Leaving Gmail for Mailbox.org
Posted5 months agoActive5 months ago
giuliomagnifico.blogTechstoryHigh profile
calmmixed
Debate
70/100
Email PrivacyDe-GooglingAlternative Email Services
Key topics
Email Privacy
De-Googling
Alternative Email Services
The author shares their experience of leaving Gmail for Mailbox.org, sparking a discussion on email privacy, alternative email services, and the challenges of de-googling.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
16m
Peak period
113
0-6h
Avg / period
16
Comment distribution160 data points
Loading chart...
Based on 160 loaded comments
Key moments
- 01Story posted
Aug 22, 2025 at 1:41 PM EDT
5 months ago
Step 01 - 02First comment
Aug 22, 2025 at 1:57 PM EDT
16m after posting
Step 02 - 03Peak activity
113 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Aug 25, 2025 at 1:11 PM EDT
5 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 44987380Type: storyLast synced: 11/20/2025, 8:14:16 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Anyway I wrote the details in the post.
Edit: I have to mention that I generated my PGP keys locally and then imported to Mailbox.Org
Renewing your domain, keeping your registrar account safe, keeping your DNS records safe etc
Some people prefer a domain registrar that allows 10 year renewals so pick carefully as not all do
Maybe I need to buy a domain that sounds like a generic email host.
Didn’t need to do anything special for the migration. The in house importer they offer pulled over 80GB in a day and I was set from there.
Fastmail isn’t going to give you end to end encryption - but - I think just shedding a major Google service is a massive win privacy-wise.
I remember briefly looking into Proton but the search was awful.
With that out of the way I feel perfectly happy with FM — no need to go further down the paranoia hole.
And secondly, many sites, like Reddit, use a Gmail address as some sort of signal of quality. You can avoid a lot of new account bans on Reddit simply by registering with a Gmail instead of your own domain.
And backup your emails of course.
Like you, this hasn’t been a problem for me.
So, I use my personal domain for all mail except anything that's "vital" like government websites, banking, paying rent, etc. for which I use my email provider's domain. And of course I'm registered with my domain registrar with a different email domain.
You probably shouldn't use a premium domain unless you really need one. It's just a money grab by registrars and registries.
Another recommendation you should consider is to find a domain that ends in one of the common top-level domains - like .COM, .NET, or .ORG - because for using with *vital government services* you would not believe how many good natured civil servants (or for that manner even customer service folks in private/commercial companies too!) have no idea that email addresses can end in something other than .com, .net, or .org...and if you try to give them an address that, say, ends in like .FR, or .CC, or .ME, etc...They will try to place a ".com" at the end of it! My experience shows that folks in the U.S. know far less about other TLDs...and are more likely to commit this error, but folks outside of U.S. are perfectly cool with all manner of different TLS. I have had a somesurname.CC domain name as the mailbox for all my family members for more than a decade...and they are all trained to be LOUD and explicit when they communicate to government workers and customer service folks. So, i should have just gotten an easier TLD, but ah well. Live and learn! :-)
EDIT: Forgot to add that choossing the more common .COM, .NET, or .ORG TLDs for a domain name *tends* to be cheaper than many premium domains names. Each registrar wil of course vary, but mostly these tend to be reasonably priced.
To your point, agreed that *logins* for web site/apps and mobile apps are usually not an issue for my non- .com/.net/.org email addresses. In fact, for logins, gov services tend to be quite accomoddating and i don't ever think i had any issues there, and usually not a problem...But, years ago i *DID* encounter a couple of commercial/business/non-gov websites where they only expected .com/.net/.org email address...so it was a problem there on the non-gov website side of things...but even then, it thankfully was not very often, and nowadays its nearly a non-issue.
Again, my recommendation was just saying that for real, human interactions, if its possible, pick a common enough TLD to make life easier. ;-)
Users in other countries are very likely to be more familiar with both their own local domain, and have probably also experienced websites from neighbouring countries, while your average American has never even seen a website with a .us domain (never even seen it used myself), and are a lot less likely to have needed to go to a .ca or .mx website.
That said, I'd expect to get a similar reaction from people in other countries if you said your email was firstname.lastname@mydomain.christmas, or whatever other funny top level domain.
Yeah, agreed; that has been my experience as well. And in fact, i think that because folks outside U.S. are at least familiar with the TLDs of their neighboring countries, that fact at least helps them understand that there are more TLDs out there than simply their country's or only .com/.net/.org...its an awareness that they at least learn about...whereas folks in the U.s. might be - i don't know - maybe sheltered more in these things.
> ...That said, I'd expect to get a similar reaction from people in other countries if you said your email was firstname.lastname@mydomain.christmas, or whatever other funny top level domain...
True, there are just so many TLDs - well, outside the country code TLDs - now that it is hard to know what is real/valid or not. :-)
Your ISP, the hardware not failing, needing to do routine maintenance and (expensive!) upgrades, having room in your house, having consistent power to your servers, possible theft, natural disasters causing you to lose your home, etc.
There's a reason I use a VPS for hosting a lot of things haha. Mostly because I live in a small apartment and don't have room for a server rack.
For me and my partner was enough when Google started collecting info about purchases/delivery orders on gmail and dumping it in some separated page without any consent nor notification.
We moved to Proton but once they changed branding and starting introducing additional services beside mailbox we knew they enter milking-out path. Their newest AI plaything was reason to leave.
https://userforum-en.mailbox.org/topic/anti-spoofing-for-cus...
https://kb.mailbox.org/en/private/e-mail-article/customizing...
Phone number is just a user number. Email addresses are a user name at a server name. A little harder to do if you're looking for something as ubiquitous as phone number porting.
The closest thing to a server name when it comes to phone numbers, would be the network it is on. For example, there is the public switched telephone network (PSTN), then there is the Defense Switched Network (DSN)
The funny part is you need an email address already to register a domain, at least during a bootstrapping phase. I have several domains across 2 registrars with renewals at different time of the year.
With a custom domain, you can find a registrar where there are actual humans on the other side.
When I finally changed, it was a lot easier than I thought. I just gradually migrated my accounts everywhere. I still have my old Gmail address, but I almost don't use it anymore.
Also (but I didn't try), couldn't you setup your own domain with Gmail? So that you still have everything in Gmail while you migrate all your accounts... but honestly for me it was really fine to deal with two email addresses for a while.
It’s even easier if you list out the most important senders in a checklist and move those first. But give yourself at least a few months time. It’s certainly possible.
Once you have your own domain, future migrations to another email provider would be a matter of moving the emails and updating DNS.
- set up new email address, hosted where you like
- https://support.google.com/mail/answer/10957?hl=en (forward your email)
- update your email address as many places as you can
I keep telling them that Google spies on you, but they don’t care because it is free and it works.
How reliable are these providers and what are the chances these providers emails would bounce or go to spam when sending an email?
As much as I don't necessarily like it, I think we have to put a price on our privacy and personal data. And for me, paying for the Proton family plan seems like a good trade-off, at least for now. So far, I haven't got any emails to bounce when using the @pm.me or @proton.me email addresses, except once (I forgot which web site).
They found a deal that seems to be ok for them. To get them to change providers, you need to suggest one that would be a better value, and to be honest, I don't think you can find one.
Running an online forum, I've encountered people using Atomic Mail, and that service has terrible reliability.
Whether they're "good" or even "passable" is another matter entirely, but without switching away from Google to Namecheap for a few months, one wouldn't have much of an idea. And now I know.
How many really decent email providers are there aside from Google? What's today's obvious choice? And will they last?
Talking about decent emails providers can get discussion heated quite shortly. Historically I arrange most important chunck of mail as self hosted, but of course it's not the way many people would take.
[1] https://discord.gg/E8myb2AD
(1) tech support that actually reads your messages and replies with a solution demonstrating comprehension of the message that you wrote. Amazing. I've emailed them twice and gotten a great response both times.
(2) it is the best UI I've seen outside gmail;
(3) They have continued actively developing their UI, with nice updates released perhaps in the last 6 weeks.
(4) keyboard shortcuts that work
(5) Instead of inbox 0, I practice inbox 50k and it handles it fine.
(6) I just had a decade-anniversary there and I've never regretted it.
I'd say it's better (maybe gmail has features it doesn't, but fastmail does everything I need and loads much much faster than gmail)
Tech support forwarded an inquiry I was asking about an IMAP command in my MUA which led to an actual engineer that said my MUA was using an outdated/deprecated part of the IMAP protocol and provided the RFC for the new way of doing things, which then lead to a patch in said MUA. Very few companies offer this calibre of support, the only other one I can think of is Tarsnap.
(2) it is the best UI I've seen outside gmail
I think it's a much better UI overall than gmail; at least I found with gmail you had to manually paginate things, I can easily do a search in FM that might have 10000 emails over 20 years and I can usually jump to a specific month/year very quickly via scroll and then from there a specific day.
(5) Instead of inbox 0, I practice inbox 50k and it handles it fine.
Similar, 37k in my Inbox, nay issue. I have probably 200k overall across different folders. But I know I'm outsourcing a service, so I do full infrequent backups via IMAP.
Here's my (7):
Fastmail has the only web interface I've come across that handles (catch-all) aliases correctly and knows how to respond with the correct one every single time. Maybe roundcube/squirrelmail can do this, but roundcube/squirrelmail overall is not very good.
If you use your own email client and your own domain name, you don't really need to worry about UI with email providers at all (as long as your provider supports those features). And your own domain name makes it easy to move around in future if you need to.
I don't really have any plans to move away from mailbox.org, though I just saw the post about Thunderbird offering an email service in the future. That might actually prompt me to move as I'd like to support the makers of a FOSS email client I've been happily using for years.
And on mailbox you can easily send and receive PGP encrypted mail on mailbox.org. They provide a page for key import, allowing you to send encrypted emails like regular mail when needed.
It’s your choice, if you always want to use proton mail app everywhere you can use proton.
That's not a Gmail problem, and no reason to migrate. Some use cases just don't fit email, and for those, we have other, more fitting platforms.
> So, I went with mailbox.org that still offers integrated PGP encryption, and if you want, you can always use external PGP too (which I was already doing with Gmail).
Ok, so now you have two problems.
I was fortunate enough that my solution was to host my own mail server 20+ years ago and create a separate email address per relationship with a company, so I can tell the moment some 3rd party has been comprimised when I receive spam on a specific address. My personal spam has been minimal over time.
If for example moc.elgoog@mydomain.com gets spam - I know they're compromised or have sold me out.
Yes gmail has had something similar using the + character, but most people don't know about/make use of this and still abdicate spam filtering to things they don't understand like bayesian algorithms which suffer from false positives. (Have you checked your spam folder for our very important message...?)
Email has never been secure and despite modern updates, I still don't consider it as such. Then again I don't have much to worry about, so I'm ambivalent most of the time. That said, special 'fuck you' shoutouts to Ticketek for being compromised and their general ineptitude and shitfuckery in so many ways... It took them 2 months to respond to an issue I raised with them only to ask whether it was still an issue... (yes, it still is).
Unfortunately I don't know if you could easily manage to convince majority email providers you're legitimite with a new domain in this day and age - I suspect its now a major hurdle to overcome as I've read often enough of mail bouncing because "we've never heard of you until now, so we don't trust you" - which makes communicating with the majority of the world via email almost impossible to build up the trust level you're considered legitimite and that's despite all this extra DMARC, DKIM, and SPF and SSL/TLS supposed safeguards which have appeared over time and I've had to comply with.
Security as an afterthought means its still probably never going to be secure. I've always considered email the equivalent of transmitting plaintext and have always treated it as such. This has led to some pretty difficult situations where I don't email important stuff to a 3rd party just because they expect it and everyone else does it.
Speaking of which, receiving is free. There are no spam checks when other providers send email to yours. So feel free to only use Gmail when you need to send an email out to a big provider. It's still a 95% win.
Once you realize this, the "just keep whatever I have right now" is often the best solution.
It is a problem with Gmail, because they're helping themselves into your email, as was explained by the author in the sentence immediately after the one you quoted:
> Technically, Google can store every message you receive and know everything, and U.S. agencies can request access to that data
What, specifically do you mean by this?
Happy customer over a couple of years.
Dovecot in my homelab seem doable to have an IMAP server to transfer the Gmail based emails to and maintain them indefinitely but would this be a maintenance headache? I've never operated it before and am curious.
ProtonMail and Tutanota offer end-to-end encryption only when both the sender and recipient are using the same (i.e., ProtonMail->ProtonMail or Tutanota->Tutanota). If you’re emailing someone outside those or if you’re receiving emails from someone outside those, and you want encryption, you’d have to go to PGP (with its own complexities).
I mean for god's sake just let me use IMAP/POP3.
You give me encryption at rest, safety and privacy in transit, and do not sell my data. You also offer to let me put up my GPG key on your admin portal so that I can easily read e2ee mails in your webmail.
Thank you, all that is very nice. Now get out of my way and do not try/pretend to be Signal and email at the same time.
I ended up going with Proton because they had a good solution for mail, calendar, and drive which I was looking to replace. I set up my custom domain to point to it and have my Gmail forwarding to it - any time I get an email to the old Gmail address I go change it on the website or delete the account altogether.
For Google Docs / Keep, I switched over to Obsidian and pay for the sync there. It's a great replacement for my main use case of Docs / Keep which is just a dumping ground for ideas.
For Google Photos, I now self-host Immich in Hetzner on a VPS with a 1TB storage box mounted via SSHFS. I use Tailscale to connect to it. It took a few days to use Google Takeout + immich-go to upload all the photos (~300GB of data) but it's working really well now. Only costs $10/mo for the VPS and 1TB of storage.
Android I think I'll be stuck on - I have a Pixel 8 Pro that technically supports Graphene but there are too many trade-offs there. Next time I need a new phone I'll take a serious look at Fairphone but I think the Pixel 8 Pro should last a few more years.
My FitBit Versa is really old and starting to die - I ordered one of the new Pebble watches and am patiently waiting for it to ship!
YouTube I'm stuck on because that's where the content is. I have yet to find a suitable replacement for Google Maps - OpenStreetMap is still really hard to use and gives bad directions.
The key is that if you have your domain, you can swap the provider and nobody has to know about it.
https://www.magicearth.com/ works well for car navigation with OSM data, and https://cycle.travel/ is the best way to navigate on a bike, also with OSM data.
In which country do you live, if I might ask?
https://ir.halliburton.com/news-releases/news-release-detail...
- Magic Lane for the navigation app which traces back to 1992: https://www.magiclane.com/web/about
- Halliburton for something related to 3D visualization “that was formed slightly more than a year ago”: https://www.chron.com/business/article/halliburton-to-pay-10...
2) While I occasionally need to allow some scripts from google, it's absolutely nowhere near 1/3rd of sites.
Apple's software and services (sync, drive, photo backup etc) are so inferior, especially compared with Google's (technically speaking), you'd be anyway forced to use third party (often cross platform) solutions. No risk of going deep into Apple's ecosystem ;-)
I did the exact same thing with Immich (what a great software, by the way!).
And in case it helps:
Instead of always relying on google maps, I now mostly use CoMaps (https://www.comaps.app/). Way better than using directly OpenStreetMap. And for my Pixel 7, I switched to LineageOS with gapps (https://lineageos.org/) and I'm not missing anything and am very happy with it.
Also, I'm trying now Nextcloud (https://nextcloud.com/), with a setup similar to Immich, and now I do believe there is life beyond google, and it's a better life.
The report is also very good and that should be a service every other mail service could provide to people who want to move away from G'rab'mail.
Another curiosity is that you use the same password I use for everything: xxx
Simple to remember and nobody will ever figure that out! Wink! :)
234 more comments available on Hacker News