"Nobody, from the lowliest spammer to the grand exulted CEO of a massive company, can remove or change the content of an email message they have sent to you."
Unless the message has embedded images linked from the web. Those images are part of the 'content of an email' as far as most people are concerned, but aren't part of the message envelope. So they can be destroyed or replaced by the sender whenever they want.
Do any mail clients aim to deal with this by keeping a permanent copy? (Including the 1x1 tracking pixel content?)
I agree that normal email-to-email might not disappear. But considering that most email users are either using Outlook or Gmail, and both these systems not being forced to use Email protocol when the receiver is using the same network, I'd guess that email isn't that much more reliable than FB messages when it comes to getting deleted.
Yes, but if you dont, you always have the option to download a local copy of your mailbox. This is how I use email. I use fetchmail to deliver mail to a local mailbox on my hard drive. I don't delete it from the online mailbox, in case I want to access it from the web, but I have my local copy in case the online provider either goes away or does something else with it.
Well, right now email doesn't disappear — but under the GDPR anyone can demand that an email server delete any messages he sent (or at least remove his name from them). I think that's a horrible approach, but it appears to be what the GDPR demands.
What if someone's already downloaded email from that server, or forwarded it on to their friends? Seems absurd. Anyone can demand anything. You just tell them it can't be done.
> Nobody, from the lowliest spammer to the grand exulted CEO of a massive company, can remove or change the content of an email message they have sent to you.
No. Unless it is on your own server. And this is an argument against FastMail, and they know it for sure. So why lying so brutally?
> FastMail is a provider you can trust
Rule of thumb: never trust anyone who says you can trust him/her.
If I have an IMAP client, I can fetch my emails and download them locally.
If the Fastmail CEO sent me an email through Fastmail, with very little technical knowledge, I could set up a regular desktop client to download all those emails locally - headers and all. Even the iPhone default Mail app setup helps you do it.
The same is not true of Facebook - those messages belong to Facebook.
If the argument is that I can go out of my way to back something up outside of the regular framework of the software, I could do the same by saving messages from Facebook.
Email backups have been standard for decades. There are solution that follow standards and have been tested in audits. Taking screenshots of Facebook messages is very different from that.
I have copies of my Fastmail mail on several computers and access the mailboxes when online or offline. It syncs perfectly, is backed up through normal backup techniques and I am in control. There is no mystery here.
but wouldn't that just depend on your mail client?
its technically possible to edit the mail body on the server side and serve the modified message under the same mail ID.
I'd wager most clients would invalidate their local copy and trust the new mail from the server, but have to admit that I've never tested such a scenario.
iOS and Apple mail don’t. Some servers sometimes have the issue of reusing message identifiers and both clients would show the wrong content for the mail. You’d have to force a resync of the whole Mailbox to fix this.
Also: A backup of the mailbox would be unaffected by any server-side change.
Not the SSL certificate for your domain, which Fastmail will acquire with or without your prior knowledge or consent, and to which you have no access or control.
They can't request a certificate unless you already pointed your domain to their servers. So if you're already doing that for HTTP, requesting an ssl cert so they can enable HTTPS on it is a perfectly valid request... especially when browsers are starting to mark all HTTP sites as insecure.
The same goes for Hotmail and Gmail of course. I download all my gmail-mail, and then it's mine to keep. Google can't delete that unless they hack my machine. They can delete my account, my emails. But the webmail version offers one extra that downloaded mail doesn't: a reasonable guarantee that the mail is not messed with.
If I've received an email and keep it in the webmail, I cannot change that. A downloaded mail can be edited, unless it's signed with PGP. I can change content, headers, dates. An email in Gmail webmail cannot be changed by me. And while Google can do that, and maybe an excellent hacker can do that, the chance that you're the victim of that as an average Joe is very small.
> A downloaded mail can be edited, unless it's signed with PGP.
What is your threat model? Obviously, it does not include google (and by extension, the state actors that can compel it to do things). But what does it include?
Yes Google and NSA could do such things, and I wouldn't be surprised if Russia could do this as well. But for the ordinary man this won't happen, being a personal target for the big agencies.
When you're in court having having a dispute with a customer or your boss, you can't dispute Gmail timestamps etc. That's all I'm saying.
Is there no way to encrypt or sign e-mail inboxes on the server in such a way that it is tamper-proof?
Most solutions focus on preventing individual e-mails to be read or modified by a 3rd party. Does anyone apply similar techniques to a whole mailbox / account?
Only as long as you host your own mail. If your mail sits on some third party's cloud servers (like fastmail?) they can certainly make your email disappear.
Or use a local client (e.g. I've been using MS Outlook since 2000) and download the emails (I don't leave them on my email server). I prefer to keep massive .pst files (which I backup with CrashPlan - and soon Carbonite) on my machine that having them sitting anywhere outside.
Maybe I'm biased towards FastMail, but I'm kinda glad they made it obvious it was an ad (small lead up as to why, then they hit you with a "use our product instead").
I wouldn't say it's worth linking on HN (except maybe to spark a conversation), but here we are.
Admittedly, actually using the phrase "____ is a ____ you can trust" is pretty tacky at this point.
I use FastMail for my work email and it's ok, but I wish these guys would introduce a few new features from time to time. Why in 2018 do I not have the ability to "Snooze" an email and come back to it at a later date? or add notes to an email that don't get sent to the person I'm conversing with? or consolidate emails from multiple conversations into a single conversation? Yeah FastMail your service is a better alternative to Gmail because I don't have to worry about being locked out of my email one day for no apparent reason, but why aren't you innovating? Email with Fastmail is just as tedious and boring as it was 10 years ago.
tl;dr - less politicised blog posts, more making your service not suck, please.
Once you've used a service like Intercom, FrontApp or even Google's "Inbox" you realise emailing can be far more productive. It's a shame that companies like FastMail gave up on trying to improve the experience.
The features you list sound like something that should be implemented by an email client not an email host. I realize they have their own client, but that is really just a means to an end as it is obviously not their core business.
On top of that, it sounds like you really want something other than email.
Snooze is a really weird way of trying to shove stuff in your inbox... Out of your inbox for some reason. You come back to an email later... by still finding it in your inbox.
And there's no good standards compliant way to implement that, so it'd mess up third party clients. This is why Gmail is such a broken experience if you aren't using Gmail's own proprietary Google-blessed apps.
FastMail is the service and the client. Or am I to believe the Fastmail.com web interface is merely some kind of proof of concept and that they intended for people to build web clients on top of the Fastmail service?
I think the expectation is that since they speak IMAP, people will use mail clients on their own devices to access their mail. So they don't need to implement every feature a mail client has ever come up with, they just need to speak a standard protocol mail clients can understand, and then you can use the mail client of your choice, with the features you want.
They don't need to do anything, but IMO they should be doing more to enrich the email experience. Have your rock solid standard IMAP implementation, but if you've got a web client and apps for Android and iPhone why not make them better? I'm tired of having an inbox full of emails which I know I can't do anything with now because they are waiting on some other event to take place, I just want to be able to hit a Snooze button and have the email disappear for a few days. It's not that challenging of a feature for a dev team to implement is it?
That is a terrible hack of a workaround and you know it :)
With Google Inbox (inbox.google.com) I can Snooze an email for [x] number of days and it'll be gone from my inbox and I don't have to think about it until it comes back. I use Inbox for personal email but I'd rather not be.
Airmail doesn't have a web client, and that's where most of my emailing takes place, so unfortunately it's not an option.
We use FrontApp on top of FastMail for customer service, it provides a bunch of useful features on top of email, such as the one I just mentioned. I could use it for my personal email but that would mean paying two monthly subscriptions. Plus it doesn't have spam filtering built in.
> With Google Inbox (inbox.google.com) I can Snooze an email for [x] number of days and it'll be gone from my inbox and I don't have to think about it until it comes back.
And... You've just lost standards compliance so you can't use any standards compliant clients. This is a terrible hack of a workaround and you know it :)
No I haven't lost standards compliance. The feature does not interfere with IMAP at all. Sure, I don't get the useful features with a standards complaint client, but why would I expect to?
"Nobody, from the lowliest spammer to the grand exulted CEO of a massive company, can remove or change the content of an email message they have sent to you."
Unless the message has embedded images linked from the web. Those images are part of the 'content of an email' as far as most people are concerned, but aren't part of the message envelope. So they can be destroyed or replaced by the sender whenever they want.
Do any mail clients aim to deal with this by keeping a permanent copy? (Including the 1x1 tracking pixel content?)