Mailbox announced that the user now has the option to deactivate the password reset (and 2FA reset) via IMAP. However, the default setting is that a reset via IMAP is enabled and will reset the password and 2FA. Based on the Support it will stay that way
So the user can still use 2FA if they want.
Far behind competitors regarding features
Cry about it. Not a good reason to remove mailbox.
They don‘t have any security notification or dashboard where you can see sessions, failed logins, recent actions like password changes. No notification when 2FA was activated, when password was changed, when IMAP password has been created etc. unlike Tuta, Fastmail, Proton, etc.
You can view which devices are logged in in the dashboard settings.
No OAuth or YubiKey support for 2FA No recovery codes possible for 2FA
Not really anti-privacy features.
No SPAM/Rejection-Log
Not really an anti-privacy feature so moot point.
Increase of vulnerabilities and minimal response provided by Mailbox team No roadmap or timeline to implement anti-spoofing for custom domains
I believe the anti-spoofing is handled by the domain host with dmarc records. There are a series of records one needs to add and if you don’t know the process, then one shouldn’t be messing with a custom domain. Also, a custom domain is not private at all. I thought this was a privacy forum?
So far you’ve just whined about their security measures. What about Proton requiring a backup email which has been used in one instance by the authorities to break into a user’s mailbox (user used a gmail)?
Mailbox is still the best email provider that supports third party email clients. Proton still doesn’t have a linux app. No carddav or caldav. For all these reasons, Mailbox is the best in its class. If one wants to commit crimes, then yeah use Proton. But how many people in your inner circle use Proton? Its like the same debate on whether to use Signal. If you’re sending emails to other gmail users you’re not getting much benefit from Proton. If you’re not emailing other proton users, you’re not getting that e2ee anyways. Still, Mailbox is the best for the average user.