Run your own mailserver. If you don't trust Google with your data, there's nobody else I would trust. There are plenty of open-source webmail apps if that matters to you.
Did it for years. Loved it. The only problem? Hosting providers and colos often reuse IPs that have been blacklisted because of spammers, so one day you realize some folks just haven't been getting your mail. I use a leased server and would switch back from GMail to Zimbra in a heartbeat if I thought I could reliably insure my email would not get blacklisted. There are services out there you can pay for that offer smtp gateways, but they often charge on a per ___domain basis, and I need to send/receive email for 50+ domains. Pretty expensive.
If anyone has any suggestions to get around this sort of limitation, I'm all ears and will be back on Zimbra before the weekend is out ;-)
I've set up a number of mail servers for myself and clients. I've always asked providers upfront to guarantee that I can get assigned to a new netblock if any of the IP addresses they give me show up on any blacklists. In some cases, just asking resulted in getting clean IPs from previously unused netblocks. In the few cases where the IPs were blacklisted, I got new ones without any problems.
Nearly all providers will give you a new IP if your old one got blacklisted before it was assigned to you.
Note; 'clean IPs from unassigned netblocks' are not necessarily good. see bogon filtering[1] - still, running your own mailserver is not an impossibly difficult task.
AuthSMTP is priced with a fixed number of "email From: addresses", but what they don't tell you on the pricing page is that you can add a whole ___domain (wildcard *@___domain.com) and it just counts as one address.
Looking at their pricing page it looks like you'd be out about $150-160 bucks per year. Up to you to decide if it's worth it, but hardly expensive in the normal sense of the word.
Isn't that what SPF is designed to protect? They'll never get through if you have a strict SPF record that lists AuthSMTP as the only email server for your ___domain.
I haven't experienced getting added back to a blacklist off a significant webmail host after being taken off one. Once your IP is in the clear, it'd take some abuse to be put back (anecdotal). These 3 steps usually get me unblocked if starting with a bad IP:
Been there, done that, didn't work. We don't even know why GMail was black-holing our mails, but we did everything on their suggested list for getting out of the world-o-pain and still often our mails were landing in the spam folder, hence the switch to SendGrid.
I think the bigger question is if there are any open source webmail apps that can support Gmail-like usage.
Setting up your own mailserver is easy. But getting a gmail-like experience is pretty hard. For example, I tried Roundcube a while back with my full Gmail mail dump. It tried to keep up, but there was just no way it was going to handle 2gb of mail going back years.
I'd love to see something that either ran off of a standard imap server or that was a mail-delivery agent (MDA) that had a gmail-like web interface, complete with full text search.
http://www.zimbra.com. Better in some ways, worse in others, but by far the most capable open source webmail available. I used it for a few years and loved it.
I always see Zimbra mentioned as a good open-source alternative to Gmail. But the demo always made me feel like it was a web-based Outlook UI-wise.
Like mbreese, I have wondered for some years if an open-source version of Gmail existed, and also what would be necessary to reproduce the Gmail experience (on the backend side for example, to get to the same speed in search). But I always hear Zimbra which doesn't seem to be the right answer to me.
As an alternate opinion, I have RoundCube set up as a webmail option for my IMAP server, and have about 2GB of stuff in about 20 different folders, a few folders have 5000 or more messages in them, and RC seems perfectly performant, almost as quick as my native IMAP client.
My biggest complaint with it is that doesn't have a threaded view for mailing lists, but I haven't found a webmail yet with proper threaded view either. Other than that, I think it's a great substitute for a native client when I'm not at home and don't feel like using my phone, or don't have a good data connection.
There's nothing especially secret or noteworthy in my inbox, so I don't really mind if the admin of the server it's stored on can read it. Go ahead, knock yourself out. What I do mind is Google coming up with new features, connect email with social networking, and in the process expose incidental information to my peers; eg. Maro knows X, X said Y on Twitter, how does that reflect on Maro?
so, here's my issues with hosting your own mail. it's probably the most difficult common internet service in the world to maintain. there are a litany of sysadmin tasks you must take care of before you even begin with the really tricky problems. the main reason is that e-mail is arguably the most critical of services. you can't afford to miss a critical e-mail, so its imperative it be incredibly robust and fault tolerant.
first you have to set up redundant hosts. preferably on different backbones in different colos, unless a majority of your gear is in one place. next you set up the software as secure as you can so there is a minimum window for 0-days and patching can be done in scheduled maintenance windows. then you set up your monitoring to notify you when something goes south, on both hosts. things like queue size checkers and threshold-based statistic alerts are handy.
next you set up your spam filtering. THIS IS HARD. i don't care what any old salty dog mail admin tells you, it is an arduous process to properly manage the filtering and blocking and unblocking etc of mail. for a small site, getting aol or yahoo to unblock your ip range may be a great feat. for a large site, 90% of your traffic will be spam and getting every legitimate mail is nearly impossible without subjecting your users to tons of crap.
the cost in money and time just to host some free webmail yourself is astronomical in comparison to putting up with an ad and a possible privacy violation from a free provider like yahoo or gmail. if you want your mail handled properly, pay a big e-mail provider to host it for you, or spend a lot moree time and money to do the same thing yourself.
One big downside is that spam filters are very agressive these days. It can be a huge PITA getting your mail through, even when you've gone through the trouble of setting up ___domain keys and spf records and submitting the appropriate forms. Some providers, like hotmail, will silently drop emails, too.
I use RoundCube, and I'm very happy with it so far. It has a very active developer base, and it offers the closest thing to an email client experience. I'm currently working on an "Outlook" theme for it, which should be done soon.
With this setup, I get more powerful mail filters than Gmail, a better webmail client than most ISPs, and spam controls that I can access directly from my webmail client.
It's not the easiest setup to pull off, though. I'll need to roll out a second one of these before long, and I'll try to write it up next time.
EDIT: Or for $5/month/___domain (the same deal I give my clients), I'll give anyone unlimited ___domain email hosting, unlimited accounts, (practically) unlimited storage.
OK. I'll think about that -- my desire to "share and share alike" is struggling a bit with my desire to differentiate from other mail hosting services.
http://squirrelmail.org/ is out there. Can't personally recommend, since I've used gmail exclusively since I got an invite, and desktop mail apps (plus hotmail) before that. My college used squirrelmail before they switched to http://www.horde.org/webmail/.
Yeah it's REALLY bad. Funny thing is, and I don't know if this is store-specific or what but as an Apple employee working at the retail store, I got access to all of my email thru squirrelmail. You could only hit it from behind their firewall, but it's http://webmail.apple.com (it will fwd to https://webmail.apple.com/src/login.php if you cancel out of the login prompt, which for anyone who's used squirrelmail, is the standard login page)
Of course I was also given a mobileme account (which uses a pretty slick desktop-like web UI for mail) but I was shocked that they didn't do like a Google-Apps style rebrand of MobileMe email for their own @apple.com accounts. Pretty sad if you ask me.
Already mentioned by sucuri2 in another thread, but roundcube (http://roundcube.net/) looks much more attractive. Still not GMail, but much nicer than squirrelmail.
The spamassassin plugin lets you control your spam settings from your webmail account.
I also have managesieve installed, and there's a plugin for it too, so with imap, inbound email gets automatically sorted into folders for me, and I can control that from RoundCube. The filtering is actually way more powerful than anything Gmail can do (last time I checked).
There are also plenty of open source desktop IMAP clients; I personally strongly prefer clients like mutt or sylpheed over webmail interfaces. with ssh, I can even look at my mail from anywhere.
I use a laptop with a EVDO modem; totally worth the $70/month to not have to trust whatever virus-infested windows box I happen to be near when I am out of the house.
I think fewer people are worried about their mail server being hacked as they are about Google deciding on their own initiative to release info willy-nilly, as they did with Buzz.
Absolutely, I use Google for pretty much everything and trust them implicitly. I don't believe that Google will leak anything that matters and think that the whole buzz furore is nonsense whipped up by people who had assumed privacy where there was little reasonable expectation of it.
However, if, like the OP, you do not trust a major corporation with a near-immaculate record on data integrity and an industry-leading stance on LEA disclosure, why trust any corporation?
Hosting your own server is inherently risky, but it is a different sort of risk with different mitigations. As you allude to in your post, the question is whether you fear malicious individuals, the workings of the state or corporate incompetence.
my contact list was not leaked. i think at most the list of people you were auto-following was made public if/when you created a public profile and did not set this information to private
Well even in that case attackers won't touch your data (since you aren't targeted), so you'll be still safe. If they are targeting you then it's the same thing.
I pay a small amount yearly for an account at FastMail (http://www.fastmail.fm) They have a very solid IMAP service, and a robust (though not Gmail-fancy) web interface. In the five years or so that I have had an account with them, I think I could total up about a half hour of downtime that I can recall, so they are very stable. I recommend them highly. (I'm not affiliated with them, just a satisfied customer.)
I've only been a customer of FastMail since August, but I strongly echo alaithea's recommendation.
I use the web interface for preview and POP to Eudora for the real thing. Pretty much total satisfaction. You also get space for a static web site and file sharing. Pay enough (but not much) and you can use your own domains.
(FYI, I'm one of the owners/developers of FastMail)
1. Just add addresses to your address book to whitelist. Also make sure you use Report Spam/Report non-spam on enough emails (200 of each) to activate your personal bayes db (see the Options -> Spam/Virus Protection near the bottom to see how many of each you've already learned)
2. At the moment, you do have to explicitly add body: to a term to do a body search. The first time might be slow as it indexes your email, after that it should be faster.
I'm making orders from all kinds of online stores, there is no way I will add them all to the address book. Especially so because I don't know their address before they send me something, and I don't care about it after their first order confirmation/tracking number email.
I'm using Fastmail to host email on my own ___domain (you can redirect MX records to them or just use their DNS servers).
I read email mostly in Thunderbird via IMAP.
At the end of the day your own ___domain is what you really want - you can host it on Fastmail or Google, and if any of them screw up you can move on to other hosting provider or to your own server.
(FYI, I'm one of the owners/developers of FastMail)
For people that are concerned about lock in, I highly recommend this as well. Get your own ___domain, and then you're not tied to any one service. We have 10,000's of domains hosted at FastMail.
I find it to work pretty well, as long as I keep it trained by moving stuff that gets past it into the Junk folder. You can fine-tune lots of its settings (change thresholds, etc.) in the control panel.
(FYI, I'm one of the owners/developers of FastMail)
Hmmm yes, we don't really have any screenshots do we, we should probably fix that!
Hopefully even without a screenshot, we can convince people it's worth trying us out (there is the free Guest account, minimal storage, but you can at least look around the interface, and then upgrade if you like it)
Quick links to the two biggest things people want to know, features and reliability.
It might be instructive if you included why you are trying to avoid Gmail in your OP, so we can avoid suggesting other apps that might have the same issues. For example, do you dislike it because of privacy concerns? Or because it's a web app? Etc.
Not to restate the obvious, but e-mail goes around in plaintext. Whatever Google is doing with your e-mail can also be done by your ISP (and your recipients' ISPs, and anyone between).
One could make the case that hosting on Gmail has greater privacy in this respect, since if you send to any other Gmail address, the e-mail probably stays within the Google network.
But as someone pointed out in another subthread, it doesn't matter if Google is the best secured, least spammed provider in the world (and they may well be), if they turn around and leak your contacts lists. The comments in the big long buzz thread about peoples' client lists becoming aware of each other was pretty egregious.
The government can subpoena your own server in your own house just as easily as they can subpoena Google's servers.
So who are you hiding from? If it's the government, then you must use strong cryptography no matter where you host your email, and you must ensure that everyone you communicate with is as paranoid as you. (I would encrypt all my email, but nobody else I talk too will. So it doesn't work.) If it's advertisers you want to avoid, just run your own server and stop worrying so much. People have been doing it for years.
(Although, I run my own mailserver and am inundated with spam. Thousands of messages a day. So you aren't really avoiding advertisements, you are just avoiding advertisements for stuff you might actually want :)
Yes, but if it's in your house, you at least know it happened and can try and fight it. If google hands over your data you may never know. I think in many cases they'd likely be barred from telling you even if they wanted to.
Yes, good point. And if the disks are encrypted, you will definitely know about it, because they won't be getting any data without you. (Unless the email police broke AES or the key-strengthening algorithm and haven't told anyone yet. This is unlikely, however.)
On the other hand, Google has a lot of resources and lawyers to fight off the government if they come knocking, and they've been known to fight to the max in the past.
You? Not so much. If the FBI shows up at your door, you're toast.
On you own server you decide what and for how long data will be stored.
In the government wants your server you can format your hard drive if you want (or whatever you think is fit). I bet you can't do that if your mail is on google (or yahoo, msn, etc for that matters)
In the government wants your server you can format your hard drive if you want.
That is illegal and ineffective. Full-disk encryption provides much more safety, both legally and technically. (They could still sneak into your house and install a hardware keylogger that gets your encryption passphrase, and then seize the disks. But this is real life, not a movie.)
Well, they do have hardware to seize a running server without shutting it down (by splicing into the power cables/power lines at the wall plate and introducing battery power). How secure is a running machine sitting in a forensic lab? If you're receiving mail from the net your disk is necessarily unencrypted, right? I guess you would also need some sort of dead-man trigger. Suggestions?
Not hiding from anyone, or especially worried—I was just inquiring if Google Apps Premium (or Standard) would address the grandparent's privacy concern: thought maybe there was a clause in the T&Cs I missed or similar.
Fair enough for Iranian/Chinese users perhaps but I thought Hushmail was no longer secure - ever since they handed over user data in response to a subpoena.
There's nothing wrong with handing over data in response to a subpoena. They're legally required to do so. The problem is with providers who hand over data without a subpoena.
They didn't, but the they were forced to setup something on their servers that allowed them to capture the keys (or something like that) in one particular instance, IIRC.
I've run this argument through my head several times.
Here's what you should like about Gmail:
1) Google infrastructure is probably more secure than any server you could set up quickly.
2) Google handles all those pesky issue with IP blacklists, Spam, etc that you'll be forced to deal with on a DIY server. Granted, there are solutions for each of these; Its your valuable time, in the end.
On the other hand,
for a DIY mail-server: you truly don't gain much besides having an accessible dump of your mailbox(in the event that all the gmail-specific datacenters get nuked in a single day?)
ISPs can and probably wil sniff your plain text email traffic now/in near future due to external police state pressures.
I live in India, and sadly I envision this place turning into a police state by sheer incompetence on the part of the administration who pass half-baked net-nanny laws.
The only solution to email privacy: Hard-to-reverse Encryption of the text (typically GPG).
Most of the crowd here know this well. But making email encryption transparent and easy-to-use would be a killer product for those customers that value privacy. FireGPG is trying , but Gmail code changes keep breaking stuff sometimes.(http://blog.getfiregpg.org/2009/11/05/gmail-issues-fixed/)
Redundancy/Backup is another issue altogether.
You should probably keep backup IMAP dumps in a geographically distant ___location if you fear Gmail will just cease to exist one day(without any warning).
Assuming you are ultimately comparing 'shared/managed' email hosting vs self-managed/self-hosted then Spam (well, filtering spam) is the biggest issue you have to resolve.
Try turning off spam checking on any email address that's been around the net a few years.
The upside of GMail (and other shared-services) is that you are benefiting from their collective wisdom of incoming spam landscape - they see the bigger picture from everyone's accounts in aggregate... which is why their spam filters are so much more effective than bayesian filtering -- which is the only tool you have if you 'go it alone' on email
With an email address that dates back to 1994 and listed all over Usenet before we knew it would be indexed by DejaNews/Google, I need the spam protection and so I'll always go shared-hosted (Gmail for now).
...which is why their spam filters are so much more effective than bayesian filtering -- which is the only tool you have if you 'go it alone' on email
This is not true at all. Of the top of my head, I can think of three different distributed message hashing services (Razor, Pyzor, and DCC) that function similar to a shared Bayesian filter, not to mention all the various IP and URI blacklists that collect and share data about bad actors. I've actually done mail server installs where I've turned off the local bayes filters to improve results because they were getting confused by low volumes.
SpamAssassin comes with just about every Linux distribution and is used by major ISPs, so you're not "going it alone," you're leveraging what a huge percentage of the internet population is already using.
It's not without effort (maybe 15-30 minutes/week of tweaking when something slips through), but my personal email setup gives me as good or better results than my infrequently-used Gmail account.
They (claim to) use some sort of encryption scheme such that they do not have access to the data on their own servers. I don't know enough about crypto to verify, but if your concern for moving away from Google is privacy and/or security, it's probably worth at least a cursory glance.
It doesn't seem very secure that they give out their security measures. I mean, "To increase the randomness of our hash outputs...combines the password with the account name," so now I know they use an account name so what is the point in that tiny part? Many little parts of this just give away stuff that should be secret in my opinion. That doesn't necessarily make it insecure, just a dumb idea if something ever did go wrong. Overall the process sounds good if you just want to store data on their server and not have it be readable if someone happens to come across a "dead" HDD that lavabit threw away.
Oh, on a similar note: how do they decrypt these messages after you have verified your user/password during sign in if it requires the plaintext password to decrypt each message? By storing the password in a plaintext session database?
Do you have any impressions or, perhaps better, specific experiences with their approach to / respect for security and privacy? (Or, does anyone who happens to read this?)
We use Zoho Mail for our own 1000 employees. My company email address has been around and active for 13 years. I get 450 spam messages a day. Zoho Mail typically misses catching 1 or 2 a day; far more important to me, I can trust is not to have false positives (genuine mail going into spam).
We invite you to try it out.
On our business model: Zoho.com is free for individuals, without advertising. For businesses & ___domain based email, first 10 users are free, again without advertising. We charge $50/user/year (note: per YEAR) from the 11th user.
We do not believe in the advertising model for Zoho. Our business model is subscription based, with a generous free edition. We find this model to be financially viable.
You can just get Google Apps...since they release features for that 6-7 months after regular gmail gets them, you'll have plenty of warning if they release something like Buzz.
+ I doubt they'd be stupid enough to bring buzz to their business users.
Google has announced their intention to bring Buzz to Google Apps. The nice thing is that as a Google Apps administrator, you can pick and choose which features/products are available to your users (ie, you). So even if they do make Buzz available to Google Apps Gmail, you don't have to enable it.
Of course, you can just turn it off in regular ol' Gmail as well.
Interesting that the motivation seems to be privacy concerns. I could care less about privacy but I'm getting tired of gmail's underperformance (your results may vary). Gmail speed has become Intolerably slow over the past 6 months. I love everything else about it though and wish there was a paid alternative with the same Interface. And no it isn't premium. I had that and it was no better. I think I'm on a bad cluster or something and google support has been horrendous.
I love 90% of googles products so don't assume this is flame / bashing.
From that list I use fastmail.fm for outgoing (smtp). (Reasons of historical accident.) $5/year, no ads, satisfied so far.
Another alternative is to go the shared host route. Plus: you'll get a shell account without having to/being able to administer a virtual box (and mail server), it's just an account.
I've used pair.com for about 10 years to host my ___domain. Imap/pop access, or webmail. (Their webmail actually isn't that great, but it works.) Enthusiastic recommendation for pair.
Go register somewhere reputable (pairnic.com is good), then go host your ___domain somewhere (I like pair.com). Pairnic and pair are the same company, and conveniently integrated, but you can use either separately or not at all if you like. I get so many allowed email accounts with a minimal plan on pair.com that I don't bother remembering it anymore.
I hate Gmail and desperately want to find another email/webmail service. I want to switch to something that feels more secure, something that does email well without any of the extra junk they have been adding to my Gmail account. I don't seem to be alone.
I consulted several friends with more "tech cred" than me, and they pointed me to a few Gmail alternatives, with Fastmail at the top of the list.
I went to your website and after browsing for about a minute, I wanted to scratch Fastmail off my list. Your website came across as clunky, cold, and BLAH. It seemed like the website was designed about five years ago, and it didn't really instill confidence that your service would be a user-friendly experience or something that I could transition to without a huge amount of effort.
I decided to check out another Gmail alternative on my list called "Roundcube". The Roundcube site was simple but elegantly designed. More importantly, it didn't feel like it was trying to put me to sleep. The site laid out its features via simple navigation structure, basic colors, a nice screenshot, and a non-cluttered layout. I wanted to hug it. It gave the vibe that they offered an email service that would make the transition away from Gmail extremely painless and straightforward.
I relayed my thoughts to a techie friend, and he reiterated that your service is far superior to Roundcube. I trust my friend, and I will probably sign up for an account with you.
But seriously... There are so many people out there right now who desperately want to break free of their Gmail shackles. The moment is ridiculously ripe for another service to step into that vacuum and offer a refuge to all of these people.
Your email service might be truly awesome, but your website is total cryptonite for people who are ready to make the switch.
Welcome us with open arms, and we will come in droves!!
Just wanted to give a shoutout to Tuffmail: http://www.tuffmail.com/ . Their spam protection is excellent, and very configurable. They also have the fastest IMAP servers I've had the pleasure of using.
Their web interface isn't anything special, but at least it's proper IMAP so you can use whichever desktop client you like.
I was used to use Rackspace Cloud email, but the server was blacklisted on Network Solution so all my clients using NS weren't able to receive any of my emails... FAIL
Related question, does anyone know of a mail webapp that allows you to have a unified inbox with multiple IMAP accounts? In other words, something like Thunderbird or Outlook Express but web-ified.
I started doing a custom fork of RoundCube to do just this a few months back but never finished it...does anyone know of anything off-the-shelf that will do this?
Gmail supports this.. you just create each one as a google account, have them forward to the one you like best, and then set it up to let you send mail as each of the other accounts...
I have about 50 google accounts and use my regular gmail this way...
This is something that Gmail does really well right now, what with the new 'Send via SMTP' feature. When I use a secondary account to send from my 'control center' account, the email appears in the SENT items in both accounts. Double Win for records.
i've looked but haven't found anything nearly as good as gmail. the most useful feature to me, that other services do not offer, is push (sync) email, contacts, and calendar.
that's who i was thinking of switching to (i want to be able to use google "anonymously", and it's tricky when also logged in to gmail). i scanned through the mail providers listed on wikipedia and that seemed the best. hosted in norway, iirc. surprised no-one else has mentioned it here, though.
I'm currently using sup (http://sup.rubyforge.org/), which has labels and threads like Gmail, but is Free as in Freedom, runs on ncurses and, ironically, has a much better search mechanism, which was the main reason I switched from Gmail. There is also notmuch (http://notmuchmail.org/), which is still alpha, but aims to be faster and more scriptable than Sup.
