How about they fix their long-standing security issues first. Particularly their DMARC is set to "p=none" which is essentially disabled at a time large providers are mandating properly functioning DMARC. Anyone can spoof email account of other Fastmail users (1). Their #1 job is email, yet Fastmail has poor security scores still in 2024 (2). MTA-STS should be enabled for any competent email host.
You cite a 5 year old post. We have improved things since then. You can't spoof other people through Fastmail any more, we verify permission to send as any address - either through your account owning the domain or alias - or by authenticating the specific address by confirming you can receive an email there.
If you have your own domain, you can set whatever DMARC policy you like on it. We'll DKIM sign your email for you if your domain is configured to use the keys we create for you, or do your own outbound email as you want.
Also the whole thing about STARTTLS is bogus - that site says "Unable to determine STARTTLS status" - too right. Because we're not listening on those ports. Because that's less secure that only allowing the SSL/TLS ports.
Today, many email services, including Fastmail, now disable plain text IMAP and POP logins entirely on ports 143 and 110, leaving encrypted connections on ports 993 and 995 as the only option. This makes sure all clients use encrypted SSL/TLS connections to protect sensitive data.
Your summary of the situation is not accurate. You can quibble about their choice of DMARC setting, but IMO it's the correct choice and best for customers. Your link says "Unable to determine STARTTLS status" -- which doesn't mean anything.
Fastmail has an excellent security track record.
(Disclosure -- I'm the founder, but I haven't worked there or had a financial relationship with Fastmail for many years.)
If you have your own domain, you can set whatever DMARC policy you like on it. We'll DKIM sign your email for you if your domain is configured to use the keys we create for you, or do your own outbound email as you want.
Also the whole thing about STARTTLS is bogus - that site says "Unable to determine STARTTLS status" - too right. Because we're not listening on those ports. Because that's less secure that only allowing the SSL/TLS ports.
We have written about our reasoning here: https://www.fastmail.help/hc/en-us/articles/360058753834-SSL...
The key paragraph is this:
Today, many email services, including Fastmail, now disable plain text IMAP and POP logins entirely on ports 143 and 110, leaving encrypted connections on ports 993 and 995 as the only option. This makes sure all clients use encrypted SSL/TLS connections to protect sensitive data.
(Disclosure: I'm the CEO at Fastmail)