Shutting down our XMPP chat service

Quick summary: We’ll be closing down our XMPP chat server on 31 January 2016. For users with a FastMail domain account (e.g.,, etc), XMPP messaging with your account will be unavailable after this date. If you have your own domain for your account, you’ll have to find an alternative XMPP server and change your SRV DNS records as appropriate if you wish to continue using XMPP with your domain.

The full story…

For many years we’ve supported XMPP, an open standards chat protocol, both for users in FastMail domains (e.g.,, etc) and for users bringing their own domains. Recently we’ve had to review this support, and after some internal discussion, we’ve decided to decommission the service.

When we started, XMPP looked like it was going to be a open protocol supported by many of the biggest players, with “federation” support meaning users on different services could talk to each other, just like with email. Over the last few years however, that dream has evaporated. Google has replaced Google Talk (which supported XMPP) with Google Hangouts (which doesn’t). Facebook removed their XMPP chat interface and replaced it with their Platform API v2.0. No major vendor seems to have XMPP support these days, massively reducing the overall XMPP user base that can be interoperated with.

This has removed most of the major use cases for XMPP. For person-to-person messaging the vast majority of people are using either large platforms (such as WhatsApp, Facebook Messenger, iMessage, etc.), or niche privacy focused platforms (such as Telegram, Whisper etc.).

For intra-business messaging, most companies seem to be sticking with proven multi-user protocols like IRC rather than XMPP Multi-User Chat (MUC), or are moving to more sophisticated proprietary collaboration platforms like Slack.

Meanwhile, our XMPP service is now somewhat behind the cutting edge, and lacks support for many of the recent XMPP extensions that the dedicated XMPP users are now beginning to request.

So it is perhaps not surprising that reviewing our logs revealed only a few hundred users (yes, only two zeros!) are still using our XMPP service at all.

As a company, it’s hard to say “no” to our users, but in order to provide the best possible service to as many people as we can, we have to focus. And right now, it does not make sense to devote our finite resources to the considerable work required to bring this up to standard, given the very low current use and grim future outlook for XMPP in general. Leaving it running in the current state is not really an option, given the significant demands in monitoring and maintaining availability, and dealing with support requests.

We still feel chat is interesting, but as a service it doesn’t gain much from being integrated into your email, unlike for example a calendar (our most recent major addition). We believe that there are other services we can focus on in the near-to-medium future which will provide greater value for our customers, and gain more benefit from integration with your email and calendar.

So on 31 January 2016, we will be shutting down our XMPP server. For users with a FastMail domain account (e.g.,, etc), XMPP messaging with your account will unavailable after that date. For users with their own domain, you’ll have to find an alternative XMPP server and change your SRV DNS records as appropriate if you wish to continue using XMPP with your domain. We can continue to host the DNS for your domain, but you’ll have to find the appropriate SRV records for your domain from your new XMPP provider.

Posted in News. Comments Off on Shutting down our XMPP chat service

DDoS attack may lead to potential service disruption this week

On Sunday, 8 Nov 2015, at around 01:08 UTC, FastMail was hit by a DDoS attack that briefly made some services unavailable before we enabled mitigation strategies to block it. A further attack followed on Monday, 9 Nov 2015 at around 00:34 UTC. These attacks were accompanied by an extortion demand that threatened further attacks this week if we did not pay the attacker 20 Bitcoin (approximately US$7500).

First of all, we would like to make one thing clear. We do not respond to extortion attempts, and we will not pay these criminals under any circumstances. We have dealt with DDoS attacks before, and have recently been strengthening our defences to deal with such issues. However, there is still a chance that the attacks will cause some disruption for our users, so we are publishing this as an advance warning and to give as much information as we can on what to expect.

What is a DDoS attack?

A Distributed Denial of Service attack is where a criminal uses a large number of computers, “distributed” all over the world, to flood a particular site with requests. If they can send enough requests to use up the target’s resources, legitimate users are unable to get through and the site appears to be down.

Please note, even in the event of a successful attack, this does not lead to your data being compromised or any mail being lost. It is like being unable to get to your post box because a huge crowd has formed around the front door of the post office. The mail is still safe inside and any new mail will be delivered once the crowd has gone.

Why would someone attack FastMail?

Over the last week, several email providers, including Runbox, Zoho, Hushmail and ProtonMail have been hit by large scale DDoS attacks, accompanied by an extortion demand from the attacker to stop. The goal of the attacker is clearly to extort money in the hope that the services will not be prepared to deal with the disruption. With one exception where ProtonMail paid the criminals and was still attacked, we do not believe the extortion attempts have been successful, and we fully intend to stand up to such criminal behaviour ourselves.

What is FastMail doing to stop it?

Primarily we are working with our data centres and upstream network providers to enable strong controls at every stage of the network to ensure attacks are blocked and legitimate traffic will continue to get through. We also have preparations in place for mitigating various other DDoS scenarios, and are ready to adapt to whatever form of attack might come through.

We have also notified CERT (Cyber Emergency Response Team), the Australian federal agency for dealing with cyber attacks, and we are working with relevant Australian and international law enforcement to provide them with details of the attack.

What can I do?

Primarily we appreciate your patience and understanding should we experience service disruptions this week. We respect that you pay us to deliver a rock solid service and we will do our utmost to do just that. In the event of any service disruption, we will be providing full details of our current status on our Twitter feed and status site.

Posted in News. Comments Off on DDoS attack may lead to potential service disruption this week

Classic interface moving to

Since we released our new interface over 3 years ago, the vast majority of users have moved to using it and love the improvements that it has brought.

In a small but regular number of cases however, people are accidentally logging in to the old classic interface when they wanted to log in to the new interface. This tends to cause confusion and unnecessary support tickets.

To make it clearer, we’ve decided to separate the login screens for the current interface and the classic interface by putting them on separate domains. So from Monday, 23 November 2015 you will only be able to log in to the regular interface at To log in to the classic interface, you will have to go to is available immediately, so if you’re a classic interface user, we recommend you go there now, bookmark it and use it going forward.

Posted in Technical. Comments Off on Classic interface moving to

FastMail acquires Pobox and Listbox

We’re delighted to announce today that FastMail has acquired the email services Pobox and Listbox.

FastMail will continue to operate Pobox – which provides email forwarding, filtering and domains services – and email service provider (ESP) Listbox as normal, with no significant changes planned for the immediate future.

As one of the few email providers older than FastMail, we have always had a great respect for the Pobox team’s excellent service and deep understanding of email. Our teams share similar philosophies, and we look forward to bringing that talent on board to help drive new research and development in email hosting and associated services in the future.

The Pobox customer-first approach makes a very good fit for FastMail, and our interface and apps will provide a better experience for their Mailstore customers. The Pobox mail service will also benefit from FastMail’s existing server infrastructure, with its impressive reliability, redundancy and security.

FastMail is a wholly privately owned business headquartered in Melbourne, Australia. It was founded by Rob Mueller and Jeremy Howard in 1999 and is the choice of businesses and professional email users around the world.

A press release regarding this acquisition is available for media use.

Posted in News. Comments Off on FastMail acquires Pobox and Listbox

Announcing CalDAV Scheduling support for clients

Since we released our calendar service last year, one of the most requested features has been support for scheduling in CalDAV clients.  This feature allows users to send invitations and RSVPs directly from a CalDAV client while creating or updating calendar events.

We are pleased to announce that scheduling support is now enabled for all CalDAV users at FastMail.

This new feature allows your calendar client to:
  • create a new event with attendees from your computer or mobile device – invitation emails are automatically sent to all attendees
  • update your participation status to an event in your calendar – an RSVP email is automatically sent
  • change date/time of an event where you are the organizer – updated invitation emails are automatically sent to all attendees
  • delete an event from your calendar (or an entire calendar containing events) – appropriate emails (a cancellation if you are the organizer, or a “not attending” RSVP if you are an attendee) are automatically sent

There is no setup required. If your client supports adding attendees or updating RSVP status (pretty much every CalDAV client, including all Apple products), then our server will do the rest.

We have setup instructions for some of the more popular clients in our documentation.

And we’re not done with calendar yet!  Next on the roadmap is support for automatically updating your calendar by processing incoming email invitations and RSVPs from trusted senders.
Posted in Feature announcement, News. Comments Off on Announcing CalDAV Scheduling support for clients

CardDAV – your contacts, everywhere you need them

After much work and testing – and then some more work and testing – we’re delighted to announce the release of CardDAV support in FastMail. With CardDAV, you can access your FastMail contacts on your mobile phone, tablet or smart watch, with any changes you make on any device kept in sync – just like IMAP works with your email.

This is available now for all Full, Enhanced or Premier personal/family users, and all Standard, Professional or Enterprise business users. Setup instructions for iOS, Android, and more can be found in our help. If you have a Lite or Basic account, or legacy Guest/Member account, why not upgrade today to get access to CardDAV and so much more?!

For the technical minded amongst you, here’s a brief history of how CardDAV came to be at FastMail.

CardDav – a development history

In mid-2014, not long before we released our calendar, we started seriously working on building CardDAV into our contacts system. We knew we could use a lot of the technology already developed for our calendar, as the CalDAV protocol has a lot of similarities to CardDAV.

With Carnegie Mellon University (the original developer of Cyrus IMAP) adding support for CardDAV to Cyrus, it looked like it would be fairly straightforward to change to this for our contacts storage. We knew it had to be done carefully – contacts are an important part of our mail delivery processes as well as the user interface (they’re used as part of spam recognition and filtering rules). But knowing our own systems well it didn’t seem like it would be too difficult.

We started by making the contacts code support other storage mechanisms, instead of being tied to our MySQL database. With that in place, we wrote a CardDAV connector and hooked it up, and voila! Our contacts were stored alongside mail and calendar data in Cyrus. There was some tweaking to make sure that the quirks of different CardDAV clients could be represented properly, but the core code seemed pretty solid in testing.

To help us understand where things could go wrong, we needed to gather feedback from real users, so in December last year we made this available to customers in a beta release. That’s when we started getting reports of certain contacts operations being extremely slow with large address books. Clearly we weren’t quite production ready.

After a lot of testing and analysis, we discovered that performance was significantly affected by constantly converting between the CardDAV format and our own internal formats. We needed to step back and reevaluate.

As it turned out, we already knew what we needed: JMAP. We realised that if Cyrus supported JMAP for contacts access, then our client could use it directly and we’d never need to cache or manipulate any data in between. This turned out to be an enormous amount of work, as a lot of the data conversion code that we’d already built in our middleware had to be re-implemented in Cyrus itself. But, it was worth the effort, resulting in a much simpler and faster architecture.

With the performance problem fixed, we were able to look at the second stage of the beta: making CardDAV available to our business and family account users. These have a second address book of contacts, shared between all users in the account. We wanted both shared and personal contacts to be available via CardDAV, which meant separate address book collections. However, both types of contacts still had to be visible in the web client, which presents a single unified view of shared and personal contacts.

To do all of this properly, we first had to build a new layer between the web client and Cyrus to transparently handle manipulating contacts in two address books at the same time, including moving them between those address books. Then it was time for more testing with our brave beta users, and finally, when we were happy, migrating all users over to the new CardDAV backend.

While it’s taken a considerable amount of time to get right, we’re very satisfied with the end result. We think it’s been worth the wait, and we hope you do too! As ever, we’d love to hear what you think via our support team or on Twitter.

Posted in Feature announcement, News. Comments Off on CardDAV – your contacts, everywhere you need them

iOS app – now with 1Password support!

We are pleased to announce a new version of the FastMail iOS app that includes one of our most requested features – 1Password support!

This release also fixes issues with being unable to paste into fields and improved form handling when the keyboard is visible or device is rotated.

If you have 1Password installed on your iOS device then you will see a 1Password button in the login screen.


Pressing the 1Password button will display the activity popover (popup on iPad) which will include the 1Password icon if you have enabled it:


If it is not enabled, touch the bottom ‘…More’ button and turn on 1Password:


and touch ‘Done’ – 1Password should appear in the list. Additional information on setting up 1Password can be found on the AgileBits site.

More information about the FastMail app is available in our help.

Stay tuned for more exciting features and improvements to the app!

Posted in Feature announcement. Comments Off on iOS app – now with 1Password support!

Get every new post delivered to your Inbox.

Join 7,293 other followers

%d bloggers like this: