The title itself is quite descriptive:
- Do you use some of the common mail providers, or a lesser-known one?
- What are the advantages of your workflow?
- Do you pay a subscription to your email provider? Would you?
- If it is self-hosted, please, elaborate! What are the obstacles, how hard is it, do you feel it is worth it…?
Fastmail. They are trustworthy, quick to respond to service requests, and rock solid. I can count the number of outages in the past ~10 years on one hand.
+1 for Fastmail. I’ve been using them for several years now and they’re very reliable, have a really solid web UI, and from what I can tell a solid position on security. They also contribute to moving the state of internet mail forward by improving Cyrus and contributing to RFCs. All in all I’d highly recommend them.
That’s another good point: they are by all accounts a solid technical citizen, contributing back and moving the state of the art forward. I like to reward good behaviour when I spend my money, and it’s nice to be able to do that and get top of the line service, to boot.
I also switched from Gmail to Fastmail.
The funny thing is that for the amount of press that Gmail received/receives for being “fast”, once you switch to Fastmail, you realize that Gmail is actually very slow. The amount of bloat and feature-creep they’ve introduced is fascinating.
You’re talking about the web interface or the speed at which the mail is sent?
The web interface.
I just use thunderbird (and k9 on mobile). I don’t see why you’d ever use a web interface for email when a standalone client is so much nicer to use.
I’m on a desktop client too (Evolution). Just pointing out the advantage of Fastmail over Gmail. :)
Love Fastmail. I only wish more tools had first class CalDAV/CardDAV support. When I switched over, I was genuinely surprised how pervasive it’s become to slap on Google account sync and call it a day, even in FOSS. Aside from the built-in macOS/iOS apps, most solutions involve fussing with URLs and 3rd party plugins, if it’s supported at all.
Fastmail has a link generator for CalDAV so it’s super easy to get the right URLs. I do agree for 3rd party plugins, it’s annoying to have to install add-ons for standard and open source protocols…
It was the best one I found, too, overall. I dont know about trustworthy, though, given they’re in a Five Eyes country expanding police and spy authority every year.
Maybe trustworthy from threats other than them, though. I liked them for that.
Yeah, I’m not concerned about state level actors, or more properly, I don’t lose sleep over them because for me and my threat model, there’s simply nothing to be done.
I’m not worried about the state spying on me, I’m worried about the apparatus the state builds to spy on me being misused by service provider employees and random hackers.
If those are your concerns, using PGP is probably recommended.
That will be most folks, too. Which makes it a really niche concern.
Maybe it oughtn’t be niche, but it’s pretty down my list of practical concerns.
I use Fastmail as well, and became a customer by way of pobox.com acquisition.
I’ll have to add, this was about the only time I can ever recall that a service I use was acquired by another company and I was actually fine with it, if not a bit pleased.
My thinking was along the lines of “well, the upstream has purchased one of the biggest users of their tools, can’t be bad.”
I’ve not had any noticeable difference in the level of service provided, technically or socially, except the time difference to Australia is something to keep in mind.
I do hope that no one here in the US lost their jobs because of the acquisition, however.
Nope! We’ve hired a bunch more people in both offices, and the previous Pobox management are now C-level execs. We’re pretty sure the acquisition has been a win for just about everyone involved :)
I can also recommend it, especially due to their adherence to web standards. After 10+ years of GMail, the only functioning client had been Thunderbird, which too often too large. Since switching to Fastmail, I’ve been having a far better experience with 3rd party clients, and a better mail experience in general (probably also because I left a lot of spam behind me).
I second that. I was searching for a serious e-mail provider for a catch-all email, calendar and contacts.
I had trouble setting up my carddav autodiscovery DNS configuration and they helped me without considering me as a “dumb” client. Serious, clear and direct. The most efficient support I could’ve encountered by far.
It’s paid, and I’m paying the second plan (of 5$/month), and I think it’s perfectly fair, considering that, firstly, e-mail infrastructure is costly, and secondly, that their service is just plain awesome.
They’ve recently added the ability to automatically set up iOS devices with all of their services when you create a new OTP. I didn’t know that I needed this, but it’s a wonderful little bonus. It’s stuff like that that keeps me happily sending them money, and will as long as they keep doing such a good job.
I did not know about such a thing, since I’m not an iOS user, but sure sounds nice !
Do you know if they store the emails in plaintext server-side?
It’s a good question. I don’t know, and would like to. I’ll shoot them a mail.
Their help page on the matter isn’t clear, although it does describe a lot of things that seem pretty good. Now you’ve got me wondering. (Happy Fastmail user here, and I even convinced my wife to move to it from GMail!)
edit: It does sound like it’s plain text but you could read it a couple of ways.
Encrypted at rest (encrypted block devices), but cleartext available to the application because we need it for a bunch of things, mostly search, also previews and other bits and pieces. Of course, the applications that hit the on-disk files have their own protections.
I’d imagine their disks are encrypted as a whole - but not using per-mailbox encryption based on keys derived from individual user passwords.
However, even if such claims are made you can’t verify that and shouldn’t trust a companies word on it. I’d recommend PGP if that is a concern.
If this is a feature you’re looking for in a hosted solution, Protonmail is probably your best option.
Up to a point you can, Protonmail has released their webmail client as open source. Of course, with today’s JavaScript ecosystem it’ll be very hard to verify that the JavaScript code you are running actually corresponds to that code. Also, you can’t verify they’re not secretly storing a plaintext copy of inbound mails before encryption. But down that path lies madness, or self-hosting.
And the desperate hope that your correspondent also is sufficiently paranoid.
+1 for Fastmail. Switched recently after self-hosting (well, the last several years at a friend’s) since the dial-up days and I’m satisfied.
Another Fastmail user here. I switched from GMail and my only regret is that I didn’t switch sooner.
I don’t think there are any workflow advantages, but I appreciate that they don’t track me, and I trust them more than Google.
I have the $30 per year subscription.
One of other things I want to highlight is reliability/availability. Making sure I dont miss important emails is even more important than privacy to me. Newer, smaller, and privacy-focused sites might not have as much experience in keeping site up or getting all your mail in reliably.
Fastmail has been around for quite a while with positive feedback from everyone Ive seen. So, they might perform better than others in not missing/losing email and being available. Just speculating here based on what their customers say.
SMTP actually tolerates outages pretty well… I’ve had my self hosted server down for a couple days, and everyone resent me everything when I fixed it.
Haha. Good to know.
What service do you use for Calendars and such?
I use FastMail for calendars and contacts. I actually don’t use it for e-mail much since my ISP is pretty ok.
For Android I switched from CalDAV-Sync + CardDAV-Sync to DAVdroid. Both work but the latter is easier to configure (by way of having less config options).
I tried self-hosting Radical for a while but for the time I had to put into it I’d rather pay FastMail $30 per year.
Fastmail! We have a family email account and shared calendars and reminders and suchlike, and I have a personal account as well.
I use https://protonmail.com. I wanted a Gmail alternative that was private and fully encrypted. I pay for the plus model so I can use my domain, I did not want the hassle or expense of a self-hosted model. I have been completely happy with Protonmail. I have used them since they were in beta.
Yes, +1 for ProtonMail. From the small research I’ve done, they’re the most secure email provider. I also use my own domain.
ProtonMail is great. The search function is a little bit slow, but since its encrypted at rest it kind of has to be.
There are a couple of features that are great. The one I get the most use out of is having multiple address connect to the same email account. I have several email addresses, one for personal use, one used for signing up accounts, one for newsletters (or other noisy notifications), one scoped to projects, etc.
There is also ProtonMail’s Bridge that gets around some of the security issues with IMAP/POP creating a connection over TLS, which then locally runs a IMAP/POP server on your machine.
They have also had their OpenPGPjs (A opensource PGP impl in JS) library audited.(1)
2 major caveats for anyone who is considering an encrypted email service is that
1: It wasn’t directly them, more the community around OpenPGPjs, which they are part of. I’m also unsure of the original ownership of this project, but that can get muddied with opensource sometimes.
I also use protonmail, no particular complaints about it.
I have the Visionary plan and seamlessly migrated my email to them - including my whole archive which goes back about 13 years or so, once the bridge was out.
It’s a very nice and simple web client, and the apps are good enough that they just work for my parents.
Overall, I like it very much.
Self-hosted on OpenBSD with OpenSMTPD and dovecot. Self-hosting my emails for over a decade so I’ve been through all ups and downs. I like to run my own stuff, have a maximum level of privacy and always learn new stuff. On the downside, I nearly lost my complete inbox twice (restored from backups, so take backups!), learned very fast that having a primary and a backup MX is different from having two primaries.
I am also self-hosting using OpenBSD, OpenSMTPD and dovecot for a number of years. I’ve got a primary and a secondary server with SPF and DKIM. My netblock was blacklisted by outlook.com but was easy enough to fix by filling into an online form.
I also recommend to get yourself onto whitelists like https://www.dnswl.org/.
I think it’s really cool that you are self-hosted but I have to ask; how are your delivery rates? Do you have DKIM and SPF records? I know it’s quite the challenge to develop a good sending reputation so I am always curious to see how others fare.
I have SPF records (mainly to make google happy) but no DKIM. However, DKIM is not a hassle to set up. There are plenty of good howtos out there.
I cannot complaint about reputation, it seems all my email reach the recipient (and yes, also the ones at gmail). I once had some trouble with outlook.com and German Telekom when I had a system at Hetzner because their IP addresses have a very bad reputation. Once I moved away, everything works fine.
Did the same 4/5 years ago. Never looked back and would not go back to a third-party provider for a million bucks.
Mailbox.org for 1€ per month.
The interface is not as good as Google, but they will not shut down my account if I make the wrong comment on YouTube. Even if they do, there is a support channel.
I’m also an mailbox.org, with a custom domain. I barely use the web interface, which is ok but not great. Seems reliable and they appear to know what they’re doing.
I’ve also been on mailbox.org for almost 3 years now. I had to disable some of the spam filters when it turned out that mailbox blackholed a conference acceptance email(!) that I’d received. Other than that one incident, I’m happy with them.
I self-host. Pretty easy with sovereign. Or if you want to use NixOS: simple-nixos-mailserver
Definitely worth it, even just for learning how email works.
what OS do you use for sovereign?
I tried to apply it to Debian Stretch (with ansible 2.8) and it just would not even go (complains about setup module failures)
Have you encountered any problems with sent mail being caught in spam? that’s one of the most common problems I’ve heard about with self-hosting.
Yeah, but it’s not so bad after you setup the DKIM etc records properly. The sovereign README has instructions on how to do all that. The situation improves as the age of your domain increases too, I think.
Self hosting with OpenSMTPd
I can’t believe no one has mentioned Riseup yet. I could try to explain all the things that makes them great, but you’d be better off just reading this https://riseup.net/en/about-us.
How do they plan to avoid the same scenario that hit HushMail?
I would also love to know this. They’re based in the USA and could get hit any time. Even assuming that I trust their canary, I don’t trust their country’s laws.
Not trying to criticise them: my country (Spain) is no better, and I appreciate them going out of their ways to provide privacy for their users unlike most mail services.
Self-hosted using Postfix and Courier-IMAP, with spamasassin, graylisting and various blacklists. Everything in my own control, easy to backup. I’d never use a public mail service, especially one from a huge corporation.
Are you using your own “home” internet connection for the SMTP server? Or a dedicated host/VPS?
It’s been running on VM’s in a dedicated box at a VPS/Colo provider where I have a subnet of ipv4 space. This allows me to move the subnet to different hardware when needed, configure forward and reverse dns, and have my own whois data. Though just using a VM at a VPS provider would be more then sufficient.
Also self-hosting on FreeBSD with Postfix and Courier-IMAP since, like, 2000.
Wow, there are a lot of self-hosters here. I self hosted back in University, then used Gmail for a number of years, and went back to self hosting around 2013. I recently migrated my server from openSUSE on Linode to OpenBSD on Vultr. Here an Ansible role if anyone is interested:
https://github.com/sumdog/bee2/tree/master/ansible/roles/openbsd-email
My stack: Inbound: OpenSMTPD -> SpamPD (spam assassin) -> OpenSMTPD -> ClamAV -> OpenSMTPD -> procmail -> dovecot Outbound: OpenSMTPD -> DKIM proxy -> OpenSMTPD (relay)
Try fdm instead of procmail: https://marc.info/?l=openbsd-ports&m=141634350915839&w=2
I self-host. I’ll talk about self-hosting from a hosting provider perspective, though.
One of the routine abuse reports we get are for spam. Typically these do not come from folk self-hosting email, it’s more common for a webserver to be exploited and to begin sending spam. It does happen though that a misconfiguration leads to an open relay or a mail server participates in some kind of relay, bounce, or amplification attack.
When I get one of these abuse reports I forward it to the server operator and we work to resolve the problem. I also purchase the RADb Host Reputation report to monitor my entire IP space. I spot check in other spam registries from time to time.
For self-hosting email, you want a hosting provider that will:
I suspect the self-hosting experience is better when your network operator is aware of and supportive of self-hosting. It’s more common for an abuse report to come in to the network operator than the server operator, and it’s nice to know that a network operator won’t throw you under the bus (say by summary blocking of your outgoing mail) if something goes wrong.
Previous discussion here.
I self-host since years on a VPS with Postfix and Dovecot, spamassassin and OpenDKIM. I do it mainly for two reasons: full control over the process (I make extensive use of Sieve scripts) and learning how the e-mail ecosystem operates. And privacy, esecpecially once I get to move the entire thing into my basement.
The main obstacle I have is actually that my e-mail is qualified as spam by large providers (most notably Microsoft-based services, especially outlook.com) without any reason I could identify. I do have a proper PTR reverse DNS record, I do have working SPF and DKIM. My IP is not blacklisted anywhere. I have come to the conclusion that there’s a policy at Microsoft that says that you’re spam if you’re not a large e-mail provider. For important e-mail, I always have to call or send a chat message to ensure the recipient checks his spam folder.
This is the sort of thing I always worry about when I contemplate self-hosting.
ProtonMail. And I do pay for a subscription.
I’ve been self-hosting since around 2002.
I’m using FreeBSD + Exim + Dovecot and pepperfish.net (run by some friends) as my inbound MX for spam filtering as I got fed up of trying to keep up with making spam filtering effective.
I like having full control over data and storage, and having mail going back this far would be troublesome to migrate to another service. I mostly use Mutt locally on the mail server, but occasionally use an IMAP client. My Mutt setup has barely changed since ~2002 and my workflow in it is fairly well ingrained now.
It used to be a pain running things myself when I received mail directly (not via Pepperfish) as my spam filtering wasn’t up to scratch. Since I fronted with Pepperfish it’s taken all the pain away.
I have Gmail as a secondary account.
I used to self-host. About a decade ago, as soon as Gmail introduced Google Apps (or whatever it was called back then), I switched, and have used it since. For my new domains I use fastmail, mostly because everyone told me how amazing it is. It’s okay, I guess, there’s nothing wrong with it, and I appreciate the business model (you know, actually paying for stuff), but I don’t see what’s so amazing about it. I suppose I view e-mail as a commodity, and every provider is the same to me, as long as it works.
Since I am pissed about Google in general, and now Gmail in particular (they fucked up the UI and added more crap once again), I will move my primary account off Google. I think I will self-host once again. I know how to do it, and I’m generally the type of person who like to do things by myself, if it’s feasible. It’ll be one of my physical boxes, somewhere colocated in a DC. I don’t believe in cloud computing.
I self-host. I use HardenedBSD with Postfix, Dovecot, Mailscanner etc.
Office 365, with a domain that is routed through them to my Exchange server. I did this so that I dont have to deal with the never ending battle of people’s systems automatically sending everything I send to spam, and trying to maintain any sense of real management.
Since I use my own Exchange server, I can connect whatever clients I want, however I see fit. I know it’s weird but I like Outlook 98 on Mac OS 8…
I host my own, and have since 1998 (back when I was wrangling servers for an ISP/web hosting company). I’ve had the current IP for my email host for probably 10 to 15 years now, so it’s clean. I’m also the only user, so no spam goes out.
I currently run Postfix with a greylist daemon. I check email directly on the server using
mutt(which I’ve noticed lowers my outgoing email spam score by a lot). I’ve configured SPF, and I have a valid PTR record for my server. Except for some rare hiccups (mostly a decade ago with AOL, Yahoo and Google—go figure) I have had no issues. I attribute this to longevity and a slow boil [1] than anything else.[1] In the frog sense. I’ve had to keep up over the years; I have avoided having to start from scratch today.
I’m curious, where do you get your own Public IPv4 address?
I have a virtual server at a data center from the company I used to work for.
I understand. Where I live IPv4 are uncommon, and abundant, but the entities behind them aren’t trustworthy.
mailbox.org - they allow completely anonymous accounts (not a feature I use, but something I like supporting!). They also support SPF, DKIM and all those things you usually won’t find easily with mail providers imho :)
I self-host, using Exim4 on a Debian VPS. I log in on the machine and use mutt to read my mail, so there are as few ports open as possible (no web mail for sure, but no need for IMAP/POP either). I’ve been ogling Hato with the idea of trying that for a long time, but entropy’s a bitch, so I haven’t gotten around to it and probably never will.
Postfix (or qmail if you’re brave) is probably more secure than exim, but exim is super powerful and tweaking it precisely to your liking is a bit of an art form which can be its own source of joy (and frustration as mails get dropped on the floor while you’re tuning it…).
Hosting your own is a huge pain initially, but once you’ve shaved all the yaks (most of them for getting around Google’s draconian filtering rules) like rDNS, getting your DNS correctly set up for IPv6 (or avoiding it completely for e-mail), SPF and DKIM, DNSSEC and eventually SMTP over SSL, everything works really well. There’s nothing like the smug feeling you get from knowing you have everything set up just right and are as “off the grid” as possible regarding all the commercial parties that snoop on your communication. Except of course that 99% of the people you want to exchange e-mails with is using one of those parties…
I have self-hosted for over 20 years. Most recently based on sovereign with some mods.
Self-hosted on OpenBSD with OpenSMTPD, spamd, bgp-spamd, dkim-proxy and dovecot. Android client is K-9, (neo)Mutt + mbsync (isync) on PCs.
Self-hosting is great.
Since I use Gandi as a registrar for my domain names, one of the oldest registrars in France (that supports free software and associative projects), and that it offers mail services (for people, not bulk sending email) for no additional cost, I use Gandi Mail for my new accounts (haven’t completely migrated from GMail).
They offer 2 mail boxes per domain names (5 for older customers with existing domains), with infinite number of aliases per mail box that support wildcards (e.g.
*@example.comfor easily using one email per account in a single mail box).They support Sieve rules/filters (e.g. when the built-in anti-spam is not enough, or if you want to automatically send responses).
They also have a paid plan if you want more storage.
I use Fastmail for my primary inbox because gandi doesn’t push messages, but all my secondary accounts go through gandi - fantastic service given it’s free with the domain registration.
What do you mean by “doesn’t push messages”? It feels like they are actually.
On ios, at least, I’m using mail.gandi.net with IMAP.
Mail for that account never arrives in the background (only after I open mail.app) whereas my other accounts deliver mail immediately regardless of what else I’m doing.
I don’t have this issue on Thunderbird and K-9 Mail.
Self-hosted for years; postfix+dovecot, and a few other add-ons for spam, security, etc.
Self-hosted on Debian using iredmail. Used to run my own exim/MySQL setup for years (& qmail before exim), but decided to switch hosting provider and do everything fresh with all the latest everything. Started getting deep into research on imap and smtp servers and spam and antivirus filters and dkim and dmarc and … eventually just gave up and used iredmail, even though it uses postfix (which I’d avoided for years because of the whole djb/Venema spat). It’s really easy to set up, uses secure protocols by default in every part, still let’s me have complete control over it all, and gives me roundcube webmail for free (even though I barely ever use that, mostly imaps). I’ve been running it for about 2.5 years and never ever have to look at it apart from the odd upgrade, which is reliable & generally works pretty easily too.
I used migadu.com for a long time, but am switching to self-hosted kolab now, as I want the synced calendars/reminders/etc across devices.
I like migadu because they are 1) outside the US, 2) charge based on USAGE, not on the # of accounts/domains(of which I have a bunch), which is nice. Also they are cheap. But I don’t like that they run a JS based mail server, which is not so fabulous.
Have gone from self hosted, to gsuite to mailbox.org
Mailbox.org is in a country with good privacy laws, uses opensource and has good PGP support, upload a public key and mail is encrypted on reciept. Combined with K9 makes using PGP a not unpleasant experience. Also setup a few accounts for family on my own domain and can have shared calendars etc.
Long term goal is to go back to self hosting but in the meantime very happy with mailbox.
mailbox.org seems nice. After using it for a couple days, I topped-up a year’s worth of fees and I’m slowly migrating away from Gmail.
I have an almost-20-year-old vanity domain that’s been hosted in a variety of places. Currently (since like 2007 or so) it’s at Google and I use GSuite or whatever they’re calling it these days. Works well because I also have an Android phone that uses the same Google account, etc.
My laptop died and so I’m actually using my wife’s old Chromebook now with the new ability to run Linux…it’s surprisingly usable. Like…it’s good enough that I don’t actually have a compelling reason to change except for the whole “Google now owns my entire life” thing.
G Suite / Google apps
Self-hosted iRedMail running on CentOS 7 VPS, very easy to deploy and to handle, my emails are doing great. The web interface is smooth and pretty and the configuration for external clients is very straightforward.
I’ve been experimenting with Tutanota. I’m very close to switching my domain to it from Gmail.
Apple Mail. Integrates magically to every device I currently use, and I trust Apple in the privacy sense. It lacks plenty of advanced features, but it turns out that none of them were essential to me.
The mail is essentially free of charge, but I do throw some money towards Apple to get me larger storage.
3 types, in order of importance:
I’ve combined all of those into Thunderbird which is always running. I only touch an e-mail system with a web interface when I don’t have my own phone or laptop with me.
👋 Do you use Twitter by any chance? I’m enjoying your comments here but can’t find you elsewhere on the internet!
I sent you a PM.
Runbox. Using it for 5 years and it has been totally reliable. Had to ping them exactly once in all these years and my issue was resolved by an engineer (!) in less than 5 minutes. USD 50/yr for the medium plan. Totally recommend it.
Currently using my own domain with an old Google Apps account that has been around since the time wehn they gave them away for free. It is still free, but I have been looking into other providers, because I don’t really like some of Google´s practices and you never know when they will retract the old, free accounts.
So I have been looking for a provider that has both shared calendars and some kind of “family account” option. I think Fastmail had this at one point, but they retired it? Anyway, does anyone know a provider that have family accounts for at least 5 - 10 users for at most $10 / month?
Used to self host. Spam required lots of processing power. Maintenance of the OS was painful with conflicts over packages that weren’t solvable. Work involved not to get seen as a spammer. Ended up using whitelisting for incoming mail. Too painful after some years.
Went to gmail with free google apps for domain to let me use my own domain and then all forwarded to a ‘normal’ account. 2FA applied of course.
With password resets going to email, not sure who else I would trust to keep my mail secure. Microsoft maybe, fastmail perhaps.
I don’t really use email much any more. It’s just for password resets and some things stuck in the past, like contact forms on websites.
Fastmail. Yes, I pay for a few years ahead.
I self host since a few years, using Exim, Dovecot replicated on 2 different servers at 2 different providers, Rspamd and Rainloop for the few times when I have only a web browser available.
I have SPF, DKIM and DMARC records, I’ve had the chance of inheriting relatively clean IPs from the providers in question (Hetzner and OVH) and I’ve never had any issue in removing those IPs from the 2 or 3 blacklists the previous owners had managed to get into.
For the moment, both Gmail and Hotmail accept my emails (that is, no bounces, no deliveries in spam folders and no email disappearing into thin air).
I do not plan to move to a hosted provider for my email, the only maintenance I perform is staying up to date with the above packages and having some alerts in the logs if something goes wrong.
If I had to do it again, I would use OpenSMTPD instead of Exim, only because reading the configuration file seems way easier.