I’m personally still frustrated with the email services I know about. I’m going to start by reviewing what I use now, which is FastMail.
This is for my personal email, which I use for identity on many web services, for notifications and for writing letters to people. I’m working for myself at the moment too, so I use it for business in that context.
As background, be aware that I don’t think the email protocols (SMTP, POP3, IMAP) cut it any more. So I’m not splitting my email up by rating apps separately from service. I think the two are integrated together. This is because the user experience is better – setup is simpler, and unfortunately basic features like search, spam and filtering have to have a proprietary interface as the standards aren’t good enough. I’d love better protocols to be adopted on a wide scale, but realistically they’re not yet.
(In practice, I personally still use SMTP and IMAP because I sometimes like to read email in a command line client called mutt, and I still use POP3 to make my own personal backup of mail. Overall, I expect a good, modern email service to have its own nicely made app for common platforms that just works, and to support standard protocols for uses like backup.)
For clarity, I’m not going to consider GMail – the service, or the proprietary Android app – or mention it again. It has more than a billion active users, so by any sensible definition it is not just a monopoly in the UK market, but a global monopoly in a global market. Monopolies are single points of failure, and always lead to price gouging and regulation. That isn’t good for anyone – even more so as the price in this case isn’t paid in cash but in privacy and lock into other services (e.g. Google Now only works with GMail).
I first used FastMail as a second emergency email address when I went travelling in 2002. It had been well reviewed, I think on the venerable, and still apparently good, EmailDiscussions.com forum. At some point I paid for it, then they had an outage for three days, and I switched away from them. Much later, I had the privilege of meeting FastMail founder Jeremy Howard while he was at Kaggle, he’s a great person. Following the Snowden revelations, I switched back to FastMail and started paying them. In short, I’ve a long history with and like the company. It has a good reputation.
Usability 3/5 – The website is excellent. The Android app is decent, but doesn’t support offline reading or sending of mail – super important when travelling. Even when I have Internet the app is often slow or fails to connect to the server. I’ve tried alternative Android general purpose mail apps, but they all either didn’t set up (amazingly none of them had a FastMail config option, I had to type in the server names, it was tedious and still usually didn’t work) or had a worse user experience in various ways (e.g. no spam button). I don’t use the calendar or address book – I think because of the tedium of configuring them. I expect the Fastmail Android app to just sort that out for me, which it doesn’t.
Delivery 5/5 – Seems very good to me, no problems sending or receiving mail. Their spam detection is good enough – I get a few spams a week (my email has been public for about 17 years, so receives lots of spam), and haven’t had real mail classed as spam for a long time that I know of. I have to point my domain MX records straight at FastMail, and I had to consciously tell it to train a Bayesian filter just for me. SPF and DKIM were easy to set up and work.
Privacy 2/5 – Basic stuff is fairly decent, they use on the wire encryption for all protocols, and I’m confident (without having checked) that the company is well run in terms of basic security policy. Alas, while FastMail has some level of app-specific passwords and two-factor authentication, they’ve implemented those features very eccentrically. Worse of all, there is no attempt at encryption of your emails at rest (on their servers) (Correction: FastMail say it is encrypted at rest, see comments) or any end to end encryption such as PGP – they give good reasons for this, but nevertheless it makes it not private.
Decentralization 1/5 – The company is very centralized – all the servers are in the US (Correction: FastMail also have servers in Amsterdam, although you can’t choose where your data is, see comments for details), even though the company is Australian. The code is all closed. Not only is this a single point of failure, but it is a particularly dangerous one as the US is a single point of failure for lots of modern IT systems in lots of ways.
Potential 4/5 – Their business model is sound, ranging from $3 to $9 per user per month. They have both individual and small business customers. There’s no free plan, it’s just a free trial. They’ve been around for 18 years, so seem a good stable choice. They are slowly but surely pushing a new standard email protocol called JMAP, if only it had wider adoption.
Total score: 12/20
FastMail have responded on Twitter: “Thanks for the review. FYI All data is encrypted at rest on our servers. We also have servers in Amsterdam as well as New York/LA.” https://twitter.com/FastMail/status/830852863333052416
Richard Pope asks in that Twitter thread if you can choose which country your data is stored in, but you can’t.
There’s some technical info about the Amsterdam server here: https://www.fastmail.com/help/technical/architecture.html
There’s some info about FastMail’s on-drive encryption in this blog post: https://blog.fastmail.com/2015/12/06/getting-the-most-out-of-hardware/
Email review #2 – ProtonMail
I’ve tried this out a bit for the last week or two. This is a deliberately rough review, for reasons you shall see. That’s why it is in a comment.
Usability 4/5 – Very nice website, well made Android app. I didn’t feel confident in its ability when sending messages offline. Does have ability to configure so you can swipe to mark things as spam. Options in notifications didn’t seem flexible enough. Basically, all told, pretty slick.
Delivery – No idea, as I didn’t use it enough. I was just forwarding my mail to it, not using it as main place I send/receive mail. It felt like they would be fine.
Privacy 4/5 – Well, at least they’re trying. They’re in Switzerland, which gives me false reassurance for probably no good reason. Mailbox encrypted at rest, I think – you have a second password for it. Can send encrypted mails to other ProtonMail users – shrug, would be more interested if they were pushing Autoencrypt or similar. Overall, they’re fairly focussed on privacy.
Decentralization 0/5 – This is the big downside to ProtonMail. Your mail is all in Switzerland in a big vault. You can’t access it via any software except their software – no SMTP, IMAP or POP3. I thought this was a good idea in the abstract (simplifies development a lot, meaning everything else high quality), but now I have it… I feel locked and trapped. I can’t even backup my email (an rsync endpoint to some daily mboxes would be perfect), or migrate it to another provider. What’s the point of using a standard protocol – email – if you can’t do that!
So there you are, once I realised there was no way of downloading my mail by any means, I gave up.
If you are happy to throw away all your email at any time, definitely use it. That’s my attitude to instant messaging, and there’s no reason it shouldn’t be my attitude to email. It just isn’t!
A few months later, I’m still using FastMail.
I’ve found an Android email client I like – AquaMail. It’s a bit too configurable, and awkward to enter the settings too, but it at least lets me have the options I want on notifications, and swipe-to-mark-spam etc.