Why I moved to Microsoft 365

I’ve been a Fastmail user for years. As an Australian, there’s something satisfying about supporting a Melbourne-based company that’s been championing privacy and independence since 1999. It’s a genuinely great service—fast, mostly reliable, and it’s never lost an email on me.

But last month, we moved back to Microsoft 365. Here’s why.

This isn’t my first time with Microsoft’s email stack. I used Office 365 back in 2014 before moving to Fastmail. The product has changed substantially since then—and more importantly, so have our requirements.

We’re a small investment company. A handful of users. The decision to move back wasn’t mine alone—the team wanted better interoperability. They wanted integrations that actually worked. And frankly, they were tired of the friction.

Microsoft’s spam filtering is genuinely impressive

The numbers tell the story.

Microsoft claims their spam filter captures more than 99% of junk mail and detects over five billion threats monthly.¹ When you’re processing email for over a million companies worldwide—including most of the Fortune 500—you develop a pretty comprehensive threat intelligence network. Around 120 billion spam emails are sent globally every day, and 43% of phishing attempts specifically target Microsoft accounts.² They have every incentive to get this right.

Fastmail’s approach is different. Their spam detection is conservative—designed to minimise false positives at the cost of letting more through. In theory, that’s a reasonable trade-off. In practice, it meant my inbox had become unusable.

Every morning I’d sift through obvious phishing attempts. Delete the crypto nonsense. Flag the junk that somehow made it past the filters. I tried aggressive mode. I trained the personal Bayes filter for months. I wrote manual rules. Nothing worked well enough.

And it’s not like I didn’t put in the effort. My personal spam filter has learned 2,849 spam messages and 2,140 non-spam messages. Nearly five thousand training samples. Still not enough, apparently.

Here’s the kicker: I use iOS Mail and Mac Mail. There’s no “Report Junk” button that talks to Fastmail. With Microsoft 365, I move something to Junk and it learns. Done. The system gets smarter.

With Fastmail? I have to create a custom mailbox, set it to “Learn as spam” in the web interface, then manually drag emails into that folder. The system checks it every 24 hours.³ Twenty-four hours. To learn that the obvious Nigerian prince email was, in fact, spam.

Read their documentation—it’s properly mental. You’re expected to set up a “Learn spam” folder, configure folder properties via the web UI, then use that folder as a manual training queue. And you need to do the same for non-spam with a separate folder set to “Learn as not spam” if you want to train false positives out of the system.

I’d love to meet whoever designed this workflow. In what universe is “create two custom folders and manually sort your email for 24-hour batch processing” an acceptable user experience in 2025?

I’m not alone. The sentiment online is damning—users on Hacker News and Reddit reporting the same experience, writing dozens of manual filters, still drowning in spam.⁴ One user described switching from Gmail to Fastmail and finding their inbox “just filled with lots of spam” despite a year of training and fifty custom filters.

Fastmail’s official response? Train your filter more. Report spam more diligently. Wait for 200+ spam and 200+ non-spam emails before your personal database kicks in.³ That’s not a solution—that’s homework.

The trade-off for me became simple: I’d rather check my Junk folder once a week for a false positive than delete twenty obvious phishing emails from my inbox every day.

The EU Data Boundary commitment is real

I’d historically been cautious about US tech giants for one reason: I didn’t want our data processed outside the EU.

Microsoft changed this calculus in February 2025 when they completed their EU Data Boundary rollout.⁵ It was a multi-year, multi-phase engineering effort across hundreds of product teams. Phase 1 in 2023 covered customer data for core services. Phase 2 in 2024 added pseudonymised personal data. Phase 3, completed this year, brought professional services data—support logs, case notes, everything—into the EU.

The commitment is comprehensive: data for Microsoft 365, Dynamics 365, Power Platform and most Azure services is now processed and stored within the EU and EFTA regions.⁶ We just use Microsoft 365 and Visio, but knowing the broader infrastructure commitment is there matters.

Meanwhile, Fastmail’s servers remain exclusively in the United States—Philadelphia and St. Louis.⁷ Despite years of customer requests for EU-based infrastructure, they’ve done nothing. Their standard response to sovereignty concerns has been some variation of “we’re not going to move our servers to Europe”—completely missing the point.

This isn’t just a preference. For an investment company operating in the UK, it’s increasingly a regulatory concern. The FCA has opinions about where client-related correspondence lives. Auditors ask questions. When your regulator is grumpy about data sovereignty, “trust us, we’re GDPR-compliant from the US” doesn’t cut it.

There are sceptics of Microsoft’s approach too. Bert Hubert, technical advisor to the Dutch Electoral Council, has raised concerns about dependency on US cloud providers. Frank Karlitschek at Nextcloud has pointed out that the US Cloud Act theoretically grants US authorities access regardless of data location.⁸

These are valid concerns. But at least Microsoft has made a public, documented, legally binding commitment to EU data residency—complete with phased rollouts, detailed documentation and audit trails. Fastmail runs their own data centres with Cloudflare (a US company) providing WAF and DDoS protection in front of their traffic.⁹ Their documented commitments around data residency are essentially non-existent.

For someone who needs to demonstrate where their data lives, there’s no comparison.

Push notifications that actually work

This one’s simple but material.

Fastmail actually has a special arrangement with Apple to use push notifications on iOS—not just IMAP Idle, but genuine push.¹⁰ It should be instant. In practice, it’s maddeningly inconsistent. Sometimes an email arrives immediately. Sometimes it takes ten minutes. Sometimes the notification doesn’t fire at all. I’d find myself pulling to refresh, never quite trusting that I had the latest.

Microsoft Exchange uses ActiveSync. When I send an email from my laptop, my phone buzzes instantly. Every time. When someone replies, I see it immediately. Every time. It’s not that the technology is fundamentally different—it’s that it actually works.

Customer Lockbox gives us actual control

This is the feature nobody talks about but everyone should care about.

With Fastmail, if we raise a support ticket that requires a staff member to access a mailbox, what controls do we have? None, really. We trust that they have good internal policies. We trust that the engineer assigned to the ticket isn’t going to read our emails for fun. Trust.

Microsoft’s Customer Lockbox requires explicit approval before any engineer can access our data.¹¹ If a support engineer needs to touch our tenant to fix a server issue, we get a request in the admin portal. We can approve it or deny it. Every access is logged and audited. The access is time-bound—typically four hours maximum—and automatically revoked when complete.

For an investment company, that audit trail matters. I’d rather have a “Request Access” button I can deny than blind trust in someone’s discretion.

The maths just made sense

We were already paying for Fastmail across multiple users. We were also paying for Microsoft Office licences separately. Two bills for what should be one service.

With Microsoft 365 Business, we consolidated. Email, storage, Office apps—one subscription. We’ve opted out of Teams for obvious reasons (it’s liquified garbage), which means we’re not paying for functionality we’d never use. The net result: we’re actually paying less than before while getting more.

The marginal cost to upgrade from “just email” to “the entire productivity suite” turned out to be negative.

Fastmail is great at one thing

Here’s the frustrating part: Fastmail is genuinely excellent at email. The core product is solid. Fast search, reliable delivery, good uptime.

But their focus has been on pushing their own mail client—something a lot of us don’t really want. iOS Mail is fine. Outlook is fine. We don’t need another app. What we needed was interoperability. Integrations. The ability to connect our inbox to the tools we actually use.

Instead, Fastmail integrates with basically nothing.¹² 1Password, Dropbox, a couple of calendar tools. That’s it. No workflow automation. No ecosystem. No ability to build on top of it without writing everything from scratch.

And here’s what really stings: we asked for control over where our data lives. For years, customers have been requesting EU-based infrastructure. The response? Build more features for their mail client. Ship offline mode. Anything except address the actual requests from paying customers.

Microsoft 365’s ecosystem means I can connect my inbox to the tools my team actually uses without building custom integrations every time. That’s what tipped the scale.

Fastmail is still a great service

I want to be clear: Fastmail is genuinely excellent at its core job. It’s fast. It’s mostly reliable. It’s never lost an email on me. The team in Melbourne has built something worth respecting, and I still recommend it to people who want simple, independent email.

But the spam wore us down. The complete lack of EU infrastructure—after years of customer requests—made it untenable for a regulated business. And when the team asked for better integrations, I couldn’t justify the friction anymore.

Sometimes the right choice isn’t the one that feels ideologically pure. Sometimes you just need something that works for everyone.

---

Footnotes

1. Microsoft claims their spam filter captures more than 99% of junk mail. Microsoft Defender for Office 365 ↩

2. Around 120 billion spam emails are sent daily, with 43% of phishing attempts targeting Microsoft accounts. NetSec News ↩

3. Fastmail’s spam learning via IMAP folders requires setting up custom folders with specific properties, and the system processes them periodically rather than in real-time. Fastmail spam protection ↩ ↩²

4. Fastmail spam filtering has been a recurring discussion topic, with users reporting similar experiences. Hacker News ↩

5. Microsoft completed the EU Data Boundary in February 2025. Microsoft announcement ↩

6. EU Data Boundary documentation ↩

7. Fastmail’s servers are located in Philadelphia, Pennsylvania and St. Louis, Missouri—exclusively in the United States. Wikipedia ↩

8. The Register: Microsoft unveils finalized EU Data Boundary ↩

9. Fastmail uses Cloudflare for WAF and DDoS protection. Fastmail infrastructure ↩

10. Fastmail uses a proprietary push implementation for iOS rather than standard IMAP Idle. Fastmail push notifications ↩

11. Customer Lockbox is available for Microsoft 365 E5 and equivalent licences. Customer Lockbox documentation ↩

12. Fastmail offers limited third-party integrations compared to larger platforms—primarily 1Password, Dropbox, Morgen and a few calendar tools. Fastmail integrations ↩