I need to change ISPs and need to find a new email provider. This time I want to move to my own domain which I purchased through Namecheap and I do not want to use another ISP’s email system nor do I want to use Google, or Microsoft since I am Linux (and Android too) based. I would like this to be US based or at least have a strong US presence so obvious choices like Proton Mail, Mailfence, and Mailbox.org are out. I would prefer it interoperate well with FOSS software too, I use Thunderbird and K-9 Mail for example. Also so want them to be trustworthy, have good security, and have good OpSec with respect to their their servers and service.

After looking I find three I am considering and they are quite different:

  • Fastmail. Long history. No PGP support but they do have their own domains one can use also.
  • Namecheap Private Email. Uses Ox App Suite, may support PGP, and quite new. I think you have to have your own domain (not sure).
  • Forward Email (forwardemail.net). A forwarder with IMAP support. You supply the webmail if you want webmail, but otherwise it should work fine with IMAP and normal clients.

So questions:

  • Any thoughts and experience, pros and cons with the above 3.
  • Other better ideas.

So thoughts? Thanks.

  • flatbield@beehaw.orgOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Yes… email filtering is a huge problem. Do you know if the issue was with your domain or whether it happens with Fastmail’s standard domains also?

    Regarding Tuta… not IMAP/SMTP and not US, so no for me. Otherwise I agree.

    • Truck_kun@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I didn’t know about the tuta IMAP thing. Makes sense, unless they open it up for development from third party providers, but that is unlikely to ever happen. I can definitely see that as being a deal-breaker, and why I’ll probably stick with fastmail

      • flatbield@beehaw.orgOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Thing about IMAP and other open protocols is that it probably lowers security and it certainly increases attack surface. So there are downsides. On the other hand ultimate security is not my biggest need. More interested in compatibility. I like the Proton, Mailfence, and Mailbox.org direction to be compatible and also support PGP with WKD so they can interoperate.

    • Truck_kun@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      I only learned about quarantine the other day. Specifically I think it was me sending short messages that make sense when emailing yourself, like a photo with no body text, or just “test”.

      Going through there, found my Gmail, my personal domain, and my @fastmail domain all going there until I approved one of them.

      I had my personal domain on a lifetime mxroute account before this, but wasn’t using it. Made the move to fastmail to seriously move away from Google. I have my purchase ebooks backed up there, and they could close my account someday because of it, even if it’s a personal backup of purchased items and not sharing with others.

      Also making a wasabi account and using rclone to sync my library, so can move away on that front too. though Wasabi has a perfectly usable web interface. i have my reasons for choosing them over backblaze.

      • flatbield@beehaw.orgOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        You mentioned mxroute. Someone else mentioned. Do you have any thoughts about them. You mentioned your moving to Fastmail instead.

        • Truck_kun@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          I specifically found their lifetime plan reasonable to park a more professional sounding email address long-term to attach to resumes and the like, but not enough storage on that plan as my primary email.

          I honestly don’t have much experience with it, I just set it up to have to use with my domains, without having to pay a monthly fee.

          Unfortunately, I have no input on their other plans

    • scsi@lemm.ee
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      Two tips having worked in the corporate world (strict controls):

      • Create a basic non-spam web page for it that has something that doesn’t look like SEO garbage or whatever. Nothing more than “hey this is a personal domain of the flatbield family” is fine, maybe a link to something (links enhance rep - put a picture of your dog up or link to a wikipedia article or something) and let it rest for at least 30 days. The 3rd party filtering services used by corporate players severely limit, block or distrust a domain newer than 30 days (or longer, depending). Set up a SSL cert on it for another +1 to it’s rep value, HTTPS is looked at by these services and ensure the CA record is in your DNS for that SSL issuer.

      • Ensure you use the Providers’ setup for DKIM, SPF and so forth (many like Fastmail have a DNS-check wizard to get you all set up) as many modern providers will instantly downvote you if anything is missing or wrong with these controls (I’ve heard GMail and O365 particularly). In 2024 these are a must-have, not a nice-to-have, for getting your email received by anyone and everyone.

      If you chose a domain at a TLD which has/had been used by the bad buys (dot-xyz, info, zip, etc.) you may wish to reconsider - there are TLDs which are wholescale blocked or downvoted in rep based on this (by the same services used above). Ensure someone working at a bank (strict egress controls for their employees) can visit your domain as a good litmus test as to it’s validity for use in email reputation.

      A company such as Fastmail spends a lot of time ensuring their IP address space for sending and receiving mail is clean - getting spammers off their service, getting IP rep cleaned off blacklists and so forth. So your task is to focus on the same thing for your domain - if someone had previously owned the name they could have gotten it on blacklists long ago, a handy way to check old history is looking it up at web.archive.org for captured snapshots (and I’ve walked away from domain names because of this once I discovered previous content I didn’t like).

      • flatbield@beehaw.orgOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Thanks. Great ideas. Had not considered the web issue. I actually have a VPS for other things at Linode. I could just add my new “.net” domain to that and setup something. Let rest is fine. We are transitioning over the next 6 months and hope to not change for a long time after that. So we have time to get this correct.

        I also have mail setup in my VPS for other reasons so I do understand mail basics. Including SPF etc. Never really had any delivery issues but I do not use it generally. I think my old domain which I have had for 5 years has a fine reputation. Good point about the one I just purchased. Just do not want to move my general mail there or commit to setting it up and worse maintaining the multiple VPS systems needed to really do mail correctly. That is, I would want to have at least two incoming SMTP servers in two different data centers then maybe separate IMAP server too that they route to. Then there is the webmail client and locking it all down. Cost and worse yet effort and time mount up and it’s not a one time deal. Not something my wife could do and not me 20 years from now.

        • scsi@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          To your multiple IMAP concept, I have been using isync / mbsync (name change, package isync in Debian) for years running via cron script to pull email from one domain at one provider and push it to a subfolder of another domain at another provider. You have to be aware of one specific gotcha but it’s otherwise been working all by itself forever without issues. Take note of the PipeLineDepth 1 for IMAP service providers which throttle your speed, I have to use it on the destination side provider config.

          • flatbield@beehaw.orgOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Thanks. Interesting.

            Just FYI, I was talking multiple SMTP servers not IMAP servers. If I did it, I would have 2 public facing SMTP servers which would then route to an internal SMTP server probably with a single IMAP server. The routing would probably be over a private link not a public one and the final server would present only IMAP publically. Really reduces attack surface.