I've been using Purelymail as my sole mail provider for over a year now (previously with Fastmail) and it has been my best email experience.
It's a one-man enterprise, which may frighten some people, but I prefer boutique internet companies to the faceless monoliths. (I'd like more of the internet to be made of these small corner bodegas.)
For this reason alone, I can't trust that they meet all the security considerations email providers now have as a consequence of all the services effectively delegating either secondary or primary authentication factors (or reset mechanisms) to email.
> It's a one-man enterprise, which may frighten some people
Email is super critical for most people these days (eg. 2FA). That sounds like a really scary bus-factor [1] risk, especially considering data is encrypted at rest.
I actually get asked about this semi-frequently. Probably nobody could replace me as a _developer_ on Purelymail, but I've been training my brother to handle extended maintenance and to have handover credentials if anything happens to me personally. (This might be in the FAQ?)
> Email is super critical for most people these days (eg. 2FA). That sounds like a really scary bus-factor [1] risk
Not such a big deal if you have your own domain (you should). Update the MX record and point it elsewhere.
I've switched from Gmail to a similar setup a year ago. Honestly, it's been way easier than I expected, in terms of updating everywhere. And I can just point my MX somewhere else should I ever be unhappy with the current provider.
No delivery issues either so far. Seriously, the hardest part about this whole ordeal was getting imapsync to run, to transfer my mails over.
Not using gmail or another big silo is really not that hard, as HN often makes it out to be.
From the FAQ
> Occasionally, obscure email servers will block emails sent through us.
Maybe it's good for personal use or as a throwaway email, but it is not good for main business email. Certainly not a replacement for Gmail or Fastmail kinds. Because you expect the email service to have 24/7 availability and near-perfect email delivery and receiving.
> It's a one-man enterprise
A person can get sick or just wish to take a holiday for a couple of weeks. What happens when service goes down or I need customer support urgently?
> A person can get sick or just wish to take a holiday for a couple of weeks. What happens when service goes down or I need customer support urgently?
I think the expectation of urgency should be put into perspective alongside the $10/year price tag, i.e. if you need someone to get out of bed in the middle of the night $10 is probably not enough incentive.
That said, any issues or questions I've had have been resolved way faster than I experienced with Fastmail.
For me, this would be a major issue for personal emails as well. Even if an undelivered email wouldn't cause a monetary loss it still could have significant consequences, such as upsetting friends or family or missing the signup deadline for your kid's sports team. Personally, I don't mind paying the higher Fastmail prices to not have to worry about this.
Fastmail isn't entirely faceless either :p But we're definitely not still the 3-man show that we were before the Opera years (up until 2010).
Obviously, I think Fastmail is worth the extra for the multi-copy redundancy & backups, new features, contributions we're making to the standards world, and not being dependent on a single person - the past few years in particular we've been focusing on not only being able to survive any server dying, but also being able to survive the unavailability of any single person!
Anyway - glad you're happy. Fastmail will still be here if you ever find that you want to move back.
Oh sorry I did not mean to suggest Fastmail was a faceless megacorp, I was thinking of Google, MS, Apple, etc.
I fondly recall many years ago I had some WebDAV issue and got a reply directly from you saying you'd fixed the issue but you were just heading out to dinner and so you'd push to production when you got back. That convinced a few friends to join too.
After about 10 years, Fastmail felt it was shifting to a more "enterprise" focus, which I can understand, and I just wanted to try something a little more "indie web".
Hah, yeah - fair enough. Glad I could fix your issue. Ahh, Webdav. I know the XML libraries a lot better these days and could make that code a lot tighter, but it's still chugging along just fine, pretty much untouched since :)
As for enterprise focus - not so much enterprise, but we are focusing more on the non-technical user. All the power is still there under the hood and available, but it's not so much in your face if you don't want it to be!
No, that isn't likely. The email storage used is part of our cost, but a relatively small part compared to the support, operations, and development costs. We don't have any other business subsidising the email service, and we're not intestered in a race to provide the cheapest, no-frills product.
Your custom domain pricing is weird. Is it really important to squeeze the extra $20/year out of the first user? It ends up being $50/year for the first user vs $12/year at Zoho. Why not just put custom domains in the basic tier?
DMARC reporting could be a huge value add if you could build something in. That whole industry is a massive ripoff and too expensive for small businesses.
Over 1/3 of our staff are support agents, and support is one of our largest costs, so yes - custom domains do add additional support challenges, and we do need to cover that cost.
Thanks for the suggestion with DMARC reporting. It's not something we're going to work on straight away, but I'll add it into the suggestions for the domain features. Definitely we'd only look at building something pretty basic and low-touch, but maybe that's enough for a lot of small businesses.
Minimal DMARC reports would be useful. The problem that I see for small businesses is the cost keeps them from even trying it, so they can have problems that never get surfaced.
As an example of where I think the current value propositions are bad, DMARCian charges $240/year for the most basic plan that includes 100k compliant messages in a month. Most small businesses won’t do half that in a year. You probably have good stats to grok that.
I get it on the support thing. I pretty much never use support, so I guess that’s why I always feel like everything is too expensive. I’m always stunned to see how many employees at smaller tech companies are support. Sometimes I feel like I’m subsidizing users that are too lazy to learn.
Heh, yep - you are subsidising users that don't know how to do everything - and they are subsidising you by paying for the engineers to build robust and reliable systems with 24/7 operations support, and developers, and standards authors improving the system for the future... along with the support team.
Anyway, I've already filed the DMARC request internally, and linked to this thread.
I'm happy to pay whatever I'm paying for what you're offering. I had create two support tickets so far and both were dealt with very quickly and by an actual human which makes me trust you guys with my data even more.
It's a shame that I don't think I can ever recommend Fastmail, because I had some really old @fastmail.fm accounts that were grandfathered into their free plan [1], but got deleted because I wasn't in the right frame of mind to log in within the 120 days grace period.
How does Migadu compare to purelymail? I’m not using either and it looks like migadu has their own software stack instead of using something like roundcube, etc. And not just a single person behind it.
I stopped using -n X for head/tail in favor of just -X (eg -1 or -10 or whatever). Save a few keystrokes, plus certain unixes (eg Solaris) only work with -X and don’t the support -n switch.
Thank you for making this service available. For entrepreneurs who like to launch new ideas with custom domains, pricing models like the one here is a HUGE savings over pay-per-account (or domain) pricing found at most major email providers. Further, it's not easy making much money charging just $10/year, even if the business gets quite popular... so again, thanks for making it available.
Zoho Mail's free tier doesn't include IMAP (for new accounts since about 3 years ago), so you wouldn't be able to use Thunderbird, FairEmail, K-9 Mail, or other third-party apps. Offline access on the free tier is restricted to Zoho Mail's desktop and mobile apps. Zoho's Mail Lite plan ($1/user/month) does include IMAP access, and you'll need to do some calculations to see whether Purelymail or Zoho Mail is cheaper.
I've tried Zoho mail and the "problem" is that it's so much more than mail. It's a huge suite of online apps, really. That means if you purely need mail, it'll take a bit of time to find the setting you need.
(It's been three years since I tried it, and looking at my notes, I couldn't get Zoho to sync contacts for me, and somehow didn't get calendar notifications.)
Well, I'm no expert and I'm not in any position to say anything negative about Zoho Mail... but the free tier you mention seems to allow for one domain. So it likely won't work if you have, say, 5 active domains you want to receive and send email.
It’s only 1 domain I think and they stripped out things like ActiveSync and IMAP a couple years ago IIRC. I use the $1/user/month plan and it’s decent. I don’t use calendars or contacts, so I’m not sure how that stacks up, but the email stuff is good.
The biggest annoyance is that someone used mx, mx2, mx3 for their MX instead of mx1, mx2, mx3, so the dns record indentation doesn’t line up. Lmao.
I have a custom domain email address on Zoho and suffer constantly from delivery issues. Sometimes my emails go into spam filters, sometimes they go into a black hole. It’s a huge PITA and I am tempted to either move providers (maybe it’s Zoho’s fault) or just stop using my custom domain (maybe it’s not Zoho’s fault).
I'm quite happy with Migadu for own domain use. I have a dozen that are unlikely to receive email but good to be able to receive them nonethelrss - migadu is great for that as you can add as many domains as you want.
Calendar feature is sorely missing though it seems this service also doesn't have it. I guess calendar is a pain to set up/troubleshoot timezone issues, etc
I've also been happy with mxroute.com which has super low cost promos every November (black friday) so I'm on a $15/year plan. Regular pricing starts at $45/year for unlimited domains and mailboxes, 10GB storage.
MXroute is super awesome for device based email. If you have firewalls, copiers, system notifications, backup alerts, etc. it’s a great fit.
The killer features are unlimited mailboxes and per-mailbox quotas. I make a new mailbox for every device and give them a quota that makes sense; 10 messages per day for most. If a device goes haywire, gets compromised, or gets stolen, it’s one mailbox to fix and maxes out at a super low quota, so it’s useless for spamming.
That’s 100x better than the options on Office 365 which absolutely sucks ($$$) for low volume email coming from devices.
You can setup a receive connector on exchange online to trust mail from specified souce IP(s) (ie your onprem mailserver) with no need for additional mailbox licenses... good for alerting/reporting/MFP's etc
On the drawbacks blurb, it mentions potential deliverability issues and says they’re usually resolved in a day or two. Through blog entries by mailchimp, I've read this is an extremely hard problem to solve and like playing whack-a-mole. How true is that? For example, I’ve read that trying to host your own email on digital ocean is pointless, which is understandable because of the amount of spam likely coming out of their subnets. Is this service downplaying the issue?
The webmail is RoundCube with Classic, Larry or Elastic skins.
I have had a handful of deliverability issues, but every one of these has been due to one of those awful "enterprise network solutions" that does everything wrong.
It's worth keeping in mind that MailChimp is primarily a spam delivery service, of course they're going to have issues where they get stuck in spam filters.
I recently switched to Posteo from a few years with ProtonMail. Reading from Purelymail's docs and with price being within $3 annually of one another (Posteo is €12 annually)
Posteo pros: comes with calendar and contacts via WebDAV, not registered in the US (Germany is part of 14 Eyes, but not 5 or 9, and the EU is better about privacy), cash payment option
Purelymail pros: more storage @ $10, custom domain support, security key 2FA (though unclear according to docs if this is WebAuthn/FIDO2 or Yubikey vendor lock-in)
Posteo also runs on FOSS and is being endorsed by the FSF - if that matters. They also do 2FA, via TOTP (which many apps support). They offer a migration tool that downloads email from your other accounts.
Both of these email provider options support TOTP so I omitted it; and TOTP ≠ U2F/WebAuthn with a USB token. I have an OnlyKey, but it’s mostly full of TOTP keys already because applications are not supporting WebAuthn. Posteo does not support this, and last I emailed them, they said they do not release information about future features.
Another alternative to Posteo is Mailbox.org [1]. Personally, I use Soverin [2], but that's mostly cause I get it for free with Freedom Internet plus its hosted in The Netherlands. And I can always leave.
I have a question: if this is hosted on AWS, what (and I'm sure there's something, I just don't know what) is stopping Amazon from accessing my mail and using it for whatever?
And of course it would be even more crazy for them to refuse a request e.g. by the FBI or NSA. I'm sure they respect SLAs as much as OnePlus, Huawei & co don't share data with Chinese government.
Yea, they say as much in the data privacy FAQ. I think my recommendation is that if you're worried about being explicitly targeted by state actors, don't use email. (Not even Protonmail.)
If you're worried about general data hoovering, AWS would probably need to implement very sophisticated introspection into what your machines are doing to break the SSL on SMTPS, and courts might not be sympathetic to that. I expect state actors would find it easier and more convenient to just hoover from big providers like Gmail instead.
> Yea, they say as much in the data privacy FAQ. I think my recommendation is that if you're worried about being explicitly targeted by state actors, don't use email. (Not even Protonmail.)
Protonmail (and Tutanota, which I went with) both offer E2E encrypted email via open-source client apps, so they should be fine even against state actors if you use their encryption. In the case of Tutanota, this has even been tested in court.
Of course, if you use them to send or receive plain ol' unencrypted email, this largely goes out of the window regardless of the provider.
The E2E will help so long as you're sending email to other users of the same service, yeah. For most cases, it's probably not a huge upgrade from stored encrypted; the bulk of damage in email leaks would be from accumulated emails from the past.
The reason I don't recommend using it if you're super paranoid is because it'd be easy to mess up, and it comes with quite significant holes- e.g. subjects aren't E2E in Protonmail. Best to use a protocol designed for E2E from the ground up.
Tutanota went with a different tradeoff so they have E2E encryption of subject lines etc. Downside is that they can't support other clients, which is why I wouldn't have even considered them if the apps hadn't been open source.
They also have a pseudo-workaround for using E2E with external users - if I send a secure message to foo@bar.com, I can encrypt it with a pre-shared password and their mail will get a link to a web "mailbox" where they can enter that password to decrypt the message. Clunky, but I wouldn't know how to do better.
I personally feel that calling Proton Mail or Tutanota end-to-end encrypted is sort of misleading. Sure, they may have the contents of your mailbox encrypted but in transit they can see your email in plain text and so can the recipient's mail server. If you desire E2EE I highly recommend using GPG or Signal.
I don't know about the Protonmail UX, but the Tutanota apps at least make it very clear when sending an email whether you're using E2E or just plain unencrypted mail. (If you leave it on E2E and try to email a non-Tutanota account, it will ask you for a pre-shared password with which to encrypt the message.)
Email is unencrypted by default anyway. Just encrypting your mailbox is not enough, because ultimately you are sending your email to someone else, and their mail server will have access to the email. For conversations where privacy is important, I would setup PGP or use another method of communication like Signal.
They encrypt your email on the disk with your password. So a simple disk image will not get it if your password is reasonably good. AWS would have to be able to hunt for and then find your password in the memory image.
can anyone explain what benefits are to a managed email service over rolling your own on a vps server with stuff like mailinabox? you use your custom domain anyways and it allows s3 or backblaze backups so data retention is not an issue. you use your custom domain so in case something stupid happens to your vps provider, you can just restore and be done with it?
and its not like managing your own vps email server is much of a hassle, every few months you have to update the install script and thats it
because of spam many systems agessively block email delivery from IP addresses which do not known to belong to well established mail providers with millions of users. And it is very tedious to unblock it on case by case basis. This is the reason I've stopped running my personal mail server 10 years ago.
yea, but it have to be done constantly. Somehow you never sure your messages are delivered or if people can reach you. At some point after running my onw mail infrastructure for 15 years I gave up and decided that I would like to oursource this to somebody else, a email provider who have a dedicated team of admins making sure my mail is delivered, so I do not have to worry and spend time on it myself.
If you have new IP and that IP don't have bad history, then your main issue is hotmail and Office365.
There is little bit rate limiting over next 24h period, but if you host yourself and don't send unsolicidated bulk messages, then you don't see those limits.
Some anti-spam services graylist you, that causes usually 5 minute delay for delivery.
90% spam score comes from message, sending server isn't that relevant (if you base configuration is reasonable: PTR is right, server knows it's hostname and don't EHLO himself as localhost and so on).
You can look at SpamAssassin default rulebase[1] for common rules.
People in HN are weirdly afraid running own mail server. Thats not that hard. If you are web developer, who is capable setting up linux+varnish+nginx+php-fpm+redis+mariadb stack, then I would say that functional mail server has less moving pieces.
I think most horror stories are related to trying run own server in bad neighborhood, in some cheap VPS service. Now entire IP block has bad reputation and indeed there is hassle with delivery.
Mail is the only critical thing most people run for themselves, really; and if the proverbial excrement hits the fan, mail is useful in fixing the fallout.
Sure, I would be able to acquire the skills to run a mail server, and I know how to monitor it all, and I know about what the moving parts are. But why go through all that hassle to save 10-40 dollars a year?
There isn't much breaking usually, I really don't remember big issues in my 15+ years self-hosting time. I have changed colocation place several times, some places have been offices with average office internet (without redundant links or BGP peering).
I can see issues, if you over-engineer and try build some microservice farm in some cloud provider, but simple physical server with DC grade disks in RAID and backup (tested and out of server) is pretty reliable.
Of course, when you really don't want to do it, then paying for someone else is reasonable, no issue with that. But its not fair to make mail self-hosting look like something very complicated and dangerous, I would say that modern web service stacks are more complicated and fragile. Lots of guys here are writing own internet facing software, handling customer data. Compared to that, using pre-existing mail server software isn't that hard.
this makes it stupid easy to set up your server. you have to do little config and you are up and running.
I decided to do miab because i had a necessity of "email aliases" in hundreds. none of these low cost email providers allowed that, unless i went with google workspace or 365 if i remember correctly.
rolling my own solved this issue and for the same price plus the "management headache" which i saw as a personal challenge more than a chore. so i am very happy with the results.
gmail has given me headaches in the start but if i send more than a few emails with attachments to gmail, they still flag all emails as spam so that is a recurring problem but not something i cannot live without
its not always about saving a buck. i spend more in hosting +domain than i would if i went with fastmail or zoho or whatever.
what it feels like is going from google to zoho. when you own the server, you own the backup on s3, you know you can just switch servers if need be. your addresses and everything comes with you.
i see this as a hobby if nothing else. maybe others have the same idea
Email is different from a website, in a way that if the website doesn't load, I can fix it, reload, and go on with the day. After fixing my email stack though, I can't exactly make the sender retry their email. If I miss it, then that's on me, it's a ship that sailed, and often I don't even know about this.
Great work, and as somebody who self hosted my own email from 2013 to 2021, I don’t envy you. What broke me down was Google starting to spam my emails that were replies to conversations that I did not start — even with a stellar domain reputation and DKIM, SPF, reverse DNS, greylisting, everything set up right.
I hope you have personal contacts on the Gmail team at Google, much as I’d like for this to be a joke.
My experience has been cyclical, as long as you stick to IPv4 with good SPF and your reverse DNS works it will work 95% of the time. The remaining 5% appears to be completely random however.
It’s possible that my issue was too low a traffic to ‘hold onto’ my score with Gmail, since it was one domain and one email address. With some luck you should be able to have enough traffic to avoid that. Best of luck.
I had this exact same problem. When I finally got hold of someone who worked for Google (via a friend of a friend on a mailing list) and with the ability to check whatever their logs were claiming, I was informed that my domain's reputation was "too recent" or something like that.
My domain is a year older than Google itself and has been in continuous use for e-mail that whole time. The IP addresses it is on haven't changed in a decade. But that didn't matter. DKIM, SPF, DMARC, forward and reverse matching DNS, exactly four users who do not send spam under penalty of being buried under legal solicitations for green cards, and all the rest didn't help. Randomly getting sent to /dev/null for no good reason. And not enough traffic to qualify me to use their Postmaster utilities.
Three years ago I gave up and ported to Fastmail with a tear in my eye for the days when even the smallest net on the Internet could be a full participant.
Same here - I HAD to move over to Fastmail because like GP I'd respond to email enquiries from GMail addresses and then never hear back. After weeks of this, someone finally phoned up to complain about my poor customer service. This despite also having an old and apparently well set-up domain.
I lost a lot of business back then. Thanks, Google.
I have a legacy GSuite account. Google filters email from Facebook and Microsoft sometimes. Hell, I think I might have even seen them filter their own mail once.
It’s a clown show. The opaque filters are just an excuse to engage in anti-competitive behavior IMO.
To be fair Facebook used to send an enormous amount of spam emails, at least to me. Years ago when I used it somewhat regularly they used to constantly shuffle their contact preferences and the effect was that I was constantly opted back in to an insane amount of emails. Eventually I just started marking them as spam until Gmail blocked everything they send. I've seen family Email addresses fairly recently full of Facebook junk too so I assume they still default to sending a lot.
I really enjoyed the whole process of running my own mail setups, configuring Postfix or OpenSMTPd to do clever aliases and transports, setting up CARP failover relays, managing DNS records, experimenting with different SPAM-filtering techniques, SSL, IMAP, mailing lists, the works. It taught me a lot about networking and security and everything a good sysadmin should know.
I find it sad that that‘s pretty much a waste of time now for most use cases.
FTR, directed at those who valiantly continue to self-host mail/SMTP: Greylisting is not sound any more in this day and age, because the largest mail services will rarely, if ever, use the same MTA instance to retry delivery upon a soft bounce.
The good news is that if you have postfix, using postscreen with an informed choice of blocklists is enough to deal with 99%+ of inbound spam. You can strap in rspamd or spamassassin/amavis behind that, but it's mostly not needed.
The inbound-mail-problems are largely solved, but surefire delivery to other parties is a matter of IPaddr/domain reputation, properly implementing relevant standards, and luck.
If you're interested in learning more about (including, but not limited to, self-hosting) email, the #email channel on the libera.chat IRC network is a great resource to ask questions.
> FTR, directed at those who valiantly continue to self-host mail/SMTP: Greylisting is not sound any more in this day and age, because the largest mail services will rarely, if ever, use the same MTA instance to retry delivery upon a soft bounce.
I had this issue with SendGrid years ago: long story short, after discussing with support and eventually an engineer it turns out they weren't just looking at the status codes, but at the status messages. I don't recall the exact patterns they used, but they will retry if the message matches a fixed set patterns, and otherwise it would just discard it.
There was some back-and-forth over this, because our customer just had greylisting with the "wrong" error message. To be fair, they did turn it off for a few hours and took the conversation serious (none of this "we have passed it along", never to be heard from again) but they got back to us they turned it back on again "because the queues got too large". I mean .... okay.... Seems rather curious to break a fundamental aspect of email because "muh queues". Not having to worry about this sort of stuff is exactly why we're using SendGrid in the first place :-/
My experiences with MailGun were also not exactly stellar. At the time at least, these people literally did not understand how encodings worked and would mangle e.g. Greek or Hebrew emails in ISO-8869-7 or -8. Why? Well, turns out that "emails should be in ASCII or UTF-8 and there is no way for us to know which encoding is used". Ehh ... there is literally a header telling you... I sent a nice detailed email explaining this: no reply. Some follow-ups over the course of a few weeks: no reply. A not-so-nice snarky email inquiring whether the entire MailGun team was suffering from a horrible debilitating disease and if there was anything I could do to help: "well, we just didn't know what else to do as there is no way to solve this"...
I'm hardly an "email purist"; I understand there are practical concerns and the RFC isn't a stone tablet from the mountain. But this was just ridiculous. There are a bunch of other cases both SendGrid and MailGun are actually quite bad at.
Dealing with email providers is always a frustrating experience.
> All or part of the IP address of the SMTP client can be optionally ignored by DCC clients as far as the greylist triple is concerned. This feature may be useful for legitimate mail systems that shuffle messages among SMTP clients between retransmissions. See the dccm and dccd man pages.
It doesn't quite sound like it does a job of 100% "same email, same sender, different mx in same domain" -but I suspect it works well enough in practice?
> Usually the DCC greylist system requires that an almost identical copy of the message be retransmitted during the embargo. If weak-body is present, any message with the same triple of sender IP address, sender mail address, and target mail address ends the em-bargo, even if the body of the message differs.
> If weak-IP is present, all mail from an SMTP client at an IP address is accept after any message from the same IP address has been ac-cepted.
I can't recall what I used for greylisting last -possibly greylistd.
Anyway, the smart play these days might be to whitelist/greylist via SPF - I'm not sure if spammers (of the variant caught by greylists) generally have SPF?
I think Gmail really shines at this. It's one of the reason I was thinking of switching to Hey email also, though after reading Hey's reviews I've decided not to. So anyway, would love some comments from users or you about how good you are at separating the wheat from the chaff.
I think SpamAssassin (plus curated greylisting) does a decent job most of the time, although I'm starting to see weird issues with spurious DNSWL tests that pass through pretty spammy mail.
In the long run I'm probably going to replace the Bayesian part of SpamAssassin with something custom, simply because operationally it's painful and I think neural nets are closer to state of the art.
Good job, Scott! This is Stan from SaaSHub. I'll be featuring Purelymail on next week's newsletter of SaaSHub. It's a good moment to verify the listing and improve the details.
In general yes I do contribute to open source, although there's not too much to contribute back to open source _yet_, so the main contribution has just filing Roundcube bugs. (The main mailserver code has diverged too much from Apache James to really be useful.)
Hey cool - glad to see James being used as well. Hopefully the JMAP support that Linagora have worked on will mean that you can bring JMAP eventually too.
I hope you don't find the pain of diverging from the mainline to be too great. We kind of cheated there with Fastmail and Cyrus IMAP by merging all our changes back to the mainline, since there wasn't much other development happening.
Awesome - do keep in touch while you're doing it. We have some documentation up at jmap.io but of course seeing the challenges that people face as they try to implement is always good for improving the documentation for the next round.
(We're also working on JMAP for calendars and for contacts over in the IETF working groups - hoping to publish Calendars by the end of this year)
Good luck with CalDAV - it's pretty hairy! I do recommend joining CalConnect if you have the budget for it - you get access to a lot of experts there. Or at least show up to the calsify mailing list at IETF, we're pretty friendly there too. The edge cases in Calendaring are a right pain.
I'm sorry if I missed it, but do you do catchall email service for custom domains? My current email provider (https://mailbox.org) limits email aliases per price plan, the most basic that I currently use allows for 3 + a free root@ and webmaster@. I'd probably be convinced to go through the hassle and switch providers if your service provides an improvement over this limit.
Thats good to know. Apparently my current provider allows for those as well, but honestly the proposal "just email, nothing else" might be attractive enough to try your service anyways.
You can use x3 domains with catch-all. Just add each one as "@domain.tld" and setup mx/spf/dkim/dmarc as usual. Then the domain will receive with catch-all. However, prepare to be spammed, as many spammers figure that "mail@domain.tld" are always available, so that one will frequently receive spams.
If you need more than three domains, try Migadu(not affiliated, just happy customer), they have no formal limits to their "micro" plan and is cheaper than FastMail. Migadu also allows adding alias domains(something I haven't seen anywhere), basically if you have a mailbox like "merlinscholz@domain.tld" you can attach some more domains as alias, like "@domain2.tld" "@domainx.tld" and those will all receive/send/operate as the same "merlinscholz@domain.tld". Neat feature I haven't found yet on other services.
Same price for 2GB + Custom Domain + 3 sending Aliases + Catchall + Contacts and Calender Sync + Web Client + hosting in Germany for the old Mailbox.org plan is still the better offfering for me privately as I regularily clean up my Mail + like having calender and contacts integrated.
But 10€/ month for unlimited storage and users is definitely a good offer, too.
I just want to thanks for the service, I just need email for my personal stuffs and after hassles with self-hosted solution I gave up. The pricing is on point, I'm relying on the free Protonmail and their asking price is too high to me so I signed up for purelymail.
Sum total of my marketing efforts: One time I mentioned it in HN comments on a post about Fastmail, mostly because I was going to make a comment about owning your own email domain anyway.
I am usually the classic "engineer who neglects marketing" archetype. Maybe at some point I'll overcome that.
Depends on what you mean. Inbound email is checked for authentication (SPF, DKIM, DMARC, etc) as part of the spam filter. For outbound email, we ask you to set up at least one of SPF or DKIM before you can send.
One thing is not very clear: how many custom domains can I have? Can I use 30 domains with 2 users each (random number, but i do need 3 domains).
How is the mailbox on phone? My major problem with email hosting is the lack of a decent mailbox service that's available on. Windows, android, linux that's either. One-time-purchase or open source. A monthly fee is fine if for unlimited users (I have a family)
You can have as many domains/users as you want. (Unless it's like five billion and breaks the service or something.)
Generally phone access is third party through IMAP. On Android I personally use K-9 mail, but you can use anything that supports IMAP anywhere, which is a pretty good number of options for any platform.
What provisions are in place to prevent someone from opening an account, use it to spam and then putting your IP block on a shitlist with large email providers like Gmail?
Rate limits, feedback loops, and we scan outgoing mail through SpamAssassin. In practice we've only had password breaches causing spam, nothing intentional.
I keep everything remote, so that every client gets the whole corpus. For now, that means that indexing is done with notmuch whose command line I use for search... Not as good as a webmail's UI but it puts search results as a maildir so I can open them from any IMAP client as a special folder.
Thunderbird has "local" accounts, you can move emails there and have them removed from your imap server. You can also export emails to .eml files, throw them wherever you like and grep for contents if you like.
I have a local maildir[1] account in Evolution. Each of my (IMAP) mail accounts is set so the "archive" command moves the message to a folder under the maildir account (if you're using Evolution, this can be configured under "Defaults" in the account properties for each IMAP account). Anything worth keeping from any of my IMAP mail accounts is archived to the local maildir, everything else is deleted.
The local maildir account is searchable like any other mailbox (I have about 10,000 messages going back to 2003). Syncthing[2] is configured to sync the maildir directory for backup and sync.
>You cannot have more than $50 in credit at any time.
Just curious, why a $50 limit? I'm the weird kind of guy who likes to pay years in advance. If possible, please consider raising this limit to $100 or even $200.
> To activate a trial account, you will need a reasonably modern browser and a phone number that can receive SMS texts.
It makes no mention of the use of a "hashwall" ... It gives no indication of what the user's browser is going to do ... Just a progress meter with a note saying it will take about 3 minutes.
This feels fishy. Especially if a user doesn't know how to get into the developer console, find out what's running etc.
Just completed my signup. I am going to check if the domain that failed to work with forwardemail.net[1] will work with your service.
If it does, then I'll say goodbye to my $36 and hello to your service.
Update: While setting up, I noticed:
- Ownership record content in `code.codebox` does not fit in the content area and extends entirely too far to the right. I had to inspect and copy out of developer tools.
- In general, UI elements seem not properly aligned, contained.
These are not deal breakers to me. The site might actually benefit from going more old school. Trying to fit everything in a narrow box with large font sizes and padding is hard.
Update: I had already clicked on CloudFlare instructions. It's the friendly stuff that has the problems I mention above. The actual information at the bottom of the page is actually displayed the way I would have expected.
Update: After creating the DNS records, I noticed the checks were still failing. So, I replaced the actual IDN in the textbox with punycode and the DNS checks worked. It would be a better user experience if the punycode conversion step was handled by the UI.
Update: Created a new user on the custom domain. Login box does not accept IDN either but the email composer does show the from address using IDN instead of punycode.
Update: I was able to exchange email with a Gmail user. Did not go to SPAM. But, in my reply, Gmail did give a scary warning about the IDN. To be clear, there is nothing the email provider can do about that :-)
I'll try out a few more custom domains and very, very likely switch. Thank you and good luck.
I clicked for a trial... after a while I entered my phone, received an SMS, and no indication of what to do with the code I received. No place to enter the code in the web page, nothing.
Second attempt, and I got a place to put the code. Then, while I was filling up the registration data, the page refreshed and started all over.
Third attempt finally worked...
Not the best on-boarding experience, but hey it really is cheap!
Hm, no idea what would've gone wrong in your case. It sounds like something kept closing the websocket used to provide page interactivity or something?
For the trial hashwall, the browser just does some heavy computations. I guess I should add a warning there, it's probably does have battery impact if you're using a phone for whatever reason.
I'll make a note on the UI elements. Honestly hadn't thought about the punycode usecase, good catch.
> For the trial hashwall, the browser just does some heavy computations.
Yeah, I figured that out, but someone else might think you are trying mine some *coin or something. I am not sure if I would mind it if you did, but it would be good to tell up front what you are doing. It does seem to be a much better than recaptcha.
The fact that it works is good enough for me. I am going fiddle a little more before I sign up, but it looks like this is fills my needs.
1. I don't know if it's the social media kiss of death at work, but I'm getting lots of SSL errors trying to load your site. It's a crap-shoot whether it works or not right now.
2. Seeing this post, I posted this: https://news.ycombinator.com/item?id=27711124. If you don't already (did I miss it?) it might be worth tossing up a page or an item in your FAQ teaching people about how they can go about migrating their email address to another/your service. I don't know how easy/hard it is (hence my AskHN post), but the perception is that it's nigh impossible to do.
> 1. I don't know if it's the social media kiss of death at work, but I'm getting lots of SSL errors trying to load your site. It's a crap-shoot whether it works or not right now.
Hard to say for sure. None of the servers really went above 15% average CPU and I don't think they maxed out net, and the health checker for HTTPS didn't have any problems. I'll doublecheck.
On the subject of migration, I'll make a note to add a FAQ for that, thanks.
I looked at your About, Security and Privacy pages. I see that you're using AWS, but which region/country/jurisdiction is that located in? Is it safe to presume that since the company is an LLC, the company as well as the AWS country are the U.S.?
This looks great! Sign up for the free trial was pretty slick. I'm not sure how well known Klarna is outside of Europe (I know they launched in the US), but that would be my preferred method of payment. Or.. anything but Paypal (and giving my CC information)
FYI, the credit card checkout option allows for using Apple Pay, so I went that route to obfuscate my CC info (and get cash back, because hey, why not).
this is great, services that actually does what they where supposed to at a low cost instead of ad spamming/tracking/spying on me for additional cash i wish you luck my friend!
I'm not sure price is the parameter to compete on for email services, at least for me. Email is extremely important to most businesses, and if I'm already paying for a domain, and running a business, even the $70 for a Workspace solution is a drop in the bucket. What I need, however, is deliverability, strong privacy and security, good spam filtering, and support when I need it.
I'd encourage you to try doubling or tripling the price so you can afford to hire more people and grow the business :) I suspect the rate of signups will stay the same.
Looks good. Fair pricing. I hope it works out for them.
I started out with self-hosting mail-in-a-box [1]. If you really want to self-host, I can highly recommend it. Would be the cheapest option. At some point I decided to let go of it, because maintenance and configuration can still be a bit cumbersome. There was one thing (DMARC or DNSSEC?) which I never was able to set up properly for some unknown reason, even after long hours tinkering around with it...
So I started to look at other mail hosting offerings with custom domain. One thing I like is that gandi offers free mail hosting for a domain you order through them. [2] That's quite unique for a domain registrar.
Also, be aware that free 3rd-party mail hosting with a custom domain does not exist. I started out with the free plan at migadu, but they switched to a paid plan soon after. [3]
The same happened to postale.io after a while. [4] At least I could keep my free plan there.
Zoho is free [5], but their custom mail application and the countless other services they try to sell you completely put me off.
I'll throw my hat in the ring for postale, they are a good service for both individuals and business. Is $1 a month really going to put you in financial stress? Is your business going to die paying $5 a month?
> Also, be aware that free 3rd-party mail hosting with a custom domain does not exist.
You can set up a custom domain on a free gmail account, it's hidden away but certainly possible.
https://mailbox.org
I pay 1 euro per month. With calendar, contacts, file storage and DAV. With aliases and your own domain. Plus it's a well-known company.
But mailbox.org is also priced per mailbox by default. When I checked with Mailbox.org support a few years ago, there was no way to go beyond 25 aliases on a single mailbox (even when one is willing to pay).
Early editions of Google Apps for Business (aka G Suite aka Google Workspace) included a free version which included support for custom domains and catch-all email. Those accounts got grandfathered (i.e. stayed free) when Google discontinued them. The cheapest plan seems to be $72/year per user.
315 comments
[ 4.4 ms ] story [ 437 ms ] threadIt's a one-man enterprise, which may frighten some people, but I prefer boutique internet companies to the faceless monoliths. (I'd like more of the internet to be made of these small corner bodegas.)
For this reason alone, I can't trust that they meet all the security considerations email providers now have as a consequence of all the services effectively delegating either secondary or primary authentication factors (or reset mechanisms) to email.
Email is super critical for most people these days (eg. 2FA). That sounds like a really scary bus-factor [1] risk, especially considering data is encrypted at rest.
[1]: https://en.wikipedia.org/wiki/Bus_factor
Not such a big deal if you have your own domain (you should). Update the MX record and point it elsewhere.
I've switched from Gmail to a similar setup a year ago. Honestly, it's been way easier than I expected, in terms of updating everywhere. And I can just point my MX somewhere else should I ever be unhappy with the current provider.
No delivery issues either so far. Seriously, the hardest part about this whole ordeal was getting imapsync to run, to transfer my mails over.
Not using gmail or another big silo is really not that hard, as HN often makes it out to be.
Maybe it's good for personal use or as a throwaway email, but it is not good for main business email. Certainly not a replacement for Gmail or Fastmail kinds. Because you expect the email service to have 24/7 availability and near-perfect email delivery and receiving.
> It's a one-man enterprise
A person can get sick or just wish to take a holiday for a couple of weeks. What happens when service goes down or I need customer support urgently?
I think the expectation of urgency should be put into perspective alongside the $10/year price tag, i.e. if you need someone to get out of bed in the middle of the night $10 is probably not enough incentive.
That said, any issues or questions I've had have been resolved way faster than I experienced with Fastmail.
Obviously, I think Fastmail is worth the extra for the multi-copy redundancy & backups, new features, contributions we're making to the standards world, and not being dependent on a single person - the past few years in particular we've been focusing on not only being able to survive any server dying, but also being able to survive the unavailability of any single person!
Anyway - glad you're happy. Fastmail will still be here if you ever find that you want to move back.
I fondly recall many years ago I had some WebDAV issue and got a reply directly from you saying you'd fixed the issue but you were just heading out to dinner and so you'd push to production when you got back. That convinced a few friends to join too.
After about 10 years, Fastmail felt it was shifting to a more "enterprise" focus, which I can understand, and I just wanted to try something a little more "indie web".
As for enterprise focus - not so much enterprise, but we are focusing more on the non-technical user. All the power is still there under the hood and available, but it's not so much in your face if you don't want it to be!
DMARC reporting could be a huge value add if you could build something in. That whole industry is a massive ripoff and too expensive for small businesses.
Thanks for the suggestion with DMARC reporting. It's not something we're going to work on straight away, but I'll add it into the suggestions for the domain features. Definitely we'd only look at building something pretty basic and low-touch, but maybe that's enough for a lot of small businesses.
As an example of where I think the current value propositions are bad, DMARCian charges $240/year for the most basic plan that includes 100k compliant messages in a month. Most small businesses won’t do half that in a year. You probably have good stats to grok that.
I get it on the support thing. I pretty much never use support, so I guess that’s why I always feel like everything is too expensive. I’m always stunned to see how many employees at smaller tech companies are support. Sometimes I feel like I’m subsidizing users that are too lazy to learn.
Anyway, I've already filed the DMARC request internally, and linked to this thread.
a) it's expensive for multiple mailboxes (like even three or four mailboxes) and
b) it's right in the Five Eyes jurisdictions (which I try to avoid as much as I can)
but I do appreciate
a) Fastmail's work on JMAP and can't wait for it to become more widely deployed and
b) frank and straightforward responses (including for example in the threads on the Assistance and Access Bill in Australia)
[1] https://fastmail.blog/historical/changes-to-fastmail-service...
1. https://www.migadu.com
> our infrastructure runs on the highly reliable AWS cloud,
(Also I'm just genuinely mediocre at design, and kind of personally prefer less frills anyway.)
https://purelymail.com/advancedpricing
https://www.zoho.com/mail/zohomail-pricing.html
(It's been three years since I tried it, and looking at my notes, I couldn't get Zoho to sync contacts for me, and somehow didn't get calendar notifications.)
The biggest annoyance is that someone used mx, mx2, mx3 for their MX instead of mx1, mx2, mx3, so the dns record indentation doesn’t line up. Lmao.
Calendar feature is sorely missing though it seems this service also doesn't have it. I guess calendar is a pain to set up/troubleshoot timezone issues, etc
The killer features are unlimited mailboxes and per-mailbox quotas. I make a new mailbox for every device and give them a quota that makes sense; 10 messages per day for most. If a device goes haywire, gets compromised, or gets stolen, it’s one mailbox to fix and maxes out at a super low quota, so it’s useless for spamming.
That’s 100x better than the options on Office 365 which absolutely sucks ($$$) for low volume email coming from devices.
On the drawbacks blurb, it mentions potential deliverability issues and says they’re usually resolved in a day or two. Through blog entries by mailchimp, I've read this is an extremely hard problem to solve and like playing whack-a-mole. How true is that? For example, I’ve read that trying to host your own email on digital ocean is pointless, which is understandable because of the amount of spam likely coming out of their subnets. Is this service downplaying the issue?
I have had a handful of deliverability issues, but every one of these has been due to one of those awful "enterprise network solutions" that does everything wrong.
Posteo pros: comes with calendar and contacts via WebDAV, not registered in the US (Germany is part of 14 Eyes, but not 5 or 9, and the EU is better about privacy), cash payment option
Purelymail pros: more storage @ $10, custom domain support, security key 2FA (though unclear according to docs if this is WebAuthn/FIDO2 or Yubikey vendor lock-in)
Neither: cryptocurrency payment option
[1] https://mailbox.org/en/
[2] https://soverin.net/
https://aws.amazon.com/compliance/data-privacy-faq/
It would be crazy suicidal for their cloud business to break it, and possibly open them up to lawsuit.
If you're worried about general data hoovering, AWS would probably need to implement very sophisticated introspection into what your machines are doing to break the SSL on SMTPS, and courts might not be sympathetic to that. I expect state actors would find it easier and more convenient to just hoover from big providers like Gmail instead.
Protonmail (and Tutanota, which I went with) both offer E2E encrypted email via open-source client apps, so they should be fine even against state actors if you use their encryption. In the case of Tutanota, this has even been tested in court.
Of course, if you use them to send or receive plain ol' unencrypted email, this largely goes out of the window regardless of the provider.
The reason I don't recommend using it if you're super paranoid is because it'd be easy to mess up, and it comes with quite significant holes- e.g. subjects aren't E2E in Protonmail. Best to use a protocol designed for E2E from the ground up.
https://protonmail.com/support/knowledge-base/does-protonmai...
https://tutanota.com/secure-email/
They also have a pseudo-workaround for using E2E with external users - if I send a secure message to foo@bar.com, I can encrypt it with a pre-shared password and their mail will get a link to a web "mailbox" where they can enter that password to decrypt the message. Clunky, but I wouldn't know how to do better.
90% spam score comes from message, sending server isn't that relevant (if you base configuration is reasonable: PTR is right, server knows it's hostname and don't EHLO himself as localhost and so on). You can look at SpamAssassin default rulebase[1] for common rules.
---
[1] - https://spamassassin.apache.org/old/tests_3_3_x.html
Mail is the only critical thing most people run for themselves, really; and if the proverbial excrement hits the fan, mail is useful in fixing the fallout.
Sure, I would be able to acquire the skills to run a mail server, and I know how to monitor it all, and I know about what the moving parts are. But why go through all that hassle to save 10-40 dollars a year?
I can see issues, if you over-engineer and try build some microservice farm in some cloud provider, but simple physical server with DC grade disks in RAID and backup (tested and out of server) is pretty reliable.
Of course, when you really don't want to do it, then paying for someone else is reasonable, no issue with that. But its not fair to make mail self-hosting look like something very complicated and dangerous, I would say that modern web service stacks are more complicated and fragile. Lots of guys here are writing own internet facing software, handling customer data. Compared to that, using pre-existing mail server software isn't that hard.
this makes it stupid easy to set up your server. you have to do little config and you are up and running.
I decided to do miab because i had a necessity of "email aliases" in hundreds. none of these low cost email providers allowed that, unless i went with google workspace or 365 if i remember correctly.
rolling my own solved this issue and for the same price plus the "management headache" which i saw as a personal challenge more than a chore. so i am very happy with the results.
gmail has given me headaches in the start but if i send more than a few emails with attachments to gmail, they still flag all emails as spam so that is a recurring problem but not something i cannot live without
i see this as a hobby if nothing else. maybe others have the same idea
I'm Scott, feel free to ask me anything about the service.
I hope you have personal contacts on the Gmail team at Google, much as I’d like for this to be a joke.
It’s possible that my issue was too low a traffic to ‘hold onto’ my score with Gmail, since it was one domain and one email address. With some luck you should be able to have enough traffic to avoid that. Best of luck.
My domain is a year older than Google itself and has been in continuous use for e-mail that whole time. The IP addresses it is on haven't changed in a decade. But that didn't matter. DKIM, SPF, DMARC, forward and reverse matching DNS, exactly four users who do not send spam under penalty of being buried under legal solicitations for green cards, and all the rest didn't help. Randomly getting sent to /dev/null for no good reason. And not enough traffic to qualify me to use their Postmaster utilities.
Three years ago I gave up and ported to Fastmail with a tear in my eye for the days when even the smallest net on the Internet could be a full participant.
I lost a lot of business back then. Thanks, Google.
It’s a clown show. The opaque filters are just an excuse to engage in anti-competitive behavior IMO.
I find it sad that that‘s pretty much a waste of time now for most use cases.
The good news is that if you have postfix, using postscreen with an informed choice of blocklists is enough to deal with 99%+ of inbound spam. You can strap in rspamd or spamassassin/amavis behind that, but it's mostly not needed.
The inbound-mail-problems are largely solved, but surefire delivery to other parties is a matter of IPaddr/domain reputation, properly implementing relevant standards, and luck.
If you're interested in learning more about (including, but not limited to, self-hosting) email, the #email channel on the libera.chat IRC network is a great resource to ask questions.
I had this issue with SendGrid years ago: long story short, after discussing with support and eventually an engineer it turns out they weren't just looking at the status codes, but at the status messages. I don't recall the exact patterns they used, but they will retry if the message matches a fixed set patterns, and otherwise it would just discard it.
There was some back-and-forth over this, because our customer just had greylisting with the "wrong" error message. To be fair, they did turn it off for a few hours and took the conversation serious (none of this "we have passed it along", never to be heard from again) but they got back to us they turned it back on again "because the queues got too large". I mean .... okay.... Seems rather curious to break a fundamental aspect of email because "muh queues". Not having to worry about this sort of stuff is exactly why we're using SendGrid in the first place :-/
My experiences with MailGun were also not exactly stellar. At the time at least, these people literally did not understand how encodings worked and would mangle e.g. Greek or Hebrew emails in ISO-8869-7 or -8. Why? Well, turns out that "emails should be in ASCII or UTF-8 and there is no way for us to know which encoding is used". Ehh ... there is literally a header telling you... I sent a nice detailed email explaining this: no reply. Some follow-ups over the course of a few weeks: no reply. A not-so-nice snarky email inquiring whether the entire MailGun team was suffering from a horrible debilitating disease and if there was anything I could do to help: "well, we just didn't know what else to do as there is no way to solve this"...
I'm hardly an "email purist"; I understand there are practical concerns and the RFC isn't a stone tablet from the mountain. But this was just ridiculous. There are a bunch of other cases both SendGrid and MailGun are actually quite bad at.
Dealing with email providers is always a frustrating experience.
https://www.dcc-servers.net/dcc/
It appears to support "weak" IP matching:
> All or part of the IP address of the SMTP client can be optionally ignored by DCC clients as far as the greylist triple is concerned. This feature may be useful for legitimate mail systems that shuffle messages among SMTP clients between retransmissions. See the dccm and dccd man pages.
https://www.dcc-servers.net/dcc/greylist.shtml
It doesn't quite sound like it does a job of 100% "same email, same sender, different mx in same domain" -but I suspect it works well enough in practice?
> Usually the DCC greylist system requires that an almost identical copy of the message be retransmitted during the embargo. If weak-body is present, any message with the same triple of sender IP address, sender mail address, and target mail address ends the em-bargo, even if the body of the message differs.
> If weak-IP is present, all mail from an SMTP client at an IP address is accept after any message from the same IP address has been ac-cepted.
https://www.dcc-servers.net/dcc/dcc-tree/dccd.html#OPTION-G
I can't recall what I used for greylisting last -possibly greylistd.
Anyway, the smart play these days might be to whitelist/greylist via SPF - I'm not sure if spammers (of the variant caught by greylists) generally have SPF?
See: https://poolp.org/posts/2019-12-01/spf-aware-greylisting-and...
https://github.com/poolpOrg/filter-greylist
Ed: although if service providers like mailgun simply ignore rfc and only "sometimes" retries... wwell that's a problem.
Same idea as: https://en.wikipedia.org/wiki/Hashcash
Similar idea to cryptocurrencies.
2. Do you support IPv6?
boss@example.com is cooler for some than john.n.johnson.2@example.com, and they will pay.
2. Not at the moment- IPV6 support is a little dicier for mailservers because the scarcer IPV4 address is often used as a antispam signal.
Sadly the lack of IPv6 is a deal breaker for me.
Purelymail also has some domains you can use like I can get "koselig@purelymail.com" and then I'm charged in the 7 letters tier for it.
At least that's how it's been for me as a happy user of PM for the past year and a half.
I think Gmail really shines at this. It's one of the reason I was thinking of switching to Hey email also, though after reading Hey's reviews I've decided not to. So anyway, would love some comments from users or you about how good you are at separating the wheat from the chaff.
In the long run I'm probably going to replace the Bayesian part of SpamAssassin with something custom, simply because operationally it's painful and I think neural nets are closer to state of the art.
Supporting ManageSieve is a nice touch. Most sieve services only allow managing sieve through a web UI.
I use Fastmail and like that they contribute to open source mail servers, and do standards work (JMAP).
Does PurelyMail contribute to open source?
Some of the libraries I wrote are open sourced and on my Github account, e.g. the web framework: https://github.com/ScottPeterJohnson/shade
I hope you don't find the pain of diverging from the mainline to be too great. We kind of cheated there with Fastmail and Cyrus IMAP by merging all our changes back to the mainline, since there wasn't much other development happening.
(We're also working on JMAP for calendars and for contacts over in the IETF working groups - hoping to publish Calendars by the end of this year)
You can still use Purelymail for mail, and have your mail client provide a cohesive mail/contacts/calendar UI.
(I use a paper diary, YMMV.)
If you need more than three domains, try Migadu(not affiliated, just happy customer), they have no formal limits to their "micro" plan and is cheaper than FastMail. Migadu also allows adding alias domains(something I haven't seen anywhere), basically if you have a mailbox like "merlinscholz@domain.tld" you can attach some more domains as alias, like "@domain2.tld" "@domainx.tld" and those will all receive/send/operate as the same "merlinscholz@domain.tld". Neat feature I haven't found yet on other services.
12€/yr for 1GB + custom domain + 5 aliases (plus catchall).
But 10€/ month for unlimited storage and users is definitely a good offer, too.
Obviously you reached the right audience and they liked what they saw to post it here and generate so much interest. Consider me another subscriber!
I am usually the classic "engineer who neglects marketing" archetype. Maybe at some point I'll overcome that.
How is the mailbox on phone? My major problem with email hosting is the lack of a decent mailbox service that's available on. Windows, android, linux that's either. One-time-purchase or open source. A monthly fee is fine if for unlimited users (I have a family)
Generally phone access is third party through IMAP. On Android I personally use K-9 mail, but you can use anything that supports IMAP anywhere, which is a pretty good number of options for any platform.
I wish K-9 had snooze-email, it's the one feature (non-standard) I use a lot
Great job.
Sure, i use IMAP and have local copy and backup. But Murphy's law, my Laptop die at the same time and my backups were stolen.
Also, I generally don't stop the service for maintenance, unless I need to upgrade the database engine.
3 Gb is plenty for a few months of "live" email but after that what should we do to keep those emails -- and still have them searchable if need be?
The local maildir account is searchable like any other mailbox (I have about 10,000 messages going back to 2003). Syncthing[2] is configured to sync the maildir directory for backup and sync.
[1]https://en.wikipedia.org/wiki/Maildir
[2]https://syncthing.net/
>You cannot have more than $50 in credit at any time.
Just curious, why a $50 limit? I'm the weird kind of guy who likes to pay years in advance. If possible, please consider raising this limit to $100 or even $200.
> To activate a trial account, you will need a reasonably modern browser and a phone number that can receive SMS texts.
It makes no mention of the use of a "hashwall" ... It gives no indication of what the user's browser is going to do ... Just a progress meter with a note saying it will take about 3 minutes.
This feels fishy. Especially if a user doesn't know how to get into the developer console, find out what's running etc.
Just completed my signup. I am going to check if the domain that failed to work with forwardemail.net[1] will work with your service.
If it does, then I'll say goodbye to my $36 and hello to your service.
Update: While setting up, I noticed:
- Ownership record content in `code.codebox` does not fit in the content area and extends entirely too far to the right. I had to inspect and copy out of developer tools.
- In general, UI elements seem not properly aligned, contained.
These are not deal breakers to me. The site might actually benefit from going more old school. Trying to fit everything in a narrow box with large font sizes and padding is hard.
Update: I had already clicked on CloudFlare instructions. It's the friendly stuff that has the problems I mention above. The actual information at the bottom of the page is actually displayed the way I would have expected.
Update: After creating the DNS records, I noticed the checks were still failing. So, I replaced the actual IDN in the textbox with punycode and the DNS checks worked. It would be a better user experience if the punycode conversion step was handled by the UI.
Update: Created a new user on the custom domain. Login box does not accept IDN either but the email composer does show the from address using IDN instead of punycode.
Update: I was able to exchange email with a Gmail user. Did not go to SPAM. But, in my reply, Gmail did give a scary warning about the IDN. To be clear, there is nothing the email provider can do about that :-)
I'll try out a few more custom domains and very, very likely switch. Thank you and good luck.
[1]: https://news.ycombinator.com/item?id=27523038
Second attempt, and I got a place to put the code. Then, while I was filling up the registration data, the page refreshed and started all over.
Third attempt finally worked...
Not the best on-boarding experience, but hey it really is cheap!
I'll make a note on the UI elements. Honestly hadn't thought about the punycode usecase, good catch.
Yeah, I figured that out, but someone else might think you are trying mine some *coin or something. I am not sure if I would mind it if you did, but it would be good to tell up front what you are doing. It does seem to be a much better than recaptcha.
The fact that it works is good enough for me. I am going fiddle a little more before I sign up, but it looks like this is fills my needs.
1. I don't know if it's the social media kiss of death at work, but I'm getting lots of SSL errors trying to load your site. It's a crap-shoot whether it works or not right now.
2. Seeing this post, I posted this: https://news.ycombinator.com/item?id=27711124. If you don't already (did I miss it?) it might be worth tossing up a page or an item in your FAQ teaching people about how they can go about migrating their email address to another/your service. I don't know how easy/hard it is (hence my AskHN post), but the perception is that it's nigh impossible to do.
Hard to say for sure. None of the servers really went above 15% average CPU and I don't think they maxed out net, and the health checker for HTTPS didn't have any problems. I'll doublecheck.
On the subject of migration, I'll make a note to add a FAQ for that, thanks.
I'd encourage you to try doubling or tripling the price so you can afford to hire more people and grow the business :) I suspect the rate of signups will stay the same.
I appreciate the dig at psuedo-righteous slogan-eering like "Don't be evil.", "Bring the worked closer together". Just fucking email.
I started out with self-hosting mail-in-a-box [1]. If you really want to self-host, I can highly recommend it. Would be the cheapest option. At some point I decided to let go of it, because maintenance and configuration can still be a bit cumbersome. There was one thing (DMARC or DNSSEC?) which I never was able to set up properly for some unknown reason, even after long hours tinkering around with it...
So I started to look at other mail hosting offerings with custom domain. One thing I like is that gandi offers free mail hosting for a domain you order through them. [2] That's quite unique for a domain registrar.
Also, be aware that free 3rd-party mail hosting with a custom domain does not exist. I started out with the free plan at migadu, but they switched to a paid plan soon after. [3]
The same happened to postale.io after a while. [4] At least I could keep my free plan there.
Zoho is free [5], but their custom mail application and the countless other services they try to sell you completely put me off.
[1] https://mailinabox.email/
[2] https://www.gandi.net/en/domain/email
[3] https://www.migadu.com/pricing/#what-happened-to-the-free-pl...
[4] https://postale.io/faq#What%20happened%20to%20the%20free%20p...?
[5] https://www.zoho.com/mail/
> Also, be aware that free 3rd-party mail hosting with a custom domain does not exist.
You can set up a custom domain on a free gmail account, it's hidden away but certainly possible.
I believe two of them still exist in Russia.
* Yandex even has a page in English: https://360.yandex.com/business/tariff
* Mail.Ru has a page only in Russian: https://biz.mail.ru/mail/#tariffs
https://workspace.google.com/pricing.html