. If you are not an expert on email services, then I have no interest in hearing you speak condescendingly to me.
The first is e-mail.
The second is an extremely hard-to-validate promise of future work, such that (a) cutting-edge security and privacy protections are maintained; (b) properly designed regular backups and redundant infrastructure ensure your e-mails won't be lost; (c) staff ethics, training and oversight will protect against insider threats; (d) protection against spam and phishing will be effective - but will not block legitimate e-mails; (e) e-mails you send will get delivered and not marked as spam or silently discarded, even when sending to the likes of gmail; (f) no e-mails sent to you will be silently discarded or otherwise lost; (g) if issues do arise, that they will respond promptly and competently; and (h) as webmail technology advances and market conditions change, they will keep up-to-date and stay in business.
There's no way for me to validate most of these things. Instead, we rely on a supplier's "reputation" - an amalgamation of their past performance, their visibility and their marketing.
There are many e-mail providers. There aren't many e-mail providers widely known as reputable.
In other words, Fastmail doesn't face much price competition within the market of "e-mail services recommended by users of Hacker News" even if they do within the market of e-mail services generically.
The killer is five nines availability. That's pricey.
I used to run mailsystems and maintain mailsystems code in the 1980s. I don't do it now because it has too many moving parts. I got a grandfathered domain into hosted by Google and it's worth a damn sight more than the apparent market force bottom price.
Hardware or software or service your competitors have to be comparable or at least bearable to apply price pressure. I do not judge fastmail as price competitive because they (like apple) are competing in quality. Not price.
Google G Suite: $5, $10, and $25 per month per user.
Microsoft: $4, $8, or $12.50 per month per user.
ZOHO: $3, $7 per month per user billed yearly.
Thinking though this for a project I'm working on with a tight budget I concluded for money related reasons I'd probably have to go with Google even though I'd prefer not to.
I use G Suite for my side business and while it seems like a great deal because you get all these other apps, in practice, I have never used them, not once.
We are heavy users of Google Sheets and Docs already so I know these will be used immediately.
Up to five users.
5GB/User, 25MB attachment limit.
Web access only. Email hosting for single domain.
So no, their pricing is not on par.
At $6 cost of hardware per account, now you have to factor in other costs and your profit margin. Support alone will bring you above $10. Marketing will also bring you above $10 on its own. At a decent scale, you can keep the marginal cost of engineering low (as it does not scale linearly), but on a mid-sized operation expect it to bring you above $10 on its own.
All in all, $50/year is high but not stratospheric.
If you have your own domain, you need to use the $50 or $90 plans.