Email Immutability Matters More in a World with AI

Posted3 months agoActive3 months ago

brongondwana

166 points

111 comments

fastmail.comTechstoryHigh profile

calmmixed

Debate

70/100

EmailImmutabilityAI

Key topics

Immutability

The article discusses the importance of email immutability in a world with AI, and the discussion revolves around the concept of immutability, the role of AI in email services, and the trade-offs between different email providers.

Snapshot generated from the HN discussion

Discussion Activity

Very active discussion

First comment

39m

Peak period

0-6h

Avg / period

15.9

Comment distribution111 data points

Loading chart...

Based on 111 loaded comments

Key moments

01Story posted
Oct 2, 2025 at 2:00 PM EDT
3 months ago
Step 01
02First comment
Oct 2, 2025 at 2:38 PM EDT
39m after posting
Step 02
03Peak activity
94 comments in 0-6h
Hottest window of the conversation
Step 03
04Latest activity
Oct 6, 2025 at 9:37 AM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (111 comments)

Showing 111 comments

blibble

3 months ago

9 replies

> The world is changing, and we need to adapt and understand it.

fastmail: read my lips: I pay you because you offer a traditional email service

if you add a single AI feature I will return to self hosting

toomuchtodo

3 months ago

2 replies

+1 as a fastmail family account customer.

barbazoo

3 months ago

1 reply

Is there such a thing as a family account?

> Add a user to your billing plan to give someone their own Fastmail Inbox and login. Build your team, be it work or family, and share calendars, contacts and more. Give users extra addresses for free

The way my UX works is I can add users but they always have to have their own paid plan. Makes sense for heavy email users but not so much for my partner or our kids. I was hoping there was a 5 accounts for the price of 3 thing like Spotify et al do.

spott

3 months ago

They have a “family” plan on their pricing page. “For up to six in a family. Private, secure email for everyone.”

mbesto

3 months ago

Same here. Fastmail customer for slowly peeling myself away from gmail. Just keep giving me reliable email service and I'll pay you.

withinboredom

3 months ago

2 replies

And all these services doubling or even trippeling their price to offer the same thing ... but with AI! I'd happily pay fastmail double the price, without the AI.

jimbo808

3 months ago

1 reply

I genuinely tried to embrace them, but I have found these AI "enhancements" to be utterly useless. Very rare that they can answer the question I'm having about the product. I'm not sure what the norms are for how these assistants are trained or fine tuned for the specific products they're being offered in, but it seems that they're pretty bad. They don't seem to know anything about the product you're using them in.

neutronicus

3 months ago

We ship an AI assistant with our product.

I am attempting to dogfood it, as I am pretty close to the target audience. I, a dev, get a bug report "X doesn't work". I have never heard of "X". Ask the AI assistant instead of Googling it or asking on Slack.

Google's AI overview is basically always better (and delivered sooner) than our own proprietary AI assistant.

gdulli

3 months ago

Heard, but let's not give them ideas.

daveguy

3 months ago

1 reply

The entire article is about protecting against AI, and their internal policy on AI use. No new features mentioned.

blibble

3 months ago

1 reply

it doesn't hurt to dispel the illusion that "existing product plus AI equals more money"

daveguy

3 months ago

True, that is a good point. And rethinking the article, it could be considered relevant even though the article didn't mention new features.

Hopefully "product + AI" doesn't get us as big of a crash as "product + Internet" did in 2000. Pointing it out probably helps.

dlcarrier

3 months ago

2 replies

Self hosting? I can't even visit simple static web pages without Cloudflare blocking me because my web browser isn't sufficiently trackable. There's no way they're letting self-hosted email messages get through.

drnick1

3 months ago

3 replies

This is a myth. I self-host email and don't have deliverability issues. What matters is domain age, IP, and compliance with DKIM/DMARC.

gjgtcbkj

3 months ago

1 reply

Prove it.

drnick1

3 months ago

What is there to prove? You can register your own domain (avoid exotic TLDs), wait a few months to build trust, and use an email setup script like Luke Smith's to set up Postfix/Dovecot.

Before you start sending email, use mail-tester.com to check that DKIM is correctly set up and that your IP is not blacklisted.

Cu3PO42

3 months ago

3 replies

Is it? Last time I tried to self-host my email I did. I had DKIM, DMARC and SPF set up correctly as verified by multiple sites, but I couldnt't get reliable delivery to any Microsoft-hopsted mailboxes. Every other provider I tested was perfectly happy with my mail, unfortunately MS is too big a provider to ignore them.

> What matters is domain age, IP, and compliance with DKIM/DMARC.

Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?

I switched to hosted email and all my delivery issues were gone.

renewiltord

3 months ago

Use an email warming service or warm it yourself

abdullahkhalids

3 months ago

There are tools that can check if your IP is on a blacklist [1].

Also, my experience with self-hosting email is that if you get people to email you first from their domain, and you reply to them, then you are not going to be blocked. Of course, this won't work if you send a lot of cold emails.

[1] https://mxtoolbox.com/SuperTool.aspx

witrak

3 months ago

>> What matters is domain age, IP, and compliance with DKIM/DMARC.

>Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?

That's true. I have a Class C IP range and a domain registered for 30 years and yet Gmail still started ignoring my email server a couple of years ago...

DamonHD

3 months ago

Same here. Self hosting (STMP, DNS, etc) for ~30Y.

Flere-Imsaho

3 months ago

1 reply

Could you expand on this?

I use everything I can to block trackers, spy ware, etc and have never been "Cloudflare blocked".

dlcarrier

3 months ago

1 reply

I would like to know what your're running, too, in case I can find a better workaround.

I'm running MX Linux, Arch Linux, and FreeBSD, and usually use Seamonkey or Pale Moon, and if I absolutely have to I use Thorium.

Some websites using Cloudflare services, or other similar services, first load a landing page, historically with a captcha checkbox to verify that I'm human that would let me through, after completing. More recently, it'll outright say that I am denied access, or when I check the box it switches to a throbber that spins indefinitely, or it unchecks itself.

Some web pages, like eBay, will let me through initially, then at some point all tabs I have open will simultaneously switch to an unpassable captcha.

Flere-Imsaho

3 months ago

Debian Linux, Brave browser, and host file modifications by: https://github.com/StevenBlack/hosts

Gigachad

3 months ago

Tbh I do wish Fastmail would add some kind of automatic email classification like Gmail added many years ago to filter the newsletters out of the important email.

Mizza

3 months ago

Came here to say this. I use fastmail am quite happy with it because I just want a reliable inbox and nothing else. Just keep it running and don't touch anything else.

28304283409234

3 months ago

Same. Family account. Stay simple.

tamimio

3 months ago

Seriously, I just need a no BS email, if I see a single bubble with some assistance im bailing out immediately.

julianlam

3 months ago

This is a surprisingly aggressive reaction after reading a blog post asserting that said company will NOT go in that direction.

mlhpdx

3 months ago

1 reply

Interesting take. I have decades worth of email archived, so it does ring true for me at least. I doubt anything in there is more interesting to Big Brother but who knows?

Night_Thastus

3 months ago

Interesting to federal government, not likely. Interesting to marketers and scammers, absolutely.

Night_Thastus

3 months ago

7 replies

"An email is your copy, and the sender can’t revise it later."

Sort of. They can't change plain text, but modern emails often include vast swaths of remote content. When you open the message, it retrieves the relevant assets directly from whoever sent the email. That remote content is not permanently stored. It's cached for a bit and will not be re-used if the email is opened months or years later.

If those assets disappear or are changed, there's very little any email provider can do about that.

mikepurvis

3 months ago

2 replies

I don't think that's really the case, is it? At least, not in any formally-specified way. Modern email clients will extract metadata for things like airline reservations, shipping trackers, ICS calendar invites, etc, and give you live tiles specific to that time-sensitive info, but it's very clearly supplementary and at least in GMail none of it is pretending to be part of the message itself.

IanCal

3 months ago

1 reply

Images are the clear thing that is typically remote - sometimes to the point of an email that’s entirely just an image, or rather a link to an image.

mikepurvis

3 months ago

1 reply

Doesn't GMail pre-fetch those images and then cache them for the duration of the email being in your inbox, so as to defeat tracker dots, read receipts, etc?

TheNewsIsHere

3 months ago

You can, at the very least, register an open by generating unique URIs for any remote content.

I’m not sure how long Google caches it. I know Fastmail is doing the same thing now for any remote content fetched from within their web interface.

ian-g

3 months ago

1 reply

Narvar's tracking emails are mostly-image

And on the one hand, it's cool as hell to see your email update itself to show tracking progress

On the other hand, just send me a new email. It's fine, I promise.

TheNewsIsHere

3 months ago

And if I’m ordering something of consequence, you’re damn right I want the time stamped paper trail of its movement you avowed.

bbarnett

3 months ago

1 reply

This isn't entirely true. While HTML email sometimes does have html tags in it, and can remotely download embedded images, it doesn't necessarily retrieve the asset from the person who sent it.

It could be anywhere, which is another knock against HTML email.

Which is why text only email is still king, and used in a lot of places still.

array_key_first

3 months ago

1 reply

Also HTML email is hilariously broken on many clients. Particularly outlook.

withinboredom

3 months ago

Depends on which outlook. There’s the windows 10 version, the windows 11 version, and the office version. They’re all broken in different ways.

munk-a

3 months ago

1 reply

When it's a silly marketing email - sure. But you'd be surprised how hard you need to work as a sender to ensure that your content will render correctly if your business is actually to deliver information via email. Remote content is ignored by default by almost all modern email clients (since developers got sneaky and started using it for tracking) so a good email with rich content is usually embedding all that content into a multi-part email and leveraging static styling rules to provide as much formatting as possible.

novemp

3 months ago

1 reply

You don't have to work hard at all if you send plain text.

munk-a

3 months ago

I'm not certain if it still exists this way since I've been removed from the actual email templates for a while - but when I originally wrote them for my company they were multi-format supporting with the plaintext chunk as the lead portion - after that came the fancy HTML version with all the bells and whistles that the business required.

Did anyone ever read the plaintext version of the email outside our company? Probably not - but it was super useful for testing that the content was correct by dumping the full message contents to console.

Would I have been applauded for only providing customers with a plain text email? Nah, you need a really niche audience to appreciate that - I love that audience, but that audience isn't our customer base unfortunately.

The actual mechanics of email formatting are quite simple (it basically hasn't changed at all in 50+ years) so it can be quite straightforward - it just gets difficult when you try and get fancy.

matsemann

3 months ago

3 replies

Gmail keeps editing mails. They have a concept of "dynamic emails" people can send now. Like if you get a mail notification about something in Docs, they will keep updating the mail in your inbox together with modified / added comments in the document.

Absolutely bonkers.

"Because of the dynamic nature of AMP messages, the content displayed in Gmail messages can change as time passes." https://support.google.com/a/answer/9709409?hl=en

thewebguyd

3 months ago

1 reply

Microsoft has this now too with Loop components. If you put any text content around it that doesn't change, but the "Loop" component is a live doc and will update on the email client's end of the remote doc changes.

zadjii

3 months ago

Low key: Loop is actually great. I think it's the first thing I've used that's captured the dream of what Google Wave wanted to be

freedomben

3 months ago

1 reply

Jesus, I had no idea :-(

bcrl

3 months ago

Damn, that must be why they keep making it harder and harder for independently run mailing lists to deliver to gmail users.

jacquesm

3 months ago

Great for audits. And gmail ate my homework...

acdha

3 months ago

If this was correct, you wouldn’t be able to read those messages with remote content loading disabled or when in airplane mode. It’s pretty uncommon for me to get messages where that’s the case, and those are almost always marketing spam so, as they say, nothing of value is lost.

Apple’s private loading feature also shows how that could be fixed: the mail server can retrieve the referenced content once and save it so you’d always know what was served at the time the message was sent.

kenferry

3 months ago

Modern marketing emails, yes… not emails written as correspondence. I don't think this post is talking about marketing emails.

toomuchtodo

3 months ago

The provider could create a snapshot at receive and/or open (fetching these potentially mutable asset dependencies within a message), similar to what https://github.com/karakeep-app/karakeep and https://github.com/gildas-lormeau/SingleFile do with url bookmarks, and attach it (or otherwise associate it) to the message. Optional of course.

The benefit of this is senders couldn't treat it as a read receipt, because the provider can state "Our infra performs this operation for the user for immutability purposes" similar to other email operations that proxy these requests for privacy purposes.

azhenley

3 months ago

1 reply

So should I stop building my AI-first email client?

IncreasePosts

3 months ago

The article says they're fine if you want to use AI but they're not going to foist it upon you

cypherpunks01

3 months ago

3 replies

Your own emails are immutable, if you trust nobody's modified your copy.

But proving to others that an email hasn't been modified is a more difficult task. As I understand it, you'd need to retain DKIM keys for the signing server, to check that historical DKIM signatures verify correctly and the old message was not forged or altered.

Are DKIM signing keys issued in some kind of Certificate Transparency log, where you can verify whether a particular DKIM key existed for a particular domain in the past, in order to do this in general?

bananapub

3 months ago

1 reply

people are trying to do the opposite - publish DKIM private keys regularly so everyone knows that old DKIM signatures can be forged, so that they can't be used against you.

password4321

3 months ago

https://news.ycombinator.com/item?id=25113482 Ok Google: please publish your DKIM secret keys (2020-11-16, 583 points, 749 comments)

Alex3917

3 months ago

There is at least one service that scrapes and archives the DKIM keys of popular websites.

acdha

3 months ago

They at least were not historically archived. This came up during the Hunter Biden laptop investigation where people were able to verify some of the messages only because the Gmail key was archived in many places because that service is so popular. I’m not aware of anyone making a comprehensive archive but I’d be unsurprised if someone did based on news like that.

https://github.com/robertdavidgraham/hunter-dkim#but-gmails-...

EDIT: this one exists but is incomplete: https://archive.prove.email/about

pkilgore

3 months ago

1 reply

Kagi & Fastmail are two of my favorite bills to pay.

myhf

3 months ago

I stopped paying for Kagi because they added AI.

instagraham

3 months ago

7 replies

The immutability of documentation tech matters more in a world with AI.

The cameras used to document "news" will need to be watermarked, fingerprinted and authenticated, like what Canon and Nikon are already doing (and which AFP has already adopted).

It may have seemed gimmicky at first, but in a year or two, you'll probably only be able to trust visuals from companies that do this (wire agencies like AFP, AP and Reuters are heavily disincentivised to create fake news anyway but that's another topic).

At a certain level, I imagine social media apps will also encourage direct camera-to-post for documentation/videos of reality, since this will be the only end-to-end method to verify an image was created unaltered. I can imagine a world where, if you film a protest through the Instagram app, you'd get some kind of "this is real" badge on it, whereas if you upload a video, it gets treated as "could be AI" like 99% of all future content.

gmueckl

3 months ago

2 replies

On the other hand, this requires locked down devices running trusted apps. Otherwise, such a badge won't have any meaning.

vlovich123

3 months ago

2 replies

I think it’s already irrelevant: cryptographic proofs of video evidence is difficult to communicate to audiences while watermarks will be learned by AI as trusted and injected into AI videos anyway. Also, in between the lens and your eyeball is usually a pipeline of editing applied anyway so either the cryptographic signature ends up with every layer signing the modifications applied + the previous layer or you stack watermarks. But ultimately the original problem is how to communicate the cryptographic chain validity.

JambalayaJimbo

3 months ago

1 reply

Communication is a different story, do we know whether it’s possible in the first place? And that requires device integrity.

pants2

3 months ago

In theory this is where zero-knowledge proofs can come in. That would allow you to apply transforms to the video (crop, contrast, resize etc) and be able to prove the exact transform that was applied. However it's still computationally expensive.

skybrian

3 months ago

Most users don't care, but in theory a newspaper could use this tech to verify certain camera images and their readers could just trust that they've vetted things.

In practice, ordinary users don't care much about mainstream media anymore.

drnick1

3 months ago

1 reply

> locked down devices running trusted apps

This is a bigger threat than phony AI videos.

aerostable_slug

3 months ago

2 replies

To whom? I can imagine starting wars with fake videos.

It's hard to imagine someone kvetching about not being able to sideload apps to their phone reaching that point of significance. I don't mean to completely dismiss very real concerns about what people can and can't do with their purchases, but OTOH war involves actual people actually dying, and manipulating media is a fantastic way to get one.

array_key_first

3 months ago

They're both the same problem: control of information. They're both useful for starting wars (or worse).

bippihippi1

3 months ago

removing methods to circumvent monitoring and control of information makes it easier for a bad actor to take advantave of these tools. Yes it's nice for the good guys to be able to keep their code secure, but do you want a dictator to be able to do that?

toasterlovin

3 months ago

1 reply

Interestingly, I think Apple has inadvertently positioned themselves very well to be able to authenticate various activity as being done by an actual human. What if anything they decide to do with that capability remains to be seen.

instagraham

3 months ago

The LIDAR sensor could be quite useful in authentication.

A lot depends on watermarking at source and the social media platform using that to make a clickable/hard watermark

cm2187

3 months ago

3 replies

By the time the video reaches the end user (i.e. on tiktok and the likes), it will have been re-compressed, edited, meme-ed, voiced over a dozen time. So not sure how you preserve trust in that chain.

istrice

3 months ago

1 reply

You don't, the only reliable source will be the source that has signed the content. It basically takes us back to the times when the only footage available was curated and broadcast by TV.

cm2187

3 months ago

Yeah, but I don't think Reuters, AP or AFP are anywhere near the top 1000 most popular accounts on tiktok. So they can sign anything they want, won't affect the average tiktok user.

instagraham

3 months ago

I imagine a new type of bluetick would emerge. There will always be those who can't distinguish between a tick emoji next to a username and the actual thing, but that's a UX problem. Something shot and verified on-app could get a special, clickable tick on it when it's shared.

This removes the possibilities for bad actors to just one - the platform itself.

In any case, the audience will have to learn new ways to "trust" and tech alone won't be the solution. But I've less hope in people and more hope in new social contracts

I think LIDAR sensors would be useful to verify depth information in an image, on a side note.

hombre_fatal

3 months ago

Also, one thing HNers get fundamentally wrong is that anybody cares about trust/authenticity. And I don't see what's so special about photo/video.

One of the most common forms of submissions on Reddit/Twitter is an image with text, or a screenshot of a tweet, or a screenshot of a headline that makes a claim, and everyone takes it dead seriously.

Almost nobody is going "hmm let me look this up first to see if it even exists or accurately represents the facts".

So if all you need is an image of text for people to believe it, what does it even matter if you have this sophisticated system where you require photos to be signed by camera hardware or whatever? You aren't even putting a dent in how bullshit spreads.

jrockway

3 months ago

1 reply

I don't think this would accomplish anything. For one thing, quite a bit of misinformation these days comes from official government sources that can just compel the manufacturers to turn over authentic signing keys. Remember that Trump just posted an AI-generated video of himself shilling medbeds; when it was pointed out as AI-generated, he deleted it. If Truth Social checked the cryptographic signature, he'd order his staff to sign it. They wouldn't dare say no.

The next flaw is that cameras are happy to record screens playing AI-generated videos and mark them as authentic. Perhaps you can tell today because the screen pixels aren't perfectly 1:1 mapped to the image sensor pixels, but as soon as elections depend on being able to do that, those screens will exist.

People are saying to add LIDAR to prevent this "record the screen" hack, but a mirror over the LIDAR sensor and me sitting at a desk motionless looks to LIDAR exactly like the world leader I'm deepfaking sitting motionless at a desk. People are not using AI to generate amazing action shots.

At the end of the day, people will have to take some personal responsibility. Migrants probably aren't killing and eating pets. Pets taste terrible and grocery stores that you can just walk into and steal whatever you want exist. There isn't a bed that can cure any disease. If someone says they do, even a world leader, test them out on something non-critical. Break off a fingernail and see if the magic bed can regrow it overnight. If not, maybe stick to traditional cancer treatments until there is some clearer evidence.

QuantumNomad_

3 months ago

> those screens will exist

It’s already possible. See the Stagecraft studio they built for the production of TV series The Mandalorian.

> shooting the series on a stage surrounded by massive LED walls displaying dynamic digital sets, with the ability to react to and manipulate this digital content in real time during live production

https://www.unrealengine.com/fr/blog/forging-new-paths-for-f...

> The StageCraft process involves shooting live-action actors and sets surrounded by large, very high-definition LED video walls. These walls display computer-generated imagery backdrops, once traditionally composited primarily in post-production after shooting with chroma key screens. These facilities are known as "volumes". When shooting, the production team is able to realign the background instantly based on moving camera positions. The entire CGI background can be manipulated in real-time.

https://en.wikipedia.org/wiki/StageCraft

WrongOnInternet

3 months ago

2 replies

The problem with this approach is that it is easily bypassed. Simply point your camera at a high quality monitor playing an AI generated video, and there you go, and authenticated AI video. In the future, video evidence is going to be as convincing as it was for 99.9999...% of human history. We survived with out it in the past. We'll survive without it in the future.

canadiantim

3 months ago

4 replies

What does it mean for the court system though, what happens to video and image evidence?

dghlsakjg

3 months ago

1 reply

We have been able to manipulate legal documents for 100s of years. We have been able to manipulate images for over 100 years. We have been able to manipulate images on any computer with a few hours of training for for 30+ years. We have been able to manipulate videos with training for 20+ years.

It is an order of magnitude easier now (likely as easy as documents have been to manipulate for 30ish years now). However, this is not a new problem, courts have always had to deal with manipulated evidence.

array_key_first

3 months ago

Not just an order of magnitude easier, many orders of magnitude. We're going from hours of painsraking work done by professionals who you pay to virtually instant and as many as you want.

jjk7

3 months ago

Can AV evidence not be faked without AI tools?

deadbabe

3 months ago

That is for the jury to decide. If they think the evidence is fabricated in some way, they will have reasonable doubt.

Lawyers must carefully pick jurors depending on how susceptible they may be to AI manipulation.

ElevenLathe

3 months ago

Good eating for "expert witnesses" that can verify/debunk videos in court.

andrewflnr

3 months ago

1 reply

I doubt it will be that easy to bypass. A fake would still have to withstand pixel-level analysis on the level of methods that already detect tampering in regular video. For one thing, that will have to be a very high quality monitor indeed to leave no detectable trace of e.g. moire patterns.

latexr

3 months ago

2 replies

A fake doesn’t need to be perfect to be effective, it just needs to fool enough people. Most posts won’t (and couldn’t ever) be scrutinised at that level.

andrewflnr

3 months ago

Even if a lot of people just lap up whatever tiktok feeds them, it still matters that people who care can get actual evidence from the real world that eventually filters out to public consciousness. It will have indirect influence, yes, but it'll still be a lot better than being fully post-truth.

array_key_first

3 months ago

Presumably if the video is AI generated we can also AI detect if it's a legitimate video.

That won't work for the original source probably, but I would think AI sophisticated enough to tell if you're just recording a monitor would exist.

latexr

3 months ago

> I can imagine a world where, if you film a protest through the Instagram app, you'd get some kind of "this is real" badge on it

On Instagram? The website owned by that guy who loves AI slop and wants to fill your feed with it? That Instagram? Yeah, doesn’t seem likely.

https://techcrunch.com/2025/09/25/meta-launches-vibes-a-shor...

https://fortune.com/2024/10/30/mark-zuckerberg-ai-generated-...

https://futurism.com/zuckerberg-lonely-friends-create-ai

et1337

3 months ago

New startup idea: point a C2PA camera at a screen and launder videos through it at $1 per minute.

drnick1

3 months ago

1 reply

Email has never been immutable. Email that you receive on your own server can be trivially altered, it's just a plain text file.

In fact until recently email was sent and received in the clear like a postcard, the whole system wasn't designed to be secure or secret in any way.

lexlambda

3 months ago

Immutable as in the message won't be altered/deleted by the sender. This is. This is about user control, as opposed to chat apps or social media, where posts are frequently edited, get taken down after an outrage or links can disappear to link-rot.

From article: "An email is your copy, and the sender can’t revise it later."

wpollock

3 months ago

1 reply

Until retired as a professor, I used Thunderbird and the GPG plug-in to sign emails. That makes them immutable no matter who hosts the email server you use. I encrypted the emails holding grades, if the recipient said they were able to decrypt. Setup was non-trivial but very doable. I also used (and still use) a plug-in that clearly shows if any email fails DKIM or SPF (I think DMarc too).

pyuser583

3 months ago

Thank you! Will look into this setup!

crossroadsguy

3 months ago

1 reply

I have a completely unrelated question - why does their base custom domain plan starts at 60GB of storage? This has always escaped me. Not that one can use those surplus too many GBs in any other meaningful way (i.e. object storage, or something usable like Nextcloud, Seafile et cetera). This is odd. Just in case any founder or exec from Fastmail is lurking around here do have a look at it.

withinboredom

3 months ago

60gb should last you a few years of not deleting anything. That also fits into how long you generally need to keep things for record purposes. It isn’t big enough to keep everything forever (which is good for privacy).

odyssey7

3 months ago

No mention of the blockchain?

throwaway_0501

3 months ago

Buried lede: Fastmail is using AI-generated code / words / decision-making systems, just like everyone else and following the same meaningless "principles" as everyone else.

> For our staff, we encourage understanding the tools that exist in the world, and how to use them safely. Our policy makes it clear that any use of tools, including tools with AI in them, must follow clear privacy-preserving principles:

    Data Protection: All data protection, confidentiality, and privacy policies must be followed (our vendors for things like anti-abuse and support are moving towards using AI for translation, categorization, abuse detection – and we are ensuring that their policies continue to provide protection for our customers)

    Accountability for work: Any AI generated writing or code must be reviewed and understood by a human being, and go through our regular second-set-of-eyes processes before being used

    Bias awareness: Actively look for biases or hallucinations in AI output

    Human authority: Always have a path for appeal to a human from any decision that is made by automated tools

estimator7292

3 months ago

Is email immutable? Honestly I haven't looked into it very much, but as an email self-hoster I do know that i have the ability to decrypt any email in any user's inbox. I presume I could also edit and re-encrypt them, but I don't really know.

But as in all cases, you can only be truly sure no one is tampering if you don't give it to anyone else.

neuroelectron

3 months ago

General web immutability matters more than ever and not just because of AI. Please support archive.org and its sister sites.

kalap_ur

3 months ago

I mean, to be fair, Google's scam of how much GBs you have is very annoying and downright scandalous.

I had 16.5GB or so used up so it was flashing red. When paid for Gemini, my total space jumped to 2TB and my usage dropped to 12GB. Disgusting. So might as well switch to fastmail. Not sure.

NoSalt

3 months ago

Commercial for FastMail???

kuroguro

3 months ago

Clearly we need blockchain to solve this, not AI! /s

lupire

3 months ago

This is just an ad.

Imnimo

3 months ago

>In a world where there’s enough AI capability to process the entire web and rewrite every page to remove something, the cost of “changing history” is much reduced, so we can expect more of it.

I gotta be honest, this scenario is not a concern that impacts my choice of email provider.

AtlasBarfed

3 months ago

Where's the AI to address the number one issue I have with email?

If you count for automatically categorized Bayesian spam, it's about 99% noise.

That's one of the things that sucks about the current AI. Being employed by people that that are categorically opposed to using it to enhance privacy and filter advertising.

akkartik

3 months ago

Email is only part of my electronic memory. Over time it's become more important to me to maintain my own copies of my memory on devices I control. The forms and formats are many, and they all need a commitment to maintain control. So yes, use email over more mutable media. And avoid remotely mutable extensions to emails. And keep a local copy of your email. And maintain date-stamped archives of stuff you work on, and keep your codebases easy to run from any point in their history, and write good notes. Constant vigilance.

View full discussion on Hacker News

ID: 45453135Type: storyLast synced: 11/20/2025, 4:23:22 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN