Further reason to remove Mailbox.org is its weird implementation of 2FA. It requires you to change your password to a four character pin, and then add the 2FA code to the end of the password when logging in.
A couple months of ago they released a BETA version with normal 2FA. But this was 5+ years of demands for change, during which, the CEO responded to users in a most dismissive, arrogant, and unprofessional way, saying
I’m sorry, but it’s not equal secure. It’s much much much more INsecure. It is. It is. It is insecure. It is. Totally. Really. Yes. It is.
It seems Posteo is more trusted and respected in German forums. Their communications are far more transparent and clear.
There is no justification for the inclusion of Mailbox.org but not Posteo. The only significant thing separating them is the custom domain feature. It Mailbox.org isn’t implementing it in a secure way, it needs to be removed. Posteo may be right in refusing to implement it to maintain their high privacy/security standards.
Anyway, custom domain only provide agency to the user if they purchase a domain themselves, rather hire it from a proxy. This necessarily involves sacrificing anonymity. Privacy and anonymity are not the same, but much of the site is catered toward anonymous use of internet/services, and therefore readers of the guide should be aware of this limitation of custom domains, and providers which do not provide this feature should not, by default, be excluded.