Leaving Gmail for Mailbox.org

Original Article ↗ Hacker News Discussion ↗

Gmail vs mailbox.org & PGP

  • mailbox.org integrates PGP in the web UI (including mobile browsers), unlike Gmail, which requires external tools and doesn’t manage keys natively.
  • Some warn that provider-managed PGP weakens the threat model: you’re protected from others but not from the provider itself.
  • Others note that switching from Gmail for privacy is still a win even without full end‑to‑end encryption, simply by leaving Google’s data ecosystem.

Owning your domain & portability

  • Very strong consensus: use your own domain so you can move providers without changing your public address.
  • Benefits: painless migration (just update MX records), diversification away from any single provider, and easy aliasing per service.
  • Risks discussed: forgetting to renew a domain (especially “premium” ones), high annual costs, and catastrophic consequences if someone else takes it and starts receiving your email.
  • Mitigations: multi‑year renewals, stacked payment methods, calendar reminders, choosing common TLDs (.com/.net/.org) to avoid validation and human‑error issues.

Provider reliability, spam & self‑hosting

  • Several report excellent reliability from large independents (Fastmail, Proton, Migadu, Zoho, Purelymail, etc.), but note that Gmail remains a high bar for deliverability and uptime.
  • Self‑hosting is seen as attractive but risky: deliverability to big providers, ongoing security, hardware/ISP dependence, and reputation building. Some suggest hybrid models (self‑host inbound, third‑party for outbound).
  • Many emphasize that backing up email (IMAP, local Dovecot, cloud storage) is as important as choosing a provider.

Experiences with mailbox.org

  • Positives: integrated PGP, IMAP support, EU hosting/GDPR, ability to bring your own client and domain, decent price.
  • Negatives/concerns raised:
    • Anti‑spoofing and outbound spam‑scanning behavior (including reports of silently dropped outbound mail).
    • Some spam filtering and 2FA rollout issues; business plans lacking proper 2FA in at least one account’s experience.
    • UI considered mediocre; some sites reportedly reject @mailbox.org addresses.
    • Address recycling after account lapse (90 days on some plans) is seen as a security risk.

Other providers & trade‑offs

  • Fastmail receives repeated praise: excellent support, strong UI, good aliasing/catch‑all handling, reliability with large inboxes. Concerns: US hosting, relatively high base plan, and address reuse policy.
  • Proton and Tutanota: appreciated for e2e encryption within their ecosystems, but IMAP limitations and reliance on their apps/bridge are seen as significant trade‑offs.
  • Migadu, Zoho, NameCrane/CraneMail, Purelymail, disroot.org, mxroute and others are mentioned for specific niches (price, family domains, generous aliasing), usually with some quota or feature caveats.

De‑Googling & broader ecosystem

  • Many describe broader “de‑Googling” journeys: moving email, calendars, storage, and photos (e.g., Immich, Nextcloud, Ente), and experimenting with alternative Android ROMs (GrapheneOS, LineageOS, Calyx).
  • Others are satisfied stopping at a non‑Google mail provider, arguing that further steps (self‑hosting, custom ROMs) are unnecessary or too fragile for their threat model.

Limits of email privacy & PGP

  • Multiple comments stress that email is fundamentally not private: no ubiquitous e2e, metadata leakage, and most correspondents still sit on Google/Microsoft.
  • PGP is seen as powerful but niche: few people use it, discovery and onboarding are awkward, and usability vs security remains a core tension.
  • Some propose using email only for “boring” communication and moving truly sensitive conversations to modern encrypted messengers instead.