Fastmail’s post is less a product announcement than a state-of-email essay. It says email is not going away, argues that sender authentication is now mandatory infrastructure rather than optional hygiene, and positions AI as the next force shaping inboxes. The concrete points are familiar: SPF, DKIM, and DMARC help prove that a domain is authorized to send mail, BIMI may make trusted senders more visible, and AI assistants will increasingly summarize, triage, and even act on messages. Fastmail also tried to calm customers by saying it is not silently running AI over their inboxes, and that its MCP endpoint is only there if users explicitly connect their own agent.
Most people thought the piece overpromised and underdelivered. The headline sounded like a major Fastmail or
JMAP announcement, but the article mostly restated well-known authentication basics and folded in some vague AI positioning. That disappointment set the tone. The useful part of the conversation came from practitioners filling in what actually matters now. Several people said Google and Yahoo’s stricter enforcement was good for the ecosystem because it finally forced large, messy organizations to clean up years of broken or decentralized mail setups. Others pointed out the limits of that progress. DMARC helps with spoofing, but it does nothing when attackers abuse real services like PayPal, Stripe, or ticketing systems to generate perfectly authentic phishing mail from real domains. It also does not help when abandoned subdomains or third-party integrations are taken over and turned into DMARC-passing attack paths.
The discussion also landed on a blunt reality about encrypted email. A lot of people want end-to-end encryption, but the practical objections were stronger than the nostalgia for
PGP. Modern email is already encrypted in transit with Transport Layer Security, so end-to-end encryption mainly removes visibility from intermediate providers while leaving metadata exposed. In exchange, it breaks server-side spam filtering, search, webmail convenience, and key distribution at internet scale. That matched a broader view that email remains a durable but compromised utility. It is good enough to survive, hard enough to modernize, and increasingly shaped by a few dominant providers whose policy decisions become de facto standards.
Outside protocol mechanics, people were especially animated about the miserable user experience around banks, healthcare, government, and insurance “secure message centers.” The complaint was not just inconvenience. Those portals fragment records, make backup and search worse, and often hide routine notices behind app logins and vague alerts. A few commenters with compliance experience pushed back that this is not simply security theater. In healthcare especially,
HIPAA and Business Associate Agreement requirements can make ordinary email legally awkward even when encryption exists, which explains why so many organizations default to portals. That makes these systems likely to persist regardless of whether email gets technically better.
Fastmail itself came off relatively well despite the weak article. Existing customers praised its reliability, aliases, JMAP support, and lack of forced AI. But there was also frustration about mediocre spam filtering, phishing from Fastmail-hosted accounts, and the steady erosion of self-hosting and small-provider viability as deliverability becomes reputation-driven and large mailbox providers set the rules.