I understand your perspective, many open source communities are built on transparency, and it's natural to want to know the people behind a project.
That said, I personally value privacy highly, which is actually one of the main reasons I started Stalwart Mail Server. I don't maintain a personal presence on LinkedIn or other social media platforms, not because I'm trying to be anonymous, but because I prefer to focus on the work rather than promoting myself. I’ve found that platforms like LinkedIn are more noise than signal for me, especially with constant recruiter spam.
While I may not be putting my personal life on display, I’m committed to transparency where it matters most: through the project’s code, documentation, and community engagement. I hope that helps clarify things!
I feel you as I also value my privacy however i believe there is a difference between anonymity and privacy: a completely unknown entity and a person which personal life is not on the internet. There is a lot of trust involved especially with something as important as an email server which is extremely important for businesses.
It's this and the project being maintained by a solo developer (unless it's a pseudonym for multiple people :D) that makes me not want to personally rely on it.
I'm not only here to complain though, it's an awesome project and I find it really impressive for someone to build a mailserver (and other features) from scratch. Thank you for investing time in open source implementations of protocols that run the world.
Follow up questions: What are the thoughts about enterprise and business support? I see that it exists but I believe there is a lot of trust involved ^^. Will there be more developers, open source, knowing the people behind the project and or support people? Do you have any customers today?
Thanks for follow-up. You're absolutely right that there's a distinction between privacy and anonymity. However I just want to clarify that my decision to keep a low personal profile online stems from a deep belief in privacy, not secrecy.
To give you more context about the project: Stalwart Labs was indeed started and is currently led by a single developer: myself. I have over 30 years of experience working with email technologies and have previously founded three email-related companies.
That said, I’m not working entirely alone. While I’m the core developer and founder, there are others involved in Stalwart Labs today handling support, sales, and maintaining smaller parts of the codebase (mostly changes required by clients). My plan is to continue leading development myself until the project reaches version 1.0, which I hope will happen later this year. After that milestone, the goal is to gradually expand the development team, particularly to support work on a Rust-based webmail and calendar interface that will complement the mail server.
Stalwart’s development has been largely self-funded, aside from two NLNet grants. I’ve been growing the team organically and intentionally. While I have been approached by two VC firms, I’ve chosen to decline their offers. Not just to avoid external pressure (and stress), but also because some proposed directions conflicted with promises I’ve made to the community. For example, there have been suggestions to move some open-source features behind a paywall, which I’m against and promised the community never to do.
As for enterprise support, yes, Stalwart Labs offers an enterprise license that includes premium support services. And regarding adoption, I'm happy to say that there are currently a few hundred enterprise clients using Stalwart in production. While I would need the clients' permissions to share their names, I can say that Mozilla Thunderbird is one of them. They’ve publicly announced their upcoming launch of thundermail.com, which is powered by Stalwart.
I hope that gives you more clarity and confidence in the project. Thanks.
Excited to announce that Encryption at Rest has just been added to the open source Stalwart Mail Server. With this addition, the mail server will now automatically encrypt all incoming plaintext emails, utilizing either OpenPGP or S/MIME, before they are written to disk. Importantly, the keys are owned and controlled by the end user, ensuring that not even system administrators can decrypt these messages.
I'd love to hear your thoughts and feedback. Thanks!
I'm excited to announce the release of Stalwart Mail Server, a single binary solution that combines the Stalwart JMAP, Stalwart IMAP, and Stalwart SMTP servers into one easy-to-install package.
In response to your feedback, some key enhancements were made. Stalwart Mail Server now supports LDAP and SQL authentication, providing seamless integration with your existing infrastructure.
For single node setups, RocksDB has been replaced with SQLite with the option of using LiteStream for replication. For larger, distributed setups, support for FoundationDB was added, letting you scale to millions of users without sacrificing performance. Additionally, it is now also possible to store your emails in an S3-compatible storage solution such as MinIO, Amazon S3, or Google Cloud Storage.
Other notable updates include support for disk quota, subaddressing (or plus addressing) and catch-all addresses.
Great to see someone other than Fastmail implement JMAP! Fantastic :+1:
Is there a great demand for jmap amongst your customers? AFAIK only Fastmail has an implementation and actively uses jmap. What is stalwarts relationship to Fastmail, do they use stalwarts software?
> Is there a great demand for jmap amongst your customers?
Only from enthusiasts, the main problem is that there are very few email clients supporting JMAP. Big players such as Google and Microsoft do not seem interested in JMAP so adoption has been painfully slow so far.
> What is stalwarts relationship to Fastmail, do they use stalwarts software?
No relation. Fastmail uses Courier IMAP as far as I know.
Any plans to add options for external filtering such as SpamAssassin, rspamd, etc.? (Assuming it's not there already but I couldn't find anything obviously highlighting that it was.)
Also configurable sub-addressing would be handy - since many websites block '+' in email addresses, I added '-' as a sub-address splitter for my users.
Ah, a thread on the Lobs has pointed me at the "DATA stage" documentation which mentions SpamAssassin and rspamd support. Be nice if it supported the rspamd socket rather than spawning rspamc for each delivery but it'd work in a pinch.
> These tools do not integrate with anything; in the case of Stalwart (the only JMAP server not in "experimental" status) you can't just install a JMAP server attached to an existing email service; you have to hand it complete control of everything, even unto the on-disk storage of mail.
This point you mention is being improved. The next release of Stalwart JMAP (expected in one or two months) will delegate user management to either a SQL database or an LDAP directory. Messages will be stored in either Maildir or MinIO/S3. And all other information will be in either SQLite or FoundationDB.
All these features were already implemented except MinIO/S3. Development progress can be tracked at https://github.com/stalwartlabs/mail-server/tree/main/crates...
I currently use Vimbadmin to manage domains and addresses for my personal email server. So I'd need to be able to keep using it, or be able to replace it for both the new jmap/imap server and postfix. SQL support would let me continue using it.
That said, I think I'll find some time to give Stalwart JMAP a try. I've been curious about JMAP for a while, and there are a couple things about Dovecot I'm not too fond of...
This is great, and I'm genuinely excited by the prospect of a modern set of tools to replace some of these existing systems which, while rock solid for decades, are beginning to show their age.
I think once things are a bit more settled, I'll be interested in the client end of things... That's something that I didn't see much on the Stalwart website. Yes, I'm sure I could run the same set of tools now, but that seems like a waste of an opportunity.
That said, I personally value privacy highly, which is actually one of the main reasons I started Stalwart Mail Server. I don't maintain a personal presence on LinkedIn or other social media platforms, not because I'm trying to be anonymous, but because I prefer to focus on the work rather than promoting myself. I’ve found that platforms like LinkedIn are more noise than signal for me, especially with constant recruiter spam.
That being said, Stalwart Labs as a company is far from hidden. You can find our company page on LinkedIn here: https://www.linkedin.com/company/stalwartlabs/. We're also active on:
* Mastodon: https://mastodon.social/@stalwartlabs * Twitter/X: https://x.com/stalwartlabs * Reddit: https://www.reddit.com/r/stalwartlabs/
While I may not be putting my personal life on display, I’m committed to transparency where it matters most: through the project’s code, documentation, and community engagement. I hope that helps clarify things!
reply