Comment by k_roy
2 years ago
I think you are missing the point by a mile.
Their whole spiel is about "privacy first". https://www.fastmail.com/privacy-first-company
I don't even use my @fastmail.com address. I have like 6 domains that I use for various things, and a single domain for one-time/throwaway/order emails via 1Password integration.
I just verified every time I send an email, my main @fastmail account is attached in every email.
I don't care about people knowing my email, but security isn't the point or even the concern.
If I'm using an alias, I don't want account A associated to account B, especially for a service I'm paying for to keep my email out of the hands of Google.
I was mainly responding to OP’s claim that this is “a security leak”. Likewise, from OP, I mainly understood that this was only an issue when giving a third party the headers of emails you have received.
However, you (and other commenters) appear to be indicating it’s also in the headers of all sent emails?
I’ve been using Fastmail for nigh on a decade, however if this turns out to be true, I may accelerate my migration towards Migadu.
Migadu and don’t look back
This is a bit of an interesting take from: https://www.migadu.com/procon/
"We could enable 2FA on the webmail, but IMAP/POP/SMTP accesses remain unprotected which beats the purpose. We are working on solution here which will allow sand-boxing a username/password pair to a webmail use only."
That's an incredibly misguided sentiment
3 replies →
How did you verify this? That isn’t the issue being reported, the header is attached to your inbound mail.