RE: Hardenize: Hardenize has a binary true or false for displaying a checkmark next to their widget/badge (or at least use to). We consider pass or fail if all checkboxes are green/passing. They do not have a percentage score to use. Some providers pass all of these tests, and as such this badge/test is fair.
RE: Vendor Lock-in: This means that the vendor/provider is enforcing you to only use their apps and their website. You cannot use a third-party client (and in the case of Proton Mail, you additionally have to install Proton Mail Bridge). This means you can’t simply use Thunderbird or any other email client without having to use vendor-provided apps as well.
Also remember this isn’t just an e-mail server, you are selling a product and a service, and tech alone isn’t the only consideration in mind. How responsive is customer support, how fast can issues get resolved, how many issues will I face, how confident am I in your uptime, whats the risk of my data getting FUBAR’d, and much more. This also makes me hesitant to jump ship until a product is more mature.
Just so you’re aware; we’re not really “new”, we’re just new to Privacy Guides. Been around since 2017 and have ~500,000+ domains on our service with 99.99% uptime. There are a few reviews at https://www.trustpilot.com/review/forwardemail.net as well.
Netflix is now using us too
❯ dig games.netflix.com mx
games.netflix.com. 300 IN MX 10 mx2.forwardemail.net.
games.netflix.com. 300 IN MX 10 mx1.forwardemail.net.
Happy to answer any other questions or respond to feedback. Great discussion points folks!
These are all valid replies, thank you for answering. I don’t see a particular reason to not include your service in the guide. Perhaps the comparison table is a bit out of my taste, and I’d prefer to better see highlighted what you’re doing differently. But most of my checkboxes are generally clear.
I think my last thing is that your TOS is slightly stricter and maybe even not as tight as ProtonMails. I’m seeing some slight gotchas (send a newsletter is allowed to consenting people on ProtonMail, yours forbids it). Also ProtonMail forbids all racial and prejudice usage of vulgar and hate, while yours is not as tightly worded (if accidentally send a misleading email that isn’t prejudice or racial, I can get banned?). You also ban it, but it’s in two separate clauses, so it’s open to wider interpretation. But these are nitpicks of wording from me. Overall, it’s a green light from my quick glance. You seem to be proactive in detecting illegal or sus behavior, which I isn’t an issue for me, but a note for others wanting your service (threat modes as always).
I guess I’d ask the maintainer now - what does an email provider need to provide to be listed, other than a hazing by random community members? lol.
We are adding support for newsletters, calendar, contacts, and more (hopefully before the end of this quarter). Once done, we will add these columns to our comparison chart, and update our terms page to reflect this.
Proton Mail is not designed for newsletters and does not support newsletters (it only supports contact groups, which is much different). Our service allows you to send transactional emails to bulk recipients, but not mass marketing messages. They also have much less emails outbound per day permitted than us (at least 50% less last time we checked). We support 9000+ outbound messages per month (averages ~300 per day), and we have already increased this limit on a case-by-case basis for certain customers.
Our disclaimer at Terms of Service is in order to keep our IP reputation clean and to respect the terms of our payment providers (Stripe and PayPal). We don’t monitor or read content of emails, but we do curate and ban users based off reported content sent to abuse@forwardemail.net (see our Report Abuse page). Right now we also manually approve each user for outbound SMTP usage, and we have approved tens of thousands of domains already. Unlike other services, spammers can’t as easily pollute and corrupt the IP reputation for the rest of the user base with ours because of this manual curation process.
We recommend to read these articles for more insight into our service:
Yet again solid answers, and thanks for pointing to official docs. At this point I don’t specifically see why they shouldn’t be on the list, aside from maybe a not as clear and curated website (is that really a reason to not use them?).
Final final question - do you (or plan to) publicly disclose all incidences where you are required to hand over privacy related information to authorities? That level of transparency would make it so we all have confidence in what actions you take in those times. Apologies if this is already in your docs, but having the info easy to see in a public forum helps make better votes for other people viewing this place.
If the above is a yes, then I see no reason to not include this provider at this point, and someone should be providing specific reasons otherwise.
Yes, if we are legally permitted to disclose such law enforcement requests, then we would do so to build transparency and trust. We have a section related to this on our website already under Report Abuse page.
My biggest personal dislike is the lack of a web app or regular applications. I am aware that they are in development, but it’s still a deterrent for me of an otherwise great looking service. I wouldn’t have a problem if there were solid open-source apps with modern UI available on all platforms, but that isn’t the case at the moment. Thunderbird has a very classic old-school look, and K-9 feels pretty incohesive as well, which just isn’t to my taste.
I’m someone that places a lot of value in modern and sleek UI/UX, enough so that it plays a major role in my decisions of what providers and apps to use (coming just behind security and privacy in my priorities of course). Until there’s another good option available for apps, or yours release (granted you have a sleek UI), I’m going to hold off on joining, and I think a fair number of other users would be of the same opinion.
For the apps in development, I’m excited to see what you guys are able to make, and I hope you can create something modern and beautiful. Skiff has a great UI going for them, and Proton looks okay with their recent designs, so inspiration shouldn’t be hard to come by. I have high hopes given the quality of your current service
To be fair, i still generally prefer thunderbird due to the fact it runs on my computer and it’s copyleft license, so I don’t have to worry about a web service leaking data. But yeah, for other users, definitely a slick UI/UX is definitely a better move as a business.
They allow sending emails with a date of up to 30 days in the future. The email will be queued until that date. You can’t really store them in such a way that only users could retrieve them, because how would you then send them in the future? I think you may have misunderstood what those 30 days mean, perhaps it should be made clearer in the policy.
Hi folks We’re hard at work and expect to have a deployment today that will make it so messages are instantly redacted/purged (once successfully sent, partially sent, or permanently bounced) and you can also have a configurable retention period (e.g. in case you like using the My Account > Emails page to preview emails and how they’re rendered/sent).
We already have encryption at rest with outbound SMTP emails in the queue, but this is going to be a step further. We will share a link to the commit reference as well most likely later today (after we deploy).
We’ve come a long way since we launched outbound SMTP in 2023!
We’ve successfully added configurable outbound SMTP retention period (defaulting to 0 days). We have deployed this to production as well. Screenshot and commit reference below. We’ve also updated our Privacy Policy at https://forwardemail.net/privacy#information-collected to explain this further.
Now outbound SMTP emails are immediately purged/redacted of message body content (we still retain headers for 30 days for spam/abuse prevention).
@jonah@Niek-de-Wilde@dngray@freddy@oliviaAre there any blockers preventing us from being included? I think we’ve proven that we are stable, reliable, privacy-focused, security-focused, and extremely transparent. We also have met and exceeded all existing criteria for inclusion (as documented above in this thread). And we’re still the only provider that is truly 100% open-source and transparent in every way
As of today there are over 431,549 domains using our service including organizations such as Netflix, Disney Ad Sales, The Government of South Australia, The Government of Dominican Republic, The University of Maryland, The University of Washington, and many more.
We’re only getting better too! We plan to launch support for CalDAV (calendar), CardDAV (contacts), dedicated IP address add-ons, and newsletter support → all hopefully by early this year (2024)!
@jerm Did you not read the exact comment you’re replying to? We answered this already…
We’re going to integrate it similarly to Mullvad with a one-time address and payment flow.
Yes, we have plans to add crypto support (not using Coinbase Commerce or BitPay, which we’ve used in the past and are absolutely horrible). Most likely sometime in 2024 after we launch calendar/contacts/newsletter support.
@forwardemail This all looks very promising! And thank you for the open communication with our community.
I am going to look into forward Email soon.
I did notice though that you started to support us via Github sponsors(which is very appriciated!) But this does require some thoughts on our side in how we can clearly communicate this with our community, and how we can ensure transparency in this so people see that there is no shady business going on, in the case you guys get listed .
Great news! We’ve just pushed the source code for our first version of calendar (CalDAV) support. It’s included at no extra cost to all paying users, and re-uses our existing encrypted SQLite infrastructure design. We’re deploying it (hopefully) within the next few hours if all goes to plan, and instructions will soon be found on our FAQ (e.g. how to use it with Thunderbird).
Great discussion points folks!
We’re hard at work and expect to have a deployment today that will make it so messages are instantly redacted/purged (once successfully sent, partially sent, or permanently bounced) and you can also have a configurable retention period (e.g. in case you like using the 
We’ve successfully added configurable outbound SMTP retention period (defaulting to 
