New Mail Suggestion: Migadu

[freddy-m]

Migadu Email Review

Basic Information

Name: Migadu
Category: Email
URL: https://www.migadu.com/
Jurisdiction: Switzerland
Source: https://github.com/migadu/

Description

Migadu is an independent email hosting from Switzerland.

Encryption:

• Allow users to use their own domain name.
• Supports standard email access protocols. (IMAP, POP3, SMTP).

Privacy:

• Doesn't require personally identifiable information (PII) besides username and password.
• Privacy policy that meets the requirements defined by the GDPR

Security:

• Allows 2FA,
• Supports DNSSEC
• Website uses HTTPS and Subresource Integrity
• Registered on the EFF's STARTTLS-Everywhere
• No TLS errors/vulnerabilities when being profiled by tools such as Hardenize or Qualys SSL Labs, this includes certificate related errors, poor or weak ciphers suites, weak DH parameters such as those that led to Logjam.
• Valid DMARC, SPF and DKIM

Trust:

• Public-facing leadership or ownership.

Marketing:

• Complies with DNT, no poor claims.

Issue's:

• Doesn't support DANE
• No valid MTA-STS and TLS-RPT policy
• googletagmanager.com is present on the homepage

Why I am making the suggestion

They are down to earth with the offering of unlimited domains, storage, etc. I would give them full marks for philosophical, ethical, and technical merits.

Taken from Drew DeVault on mastodon.

My connection with the software

I have no connection with the software, however I am enthusiastic about it.

• I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

[crazyyzarc]

Neither Canada (despite Personal Information Protection and Electronic Documents Act) nor the USA have an adequate data protection concept

[freddy-m]

Migadu is based in Switzerland, though I can understand your concerns for Thexyz, I have edited my post accordingly.

[crazyyzarc]

Migadu is based in Switzerland, though I can understand your concerns for Thexyz.

They only support Stripe (US) (https://www.migadu.com/en/privacy.html, https://stripe.com/privacy-shield-policy)
Also you can't opt out the terms and condition checkbox ;) (https://admin.migadu.com/public/signup)

[freddy-m]

You don't have to pay though... there is an unlimited free trial with no stripe details required, only disadvantage is the storage limit (which is understandable).

[freddy-m]

Equally, on this basis fastmail should be delisted because of Australias whack privacy laws.