Unfortunately there’s not much public data on active/daily users across services. The only thing that you can do is use reverse MX lookups to see who is using which provider. Many services claim that they have millions of users, but often they are using alias count (not unique user). It is quite obvious from the numbers that our service is stable, reliable, and trusted! We have some reviews at https://www.trustpilot.com/review/forwardemail.net as well.

For Mailbox at least you’ve rather selectivey picked the MX records to search. Using mxext1.mailbox.org will get you ~1000x as many records for instance.

And comparing a provider who primarily promotes using your own domain to providers where people use their domain is rather disingenuous.

Report that upstream top them. This thread is for evaluating the addition to PG.

We’ve fixed the table above! See “Mailbox | 38,659 | mxext1.mailbox.org”

@forwardemail you look like a very great service but I do not understand well…
I am just fine with Proton, is there a reason to switch to Forwardemail ?
And hence your name, are you an email aliasing/forwarding tool like Addy.io or an email provider ?
Thanks <3

@anon31928201 Hi there We’ve answered your question below:

How is Forward Email different from Proton/Gmail/etc and why should you switch?

Forward Email is 100% open-source

This means everything, the backend, the front-end, the database configuration, everything is completely open-source. We are the only provider that is 100% open source. Unlike others, we actually advertise what open-source should really mean, being completely open source:

• Proton has a closed-source backend (here’s proof)
• Skiff has a closed-source backend (here’s proof)
• Tuta has a closed-source backend (here’s proof)

Other providers such as Proton advertise as open source, but in reality the back-end (the most sensitive part; where your email is stored, processed, etc) is closed source. Therefore individuals cannot independently audit (or at least have the notion) that what is advertised and marketed is actually what is going on behind the scenes. With us, you can do that, as anyone can read our source code at https://github.com/forwardemail/forwardemail.net.

Forward Email does not make you use “bridges” or other unnecessary vendor lock-in approaches to sending and receiving email

We don’t make you install a “bridge” like Proton, or anything else. You can simply use any desktop, web, or mobile email client to access your mail with us.

We have a step by step guide for sending email and another for receiving It’s very easy to set up in an email client such as Thunderbird. We also have step by step guides, videos, and animated gifs for every popular DNS provider out there for setting up your custom domain name with us.

Is Forward Email just email aliasing and forwarding, or does it offer more features?

Forward Email is a full email service provider. Consider it a 1:1 replacement for Proton or Gmail. It supports aliases, forwarding, regular expressions, API, webhooks, SMTP, IMAP, POP3, and much more advanced features. This means you can use any open-source email client, such as Thunderbird, K-9 Mail, or Fairmail – or use something you’re already familiar with like Apple Mail, Outlook, or even Gmail – to both send and receive email. Our service is mainly geared towards users with custom domains, such as you@yourdomain.com, however we also provide some domains of our own you can use, such as you@hideaddress.net.

How much does it cost?

Forward Email can be used for free for forwarding, aliases, and more. Our pricing page is at https://forwardemail.net/private-business-email?pricing=true, and you will see you get unlimited domains and aliases on even the free plan. We don’t charge extra per user like other services do, and we also don’t charge per extra domain.

Is there a comparison chart for features and pricing differences between providers?

Yes, you can read our email comparison chart at https://forwardemail.net/blog/docs/best-quantum-safe-encrypted-email-service#email-service-provider-comparison.

P.S. We’re also integrated into Bitwarden’s desktop/web/extension/mobile clients

@anon31928201 One note we did not include above, but is important, is that unlike other providers such as Proton, we do not rewrite your emails or modify your messages. This means that we don’t break signatures, don’t modify headers, and certainly don’t modify your email or cut off your messages.

See http://jfloren.net/b/2023/7/7/0 and related links and discussions on GitHub for more insight. Such as https://github.com/ProtonMail/proton-bridge/issues/26 and https://github.com/ProtonMail/proton-bridge/issues/220.

Hi,

Just to confirm if I got it correctly, on a free plan we have to use our own domain, while those offered by the service are only available in paid plans? At least that’s what I understood from the flow once registered.

Also, +1 vote for introducing cryptocurrency payments, if possible.

@0x1 Correct! And yes, we had once accepted crypto, but due to issues with BitPay and Coinbase we removed support for it. We’re going to integrate it similarly to Mullvad with a one-time address and payment flow.

To the core maintainers of PG: We are happy to send 3-6 months free credit your way to test out our service. Feel free to DM us here or email support@forwardemail.net with the email address you sign up with for free at https://forwardemail.net/register.

cc @jonah @Niek-de-Wilde @dngray @freddy @olivia

Done, I look forward to looking at this product.

I wanted to first say I wish you very good luck @forwardemail! To me, it’s clear you show great attention to detail, and I think you’ve built a good product with few people or perhaps almost all by yourself while being open source as well.

Only feedback I have is marketing related. Comparisons are made to providers that utilize End-to-End encryption, only highlighting the negative aspects such as lack of protocol support without a bridge. While all negative aspects of encryption at rest vs end-to-end encryption are completely ignored and words like quantum safe are thrown in to make it seem very sophisticated:

From an ideology perspective an open source backend is extremely positive. From a security/privacy perspective it doesn’t matter if the backend of an end-to-end encrypted solution is open source or not, because without the client uploading the private key to the server, the server does not have any access. So criticizing closed source backend of E2EE providers from a security perspective seems unfair, at least do it from an ideology perspective instead.

For all anyone knows you could deploy a backdoor and still get access to all emails. It’s not possible for anyone to verify that the server is actually running the open source code. This means the model is still based on trust, even if the backend is open source.

I’m personally not a fan of the UX compromises one must make with E2EE and email, and actually like the trust model better because of that. I’m also not a high profile journalist or have governments against me. I have nothing negative to say about your approach, it’s probably the most secure approach you could take while still supporting all email clients. It does deserve a place here. I just don’t think the marketing of it is very honest. It could easily trick someone into thinking it does one thing while it actually does another. I hope that’s something you can adjust

Hi there, thanks for your comment!

Can you be specific as to how our marketing not honest? Or maybe changes we could make to certain pages? Or are you stating more broadly, as in that comparison chart comparing us against closed-source E2EE providers that rewrite emails and cause horrible UX?

We do not claim to have E2EE out of the box. Adding a column for “E2EE by default” in that chart most likely won’t happen, as they aren’t even open-source and they are more likely to have a backdoor; e.g. none of any competitors’ current audits verify what is running on their servers to support their statements. If you had other suggestions, please do let us know. Not sure if you saw, but we have a section dedicated to E2EE/OpenPGP/WKD.

Also to clarify; we do support E2EE and you can enable it by default if you upload your public key. Then all messages stored (even ones to temporary storage if your IMAP client is not connected) will get encrypted. This can be verified by downloading your latest backup (we actually let you download the SQLite database file we store on our side, instantly, at anytime) or fetching mail over IMAP.

Edit: Here’s the back-end source code (along with comments) where we optionally encrypt your email with your public key for IMAP’s APPEND command and also for outbound mail (using WKD).

Mainly as a broad statement, yeah. A lot of comparisons are drawn without providing the complete picture. When you say encrypted email in this day and age the expectation is not necessarily encryption at rest. It’s fine of course, you never claim it’s E2E, but it’s not clear to less technical users. Perhaps that’s not your target group, but it’s still something to take into account and is perhaps what gives me this dishonest feeling.

The comparison table is especially skewed to favor you (Why is Quantum Safe Encrypted SQLite Mailboxes in a feature comparison? That’s an implementation detail of at rest encryption with user provided keys). This isn’t uncommon in marketing of course, but still.

as they aren’t even open-source and they are more likely to have a backdoor

They’re just as likely as anyone to have a backdoor, just like you with your open source backend. You claim you’re more trustworthy than others on your website because the backend is open source, but this isn’t necessarily the case unless someone is going to host it themselves.

I completely agree with comments made on the site about other hosts claiming to be open source while only the client is. I think that may also be a little dishonest.

we do support E2EE and you can enable it by default if you upload your public key

That’s great! You could highlight that in your comparison when you add the E2EE column ;). This does mean managing pgp manually though, which is even worse UX than the e2e providers which have it integrated. But I can agree that that’s not really marketing material

All said, these are just my thoughts on the site and communication. Hope it helps, the feedback is meant to be helpful and to inform. I think you’re doing phenomenally otherwise. I’ve been building a webmail client for the past few years that I haven’t managed to launch yet. Email related apps are really hard work (and maybe my standards are high), I hope you succeed in everything you do in the future!

Can you guys elaborate on Privacy Policy ?

but keep in mind we do not collect information mentioned above, so we will not be able to provide it to begin with

When it is literally saying that the above information is collected for the following reasons.

Did you miss to type something?

Hi there @jerm. This means that like any lawful service, we must and will comply with legal requests, and in response to them, if they are requesting information such as emails, logs, or IP addresses, then we will respond that we do not collect them (which we don’t) and do not have any data nor information to provide nor share for the legal request.

Edit: It is referencing the section “Information Not Collected”, which we will not be able to provide in legal requests, see https://forwardemail.net/en/privacy#information-not-collected.

Makes sense, it will be great if you could edit this policy to clarify.

@jerm Hi there we have updated our Privacy Page per your comment above for clarity! Thank you for your feedback. See https://forwardemail.net/en/privacy#information-shared (new text link added).

@Louis-lau We have updated our comparison chart to include a column for E2EE and drastically improved it! It’s now way more interactive and easier to view.
Thank you for your feedback.

Our new comparison chart now features 57 providers (which we manually curated data for and provided automated screenshots of). Check out this new interactive, full-screen, and sortable chart at https://forwardemail.net/blog/best-email-service.

We also updated the original article linked above of https://forwardemail.net/en/blog/docs/best-quantum-safe-encrypted-email-service with a link to the new chart (with E2EE column). These links are also accessible in our navigation bar under the “Developers” drop-down or in the footer of any page.

We also now have dedicated pages for 57 email service providers, as well as comparisons between them (you can click the Compare with... button to compare any two providers with ease). Here are a few examples:

• Tutanota vs Proton Mail Comparison
• Proton Mail vs Forward Email Comparison
• Skiff vs Proton Mail

All of our data curation is open-source on GitHub, so we welcome pull requests for improvements. Please file an issue on GitHub or submit a PR and we are more than happy to review it. The source code for these pages is at https://github.com/forwardemail/forwardemail.net/blob/611e0ed7bc75696ab02d9efa203290d01376370d/config/alternatives.js. We would like to add columns for calendar, contacts, newsletter, regex forwarding, email forwarding, and SMTP outbound limit per month in the near future (help is most welcome).

For the purposes of this discussion and to stay on topic, please file any suggestions/feedback on our GitHub issues page (or submit a PR). This topic is about our inclusion as a provider in Privacy Guides.

Also thanks to the folks at Privacy Guides, as we included a few links to sections of Privacy Guide’s website in our comparison chart column headers (e.g. for E2EE, WKD, and OpenPGP explanations).

Commit Ref: https://github.com/forwardemail/forwardemail.net/commit/d12607ffd0ef091b0e93007a673a9bf6d4049bcc

@Catalyst2422 Any service regardless is always going to make pros to make them stand out. That’s business as usual. Proton does it. Skiff does it too. Everyone does. At least we don’t advertise as open-source and then have a closed-source back-end like PM and Skiff do.

None of our statements are false. We’ve improved the comparison chart by including E2EE, and all of the other columns were already there.

These are very, very important attributes to have; they’re not weird in any manner. Your previous comments from your Privacy Guides history clearly show your attitude is very negative. We also corrected our earlier table per your comment if you haven’t seen that already.

Edit: TTI is an extremely important metric, it’s your actual email delivery times. You have zero idea (and can’t even make an assumption as to the delivery times) from your current provider. We’re literally the only folks doing this, why all the hate?

Edit: We were suggesting that all comments about the accuracy of the data be kept separate and submitted as issues/pull requests in our GitHub repository.

Others claim to be open source, but in reality the most sensitive part (the backend) is closed source. […] Therefore individuals cannot independently audit (or at least have the notion) that what is advertised and marketed is actually what is going on behind the scenes.

There is nothing technically stopping you from changing what is going on behind the scenes either. If I interact with this backend on the web at this time, the MPL license (ignoring the other repos with a weaker MIT license) does not require that you provide the source code at all. Therefore, what you publish and what you run can be different. The only way an end user can have 100% confidence (in law) around this is to use the AGPL license on server side, and client side code javascript that is LibreJS compatible. I get that is trickier to use for business, so if you decided not to use it I’m sure you have your reasons.

Don’t get me wrong, I’m all for open source and for being open about development, and am grateful for you providing source code (really, I am), but I would consider this a “very high trust” scenario of the code that is running, but not 100%, especially if I want to trust you with sensitive information. My current trust of security is still significantly higher for ProtonMail at this, which is almost equally important in this use case as privacy, but being open source by any means definitely boosts reputability and an edge in this e-mail hosting market.

I think there is also some slight of hand in the ProtonMail comparison. ProtonMail fails the “HardenizeTest” just by Content Security Policy (CSP) and some DNS warnings, but its binary FAIL on your page. The other tests have such a low X/100, but again its a CSP fail and IPV6 not working (and IPV6 already needs to be carefully handled for privacy concerns, though thats out of scope). ProtonMailBridge encrypts/decrypts e-mails at the client side, rather than sending plaintext and having it encrypt on your server (that is a massive pro, but it is a “Vendor Lock in?”). Not sure what Vendor Lock in is - if I don’t want to use proton mail anymore, I just uninstall it and start using a new service? POP3 is not there and a fair call out, but I also haven’t had a use case for POP3 since I started using email. And your “Protonmail rewrites e-mail” links to a blog post, and the “rewrite” entails that it just provides auto-encryption to other Proton e-mails (pro) and not allowing external keys for encryption (con). This is much less scary then ProtonMail reading my entire e-mail.

This comparison makes ProtonMail look like… shit. But ProtonMail is quite well known, established, trusted, audited, and has been shown in practice what they can/can’t do for security and privacy. I don’t think shitting on ProtonMail in this comparison for over somewhat lesser issues and nitpicks makes your product look amazing, just that you want to find all of these metrics that that make you cream of the crop. And as a contender, these are important, but I’m hesitant to jump ship from a battle tested product (even if proprietary) to a relatively new product.

Points aside aside, from reading in this thread, it seems you are on track to becoming a strong contender, and I greatly look forward to seeing how this develops, but it seems like there is definitely a miss on some marketing on your main site. I don’t think you are trying to be completely dishonest, but I think there is a lot more polish that can come out in how you provide information. I think you’ll want to wrinkle out some of these things and see who your audience is. There are some negative people in this thread, and maybe some attitudes could be better, but trust is not a good thing to have in security and privacy, so its handed out with a lot of caution.

Also remember this isn’t just an e-mail server, you are selling a product and a service, and tech alone isn’t the only consideration in mind. How responsive is customer support, how fast can issues get resolved, how many issues will I face, how confident am I in your uptime, whats the risk of my data getting FUBAR’d, and much more. This also makes me hesitant to jump ship until a product is more mature.