Disclaimer: I have been a user of almost every email provider mentioned below, and I am not affiliated with any of them.

You can read Forward Email’s comparison with many providers here: https://forwardemail.net/en/blog/forward-email-vs-mailbox-org-email-service-comparison , by substituting mailbox.org with others on their list.

In short, Forward Email has some wrong information. They attempt to achieve full score in every security test and prove they are superior to their competitors with scores. I don’t know what is driving Forward Email towards being a pupil, and it seems like many privacy seekers get trapped into how high they score in the Internet.nl tests.

I’m not denying its validity, but do you know what is it intended for? “Modern Internet” - it’s not exactly security or privacy, it’s their standard of future which I do agree with and appreciate their efforts to promote. But it’s really NOT a security test, because a large part of the score speaks for how well the web server and mail server support IPV6. A lower overall score with bad support of IPV6 and good performance in DNSSEC, DMARC and DANE, should be valued as outperforming a higher overall score with limited performance in DNSSEC, DMARC and DANE. Also, do you know Internet.nl returns zero score if they hit a rate limit towards the tested server? It happens to me when I set up Stalwart with default limiters on my machine. To get a full score on my domain, I have to manually tweak the limiters so that all the test would perform smoothly. It’s also not fair for hosting providers to test on their main domain, for example, if you test migadu.com, you will see worse result since DANE is temporarily off on mx.migadu.com which handles mail for it, but it doesn’t affect their customers, since DANE is still on for aspmx1.migadu.com and aspmx2.migadu.com , as seen on test of divested.dev.

The Mozilla HTTP Observatory and Hardenize Test are tests dedicated for WEB SERVERS. It has little thing to do with mail server examination, and showing off your high score here only make you act like an amateur. At least it’s not appropriate - Sheldon Cooper is smart in math, but he is a bad engineer.

And what is Forward Email trying to achieve by comparing themselves with pure relaying services like addy.io and pure SMTP API services like resend, and arguing they are not good enough because they don’t offer email storage? Hilarious.

All this tests have validity of a certain field to some extent, but you shouldn’t just take them all and claim that higher score necessarily means better security. For a dedicated email security test aggregation I would suggest Servers List from dismail, while it’s no longer actively maintained and all the data is outdated in 2025, you can always run the tests yourself, with the list for reference.