mailbox.org is an OK e-mail provider

2023-01-06 00:00:00

I’ve been a mailbox.org customer for 1.5 years. It has its quirks. Currently I’m paying for the “Standard” tier private account. It includes custom domain support and costs 3 EUR/mo at the time of writing.

My problems with mailbox.org

Private account invoice woes

They can’t send me an invoice containing my EU VAT ID for tax writeoff purposes.

The reason is that I’m using the cheap 3 EUR/mo private account plan, rather than their 25 EUR/mo business plan. In the business plan account settings view, there’s a field for the VAT ID, which is missing in the private counterpart.

mailbox.org support said I can try putting the VAT ID into an unrelated field like “Address”. If I followed their advice, my address would appear as “Smith Street 3 VAT ID: 123123123” on the invoice.

No thanks.

EDIT: This is fixed as of April 2025 - https://mailbox.org/en/news/the-new-login/

Here’s an excerpt from Mailbox’s 2FA guide (see the “Use case scenario and considerations” expander):

You must log off before closing the browser window to end your session. Make it a habit to do this, even if you don’t use OTPs. If you forget to log off, you will see an error message the next time you‘re trying to log on.

To summarize:

Log into mailbox.org through the web ui
Close the tab
Try to log in again

That will make you get an error saying “There was a problem authenticating”. To fix it, you must log out then log in again - that’ll let you in normally.

The only way of preventing this is getting into the habit of pressing the “Log out” button when you’re done with the web app. If you forget just once, you’ll face this issue again the next time you try to log in.

Using the web app is more secure thanks to support for two factor authenthication. You can even disable all other access method in the settings. I can’t imagine anybody ever using it - given the issue I just described - though.

Unexpected 2FA solution

EDIT: This is fixed as of April 2025 - https://mailbox.org/en/news/the-new-login/. There are also now separate app passwords for IMAP,SMTP and WebDAV. You may be used to this 2FA login flow from other websites:

Type in e-mail and password
2FA prompt appears asking to touch hardware token or to input one time password

In Mailbox, it works like this:

During account creation, you set a regular password, like “hunter2”.
Later, if you decide to set up 2FA, you’re asked to input a PIN, like 1234
After 2FA setup, your web app password changes to PIN+OTP, so e.g. 1234 77777
Your IMAP/SMTP password is still “hunter2”, because 2FA is not possible to support there

The worst thing about this approach is that it’s unexpected. You set up 2FA, and you suddenly can’t log in.

Conclusion

Mailbox.org is crusty and broken in some ways.

It’s the top recommended mail provider on privacyguides.org that ticks all their criteria, so you may be expecting some fancy silicon valley startup type webapp, like Hey or Fairmail

But actually it’s the okayest mix of:

jank
it’s regular fucking e-mail, IMAP and SMTP just work
ok price
unexplainably broken sometimes
will sometimes tell authorities to fuck off
not based in surveilance dystopia (imagine using Fairmail that’s based in Australia)
compromises and puts in effort to hack open source solution so it can keep it as a foundation (mailbox’s settings panel looks like it was just hacked in into OpenXchange’s UI - it’s just an iframe probably)
visibly german (pay for account with cash by mail to stay anonymous? bro)

I’d really like to make this decision based on some cold hard facts, but I’m not. It just feels to me like a small company with values that’s trying. Contrary to the silicon valley web app email, it feels very “slow software” as in “slow food”.

Sure, maybe during the last 1.5 years I’ve never seen a feature added that I could use. They added some video conferencing solution etc., but that’s more for their business customers so they can keep the cash flow. But I just want to use boring SMTP and IMAP provided by someone who’s not a data blender sociopath