Notion Mail is out - Hacker News

Posted by jasperr1 4 days ago

101 points | 132 comments

cinbun8 4 days ago|

I would not use this without a SOC 2 Type 2 compliance at the very least. Especially when email is involved and Notion-mail reads your from, to, body and saves it in its data centers. The compliance information is also contradictory. The webpage says mail is SOC 2 Type 1 compliant, while the FAQ says

"Is Notion Mail SOC 2 compliant?"

"While Notion Mail is not currently SOC 2 compliant, we expect Notion Mail to be SOC 2 Type I compliant by GA launch."

Either the FAQ or the landing page needs an update.

peterldowns 4 days ago||

And for anyone who hasn't gone through the certification process before, SOC 2 Type I means that they were able to demonstrate a set of controls and evidence that their implementation passes those controls — just once. Type 2 is continuously evaluated. Notion being SOC 2 Type 2 and Notion Email only being Type 1 is a red flag that they're doing something weird or not re-using policies and infrastructure.

jedberg 4 days ago|||

> Notion being SOC 2 Type 2 and Notion Email only being Type 1 is a red flag that they're doing something weird or not re-using policies and infrastructure.

No it's not. It's a new product. As you aptly pointed out, Type 2 is "over time". It's a fixed time period (at a minimum three months) that you have to be observed. That means you can't get a type 2 until you've been live for 3 months, and that's assuming you've already engaged the auditor on day one.

Given that this is a new space for them, they probably had to add new infra or policies that weren't under consideration before.

atonse 4 days ago||||

Not necessarily. A SOC2 audit also often has a "Scope" – that can mean that some apps are in-scope for the audit, and some aren't.

It might be that this particular app was not ready to be in scope for their audit or observation period, so was left out, even if it's in the same infrastructure.

It still means the app is less mature, but I wouldn't go so far as to say it's a red flag.

Either way, I'd wait for something this critical (like giving it access to my email) for a few months to have any low hanging fruit bugs worked out before jumping in.

sudonim 4 days ago||||

My guess is that notion mail is on the way to Soc 2 type 2. You start by getting type 1 and then get evaluated for 2 after a period of time.

I was surprised that our auditors wanted to re-do Soc 2 for our second product rather than just apply it to the company.

1123581321 4 days ago|||

It's because they acquired Skiff. They would have to fully integrate it into their compliant infrastructure and then qualify it. I don't think that's a red flag although they could've waited to launch. I'm not a Notion user.

peterldowns 4 days ago||

Ah, I didn't realize this was because of an acquisition. Separate infra and policies makes some sense then. Still weird but at least there's a good explanation.

jy14898 2 days ago||

FYI they've changed the FAQ and it now claims they're SOC2 compliant

chenxi9649 4 days ago||

I tried out an early version when I did some work at notion last year, just tried it again and it's honestly a lot better than I expected. The design is good as expected from a notion product, but it's actually lot snappier than I thought. Faster than the notion app lol. It's probably a consequence of not having too much legacy code, but still impressive nevertheless! Esp in a world of slow nextjs apps lol. Vibe wise, it kinda feels kinda like superhuman but 0 instead of $30/mo lol.

Tbh, I can also kinda see the vision that notion is pitching to investors now - the entire productivity suite, but redesigned and enhanced with AI. I'm not a power user of email/calendar by any means, but find myself using their calendar and mail client. I have no doubt the next generation of Tiktok girlies will eat this up like crazy. I don't use much of their AI stuff, but can also see how business can really find it useful.

GJ Notion team!

peterldowns 4 days ago||

> Faster than the notion app lol

Not exactly a high bar. How fast is it actually? Unless it's native perf (or at least as good as Superhuman) I won't bother.

chenxi9649 4 days ago||

I was more talking about the optimistic updates n caching as opposed the actual rendering. From my experience, the reason why most apps are slow is more so cuz of the former than the latter(like the spinner in ur notion)

When it comes to the actual rendering performance, it’s an electron app, so … whatever you make of that

Personally, I feel like often times electron apps are actually smoother than swift apps nowadays due to the way swift renders text(ie. the ChatGPT app was so laggy when it was released, unclear if they fixed it). Start up time is probably slightly slower than native too but not a hugeee issue for me.

Probably not as fast as superhuman. But I don’t want to pay $30 for a 10ms diff(might be more idk)

zelphirkalt 4 days ago||

OK ... someone's gotta ask, so I am doing it: How long until e-mails are analyzed and information from e-mail send off to third parties?

nashashmi 4 days ago||

I really hate when someone screams AI to promote a product. The word is like a catch-all to mean “does cool things”. And that never helps me trust the product or infomercial.

Now AI is hard to describe… BUT DESCRIBE WE MUST. maybe “summarize emails with AI” or “fetch relevant emails to this one with AI” or “get possible responses with AI”. At some point, do you think we can remove *with-AI™?

m4tthumphrey 4 days ago||

100%, it is just a buzzword right now with so many companies trying to get in on the "action" without actually providing anything useful.

ironmagma 4 days ago||

Hacker News will hate this, but if they told me the stack (e.g. Typescript or Rust) it would actually provide more information.

andrei_says_ 4 days ago||

“Does cool things, wrongly” ;)

dodslaser 2 days ago||

Do~~n't~~ be ~~evil~~ cool

qwertox 4 days ago||

Am I just too paranoid about email?

Since Google has all my email, I am not willing to give any other company access to it. It's bad enough that I already rely on Google, mostly for historical reasons, but they at least take security as one of their top priorities. Sure, the three letter agencies might have a copy, even if I'm a "good guy", but I assume that at least they won't sell the data?

sph 4 days ago||

> Am I just too paranoid about email?

You are not. I always say your email account is the most valuable thing you own. You need to keep it more secure than even your bank account (because that is easy to recover and rollback if stolen)

My password manager and email are the two things I own that require three factors to access - username, password, and hardware authenticator.

No way in hell I’m going to even consider using a new webmail product from a small startup.

fauigerzigerk 4 days ago|||

I agree that it's very important not to lose control of your email account. Someone taking it over would be very bad indeed.

On the other hand, I don't have very high expectations when it comes to the security of the actual email messages. I don't control the other end at all. Email infrastructure, software and protocols are old and varied. Keeping those messages secure seems a bit hopeless.

9Ljdg6p8ZSzejt 3 days ago||||

Username and passwords should be considered a single factor, even moreso for email since your username is often your email address and could be considered public information.

The four types of factors are: something you know, something you have, something you are, somewhere you are.

bdangubic 3 days ago|||

username&password is 2FA? :)

mbreese 4 days ago||

I know my employer wouldn’t be happy about me redirecting my $WORK email to a third party for the purposes of AI mining my email.

It isn’t just paranoia, but also security, compliance, etc… all of which is very high on my employer’s checklist.

So realistically this means that the main use case is probably going to be personal email accounts. So IMO, Notion’s goal should be trying to get people to move their personal accounts first. Then once people get used to the features, they can try to move companies over. Advertising corporate use cases (job offers, expense reports) just doesn’t make much sense to me.

This was also the Gmail playbook when they started too. In addition to dogfooding their own corporate email, Gmail at first was a replacement for personal Yahoo and Hotmail accounts. Then it became useful for companies after people got used to using Gmail for their personal accounts.

ivanjermakov 4 days ago||

I hoped to get my @notion mailbox, but turns out it's just a Gmail client.

shauntest12321 4 days ago||

[dead]

38 4 days ago||

yeah gross. I just finished moving everything off Gmail because they are forcing MFA

pachouli-please 4 days ago||

you moved off gmail due to forced mfa of all things? interesting...

also, aren't 'app passwords' or whatever they call it still a thing?

sebmellen 4 days ago|||

They won’t allow you to use regular TOTP alone. You always have to link a phone, even for Google Workspace. It sucks!

artooro 4 days ago|||

This is not true. In some organizations I work with they only allow Security Keys on Google Workspace, you can't even use TOTP. It's possible to disable SMS and Phone verification, but if you allow TOTP then Google Prompt is also automatically allowed.

fauigerzigerk 4 days ago|||

Neither my Google Workspace account nor my personal Gmail account has a phone number.

38 4 days ago|||

yes I don't like security decisions forced upon me, that's reasonable. if I want a throwaway email, I don't need MFA because I don't care if the account is compromised. but I don't get to make that decision because Google decided for me that my account will have forced MFA

fauigerzigerk 4 days ago|||

>if I want a throwaway email, I don't need MFA because I don't care if the account is compromised.

But Google cares if their servers are used to send spam or worse, because it makes their email service less useful for other users who may not use it as a throwaway account.

shpingbing 4 days ago|||

I imagine it's because they would be (legally) responsible for any malicious usage of your account.

stonogo 4 days ago||

Based on what? Have the laws changed, or has there been a recent ruling on something related to this?

38 4 days ago||

"I imagine" which means they have no idea what they are talking about

bearjaws 4 days ago||

Interesting to see that its tied to gmail, which already has pieces of this and is likely working towards the same things.

Notion is vastly superior to Sharepoint, OneNote and Docs, it's a shame MS and Google abuse their position to push inferior products for the same price.

babyent 4 days ago||

No way. Google docs is amazing.

I could do search and replace for years. Notion only added that recently.

Imo notion is a fun tool. But it’s a toy.

It is slow and worse, not accurate at all, when you have any actual data (100+ items you’re actively working with), clunky interface, and is good if you’re a student taking notes and making forms, or doing something casual before you need something robust.

For anything else, Docs and Sheets are far superior and better products.

jdgoesmarching 4 days ago|||

Google Docs is the clunky mess here and gets away with it because they nailed collaboration early and competed with an even bigger clunkier mess in Microsoft Word. Word at least is a full featured word processor, whereas Google Docs is a struggles with anything more than basic layout or formatting needs.

Notion isn’t a word processor, but unless you’re specifically trying to craft documents it doesn’t need to be. It also isn’t a spreadsheet, and you’re going to have a bad time if you try to make it act as such.

If we’re being dismissive, Google Sheets is also a poor tool for “actual data.” Modern spreadsheet usage is just a pile of inefficient hacks to operate them as pseduo-DBs. Unless you’re in the finance or accounting world, in which case you’re probably using Excel, anything else would be better served by using more powerful open-source data analysis formats and tools.

I have a million complaints about Notion, but holding up Google Workspace as the paradigm of elite enterprise product design is a joke. Get back to me when I can take the markdown produced by Gemini Canvas and paste it into Docs without issues.

babyent 4 days ago||

For starters, Google suite offers substantial storage so you can actually use it for doing those things, even if they're not as good as you want, for far longer.

And if you do want actual enterprise tier, lots of startups and even public companies use Google suite for all their teams.

dkarl 4 days ago||||

Even worse, it's a toy that people build elaborate things out of and then use them for business-critical functions. It's incredibly irritating to work with a Notion power user.

It must be great if you're a control freak, though. Get leadership to recognize your Notion doc as the source of truth, and then you get absolute control because nobody else wants to touch it.

skerit 4 days ago||||

> It is slow and worse, not accurate at all, when you have any actual data (100+ items you’re actively working with), clunky interface, and is good if you’re a student taking notes and making forms, or doing something casual before you need something robust.

I wish I could convince the people I work with of the same thing. Though I don't really have a better alternative either.

anon7000 4 days ago||||

Yeah. Docs and sheets are downright impressive pieces of web technology

haliskerbas 4 days ago|||

I agree. It's nice and fun for lifestyle use cases like organizing a small trip with a few friends.

qwertytyyuu 4 days ago|||

I disagree. OneNote is still the best for hierarchy hall Freeform notes.

Eric_WVGG 4 days ago|||

I wonder how much of that is simply due to the ability to use the Gmail API vs IMAP.

I’ve been knocking around the idea of building an email client, but IMAP looks like nightmare fuel. JMAP would be perfect but adoption looks like it’s going nowhere.

[edit] Seeing a lot of people here diss on Gmail. I don’t blame you, I want out too. If you want more options, lean on your email provider to start supporting JMAP. https://jmap.io

isaachinman 4 days ago||

IMAP is indeed nightmare fuel.

We're building https://marcoapp.io

hollandheese 4 days ago|||

Notion is not in anyway whatsoever in the same category as OneNote. Tell me when it has handwriting support.

dizhn 4 days ago|||

They both recently sold AI to every customer by force. (Free ai, increased price)

nashashmi 4 days ago||

Not MS yet. I am still paying extra

TiredOfLife 3 days ago|||

They are doing it in waves. When your account gets the price increase you can select cancel and will be offered the old price plan.

dizhn 4 days ago|||

Oh my friend told me they did it for 360 subscribers too. Maybe the conditions are different.

nashashmi 4 days ago||

I keep hearing the same thing.

packetlost 4 days ago||

Eh, Notion is fine. I quickly ran into scaling problems with it and the block-style editing is only really nice/useful if you're doing a lot of live collaboration.

That being said, I do like opinionated tools better than unopinionated ones (Google Doc) because it's less mental overhead to just make something. But I reach for plain markdown instead.

_pdp_ 4 days ago||

If it works, great! But their AI assistant is much to be desired. It is really pretty useless most of the time and in terms of text generation I find that I can get better results if I go straight to GPT-4. I know that this is purely down to cost but honestly I feel that bringing better, more powerful models, that can do well consistently would be a killer feature - not an email client.

volemo 4 days ago|

I wonder why don’t Notion let us use our own API keys for OpenAI (and compatible) services?

QuiDortDine 4 days ago||

They're trying to build a moat by leaving out features that rely on other services. I wonder how that will work out for them.

JumpCrisscross 4 days ago||

> trying to build a moat by leaving out features that rely on other services

Except for Gmail?

reassess_blind 3 days ago|||

Much easier to get people to use an extension of an existing email account than switch emails.

teleforce 3 days ago||

I've just learned that the main innovative thing about Notion it's their idea of block [1],[2],[3].

Notion's block can be of any content type and the block is the fundamental building units for all content within platform. This approach allows users to easily customize and rearrange their content by adding, moving, or transforming blocks to suit their needs.

I'm wondering if this powerful and flexible block concept can be enabled and facilitated by the new open table format (OTF) for examples Apache Iceberg and others [4]?

But for going gung-ho on flexibility perhaps Jeremy Kepner's D4M proposal can enable CMS with even better capability than Notion block based paradigm or Notion++ [5],[6]?

[1] What is a block?

https://www.notion.com/help/what-is-a-block

[2] The data model behind Notion's flexibility (120 comments):

https://news.ycombinator.com/item?id=27200177

[3] Notion (productivity software):

https://en.wikipedia.org/wiki/Notion_(productivity_software)

[4] Why Open Table Format Architecture is Essential for Modern Data Systems:

https://www.phdata.io/blog/why-open-table-format-architectur...

[5] D4M: Dynamic Distributed Dimensional Data Model:

https://www.mit.edu/~kepner/D4M/

[6] Mathematics of Big Data Spreadsheets, Databases, Matrices, and Graphs:

https://mitpress.mit.edu/9780262038393/mathematics-of-big-da...

claudeomusic 4 days ago||

Please fix how slow notion is before expanding your brand. It’s becoming unusable as it eats up all resources of my M2 mac

yibbix 2 days ago||

Yes, I just tried using Notion again the other day after being annoyed with Obsidian Projects and even with only a couple entries on a notion database page, it took MINUTES to load, on web and on the desktop version. Uninstalled it immediately and went back to Obsidian.

I’m completely done with Notion now. It was great when it was new, worked well and did what it advertised. But now it has too many features and I feel its core functionality has really suffered.

esjeon 4 days ago|||

Yeah, I totally abandoned Notion last year because it got too slow. The whole thing is pointless if it takes a minute or two just to navigate to the page I want. It takes a few seconds to do that on an archaic corporate SMB share.

alexey-salmin 4 days ago||

Surely this could be addressed by putting more AI on top.

On a serious note, my team is very happy we migrated from Notion to Linear for task tracking last year, but we're still looking how to cover the wiki part.

Saris 4 days ago|

So they bought and shut down Skiff to make this piece of garbage that only works with gmail?

isaachinman 4 days ago|

Have a look at Marco. It's IMAP primitive and will work with any email provider. I'm a co-founder and we're bootstrapped.

https://marcoapp.io

atonse 4 days ago||

Very interesting...

I use Mail.app all the time because I like a unified inbox. But is this one of those "let's build everything in rust since it's super-fast"? (I HOPE so actually).

Or is it just another electron app? For sure there are nice examples of snappy electron apps (like Linear) but which one is it?

I feel there might be a market for a fully native MODERN and OS-native looking mail client (alternative to at least Mac Mail, but actually fast with search that is actually useful).

Is that what you're building?

isaachinman 3 days ago||

Good questions!

> But is this one of those "let's build everything in rust since it's super-fast"? (I HOPE so actually).

No. It's not written in Rust. Language choice would have literally nothing to do with making IMAP/the email experience any faster. I don't want to make any firm claims as we've yet to do serious benchmarking, but what we've built is _much_ faster than Mail.app, let alone Gmail.

The tech we've chosen, and the actual app itself, essentially _feels_ like Linear for email.

> I feel there might be a market for a fully native MODERN and OS-native looking mail client (alternative to at least Mac Mail, but actually fast with search that is actually useful).

Yes, this is what we're building, but a bit beyond that. It's completely cross-platform: web, Mac, Windows, iOS, Android, Linux. Any N number of clients a user might have running will seamlessly and instantly sync, given network availability. That said, each client is also fully offline-first.

There _is_ a market for this. It's been a nasty problem to solve, but we have a massive waitlist.

Superhuman has achieved great success (although being an over-valued VC org) but only support Google + Microsoft _via_ API access.

Notion launching their product is further validation that there's a lot of space in this market.

But Marco is quite different. We're building a cross-platform IMAP-primitive email client that gets the basics right. It'll work with any email provider that supports IMAP (basically all). We're not pushing or even _building_ any "AI" stuff yet.

I wrote a blog post detailed our motivations here:

https://marcoapp.io/blog/marco-an-introduction

Let me know if you have any follow-up questions.

More comments...