18 comments

[ 4.5 ms ] story [ 51.7 ms ] thread
Nice pitch with the quantum!
Thank you, we've put a ton of work into this. Not only are your mailboxes encrypted with SQLite using ChaCha20-Poly1305 [1], but you can also now add an OpenPGP key [2] (for double encryption).

We support SMTP, POP3, IMAP, API, webhooks, regular expressions, and more.

[1]: https://forwardemail.net/blog/docs/best-quantum-safe-encrypt...

[2]: https://forwardemail.net/faq#do-you-support-openpgpmime-end-...

> Thank you, we've put a ton of work into this.

Sorry; I was being unnecessarily ironic because there really is no "quantum safe" things yet. Otherwise nice work; always nice to see more competition in this space!

RE: Competition:

We are the *only* email service provider that is 100% open-source. Proton Mail [1], Skiff [2], and Tuta [3] all have closed-source back-ends, despite advertising as closed-source.

RE: Quantum Safe:

ChaCha20-Poly1305 is generally considered to be quantum safe [4] [5].

[1]: https://www.reddit.com/r/ProtonMail/comments/b847n7/comment/...

[2]: https://www.reddit.com/r/Skiff/comments/10yn8a5/comment/j811...

[3]: https://www.reddit.com/r/tutanota/comments/10hghin/comment/j...

[4]: https://crypto.stackexchange.com/questions/79518/is-xchacha2...

[5]: https://old.reddit.com/r/crypto/comments/suk2k7/is_chacha20p...

Umm do you have any better sources for the crypto claims than Stack Exchange and Reddit? That's not really putting my mind at ease.
> there really is no "quantum safe" things yet

What about, e.g., OpenSSH's post-quantum key exchange sntrup761x25519-sha512@openssh.com?

> sntrup761x25519-sha512@openssh.com?

I am not an expert in this space but, as far as I can tell, these are all work-in-progress, as is quantum computing itself. There are several research groups and committees involved, including at, say, IETF and the like.

> Will you ever increase prices? > No. Prices will never increase. Unlike other companies, we will never shutdown our service either.

How?

If every other closed source SaaS platform who has made a similar claim is anything to go by: it will work until an an executive decides against it

Or maybe I'm just jaded to centralized platforms

Still a cool idea though

I dislike that this entire website seems heavily geared toward low-quality SEO blog spam. Just hover over any link on this page and read the tooltip.
The service is something I'd like to try but it's always left a bad taste in my mouth seeing how the free service will expose my email in dns records.

I'm a firm believer privacy and security should be a default and not a pay to unlock feature. With that in mind I never gave this service a chance and instead tried to use other competitors for email aliasing. [1]

[1]. (Simplelogin.io/ / Addy.io)

Cool product!

Question regarding encryption:

It seems that unless there's an active IMAP connection, emails are written in plaintext to a temporary location and are only added to the encrypted mailbox once a new IMAP connection starts. This is because you use symmetric encryption and need the user's password.

Have you considered incorporating public key encryption in your architecture and if so, why did you choose not to?

The Enhanced plan reads:

> We rate limit users and domains to 300 outbound SMTP messages per 1 day.

People who are using DeltaChat groups should think twice here: Every time you reply to the group it will “cost you” as many outgoing emails as there are people in the group, and every time you read a group message it will also cost you as many outgoing emails as there are group members because “read receipts” are sent as plain emails.

A couple of years ago I had to switch email provider exactly because of this. While 300 outgoing emails may sound like a lot, it isn't if you're using DeltaChat groups.

Hi there @kseistrup - we can easily increase limitations on a per user basis (just email us if you run into limitations) at support@forwardemail.net. This is mainly a deterrent for spammers, much like our KYC process for our outbound SMTP verification post DKIM/DMARC/Return-Path automated verification process.
I've been using this service for a few years now. No complaints. All my emails seem to come through. Wildcard forwarding for my whole domain is lovely. It confuses the heck out of humans though when you use theirservice@yourdomain.com. Some poor Indonesian lady thought I worked for Mariott