I'll repeat my comment from nearly seven months ago [1] since it left a really bad taste about how users are dealt with. Nearly a year ago when the initial waves of the pandemic were raging on, Migadu removed its free tier. That's not a problem by itself because businesses have to make money to sustain and grow. But Migadu gave one month’s notice (contrary to the claims in the replies, that's what I saw) for users to switch. The replies to the comment also said that the new lowest paid tier was "affordable in every corner of the planet", which sounded quite ignorant even for a non-pandemic time.
Another point, which may matter to some people, is that while Migadu may be a Swiss company, the data centers where the mails are hosted were in France (this was the case at least a year ago). So the situation is somewhat comparable (not entirely though) to Fastmail being an Australian company with data centers in the U.S. being used.
For those who want multi-domain email services for a lower (flat) price, look at mxroute. It's based out of the U.S. though, which may not be an option for people who want certain services outside Five Eyes jurisdictions.
I remain baffled at the folk wisdom of using providers outside the United States in order to avoid the Five Eyes IC. You accomplish the opposite thing by doing that. NSA is literally chartered to hack into things outside of US jurisdiction; they don't even need permission to do it. They might even need permission not to do it.
Obviously, hosting in the US isn't a cure-all. And there are other good reasons to work with companies in Europe; for instance, their data privacy rules can often be better than ours, which can give you some commercial protections.
But these discussions about where people's email is hosted always talk about jurisdictional issues, and the only jurisdictional issue that matters here is this: if NSA is going to swipe mail from Google Mail, there's a whole fuckload of paperwork they have to do. If they want to get mail from your random email provider in Switzerland, they can just push a button.
If you are trying to avoid spook you're fucked anywhere you are: US EU whatever. Yes, if the NSA want your US email they probably won't press that button, but they'll ask GCHQ to press a UK button insetad and get it that way. Also, if the FBI wants your email they will just send a guy in a black MiB suit & 9/10 times the email company will roll over. If they meet resistance FBI just go to a tame US judge (they have loads) who rubber stamps the writ. If your server is in .CH they need lots of paperwork and a good arguable case. So yes it is worth hosting outside US. Ask Microsoft about why they do EU data hosting in Ireland.
It's definitely a false sense of security to assume that being on one side of a particular border increases your security. There may be degrees of truth to it but there's no "if your data is here, no agency will ever come for it." When protecting the contents of your data is important, the largest workload should be on sender and recipient. The protocols they decide to use, the encryption they choose for their content, etc.
Around the same time last year they also had a storage layer failure, and my catch-all rules disappeared. And about a month before that they changed POP3 address.
Both of these changes happened without any email announcement, only visible on their site. So effectively because I didn't login into Migadu dashboard, I was losing emails.
Yep. This was exactly my experience, resulted in failure to recieve mail (and my email being deassociated from the accounts of my bank and rental agency).
I had a back and fore with them on HN some months back and they were trying to whitewash their handling of the storage failure / rules deletion.
I experienced the same thing, and it took me a couple of weeks to realize I wasn’t receiving emails. Luckily I was only testing it out with emails for non-essential services. I found it difficult to understand why they continued to not make an announcement even after I, and presumably other people, made them aware of the impact the change had.
I had this issue too - all rules were deleted as they switched form regex to something else. I have no idea whether I missed anything and they really could have done an anouncement.
Otherwise have been quite happy and except for a lack of calendar it all works quite well.
What do you disagree with specifically? The reasoning in that link is absolutely correct. We can argue that POP, etc. should have 2FA support added to the protocol, but that's not the point the author was making.
And that's totally cool. I think a lot of alternate perspectives around this focus on proprietary implementations, and my focus revolves mostly around open source and licensed software. MXroute isn't a software vendor, and this confuses a lot of people because there are a lot of mail providers out there that are. Google and Microsoft are easy examples.
The question is not Brit-specific so to speak. Saying "based off of" to mean "based on" and "based out of" to mean "based in" etc started relatively recently in the U.S. In the NYC area, people also say "waiting on line" instead of "in line" which grates me to this day, but at least I could find that usage special-case in a foot thick Webster dictionary back when I first encountered.
I believe the "based off of" and "based out of" were popularized among the hipster brogrammers of early 21st century, but I might be wrong.
> while Migadu may be a Swiss company, the data centers where the mails are hosted were in France
> So the situation is somewhat comparable (not entirely though) to Fastmail being an Australian company with data centers in the U.S. being used
I don't know if it is a good comparison, as European countries (France included) are subject to GDPR, which does not really have an equivalent in the U.S.
GP here. My points were about surveillance arrangements and information exchange between countries, like the Five Eyes, Nine Eyes, Fourteen Eyes, etc. Also, as far as I know, Migadu does not encrypt data at rest. Anyone who gets access to the servers gets access to all the data.
I appreciate your recommendation. I'm no friend to intelligence agencies, but I don't want to necessarily put myself out there as a competitor to something like the old Lavabit. I'm not looking to be a victim of the US government any more than I want to see my customers victimized by them.
> Another point, which may matter to some people, is that while Migadu may be a Swiss company, the data centers where the mails are hosted were in France (this was the case at least a year ago). So the situation is somewhat comparable (not entirely though) to Fastmail being an Australian company with data centers in the U.S. being used.
> For those who want multi-domain email services for a lower (flat) price, look at mxroute. It's based out of the U.S. though, which may not be an option for people who want certain services outside Five Eyes jurisdictions.
Weird speaking that, but I would be more of concerned of (an accidental) breach of privacy by some Migadu employee than some <country-name> burreau. Not saying about some typical script kiddie or some hacker-magician getting in possession of logins with passwords as leak. It is likely new on the market and I am tempted to say it has near-zero reputation for anyone looking for a private mail right now. Location do matter, but execution more.
> It is likely new on the market and I am tempted to say it has near-zero reputation for anyone looking for a private mail right now.
GP here. Not sure if you meant Migadu in this sentence, but Migadu is not new in the email market. It has been around for several years (don't want to visit the website to look it up). I also don't believe that it has near-zero reputation.
Their $19 (Micro) Plan lists "200 in/day and 20 out/day". My email usage, personally, seems to be in bursts. It stays below 1 or 2 outbound mails on most days, however on some days (rarely) there'll be threaded conversations with >50 outbound mails. So, I feel like it would be fantastic if the plan had monthly limits instead of daily limit. Or some other sort of limit, say EC2 like, which would allow the user to consume the resources in bursts.
Yes, I was also quite excited until I saw the message limits, it feels very archaic.
So far the best email service I've found is Tutanota, who provide a custom domain for €12 / mo if you pay yearly [1], which is the cheapest I've found so far. I also like how my mail is encrypted at rest. The only downside is I have to use their web client which has limited features.
While $19 yearly is admittedly very cheap, 20 daily outbound emails seems like an absurdly low limit. I can't imagine many sole proprietorships (as they suggest as customers for that tier) would be able to sustain that.
Especially since most email providers count a single email addressed to 10 people as 10 emails. Get into a back and forth discussion with a moderately sized group and you'll hit your limit after only a few messages.
As a Migadu customer, that’s not my understanding. From their website: “When reaching incoming messages limits, we will warn you and allow for some tolerance of up to 25% over the plan limit. If even the higher tolerance level gets reached, we will start deferring messages until either the following day or the plan is upgraded. […] When reaching outgoing messages limits, we will warn you and allow for some tolerance of up to 25% over the plan limit. After the tolerance we will start rejecting outgoing messages.”
I have used Migadu in the past and I had absolutely no complaints. Everything worked as advertised and I had no delivery issues.
I chose them for their pricing model: they charge not per mailbox or domain, but rather per total number of emails in/out and storage. While this probably makes them less money, it always seemed like an honest and fair approach to billing.
Also another happy Migadu user, on their micro plan. I mainly use it for small projects, it’s great because I pay a flat $19 fee for unlimited domains. I’m happy to upgrade once a project requires it.
For my personal domain email, I use Fastmail, but that comes in at $50 yearly. Not something I can justify when just playing around with an idea.
According to their website, Fastmail allows up to 100 custom domains on a single account, so it's not like you need to buy a second account if you just want to receive/send email on a domain.
Your conclusion is spot on! I've been looking for providers that are lower on the cost for more than one mailbox with custom domains and being outside surveillance jurisdictions.
One point about your post: Migadu has (or at least had) all the data stored in data centers in France. It also doesn't encrypt data at rest. So I'm not sure how the privacy angle exactly works.
I’ve used Migadu for about 3/4 years now to provide email for hosting clients. They’re good. They had a little wobble at the start of the pandemic but otherwise no issues. You get full dmark, dkim etc and autodiscover. Massive mailboxes. Would recommend.
I use Migadu myself and have nothing but compliments for them. They do offer a calendar but it's only as a bare-bones complement to their main focus of email, so if you do not care about having invite responses and the like and just want: X is happening at Y functionality it's perfects for that too.
I feel like they really care about how they offer their service and given how laser focused it is that translates into me being extremely satisfied with their offering.
Readit News
Another point, which may matter to some people, is that while Migadu may be a Swiss company, the data centers where the mails are hosted were in France (this was the case at least a year ago). So the situation is somewhat comparable (not entirely though) to Fastmail being an Australian company with data centers in the U.S. being used.
For those who want multi-domain email services for a lower (flat) price, look at mxroute. It's based out of the U.S. though, which may not be an option for people who want certain services outside Five Eyes jurisdictions.
[1]: https://news.ycombinator.com/item?id=25382626
Obviously, hosting in the US isn't a cure-all. And there are other good reasons to work with companies in Europe; for instance, their data privacy rules can often be better than ours, which can give you some commercial protections.
But these discussions about where people's email is hosted always talk about jurisdictional issues, and the only jurisdictional issue that matters here is this: if NSA is going to swipe mail from Google Mail, there's a whole fuckload of paperwork they have to do. If they want to get mail from your random email provider in Switzerland, they can just push a button.
https://www.washingtonpost.com/graphics/2020/world/national-...
It's definitely a false sense of security to assume that being on one side of a particular border increases your security. There may be degrees of truth to it but there's no "if your data is here, no agency will ever come for it." When protecting the contents of your data is important, the largest workload should be on sender and recipient. The protocols they decide to use, the encryption they choose for their content, etc.
Both of these changes happened without any email announcement, only visible on their site. So effectively because I didn't login into Migadu dashboard, I was losing emails.
I had a back and fore with them on HN some months back and they were trying to whitewash their handling of the storage failure / rules deletion.
The savings are not worth the risk.
Otherwise have been quite happy and except for a lack of calendar it all works quite well.
I was very interested and very seriously considering signing up, until I read this: https://mxroute.com/docs/do-you-support-2fa-on-email-account... While I respect Jarland's opinion/stance, I do not agree.
Are you saying it's based in the US? (Brit here.)
I believe the "based off of" and "based out of" were popularized among the hipster brogrammers of early 21st century, but I might be wrong.
I am not a native speaker.
Deleted Comment
> So the situation is somewhat comparable (not entirely though) to Fastmail being an Australian company with data centers in the U.S. being used
I don't know if it is a good comparison, as European countries (France included) are subject to GDPR, which does not really have an equivalent in the U.S.
> For those who want multi-domain email services for a lower (flat) price, look at mxroute. It's based out of the U.S. though, which may not be an option for people who want certain services outside Five Eyes jurisdictions.
Weird speaking that, but I would be more of concerned of (an accidental) breach of privacy by some Migadu employee than some <country-name> burreau. Not saying about some typical script kiddie or some hacker-magician getting in possession of logins with passwords as leak. It is likely new on the market and I am tempted to say it has near-zero reputation for anyone looking for a private mail right now. Location do matter, but execution more.
GP here. Not sure if you meant Migadu in this sentence, but Migadu is not new in the email market. It has been around for several years (don't want to visit the website to look it up). I also don't believe that it has near-zero reputation.
Migadu has taught me bargain basement email is too expensive in the long run.
And that's at best, assuming you got no emails at all the previous day.
So far the best email service I've found is Tutanota, who provide a custom domain for €12 / mo if you pay yearly [1], which is the cheapest I've found so far. I also like how my mail is encrypted at rest. The only downside is I have to use their web client which has limited features.
[1] https://tutanota.com/pricing
I chose them for their pricing model: they charge not per mailbox or domain, but rather per total number of emails in/out and storage. While this probably makes them less money, it always seemed like an honest and fair approach to billing.
For my personal domain email, I use Fastmail, but that comes in at $50 yearly. Not something I can justify when just playing around with an idea.
One point about your post: Migadu has (or at least had) all the data stored in data centers in France. It also doesn't encrypt data at rest. So I'm not sure how the privacy angle exactly works.
Using a service from a Hindu nationalism supporter goes against my personal world view.
I included the religous connections because some other people might also have similar thoughts.
I feel like they really care about how they offer their service and given how laser focused it is that translates into me being extremely satisfied with their offering.