However, it is an Australian company, and it claims to only respond to Australian court orders - not US ones. However, its servers are based in the US, which in our opinion means it could be served a warrant and a gag order.
Unfortunately, Australia is not a particularly good place for a private email service to be based (and neither is the USA). This is because Australia is part of the Five Eyes surveillance agreement and is a nation that enforces invasive mandatory data retention laws. In addition, Australia recently passed legislation the authorities can use to compel services to provide backdoors into encrypted messages.
All in all, this does mean that to use this email provider securely you will need to use end-to-end encryption (PGP or S/MIME) to send emails between you and your recipient. Sadly, this kind of encryption is not available natively in Fastmail - so you will need to use a third-party extension like Mailvelope or a third-party email client like Thunderbird.
So, is this email worth the money you must pay to use it, or are there better options on the market?
How much does Fastmail cost?
Although users can get a free trial of Fastmail for 30 days, it is necessary to purchase a subscription in order to use the service any longer. Subscriptions can be purchased in one of three plans: Basic, Standard, and Professional.
Basic costs $3 per month (per user) and will allow you to make use of its secure email services with 2 GB of storage. Basic subscription plans do not allow you to use your own domain.
Standard costs $5 per user, per month, and increases the amount of storage available to 25 GB. Standard users can use their own custom domain.
Professional costs $9 per month, and it increases the amount of storage available to 100 GB. Professional users can use their own domain and they also get access to three extra features: administrator archive, “Topicbox” for sharing emails with team members, and administrator controls.
Subscribers can opt to pay with a credit or debit card or by PayPal. Cryptocurrencies are not available for the time being.
Features Overview
- Apps for all platforms
- Webportal for easy email access
- IMAP, POP3, SMTP support
- No ads
- No tracking
- Contacts lists and groups
- Mailing list service (Topicbox)
- Email forwarding service (Pobox)
- Fully searchable
- Conversations feature for threading messages
- Message pinning
- Calendar
- Import feature
- Export emails to any other provider
- Own domain support (standard and above)
- Email sharing and archiving for teams (professional)
- Administrator controls (professional)
Ease of Use
Signing up for a 30-day trial of Fastmail is easy, and it does not require you to hand over any card details. This means that you can genuinely jump in and get a sense of how Fastmail works without needing to worry about an automatically rolling subscription.
To start using Fastmail simply head over to its website and sign up using its online forms. You will need to provide a password and agree to the Terms of Service (which includes no sending of bulk or unsolicited email). Free users are also reminded not to use the service for commercial purposes, for this it is necessary to purchase a subscription.
Clicking on start 30-day trial will then move you onto another form which requires you to hand over a phone number. This is a highly disappointing part of the service because we would much prefer the ability to verify an account via email. Handing over a phone number is always considered highly invasive, and this is not good form for a service that claims to be pro-privacy.
Once we had verified our phone number, we were able to start using the free account without issues. To start with, we checked out the availability of its import feature. We were happy to discover that it is possible to automatically import emails and contacts from another email client.
Fastmail has a built-in import feature that lets you migrate emails from an old account such as Gmail, Yahoo, Outlook, iCloud, or via IMAP from any third party client. Contacts can be uploaded via an address book file such as CSV (the most common method). Calendar entries can also be imported without any trouble.
To access the import features - as well as setup guides for getting Fastmail working with a third-party email client, and the mobile apps - click on the down arrow in the top left of the client (next to your email address) and select settings.
We imported some contacts using a CSV file without issues (vCard3 is also available). We also brought over a few emails from Gmail to check that the import feature works. To do so all you must do is ensure that IMAP is switched on in your Gmail account.
At this stage, we also checked the export feature, which you would need to use if you ever decided to leave Fastmail for another service. We found it hard to lay eyes on the export feature and had to search its website for help.
We discovered that to export contacts you will need to make a group and add your contacts to that group. Any contacts added the “No group” folder the email account comes with by default cannot be exported. We made a group and added a contact to it to test it.
Clicking on Export provides you with a number of options including CSV files for Outlook or Yahoo, vCard files, .adr files for Opera, and LDIF files for Thunderbird. This is a nice, large range of options that should make migrating easy for anybody.
The notes feature is a nice addition that will allow you to keep notes stored away in the cloud where they can’t be lost. However, remember that these are not protected with end-to-end encryption, which means that they could be accessed by Fastmail staff or by the authorities if they serve Fastmail with a warrant.
The calendar feature is great for users coming over from services like Google who have become acquainted with a larger range of features. Setting up a calendar is very easy, and it is possible to invite contacts to a meeting via an automatic email, which is great.
The ability to upload and store documents is also great and we like that you can create your own folders for keeping everything neatly stored away. However, again, remember that this service does not provide end-to-end encryption for your files.
When it comes to sending emails themselves, we were obviously disappointed that you can't use PGP natively in the web client. The firm claims it does not provide PGP for what it believe are valid security reasons, which you can discover on its website. However, for the many people that already use PGP (and need it); integration would be useful.
There are plenty of secure email providers that allow you to do this, and we think PGP is an essential part of any email service claiming to provide secure emailing capabilities. However, we had no trouble setting up the Mailvelope extension to work with this web client. Thus, it is possible to start sending secure emails without too much fuss.
We also really enjoyed the easy-availability of guides for setting up an account to work with a third-party email client, which means you can make use of this email provider with any email software that you prefer.
To conclude, we can attest to the ease-of-use of this service. Everything works as it should and it is never hard to find anything you might need. Thus, we can recommend this service to beginners who want to move away from invasive services such as Google.
On the other hand, if you are moving away from Google and paying for a service, we would probably recommend making the leap to a service that provides secure end-to-end encryption for emails, files, and notes.
Security and Privacy
Being based in Australia with servers in the USA does not inspire much confidence. Australia and the USA are known to work together on matters of intelligence and this is underscored by their joint commitment to Five Eyes.
Having servers based in the USA means that it is possible Fastmail’s servers could be raided or served a warrant by US authorities. And, because the US enforces gag orders, FastMail subscribers would never know that their emails were being accessed by the US (or Australian) government.
This potential is highly problematic because Fastmail is not a service that provides end-to-end encryption. The firm believes that consumers prefer having the option to recover their accounts and search their emails, and it uses these reasons to justify server-side encryption.
As a result, Fastmail controls your encryption keys on your behalf - and it is possible that its employees could access the contents of your emails. It also means that Fastmail has the ability to hand over your encryption keys to the authorities to gain access to the content of your emails, notes, and files if served a warrant. This is far from ideal.
On its website, Fastmail claims that data held on its servers is secure because it stores the encryption keys to accounts separately from the data itself. However, the fact remains that when passwords and data are both stored on company servers there is an increased risk of hacking.
For users who are paranoid about exposing themselves to these risks, the only option is to send encrypted messages using client-side email encryption. This is possible with a Fastmail account, however, it is not available natively in Fastmail’s web portal or stand-alone apps.
For unknown reasons, Fastmail does not implement public-key encryption such as OpenPGP or S/MIME. This means that you will need to use a third-party extension such as Mailvelope - or a third-party client such as Mozilla’s Thunderbird - to send encrypted emails. Fastmail does provide IMAP, POP3, and SMTP, so you will be able to set your account up to work with a third-party email client that implements PGP, and it is not difficult. However, this is the only way to ensure that your emails aren’t sitting around on FastMail’s US servers in plain text.
Admittedly, Fastmail promises not to look at the contents of emails for keyword research and advertising purposes. However, if it is served a warrant, it would have no option but to allow the government access to your emails.
Fastmail’s commitment to open source is a bit of a two-sided coin. On the one hand, Fastmail is based on Cyrus - an open-source mail server to which it contributes heavily. It also runs JMAP (an open standard protocol). However, beyond this, the entire of Fastmail’s software is proprietary.
Having closed source clients means that it is impossible to audit the platform. And, as a result, it is necessary to trust the firm is doing what it says with your data. This element of trust is removed when an email provider makes its entire source code auditable (open source).
Depending on your threat model, this firm’s use of proprietary software may not be an issue, particularly because of the firm’s transparent privacy policies. However, to those that are paranoid, the combination of closed source implementation, US servers, Australian jurisdiction, and server-side encryption (the opposite of zero-knowledge) - may be enough to put you off.
Finally, we checked Fastmail’s TLS/SSL to ensure that it is implementing transit security effectively. We tested the service using Qualys SSL Labs and are happy to report that the firm scored an A+. This means that you can trust the firm’s SSL security has been implemented correctly, and your data should be secure in transit.
However, for anybody who decides to use this email service via the web portal, it is also crucial to remember that it is implemented using JavaScript (JS). As is the case with all JS applications that run in your browser, this makes it vulnerable to man-in-the-middle attacks caused by the way that the JS communicate with your browser. As a result, it is possible that a hacker could force keys on Fastmail users, which would allow them to access the content of emails.
Admittedly, this is not unique to Fastmail; it applies to all email clients that run in your browser. And it is possible to get around this flaw. To solve this vulnerability, it is necessary to run the standalone email clients provided by Fastmail, or, better yet, a third-party email client that also permits you to encrypt your emails using secure PGP.
It is also worth stating that we were disappointed with having to provide a phone number to subscribe, which is an invasive requirement for a service-based around privacy.
Customer Support
In addition to setup guides for getting the service working on third-party clients, Fastmail has an extensive amount of support documentation and FAQs on its website. To access these, simply click on Support on its website. We found the articles, support guides, and FAQ responses to be well written and they will supply the help that most people need to use the service.
For anybody that requires further assistance, the option is there to email support. Simply visit the footer of its web pages and click on contact us. Here you will be brought to a contact form in which you can ask questions that will be answered via email.
We found the firm to be attentive to our needs, and they did supply all the responses that we required. However, we did have to wait a while for responses due to the time difference. Thus, it is fair to say that support is not 24/7, and unlike some other services, there is no live chat support.
On the whole, we did not find anything to be a deal-breaker, and we were impressed by the resources available on its website, and the knowledge of its support staff.
Conclusion
Fastmail is an inexpensive email provider that sells itself as a secure alternative to popular free email providers.
While it is great that Fastmail does not access the contents of people’s emails in order to snoop for advertising purposes and create a revenue stream, there are plenty of security features missing from this email service that we would like.
True end-to-end encryption for accounts would allow users to control the security of their emails, notes, and files. And fully open source code would be preferable from our point of view. The firm’s base in Australia put it at the mercy of a highly invasive government, and the fact that its servers are based in the US rings alarm bells. All of these factors must be considered if you truly care about data privacy.
The service itself is feature-packed and easy to use, and we can definitely recommend it to beginners. There is probably little doubt that this firm is better than the likes of Google, but you still have to place a lot of trust in the things that it says.
Fastmail is not expensive, and as long as you use it to send emails with PGP, you can use it to send secure emails. However, we can't help thinking that if you are making the effort to leave Google behind, you could find something with even better security.
On the other hand, if you don’t like the idea of not being able to recover an account if you lose your password, you are not going to want an email account with end-to-end-encryption. And for this reason, Fastmail is a very good option that is well worth taking for a test run thanks to its 30-day free trial.