Leaving Gmail for Mailbox.org
(giuliomagnifico.blog)244 points by giuliomagnifico 14 hours ago
244 points by giuliomagnifico 14 hours ago
>Proton
Using proton as well, but if you're stuck on the free tier you can't use any 3rd party email clients.
>YouTube
Using Google takeout for Youtube will give you a .csv of your subscriptions and playlists (just be sure to un-check getting a download of your videos). From there you can get the rss feeds and use RSSguard as a subscription viewer/media player, this site was a big help in figuring things out https://charlesthomas.dev/blog/converting-my-youtube-subscri....
(From that link, about adding new subscriptions)
>The only real trick is that most YouTube channels use a vanity URL and it’s more complicated to get the channel ID in those instances.
Go to the channel's videos page ( https://youtube.com/.../videos ) -> right-click -> View page source -> search for "rssUrl" . It'll look like https://www.youtube.com/feeds/videos.xml?channel_id=UC...
Bonus: Replace the "?channel_id=UC..." with "?playlist_id=UULF..." to get a feed without shorts and livestreams.
You should set up a local machine for Immich. I’ve got it running locally, with the photos on spinning rust and thumbs and db on NVME. It’s mind blowing how fast it is. Scroll to three years ago, lift the mouse button, and every thumb loads in a quarter second. Data intensive stuff is when you notice that the server is in the next room. It’ll pay for itself in a couple years. Treat yourself. :)
I like mapy.com as a Google Maps replacement. It's essentially a very good OSM renderer, with a great website and app, including offline access, routing, and real-time traffic. Also very good bike/hike routing, if that's your jam.
But there's no substitute for GMap's POI database.
I second mapy. I've replaced Google maps with this one ~5 years ago and never looked back. You can download specific maps for a country and within that specific federal states to reduce space consumed. I use it mostly for biking and hiking - you can plan tours with scaling duration/kilometers which is nice for a region you are unfamiliar with. Like parent wrote, offline access, routing, RT traffic. Can recommend.
> supports Graphene but there are too many trade-offs there
What are the tradeoffs? I have been following GrapheneOS for a while, and it doesn't seem like there are many tradeoffs.
> OpenStreetMap is still really hard to use and gives bad directions.
OpenStreetMap is a database, and most commercial services that are not Google use it. E.g. Uber or Lyft.
You just need to find an app that you like. CoMaps is nice, OSMAnd has a lot of feature but the UX is harder. And of course you can contribute to OSM and make it even better than it is! You'll see it's a great community!
My understanding from looking into this two years ago is that it's hit or miss for banks (depending on if they opt into device attestation stuff), no for NFC / Google Wallet, and yes for Uber / Lyft.
Apparently the common workaround for the Google Wallet stuff is to pair a GrapheneOS phone with a stock Android smartwatch.
Edit: Here's some additional information on banking apps: https://privsec.dev/posts/android/banking-applications-compa...
Apparently the common recommendation these days is to use Curve Pay as a virtual card provider on GrapheneOS, which can then route to arbitrary underlying cards. And evidently Google Wallet does work for things that aren't payment cards (airline tickets, transit passes, etc.) on GrapheneOS.
My friend uses a pretty hardened (as per him; I didn't indulge him when he wanted to give me the gory details) Graphene setup on his few years old Pixel.
Bank apps - as per him none work. Uber (no Lyft here; other taxi apps) work flawless. Payment apps, he said is a coin toss. On his phone even WhatsApp doesn't work. He anyway prefers Signal (which prob. nobody else uses in his circle except maybe me who has it installed on a secondary phone) or plain SMS. Basically most of the "normal" apps that add integrity checks don't work but he is fine with that.
Yes, these would be my concerns as well. In the past, I would install custom ROMs. Then I stopped doing that and would only root my device. But of late, way, way too many apps refuse to work if rooted (apps that used to be fine with it before).
Now I just accept life as it is.
This is a question that I rarely see answered but would love to know as well.
Someone showed me OSMAnd recently while we were hiking. I installed it as soon as I got home. Great for hiking.
Then last week I used it for navigation (on a phone with no SIM card).
Absolutely. Terrible.
Worst navigation app I've seen. Told me to make a turn at an intersection that did not allow turns. Then at another intersection, it told me to "Turn left", but the display clearly showed it going straight. I'm guessing that the straight road probably is angled 1 degree or something at the intersection and the app was viewing that as a turn.
For an open source Android app for OpenStreetMap data, I like Organic Maps, and it normally works great with locally-cached maps. I've had better luck with it than with Google Maps or Apple Maps on phones.
(Though, I should mention that twice in the last year I've had Organic Maps become hopelessly confused about where I was, and where I should go. Both times, it had gotten a good GPS location, but then got confused while being out for an extended period of time, like maybe it was dead-reckoning only after that initial lock.)
I found myself in a similar situation and also started de-googling, which is much nicer and liberating than I was fearing.
I did the exact same thing with Immich (what a great software, by the way!).
And in case it helps:
Instead of always relying on google maps, I now mostly use CoMaps (https://www.comaps.app/). Way better than using directly OpenStreetMap. And for my Pixel 7, I switched to LineageOS with gapps (https://lineageos.org/) and I'm not missing anything and am very happy with it.
Also, I'm trying now Nextcloud (https://nextcloud.com/), with a setup similar to Immich, and now I do believe there is life beyond google, and it's a better life.
Why did you switch to LineageOS and not Graphene with your pixel 7?
Does Immich read real file names of photos from iOS Photos metadata? I don't even know whether Apple preserves it and exposes to other apps?
I used Ente and I learned all the files I had "added/uploaded" to iCloud photos had lost their real names (that I had painstakingly given them over the years/decades) when ente exported to those photos back on my laptop via their desktop app and were these long random uuid strings kinda names. That was my yikes moment and I was glad I had still kept my photos outside of iCloud and Ente. And it is not even Ente's fault. Apple does this skullbuggery.
Are there PAYG hosted instanes of Immich?
> OpenStreetMap is still really hard to use and gives bad directions.
https://www.magicearth.com/ works well for car navigation with OSM data, and https://cycle.travel/ is the best way to navigate on a bike, also with OSM data.
In which country do you live, if I might ask?
I am very interested in moving my photos and data to a self-hosted solution but am a little anxious about backups.
Do you simply trust hetzner to not lose the data on your 1TB storage box?
(I am aware that I am currently trusting google and dropbox to do just that.)
It is still viable to self-host everything from photos to mail yourself and sync to cloud/storage services as disaster recovery. It helps if you have an infrastructure background but anyone can set this up. Never trust just one service; no company is too big to fail and durability is always best effort, even if that effort is very good. Mail is the most annoying service to self-host, not because it's technically difficult but because deliverability is a long-term reputation function that easily deteriorates from misconfiguration or neglect. Nevertheless I've been my own MX and storage provider since the early '90s and it's too late to change my ways now, you just have to keep up with the gold standard as it varies.
The biggest hazard, especially if the whole family uses your stuff, is key-person risk, since infrastructure requires maintenance. The second biggest is being out of your depth in securing it.
My only regret in all my years of self-hosting was that time I returned a portable /24 to APNIC. Still stings even if it was the right thing to do, civically speaking.
I retain gmail & hotmail accounts for deliverability checks and as signup swamps.
To be fair if both google and dropbox can't take care of 1TB of data, who can?
My solution against photo anxiety is to actually look at them and decide to physically print the best ones every year. More likely to be used as gifts or just fun to look through them in a photo album, nobody is going to sit next to you on a phone or computer but bring out an old photo album and everyone is on it.
I do professional wedding photography as a side business.
Yes, please print your photos! I love it when my clients print their photos, and I print my favorites as well. There's still something magical about a real, physical photo vs. digital.
I have vast archives of digital photos and you know what? I barely look at them, but I have prints up all over my walls, in my wallet, etc and I enjoy them all the time.
Technically I have no big doubts about S3 Glacier.
But what happens if you don't use that stuff for a long time. You are in hospital when the bill needs to get paid. Your credit card gets stolen and the number needs to changed. Whatever personal crisis that you are not able to take care of life as usual for some weeks. They will just delete your data before you are back in business.
Does anyone know how long it takes, how many warning mails will come? I have very little data in AWS, but I more or less constantly feeling it might happen to me. Maybe not because of such big crisis, but just the simple fact that my bank will reject the automatic payment requiring a PSD2 second factor and I miss the email...
I degoogled and deappled and ended up with a Sonim flip phone. It’s like, Android 11 without Google services but I don’t mind the lack of security because there’s basically no personal data on it.
I’m amazed at the feature parity of immich, it works great. Jellyfin for media and Pydio for Dropbox/drive functionality, email via infomaniak 12$ a year.
Haha almost identical experience but self hosting immich with off site backups. Wild how difficult it is to change your email with certain websites! Several months later still fighting with various sites.
I have an iphone so I use Apple maps and an icloud based obsidian vault, and that is all that is tied to Apple which feels fine for now.
Switch to an iPhone.
Apple's software and services (sync, drive, photo backup etc) are so inferior, especially compared with Google's (technically speaking), you'd be anyway forced to use third party (often cross platform) solutions. No risk of going deep into Apple's ecosystem ;-)
Having used both Google and Apple for notes, calendar, docs, cloud back up (general files) and photos I have come to believe Google has the better tech but Apple has the better product. It fascinates me how Google just can’t design a simple and intuitive UI for its products, which are by all means technically superior.
I'm a happy icloud photos user. Other sync is not so good, but icloud photos works fine.
iCloud stuff is generally fine, except for iCloud Drive which is atrocious.
Note that they mention using a custom domain. I strongly encourage you to do this (sounds like you don't), because then you don't depend on the mail provider. After Gmail, I started using my own domain and changed provider every year (Proton, Fastmail, and I landed on Migadu).
The key is that if you have your domain, you can swap the provider and nobody has to know about it.
How do you de-google yourself properly when every 3rd website stops working entirely unless you whitelist some google stuff in your content blocker?
I've largely de-Googled myself, but not my family. The only Gmail I have is from a few old accounts that hardly ever email me anymore; I've been on Apple's email, calendar, photos, etc. for years, and use Kagi for search. Nor do I feel any pull back toward Google. The biggest involvement I have is for the correspondents I have who are still using Gmail; every time I email them, my stuff ends up in Google's system.
1) "De-googling" doesn't need to be a binary, all-in or all-out situation. Any reduction in reliance of Google (or any single point of failure) is good. Diversifying the big stuff (mail, storage, etc.) is a great start. About last on the list is worrying about the occasional allowance for gstatic.com or whatever.
2) While I occasionally need to allow some scripts from google, it's absolutely nowhere near 1/3rd of sites.
It is almost always blocking first party JavaScript and XHRs that causes breakages. I have rarely had to enable Google anything in uMatrix to get a site to work (more often it is Cloudflare), and it is only if the site insists on reCAPTCHA.
I’ve been a Fastmail user for years, having left Gmail. It works great and have nothing be but praise for them. I use my own domain with them so if I decide to leave it’s not an issue worrying about updating people with my new email.
Fastmail is kind of a weird service. If you stop paying they release your email for someone else to take over. Pretty unacceptable this day and age.
The trick is in never ever touching the username@paid-main-provider.tld to give out to anyone. It's just for logging in.
My mailbox.org username is literally three random short Engish dict words concatnated by underscores (e.g jet_sit_gill@mailbox.org) just to ensure I'd never share that email with anyone. I only use my domain's email addresses. This way there's ZERO lock, zero fear of them giving my email to someone else and staying with the domain provider for a day longer than I have to.
For email addresses on others' domains here
- icloud.com came with the devices (I honestly have not thought about what happens to these if I have zero Apple device at one point in future :D)
- tutanota(barely ever used; just to support them I paid until they removed the 12/year plan)
- protonmail, and sdf.org (ARPA)
All of these at least let me hold on to the email address even with little resources when I stop paying or have an unpaid a/c. So little risk of email goign to someone else. And I never use these for anything important anyway.
For temp emails - duck.com, HideMyEmail (stopped using this one for new accounts though).
I really wish all mail providers made it easy and seamless to bring your own domain (or register and manage one in the background for you, without you having to care for the details). Obviously giving a service-tied email domain to users is a great lock-in strategy. But it's worrying that so many people have a big part of their online identity tied to Google.
(You can even sign up for a Google Account without GMail, using a third-party domain. And this is distinct from Google Workspace, or whatever they're calling it today. You get a normal, regular, personal Google Account, just without GMail and using your own non-gmail.com address.)
Fastmail makes it super easy to bring your own domains. As many as you want even on their cheapest plan.
Yes, I use Google (that's rare; when I 'must' must) with a icloud.com temp hidemyemail address created Google a/c.
This would be easily solved for customers who care about it by allowing you to pay a one-off fee to reserve the name for ~100 years.
Or they could just absorb that.
Any idea why it works that way? Have they offered an explanation?
I'm a Fastmail customer but I've never noticed this because I use my own domain.
This does not appear correct. I lost my original account in 2013 and the handle is extremely unique, and I just tried to reregister it, and it won't allow it. ("Sorry, [redacted]@fastmail.fm has already been taken.")
Are you sure you didn't confuse domains? My original handle is on fastmail.fm, but it will let me register that on fastmail.com.
When you move to a new house the old address becomes available for mail eventually.
Email is used a single factor (either because of magic links or forgot password flows), so the impact is much larger than getting your snail mail sent to someone else.
Also, whoever takes your old residence is probably not malicious (they just want the house because they want a house), but whoever takes your email address is much more likely to be malicious (as the acquisition cost is low and it scales).
I don't think that's true. Some years ago I did a free trial with them (did not pay anything). More recently I decided to actually sign up (for a paid account) and the email address I used for the free trial years ago was not available. I eventually got that username only after contacting support and giving them the date on which I started that free trial, to prove it was me.
I use Fastmail with my own domain. I am not sure of the logic that says paying $60/year for email is fine, but $8/year for a domain is a bridge too far.
Do that, it's a non-issue, though I do agree with you that it shouldn't be a thing (or at least have like a multiple year embargo on the address).
> Do that, it's a non-issue
I think the issue is why use an email provider that has designed such a glaring security hole into their system? Does it not raise questions about their judgment in other matters that are less visible to the user?
First, it’s not been established that they do have that security hole. Someone upthread said the email address they used during a fastmail trial was no longer available when they tried to sign up later because they didn’t want to give out the address again.
Second, and I don’t know how much weight this carries - but I personally know some of the people on the Fastmail team. They’re some of the most thoughtful, steady engineers I’ve ever met. Every time I’ve criticised something about Fastmail to my friends there, it turns out they’ve had the same discussion internally and immediately tell me about a bunch of arguments I hadn’t thought of which explain their final product choices. I wish much more of my software was made at companies like that. They have excellent judgement. They’re absolutely the right kind of people to host a long lived email service.
Domain names work the same way -- once you stop paying for it, someone else can buy and use it.
Do you have the same problem with domain names? If so, how would you propose to fix it?
That's incredibly dishonest reasoning. Are you seriously telling me that unless people have a solution for fixing DNS, commercial email should be free to hand out used email addresses? Seriously?
You don't have reserved/registered post bags (with a identifier at a certain post office) in your country? Or not available to individual users?
This way - many different providers either lock that username away and throw the key (even you can't get it again; some give you the key instead of throwing away but no space in their home until you pay again) and some just graciously offer a free plan with that address whith little or barely any resources (which is actually great and very generious of them). Which ones? Google around and you shall find.
Any provider with a free tier doesn’t have the issue so that covers a lot of them
I was really happy with Fastmail as well. Before that I used ProtonMail, which was annoying because it forced me to install their bridge and use their encryption stuff.
After Fastmail I went to Migadu, and it's absolutely great. I have never seen support requests getting answers that quickly :-).
I use identities for this:
https://migadu.com/guides/identities/
I can send as the address, and emails arrive in my normal mailbox. I also use them for giving self-hosted services their own address/password to email me.
How's migadu's email ip reputation? Also do you have to create these identities in that admin panel to use or you can use it on the go like duck.com or Apple's hide my email?
Like you, I am a happy long-term user of Fastmail. In addition to the excellent mail and calendar service, their tech support is top-notch: fast and generally providing the correct answer in their first communication.
I'm in the process of switching from Gmail to FastMail. They were the only ones who met one of my requirements: Receive all email for all my domains and deliver it to one inbox with labels.
I really like that they offer a Gmail migration, including an initial import and _ongoing Inbox sync_. It only syncs the Inbox though, not spam (which is sometimes legit, especially with Gmail) or mail that gets immediately archived by a rule.
I created an alternate domain so I could try them out and perform the switch after a significant evaluation period. Since they have advanced options for figuring out which address to reply to an email with and how, it works seamlessly with gmail and with the catch-all for domains.
I could go on and on. The only thing I miss from Gmail is custom notification sounds. I don't like my email notifications having the default OS sound. Oh and you can't migrate stars/icons for emails. I wish I could do that and convert them to labels, but not a big deal.
That’s the thing, you never left Gmail, since most recipients use it. You have to play by Google’s rules for deliverability across all mail providers. It cannot be “left.”
I am a person who doesn't have any brand loyalty. If there's something else that's better or has the same features at the same cost, I will go for it. That being said, Fastmail has been great. Besides the unlimited domains and masked email features, I never had an issue with my emails ending up in someone else's spam folder. This is crucial to me not to lose a client or a job, or even government communications. Some might argue about security/privacy, but emails are never meant to be that medium for secure communications. Even with PGP you would still leak metadata, so if you are after security, don't use email. Other than that, I will be after reliability and ease of use features.
In particular, encrypted email provides privacy but not anonymity. You need some sort of onion routing system for that. Back in the day people would set up such routing systems for email.
It turns out that most people don't really need anonymity. That is why most systems these days don't bother the user with all the associated hassle. Briar and Session come to mind as contemporary examples of such things.
Something to be aware of if you're considering mailbox.org:
https://userforum-en.mailbox.org/topic/anti-spoofing-for-cus...
Another thing is that they appear to have some spam scanning on outbound emails and when they detect something suspicious they simply drop the email silently, and nobody will ever know about it.
Oh, thank you. I didn't know that. Anyway, I'm not using a custom domain on mailbox, I use my custom mail domain with another service.
> This was a tough decision, having used Gmail since 2007/2008. However, I had to draw the line and stop giving Google my data for free. > > The problem with email is that everything is transmitted in plain text.
Interestingly, one of my biggest problems with Gmail is that they don't allow actual plaintext. I used to routinely collaborate with developers who were vision-impaired, and the official Gmail phone app wouldn't let me send them plaintext email. Instead, it was some sort of HTML thing. Unfortunately, we sometimes sent code snippets to each other over email, and though admittedly it looked more or less fine, Gmail changed the underlying representation enough that my collaborators' screen readers would mess up on the parsing.
This led to me leaving Gmail on my phone, which led ultimately to me leaving Gmail entirely.
I think you use the term "plain text" differently from the author of the post. I think they refer to the fact that there is no end to end encryption. Google has access to the clear text of all messages and can index/analyze them.
The article does call out plain text email without formatting or attachments. Plain text typically refers to visual formatting, while clear text refers to lack of encryption.
I have been using mailbox.org for a few years and no complaints. I don't think the web UI is amazing but I use it via Thunderbird so it doesn't affect me.
If you use your own email client and your own domain name, you don't really need to worry about UI with email providers at all (as long as your provider supports those features). And your own domain name makes it easy to move around in future if you need to.
I don't really have any plans to move away from mailbox.org, though I just saw the post about Thunderbird offering an email service in the future. That might actually prompt me to move as I'd like to support the makers of a FOSS email client I've been happily using for years.
Mailbox doesn’t support it, but on mailbox you can use your IMAP app with Proton not.
And on mailbox you can easily send and receive PGP encrypted mail on mailbox.org. They provide a page for key import, allowing you to send encrypted emails like regular mail when needed.
It’s your choice, if you always want to use proton mail app everywhere you can use proton.
Yes but only if you install the bridge as I wrote in my blog post, and on iOS iPadOS? You can’t use Apple Mail app.
The mail service has several serious shortcomings: 1. Disposable addresses (with the prefix temp in the domain part of the email address) can be generated via the web interface. However, when I receive an email at such a disposable address and reply to it in the web interface, the From field does not show this disposable address used in the previous communication, but instead the standard email address of the mailbox account. This is extremely annoying, because this communication partner is only supposed to know the disposable address. 2. In addition to the limited number of disposable addresses provided by the mailbox service, it is also possible to generate countless email addresses in the form of +extensions to the standard local part of the email address itself. Here again, it is frustrating that these email+addresses cannot be selected as the sender in the mailbox web interface (in Thunderbird you can and in the iOS Mail app it only works after manually adding this extension email as an alias in the account settings of the iOS app).
Moreover, Mailbox.org restricts the creation of email extensions exclusively to the plus sign: with alice@mailbox.org you can generate alice+test@mailbox.org, which inbound will automatically be sorted into the inbox folder alice (case sensitive).
But Mailbox.org does not allow the creation of alice.test@mailbox.org, which would actually be accepted as a registration email address by significantly more online services, because many of them apply standard filter rules for valid email addresses that wrongly consider the plus sign invalid and therefore reject it.
I moved myself and my wife's business away from Google, but that hasn't been without it's issues. Even though we're using a globally recognised mail provider and have DKIM, SPF etc all set up perfectly, we get bounced or delayed by certain mail admins. There are also occasional delays and issues. One thing I'll say about Gmail is that it's extremely reliable.
What provider?
Running an online forum, I've encountered people using Atomic Mail, and that service has terrible reliability.
I started the get itchy about so much of my life sitting on Google about 5 years ago, so I decided to take the leap to Fastmail and haven’t looked back.
Didn’t need to do anything special for the migration. The in house importer they offer pulled over 80GB in a day and I was set from there.
Fastmail isn’t going to give you end to end encryption - but - I think just shedding a major Google service is a massive win privacy-wise.
I remember briefly looking into Proton but the search was awful.
The big problem with Fastmail is that they’re a US-based host, so non-US citizens still get zero privacy.
I'm thinking of leaving Google workspace for fastmail, but worried a bit about giving future employees email addresses/access. I hate being tied to Google but it provides a decent suite of things, and unlike M365 they actually work.
> I started the get itchy about so much of my life sitting on Google
For me and my partner was enough when Google started collecting info about purchases/delivery orders on gmail and dumping it in some separated page without any consent nor notification.
We moved to Proton but once they changed branding and starting introducing additional services beside mailbox we knew they enter milking-out path. Their newest AI plaything was reason to leave.
This solves the "dependence on Gmail" problem (which is definitely a worthy problem to solve) but not the general "dependence on a particular mail provider" problem. The next step in this walk-down-the-risk-chain is self-hosting on a VPS, where you're now just dependent on your VPS provider, and the next step could be self-hosting on your own metal, where you're now just dependent on your ISP. Happy trails!
I'm on fastmail with an xyz.dev domain and keep a gmail for legacy purposes. Unfortunately some email validators will reject my short FM address.
Right. Everyone has to keep a Gmail address as backup because of all these edge cases. For one, some domains (like yours) are just rejected. I tried to register an account with a huge corporate SMTP provider recently but they've not updated their allowed gTLD in 10 years and their devs fought me for weeks telling me it was my domain that was wrong, not their system until they finally gave in.
And secondly, many sites, like Reddit, use a Gmail address as some sort of signal of quality. You can avoid a lot of new account bans on Reddit simply by registering with a Gmail instead of your own domain.
> self-hosting on your own metal, where you're now just dependent on your ISP
Your ISP, the hardware not failing, needing to do routine maintenance and (expensive!) upgrades, having room in your house, having consistent power to your servers, possible theft, natural disasters causing you to lose your home, etc.
There's a reason I use a VPS for hosting a lot of things haha. Mostly because I live in a small apartment and don't have room for a server rack.
Backup your data. Email is data. It is easy enough to do and frees you from many problems. You restore from backup and go on with life.
Which is why you should buy your own domain so you can easily move to another provider.
And backup your emails of course.
I wonder how many more people have lost access to their DNS than to their email account. When you lease a domain (you can't buy domains), you have to periodically renew your lease - this is much more likely to be a problem than typical mail accounts. And if you lose your domain, and someone buys it, they now get all of your email - a much worse situation than Google locking out of your account. And there is no chance to appeal - again much worse than even Google's terrible user help.
I own a domain that I use as my primary email address, but it's a "premium" domain that costs quite a bit to lease every year. To me the main concern here is that my payment fails, I don't notice, the domain goes up for sale and somebody grabs it. Then they have access to everything.
So, I use my personal domain for all mail except anything that's "vital" like government websites, banking, paying rent, etc. for which I use my email provider's domain. And of course I'm registered with my domain registrar with a different email domain.
There's no reason to self-host your e-mail server. As long as you own your domain, you can simply point the DNS to a different provider when you want to switch.
mailbox.org recycles @mailbox.org addresses after a period. 90 days for the cheapest Light plan [1].
After that, someone else can register your old address.
If your subscription lapses, your email account is closed after 30 days, data is deleted after another 30 days [2].
[1]: https://kb.mailbox.org/en/private/account-article/when-is-a-...
[2]: https://kb.mailbox.org/en/private/payment-article/what-happe...
Gotta put in a plug for Migadu: https://www.migadu.com/pricing/
Happy customer over a couple of years.
Ended up dropping migadu. Lots of things I liked like the configuration but it was fairly expensive for what you got. After 3 years of paying, I once went over my outbound quota and couldn't send email for the day.
I've been using Migadu for a low-moderate throughput inbox (within their micro tier limits) in the US and the IMAP4 performance is kinda awful sometimes. I'm not sure why :(
> The last two providers offered true end-to-end encryption
This is not quite right. The only offer e2ee if you send an email to someone on the same provider (e.g. ProtonMail to ProtonMail). If you write to someone using Gmail, it's not e2ee.
IMHO this kind of e2ee is interesting for companies (because every employee is on the same provider, and it's better to have the internal communications on ProtonMail than shared with Google on Gmail), but for a personal email it doesn't matter so much.
What's really important is to have a custom domain so that you are not stuck with one provider.
That's correct, I meant that you have to always use their app, whether to use e2ee or not. There is no IMAP.
Mailbox also offers e2ee via browser among the same mailbox users, but it also has IMAP and PGP.
This has nothing to do with the provider and everything with your client. They are only linked if you happen to use the web interface of your provider directly, but you don't have to.
Congrats for the move. "Away from Gmail" is by itself a happy title.
The report is also very good and that should be a service every other mail service could provide to people who want to move away from G'rab'mail.
Another curiosity is that you use the same password I use for everything: xxx
Simple to remember and nobody will ever figure that out! Wink! :)
> The last two providers offered true end-to-end encryption
ProtonMail and Tutanota offer end-to-end encryption only when both the sender and recipient are using the same (i.e., ProtonMail->ProtonMail or Tutanota->Tutanota). If you’re emailing someone outside those or if you’re receiving emails from someone outside those, and you want encryption, you’d have to go to PGP (with its own complexities).
That's why I find their mandatory requirement of exposing their hosted emails only to their clients is such a bizarre take (if not pure bs).
I mean for god's sake just let me use IMAP/POP3.
You give me encryption at rest, safety and privacy in transit, and do not sell my data. You also offer to let me put up my GPG key on your admin portal so that I can easily read e2ee mails in your webmail.
Thank you, all that is very nice. Now get out of my way and do not try/pretend to be Signal and email at the same time.
I've been pretty happy with Mailbox.org. The web interface isn't great compared to Gmail, but I prefer Thunderbird anyway for normal usage. They used to have a weird 2FA setup, but they've since switched to the same kind everybody else use, thankfully.
Microsoft's been a bit annoying, since some emails I've sent to @hotmail.com domains go to spam, but at least they do arrive and aren't just bounced, as I've heard from some horror stories. Sending to @gmail.com accounts seems to work perfectly though. I don't send a lot of outgoing mail from my personal account anyway, so it doesn't really matter in the end. Some mails seem to take longer to arrive, but I had that problem on Gmail too, so I don't think there's anything actually wrong per se.
And I will be leaving Mailbox.org for Runbox, or Purelymail, or Fastmail. I have a few more months' credit remaining on Mailbox, besides I am yet to try the trials.
(This is for the author and anyone else) If you are looking for responsive (or even barely responsive) and responsible support responses whenever you need it, weigh your options very carefully about which mail host you want to move to. You might need it once or twice a year, but that might be crucial.
Edit: And if you can help it, and have your own domain, never use a mail host's domain-based email address (no matter how catchy and short that is) because it will be a headache switching away from it if you want to change your host.
Fastmail's base plan is excessive for me (60GB of storage) and costs twice as much as Mailbox, plus it's not an EU service.
It is for me as well. It's an obscene plan. They should have plans for us normal humans :)
But having burnt my fingers couple of times I need to be with a provider who has some sort of "real" and responsive support (and accountable) and that costs money so there's that. For me EU is not a condition, neither is e2ee (as long as it's E at Rest), but I understand it might be for others. I hope mailbox is good for you and unless you need some support it will good. There were no outages or any general things breaking during my usage of many years.
Good luck.
I did. Their 20 out/day (soft limit) had me concerned. While many weeks I might send less than 7 emails I still feel uncomfortable with those limits.
Anyone considering a move should also look at NameCrane/CraneMail by the crew behind BuyVM. Solid service, incredibly reasonable prices, great community/discord. They are always looking to improve, extremely proactive and reactive to customer feedback and issues. No builtin PGP, but I believe that is out of their control as they use SmarterMail on the backend.
I would run away from any service that forces me to use discord fr support.
Take it easy. It's not their official support channel. They have tickets like everyone else, with the added bonus that you can nudge them in their chat. You can take advantage of it or not, no forcing involved. The discord is more about community than a support channel. In fact they will usually ask you to open a ticket if you haven't already for direct support issues that don't look to be a general/shared issue.
Curious who is looking for "community" when it comes to their email hosting provider. The word "community" gets tossed around so much it's basically meaningless - but I mean, even in the loosest definition of it why would you want to interact with random people who simply use the same provider you do... like would you want a Discord server for your local gas station chain or power company?
Tech nerds. vps nerds. Hosting nerds. if that's not you, then yeah probably not
I hadn’t heard of this and looked for it. How is Cranemail so cheap? I’m really surprised but also concerned that one can get 100 GB of space with unlimited mailboxes and aliases (with just a sending limit) for $10 a year (which gets even cheaper when paying for multiple years or lifetime).
Not sure, but you could ask @Francisco here [1]. He might respond. He’s been around a very long time— certainly not fly by night, as I can understand thinking that at the price value.
Is masking essentially email aliasing? If so yes they have aliases. re: about the IPs, yes that doesn't sound great for a shared system, something to probably bring up to them
For those looking to break free and are considering self-hosting, I can strongly recommend Stalwart. I'm surprised how almost no one seems to have heard of it, but it's amazing (and supports JMAP!)
One thing I'd recommend is getting your own domain for email (looks like mailbox.org allows custom domains with some plans). You never know what will happen to your email provider in the future, so having the freedom to move your domain to a different provider is valuable.
It does and I’ve been hoping to see more discussion around best registrars from a domain security perspective. I looked into CSC (cscglobal.com) since it’s what a lot of big companies use, but it’s crazy expensive ($5K+/yr). Even worse, their contract is wild: no guarantee of registration/renewal, all fees non-refundable, they can hike prices anytime, liability capped at $5K, DNS is “as-is” with only credits for outages, and they can unmask WHOIS privacy at will. Basically you pay enterprise prices while they disclaim almost all responsibility.
Yes, thanks. I already have my custom email domain, but this mailbox address is for everyday use, while I use my personal domain for private matters.
> To send encrypted emails, you just select “Use PGP encrypted” when composing a new message, after importing your private key, of course.
I love the concept of PGP and how well it seems to be integrated. I also don't know a single person who uses it or a provider/software capable of decrypting it. I think that's the biggest issue with PGP. Short of asking someone directly, you don't know if they'd be able to receive a PGP encrypted email, so you wont send one.
If you own your own domain as many are suggesting, it's super easy to share your key. Simply publish it and share the link in your email signature.
Yes it’s very easy to use on mailbox, well I use pgp encryption with some friend and on Kraken (the crypto exchange)
> Let me start by saying: I use email in a very basic way. I send and receive a lot of messages (at least 50 a day), but they’re plain text/html emails with no attachments or fancy features.
Why not shift to properly encrypted chat apps without all that single permanent pgp key nonsense that doesn't fit on a page?
> The problem with email is that everything is transmitted in plain text.
That's not a Gmail problem, and no reason to migrate. Some use cases just don't fit email, and for those, we have other, more fitting platforms.
> So, I went with mailbox.org that still offers integrated PGP encryption, and if you want, you can always use external PGP too (which I was already doing with Gmail).
Ok, so now you have two problems.
But we haven't started using regular expressions yet...!?
I was fortunate enough that my solution was to host my own mail server 20+ years ago and create a separate email address per relationship with a company, so I can tell the moment some 3rd party has been comprimised when I receive spam on a specific address. My personal spam has been minimal over time.
If for example moc.elgoog@mydomain.com gets spam - I know they're compromised or have sold me out.
Yes gmail has had something similar using the + character, but most people don't know about/make use of this and still abdicate spam filtering to things they don't understand like bayesian algorithms which suffer from false positives. (Have you checked your spam folder for our very important message...?)
Email has never been secure and despite modern updates, I still don't consider it as such. Then again I don't have much to worry about, so I'm ambivalent most of the time. That said, special 'fuck you' shoutouts to Ticketek for being compromised and their general ineptitude and shitfuckery in so many ways... It took them 2 months to respond to an issue I raised with them only to ask whether it was still an issue... (yes, it still is).
Unfortunately I don't know if you could easily manage to convince majority email providers you're legitimite with a new domain in this day and age - I suspect its now a major hurdle to overcome as I've read often enough of mail bouncing because "we've never heard of you until now, so we don't trust you" - which makes communicating with the majority of the world via email almost impossible to build up the trust level you're considered legitimite and that's despite all this extra DMARC, DKIM, and SPF and SSL/TLS supposed safeguards which have appeared over time and I've had to comply with.
Security as an afterthought means its still probably never going to be secure. I've always considered email the equivalent of transmitting plaintext and have always treated it as such. This has led to some pretty difficult situations where I don't email important stuff to a 3rd party just because they expect it and everyone else does it.
Google '+' addresses aren't really safe anymore as thieves and some spammers will be sophisticated enough to strip them. You also run into broken validators that reject '+'. Much better to have on-demand wildcards with a custom domain in any format you wish.
It can be summarized that the romanticized ideal of Email is long gone, if it ever existed. Today email is a way for others, mostly automations, to send you notifications.
Once you realize this, the "just keep whatever I have right now" is often the best solution.
Just don't send lots and lots of email. I haven't had a problem yet. But I mostly use my server to receive.
Speaking of which, receiving is free. There are no spam checks when other providers send email to yours. So feel free to only use Gmail when you need to send an email out to a big provider. It's still a 95% win.
> That's not a Gmail problem, and no reason to migrate.
It is a problem with Gmail, because they're helping themselves into your email, as was explained by the author in the sentence immediately after the one you quoted:
> Technically, Google can store every message you receive and know everything, and U.S. agencies can request access to that data
Yes but at least for the TOS, mailbox doesn’t do it, and I’m more relaxed also because I’m paying for the email (they don’t need to sell my data to other services) and the server are hosted in Europe and GDPR compliance.
> because they're helping themselves into your email
What, specifically do you mean by this?
I did the same thing some years ago. I chose purelymail[0] as the MX for my personal domain and would recommend. The only issue is that it's so cheap, and my credit lasts so long, I forget that it is in fact a paid service and that I do actually need to make a payment from time to time...
The problem with changing email provider due to privacy concerns, is that most of your emails will still end up inside Google's or Microsoft's servers.
I considered self-hosting my own email, as I already have a domain name. But this has always put me off. The reason I would still consider self-hosting is to have readily available email address for side projects, like if I want to receive email notifications from services.
But for privacy, you unfortunately don't gain much, as most of the people/entities you're exchanging emails with are using Google or Microsoft emails.
Even when they don't, it doesn't matter. Email wasn't designed for privacy or security, and can't accommodate those. Lucky for us, we now have much better tools for those use cases, so we don't need to clumsily try and fail to ducktape those use cases to email.
Anyone using a half-Gmail / half-personal IMAP server to handle the reality that keeping 20+ years or email in Gmail will bump into the storage quota? I'm around 99.5% usage and just slowly deleting ancient emails with large attachments to make it another month.
Dovecot in my homelab seem doable to have an IMAP server to transfer the Gmail based emails to and maintain them indefinitely but would this be a maintenance headache? I've never operated it before and am curious.
I’ve got Dovecot running in a Docker container on my Raspberry Pi. Moved everything over using Thunderbird. If you use mbox format, once done, you can turn the files read-only and Dovecot will still work. And you can throw a Solr server into the mix to get fast mail searches.
I also ran into the Google storage quota after 20+ years of gmail + drive + photos. I ended up paying for Google One at $4/mo just to make it long enough to move all of data somewhere else.
But there are the filter lists! You can customize the spam filters. Anyway maybe I’ll find these issue in the future, for now it’s all fgood with spam (I don’t see any spam email)
https://porkbun.com/products/email is similarly priced
I use both mailbox and gmail. For people that are considering switching, some websites don't accept the mailbox domain, so be ready for that. Otherwise the service works great.
In over 6 years of using Mailbox, I only remember one website that rejected the domain. It's a government website and they only started rejecting "invalid" (non-duopoly) domains sometime this year.
I do occasionally get emails that take longer to arrive into my inbox (between 5 minutes up to 1 hour), but the emails always arrive eventually. Or maybe I haven't noticed...
Do you remember which websites rejected your Mailbox address?
I've never encountered this issue so far, and I've already changed my email on almost all commercial services. But thanks for reporting! I'll use Gmail with forwarding if I encounter this issue
I'm going to plug fastmail. Rationale:
(1) tech support that actually reads your messages and replies with a solution demonstrating comprehension of the message that you wrote. Amazing. I've emailed them twice and gotten a great response both times.
(2) it is the best UI I've seen outside gmail;
(3) They have continued actively developing their UI, with nice updates released perhaps in the last 6 weeks.
(4) keyboard shortcuts that work
(5) Instead of inbox 0, I practice inbox 50k and it handles it fine.
(6) I just had a decade-anniversary there and I've never regretted it.
(1) tech support that actually reads your messages and replies with a solution demonstrating comprehension of the message that you wrote. Amazing. I've emailed them twice and gotten a great response both times.
Tech support forwarded an inquiry I was asking about an IMAP command in my MUA which led to an actual engineer that said my MUA was using an outdated/deprecated part of the IMAP protocol and provided the RFC for the new way of doing things, which then lead to a patch in said MUA. Very few companies offer this calibre of support, the only other one I can think of is Tarsnap.
(2) it is the best UI I've seen outside gmail
I think it's a much better UI overall than gmail; at least I found with gmail you had to manually paginate things, I can easily do a search in FM that might have 10000 emails over 20 years and I can usually jump to a specific month/year very quickly via scroll and then from there a specific day.
(5) Instead of inbox 0, I practice inbox 50k and it handles it fine.
Similar, 37k in my Inbox, nay issue. I have probably 200k overall across different folders. But I know I'm outsourcing a service, so I do full infrequent backups via IMAP.
Here's my (7):
Fastmail has the only web interface I've come across that handles (catch-all) aliases correctly and knows how to respond with the correct one every single time. Maybe roundcube/squirrelmail can do this, but roundcube/squirrelmail overall is not very good.
I think I'm over 20 years using Fastmail now? It just works. I've never had a single ounce of trouble with them. Their support is great. There are few products in life that I would recommend without question, and Fastmail is one of those. If only every company was this good.
> (2) it is the best UI I've seen outside gmail;
I'd say it's better (maybe gmail has features it doesn't, but fastmail does everything I need and loads much much faster than gmail)
Also a happy fastmail customer for the last several years.
Came here to say this. I've been with Fastmail a similar length of time and it just keeps getting better.
You should be fine on the big providers. There's a weird horseshoe situation where anti-Google doomposting looks a lot like pro-Google FUD that I think leads people to believe only Google and maybe Microsoft are capable of sending mail any more.
Something like mailbox.org should be fine. Even a carefully-chosen VPS running your own email server should be fine (works for me, no delivery problems in ~2 years)
Tell me you haven't run a large email server without telling me.
There's a reason even large corporates that can easily afford the resources to run email their email themselves decide against it.
There are a handful of good providers, not just Google and Microsoft, but the two hyperscalers do have very good offerings, so of course they have a lot of the market.
Another happy mailbox.org user here who dumped gmail since a little over 4 years now. I'd highly recommend them to anyone who prefers more control on the client app they can use to access emails, calendars etc. Their web interface may not be the best/fastest, but their video conferencing web app is really good. I rarely use their office suite, but good to know it exists.
How do I get my family to move off of Gmail?
I keep telling them that Google spies on you, but they don’t care because it is free and it works.
How reliable are these providers and what are the chances these providers emails would bounce or go to spam when sending an email?
I did it by moving to the Proton ecosystem: Proton Mail, Proton Calendar, and Proton Pass, with the added bonus of Proton VPN.
As much as I don't necessarily like it, I think we have to put a price on our privacy and personal data. And for me, paying for the Proton family plan seems like a good trade-off, at least for now. So far, I haven't got any emails to bounce when using the @pm.me or @proton.me email addresses, except once (I forgot which web site).
If they don't care there is no problem for them to solve. Stop sending mail to them and bounce mails from gmail.
As far as I know, Gmail doesn’t allow saving PGP keys or using them to write new emails, whereas mailbox.org integrates the entire PGP service and to send an email, even from iOS where PGP apps are "ugly," you just need to do it from the web interface.
Anyway I wrote the details in the post.
Edit: I have to mention that I generated my PGP keys locally and then imported to Mailbox.Org
Do gmail prevents you from using a regular MTA these days?
I moved my domain to ProtonMail at the start of the year and my only real challenge is shared calendars.
Does anyone have a suggested solution that allows multiple people to share and manage a calendars that isn't Google Calendar or locked to a particular platform (Apple).
I'd really like to just run my own Postfix, Dovecot, SpamAssassin stack, but it seems totally discouraged these days just on the basis of email sender reputation.
It's not as bad as some make it out to be. Check out Stalwart, as it is much easier for a newcomer to mail hosting to manage.
I wish there was something like cell phone number porting for email addresses. I don’t know how it would work on the technical side or how you could secure something like that, but the idea of switching email providers is too daunting, so I stay with Gmail despite abandoning all my other Google accounts and services.
The closest would be having your own domain that’s linked to an email service provider (like mailbox.org or Google Workspace or several others). But to your point of switching email providers being daunting, first buy your own domain and then use that domain with an email provider of your choice. Then start chipping away at the emails you receive in your Gmail account and switch each of those senders to your new domain (and a new email address there). Do it a few at a time, give yourself a whole year to complete it and get going.
It’s even easier if you list out the most important senders in a checklist and move those first. But give yourself at least a few months time. It’s certainly possible.
Once you have your own domain, future migrations to another email provider would be a matter of moving the emails and updating DNS.
It exists: just port your domain name to a new registrar, and/or point your mx records to a new email provider.
Phone number is just a user number. Email addresses are a user name at a server name. A little harder to do if you're looking for something as ubiquitous as phone number porting.
The closest thing to a server name when it comes to phone numbers, would be the network it is on. For example, there is the public switched telephone network (PSTN), then there is the Defense Switched Network (DSN)
The problem is that I would still need to "port out" my email address manually to a new domain name. It's not an exaggeration to say that there are probably over a hundred places I would need to make that change.
What's the problem? Do it during a slow day when you're bored. Doesn't take a lot of time or effort. Keep the old e-mail around for any strays that you forgot.
It took me 20 years with Gmail to realise that I had screwed up by not starting with a custom domain.
When I finally changed, it was a lot easier than I thought. I just gradually migrated my accounts everywhere. I still have my old Gmail address, but I almost don't use it anymore.
Also (but I didn't try), couldn't you setup your own domain with Gmail? So that you still have everything in Gmail while you migrate all your accounts... but honestly for me it was really fine to deal with two email addresses for a while.
Not as easy, but could do it in phases:
- set up new email address, hosted where you like
- https://support.google.com/mail/answer/10957?hl=en (forward your email)
- update your email address as many places as you can
Isn't losing your domain a huge risk for any common user?
I don't understand the logic. I mean if you hate Google, or you specifically want to avoid Google having your data sure, but whichever email provider you choose will have at some point access to your plaintext email and they may choose to store it. There's no such thing as real end-to-end encrypted email unless the sender actively does so or you run the server yourself (and be online to do the TLS handshake when someone connects to your domain's MX address).
Another concern about anything social is that there are at least two sides in a conversation and whoever leaks the data to a third party will compromise privacy of all so it is really hard to prevent your email from getting to Gmail servers one way or another.
I spent the past month "de-Googling" my life after I saw a notice in my Gmail inbox that it was 20 years old. I took a step back and realized just how invested into the Google ecosystem I was. Gmail, Calendar, Docs, Drive, Maps, Keep, Photos, YouTube, FitBit, Android. Basically my entire digital life. My goal was more diversifying than security/privacy, but security/privacy is a really nice bonus.
I ended up going with Proton because they had a good solution for mail, calendar, and drive which I was looking to replace. I set up my custom domain to point to it and have my Gmail forwarding to it - any time I get an email to the old Gmail address I go change it on the website or delete the account altogether.
For Google Docs / Keep, I switched over to Obsidian and pay for the sync there. It's a great replacement for my main use case of Docs / Keep which is just a dumping ground for ideas.
For Google Photos, I now self-host Immich in Hetzner on a VPS with a 1TB storage box mounted via SSHFS. I use Tailscale to connect to it. It took a few days to use Google Takeout + immich-go to upload all the photos (~300GB of data) but it's working really well now. Only costs $10/mo for the VPS and 1TB of storage.
Android I think I'll be stuck on - I have a Pixel 8 Pro that technically supports Graphene but there are too many trade-offs there. Next time I need a new phone I'll take a serious look at Fairphone but I think the Pixel 8 Pro should last a few more years.
My FitBit Versa is really old and starting to die - I ordered one of the new Pebble watches and am patiently waiting for it to ship!
YouTube I'm stuck on because that's where the content is. I have yet to find a suitable replacement for Google Maps - OpenStreetMap is still really hard to use and gives bad directions.