Founded more than 20 years ago, Fastmail provides its users with email, contacts, and a calendar. Fastmail has a lot of strengths and stresses its privacy and security features:
You can rely on Fastmail for service and support, and trust that your personal information is protected. You come first, and you can bank on it.
However, their views on privacy and security are rather different than those of products such as Tutanota and ProtonMail (or, for that matter, than those we hold here at Restore Privacy). If you are serious about securing the privacy of your email, you will definitely want to keep reading before investing in a Fastmail account.
Here are the Pros and Cons we identified in this Fastmail review:
- Account includes email, calendar, and contacts
- Can import messages from other email services and export to them
- 30-day free trial with no credit card required
- Desktop, mobile, and browser-based clients
- Can restore account if password is lost
- Integrated Notes and File storage
- Custom domains supported
- Does not offer end-to-end encryption
- Requires a valid telephone number to create an account
- Does not support PGP
- No free subscription tier
- Company is based in Australia (Five Eyes) with servers located in the US
- No cryptocurrency payment options
- Only a portion of code is open source
Fastmail features overview
As mentioned previously, Fastmail provides email and contacts as well as calendar support. The company redesigned the interface in June of 2019. It looks good and works smoothly, as you can see in our screenshot below:
If you have experience using virtually any modern email program, you will have no problems figuring out Fastmail. Interesting features of Fastmail include:
- Web interface and mobile apps
- Easy integration with many email services and clients
- POP3, IMAP, CalDAV, CardDAV support
- Threaded conversations
- Full-text search of messages
- Support for custom domain names
- The ability to recover your account if you lose your password
- A promise not to scan your messages for marketing purposes
- Easy import / export of messages, contacts, and calendar data
- An extensive archive of support files
- Business-specific features
New features since our last review include:
- Custom themes
- Send later
- Masked email
So far, this is looking good. Fastmail is full-featured and has had two decades to refine their product. So let’s dig a bit deeper.
Fastmail company information
Fastmail launched in 1999 and is based in Australia. Your data is stored on servers in New York City, USA. The company claims to operate under four core values:
- You are our customer, not our product
- Your data belongs to you
- We are good stewards of your data
- We are good internet citizens
These are all great values. From the perspective of privacy and security, numbers 2 and 3 are particularly important, so let’s look at them in more detail.
“Your data belongs to you”
Fastmail states, “You have a story and a footprint that deserves respect. You get complete ownership and control of your data, which is seen by no one else but you.”
This is exactly what we want from a privacy perspective. We should have complete control over our data, with no one else able to see it without our permission.
“We are good stewards of your data”
Fastmail states, “You’ve entrusted us to take care of your data and we take that seriously. Your data is always available to you, intact, and away from the wrong hands.”
This sounds good, too. I know I want my email provider to keep my data secure from being viewed by anyone I don’t want to see it.
Keep these two core values in mind. We’ll return to them in a little while.
Fastmail technical specifications
From our perspective, Fastmail’s technical specifications are pretty simple.
- They use SSL/TLS to encrypt data flowing between their servers and each user’s computer or mobile device.
- Data stored on Fastmail servers is encrypted with LUKS or directly on the server hardware for those servers that support this capability.
If you are familiar with private email services, you may have noticed what is not specified. Fastmail doesn’t do message-level or end-to-end encryption.
In a service like ProtonMail, your messages are encrypted before they ever leave your device, and remain that way until decrypted by the recipient. The service in the middle cannot read your messages since they don’t control the encryption keys, you do.
In Fastmail, your messages are protected by SSL/TLS while in transit, and by the server’s encryption when stored on a Fastmail server. But the messages themselves are not encrypted. That means when the messages arrive at Fastmail’s servers, they can be read by Fastmail. Once the messages are stored on Fastmail servers, outsiders can’t read them, but Fastmail personnel can.
In a world where even top cybersecurity firms like FireEye get hacked, counting on Fastmail’s security to protect your unencrypted email from hackers is asking an awful lot.
It is possible to send encrypted messages with Fastmail. You can use an external program to encrypt your messages, then send them through the Fastmail system. Or you can install a browser extension like Mailvelope that will allow you to apply PGP encryption to messages in the browser-based Fastmail client.
Fastmail hands-on testing
We’ve based this part of the review on the browser-based Fastmail client. Fastmail talks about desktop clients in their literature. But they don’t mean that there is a Fastmail desktop client. Instead, they mean that you can connect someone else’s desktop client to Fastmail’s servers. So we’ll stick with the browser-based client.
Signing up for Fastmail
Signing up for Fastmail takes only a few moments. You don’t need to give them a credit card since you can sign up for their 30-day free trial to check out the service. You’ll need to select an email address and a password, accept the Terms of Service and so on. This is all standard stuff.
But now things get unpleasant. To complete the registration, you must give Fastmail a mobile phone number they can use to verify your account. Telephone verification is about the least private way possible to verify your account. More privacy-conscious services allow you to verify your account using an email address.
Once you verify your account over the phone you are ready to go. At least I haven’t seen any evidence of mandatory waiting periods like I experienced with Tutanota.
The look and feel of Fastmail
As I mentioned earlier, Fastmail has a nice modern look and feel. You navigate between the sections of the client using the Main Menu. Press the Shift-G keyboard shortcut to open the Main Menu.
Click Mail in the Main Menu, to open the Mail component of Fastmail. Then select the Compose icon at the top of the left-hand column to create a new message.
As you can see, all the formatting options you’ll need are readily available, making it fast and easy to create your messages.
Sending and receiving messages
Here is one place where Fastmail’s lack of message-level encryption is a benefit. Because there is no message encryption involved, you don’t have to worry about things like which email service either of you are using, or about exchanging encryption keys outside of the email system.
Searching messages and more
Fastmail’s Search feature is powerful. You can search for specific words or phrases, as well as construct complex searches that include characteristics like the message size or date. You can also sort the results in various ways and save searches for reuse later.
The Calendar, Contacts, and other components of Fastmail also have similar search capabilities.
Filters and Rules
Fastmail allows you to create rules that help automate the processing of messages. To do so, open the Main Menu, select Settings then Filters & Rules.
Both these systems seem to work well in my tests for this review.
The Contacts component of Fastmail allows you to keep track of the people you exchange messages with. You can add a person by clicking the New Contact button in the Contacts section, or by clicking their name in an email message and selecting Add to Contacts.
You can create Groups of contacts, but the process is a bit clumsy. You’ll need to click More, then Groups, and enter the group name. Once you do that, the group will appear in the Groups list, and you can start creating contacts within that group.
The Calendar, Notes, and Files
While Mail and Contacts are our main interest here, the fact that Fastmail includes Calendars, Notes, and File storage is a definite plus.
You can read more about the Fastmail calendar here.
Similar to the Notes feature of Microsoft Outlook, you can use this component of Fastmail to keep a searchable record of personal information that might otherwise get lost. Because the Notes are stored on the Fastmail servers, you can have access to them from your mobile devices as well as any web browser.
That said, since Fastmail Notes are not encrypted, this is probably not the best place to record things like passwords or bank account numbers. (Use a good password manager instead.)
Store smallish (less than 50MB) files in the Fastmail Files component and you will have access to them from anywhere.
Again, unless you trust Fastmail to never look at your data, don’t upload any files you want kept private.
As an alternative, check out our roundup guide on secure cloud storage providers. There are some excellent options we have personally tested and reviewed over the years. For example, see our recent NordLocker review.
Note: All of these features may make Fastmail a good alternative to Gmail, depending on your needs.
Fastmail mobile apps
Fastmail offers apps for both iOS and Android. I tested the Android app and found it to be perfectly acceptable. Here’s a screenshot of the Fastmail Android app:
The one drawback I saw was that the app does not function offline. If you need the ability to at least read your email when in an airplane for example, you won’t be able to do it with Fastmail.
Is Fastmail really private and secure?
When I visualize a private, secure email service, it looks something like this:
- Every message I create is encrypted, at my device, using encryption keys that I control. The encryption technology used cannot have any back doors or methods that bypass the encryption. Only I, or the intended recipient, have the capability to decrypt them.
- The messages are protected by SSL/TLS encryption while traveling between my device and the email service’s servers.
- While any messages are stored on the service’s servers, the service applies an additional layer of encryption that they control. This can not compromise the original encryption in any way.
This is basically how secure email services like ProtonMail and Tutanota work.
Your personal information may be disclosed, transferred to or processed outside of your country of residence. This includes to Australia, the United States of America, India, and the Netherlands, where it will be subject to the laws of the country to which it is transferred. These jurisdictions may not have an equivalent level of data protection laws as those in your country.
If I am reading this correctly (I am not a lawyer), the privacy of your personal data is subject to the whims of the politicians in any of the countries listed.
Remember those two core Fastmail values, “Your data belongs to you,” and “We are good stewards of your data”? They stated in part that,
- “You get complete ownership and control of your data, which is seen by no one else but you.”
- “Your data is always available to you, intact, and away from the wrong hands.”
If your personal information can be disclosed and processed in any of several countries, and be subject to the data protection laws of those countries, you clearly don’t have complete ownership and control of your data.
It can be seen, collected, and shared with many other parties – and you may not even be alerted if/when your data falls into the “wrong hands”.
Australia is a bad location for secure email
The biggest strike against Fastmail is that it is based in Australia. That may sound strange, with Australia being a modern Western Democracy and all that. But in reality, Australia is a horrible place for online privacy. Here’s why:
The Five Eyes connection
Australia is a member of the Five Eyes Intelligence organization. This means, among other things, that they share intelligence with the other Five Eyes countries. Reportedly, this even extends to spying on each other’s citizens and passing along the information, allowing the members to skirt laws against spying on their own citizens. This realization sets the stage.
Your metadata does not belong to you (in Australia)
In 2017, a federal court ruled that your metadata is actually data about your devices, not about you. This cleared the way for telecoms and other companies to record that data, and hand it over to the government on demand, while at the same time denying you access to the same data.
Since metadata can reveal a lot about your activities online even if it isn’t considered data about you, it became vital for people to use a quality VPN in Australia if they wanted to protect their privacy.
As we’ve pointed out before, it is a good idea to simply use a good VPN service at all times, which conceals your IP address and location. This will give you more online anonymity and control over your data, regardless of the laws in Australia.
Australia leads the way for the world to spy on users
In 2018, the Australian government passed a draconian law called this Assistance and Access Bill.
As the name suggests, this law requires technology companies to assist authorities in gaining access to user data. This can include direct access as well as adding backdoors or removing access bearers, to including breaking encryption.
According to human rights lawyer Lizzie O’Shea in a New York Times editorial,
Australia, which has no bill of rights, is a logical place to test new strategies for collecting intelligence that can later be adopted elsewhere. Among other things, the proposed law would create a process for “designated communications providers” — defined so expansively that it covers any business hosting a website — to assist intelligence and law enforcement agencies to do almost anything to give them access to encrypted communications. For example, providers may have to build tools, install software or keep agencies up-to-date with developments. In essence, state agencies will be able to circumvent encryption, either with the cooperation of tech companies or by compulsion.
Things have not improved. As Josh Taylor of the Guardian pointed out in his April 30, 2021 article,
Australians’ personal information could be accessed by government agencies and researchers without their consent under proposed data-sharing legislation…
We also discuss the privacy drawbacks of Australia in our Session messenger review, as well as our roundup guide on the best VPNs for Australia.
You don’t control your content, Fastmail does
The privacy developments in Australia are horrible, but in a way, it doesn’t even matter. That’s because you don’t control access to your messages and other information; Fastmail does. Let’s go back to my vision of a secure, private email service for a moment. The first step in my model is:
- Every message I create is encrypted, at my device, using encryption keys that I control. The encryption technology used cannot have any back doors or methods that bypass the encryption. Only I, or the intended recipient, have the capability to decrypt them.
Fastmail doesn’t bother with that step. They go directly to step 2, where my (unencrypted) messages are protected while in transit by the standard SSL/TLS encryption that virtually every business website uses these days. Once the messages arrive at the Fastmail servers, that encryption is removed, leaving my messages in plain text for anyone who happens to have access to the server to read.
On their site, Fastmail explains their rationale for taking this approach. As they put it,
To provide the services we offer, it is necessary for our computer systems to process unencrypted and unobfuscated data (for example: to build the search indexes which allow fast message retrieval, or to push alarm notifications for calendar events).
This approach does have advantages such as those described here. It also makes it possible for Fastmail to recover your account for you if you lose your password, and so on. What it doesn’t do is give you privacy or security in the same league as other services.
Data stored on servers in the United States
As we noted above, Fastmail stores user data on servers in the United States. From their support page:
Our main servers are located at New York Internet (NYI) in Bridgewater, New Jersey, USA. Their facility is a high security, video monitored location; with backup power, air conditioning, fire systems, 24x7x365 monitoring, and onsite technical support.
Our secondary sites at NYI’s Seattle location has equivalent physical security.
Data stored in the United States is somewhat risky. US laws permit authorities to demand access to user data while also giving them authority to serve companies with gag orders that prohibit them from disclosing what happened. This has happened on at least two occasions with Lavabit and also Riseup.
Fastmail business features
When you choose the Fastmail Professional plan, You get a few business-specific capabilities. In addition to the ability to use your own domain name (instead of a pre-existing Fastmail domain), you get:
- Administrator controls and archiving
- Topicbox for team sharing
Topicbox is a sister product of Fastmail. It is a group email app for teams. It gives you a shared archive, where you (the Administrator) can create controlled-access groups to manage the messages and knowledge of your teams. Instead of forwarding and CC’ing messages, you can send them to the relevant group on Topicbox to streamline communications and keep information organized.
The Fastmail Support area includes lots of useful information. This is good since they don’t offer live chat and the only way to contact their support personnel is via email. Responses may take several hours.
Fastmail plans and pricing
Fastmail has three plans: Basic, Standard, and Professional. As you can see in the image below, the prices for each plan seem reasonable for the amount of storage and capabilities that they provide.
Note that there isn’t separate business pricing. The Professional plan’s support for up to 100 domains and 600 aliases along with various administrative controls, gives it the power to handle small businesses.
Should you consider Fastmail?
As always, whether an email service is right for you depends on your threat model. Here is a summary of specific factors to consider:
- Jurisdiction – Fastmail is based in Australia and your data is stored in New York City. Neither Australia nor the United States are privacy-friendly jurisdictions.
- PGP support – Does not support PGP. Can be added using browser extensions.
- Import feature – Fastmail has the ability to import mail from most other email services and can export messages as well.
- Email apps – A web-based client as well as integration with 3rd party desktop clients, along with iOS and Android apps.
- Encryption – Emails and attachments are not end-to-end encrypted. Servers are encrypted and protect at-rest data, but Fastmail can access all your data.
- Features – Includes a built-in calendar, contacts, notes, and file storage along with full text search of all the above.
From this list, we can see that Fastmail is not a good privacy choice. The service does not provide end-to-end encryption, which means that employees (as well as local governments) may access your unencrypted data. And neither Australia nor the United States (where New York City is located) are very supportive of online privacy.
I find that suggesting alternatives to Fastmail is a little bit awkward. That’s because I don’t really see a practical niche for the product. Now don’t get me wrong. Keeping your data out of the hands of mega-corporations like Microsoft or Google is a great idea.
But if you are going to switch from Gmail, Outlook.com, or similar services, why would you switch to a service like Fastmail that doesn’t provide real privacy? Services like Tutanota and ProtonMail are continuously adding features like Calendars and the ability to search your data, while also eliminating the need to trust them not to read your stuff themselves.
Fastmail review conclusion
Is Fastmail a good choice for readers of RestorePrivacy.com? That depends on your threat model. If your only concern is that a mega-corporation like Google or Microsoft doesn’t mine your email messages for advertising purposes, then Fastmail could be a good choice.
If you are looking for a secure and private email service that doesn’t rely on trusting the company’s employees, you might want to start your search for that secure and private email service by reading this ProtonMail review of this Tutanota review. We think you’ll like what you see.
And here is our complete list of secure email reviews, should you wish to explore other options:
This review was last updated on May 7, 2022.
Stay away from this fraud company. They will take your money and lock your account. Worst service ever!!!
Fastmail is GREEDY
I registered for 30 day trial. Added custom domain. Email alias with my custom domain.
Everything went smooth. No errors, alerts or hints.
Tried deleting an email alias. This is when things started to go south. I got the error, “You cannot delete aliases on trail account”. Tried deleting my domain “You cannot delete your domain when there are aliases attached to it”. Basically, they are saying, “Pay me money to remove or releaae your domain or your aliases”. They basically trick you into registering and then block you.
Being a retired Sr. IBM iSeries programmer and consultant, I have used Fastmail for more than 15 years and have found it dependable and superior to virtually all other Email providers. Email is all they do and it shows in so many ways with their continuous improvements. How and why Gmail is so highly rated is beyond me. Google/Alpha One is nothing more than a devouring leech in the high technology landscape!
I completely agree. I’ve been using it for years too and have never had an issue. The iPhone app has been flawless for me as well. Nothing to not love about Fastmail including the Cloud Storage that is included and so easy to use.
Paying Fastmail customer here since 2014…
Great that the product is still being improved upon, but the support / billing issues are less satisfactory.
Support: Opened a ticket last week and waited 48h for a reply. Ehhkm. They did it better few years ago.
Billing: I scanned my billing history and it runs every year from April until April the following year. So in April 2020 they charged me until April 2021. So far so good. However in October 2020 they migrated my account to the newer plan (Standard) and charged me for 6 months… I don’t remember I was informed about this charge at the time, also seems a little bit excessive. So this is how business losses a trusted customer: unexpected $25. Greedy.
You’re wrong in one part of the review.
Fastmail does NOT store your data in Amsterdam. They did long time ago but stopped it and went back to US only. (I think because of European law).
Thanks, I got that sentenced fixed now.
I’ve been with Fastmail for almost 20 years from the onset. During this time, I have found them to be secure and helpful. The only problem is a breakdown of their original customer service from the old days.
This review indicates the reviewer has a fundamental misunderstanding of security.
This claim is false: “The Fastmail model requires you to trust the employees of the company since they have the ability to read your messages. With a service like ProtonMail or Tutanota, it is literally impossible for them to read your messages.”
It implies ProtonMail is better but in reality, if you use the ProtonMail over the web (that is anytime you access your account with a browser) you trust the employees of the company because it gives them the ability to read all your messages, INCLUDING your PGP-encrypted messages. I just looked and this is explained in the paper that is linked to from the ProtonMail review on this very site, by reviewer Heinrich Long (who is not the author of this review – that’s Sven Taylor). The paper is ‘An Analysis of the ProtonMail
Fastmail isn’t perfect. (I lost my sent mail once because I deleted it accidentally, and though they were able to restore it, I didn’t realize I then needed to move the restored email from the restored folders into my normal folders in order to retain it.) But like the aptly named PGP, it’s Pretty Good at Privacy.
I have been a customer for over 10 years (Proof: I’m providing a FastMail DEA in the email field as I leave this message). In my extensive experience, the product and support are very good – both are unparalleled, IMNSHO.
They also provide the best IMAP (and JMAP) support around so PGP, the standard in email privacy, is very well supported. I use it with Thunderbird (open source, from Mozilla, the folks who make Firefox) app when I want to use PGP.
Yes, we have seen that paper and agree with its points.
I deleted that sentence from the review as I believe any “secure email” can have flaws and can be compromised in a number of ways, contrary to what was originally written when this review was first published a while back.
you posted on 2020-12-07, and a recent tests i’ve done among mailfence / protonmail / fastmail around 2022-09-21 found the same problem is still true.
subfolder can be created in protonmail, but limited only to 3 nested folder max, which is an annoying limitation when i was trying to import emails from other accounts like you did.
fastmail is definitely still the best in GUI design, performance and robustness among other competitors, the difference is huge to the extend that, at least at the meantime, i’d rather compromise to use a much better product in a daily basis than having to tolerate the many glitches for privacy.
the major upgrade on protonmail earlier has just put too much focus on the GUI rather than other essential functions, and did not really worth their effort.
I used Fastmail.fm back in college. Didn’t access my account for a time (life has a way of keeping you busy) and when I went to try it again during some free time I found my account was gone. NO warning, in fact NO communication from them at all (back then you had to supply a back-up email address). Tried to resolve the issue via Technical Support to no avail. Finally I just gave up.
I suggest that it would be better to state that Fastmail can be equally as secure as other option if used with the proper tools. In addition the alias and now masked email options offered by Fastmail are superior to the suggested alternatives.
Something that would make Fastmail more privacy friendly would be if it provided a Web Key Directory or Service for those of us that want to use openPGP with Fastmail. This is possible with a custom domain, but it is not currently possible with Fastmail’s domains.
are there instructions anywhere on how to set this up (WKD) with custom domains in fastmail? – I’d like to read about it/test it out. Thanks
Is it really a “con” if FM doesn’t offer a crypto payment option? Seems something that the review can point out, but it seems extreme to call it con, IMHO.
I have used Fastmail for almost 9 years. Tried different e-mail services but find myself always go back to Fastmail. I think it’s the most developed e-mail service that can be found. Everything is flawless going between e-mail, notes, calendar, address book.
There is just one thing I miss from a security view, and that is being able to send self destructive mail. The reason is that security for me is about the receiver of the message. If I send a message to someone that uses gmail or any other e-mail service for that matter, my sent mail is saved forever.
The receiver can just screenshot the email anyway. There’s no such thing as receiver-based security.
The support for FASTMAIL is insanely BAD. Borderline rude in action. You’d be a fool to go with this service. I know / I AM, I’m a paying customer. 🙁 Hrrrrrrrrrrrrrrrrrrrrrrr…………………..
I’ve had Fastmail for years. Sure, privacy and security are important, but as the review says, your threat model is important. If any government is reading my emails, then the bad guys are getting away. If any Fastmail employees are reading my emails, then they must be pretty bored, and it will only get worse.
There’s no reason to believe Fastmail is going out of business. It has a solid product; I assume it’s a solid business. Plus if you set up a virtual email address, you can change providers if you ever decide to do that without changing your email address (as long as the provider you go to has that functionality).
Finally, I’ve had no problems with customer service. They’re always gotten back to me quickly. I may not always get what I want, but they take me seriously and respond.