Bug: Mailspring is an abandoned project.

[valentt]

Mailspring is unfortunately abandoned project, and their infrastructure is falling apart.

Emails from Mailspring are being filtered by security software because links in email (image in your signature and all other links) that link to Mailspring links which have expired certificate and are triggering security software to block those emails. But now the whole website is down so any links that you send don't work!!!

For example in my signature I have link to my home page for 3D printing service - https://3dtvornica.hr, but that link is encapsulated in Mailspring link that tracks if someone clicks that links or not:

https://link.getmailspring.com/link/ACF0D8FD-5BE5-4A34-8D58-8819FBCEF3EE@getmailspring.com/1?redirect=https%3A%2F%2F3dtvornica.hr&recipient=ZHVzYW5fdnJiYW5lY0B5YWhvby5jb20%3D

So this is complete failure.

I have tried to contact developer, yes there is only a single developer, but he is completely unresponsive.

This is a dead project and dead product.

I'm interested to find a replacement for Mailspring ASAP, today, so I'll dig deep into research and chose a better product that works that replaces Mailspring.

[CodeMouse92]

For anyone coming to this: please read the maintainer's own response:

https://github.com/Foundry376/Mailspring/issues/2231#issuecomment-746742048

[robclancy]

wtf things have been broken for months. anyone still paying is a fool

[CodeMouse92]

Is currently using Mailspring as the default mail client, with the (fully functional) premium features. No real complaints. (Came from the significantly buggier Evolution, Thunderbird, and Geary.)

[CarlosRebolledo]

@bengotow You must be overwhelmed. Mailspring is an email client for us users. Probably for you it is a son, a project or a living dream, which at times has been a nightmare. With respect and appreciation, I suggest you seek investors, ideally among the users themselves, without fear or fear. It will always be your email. Give it a spin, dare and remember that there is no harm that good does not come.

[CarlosRebolledo]

@bengotow te envié un correo.

[CarlosRebolledo]

@bengotow ??? Hola !!!

[PCPNIELSEN]

For me is there a bit of a back story to this. In 26th February '20 there was an issue (#1817 & #1811) were IMAP accounts could not be added. A release fixing this was released on 23th of April, so in about 2 months after.

Now Ubuntu 20.10 comes out, dependency is not meet and reported on #2154 on September 28. Akdor1154 from the community have a fix on 7th of December, which have been accepted a few weeks ago but is still waiting for a new release. And then there is +1000 other untouched issues.

I used Mailspring in business, and is a paying customer, I rely on the software and the support. I wanted a modern mail client that could work with Google Workspace and I wanted to deploy it to the few employees I have if it is was workable. When I signed up, I did not get impression that this was a one man project, but a product from the company Foundry376. Especially when you go on to the support page for Mailspring and when you go to foundry37.com you are meet with a team, I still get this feeling. And then add the yearly cost of 85 USD per user. This is a premium cost, which I am not ready to spend per user in the current state of the software.

When I read into this, I see a burned out person, fully understandable as this is not a product from a company but a one man thing, with a great project were the issues and cost of fixing this is larger than expected income due. I cannot provide the income, before I see better support.

An idea, not sure if it is workable in real-life. But maybe make a smaller cost for a "Mailspring Supporters Edition" which dont have the same features, like removing the trackers others are worried about and just want a modern looking client and price this version at around 10-20 USD per year and then make a award price for fixing issues, which could lead to a benefit for all.

[franktopel]

@CodeMouse92

Truth is, every time you so much as visit a website [...]

Opening an email is not visiting a website.

[bengotow]

Hey folks! Hope everyone had a safe and happy new year — I appreciate the thoughts and discussion here, and I'm excited to announce some big changes coming to Mailspring as we look into 2021! 🎉

Since I originally launched the project (by adopting and partially re-writing Nylas Mail) in 2016, the Mailspring community has grown by leaps and bounds. More than 250,000 people have tried Mailspring across Mac, Windows and Linux, we've added tons of features, translated the UI into 13 languages, and addressed and closed more than a 1,000 GitHub issues.

2020 was a super challenging year in a lot of ways, and development fell off and eventually stopped for the last half of the year. In 2021, I'm determined to return the project to a regular release cadence with bug fixes and new feature development, to elevate contributors who can help maintain it, and reduce our "bus factor".

To that effect, I'm excited to announce that I've brought on @CodeMouse92 (also in the thread above!) as a volunteer community manager! 🎉 He brings expertise in organizing online communities and will be a huge help tagging, triaging and taming GitHub issues. He will likely be restructuring our issue submission templates, process, and labels, etc. in the coming months. He's also a skilled developer and Linux user, and I'm super excited to have his help fixing bugs and more rapidly addressing problems on the Linux platform.

To better facilitate contribution, we're replacing the Mailspring community Slack with a discussion board (coming in the next day or two) that will be home to themes, plugins and conversations about issues and potential features. Our goal is to make it easier for developers and potential contributors to look at GitHub issues and find actionable ways to help by restricting issues to ready-for-development bugs, tasks and features, while giving questions, themes, etc. first-class categories of their own in a discussion forum.

We'll also be assembling a new roadmap and collecting community feedback to identify what new features should take priority alongside bug fixes in 2021.

Finally, I will make it a priority to help folks submitting PRs with detailed feedback and code review (like @Phylu's awesome new "colorized accounts" PR we're about to merge! https://github.com/Foundry376/Mailspring/pull/2240). My goal is to share my knowledge about the codebase and enable as many people as possible to contribute in a significant capacity.

Thanks again - I appreciate the community support and I'm excited to see where the project goes in 2021!

[CarlosRebolledo]

👏👏👏

Ben, me has contestado con lo escrito. Me alegro y te felicito por tomar la palabra y pasar a la acción.

Como dice el refrán, cada día tiene su afán.

Suerte y fuerza 💪

Un abrazo y cumpliré con mi palabra

[samtuke]

Bravo!

[kaleidoscopique]

@bengotow thanks a lot for this great news!

[bugs181]

This is open source. Put up or shut up.

I agree whole-heartedly with the sentiment of your post. Unfortunately, I have to correct at least ONE fact.

Truth is, every time you so much as visit a website, someone can tell that you accessed the resource. So, this is neither "illegal" nor "a security flaw" as some have weirdly claimed.

https://en.wikipedia.org/wiki/Email_tracking#Privacy_issues

Email tracking also known as web beacons, email pixels, etc ARE a security CONCERN (perhaps not a flaw although this can be argued, because the original intention wasn't aiming for the misuses of 2021 when email was invented). This is why a LOT of privacy minded folks are moving toward email services that put privacy first (such as blocking such pixels). There is demand there.

Regarding ethics; The truth of the matter is that to a lay-person, "email" stands for electronic mail. Non-technological peoples are under the impression that what they see in their inbox is just like receiving a physical parcel in their mailbox. Comparatively, they understand that going out to websites can potentially be dangerous and rely on other services provided like VPNs, Cookie blocking, firewalls, etc. So they may, from their own misunderstandings, allow their email client to do whatever it pleases. This makes pixel tracking, at the very least abused for those whom are uninformed and without consent (which is unethical).

IF a malicious sender were to use some of the features of email clients to their fullest extent - it very well CAN be used to exploit very private data. This makes it at least in part, a security flaw. As deemed appropriate by several large companies now.

Regardless of the above information, pixel tracking is large in part abused by email phishing, targeted advertising and marketing (which makes the majority of its uses ill-willed and not wanted except for specific use-cases). For those of us who follow all of the SCE, PVE and security audits - email pixel tracking at the very least can be abused and lead to more exploits, such as phishing. Phishing then leads to consumers being targeted for fraud and identity theft.

Furthermore, a recent article that just came out from BBC has listed pixel tracking as an endemic. Source: https://www.bbc.co.uk/news/technology-56071437

Snippet

But a study by Princeton University also indicated the data gathered was sometimes linked to a users' cookies. This allows an individual's email address to be tied to their wider browsing habits, even as they move from one device to another.

If you want to be more informed about such tactics, I also recommend viewing the part about Privacy Laws near the bottom.

They require organisations to inform recipients of the pixels, and in most cases to obtain consent. ... "Solely placing something in a privacy notice is not consent, and it is hardly transparent," said Pat Walshe from Privacy Matters.

"The fact that tracking will take place and what that involves should be put in the user's face and involve them opting in.

"The law is clear enough, what we need is regulatory enforcement. Just because this practice is widespread doesn't mean it's correct and acceptable."

P.S. Feel free to move this to a more proper thread if you'd like to allow others to continue in this discussion. More than anything, I'd hate for Mailspring to be held liable for something it's users were doing. (I haven't looked at the software licenses, although this matters very little to how well it's received by the public and mass media campaigns.)

Aside from the above, I agree with everything else you've stated. Mailspring is an amazing piece of software developed largely in part by one maintainer and deserves the respect and recognition of the community as a whole.