Fastmail Review & Testing 2023 – NOT The Best Choice

Founded over 20 years ago, Fastmail is a popular e-mail service that also lets you manage your calendar and contacts. Today, we will do an in-depth Fastmail review and see what this service exactly has to offer.

Fastmail has many strengths and puts a lot of emphasis on user privacy and security:

You can rely on Fastmail for service and support, and trust that your personal information is protected. You come first, and you can bank on it.

However, their views on privacy and security are rather different than those of products such as Tutanota and ProtonMail (or those we hold here at RestorePrivacy). If you are serious about improving your email privacy, you will definitely want to continue reading before investing in a Fastmail account.

Here are the Pros and Cons I’ve identified in this Fastmail review:

Now, I’ll dive right in and give you a complete rundown of the service.

Fastmail features overview

Fastmail is comprised of 5 distinct sections: email, contacts, notes, files, and calendar. The company recently redesigned its interface and went with a more minimalistic style. It works smoothly and looks good, as you can see in our screenshot below:

If you are experienced with using virtually any modern email app, you won’t have any problems with figuring out Fastmail. Besides being user-friendly, Fastmail is also brimming with useful features, such as:

• Web interface and support for mobile apps (Android and iOS)
• Easy integration with many email services and clients
• POP3, IMAP, CalDAV, CardDAV support
• Threaded conversations
• Full-text search of messages
• Support for custom domain names
• Account recovery without a password
• Prioritize contacts and improve your productivity
• Data protection tools
• Easy import/export of messages, contacts, and calendar data
• Business-specific features
• Easily restore deleted files
• An extensive archive of support files

New features since our last review include:

• Custom themes
• Send later
• Spam filtering
• Masked email
• Squire 2.0 text editor

Fastmail was carefully refined over two decades, which is evident from the number of tools in its arsenal. For now, let’s take a step back and see how Fastmail started and talk about the values that the company promotes.

Fastmail’s core values

Fastmail launched in 1999 and is based in Australia. Your data is stored on servers in New York, USA. The company claims to operate under four core values:

1. You are our customer, not our product
2. Your data belongs to you
3. We are good stewards of your data
4. We are good Internet citizens

These are all great values. From the perspective of privacy and security, numbers 2 and 3 are particularly important, so let’s look at them in more detail.

“Your data belongs to you”

Fastmail states, “You have a story and a footprint that deserves respect. You get complete ownership and control of your data, which is seen by no one else but you.”

This is exactly what we want from a privacy perspective. We should have complete control over our data, with no one else able to see it without our permission.

“We are good stewards of your data”

Fastmail states, “You’ve entrusted us to take care of your data and we take that seriously. Your data is always available to you, intact, and away from the wrong hands.”

This sounds good, too. I know I want my email provider to keep my data secure from being viewed by anyone I don’t want to see it.

Keep these two core values in mind. I’ll return to them in a little while.

Fastmail technical specifications

From our perspective, Fastmail’s technical specifications are pretty simple.

• They use SSL/TLS to encrypt data flowing between their servers and each user’s computer or mobile device.
• Data stored on Fastmail servers is encrypted with LUKS or directly on the server hardware for those servers that support this capability.

If you are familiar with private email services, you may have noticed what is not specified. Fastmail doesn’t do message-level or end-to-end encryption.

In a service like ProtonMail, your messages are encrypted before they ever leave your device, and remain that way until decrypted by the recipient. The service in the middle cannot read your messages since they don’t control the encryption keys, you do.

In Fastmail, your messages are protected by SSL/TLS while in transit, and by the server’s encryption when stored on a Fastmail server. But the messages themselves are not encrypted. That means when the messages arrive at Fastmail’s servers, they can be read by Fastmail. Once the messages are stored on Fastmail servers, outsiders can’t read them, but Fastmail personnel can.

In a world where even top cybersecurity firms like FireEye get hacked, counting on Fastmail’s security to protect your unencrypted email from hackers is asking an awful lot.

It is possible to send encrypted messages with Fastmail. You can use an external program to encrypt your messages, then send them through the Fastmail system. Or you can install a browser extension like Mailvelope that will allow you to apply PGP encryption to messages in the browser-based Fastmail client.

Fastmail hands-on testing

I’ve based this part of the review on the browser-based Fastmail client. Although Fastmail mentions desktop clients in their literature, there is no Fastmail desktop client. Instead, they offer the ability to connect someone else’s desktop client to Fastmail’s servers. Since this gets complicated, I’ll stick with the browser-based client.

Signing up for Fastmail

Signing up for Fastmail only takes a few moments. If you want to test it out without committing, you can activate their 30-day free trial which requires no credit card. All you’ll have to do is create an email address and a password, accept the Terms of Service, and you are good to go. This is all standard stuff.

Now, this is where things get problematic. To complete the registration, you must give Fastmail a mobile phone number they can use to verify your account. Unfortunately, telephone verification is among the least private methods available. More privacy-conscious services allow you to complete verification via an email address.

Once you verify your account over the phone you can immediately begin using Fastmail. At least I haven’t seen any evidence of mandatory waiting periods like I experienced with Tutanota.

The look and feel of Fastmail

As previously mentioned, Fastmail sports a minimalistic modern interface and lets you switch between a light and dark theme. You navigate between the sections of the client using the Main Menu, which is located in the top left corner. You can also use Shift + G keyboard shortcut to quickly open the Main Menu.

Composing Messages

Click Mail in the Main Menu, to open the Mail component of Fastmail. Then select the Compose icon at the top of the left-hand column to create a new message.

As you can see, all the formatting options you’ll need are readily available, making it fast and easy to create your messages.

Sending and receiving messages

This is one place where Fastmail’s lack of message-level encryption is a benefit. Since there is no end-to-end encryption, you won’t have to worry about things like which email service either of you are using, or about exchanging encryption keys outside of the email system.

Searching messages and more

Fastmail’s Search feature is powerful. You can search for specific words or phrases, as well as construct complex searches that include characteristics like the message size or date. You can also sort the results in various ways and save searches for later use.

The Calendar, Contacts, and other components of Fastmail also have similar search capabilities.

Filters and Rules

Fastmail allows you to create rules that help automate the processing of messages. To do so, open the Main Menu, select Settings then Filters & Rules.

Both of these systems seem to work well based on the tests I’ve done.

Contacts

The Contacts component of Fastmail allows you to keep track of the people you exchange messages with. You can add a person by clicking the New Contact button in the Contacts section, or by clicking their name in an email message and selecting Add to Contacts.

You can create Groups of contacts, but the process is a bit clumsy. You’ll need to click More, then Groups, and enter the group name. Once you do that, the group will appear in the Groups list, and you can start creating contacts within that group.

The Calendar, Notes, and Files

While Mail and Contacts are our main interest here, the fact that Fastmail includes Calendars, Notes, and File storage is a definite plus.

Fastmail Calendar

Fastmail lets you create multiple calendars, so you can keep professional and personal appointments separate. You’re also able to invite your contacts to these events and set up multiple reminders so you don’t forget about them.

Notes

Similar to Microsoft Outlook’s Notes feature, you can use this tool to create a searchable record of personal information that might otherwise get lost. Because the Notes are stored on the Fastmail servers, you can have access to them from your mobile devices as well as any web browser. You can also easily restore them in case of accidental deletion.

That said, Fastmail Notes are not encrypted, so this is not the best place to store passwords, bank account numbers, and other sensitive details. Instead, you should use a good password manager.

Files

Fastmail’s Files serves as a modest cloud storage where you can upload files that are up to 250 MB in size. Your limit will depend on whether you have a Basic (1 GB), Standard (10 GB), or Professional (50 GB) subscription.

Again, unless you have complete confidence in Fastmail, don’t upload any files you want to keep private.

As an alternative, check out our roundup guide on secure cloud storage providers. There are some excellent options I have personally tested and reviewed over the years. For example, see our recent NordLocker review.

Note: Depending on your needs, all of these features may make Fastmail a good alternative to Gmail.

Fastmail mobile apps

Fastmail offers apps for both iOS and Android. I tested the Android app and found it to be perfectly acceptable. Here’s a screenshot of the Fastmail Android app:

The one drawback I saw was that the app does not function offline. If you need the ability to at least read your email when in an airplane for example, you won’t be able to do it with Fastmail.

Note: We also have a guide on VPNs for Android if you want more privacy on your device.

Is Fastmail really private and secure?

When I visualize a private, secure email service, it looks something like this:

1. Every message I create is encrypted at my device, using encryption keys that I control. The encryption technology used cannot have any back doors or methods that bypass the encryption. Only I, or the intended recipient, have the capability to decrypt them.
2. The messages are protected by SSL/TLS encryption while traveling between my device and the email service’s servers.
3. While any messages are stored on the service’s servers, the service applies an additional layer of encryption that they control. This can not compromise the original encryption in any way.

This is basically how secure email services like ProtonMail and Tutanota work.

A major strike against Fastmail appears in the portion of their Privacy Policy covering the global transfer of your data. It states that:

“Your personal information may be disclosed, transferred to or processed outside of your country of residence. This includes to Australia, the United States of America, India, and the Netherlands, where it will be subject to the laws of the country to which it is transferred. These jurisdictions may not have an equivalent level of data protection laws as those in your country.”

If I am reading this correctly (I am not a lawyer), the privacy of your personal data is subject to the whims of the politicians in any of the countries listed.

Remember those two core Fastmail values, “Your data belongs to you,” and “We are good stewards of your data”? They stated in part that,

• “You get complete ownership and control of your data, which is seen by no one else but you.”
• “Your data is always available to you, intact, and away from the wrong hands.”

If your personal information can be disclosed and processed in any of several countries, and be subject to the data protection laws of those countries, you clearly don’t have complete ownership and control of your data.

It can be seen, collected, and shared with many other parties – and you may not even be alerted if/when your data falls into the “wrong hands”.

Australia is a bad location for secure email

The biggest strike against Fastmail is that it is based in Australia. That may sound strange, with Australia being a modern Western Democracy and all that. But in reality, Australia is a horrible place for online privacy. Here’s why:

The Five Eyes connection

Australia is a member of the Five Eyes Intelligence organization. This means, among other things, that they share intelligence with the other Five Eyes countries. Reportedly, this even extends to monitoring each other’s citizens and passing along the information. This allows the members to skirt laws against spying on their own citizens. This realization sets the stage.

Your metadata does not belong to you (in Australia)

In 2017, a federal court ruled that your metadata is actually data about your devices, not about you. This cleared the way for telecoms and other companies to record that data, and hand it over to the government on demand, while at the same time denying you access to the same data.

However, metadata can reveal a lot about your online activities even if it isn’t defined as user data. So, it became vital for people to use a quality VPN in Australia if they wanted to protect their privacy.

As mentioned before, it’s always a good idea to use one of the best VPN services at all times, since they will conceal your IP address and location. This provides you with online anonymity while letting you control your data, regardless of the laws in Australia.

Australia leads the way for the world to spy on users

In 2018, the Australian government passed a draconian law called the Assistance and Access Bill.

As the name suggests, this law requires technology companies to assist authorities in gaining access to user data. This can include direct access as well as adding backdoors or removing access bearers, to including breaking encryption.

According to human rights lawyer Lizzie O’Shea in a New York Times editorial:

Australia, which has no bill of rights, is a logical place to test new strategies for collecting intelligence that can later be adopted elsewhere. Among other things, the proposed law would create a process for “designated communications providers” — defined so expansively that it covers any business hosting a website — to assist intelligence and law enforcement agencies to do almost anything to give them access to encrypted communications. For example, providers may have to build tools, install software or keep agencies up-to-date with developments. In essence, state agencies will be able to circumvent encryption, either with the cooperation of tech companies or by compulsion.

Things have not improved. As Josh Taylor of the Guardian pointed out in his April 30, 2021 article,

Australians’ personal information could be accessed by government agencies and researchers without their consent under proposed data-sharing legislation…

We also discuss the privacy drawbacks of Australia in our Session messenger review, as well as our roundup guide on the best VPNs for Australia.

You don’t control your content, Fastmail does

The privacy developments in Australia are horrible, but in a way, it doesn’t even matter. That’s because you don’t control access to your messages and other information – Fastmail does. Let’s go back to my vision of a secure, private email service for a moment. The first step in my model is:

1. Every message I create is encrypted, at my device, using encryption keys that I control. The encryption technology used cannot have any back doors or methods that bypass the encryption. Only I, or the intended recipient, have the capability to decrypt them.

Fastmail doesn’t bother with that step. They go directly to step 2, where my (unencrypted) messages are protected while in transit by the standard SSL/TLS encryption that virtually every business website uses these days. Once the messages arrive at the Fastmail servers, that encryption is removed, leaving my messages in plain text for anyone who happens to have access to the server to read.

On their site, Fastmail explains their rationale for taking this approach. As they put it,

To provide the services we offer, it is necessary for our computer systems to process unencrypted and unobfuscated data (for example: to build the search indexes which allow fast message retrieval, or to push alarm notifications for calendar events).

This approach does have advantages such as those described here. It also makes it possible for Fastmail to recover your account for you if you lose your password, and so on. What it doesn’t do is give you privacy or security in the same league as other services.

Data stored on servers in the United States

As we noted above, Fastmail stores user data on servers in the United States. From their support page:

Our main servers are located at New York Internet (NYI) in Bridgewater, New Jersey, USA. Their facility is a high security, video monitored location; with backup power, air conditioning, fire systems, 24x7x365 monitoring, and onsite technical support.

Our secondary sites at NYI’s Seattle location has equivalent physical security.

Storing data in the United States is somewhat risky. US laws permit authorities to demand access to user data while also giving them authority to serve companies with gag orders that prohibit them from disclosing what happened. This has happened on at least two occasions with Lavabit and also Riseup.

Fastmail business features

When you choose the Fastmail Professional plan, you get a few business-specific capabilities. In addition to the ability to use your own domain name (instead of a pre-existing Fastmail domain), you get:

• Administrator controls and archiving
• Topicbox for team sharing

Topicbox is a sister product of Fastmail that works as a group email app for teams. It gives you a shared archive, where you (the Administrator) can create controlled-access groups to manage the messages and knowledge of your teams. Instead of forwarding and CC’ing messages, you can send them to the relevant group on Topicbox to streamline communications and keep information organized.

Support

The Fastmail Support area includes lots of useful information. This is good since they don’t offer live chat and the only way to contact their support personnel is via email. Responses may take several hours.

Fastmail plans and pricing

Fastmail has three plans: Basic, Standard, and Professional. As you can see in the image below, the prices for each plan seem reasonable for the amount of storage and capabilities that they provide. You can find a full list of features here.

Note that there isn’t separate business pricing. The Professional plan’s support for up to 100 domains and 600 aliases along with various administrative controls, gives it the power to handle small businesses.

Should you consider Fastmail?

As always, whether an email service is right for you depends on your threat model. Here is a summary of specific factors to consider:

• Jurisdiction – Fastmail is based in Australia and your data is stored in New York City. Neither Australia nor the United States are privacy-friendly jurisdictions.
• PGP support – This app does not support PGP. However, it can be added via browser extensions.
• Import feature – Fastmail has the ability to import mail from most other email services and can export messages as well.
• Email apps – This is a web-based client that offers integration with 3rd party desktop clients. It is also available on iOS and Android.
• Encryption – Emails and attachments don’t have end-to-end encryption. Servers are encrypted and protect at-rest data, but Fastmail can access all your data.
• Features – Includes a built-in calendar, contacts, notes, and file storage along with a full-text search of all the above.

From this list, we can see that Fastmail is not a good choice from a privacy perspective. The service does not provide end-to-end encryption, which means that employees (as well as local governments) may access your unencrypted data. Finally, neither Australia nor the United States are very supportive of online privacy.

Fastmail alternatives

I find that suggesting alternatives to Fastmail is a little bit awkward. That’s because I don’t really see a practical niche for the product.

Now, don’t get me wrong, keeping your data out of the hands of mega-corporations like Microsoft or Google is a great idea. But if you are going to switch from Gmail, Outlook.com, or similar services, why would you switch to Fastmail since it doesn’t provide real privacy?

On the other hand, services like Tutanota and Proton Mail are continuously adding features like Calendars and the ability to search your data, while also eliminating the need to trust them not to read your stuff themselves.

Fastmail review conclusion

Is Fastmail a good choice for readers of RestorePrivacy.com? That depends on your threat model. If your only concern is that a mega-corporation like Google or Microsoft doesn’t mine your email messages for advertising purposes, then Fastmail could be a good choice.

If you are looking for a secure and private email service that doesn’t rely on trusting the company’s employees, you might want to start your search elsewhere. A good first step is by checking out this ProtonMail review of this Tutanota review. We think you’ll like what you see.

Lastly, here is our complete list of secure email reviews, should you wish to explore other options:

ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Runbox Review

Fastmail FAQ

This review was last updated on August 7th, 2023.