This looks pretty slick and well done for having a comprehensive FAQ section and plenty of info which answered most of my questions.
For me, email is the 'master key' for most of my online accounts (because password resets are done via email so if your email account is compromised an attacker can quickly leverage access to other services) and email security is top priority. I didn't see anything about using two-factor authentication with this service - is it available?
Also, your site only supports obsolete HTTPS protocols. TLS 1.0 and SSLv3. You should drop SSL 3 and enable support for TLS 1.2. Here's a test you can run with feedback and resources to learn more about secure configurations: https://www.ssllabs.com/ssltest/analyze.html?d=migadu.com&s=...
I was also discouraged to see there was no 2fa option. Email is simply too important. One of the reasons I stick with gmail is because I know Google hires some of the best security people in the world and takes it very seriously. They also support 2fa and other security measures.
Just as an implementation note, one way to maintain compatibility with older devices while allowing modern ones to use better levels of security is to use haproxy on the front end. This can handle TLS/SSL itself or hand over to the correct SSL backend depending on the connecting device.
Password leaks are server-side. If they don't know how to properly hash passwords, how you can trust them to implement correctly 2FA?
Bruteforcing is not realistic with even medium password strength.
If by "rubber hose", you mean physically coercion, what would forbid the attackers to coerce you for your email or your phone as well?
I think that the main reason 2FA has been pushed, it's for the Facebooks or the Google to have good reasons to get your valid email and your valid phone number.
> I think that the main reason 2FA has been pushed, it's for the Facebooks or the Google to have good reasons to get your valid email and your valid phone number.
You don't need a valid phone number to implement 2 factor authentication. There are implementations that require it, sure. But it's not the only way.
> Yes. Google and Facebook aren't the only ones.
> You don't need a valid phone number to implement 2 factor authentication. There are implementations that require it, sure. But it's not the only way.
Are your referring to AWS Multi-Factor Authentication (MFA)? It's indeed a good implementation, but it's usage is very limited and most people are not referring to this when they are talking about 2FA.
- It could also be a token that gets sent to your phone or email and you input (like Facebook, Google, banks)
- An action you need to perform on another device (another bank)
- Google Authenticator (and other authenticator apps)
- I have also seen a message encrypted with your GPG public key that you decrypt and submit.
I have seen all of the above in different circumstances. The only one I have never seen is biometrics and it's usually because of the cost. Also, you can't change chop your finger of so it's harder to recall if there are issues unlike the rest.
> most people are not referring to this when they are talking about 2FA.
I only know what I have seen and have worked with.
I use Authenticator for SSH'ing into servers. My banks send me a code or I need to launch their app (CapitalOne) on my phone. My business account had a physical device that generated a token that I had to input in order to login. I have used software in the past that required a key. GPG I have seen in some questionable sites when crawling them.
> Are your referring to AWS Multi-Factor Authentication (MFA)? It's indeed a good implementation, but it's usage is very limited and most people are not referring to this when they are talking about 2FA.
AWS is using TOTP (Time-based One-time Password) as specified by RFC 6238. Off the top of my head, the same protocol is supported by Google, Lastpass, Dropbox, Fastmail, Github, Wordpress, Evernote and Outlook.com. So it stands to argue that this is, in fact, one of the schemes most people are referring to when they are talking about 2FA.
Leaks can be client-side, too. Outdated or zero-day exploits could easily allow attackers to get a (replayable!) password or hash from a browser, improperly terminated VPN, SSL stream, etc.
An ephemeral TOTP value is almost useless to them in this case.
As for rubber hose: if your 2FA smartcard/token/device isn't carried after you leave the office (for example), attackers getting your password via a mugging out the street is less useful.
While looking through I noticed this from the latest changelog post:
> Until the end of November, you can use the discount code NOVEMBERRAIN to get 50% off any Migadu plan, permanently. Offer is valid only for new upgrades.
$2 per month is pretty good, or it makes the 'standard' plan roughly the same as non-discounted 'mini'.
Not entirely sure yet where you enter this code so I sent them a question.
--edit
Very quick response from the team.
You have to upgrade once first, then apply the code via Account > Coupons. So, upgrade to a monthly mini, apply the code, then upgrade to the plan you're after (the initial $5 will be subtracted from a yearly code if you select one). The code should apparently remain active no matter what once it's applied.
For the people struggling with the coupon code, here's what I did.
Sign up for the monthly version of the mini plan. You will be charged $5. Then enter the coupon code in the coupons tab from the left pane. You can then immediately upgrade to the annual version of the plan. You will be charged $19 brining the total to $24 for one year (the half off price). It should save the trouble of paying full price for a year and sending an email for the manual refund.
I contacted their support and got several replies very quickly. Looks like they kind of slapped together the coupon thing. You can't apply the coupon until after you switch to a paid plan, so it doesn't take affect until the next billing cycle. But Dejan from Migadu was really helpful, and I expect they'd refund half of your first bill if you want it.
Yeah, I contacted the support and I got quick reply from Dejan that they will refund half of the bill.
I just noticed that the support email was marked as spam by outlook.com (weird, since I'd already marked the invoice and other emails from Migadu as "Not Spam").
That's fine with us. Nevertheless, I am not sure you appreciate or fully understand how email works. If outlook is marking as spam a valid, DKIM authenticated email, with a correct SPF from a server with excellent reputation of 99/100 (SenderScore) and good domain reputation...who is to blame?
Everyone is quick to jump and blame the small guy. :) Our reputation score is actually better than some of the largest email providers because of our low volume and individual verification.
@TheGrumpyBrit - I am sorry, did not meant to imply you did not know about the email internals.
I agree with you, but in the end, if all of those are correct on our side, it simply can be the spam filter on the other side. It is not only the sender who decides the deliverability :)
We do not use any tracking pixels.
Btw. Any suggestion is more than welcome and highly appreciated! Thank you for looking at Migadu!
Email is my day job, I understand exactly how it works. If you have DKIM, DMARC, SPF and rDNS all in place and you're still getting transactional mail junked, then you have some other problem going on. For example, do you have tracking pixels from a different domain, or spammy content in your mails?
It's not a case of blaming the small guy, its a case of being careful who I trust with the deliverability of my email, and if you can't get your own email into my inbox, you're making me ask questions of your capabilities before I've even finished the sign up process. That's not a good start.
I think one of the things I appreciated most about this service is the drawbacks[0] section. I've started to look for this section in major JS frameworks[1] as well as other SASS/PASS services when I'm evaluating them and I've found them all immensely helpful.
Hi, thank you for your comments. It depends how you look at it. All email services have limits. However, the limits we set are more as a protection for ourselves and our users.
We have to deal with spammers, phishing attacks etc. We diversify based on the actual, realistic needs of the organisation. For instance, a startup of 3 would not need to send 500 emails a day, that is a clear red flag. In practice we have yet to have a case of a user reaching those limits. Thanks again!
A startup of 3 can certainly need to send 500 emails a day but there are other services that should be used for that like mail gun or mail chimp or the plethora of other bulk sending providers. Usually 10k-20k per month is the free limit.
Exactly, we prefer using the right service for the right task at hand. Personal / business mail is not for sending bulk emails. It also carries reputation penalties.
I appreciate the fact that you guys made product decisions, but this statement was a little red-flag to me:
> For instance, a startup of 3 would not need to send 500 emails a day, that is a clear red flag.
There are many startups that do cold outreach, via cold emailing, that could do roughly 500 emails per day. I am not sure how typical this is, but as someone that has started doing sending cold emails as a direct sales tool, it seems to me that you just haven't had any customers like that yet.
If you're sending 500 unsolicited emails a day, you're spamming. "Cold outreach" sounds very much like a nice way of saying "Spamming" to me, and I wouldn't want to share a mail server with you.
For me, the bigger red flag is the response you got - I would expect a reputable mail provider to make it abundantly clear that the behaviour you describe is not welcome on their service.
I hear you. The term 'spamming' is quite subjective.
Either way, the fact of the matter is sending cold emails is actually a powerful way to build sales -- there is a simple reason so many people do it, it works.
Like it or not, many startups do it.
So I was simply pointing this out for the OP's benefit.
There's an equally simple reason why they do it from botnets or hacked mail servers. It's illegal in many places, and its a great way to get your mail host blacklisted. There is no benefit whatsoever for OP to allow spamming through his service.
You are absolutely right. However, our limits are not really hard limits. If someone occasionally needs to send more emails we do not make a fuss about it. However, a red flag (thanks for mentioning it :) goes up and we check if everything is ok. We never sanction users.
We do have sales teams using Migadu. However, they simply estimated how much they would send and signed up for the higher plan. It's straight forward I believe.
Sending sales emails is not the same as spam, at least not in the lines of business using Migadu. We are not judging what people do for living, but rather try to aid them with a worthy advice if there is a better way. Working hand in hand with users pays off and we both enjoy it. We're tired of being nobody to some wise Google(rs)....
If sales stop, the world would stop. Everyone sells something to somebody.
The grandparent post referred specfically to "sending cold emails as a direct sales tool." I'm struggling to find any way to interpret that phrase that doesn't scream "spam" to me. Sending your emails individually from Outlook to an individual you've looked up on the targets website doesn't make it any less spammy.
I'm sure your approach works for the customers you have right now, but if you consider the above to be an acceptable use of your service, then I stand by my statement that you won't last long in the email business.
It makes all the other pages look like pure marketing slang. So instead of counting domains or gigabytes, they count outgoing emails. How is this "radically different"?
Their claims basically are that hard drives are cheap and cost drops and that domains and users are simply a configuration change (which is automated).
They're charging based on something that actually has an impact. Sending emails incurs in a load as well as receiving one back (you probably are getting a response) and work that the emails may incur. The more emails you send, the odds of needing a clean IPs in case something happens (blacklist is the first thing that comes to mind) on the amount of emails they send, dealing with blacklists is something that statistically will happen the more emails are sent as well. So they charge you by the impact each email sent has and for the cost of hard drives.
I guess they're charging more on a probability of the time they need to work on it the more emails are sent. There is a cost associated with developing the code, sure, but the more people, the less it is per person and once it's developed, it's only new features and maintaining.
It seems they've set it up to scale and it seem they have a lot automated. I'm assuming this based on this:
According to our trials, it would take us up to 30 minutes to setup a completely new infrastructure and get all clients back live.
According to the affiliate link, you get up to 50% of what a user you refer pays (if you give a discount, it comes out of your share of the price). So it seems like they've made the math and it looks like they can at least break even, ideally they still see some revenue, with only earning half of what they charge.
It seems very well structured and organized. I'm testing it out. Paid for a year. If I transfer everything (a couple of domains, but only a handful of accounts. Maybe I will end up setting them via aliases...) I may upgrade just to give back. I had been looking into OVH, Rackspace, FastMail, Google Apps, etc and hadn't switched because they charge for everything...
I've been looking for a personal email provider to migrate away from Gmail to. I was assuming Fastmail, because i've heard many good things about them.
Can anyone more "in the know" compare this product to Fastmail for a simple personal email solution?
Note i don't care about most features, including custom domains. In fact, i'm not even sure i'll use a custom domain since that just increases the attack vector to my email. I just primarily want simple, reliable, and secure email.
As a self-reply, i will say that Migadu having a permanent free tier is very nice. Not that i intend to use it exactly, but knowing that if i go broke and homeless, still having the same "internet contact address" is useful to me.
Not that the pricing is likely to ever be an issue (knock on wood), but i'm a planner.. of sorts.
Just understand that there is a large risk to a service that has a free tier as its draw. Free accounts have resource demands that cost money. If the company becomes insolvent, your "permanent" account ceases to exist. Fastmail is appealing to many in part because it is a paid service. Regardless of the number of users, the service remains funded and will continue to exist. (Unlike the many startup services that have been pulled due to depletion of investor funds or user loss.)
- I'm currently not subscribed to any high-volume mailing lists, and won't unless I'm a very active contributor. The only lists I follow is the announce lists from GNU, OpenBSD and FreeBSD. You don't need to subscribe in order to post to many email lists.
- Pop my mail into my computer, use procmail to check for spam & virus (spamassassin, clamav), sort likely spam into spam mailbox, non-spam into inbox, rest to /dev/null (spamassassin score>5 and/or clamav virus check positive). If I'm on any moderate-or-high-volume lists, sort them into different mailboxes (most the content there is not sent to me, so no need to have them in front of me every time I look at my inbox).
- My inbox receives many updates from services and newsletters I'm subscribed to. I delete most mail from those if I won't have to return to them (e.g. a message about an event next week, I add the event to my agenda if I'm participating, and delete the mail; copy the relevant text to my agenda if necessary).
- Report to spamassassin and delete any message that escaped it and made it to my inbox.
- Check spam every-so-often, report ham and move to inbox, delete the rest.
- Use a combination of mpop, msmtp, procmail, spamassassin, clamav, Rmail, Org-Mode and mairix to get all this going (K9 mail on Android for IMAP there). Sounds complex, but isn't, nowadays I've tuned my setup to be pleasing. The only thing I'd like to do in future is to do POP, SMTP, sorting and search in Emacs instead of through all those programs.
One shortcoming of my setup is that once I pop my mail, I can't view it on mobile anymore. That's something I can fix (maybe there's an app for Android that can read local mail in the SD card), but I haven't had a problem up until now. And no, I'm not a unix-vintage-guy or whatnot, this setup is practical and pleasing to use (at least in my case), and I own all my mail the moment I pop it from my server, and nobody has a copy of it. If it's not on your disks, you don't own it.
Neither do I host my mail, I just fetch it from the server. Even if you have your mail kept up there somewhere, you still have to do all this (grouping, spam reporting, ham-checking [i.e. mail you want to read that went into spam folder], getting rid of unwanted mail, managing subscriptions, etc.), but the differences are (a) you don't get to decide which software does all that, (b) you have to use a half-arsed interface to configure groups, filters, etc., and (c) an attacker with your login can get at all your past messages whereas in my setup all he gets is what I didn't fetch yet. All I did was configure the software once (a couple days on-and-off hacking), and I saved myself from those disadvantages and spared ~$30 per year (used to use FastMail).
I like this setup. I've done something similar with POP3 on both PC and mobile: PC downloads and archives mail, but is configured not to delete it from the server for a month. Phone never deletes from the server, and at least has access to the most recent month of email, which is usually enough while mobile.
I'm intrigued by the idea of IMAP on the phone though. Are you able to sync sent mail this way? If you send mail from mobile, will the PC client get a copy of it?
> I'm intrigued by the idea of IMAP on the phone though. Are you able to sync sent mail this way? If you send mail from mobile, will the PC client get a copy of it?
Nope, I use phone mostly to browse mail, and send from there if and only if inevitable. And if the sent mail is too important to keep, I BCC myself and sort it out on the PC later. If your mail provider saves sent mail, I guess you could just fetch that; mine doesn't. Also I guess depending on your phone MUA, maybe you could fetch it from its storage. WRT IMAP, I just use it like POP3 w/ keep on, used it b/c was easier to set up. Phones are incredibly inconvenient for typing anything that's not a whatsapp blurb, so I mostly use it that way.
It seems smart to keep the mail on the server for a while, I'd be glad to know how you do that.
I've tried Notmuch after considering it and mu4e (they looked very similar, don't recall anymore why picked one over the other), but it's not my cup of tea. Also none of these eliminate mpop, msmtp or procmail, I want to use Elisp tools instead of these (the actual one that has no equivalent in Elisp is procmail). I currently use mairix, which is similar to notmuch and mu in that it provides fast search across my mailboxes (which are my inbox, and quasi-periodical archive files [archive000, archive001, ...]), but it supports mbox format which I like for various reasons (doesn't eat up inodes, easier to check integrity [just hash the single file], no file-name portability issues [which I often had with Maildir], simplicity, out-of-the-box support on any Unix-like systems, etc.). With it I can treat multiple mboxes like a single one, and I've written an org-mode link type for mairix so that I can easily link from my org files to an email (via message-id) or a mairix search w/o thinking about which archive file the mail was in.
Edit: I also don't really use tags etc. to classify my mail, and don't have a plethora of email as I delete most of it after reading, so a list of all I have is the best interface for me, which Rmail provides.
If you are wondering about jurisdiction, according to their FAQ they are in Switzerland, and according to geoip their servers are hosted by OVH in France.
Hm, I'm rather surprised by the fact they are hosting mail servers with OVH. Most OVH servers are on several blacklists and OVH do not tend to take very kindly to people using email through their servers.
Interestingly, they use the Nodejs-based Haraka MTA instead of a more conservative choice like Postfix or Exim. I wonder what exact advantages they traded in more mature and certainly not much less performant software in for?
A very good and even cheaper alternative to this service I can recommend is mailbox.org, run by German IT service specialist Heinlein. They deliver a full OpenXchange setup (mail, calendar, contacts) with custom domain, 3 different mail aliases and additional + aliases and good privacy policy for 1€/month. They are very realiable (using a more conservative MTA, postfix), and the company is mature. They provide better value for money than migadu.com just by looking at it.
Hi, here Michael from Migadu. The reason we're using Haraka is that it's very fast, very flexible, and easily extendible. Furthermore, it's actually quite mature, version 2 was released in 2012 and now the're are about monthly releases. We are happy with it.
Not sure what your idea of "not much less performance" is. When craigslist switched from postfix to Haraka they went from 20 email servers down to 7 for the same load.
> They provide better value for money than migadu.com just by looking at it.
This depends on your use-case. For running a single account, yes. For one intended use-case of Migadu (managing multiple accounts across multiple domains), then no.
If I recall correctly, they have some laughable storage limits like 250 megabytes. Not a big fan of storing all my email locally and doing backups myself + no mobile search. So 1990ish, in my opinion.
2G storage for mailboxes. Search via IMAP sucks for pretty much all hosted IMAP I tried, only time it worked decently was when I was messing around via a self-hosted Dovecot and configured indexing manually.
Hello, dejan from Migadu here. Sorry about that. It is an oversight on our side. We intended that dropdown as an aid, not a dark pattern. We'll get it rethought. Thank you for bringing it up!
Seems like a cool solution for guys like me who have about 7 or 8 email domains to keep track of.
Also, thanks for pointing out that GMail also has a daily cap on sending emails out. I've never ever come close to it, but never realised there is a cap on their service.
As another user pointed out - I use the separate email addresses for separate side projects. Some have additional team members on the domain, some have just me.
I used to try and run them all under one email client, but it got messy to try and keep replies separate and coming from the correct domain address (for support and marketing queries etc.). Also, trying to run one inbox on mobile was achievable, but tricky.
I like having each web app domain in a totally separate, sandboxed inbox. Occasionally I delegate the handling of a particular inbox to another team member for a week or two while I am either away or working on a project, so it is nice to be able to attach/detach an Inbox from my conscious management whenever I like.
In order to redirect, you still need smtp server for the domain. Also if these are for some side ventures, handling correspondence via single inbox can be bit inconvenient and error-prone.
I've been using these guys now for about a month - fantastic customer service and the ui is stupidly simple. They're doing one thing and doing it well,can't recommend them enough
For me personally, my email is a kingpin of my online presence. Gaining access to my email would provide overridable access to a good portion of my online accounts. Not to mention if my email was hacked by a bad actor, my identity could easily be stolen with all the emails I keep in my archives.
A motivation to Migadu as a service would be the ability to attract more enterprise customers. I know that at my company, MFA is required for all email accounts. Offering MFA would be very attractive to companies wanting to move their email over to Migadu.
For example Podesta's emails would have never been accessed and sent to Wikileaks if he had been using it. Despite his password having been compromised. Not everyone uses this feature but those who do feel it is really important.
Indeed. Since we started from scratch we were very careful about what goes in and what doesn't. Not trying to be ignorant regarding 2FA, but rather always prefer to hear the actual reasons.
Nevertheless, thank you guys for all the suggestions, we will work to get 2FA in ASAP.
I understand why you put in the drawbacks section, I know that kind of anti-marketing can work. But it's a little too honest - nobody wants to read that their emails might end up as junk mail. Maybe be a bit more vague. Or if you're not significantly worse than your competitors on that front it's a bit misleading if you're disclaiming it as a drawback.
Also, when you open up a link in the menu as a new tab (via middle mouse button) the current tab becomes unusable due to the loading icon you overlay. Very annoying!
And finally - it'd be good to have a demo of the web client without having to register. Because that's essentially what most people will be paying for since email plumbing is pretty standard across providers.
I signed up with them for the reason that they were honest - I'm getting tired of all the marketing talk you see over at sites like product hunt when trying to convince people to sign up
Thank you for the input! I see your point and thank you for it! Honestly, we're not trying to play any marketing tricks, but rather give all help possible in order to decide whether it works for the interesting parties. Surely, we've got to trim down and brush off a lot of things.
The mail going to junk is an unfortunate reality, there are never any guarantees with any mail service, and especially with new services. We've already had the big ones play muscles on us several times.
Thank you for reporting the new tab bug, will be fixed!
The webmail / ui demo is coming up too. Thank you for suggesting it!
I really appreciate that and further think you are on the right track with honesty (drawbacks, etc.), as people get more and more immune to marketing bullshit.
> We've already had the big ones play muscles on us several times.
We've had our servers blacklisted for "low traffic" and completely legit, authenticated emails marked as Spam. Completely new IPs with 100/100 reputation were blacklisted just because they were not known from before. To get us off from their lists we were in for a web of problems. It is all rigged against the small hosters. If you are a bigger one, you can just get directly in touch. I was personally all for the idea of running own mail servers, but after the experience so far, would say good luck with that. Unfortunate though.
I've had all kinds of problem with outlook.com and other Microsoft related email recipients marking my email as spam. I use Fastmail. Fine with Gmail though.
I find the drawbacks section very refreshing and really appreciate their honesty. No obvious marketing fluff, you know exactly what you will get and can figure out for yourself if the service fits your needs without signing up for a money-back trial first. On the other hand, I do realize that the no marketing fluff is a clever form of marketing in itself.
Then it becomes my job to keep said system, anti-spam settings, etc updated... I don't want to do that work... Frankly if I didn't have to work for a living, I'd start a new open-source mail system that didn't suck.
I typically don't send more than 40 emails a day. But have several domains I would like to have email for... paying $10/address is a bit steep to say the least for that use case.
Here's my anti spam solution. I created an entire domain for it with a catch all address. When I sign up for a service I use service-name@domain.com, if I get a lot of spam I reject mail for that address at the server.
This is good. What I meant is that you have to check your IP reputation by yourself, while this provider does it for you (if I understand correctly), hence an extra charge
Floating IP's are not the same as the dedicated IP you get from the VM itself. I've been sending outbound on that for the better part of 2 years.
To the other point, if you have a problem with spam scores, you are probably sending too much mail for this sort of solution (consider Mailgun 10,000 emails/month for free). For an individual it is fine, not for use as a mailing list. A clean IP address (every IP I've ever tried was clean), DKIM, and SPF will allow you to hit pretty much anybody. It might take a few people pulling you out of spam on gmail before you can send to them, but I think that's true of any new mailserver.
Just switched over my Google hosted domains to this. I really only need email, so GSuite is overkill. Why does my throw away email address need a youtube/calendar/google+ account......
I actually originally switched from my old gmail address to my GApps email, but Google ruined it by making GApp accounts inferior. You can't do tons of stuff (Family Library is just 1 example), so I switched back. I use my gmail account as a webclient for my other accounts (pop/smtp).
I got Google apps when it launched and was a great free option. Now they're removed free accounts, and even on the grandfathered free accounts, they don't let you add new domains anymore... I really just have 1 important account, and unimportant ones for hobby domains, so this is a great option for me. I considered PO Box for my important account, but for now, I'll just try this for all my domains.
I really like the simplicity. I sent some test emails: Google and my work's exchange correctly get the email. outlook.com flagged as spam. I only have 2 concerns. 1, they need 2FA ASAP (which they've acknowledged), and 2, how long will these guys be around. How many employees are there, how much investment. It would suck if 12 months from now they shut down. It would be a scramble to move something as important as email. Rather than shutdown, most companies in these types of businesses up the price, remove features from the cheaper plans etc...there's no promise of price lock-in here, but since that's their market, I suspect they're aware of the effect a price increase might have.
Fantastic. I just set it up on a personal domain using AWS Route53. My first message was sent to Gmail and did not go to spam. It was my first time using "TXT" records and took a total of about 45seconds to sign up.
It was very easy to setup. I like the interface. My only complaint is the annoying signature that I can't figure out how to remove[0]. It doesn't appear to be listed in the settings.
This comes at the perfect time for me since I plan to move the mess of 4 domains with about 12 email mailboxes for projects, private and my family to a single more reliable service. Right now its on some Google Apps free tier from back when it was free and a cheapskate VPS hoster with terrible spam reputation and customer support.
Just signed up for the mini plan and if it does in fact give me about 15 somewhat reliable email mailboxes for just 48$ a year I'll be a happy customer. With the 50% off it's a steal compared to other services, especially with my number of mailboxes.
Zoho definitely seems to offer more but at a way higher price because I'm billed by mailboxes/users it seems. Thing is all my 12 mailboxes together over 4 domains send maybe 150 mails a month overall. So low traffic, but multiple domains and mailboxes used by two or three people - simply to keep email from different places and for different purposes across 10 devices automatically sorted by mailbox. It's why I've been using a small VPS in the past but running my own mailserver is a pain to keep up to date, secure and spam free.
And Zoho has too many features I wouldn't use, I really just need a few (hopefully) reliable and (somewhat) secure IMAP capable inboxes which can be accessed by 10 different stationary and mobile devices.
With a single domain, or a single mailbox Zoho is a great alternative. If you run multiple domains though, why not spare yourself the trouble and complexity?
I've not spent any time thinking about pricing for email SaaS targeting consumers but a few quick thoughts:
- You have to have a lot of subscribers to make $4/month amount to real money. Also, churn is higher. My SaaS service Cronitor used to offer a $6.99-turned-9.99 plan targeted at individuals and churn rates on that plan is literally 10x higher than our $25 tier.
- If being cheap is your thing, and I'm willing to spend $50/mo for business email, do I feel comfortable going with the people who are competing primarily on price?
Thank you for your comments. However, Migadu is not intended to be "cheap". That is not the selling point of it.
We used to use Google Apps for multiple domains for our starup projects, ideas etc. Switching between these multiple accounts was becoming ridiculous and complex. Then, they made it $5 per account. We actually had many addresses but only two users. Our total cost of that would be measured in hundreds of $ which def would not be worth it.
What I personally dislike regarding other services is that they claim storage as one of the most important selling points but then do not account for the price drop per GB. Since GMail for work launched (2006?), the cost per GB dropped more than sixty fold: http://www.mkomo.com/cost-per-gigabyte-update
Any update in price? Nope.
And then, the price of Google Apps (Gmail) are global. We have clients in Zimbabwe for instance. $5 per month per account is not the same as it would be in the US. Yet if a company from Zimbabwe uses a @gmail address, it won't be taken serious.
Migadu is profitable since a while ago, and real money is relative. We're not after exits and TechCrunch, just doing what we like and hacking at it daily. :) Pays the bills. Ironically, we are also in Switzerland, where living expenses are among the highest in the world.
I agree that your pricing model is more user-friendly and it's more inline with your cost model (mailboxes are free to provide). It's why I clicked on it. I spent about 3 minutes given my browser history, looking at your homepage and pricing page. What I absorbed, after seeing your HN "email from $4/mo" and then your homepage, was that this was primarily about being cheap. Maybe I'm an outlier, but that seemed to be the message you were sending me.
And I totally understand you're not trying to "Tech Crunch", I think a SaaS is a great side business -- i've done this myself -- but also the only way to ensure stability of a project over long term is for it to provide financial rewards inline with effort.
Also, I definitely should've added: Congrats on shipping.
Thanks for the question. Unfortunately, asfik the email push notifications for Apple Mail have to be approved/implemented by the Apple team, so not much we can do there (yet). I believe FastMail was the only one besides iCloud that was approved for it.
I'm a bit suprised: While Rainloop seems to the most modern opensource webmail client I could find (and I did do some research), from their github: _This is NOT a stable version of RainLoop Webmail. It's not recommended to use in production environment._
From my own testing there are certainly still a few bugs. Interesting they go with this for their primary webmail.
Are there plans for providing an API for creating mailboxes/domains? We previously used Mailgun for mailboxes (back when they still provided them) and ever since they discontinued mailbox support we've been looking for a solid mailbox provider that can handle any number of domains, mailboxes and aliases.
I've been testing fastmail recently via their free trial (for my eventual migration away from google apps/domain)...so seeing some up and coming competition is always healthy; gives us more choices in the future. I wish these guys plenty of luck, as we need more options just like these guys! Cheers!
What is the backup and redundancy strategy? It has some mention of backups and maintaining copies of deleted emails for you, but what happens if the specific server your account is on suffers catastrophic failure?
Are there any plans to allow people to utilize an API to create and manage accounts or forwards? If not, this would be awesome feature given how you bill.
Same question. The "unlimited" domains would be very useful in some scenarios where I'd like many domains to simply act as email forwarders (rather than storage)
If you have a domain where those drawbacks aren't showstoppers, you might also look at Yandex hosted email. Can't beat the price (free), it has decent storage (10GB) and the limit for sending is 500/day[1].
Those drawbacks are also valid for any other small provider. Fastmail also has the problem of mails classified as spam. Really any service except the biggest 3-4 have occasional reputation problems.
The difference is just that Migadu is honest about it.
Would have not expect you to change either. Fastmail is awesome and a lot of respect for them. We're trying to learn from them all the time.
I'd classify Migadu in a different category. If you run multiple projects or just need extra addresses fast at no extra costs, you'd probably not go for FastMail. I can clearly see using them both.
Really wish you could give a display name for an alias in the UI so you can use more random aliases for services and still know easily where it belongs
We've been overwhelmed by the interest. Thank you guys for all the interest and great comments! We're re-adjusting our infrastructure to deal with the demand. The site and infrastructure is a bit suffering today, but we're hard at work and get all ready during the day.
I got it working with Cloudflare
add a TXT record
under name, enter (without quotes) '@'
under key, enter (without quotes) 'v=spf1 a mx include:spf.migadu.com ~all'
You must delete all other SPF TXT entries (so if you were previously on google hosted, delete the Google SPF record.
They don't currently - they use Stripe for card handling. Ideally they should probably be using Stripe's own recurring payment feature rather than storing card numbers themselves.
Yup, we use Stripe and their subscriptions with their payment method storage.
We do not accept PayPal in the interface, but will accept payments for yearly plans on individual basis. So if you wish to use PayPal, please just get in touch for now.
Hello, thank you for the question. ProtonMail is a different kind of email for a different kind of audience, so it depends on what your needs are. Honestly, we're ourselves puzzled over benefits of ProtonMail over just using yourself GPG.
This is such a bizarre question. Protonmail is not a standards based mail service. No IMAP, no SMTP. It's client-side encrypted and only works via webmail or their own mobile app.
For me, email is the 'master key' for most of my online accounts (because password resets are done via email so if your email account is compromised an attacker can quickly leverage access to other services) and email security is top priority. I didn't see anything about using two-factor authentication with this service - is it available?
Also, your site only supports obsolete HTTPS protocols. TLS 1.0 and SSLv3. You should drop SSL 3 and enable support for TLS 1.2. Here's a test you can run with feedback and resources to learn more about secure configurations: https://www.ssllabs.com/ssltest/analyze.html?d=migadu.com&s=...