Hacker News new | past | comments | ask | show | jobs | submit login
Purelymail – cheap, no-nonsense email (purelymail.com)
606 points by pwrplus1 87 days ago | hide | past | favorite | 307 comments

> An honest list of drawbacks

I appreciate putting up a list like this. That said, I want to comment on one of the listed drawbacks:

> Occasionally, obscure email servers will block emails sent through us

I have a few years of experience running my own email server and I can tell you this is a major pain in the ass. When you send your email via a small email server (a server that sends a low volume of email), you will have constant issues getting mail delivered. Also, most of the issues will not be with obscure email servers, they will be with Outlook and Gmail. When you send email, you will never know if your email will be delivered to inbox, delivered to spam folder, or blackholed entirely.


> We're not a suitable platform for sending marketing emails (although you should use a dedicated marketing platform anyway).

Please explicitly ban people from using your platform to send "marketing email". Clients like that are going to ruin deliverability for your other clients.

> Also, most of the issues will not be with obscure email servers, they will be with Outlook and Gmail. When you send email, you will never know if your email will be delivered to inbox, delivered to spam folder, or blackholed entirely.

In my personal experience, over five years of running my own business and personal email entirely and another decade and counting since of running PBXes that directly send voicemail messages, Gmail has only explicitly blocked me once, and that was 100% legitimate because the site the PBX was located at had an infected PC. It occasionally will filter messages to the spam folder, but that almost always means one of the users actually flagged a message.

I could send an email to myself from a bogus address via raw SMTP over Telnet to port 25 and I'd be willing to bet my week's pay that Gmail delivers it. They might mark it as spam, but they deliver reliably.

Microsoft on the other hand is a massive pain in my ass. They usually work, but about 4-5 times a year they seem to randomly pick one of my systems to treat as suspicious and block emails from. The process listed in their block message always works, but it's annoying to have to deal with regularly, especially with no rhyme or reason.

Yahoo is the worst, they straight up block everything I do with no recourse. I have one user who insists on using his Yahoo email and I basically had to tell him we don't care that Yahoo won't accept messages.

From 23 years of running my own email (and for about a dozen other domains), this is a pretty good summary.

One domain has a small mailing list of about 200 users. The @yahoo.com addresses (and related, Yahoo-handled domains like old @att and @sbcglobal domains) are often just dropped.

Gmail addresses frequently go to spam, especially newly-added domains. I have found that having multiple @gmail users mark them as “not spam” tends to help, but not always.

My email server has had the same IP address for over 18 yrs, fwiw.

My emailserver runs at linode. It delivered fine for some 10 years, then I started getting blackholed (at Microsoft live, hotmail, 365, outlook). This IP does only mail. Server is secure, up to date and has all the DKIM/SPF nonsense.

It's impossible to reach humans that can help. It's impossible to unlist. So I'm now on my third IP, my last one running mail for 4+ years, from Digital Ocean. Only now, occasionally, does an email get through.

I'm almost 100% confident that Microsoft just blanket blackholes or punishes anything from Digital Ocean or Linode.

I share your confidence that lots of providers blanket drop mail from IP ranges owned by cheap VPS providers.

The cost of swtiching IPs within those providers is low, so spammers have already abused that, and made life worse for the rest of us as a result.

Yes, I had a first-hand experience with this. Cheap VPS was blackholed right away at Yahoo and any attempt to unblock it was not successful. It makes sense though.

Then I set up my own bare metal server and put it into a real datacenter serverhousing. I had couple of problems at the beginning and later once a few years later - problems sending to microsoft - but all those were resolved rather quickly via their forms. And I haven't had any deliverability problems since then.

The serverhousing I used is very strict regarding spam reports. I once tried to use the server also for sending newsletters (no spam lists, just emails which explicitly subscribed). Someone reported it as spam once and serverhousing contacted me soon after that they don't tolerate any spam. I explained that it was not spam and that there was unsubscribe link but I decided to not use it for any kind of marketing again. I think specialized services are better for this.

I use Fastmail and Microsoft Outlook sometimes puts mail from Fastmail in the spam folder. It's only Outlook that does this because when it happens, I ask what email server they use. Always outlook.

Do you/did you have feedback loop accounts setup for all of them? Yahoo, for example, sends a notification to sys@ (or whatever email you tell them to) when someone marks one of our emails as spam or when it thinks we're sending bulk email. They also have sender support. They did want me to set up something where we used the same connection to send email to them. I forgot

My "blacklisted" email company is Zoho because they consistently greylisted and blocked our correspondence with clients and have no one to contact to resolve email issues for senders.

Hi there! I'm contacting you from the Zoho Mail team. Please drop an email to support <AT> zohomail <DOT> com with the sending server logs & IP address. Our technical team will analyze and get back to you with a potential resolution. Thanks!

I can totally echo this(running my email forwarding service [0]) so I deal with it at high email volume too.

Outlook/Hotmail is kind of stupid in this sense: if the first time, a new domain send an email they are very likely to flagged as spam. But if the user simply reply or send to that email, the moving forward hotmail won't flagged it. In other word, hotmail rely stringly

- is this domain new? - is this ip address start to send email new? - if I interact with this sender in the past

Seems thing with icloud and their proofpoint spam filtering.

gmail in other hand, has the best delivery rate, clear error message, great rate limiting and cool down period.

gmail is very smart, if we accidently send spam(due to our failure to filter out spam), gmail won't blocklist the whole IP, but hotmail/icloud does.

And the process to delist from them homail/icloud are just absurb. I'm unable to contact their team.


[0] https://hanami.run

Hi Wolrah

I'm starting a new company where email connection to my user base is essential. From time to time I also need to sen all users certain notifications which looks kinda like marketing email but isn't.

Could you contact me as I would like to ask your opinion on the configuration that I'm trying to set up. I would also like to discuss your experiences.

If isn't too much, you can reach me by email at jari@itsellesi.fi.

I'm not sure if you know about this, but in case not --

sendgrid is dirt cheap for transactional emails. And there's tons of offerings for marketing emails; I'm partial either to sendinblue or ses depending on your use case.

There really isn't much reason to roll your own, particularly with ses.

Rather than depend on a single person's experience about running email systems, you might check out the Mailop mail operator's list:


> Occasionally, obscure email servers will block emails sent through us

The worst offender is Microsoft and their email services (hotmail.com/live.com/outlook.com/etc.).

They reject all emails from my server, because it's on DigitalOcean. They are ignoring all requests to unblock my IP address.

They don't mark it as spam, they just outright block emails, so you can't even workaround it by checking the spam folder.

> They don't mark it as spam, they just outright block emails, so you can't even workaround it by checking the spam folder.

And there’s no reason for them to do that IMO. They should dump it into the quarantine as high confidence spam. I wonder if the drop shows up in the mail flow logs.

I deal with a lot of small businesses and more than once I’ve seen bad spam filtering or silent drops cost people money (upset customers). The spam filters I can understand. The silently dropped messages should get them a class action lawsuit.

There is a reason - DigitalOcean. A more appropriate name would be DigitalCesspool. They allow anything, so long as you pay them. I'd block email from their networks, but there are already plenty of ways that spam servers on their networks screw up (bad EHLO name, broken reverse DNS, SPF for all IP addresses), so that email is not accepted anyway.

Microsoft sucks for rejecting email without recourse, but you're on DigitalOcean, so can you really blame them?

I’m not on digital ocean and I don’t know anyone who is. I’m on the receiving end using office 365. Problems I see are for mail coming from shared hosts and isps.

IMHO there’s never a reason for Microsoft or Google to drop mail silently if it’s deliverable. Let me decide if I want to do that, but don’t force it on me.

Google is awful too. Accounts locked for “suspicious activity” stop accepting incoming mail. I’ve seen people lose a day of email over a weekend before noticing ta false positive account lock.

What it really comes down to for me is that I don’t think either of them could act that negligently in a fairer market with better competition.

Things will only change if enough paying customers complain loudly about it.

You think Microsoft blocking you is bad? They ACCEPT mail and drop it afterwards.

Pretty close! They accept the mail returning a "250 OK"ish code, but they delay it for days (or even months) not respecting the SMTP protocol. I actually recevied the emails on Outlook after many many days I have sent them :/

Gmail seems good, I never had issues with Gmail.

No, not close, it's exactly what they do.

Delays are fine by the protocol, it's not a violation, it's not IM.

My emails from my domains to my Outlook account were going straight to spam.

I tried marking them as not spam, to see if it would learn. A dozen later--no change.

I tried replying to them, to see if it could figure out that if I'm actually regularly corresponding with someone they should not be marked as spam. No change.

I tried whitelisting the domain. No change.

I have the same problem, but they fixed it. I opened a issue and a kindly guy did some checks and then removed the ban.

Was it recent? I've had no issues whitelisting my IP in the past, but all my requests in the last 6 months have been ignored.

What's Microsoft's rationale ? Has an explanation ever been given ?

I've tried reaching Microsoft by phone, email, automated tools for email administrators, and their web forms for requesting whitelisting in email deliverability. Microsoft didn't provide any rational why they are filtering email from small email providers like this, nor did they provide any opportunity to mitigate their filtering.

Probably it's more convenient for them to trust X big players rather than checking one by one. And somehow an empty spam folder looks better than a full one, as it gives the user the feeling that the service itself doesn't receive spam or does a very good job at preventing it.

That's just the thing: "doing a good job preventing spam" means throwing a lot of stuff in the spam folder. I think everyone would agree that silently dropping emails is bad, even if you're really sure it's spam.

I agree, it's just that you're not the average user. I am also surprised to see the spam folder surprisingly empty all the time, almost as if my email addresses were unknown to the world (which I am pretty sure they are not).

The average user probably sees this full spam folder as something he/she is doing bad, or the service itself is bad.

It's not just google or microsoft. I think most email providers do this, I might be wrong though.

You can create anonymous servers on DO with go-betweens like Bithost, allowing you to pay with cryptocurrency. This is a pretty easy solution for people with bad intentions (bots, scraping, black hat ...)

I run my own VPN on DO and almost always get hit by ReCaptcha. Even Google.com will put up a "we've noticed some unusual traffic from" page. Some sites like Zalando completely block me with just a plaintext error page.

/me looks at his work gmail account that regularly spam filters emails from github, and emails from his work google apps domain that pass DMARC, DKIM and SPF.

Nobody can send emails to Gmail with any certainty. Not even Google.

It's bad enough that Google Drive/Docs notifications are treated as "external senders" so you have to open up your internal Google Groups to the world; then Google Groups flags them as spam anyway!

I'm guessing spammers may use Google Docs comments as a platform, but have never seen actual unsolicited Docs comments.

In my experience, it is more they "share" spam documents with you.

Whenever I'm expecting YouTube emails (pass reset or whatever) I check gmail's spam first haha. At least they don't play favourites I guess.

I moved my custom email domain from gmail to NameCheap’s Private Email about a year ago. I wanted to free myself from the possibility that Google might arbitrarily ban me one day, as we’ve seen happen to people for various Google products for no reason and with no appeal.

Biggest mistake of my life.

Just as you say, I have no idea if my emails get through. The number of times I’ve had people tell me they found my email in a spam folder or just not at all is unacceptable. And you’re right, this is most prominent on outlook and gmail users but not exclusive to them.

How would you like your accountant or lawyer to miss your emails? It happens to me all the time now. These are not emails with cat pics.

I’m scared to move back, fearing an IMAP migration will cause me to lose a year of emails sent and received.

I don’t know what to do.

I think all you really need is to own your domain.

If you manage your domain and point your mx at google, and some ai decides your drive contents look bad or some non-official youtube app violates some api access rule and they kill your whole account, you just point your at any other service provider.

That will be an annoying few days, but you don't lose anything too important. Maybe for a day or so you can't receive password emails, but you will, just after the switch shakes out.

In the mean time, you're enjoying the convenience of a big mail service, and playing the odds that it's probably not going to happen to you, and it's ok to live with that risk because if it happens, it's just an inconvenience not a disaster.

As for losing old emails, I use thunderbird on my laptop, and that ends up getting a copy of all my gmail even though I also read those same emails on my phone. If google kills my account, I still have all my old emails even without my own domain.

I don't know if google even offers domain regisration to individuals, but if they do, I just wouldn't use them for the registrar. All other services can tolerate that risk as long as you use someone else as registrar (namecheap is good).

Thanks for the reply. I thought IMAP servers keep the messages on the server, not on the client. Is that incorrect?

The client has download a copy already and wont sync back what it is already download. You can look into tools like imapsync https://github.com/imapsync/imapsync to copy data from two imap account

IMAP synchronizes with the server, but keeps a local copy. Compare to POP, which moves the mail off the server entirely.

> IMAP synchronizes with the server, but keeps a local copy.

The local copy is client dependent. Mail.app on your iPhone will not keep a local copy of all your emails if you have a large number of emails spanning a long period of time. Other clients may vary.

Don't go with namecheap, the biggest hive of scammers and spammers on the planet. Move your private domain to a reputable provider, like Fastmail.

I've had my main personal domain with them for a decade and never had a problem.

Thanks for the reply. Fastmail is indeed nice (I've used them before but not hosting my own domain). But at this point, I'm not willing to risk moving to another player besides MS or Google.

same case with me. I've been using Fastmail for 2 years, but moved to Private Email 2 months ago, and currently using Office365's Exchange.

After 2 occurrences of my mail goes into spam folder, I became paranoid and always BCC my gmail account for every important email.

In the end I say "what the hell" and subscribed to O365. Google Workspace is too expensive for me.

> you will have constant issues getting mail delivered.

I run my own obscure mail server and have not had an issue in years, except for ATT[1]. I'm super low volume - I run mail for about 20 humans, a few mailing lists, and some other automation that does things with email.

I do things correctly - I mean, I run nearly the same stack/configuration (scaled way down) as I do professionally for my employer, which delivers 8 digits of messages a day all over.

But that doesn't explain why I don't have problems and others do - lots of people get this right and still have problems. And I think that comes down to the fact that mine has been on the net since the mid-90s. So, unfortunately, I suspect the answer to a lot of these problems is 'exist for long time' - until your MX is associated with a bias towards "not spam" in everyone's filters.

I can think of ways for existing mail servers to vouch for new ones, but I don't think there's any reason for established ones to want to do that, so it wouldn't work. I'm not sure what the answer is.

[1] And after many, many years of attempting to resolve it, they can bite me. I got annoyed enough that they get a custom bounce from me now on the rare occasions someone tries to spam me through them.

I've been operating my own mail server on the same IP for the last 10 years, so not as long as yours and I also don't have problems. I also disagree with one of the parent comments that you will never know what happens to email: Gmail supports DMARC, and will give you stats and tell you what happens. You can also sign up to various sender services and domain whitelist sites and so on. I've also seen mail providers do fun things like 'permanently defer' email as a means of blocking and this actually notifies you, albeit in a disruptive way, by leaving the email permanently in your outgoing queue.

I do agree however IP reputation matters. If you share an IP with other hosters, or your IP has been recycled from a bad reputation IP, or you have a residential IP or have found your way onto any of the email spam lists recently, or been reported for abuse or marked as spam enough times by freemail service users, you may have trouble getting to 'inbox' and eventually even getting delivered. Reporting systems like DMARC should let you know, however, before it becomes serious.

I don't think running your own email is a high maintenance activity that some suggest (especially for small servers) but it is definitely more effort than outsourcing it to someone else. I'm glad services like this exist, if only to prevent email becoming a Microsoft-Google walled garden.

> And I think that comes down to the fact that mine has been on the net since the mid-90s

There are other factors like IP reputation of the email server sending the email. And if you’re using a hosted service, there’s no way to control those IP addresses.

Marketing emails are actually against the terms of service, although there are grey areas- like a user personally reaches out to offer people a service, and some occasionally end up marked as spam. If the rate is low enough, it might be acceptable.

I'll make a note to make that language stronger.

My personal email is on a .xyz domain and I used to use Gandi webmail as it was free with the domain name.

When I was finding a new job last year, every time sent recruiters an email with my resume (attached as a pdf), I had to ring them afterwards to check if they had actually received it.

I ended up switching to Google Workspace, just so that my emails actually had a chance of not landing in the recipients spam folder.

This isn't actually Gandi fault.

The amount of spam come from .xyz .top .cam etc are too hight and sysadmin usually factor domain tld into spam scoring.

so using a .com may increase your chance hitting inbox actually.

I've run into this same issue communicating with potential employers via GANDI mail--more often then not when I make a followup call my email is in their SPAM folder.

My sister-in-law's employer's mail service (k-12 school district) ALWAYS bounces back email from myself and my wife, and their sysadmin always says "Nope. Not a problem on my end."

Email deliverability is monopolised among the big players. Running your own email server and actually keeping your emails outside spam folders is more than one person's full time job. Partly this is not the big players fault but to say they don't benefit from it would be a lie.

> I have a few years of experience running my own email server and I can tell you this is a major pain in the ass. When you send your email via a small email server (a server that sends a low volume of email), you will have constant issues getting mail delivered. Also, most of the issues will not be with obscure email servers, they will be with Outlook and Gmail. When you send email, you will never know if your email will be delivered to inbox, delivered to spam folder, or blackholed entirely.

I tend to disagree, due to my experiences with running a private mail server [1]. I've had one exactly one issue with Outlook/Hotmail servers over the years. My server is quite low traffic, but it's been delivering mail reliably. How do I know? When I send mails, there's usually follow-ups.

[1] https://jschumacher.info/2021/05/running-a-private-mail-serv...

> My server is quite low traffic, but it's been delivering mail reliably. How do I know? When I send mails, there's usually follow-ups.

And when there's no follow-ups, you just assume your mail has been delivered? I recommend actually measuring your deliverability before making claims about it.

Well either there's a bounce, or some other indicator in the postfix logs (collected by filebeat, with alertings in kibana).

If I'd still be getting blackholed with a "250 delivered" in my logs, then screw it.

I would even argue people hosting their small selfmanaged mail servers helps preventing monopolization, eg. "only allow mail from google".

> Well either there's a bounce, or some other indicator in the postfix logs (collected by filebeat, with alertings in kibana).

The most common type of problem is that mail is delivered but placed into the spam folder. You will not be notified of this with a bounce or anything in your postfix logs.

> If I'd still be getting blackholed with a "250 delivered" in my logs, then screw it.

This is another type of problem I've encountered. It's rarer than the spam folder, but it happens.

This is my experience too with a private server, but I did need SPF, DKIM and Dmarc. These 3 things do require some expertise, but running a mail server already requires that. So it just needs extra time :)

Nope, setting up SPF, DKIM and DMARC is not enough to get your email delivered. I wrote about my experience more here: https://www.attejuvonen.fi/dont-send-email-from-your-own-ser...

The irony is that most of the spam I get these days comes from Amazon's AWS SMTP service.

More than just SPF, DKIM and DMARC; mails still get silently discarded if you come from an IP address with a poor reputation. For this reason most of the large VM hosting providers will work but not give great results.

I ran a kinda similar platform years ago I and I fully agree. It was a constant fight against blacklists, random spam filtering and weird attacks on my server looking for postfix missconfigurations.

If I learned anything in that time is that email is not simple, and should be run by a qualified dedicated team, because there are so many pitfalls

> When you send your email via a small email server (a server that sends a low volume of email), you will have constant issues getting mail delivered.

That’s hyperbole. I‘ve been running my personal mail server on a VPS for the past 20 years and never had any delivery issues. It may depend on the hosting provider you use, and nowadays you probably need to have DKIM etc., but there are a lot of people running their own mail server without issues.

https://www.mail-tester.com/ is a useful tool for testing.

Gmail is hit or miss, even when dkim/spf/dmarc are setup correctly. It may work 70% of the time, but it becomes a constant guessing game if you inboxed or went to spam. If you're using DO/Vultr/Linode, there may be issues with noisy neighbor IPs, but it still sucks that you may get penalized for no fault of your own. It seems like there is no incentive for Gmail to play friendly with small mail servers.

> https://www.mail-tester.com/ is a useful tool for testing.

This is great! Thank you!. I scored 2.7 out of 10. I'm using NameCheap's Private Email service. What a waste!

> I‘ve been running my personal mail server on a VPS for the past 20 years and never had any delivery issues.

Age may be a factor. I ran email for my domain on my own server for a long time too and generally had no delivery issues.

When I got another domain a few years ago and ran it on the same server it had a lot of delivery issues.

> Age may be a factor.

Probably. Although I switched both IP and domain a couple of years ago (not at the same time) without noticeable issues.

> That’s hyperbole. I‘ve been running my personal mail server on a VPS for the past 20 years and never had any delivery issues.

No email server in the world can deliver 100% (not even Gmail). Here you are claiming to have done that for 20 years straight. Well, it's not true. In fact, I'll venture as far as to guess that you've never even measured your deliverability.

I’m saying that for all practical purposes I never had an issue. That is, I don’t recollect any case where it turned out that someone didn’t get my email. That’s not to say that it didn’t ever happen in cases that went unnoticed by me, but if so it was rare enough to be a non-issue.

Oh cool, my project is on HackerNews! I was wondering about the sudden uptick in user signups, and then I checked HN...

I'm Scott, feel free to ask me anything about the service.

Great work, and as somebody who self hosted my own email from 2013 to 2021, I don’t envy you. What broke me down was Google starting to spam my emails that were replies to conversations that I did not start — even with a stellar domain reputation and DKIM, SPF, reverse DNS, greylisting, everything set up right.

I hope you have personal contacts on the Gmail team at Google, much as I’d like for this to be a joke.

I had this exact same problem. When I finally got hold of someone who worked for Google (via a friend of a friend on a mailing list) and with the ability to check whatever their logs were claiming, I was informed that my domain's reputation was "too recent" or something like that.

My domain is a year older than Google itself and has been in continuous use for e-mail that whole time. The IP addresses it is on haven't changed in a decade. But that didn't matter. DKIM, SPF, DMARC, forward and reverse matching DNS, exactly four users who do not send spam under penalty of being buried under legal solicitations for green cards, and all the rest didn't help. Randomly getting sent to /dev/null for no good reason. And not enough traffic to qualify me to use their Postmaster utilities.

Three years ago I gave up and ported to Fastmail with a tear in my eye for the days when even the smallest net on the Internet could be a full participant.

Same here - I HAD to move over to Fastmail because like GP I'd respond to email enquiries from GMail addresses and then never hear back. After weeks of this, someone finally phoned up to complain about my poor customer service. This despite also having an old and apparently well set-up domain.

I lost a lot of business back then. Thanks, Google.

I have a legacy GSuite account. Google filters email from Facebook and Microsoft sometimes. Hell, I think I might have even seen them filter their own mail once.

It’s a clown show. The opaque filters are just an excuse to engage in anti-competitive behavior IMO.

To be fair Facebook used to send an enormous amount of spam emails, at least to me. Years ago when I used it somewhat regularly they used to constantly shuffle their contact preferences and the effect was that I was constantly opted back in to an insane amount of emails. Eventually I just started marking them as spam until Gmail blocked everything they send. I've seen family Email addresses fairly recently full of Facebook junk too so I assume they still default to sending a lot.

I really enjoyed the whole process of running my own mail setups, configuring Postfix or OpenSMTPd to do clever aliases and transports, setting up CARP failover relays, managing DNS records, experimenting with different SPAM-filtering techniques, SSL, IMAP, mailing lists, the works. It taught me a lot about networking and security and everything a good sysadmin should know.

I find it sad that that‘s pretty much a waste of time now for most use cases.

I ended up doing the same for the exact same reason. And even when using fastmail, my email still sometimes gets blocked.

FTR, directed at those who valiantly continue to self-host mail/SMTP: Greylisting is not sound any more in this day and age, because the largest mail services will rarely, if ever, use the same MTA instance to retry delivery upon a soft bounce.

The good news is that if you have postfix, using postscreen with an informed choice of blocklists is enough to deal with 99%+ of inbound spam. You can strap in rspamd or spamassassin/amavis behind that, but it's mostly not needed.

The inbound-mail-problems are largely solved, but surefire delivery to other parties is a matter of IPaddr/domain reputation, properly implementing relevant standards, and luck.

If you're interested in learning more about (including, but not limited to, self-hosting) email, the #email channel on the libera.chat IRC network is a great resource to ask questions.

> FTR, directed at those who valiantly continue to self-host mail/SMTP: Greylisting is not sound any more in this day and age, because the largest mail services will rarely, if ever, use the same MTA instance to retry delivery upon a soft bounce.

I had this issue with SendGrid years ago: long story short, after discussing with support and eventually an engineer it turns out they weren't just looking at the status codes, but at the status messages. I don't recall the exact patterns they used, but they will retry if the message matches a fixed set patterns, and otherwise it would just discard it.

There was some back-and-forth over this, because our customer just had greylisting with the "wrong" error message. To be fair, they did turn it off for a few hours and took the conversation serious (none of this "we have passed it along", never to be heard from again) but they got back to us they turned it back on again "because the queues got too large". I mean .... okay.... Seems rather curious to break a fundamental aspect of email because "muh queues". Not having to worry about this sort of stuff is exactly why we're using SendGrid in the first place :-/

My experiences with MailGun were also not exactly stellar. At the time at least, these people literally did not understand how encodings worked and would mangle e.g. Greek or Hebrew emails in ISO-8869-7 or -8. Why? Well, turns out that "emails should be in ASCII or UTF-8 and there is no way for us to know which encoding is used". Ehh ... there is literally a header telling you... I sent a nice detailed email explaining this: no reply. Some follow-ups over the course of a few weeks: no reply. A not-so-nice snarky email inquiring whether the entire MailGun team was suffering from a horrible debilitating disease and if there was anything I could do to help: "well, we just didn't know what else to do as there is no way to solve this"...

I'm hardly an "email purist"; I understand there are practical concerns and the RFC isn't a stone tablet from the mountain. But this was just ridiculous. There are a bunch of other cases both SendGrid and MailGun are actually quite bad at.

Dealing with email providers is always a frustrating experience.

I haven't used DCC, but it looks like an interesting anti-spam toolkit:


It appears to support "weak" IP matching:

> All or part of the IP address of the SMTP client can be optionally ignored by DCC clients as far as the greylist triple is concerned. This feature may be useful for legitimate mail systems that shuffle messages among SMTP clients between retransmissions. See the dccm and dccd man pages.


It doesn't quite sound like it does a job of 100% "same email, same sender, different mx in same domain" -but I suspect it works well enough in practice?

> Usually the DCC greylist system requires that an almost identical copy of the message be retransmitted during the embargo. If weak-body is present, any message with the same triple of sender IP address, sender mail address, and target mail address ends the em-bargo, even if the body of the message differs.

> If weak-IP is present, all mail from an SMTP client at an IP address is accept after any message from the same IP address has been ac-cepted.


I can't recall what I used for greylisting last -possibly greylistd.

Anyway, the smart play these days might be to whitelist/greylist via SPF - I'm not sure if spammers (of the variant caught by greylists) generally have SPF?

See: https://poolp.org/posts/2019-12-01/spf-aware-greylisting-and...


Ed: although if service providers like mailgun simply ignore rfc and only "sometimes" retries... wwell that's a problem.

I actually haven't had huge problems with Google (yet). I'm not sure why.

My experience has been cyclical, as long as you stick to IPv4 with good SPF and your reverse DNS works it will work 95% of the time. The remaining 5% appears to be completely random however.

It’s possible that my issue was too low a traffic to ‘hold onto’ my score with Gmail, since it was one domain and one email address. With some luck you should be able to have enough traffic to avoid that. Best of luck.

When signing up for a trial, the page says:

> To activate a trial account, you will need a reasonably modern browser and a phone number that can receive SMS texts.

It makes no mention of the use of a "hashwall" ... It gives no indication of what the user's browser is going to do ... Just a progress meter with a note saying it will take about 3 minutes.

This feels fishy. Especially if a user doesn't know how to get into the developer console, find out what's running etc.

Just completed my signup. I am going to check if the domain that failed to work with forwardemail.net[1] will work with your service.

If it does, then I'll say goodbye to my $36 and hello to your service.

Update: While setting up, I noticed:

- Ownership record content in `code.codebox` does not fit in the content area and extends entirely too far to the right. I had to inspect and copy out of developer tools.

- In general, UI elements seem not properly aligned, contained.

These are not deal breakers to me. The site might actually benefit from going more old school. Trying to fit everything in a narrow box with large font sizes and padding is hard.

Update: I had already clicked on CloudFlare instructions. It's the friendly stuff that has the problems I mention above. The actual information at the bottom of the page is actually displayed the way I would have expected.

Update: After creating the DNS records, I noticed the checks were still failing. So, I replaced the actual IDN in the textbox with punycode and the DNS checks worked. It would be a better user experience if the punycode conversion step was handled by the UI.

Update: Created a new user on the custom domain. Login box does not accept IDN either but the email composer does show the from address using IDN instead of punycode.

Update: I was able to exchange email with a Gmail user. Did not go to SPAM. But, in my reply, Gmail did give a scary warning about the IDN. To be clear, there is nothing the email provider can do about that :-)

I'll try out a few more custom domains and very, very likely switch. Thank you and good luck.

[1]: https://news.ycombinator.com/item?id=27523038

For the trial hashwall, the browser just does some heavy computations. I guess I should add a warning there, it's probably does have battery impact if you're using a phone for whatever reason.

I'll make a note on the UI elements. Honestly hadn't thought about the punycode usecase, good catch.

> For the trial hashwall, the browser just does some heavy computations.

Yeah, I figured that out, but someone else might think you are trying mine some *coin or something. I am not sure if I would mind it if you did, but it would be good to tell up front what you are doing. It does seem to be a much better than recaptcha.

The fact that it works is good enough for me. I am going fiddle a little more before I sign up, but it looks like this is fills my needs.

I clicked for a trial... after a while I entered my phone, received an SMS, and no indication of what to do with the code I received. No place to enter the code in the web page, nothing.

Second attempt, and I got a place to put the code. Then, while I was filling up the registration data, the page refreshed and started all over.

Third attempt finally worked...

Not the best on-boarding experience, but hey it really is cheap!

Hm, no idea what would've gone wrong in your case. It sounds like something kept closing the websocket used to provide page interactivity or something?

I'm sorry if I missed it, but do you do catchall email service for custom domains? My current email provider (https://mailbox.org) limits email aliases per price plan, the most basic that I currently use allows for 3 + a free root@ and webmaster@. I'd probably be convinced to go through the hassle and switch providers if your service provides an improvement over this limit.

Yes, we have catchalls. We don't restrict how you route anything under your domain, and you can send from any email address you own.

Thats good to know. Apparently my current provider allows for those as well, but honestly the proposal "just email, nothing else" might be attractive enough to try your service anyways.

IIRC, mailbox supports catchall if you sacrifice one alias for it. You’d have to input „@domain.tld“ at the alias config menu.

I had no idea, thanks a bunch! I'll set it up right away!

Yeah, that works for me as well.

You can use x3 domains with catch-all. Just add each one as "@domain.tld" and setup mx/spf/dkim/dmarc as usual. Then the domain will receive with catch-all. However, prepare to be spammed, as many spammers figure that "mail@domain.tld" are always available, so that one will frequently receive spams.

If you need more than three domains, try Migadu(not affiliated, just happy customer), they have no formal limits to their "micro" plan and is cheaper than FastMail. Migadu also allows adding alias domains(something I haven't seen anywhere), basically if you have a mailbox like "merlinscholz@domain.tld" you can attach some more domains as alias, like "@domain2.tld" "@domainx.tld" and those will all receive/send/operate as the same "merlinscholz@domain.tld". Neat feature I haven't found yet on other services.

I use Tutanota and it supports catchall aliases.

12€/yr for 1GB + custom domain + 5 aliases (plus catchall).

Same price for 2GB + Custom Domain + 3 sending Aliases + Catchall + Contacts and Calender Sync + Web Client + hosting in Germany for the old Mailbox.org plan is still the better offfering for me privately as I regularily clean up my Mail + like having calender and contacts integrated.

But 10€/ month for unlimited storage and users is definitely a good offer, too.

Yes you can have unlimited domains/aliases with catchalls and RFC 5233 subaddressing.

mailbox.org supports catchall aliases.

I just want to thanks for the service, I just need email for my personal stuffs and after hassles with self-hosted solution I gave up. The pricing is on point, I'm relying on the free Protonmail and their asking price is too high to me so I signed up for purelymail.

Slightly OT, but what is the best practice to store (archive) email locally after they have been read from a remote imap server?

3 Gb is plenty for a few months of "live" email but after that what should we do to keep those emails -- and still have them searchable if need be?

I have a local maildir[1] account in Evolution. Each of my (IMAP) mail accounts is set so the "archive" command moves the message to a folder under the maildir account (if you're using Evolution, this can be configured under "Defaults" in the account properties for each IMAP account). Anything worth keeping from any of my IMAP mail accounts is archived to the local maildir, everything else is deleted.

The local maildir account is searchable like any other mailbox (I have about 10,000 messages going back to 2003). Syncthing[2] is configured to sync the maildir directory for backup and sync.



I keep everything remote, so that every client gets the whole corpus. For now, that means that indexing is done with notmuch whose command line I use for search... Not as good as a webmail's UI but it puts search results as a maildir so I can open them from any IMAP client as a special folder.

Thunderbird has "local" accounts, you can move emails there and have them removed from your imap server. You can also export emails to .eml files, throw them wherever you like and grep for contents if you like.

Are there any open-source projects similar to Barracuda’s Archiver product?

Looks great!

Supporting ManageSieve is a nice touch. Most sieve services only allow managing sieve through a web UI.

I use Fastmail and like that they contribute to open source mail servers, and do standards work (JMAP).

Does PurelyMail contribute to open source?

In general yes I do contribute to open source, although there's not too much to contribute back to open source _yet_, so the main contribution has just filing Roundcube bugs. (The main mailserver code has diverged too much from Apache James to really be useful.)

Some of the libraries I wrote are open sourced and on my Github account, e.g. the web framework: https://github.com/ScottPeterJohnson/shade

Hey cool - glad to see James being used as well. Hopefully the JMAP support that Linagora have worked on will mean that you can bring JMAP eventually too.

I hope you don't find the pain of diverging from the mainline to be too great. We kind of cheated there with Fastmail and Cyrus IMAP by merging all our changes back to the mainline, since there wasn't much other development happening.

Yea, I do plan on adding in JMAP. It's so much nicer than IMAP, I really do hope it can overcome the adoption hump.

Awesome - do keep in touch while you're doing it. We have some documentation up at jmap.io but of course seeing the challenges that people face as they try to implement is always good for improving the documentation for the next round.

(We're also working on JMAP for calendars and for contacts over in the IETF working groups - hoping to publish Calendars by the end of this year)

Good job, Scott! This is Stan from SaaSHub. I'll be featuring Purelymail on next week's newsletter of SaaSHub. It's a good moment to verify the listing and improve the details.

Cool! I'll make a note of it on my task list (I think I still have the old task on there too, which is nothing against SaaShub, I was preoccupied).

How do you do spam blocking?

I think Gmail really shines at this. It's one of the reason I was thinking of switching to Hey email also, though after reading Hey's reviews I've decided not to. So anyway, would love some comments from users or you about how good you are at separating the wheat from the chaff.

I think SpamAssassin (plus curated greylisting) does a decent job most of the time, although I'm starting to see weird issues with spurious DNSWL tests that pass through pretty spammy mail.

In the long run I'm probably going to replace the Bayesian part of SpamAssassin with something custom, simply because operationally it's painful and I think neural nets are closer to state of the art.

Hey has bad reviews now? Huh. I really enjoy it.

What provisions are in place to prevent someone from opening an account, use it to spam and then putting your IP block on a shitlist with large email providers like Gmail?

Rate limits, feedback loops, and we scan outgoing mail through SpamAssassin. In practice we've only had password breaches causing spam, nothing intentional.

What happens if you die, get frozen in carbonite, or some other circumstance that prevents you from maintaining the service?

Long run it'd probably get deprecated, short to medium run it'd be fine: https://purelymail.com/docs/companyPolicy#bus

Scott, nice service! Two notes:

1. I don't know if it's the social media kiss of death at work, but I'm getting lots of SSL errors trying to load your site. It's a crap-shoot whether it works or not right now.

2. Seeing this post, I posted this: https://news.ycombinator.com/item?id=27711124. If you don't already (did I miss it?) it might be worth tossing up a page or an item in your FAQ teaching people about how they can go about migrating their email address to another/your service. I don't know how easy/hard it is (hence my AskHN post), but the perception is that it's nigh impossible to do.

> 1. I don't know if it's the social media kiss of death at work, but I'm getting lots of SSL errors trying to load your site. It's a crap-shoot whether it works or not right now.

Hard to say for sure. None of the servers really went above 15% average CPU and I don't think they maxed out net, and the health checker for HTTPS didn't have any problems. I'll doublecheck.

On the subject of migration, I'll make a note to add a FAQ for that, thanks.

I think you're typing purelyEmail.com, not purelymail.com.

Two questions from me:-

  Usernames on shared domains:

    1 to 6 letters: $1.00 per user per year
    7 to 12 letters: $0.25 per user per year
    13+ letters: $0.10 per user per year
1. Why does the length of a mailbox name make a difference?

2. Do you support IPv6?

1. Basically what nine_k said. It's kind of a trivial point most of the time- honestly might be a bit overpriced right now.

2. Not at the moment- IPV6 support is a little dicier for mailservers because the scarcer IPV4 address is often used as a antispam signal.

But if I am using my own domain, what difference does it make if it is more "valuable"?

Sadly the lack of IPv6 is a deal breaker for me.

Oh I think there's some confusion here: for your own domains it doesn't cost anything extra, so go nuts with addresses.

Purelymail also has some domains you can use like I can get "koselig@purelymail.com" and then I'm charged in the 7 letters tier for it.

At least that's how it's been for me as a happy user of PM for the past year and a half.

Shorter emails are more catchy, and their total possible number is smaller. So they can be more valuable.

boss@example.com is cooler for some than john.n.johnson.2@example.com, and they will pay.

I think there is also another reason: Shorter addresses receive more spam and spam attempts from guessers.

This is the best pricing scheme for email I've ever seen.

If a plane crash into your house while you stop the service for maintenance, how will the service be back again and can we access our mails?

Sure, i use IMAP and have local copy and backup. But Murphy's law, my Laptop die at the same time and my backups were stolen.


Also, I generally don't stop the service for maintenance, unless I need to upgrade the database engine.

Hey there, cool service. I signed up immediately.

>You cannot have more than $50 in credit at any time.

Just curious, why a $50 limit? I'm the weird kind of guy who likes to pay years in advance. If possible, please consider raising this limit to $100 or even $200.

Risk. To the provider, prepaid fees are a liability.

Yea, this to an extent. Honestly I thought people wouldn't need more than $50 too, maybe I was wrong there.

One thing is not very clear: how many custom domains can I have? Can I use 30 domains with 2 users each (random number, but i do need 3 domains).

How is the mailbox on phone? My major problem with email hosting is the lack of a decent mailbox service that's available on. Windows, android, linux that's either. One-time-purchase or open source. A monthly fee is fine if for unlimited users (I have a family)

You can have as many domains/users as you want. (Unless it's like five billion and breaks the service or something.)

Generally phone access is third party through IMAP. On Android I personally use K-9 mail, but you can use anything that supports IMAP anywhere, which is a pretty good number of options for any platform.

Thanks for the response, suddenly this makes it very interesting!

I wish K-9 had snooze-email, it's the one feature (non-standard) I use a lot

I looked at your About, Security and Privacy pages. I see that you're using AWS, but which region/country/jurisdiction is that located in? Is it safe to presume that since the company is an LLC, the company as well as the AWS country are the U.S.?


Will sign up in a heartbeat as soon as you have CardDAV / CalDAV support!

If you don't mind separating your mail from your CalDAV there is https://fruux.com

(I use a paper diary, YMMV.)

€4/u/m is pretty steep. I'm currently using fastmail which is $3-5/u/m for mail/cal/card.

It is free if you only use it on 2 devices

Yeah unfortunately the main cost I'm looking to reduce is a family domain which I have ~10 family members on.

Consider etesync, which offers client side encrypted Card/CalDAV.

You can still use Purelymail for mail, and have your mail client provide a cohesive mail/contacts/calendar UI.

We do have CardDAV support, and hope to develop CalDAV soon :)

Good luck with CalDAV - it's pretty hairy! I do recommend joining CalConnect if you have the budget for it - you get access to a lot of experts there. Or at least show up to the calsify mailing list at IETF, we're pretty friendly there too. The edge cases in Calendaring are a right pain.

I would recommend using some existing opensource tool for that and not roll your own implementation

Hey Scott - tell me how you got the word out about Purelymail?

Obviously you reached the right audience and they liked what they saw to post it here and generate so much interest. Consider me another subscriber!

Sum total of my marketing efforts: One time I mentioned it in HN comments on a post about Fastmail, mostly because I was going to make a comment about owning your own email domain anyway.

I am usually the classic "engineer who neglects marketing" archetype. Maybe at some point I'll overcome that.

It seems you support TOTP as 2FA.

Great job.

Is it a one person show, or are there people, team, cofounders, and a company behind it?

Just me- check the about page. (It is registered as a company too.)

Do you support DKIM/SPF etc? Are these still useful?

They are still useful. One of DKIM or SPF is required to send emails on a custom domain. Both are recommended.

How are you doing that trial proof of work?

Hash-based proof of work: https://github.com/ScottPeterJohnson/hashwall

Same idea as: https://en.wikipedia.org/wiki/Hashcash

Similar idea to cryptocurrencies.

How do you deal with spoofing?

Depends on what you mean. Inbound email is checked for authentication (SPF, DKIM, DMARC, etc) as part of the spam filter. For outbound email, we ask you to set up at least one of SPF or DKIM before you can send.

I've been using Purelymail as my sole mail provider for over a year now (previously with Fastmail) and it has been my best email experience.

It's a one-man enterprise, which may frighten some people, but I prefer boutique internet companies to the faceless monoliths. (I'd like more of the internet to be made of these small corner bodegas.)

> It's a one-man enterprise, which may frighten some people

Email is super critical for most people these days (eg. 2FA). That sounds like a really scary bus-factor [1] risk, especially considering data is encrypted at rest.

[1]: https://en.wikipedia.org/wiki/Bus_factor

I actually get asked about this semi-frequently. Probably nobody could replace me as a _developer_ on Purelymail, but I've been training my brother to handle extended maintenance and to have handover credentials if anything happens to me personally. (This might be in the FAQ?)

Thanks! Have you looked into source code escrow for this situation?

No, but I will. Thanks for giving me a term to research!

That eliminates some of my worry! Thanks for replying.

> Email is super critical for most people these days (eg. 2FA). That sounds like a really scary bus-factor [1] risk

Not such a big deal if you have your own domain (you should). Update the MX record and point it elsewhere.

I've switched from Gmail to a similar setup a year ago. Honestly, it's been way easier than I expected, in terms of updating everywhere. And I can just point my MX somewhere else should I ever be unhappy with the current provider.

No delivery issues either so far. Seriously, the hardest part about this whole ordeal was getting imapsync to run, to transfer my mails over.

Not using gmail or another big silo is really not that hard, as HN often makes it out to be.

I think my odds of getting banned by Google’s shitty AI is just as much of a risk for me as the bus-factor for a one person show.

I _always_ use that particular phrase for highlighting the importance of information sharing, but I never knew this page existed, thanks!

Fastmail isn't entirely faceless either :p But we're definitely not still the 3-man show that we were before the Opera years (up until 2010).

Obviously, I think Fastmail is worth the extra for the multi-copy redundancy & backups, new features, contributions we're making to the standards world, and not being dependent on a single person - the past few years in particular we've been focusing on not only being able to survive any server dying, but also being able to survive the unavailability of any single person!

Anyway - glad you're happy. Fastmail will still be here if you ever find that you want to move back.

Oh sorry I did not mean to suggest Fastmail was a faceless megacorp, I was thinking of Google, MS, Apple, etc.

I fondly recall many years ago I had some WebDAV issue and got a reply directly from you saying you'd fixed the issue but you were just heading out to dinner and so you'd push to production when you got back. That convinced a few friends to join too.

After about 10 years, Fastmail felt it was shifting to a more "enterprise" focus, which I can understand, and I just wanted to try something a little more "indie web".

Hah, yeah - fair enough. Glad I could fix your issue. Ahh, Webdav. I know the XML libraries a lot better these days and could make that code a lot tighter, but it's still chugging along just fine, pretty much untouched since :)

As for enterprise focus - not so much enterprise, but we are focusing more on the non-technical user. All the power is still there under the hood and available, but it's not so much in your face if you don't want it to be!

Hi, is there going to be a plan like the lowest tier of mailbox.org (esp. the price)? People who just need email with 1-2GB and probably a catch all?

No, that isn't likely. The email storage used is part of our cost, but a relatively small part compared to the support, operations, and development costs. We don't have any other business subsidising the email service, and we're not intestered in a race to provide the cheapest, no-frills product.

I'm happy to pay whatever I'm paying for what you're offering. I had create two support tickets so far and both were dealt with very quickly and by an actual human which makes me trust you guys with my data even more.

This is the kind of feedback I like to hear! Thank you, and the support team will be pleased to hear that you're happy.

It's a shame that I don't think I can ever recommend Fastmail, because I had some really old @fastmail.fm accounts that were grandfathered into their free plan [1], but got deleted because I wasn't in the right frame of mind to log in within the 120 days grace period.

[1] https://fastmail.blog/historical/changes-to-fastmail-service...

Your custom domain pricing is weird. Is it really important to squeeze the extra $20/year out of the first user? It ends up being $50/year for the first user vs $12/year at Zoho. Why not just put custom domains in the basic tier?

DMARC reporting could be a huge value add if you could build something in. That whole industry is a massive ripoff and too expensive for small businesses.

Over 1/3 of our staff are support agents, and support is one of our largest costs, so yes - custom domains do add additional support challenges, and we do need to cover that cost.

Thanks for the suggestion with DMARC reporting. It's not something we're going to work on straight away, but I'll add it into the suggestions for the domain features. Definitely we'd only look at building something pretty basic and low-touch, but maybe that's enough for a lot of small businesses.

Fastmail is not for me because

a) it's expensive for multiple mailboxes (like even three or four mailboxes) and

b) it's right in the Five Eyes jurisdictions (which I try to avoid as much as I can)

but I do appreciate

a) Fastmail's work on JMAP and can't wait for it to become more widely deployed and

b) frank and straightforward responses (including for example in the threads on the Assistance and Access Bill in Australia)

Minimal DMARC reports would be useful. The problem that I see for small businesses is the cost keeps them from even trying it, so they can have problems that never get surfaced.

As an example of where I think the current value propositions are bad, DMARCian charges $240/year for the most basic plan that includes 100k compliant messages in a month. Most small businesses won’t do half that in a year. You probably have good stats to grok that.

I get it on the support thing. I pretty much never use support, so I guess that’s why I always feel like everything is too expensive. I’m always stunned to see how many employees at smaller tech companies are support. Sometimes I feel like I’m subsidizing users that are too lazy to learn.

Heh, yep - you are subsidising users that don't know how to do everything - and they are subsidising you by paying for the engineers to build robust and reliable systems with 24/7 operations support, and developers, and standards authors improving the system for the future... along with the support team.

Anyway, I've already filed the DMARC request internally, and linked to this thread.

> It's a one-man enterprise

For this reason alone, I can't trust that they meet all the security considerations email providers now have as a consequence of all the services effectively delegating either secondary or primary authentication factors (or reset mechanisms) to email.

From the FAQ > Occasionally, obscure email servers will block emails sent through us.

Maybe it's good for personal use or as a throwaway email, but it is not good for main business email. Certainly not a replacement for Gmail or Fastmail kinds. Because you expect the email service to have 24/7 availability and near-perfect email delivery and receiving.

> It's a one-man enterprise

A person can get sick or just wish to take a holiday for a couple of weeks. What happens when service goes down or I need customer support urgently?

> A person can get sick or just wish to take a holiday for a couple of weeks. What happens when service goes down or I need customer support urgently?

I think the expectation of urgency should be put into perspective alongside the $10/year price tag, i.e. if you need someone to get out of bed in the middle of the night $10 is probably not enough incentive.

That said, any issues or questions I've had have been resolved way faster than I experienced with Fastmail.

For me, this would be a major issue for personal emails as well. Even if an undelivered email wouldn't cause a monetary loss it still could have significant consequences, such as upsetting friends or family or missing the signup deadline for your kid's sports team. Personally, I don't mind paying the higher Fastmail prices to not have to worry about this.

Thank you for making this service available. For entrepreneurs who like to launch new ideas with custom domains, pricing models like the one here is a HUGE savings over pay-per-account (or domain) pricing found at most major email providers. Further, it's not easy making much money charging just $10/year, even if the business gets quite popular... so again, thanks for making it available.

I'm quite happy with Migadu for own domain use. I have a dozen that are unlikely to receive email but good to be able to receive them nonethelrss - migadu is great for that as you can add as many domains as you want.

Calendar feature is sorely missing though it seems this service also doesn't have it. I guess calendar is a pain to set up/troubleshoot timezone issues, etc

I think they have calendar the show how to set it up here, they just dont have a GUI for it https://www.migadu.com/guides/thunderbird/

I've also been happy with mxroute.com which has super low cost promos every November (black friday) so I'm on a $15/year plan. Regular pricing starts at $45/year for unlimited domains and mailboxes, 10GB storage.

MXroute is super awesome for device based email. If you have firewalls, copiers, system notifications, backup alerts, etc. it’s a great fit.

The killer features are unlimited mailboxes and per-mailbox quotas. I make a new mailbox for every device and give them a quota that makes sense; 10 messages per day for most. If a device goes haywire, gets compromised, or gets stolen, it’s one mailbox to fix and maxes out at a super low quota, so it’s useless for spamming.

That’s 100x better than the options on Office 365 which absolutely sucks ($$$) for low volume email coming from devices.

You can setup a receive connector on exchange online to trust mail from specified souce IP(s) (ie your onprem mailserver) with no need for additional mailbox licenses... good for alerting/reporting/MFP's etc

I'm curious, what are your thoughts on Zoho mail. You can use your custom domains even in their free tier

Zoho Mail's free tier doesn't include IMAP (for new accounts since about 3 years ago), so you wouldn't be able to use Thunderbird, FairEmail, K-9 Mail, or other third-party apps. Offline access on the free tier is restricted to Zoho Mail's desktop and mobile apps. Zoho's Mail Lite plan ($1/user/month) does include IMAP access, and you'll need to do some calculations to see whether Purelymail or Zoho Mail is cheaper.



It’s only 1 domain I think and they stripped out things like ActiveSync and IMAP a couple years ago IIRC. I use the $1/user/month plan and it’s decent. I don’t use calendars or contacts, so I’m not sure how that stacks up, but the email stuff is good.

The biggest annoyance is that someone used mx, mx2, mx3 for their MX instead of mx1, mx2, mx3, so the dns record indentation doesn’t line up. Lmao.

I've tried Zoho mail and the "problem" is that it's so much more than mail. It's a huge suite of online apps, really. That means if you purely need mail, it'll take a bit of time to find the setting you need.

(It's been three years since I tried it, and looking at my notes, I couldn't get Zoho to sync contacts for me, and somehow didn't get calendar notifications.)

I have a custom domain email address on Zoho and suffer constantly from delivery issues. Sometimes my emails go into spam filters, sometimes they go into a black hole. It’s a huge PITA and I am tempted to either move providers (maybe it’s Zoho’s fault) or just stop using my custom domain (maybe it’s not Zoho’s fault).

Well, I'm no expert and I'm not in any position to say anything negative about Zoho Mail... but the free tier you mention seems to allow for one domain. So it likely won't work if you have, say, 5 active domains you want to receive and send email.

I’ve used Zoho for a while and you can add on domains. It’s pretty cool and the online mail is a pretty decent UI.

These tiny services are cool. I have the cheapest account on Migadu[1] for all my random custom domain emails.

1. https://www.migadu.com

Thanks so much for sharing this! Just spent half an hour reading about this hidden gem and will switch all my projects to them!!

How does Migadu compare to purelymail? I’m not using either and it looks like migadu has their own software stack instead of using something like roundcube, etc. And not just a single person behind it.

Plus one. Great, small Swiss shop with decent support and response time. Never had any issues with them.

Can only second migadu, only think I really miss is a Calendar support.

Screenshots of the mail UI would be awesome.

On the drawbacks blurb, it mentions potential deliverability issues and says they’re usually resolved in a day or two. Through blog entries by mailchimp, I've read this is an extremely hard problem to solve and like playing whack-a-mole. How true is that? For example, I’ve read that trying to host your own email on digital ocean is pointless, which is understandable because of the amount of spam likely coming out of their subnets. Is this service downplaying the issue?

It's worth keeping in mind that MailChimp is primarily a spam delivery service, of course they're going to have issues where they get stuck in spam filters.

The webmail is RoundCube with Classic, Larry or Elastic skins.

I have had a handful of deliverability issues, but every one of these has been due to one of those awful "enterprise network solutions" that does everything wrong.

https://mailbox.org I pay 1 euro per month. With calendar, contacts, file storage and DAV. With aliases and your own domain. Plus it's a well-known company.

But mailbox.org is also priced per mailbox by default. When I checked with Mailbox.org support a few years ago, there was no way to go beyond 25 aliases on a single mailbox (even when one is willing to pay).

Custom domains and cloud storage are €3/month. Not included in €1/month.

Old users had the option to stay on the of 1 euro tariff with all included

I'm not sure price is the parameter to compete on for email services, at least for me. Email is extremely important to most businesses, and if I'm already paying for a domain, and running a business, even the $70 for a Workspace solution is a drop in the bucket. What I need, however, is deliverability, strong privacy and security, good spam filtering, and support when I need it.

I'd encourage you to try doubling or tripling the price so you can afford to hire more people and grow the business :) I suspect the rate of signups will stay the same.

Perhaps you're not the target customer?

Looks good. Fair pricing. I hope it works out for them.

I started out with self-hosting mail-in-a-box [1]. If you really want to self-host, I can highly recommend it. Would be the cheapest option. At some point I decided to let go of it, because maintenance and configuration can still be a bit cumbersome. There was one thing (DMARC or DNSSEC?) which I never was able to set up properly for some unknown reason, even after long hours tinkering around with it...

So I started to look at other mail hosting offerings with custom domain. One thing I like is that gandi offers free mail hosting for a domain you order through them. [2] That's quite unique for a domain registrar.

Also, be aware that free 3rd-party mail hosting with a custom domain does not exist. I started out with the free plan at migadu, but they switched to a paid plan soon after. [3]

The same happened to postale.io after a while. [4] At least I could keep my free plan there.

Zoho is free [5], but their custom mail application and the countless other services they try to sell you completely put me off.

[1] https://mailinabox.email/

[2] https://www.gandi.net/en/domain/email

[3] https://www.migadu.com/pricing/#what-happened-to-the-free-pl...

[4] https://postale.io/faq#What%20happened%20to%20the%20free%20p...?

[5] https://www.zoho.com/mail/

> Also, be aware that free 3rd-party mail hosting with a custom domain does not exist.

I believe two of them still exist in Russia.

* Yandex even has a page in English: https://360.yandex.com/business/tariff

* Mail.Ru has a page only in Russian: https://biz.mail.ru/mail/#tariffs

I’ve been using Yandex for probably the last 6-7 years. Never had any issues or problems with them.

I'll throw my hat in the ring for postale, they are a good service for both individuals and business. Is $1 a month really going to put you in financial stress? Is your business going to die paying $5 a month?

> Also, be aware that free 3rd-party mail hosting with a custom domain does not exist.

You can set up a custom domain on a free gmail account, it's hidden away but certainly possible.

+1 for gandi as a mail host.

> We're not trying to bamboozle you with glossy images, or sell you a lofty ideal.

I appreciate the dig at psuedo-righteous slogan-eering like "Don't be evil.", "Bring the worked closer together". Just fucking email.

When using subaddressing (e.g. example+tag@purelymail.com), can I also send from that address?

The holy grail for me would be an email service that lets me set up catch-all, with the ability to send/reply with any address I want.

> The holy grail for me would be an email service that lets me set up catch-all, with the ability to send/reply with any address I want.

I have this with fastmail. *@my.tld all gets shoved in my inbox and I can send from whatever@my.tld.

Do you need to set up each *@my.tld address manually, or can you just seamlessly reply to emails send to neverusedbefore@my.tld?

The latter, which often makes for an interesting conversation at medical offices and shops when I jot down their-business-name@mydomain.com. The FastMail mobile client makes replying to those emails without “breaking character” easy.

Wow. This is awesome! I wish there was an easy way to do this in Mail.app. While Mailbox.org allows it, my mail client of choice Apple’s Mail needs that <new user name>@tld to be added in Settings.

With improvmx.com you can point a domain at them, and then set catch-all forwarding to e.g. Gmail. Sending is possible thanks to most providers (incl. Gmail) allowing sending from different address after verification, and if you set DKIM and SPF it shouldn't cause any issues.

I'm not the right person to answer but I happen to know that the answer is yes!

From the LLC I'm assuming this is based in the US. I'm not hosting my e-mail with a company based in the US. Other than that, I love everything about this.

> Support for custom domains at no additional charge. You may have as many users on as many custom domains as you like. Custom routing rules are supported, including catchalls to capture any email sent to your domain.

This is huge. This is one of those features that just gets omitted by many email hosts (especially inexpensive ones) and has been holding me back from switching away from a very old, grandfathered, free Google Apps for Business plan.

I would love to have more options in this space but email is to foundational to leave to a beta service that doesn't have 24/7 support, may have black-hole delivery issues and doesnt' have a calendar solution. Charge more and address these drawbacks, or get out of the business. You're offerring 1/2 the required features instead of focusing on the core requirements.

>Charge more and address these drawbacks, or get out of the business.

Why? It seems like this is meeting plenty of people's needs just fine. Not everything has to meet your needs.

This looks great! Sign up for the free trial was pretty slick. I'm not sure how well known Klarna is outside of Europe (I know they launched in the US), but that would be my preferred method of payment. Or.. anything but Paypal (and giving my CC information)

FYI, the credit card checkout option allows for using Apple Pay, so I went that route to obfuscate my CC info (and get cash back, because hey, why not).

At least according to their marketing Klarna make their money by charging retailers, so it's probably not viable for this sort of business.

I recently switched to Posteo from a few years with ProtonMail. Reading from Purelymail's docs and with price being within $3 annually of one another (Posteo is €12 annually)

Posteo pros: comes with calendar and contacts via WebDAV, not registered in the US (Germany is part of 14 Eyes, but not 5 or 9, and the EU is better about privacy), cash payment option

Purelymail pros: more storage @ $10, custom domain support, security key 2FA (though unclear according to docs if this is WebAuthn/FIDO2 or Yubikey vendor lock-in)

Neither: cryptocurrency payment option

Another alternative to Posteo is Mailbox.org [1]. Personally, I use Soverin [2], but that's mostly cause I get it for free with Freedom Internet plus its hosted in The Netherlands. And I can always leave.

[1] https://mailbox.org/en/

[2] https://soverin.net/

Posteo also runs on FOSS and is being endorsed by the FSF - if that matters. They also do 2FA, via TOTP (which many apps support). They offer a migration tool that downloads email from your other accounts.

Both of these email provider options support TOTP so I omitted it; and TOTP ≠ U2F/WebAuthn with a USB token. I have an OnlyKey, but it’s mostly full of TOTP keys already because applications are not supporting WebAuthn. Posteo does not support this, and last I emailed them, they said they do not release information about future features.

Never heard about Posteo. Too bad it does not support custom domains.

The 2FA is just regular TOTP RFC 6238.

can anyone explain what benefits are to a managed email service over rolling your own on a vps server with stuff like mailinabox? you use your custom domain anyways and it allows s3 or backblaze backups so data retention is not an issue. you use your custom domain so in case something stupid happens to your vps provider, you can just restore and be done with it? and its not like managing your own vps email server is much of a hassle, every few months you have to update the install script and thats it

People in HN are weirdly afraid running own mail server. Thats not that hard. If you are web developer, who is capable setting up linux+varnish+nginx+php-fpm+redis+mariadb stack, then I would say that functional mail server has less moving pieces. I think most horror stories are related to trying run own server in bad neighborhood, in some cheap VPS service. Now entire IP block has bad reputation and indeed there is hassle with delivery.

It's not that weird.

Mail is the only critical thing most people run for themselves, really; and if the proverbial excrement hits the fan, mail is useful in fixing the fallout.

Sure, I would be able to acquire the skills to run a mail server, and I know how to monitor it all, and I know about what the moving parts are. But why go through all that hassle to save 10-40 dollars a year?

There isn't much breaking usually, I really don't remember big issues in my 15+ years self-hosting time. I have changed colocation place several times, some places have been offices with average office internet (without redundant links or BGP peering).

I can see issues, if you over-engineer and try build some microservice farm in some cloud provider, but simple physical server with DC grade disks in RAID and backup (tested and out of server) is pretty reliable.

Of course, when you really don't want to do it, then paying for someone else is reasonable, no issue with that. But its not fair to make mail self-hosting look like something very complicated and dangerous, I would say that modern web service stacks are more complicated and fragile. Lots of guys here are writing own internet facing software, handling customer data. Compared to that, using pre-existing mail server software isn't that hard.

i wrote how i used "mailinabox" https://mailinabox.email/

this makes it stupid easy to set up your server. you have to do little config and you are up and running.

I decided to do miab because i had a necessity of "email aliases" in hundreds. none of these low cost email providers allowed that, unless i went with google workspace or 365 if i remember correctly.

rolling my own solved this issue and for the same price plus the "management headache" which i saw as a personal challenge more than a chore. so i am very happy with the results.

gmail has given me headaches in the start but if i send more than a few emails with attachments to gmail, they still flag all emails as spam so that is a recurring problem but not something i cannot live without

its not always about saving a buck. i spend more in hosting +domain than i would if i went with fastmail or zoho or whatever. what it feels like is going from google to zoho. when you own the server, you own the backup on s3, you know you can just switch servers if need be. your addresses and everything comes with you.

i see this as a hobby if nothing else. maybe others have the same idea

Email is different from a website, in a way that if the website doesn't load, I can fix it, reload, and go on with the day. After fixing my email stack though, I can't exactly make the sender retry their email. If I miss it, then that's on me, it's a ship that sailed, and often I don't even know about this.

because of spam many systems agessively block email delivery from IP addresses which do not known to belong to well established mail providers with millions of users. And it is very tedious to unblock it on case by case basis. This is the reason I've stopped running my personal mail server 10 years ago.

If you have new IP and that IP don't have bad history, then your main issue is hotmail and Office365. There is little bit rate limiting over next 24h period, but if you host yourself and don't send unsolicidated bulk messages, then you don't see those limits. Some anti-spam services graylist you, that causes usually 5 minute delay for delivery.

90% spam score comes from message, sending server isn't that relevant (if you base configuration is reasonable: PTR is right, server knows it's hostname and don't EHLO himself as localhost and so on). You can look at SpamAssassin default rulebase[1] for common rules.


[1] - https://spamassassin.apache.org/old/tests_3_3_x.html

well there are checks to see if your ip address is blocked as spam. even then you can just ask your vps provider for giving you a fresh one.

yea, but it have to be done constantly. Somehow you never sure your messages are delivered or if people can reach you. At some point after running my onw mail infrastructure for 15 years I gave up and decided that I would like to oursource this to somebody else, a email provider who have a dedicated team of admins making sure my mail is delivered, so I do not have to worry and spend time on it myself.

I've been using this service for the past year or so and it's perfect for my needs:

- Just works

- Minimal downtime

- All features of email supported

- No frills

- Fast support response

- Dirt-ass cheap. I use "advanced billing" and last month's fees were $0.58.

I tried Purelymail and though I trust the service, Runbox's web interface left much to be desired. I also have mail went to spam with Fastmail that makes me paranoid and always BCC my gmail account for every important email.

One thing that I don't like with Microsoft and Google's mail service is the need to create new account to have a custom domain mail.

I consider the usage of Roundcube for the UI a downside. I've tried Roundcube myself and was not really satisfied. It is difficult for to describe what exactly is wrong with the UI but somehow the usability is not really good. Outlook (web), GMail, or Yahoo Mail all feel better to me.

What I'd really miss would the integration of an external adress book (Google), because I wouldn't want to duplicate all my addresses.

This might be just what I need. I used to run my own email server but don’t have time for that anymore. I run small sites with low budgets and finding a simple email server that costs next to nothing has been pretty hard, specially if I have more than one user. I use AWS SES free tier for sending emails from these sites but unfortunately forwarding email received at SES is not as straight forward.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact