Further experiences with mailbox.org

It has been more than a year since I published my article “Six months with mailbox.org” and it remains a very popular post here on my personal blog. Time to write a little update about some further experiences and shed some light on more of their features that I/we didn’t use when we first began to use the service.

Groupware Features

Since calendar sharing beyond mailbox.org’s servers isn’t possible, and my wife was still using GMail, we needed to change something to be able to share calendars again – which meant moving her to mailbox.org, of course. :-} (I’ll abbreviate mailbox.org as MBO from hereon.) I switched my account to the “Mail XL” plan as a first step, to be able to use the groupware features with her, and then created an account for her (which also needs to be on the “Mail XL” plan, of course).

This means going from 1€/month per user to 2.50€/month per user – the total cost for the two “family accounts” being 5€/month then, instead of 2€ for two individual accounts. Nothing unexpected of course – but a 150% price increase to get the sharing features is somewhat steep.

Also, while the two accounts are connected “somehow” through the back-end (I had to create my wife’s account through my own account initially to make sure of that), they remain individual accounts from a billing perspective – which means that my wife has to pay for her account (well, in reality I do it, with my PayPal account), and I pay for my account, separately. I wish it was possible that the “originating” family account (mine) would become the “admin and billing” account. I know that this is a feature of MBO’s “business” plans, but they start at 25€ per month and include 50 users (which btw. translates to 0.50€ per user… ahem). Setting private and business accounts apart by the central management and billing feature feels like forcing the differentiation a little bit.

The functionality itself is very nice. Beyond our calendars, my wife and I now also share common address books for contacts like contractors and handymen, as well as certain email folders. That’s something we had not done before when we both used GMail with individual accounts. It is a welcome addition that reduces redundancy and helps us stay organized.

Oddly though, some of the sharing functionality depends on what type of sync method you’re using. We can see each others calendars only when we’re using CalDAV. It doesn’t work with ActiveSync (but then again, who wants to use Microsoft’s proprietary protocol when an open and free alternative exists?). I had to switch the account setup on my wife’s phone for that.

Drive (online storage)

We’re not using MBO’s file storage at all – the included 200MB of storage space aren’t really useful for anything else but temporarily storing a small number of files for sharing. That’s particularly odd because the mail quota is 5GB. Using the available storage space combined (letting me fill the space up with either files, or mails) would make the utmost sense, and 5GB of storage space would at least put MBO on-par with the free offerings from Dropbox and others.

Interestingly, it’s possible to add third party cloud storage services into the web interface: Dropbox, Google Drive, OneDrive and Box. Tresorit, the secure cloud storage service that we’re using, is not included though (I guess Tresorit’s end-to-end encryption makes it problematic or impossible to add a third party via an API? I have no idea).

Sync (in particular, contacts)

I gave up using Thunderbird almost entirely – I’m only using it to download older message archives to store them locally on my computer (I’ve made that a habit already while I was still using GMail, because I don’t want all of my email conversation history stored on “some server, somewhere” – call me paranoid, but that’s one of the reasons why I am a mailbox.org user).

And the reason for that is primarily contact syncing. I don’t know what’s at fault here, the somewhat crummy “SOGO connector” for Thunderbird, or the CardDAV protocol itself. I just could never sync more than two email addresses for a contact. It does work when my iPhone syncs with MBO’s servers via CardDAV, so I’m suspecting the SOGO connector, but who knows. It was enough of a nuisance for me to give up Thunderbird, and begin using MBO’s (Open Exchange based) web interface.

Which works surprisingly well. Yes, it’s missing the bells and whistles of GMail (canned responses, labels, automatic mail classification, keyboard shortcuts, or a “filter messages like this” assistant to create a custom filter – and most of all, a threaded conversation view), it can’t be customized with plugins like Thunderbird, but there’s always “good” and “good enough”, and MBO’s web interface is good enough for me.

I’d like to add that it is hugely important to set the iPhone’s default account for contacts to the MBO account – otherwise all contacts created on the phone remain local to the phone. Been there, done that. 😛 For whatever obscure reason, my iPhone “fell back” to using locally stored contacts – it forgot the default contact account setting! Luckily, I had only created only some five new contacts on the phone when I noticed it.

Spam filtering

UPDATE, June 2017: mailbox.org has added user controls for their spam filtering mechanism as a “work in progress” in May 2017 – the options are described in a new article in their knowledge base: Customizing your mailbox.org spam filter settings. My concerns have all been addressed with these options, and everything below is outdated.

Now this has become my main critique with MBO. Initially, I was extremely fond of mailbox.org’s very strict approach to spam filtering: they are rejecting potential spam in the delivery phase of the mail exchange. The effective amount of spam that I see is close to zero. Sounds great, right? Absolutely. Unless you’re getting false positives, of course. And that’s what happened to me in some cases where it really didn’t make me happy.

The question is when do false positives happen, of course – and in the cases where it affected me, it was clearly a misconfiguration of the mail server on the sender’s side. While that is unfortunate, it does happen and should be taken care of by the sender’s server administration.

Reality though is… uhm, a bit different. For example, while a “helo mismatch” may be a strong indicator of a potential spam mail, it isn’t always (it’s a misconfiguration) and thus, this signal alone shouldn’t lead to a message being rejected as spam. But that is happening with MBO’s current configuration.

In one case, a company sent me a return authorization for a piece of hardware that needed repair. It didn’t go through and the person in charge got an error messge. Thankfully, I had left my phone number with them and they called me. Needless to say, they didn’t know exactly what the cryptic error message returned to them means. I told them to use my old GMX account instead, where the message went through (and wasn’t identified as spam, I’d like to add).

In another example, someone who wanted to license one of my photos used the contact form on my website to contact me. I replied to the mail address they provided (in other words, I was the one who initiated the direct conversation, since the first contact went through my website’s contact form), and then their reply got rejected by MBO as spam. Luckily, the sender was “computer savvy” enough to understand what the bounce message said this time, and used another email address for his reply – but I doubt that this is true for the majority of email users. I mean… do you understand what this means?

host mxext1.mailbox.org []
 SMTP error from remote mail server after RCPT TO:<xxxxx>:
 550 5.7.1 <xxxxx>: Recipient address rejected:
 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to
 correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo:
 webcloud.xxx.com, MTA hostname:
 server-29-r27.xxx.com[27.xxx.30.xx] (helo/hostname mismatch)

From my own experience (working in IT for 10+ years in Germany) I’d say that a lot of people don’t understand much of this server-gibberish, are perhaps a bit irritated – and when they don’t get a reply within a day or so, just move on and find someone else to work with.

And a third example – one of the WordPress plugin developers I’ve been working with almost never gets a message through to me. He’s using Comcast, and all he gets back is “Delivery {…} failed permanently. Reason: Permanent Error” – try explaining to an internet behemoth like Comcast that their mail servers aren’t following RFC specs – when you’re not even their customer, but the recipient of an email…

If I had a choice between MBO’s “zero spam” approach and a less rigid filtering, combined with a more conventional “Junk Mail” folder from where I can retrieve false positives, you bet that I’d choose the conventional spam-filter – yes, fully aware of the legal implications.

A false positive in a Junk Mail folder can be retrieved, a false positive that was rejected is a message that I have no chance of even knowing about, and that’s a problem for me. I think it’s easier (and by now good practice) to keep people’s inboxes clean, but teach them that they must check their Junk Mail folder regularly, rather than rejecting messages entirely. Two false positive rejects are two too many for me.


I can say that the response times from MBO’s support have improved, but all in all, they’re nowhere near an acceptable level for me. Currently, the response times still appear to be in the range of 3-4 days (yes, days). Once more, I’m looking at my domain hoster, where I pay $8 for my entire domain hosting per month (which includes WordPress, PHP, MySQL, and so much more), and I get a response from their support in less than 30 minutes. Now I’m not expecting that from MBO, but it’s a paid service after all. I’d expect a useful response within 24 hours of sending a message to their support.

Also, it really irks me that I’m getting “techie” responses, justifications and “challenges” from their support – both via individual support, and in their newly created support forums (where users can help each other, but staff will also participate). I’ve described my “false positive scenarios” to them, kindly requesting that their configuration and setup should perhaps at least be discussed internally, but I’ve just gotten nowhere – “we’re doing it our way, eat it” was the response, essentially. That’s unfortunate. I understand that I’m a small potato, but a company like mailbox.org who is essentially serving a niche should give me the feeling that they listen – instead of justifications, declarations, and discussion of principles.

One quite noteworthy discussion in their forum was around the spam filter, and turned into the benefits and potential problems of Greylisting. The negative experiences I had with it in the past were not with mailbox.org but with a different Greylisting system on a different server system altogether – and I guess I didn’t make that clear enough. So the discussion seemed to go waaaaay way off topic at that point because MBO is a huge fan and defender of Greylisting. I left a light-hearted comment to provide an out, and then another, but no, like a pitbull with locked jaws, MBO kept going after me with passive-aggressive corrections and accusations.

I appreciate the passion that shines through here, but when their support indirectly declares that I’m talking nonsense, in a quasi-public discussion in their support forum and dismisses my own personal experiences as invalid, it’s hard to not be personally offended by such behavior. I eventually told them that they should stop accusing me of talking nonsense, and left the discussion.

I’ve been to taught to never argue with a customer, because you’re never going to win that argument. I think that’s a lesson that not just mailbox.org, but a lot of tech support staff in general (and especially in Germany…;-) still has to learn.

Closing Thoughts

It’s a good thing is that MBO allows custom domains. I’m not using the @mailbox.org alias as my primary email address, but my own domain instead – which I own and control.

I think that’s something that always needs consideration when choosing an email provider: Email has become a de-facto standard for one’s digital identity (“before you can use your account, please verify your email address”). It is simply way too important for me to have an email address that I’m not entirely in control of – doesn’t matter if it’s GMX, GMail, Yahoo or whatever else.

I have no intention of leaving mailbox.org. Just to illustrate the level of confidence I do have in their service as a whole, I’m using three individual domain aliases with their system at the moment, and I’m retrieving another account’s mail into their webmail interface via IMAP. However, if MBO’s spam filtering keeps making me unhappy with false positives, I can move on and switch to my own hoster’s mail system without major interruptions (the biggest interruption will probably be explaining that to my wife;-).

5 thoughts on “Further experiences with mailbox.org

  1. Great post, thanks for giving the longer-term perspective. Do you know of any other German providers that allow custom domains and don’t have that issue with spam filtering?


  2. UPDATE, June 2017: mailbox.org has added user controls for their spam filtering mechanism as a “work in progress” in May 2017 – the options are described in a new article in their knowledge base: Customizing your mailbox.org spam filter settings. My concerns have all been addressed with these options, and everything below is outdated.

    Could you please be more specific about what did you change in your configuration? Also, are you still happily using mailbox.org as email provider?


    1. I’m still using mailbox.org indeed. One change I made was to change what happens with spam mails that had been identified based on content, from “Reject” to “Flag & Redirect” (to the Junk mail folder), where I can take a look at them.

      I also had the SMTP plausibility check turned off for a while (my initial critique was that it couldn’t be disabled) but honestly… it’s been too long, I can’t remember what exactly had happened, it’s on again now and I know of only one case where it got in the way.


Thoughts? Let me hear them.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.