logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Mail-service-provider-recommendations.md (5580B)

    

  1. ---
  2. date: 2020-06-19
  3. layout: post
  4. title: Email service provider recommendations
  5. tags: [email]
  6. ---
  8. Email is important to my daily workflow, and I've built many tools which
  9. encourage productive use of it for software development. As such, I'm often
  10. asked for advice on choosing a good email service provider. Personally, I run
  11. my own mail servers, but about a year ago I signed up for and evaluated many
  12. different service providers available today so that I could make informed
  13. recommendations to people. Here are my top picks, as well as the criteria by
  14. which they were evaluated.
  16. Unfortunately, almost all mail providers fail to meet my criteria.  As such, I
  17. can only recommend two: Migadu and mailbox.org.
  19. # #1: Migadu
  21. [Migadu](https://www.migadu.com/) is my go-to recommendation
  22. for a mail service provider.
  24. **Advantages**
  26. - Migadu is a small company with strong values and no outside capital (i.e.
  27.   no profit-motivated external influence). Email support and a human being
  28.   answers, and their leadership is accessible if you have questions or feedback.
  29. - Their pricing is based on bandwidth usage, and does not rely on artificial
  30.   scarcity like limited domain names or mailboxes.
  31. - Has lots of features for your postmaster - you can treat it as a managed mail
  32.   server for your organization.
  34. **Disadvantages**
  36. - They have suffered from some outages in the past. The global mail system is
  37.   tolerant of such outages - you don't have to worry about messages being lost
  38.   if they were sent during an outage. Still, being unable to access your mail is
  39.   a problem.
  40. - ~~If you are on a trial account, they will put an advertisement into your email
  41.   signature. I don't think that it's ever appropriate for a mail service
  42.   provider to edit your outgoing emails for any reason, and certainly not to
  43.   advertise.~~ Updated 2021-03-12: this is no longer the case.
  45. Full disclosure: SourceHut and Migadu agreed to a consulting arrangement to
  46. build their [new webmail system](https://git.sr.ht/~migadu/alps), which should
  47. be going into production soon. However, I had evaluated and started recommending
  48. Migadu prior to the start of this project, and I believe that Migadu fares well
  49. under the criteria I give at the end of this post.
  51. # #2: mailbox.org
  53. *Update: as of 2023 I no longer recommend this service.*
  55. [Mailbox.org](https://mailbox.org/en/) may be desirable if you wish to have a
  56. more curated experience, and less hands-on access to postmaster-specific
  57. features.
  59. **Advantages**
  61. - Excellent first-class support for PGP, and many other strong security and
  62.   privacy features are available.
  63. - Was able to speak to the CEO directly to discuss my concerns and feedback, and
  64.   have my questions answered. Raised some bugs and they were fixed in short
  65.   order.
  67. **Disadvantages**
  69. - The interface is a little bit too JavaScript heavy for my tastes, and suffer
  70.   from some bugs and lack of polish.
  71. - They are a German company serving mostly German customers - German text leaks
  72.   into the UI and documentation in some places.
  73. - Completing a Google captcha is required to sign up.
  75. # Others
  77. Evaluated but not recommended: disroot, fastmail, posteo.de, poste.io,
  78. protonmail, tutanota, riseup, cock.li, teknik, runbox, megacorp mail (gmail,
  79. outlook, etc).
  81. # Criteria for a good mail service provider
  83. The following criteria are objective and non-negotiable:
  85. 1. Support for open standards including IMAP and SMTP
  86. 2. Support for users who wish to bring their own domain
  88. This is necessary to preserve the user's ownership of their data by making it
  89. accessible over open and standardized protocols, and their right to move to
  90. another service provider by not fixing their identity to a domain name
  91. controlled by the email provider. It is for these reasons that Posteo,
  92. ProtonMail, and Tutanota are not considered suitable.
  94. The remaining criteria are subjective:
  96. 1. Is the business conducted ethically? Are their incentives aligned with their
  97.    customers, or with their investors?
  98. 2. Is it sustainable? Can I expect them to be around in 10 years? 20? 30?
  99. 3. Do they make unfounded claims about security or privacy, or develop
  100.    techniques which ultimately rely on trusting them instead of supporting or
  101.    improving standards which rely on encryption?[^1]
  102. 4. If they make claims about privacy or security, do they explain the
  103.    limitations and trade-offs, or do they let you believe it's infallible?
  104. 5. Do you trust them with your personal data? What if they're compelled by law
  105.    enforcement? What is their government like?[^2]
  107. Bonus points:
  109. - What is their relationship with open source?
  110. - Can I sign up without an existing email address? Is there a chicken and egg
  111.   problem here?[^3]
  112. - How well do they handle plaintext email? Do they meet the criteria for
  113.   recommended clients at
  114.   [useplaintext.email](https://useplaintext.email/#implementation-recommendations)?
  116. If you represent a mail service provider which you believe meets this criteria,
  117. please [send me an email](mailto:sir@cmpwn.com).
  119. [^1]: This also rules out ProtonMail and Tutanota, doubly damning them, especially because it provides an excuse for skipping IMAP and SMTP, which conveniently enables vendor lock-in.
  120. [^2]: This rules out Fastmail because of their government (Australia)'s hostile and subversive laws regarding encryption.
  121. [^3]: Alarmingly rare, this one. It seems to be either this, or a captcha like mailbox.org does. I would be interested in seeing the use of client-side proof of work, or requiring someone to enter their payment details and successfully complete a charge instead.