50 comments

[ 0.20 ms ] story [ 121 ms ] thread
Your email address is too important to leave in the hands of a third-party provider. This isn’t to say that using a third-party provider to run your email is a bad idea. You should own the domain, though.
Perhaps it’s time for the development of a standard where your email address isn’t tied to a domain; instead, email is addressed to an identity and the underlying plumbing automatically handles routing and delivery. Very similar to how your mobile phone number is portable between providers.

We can’t expect everyone to own a domain to control their messaging sovereignty.

What should it be tied to? Who would maintain the mapping of names to addresses, and wouldn’t this just be reinventing the domain name system?
DNS is for service discovery, not identity discovery and routing. I leave the rest of your questions for the standard to be developed. I don’t have all the answers, but am willing to pay people smarter than me to figure it out. Accept this sub thread as the official Request For Comments :)
You own private key. Public key is your identity. Public key could be linked to facebook, twitter, github accounts, etc, so you can easily discover or verify people.
(comment deleted)
Yeah! Keybase + FastMail’s open JMAP standard is the model I think you’d build on.
Wasn't that the idea behind .name TLD initially? Until they sold out and became yet another ccTld
Wouldn't that approach also be doomed to failure? How would you provide a unique domain to every John Smith in the world?
Yes. I also made the choice to pay for my email hosting from a reliable provider, it's cheap (1.5$ month) and I'm considered as a customer, I can have a support with real humans.
Care to share which company?
I use KolabNow, can strongly recommend them for reliability, security, support.
True, but an added complication is that you have to be really, really careful about your domain. You have to trust your registrar, set up 2FA, and make sure it never expires, etc. So in the end, owning your domain isn't foolproof either, it's also another point of failure (similar to Google deleting your account, although one you may have more control over).

For what it's worth, I use Fastmail + a custom domain and couldn't be happier. But I'd hardly recommend it to everyone for personal email.

As someone considering either Fastmail or Protonmail, could you share what your experience is like and why you chose Fastmail?
I recently did a big survey of the mail hosting market. I settled on migadu. Have used them for two months now and am very happy with them. Consider checking them out.
You have real customer support (a person) who gets back to you in a timely fashion and is always helpful. The android app and web app are intuitive and easy to use. I switched from Gmail to Fastmail a few years ago and couldnt be happier and it's cheap.
15 year Fastmail user here. Fastmail has been great, no downtime, and I don't really think about it at all. Good web client and you can do filtering if you need to.
Same setup as the comment you're answering to.

They've just been super reliable and mature for me. No huge updates that force me to adjust. Interface is nice and clean, uptime and service super reliable. Everything just seems to work for me (aliases, forwarding, filters, good Android app), and the pricing is within reason.

I actually use their web interface and official Android app. I'm surely no power user, but have used various providers over the years until I settled with Fastmail (seemingly for good). It's difficult to decide whom to trust with e-mail but to me they seem trustworthy. I still like to have my own domain, so I could in theory take it with me, if I ever started being displeased.

In general: Paying for a service (especially e-mail) is invaluable (my data not being mined), also for potential account recovery (didn't use their customer service often, but when it happened, it was decent).

I can't comment on ProtonMail but especially with e-mail, a proven (long term) track record is gold, and Fastmail has it.

addendum: upon rereading it almost sounds like a Fastmail commercial. I'm only a satisfied user without any further connection towards the company.

I'm not sure if email can ever be secure, or put better if I could ever set it up and keep it secure. So the jurisdiction issue wasn't a big factor for me (although I'd prefer Switzerland over Oz's warrants with gag orders).

At the time when I evaluated, FastMail just worked, and their standard support remains excellent. IMAP works great. The ProtonMail bridge thing put me off to be honest. There's not too much else to it.

Either way though, both were preferable to Gmail, which I wanted to drop along with all Google stuff if I could. And being lazy/just wanting it to work, I chose Fastmail.

I think I’m trying to decide on the tradeoff between ProtonMail for privacy reasons and FastMail for good support. It’s not clear to me what implications there are for the bridge thing or their location.
The privacy stuff has been discussed to death elsewhere. All I can say is compare the setup instructions for either service on desktop and mobile (especially if you're on iOS). Maybe calendar and contacts sync too, if you care about that. If you can live with the ProtonMail way of doing things, go with them, else FastMail.
I’ve also been running custom domain on Fastmail.

Between those two, proper IMAP support (including IMAP push) is the big thing. Webmail generally drives me nuts for anything beyond stopgap usage, and while ProtonMail has a local IMAP adapter thing it’s a step too involved for me.

IMAP support is incidentally also why I don’t use Gmail. Their IMAP implementation is spotty and notoriously bad with Apple Mail, whereas the experience with FastMail is flawless.

I switched to fastmail from migadu last year. My killer feature is being able to use a custom email address per company without having to provision one (ie, a catch all that you can do send as x from).

I left migadu because they repeatedly demonstrated they were neither professional nor reliable enough to host my email (that is bargain basement pricing for you). I looked around and trialled several services on my other domains; I settled on fastmail as they had a proven track record with recommendations from people I trust who know email, every feature I wanted, and decent pricing.

My stack is: Custom domain (current registrar: namecheap) Fastmail for email, Calendar & Contacts hosting with DAVx5 & Fastmail App on Android, Netlify for DNS & static website hosting Switched everything over from Dreamhost after 14 years or so in 2020, and the only thing that would make me happier with Fastmail would be for them to have global holiday calendar syncing (This is the only reason my Fastmail account is linked to a dummy google account - to sync holidays!) I get to use email aliases, catchalls and a mail system which can automatically file mails before I have manually written a single rule. Off the top of my head, the aliases, the sensible (vim-like) keyboard shortcuts (g for search folders, j-k for navigation, etc.), built-in caldav and carddav support are the things that make life easy on a day by day basis. Notes are about the only thing I don't use, but my encrypted Joplin notes are actually synced to the Files section on Fastmail via WebDAV since Fastmail also offers you decent (At least 10GB if you have a standard plan, which you need for a custom domain) of WebDAV accessible storage along with email...
Owning a domain with a registrar like Hover (or if only for email, through your mail provider) is really not that complicated or difficult. You get an email once a year that it will be renewed, they charge your card, and it’s done.

And 2FA? Yeah, if you’re not already doing that for PayPal, Venmo, eBay, and others, you’re not gonna add it for your domain. If you are already doing that, it’s no extra burden.

For making sure it never expires, I recommend (1) initially buy it for multiple years, (2) every year on your birthday (or on Christmas, or on some other date that is significant to you) add another year, and (3) put a recurring entry on your calendar a week or two after the date from #2 to check to make sure you remembered #2.

I'd recommend for #2 picking a date that you do other annual preventative stuff on, such as changing your smoke detector batteries. That way you build an association in your mind between that other stuff and extending the domain, making it further unlikely that you will forget.

Generally, you can start out with 10 years. Some registrars offer even more, but the underlying registries generally only support 10 years. The registrars that offer more do so by doing 10 years with the underlying registry and then automatically extending that every year transparently to you. If they go out of business more than 10 years before the end of the term they purported to sell you, those remaining years will go poof.

Also have on your calendar reminder for #3 a reminder to check to make sure your contact information still works, particularly email. If you own domain X and use it for email, you probably don't want to use an @X email address as your contact address for the registrar you registered X from. If something goes wrong with your account or domain at the registry and they try to contact you, you don't want their email to you to get eaten by whatever problem they are trying to contact you about.

Or use something not quite as shady as most registrars. I only use the local ccTLD hostmaster and if I somehow cancel my automatically paid yearly bill and don't react to the emails then I'll get a letter by snail mail. Domains only go poof in places with shady registrars and no proper system to handle payments (which sadly is a lot of the world).
Don't you also depend on a third-party for your domain, though?
Yes, but if one goes out of business you can buy your domain from someone else! Or even transfer it, if you are warned a nonzero amount of time in advance.

Being able to keep your address across service providers being the important part here, that way your online life doesn't get in a huge jumble when your provider goes away.

I've hosted email for myself and some other users for decades now. We all own our domains and aren't getting any younger. I'm a little terrified of the responsibility I've taken on and have no idea what I'll do when we start dropping like flies. Renewals will lapse, allowing squatters to snatch up our domains, read new incoming email and impersonate us. I'm not thrilled with depending on third parties, either, but now I wish it was someone else's problem who might outlive us and exercise a small degree of ethical oversight. Maybe there's a business idea here...
That's fair enough, as long as you would trust that business to not misuse your address space for other things. Same level of trust one would put in a regular email provider, I guess.
And yet you literally can't run your own mail server in most situations. ISPs will block you.

What's the solution?

Running your own mail server, having problems due to shared IP is only one of the problems. Some more:

Spam filtering for one. Uptime and updating without downtime. You would absolutely need redundancy (complexity of the solution required starts building up quickly). Keeping tabs on mail server security and the vulnerabilities discovered in your particular software stack. A 15 second down time means an important mail might not reach you. If your mail server crashes due to unknown reason at 4 am, do you really want it to be your problem to fix? And it will of course happen when it least fits your schedule for the day. On most days I could live with my website being offline for a few hours because I've screwed up, but with E-Mail?

The solution?

The more you think it through, own the domain, yes, but use a mature and reliable (and paid for) provider you trust to do the hosting for you. For someone technical enough to securely own a domain and not let it expire that seems like the best solution really, unless maybe you own your own hosting service? :P (but then, technically, I guess it's not your own private mail server either)

> A 15 second down time means an important mail might not reach you

Email servers will retry sending messages and won't expire them unless the retries fail for several days. So even a day of downtime shouldn't result in losing email.

(comment deleted)
This is exactly the reason I'm using Fastmail. I can BYO my own domain.
Fortunatley the process for changing to to another alies is trivial, buy I imagine this would be extramly frustrating for many people.

Many services make it difficult to change login or email (My Steam login is an email I havent used in over 15 years).

Ugh, paypal is bad for this. I have to keep an ancient hotmail account alive, just because it is the email I used to create the account 10+ years ago.

I can login with my more recent email account, so it would be easy to forget the old hotmail account is even tied to it.

Wait a couple of years and I bet Opera lets the domain expire, and someone will pick up a relative treasure trove of email traffic for $10.
My bet is on a domain squatter snapping it up and then reselling it for with hugely inflated asking price.
The problem is that you don’t know for sure where your email has been used.
An underappreciated benefit of using a password manager consistently. It might be a long and unpleasant chore but you can have some confidence that you're updating everything that matters.
I recently wrote a guide about how to stop relying on a domain you don't own for receiving email. I've heard a ton of positive feedback about it. This incident is a really good example as to why your whole email address should always ultimately be under your own control (i.e. at a domain you own).

https://sneak.berlin/20201029/stop-emailing-like-a-rube/

> The operamail.com domain is owned by Opera, not Fastmail. We've handled mail at this domain on Opera's behalf since Fastmail staff bought back the company in 2013. Opera has since advised us that they will no longer allow us to handle mail through this domain.

Why though?

How come Fastmail handles mails on Opera's behalf, and why Opera now prevents Fastmail from doing it? How come they couldn't manage to agree on a way to avoid losing their users' email addresses?

Fastmail was temporarily (see below!) called "Operamail" until they bought themselves out from Opera in 2013.
Fastmail was originally an independent company that was acquired by Opera. Later they became independent again.
The new owner of Opera is a Chinese company. If they want to implement their own email project with the same name, I'm sure they've got a few strong requirements that fastmail wouldn't want to comply with.