Thank you, we've put a ton of work into this. Not only are your mailboxes encrypted with SQLite using ChaCha20-Poly1305 [1], but you can also now add an OpenPGP key [2] (for double encryption).
We support SMTP, POP3, IMAP, API, webhooks, regular expressions, and more.
Sorry; I was being unnecessarily ironic because there really is no "quantum safe" things yet. Otherwise nice work; always nice to see more competition in this space!
We are the *only* email service provider that is 100% open-source. Proton Mail [1], Skiff [2], and Tuta [3] all have closed-source back-ends, despite advertising as closed-source.
RE: Quantum Safe:
ChaCha20-Poly1305 is generally considered to be quantum safe [4] [5].
I am not an expert in this space but, as far as I can tell, these are all work-in-progress, as is quantum computing itself. There are several research groups and committees involved, including at, say, IETF and the like.
We are happy to answer questions here, via email support@forwardemail.net, or using our Matrix chat channel #forwardemail:matrix.org [1]. Additional Q&A is available on Reddit [2].
The service is something I'd like to try but it's always left a bad taste in my mouth seeing how the free service will expose my email in dns records.
I'm a firm believer privacy and security should be a default and not a pay to unlock feature. With that in mind I never gave this service a chance and instead tried to use other competitors for email aliasing. [1]
It seems that unless there's an active IMAP connection, emails are written in plaintext to a temporary location and are only added to the encrypted mailbox once a new IMAP connection starts. This is because you use symmetric encryption and need the user's password.
Have you considered incorporating public key encryption in your architecture and if so, why did you choose not to?
Hi there @vinniepukh - we already support this! If you upload your public key, then all messages stored to temporary storage will be encrypted. We have a guide at https://forwardemail.net/en/faq#do-you-support-openpgpmime-e... (note the "Optional Add-on" section).
> We rate limit users and domains to 300 outbound SMTP messages per 1 day.
People who are using DeltaChat groups should think twice here: Every time you reply to the group it will “cost you” as many outgoing emails as there are people in the group, and every time you read a group message it will also cost you as many outgoing emails as there are group members because “read receipts” are sent as plain emails.
A couple of years ago I had to switch email provider exactly because of this. While 300 outgoing emails may sound like a lot, it isn't if you're using DeltaChat groups.
Hi there @kseistrup - we can easily increase limitations on a per user basis (just email us if you run into limitations) at support@forwardemail.net. This is mainly a deterrent for spammers, much like our KYC process for our outbound SMTP verification post DKIM/DMARC/Return-Path automated verification process.
I've been using this service for a few years now. No complaints. All my emails seem to come through. Wildcard forwarding for my whole domain is lovely. It confuses the heck out of humans though when you use theirservice@yourdomain.com. Some poor Indonesian lady thought I worked for Mariott
18 comments
[ 4.5 ms ] story [ 51.7 ms ] threadWe support SMTP, POP3, IMAP, API, webhooks, regular expressions, and more.
[1]: https://forwardemail.net/blog/docs/best-quantum-safe-encrypt...
[2]: https://forwardemail.net/faq#do-you-support-openpgpmime-end-...
Sorry; I was being unnecessarily ironic because there really is no "quantum safe" things yet. Otherwise nice work; always nice to see more competition in this space!
We are the *only* email service provider that is 100% open-source. Proton Mail [1], Skiff [2], and Tuta [3] all have closed-source back-ends, despite advertising as closed-source.
RE: Quantum Safe:
ChaCha20-Poly1305 is generally considered to be quantum safe [4] [5].
[1]: https://www.reddit.com/r/ProtonMail/comments/b847n7/comment/...
[2]: https://www.reddit.com/r/Skiff/comments/10yn8a5/comment/j811...
[3]: https://www.reddit.com/r/tutanota/comments/10hghin/comment/j...
[4]: https://crypto.stackexchange.com/questions/79518/is-xchacha2...
[5]: https://old.reddit.com/r/crypto/comments/suk2k7/is_chacha20p...
What about, e.g., OpenSSH's post-quantum key exchange sntrup761x25519-sha512@openssh.com?
I am not an expert in this space but, as far as I can tell, these are all work-in-progress, as is quantum computing itself. There are several research groups and committees involved, including at, say, IETF and the like.
[1]: https://matrix.to/#/#forwardemail:matrix.org
[2]: https://www.reddit.com/r/privacy/comments/18sheem/forward_em...
SMTP, POP3, IMAP, and more were released in 2023. Calendar and contacts early 2024.
For a comparison of Forward Email to other services, see our email service comparison https://forwardemail.net/blog/docs/best-quantum-safe-encrypt...
How?
Or maybe I'm just jaded to centralized platforms
Still a cool idea though
I'm a firm believer privacy and security should be a default and not a pay to unlock feature. With that in mind I never gave this service a chance and instead tried to use other competitors for email aliasing. [1]
[1]. (Simplelogin.io/ / Addy.io)
Question regarding encryption:
It seems that unless there's an active IMAP connection, emails are written in plaintext to a temporary location and are only added to the encrypted mailbox once a new IMAP connection starts. This is because you use symmetric encryption and need the user's password.
Have you considered incorporating public key encryption in your architecture and if so, why did you choose not to?
> We rate limit users and domains to 300 outbound SMTP messages per 1 day.
People who are using DeltaChat groups should think twice here: Every time you reply to the group it will “cost you” as many outgoing emails as there are people in the group, and every time you read a group message it will also cost you as many outgoing emails as there are group members because “read receipts” are sent as plain emails.
A couple of years ago I had to switch email provider exactly because of this. While 300 outgoing emails may sound like a lot, it isn't if you're using DeltaChat groups.