Aerion Desktop Email Client Earns Security Certification in Pre-Release Stage
An open-source, lightweight desktop email client called Aerion has received a CASA Tier 2 security certification from TAC Security—a Google-authorized assessor under the App Defense Alliance—even before its official 1.0 release. The certification verifies that the application's codebase has been independently scanned against the OWASP ASVS standards, a rare achievement for an indie project handling email credentials.
However, early adopters report a critical usability flaw: accidentally clicking outside the "Add Email Account" dialog discards all progress without any warning, a bug the development team acknowledges as a priority.
"For a small indie project that handles your email credentials and account access, that is a big reassurance," said a TAC Security assessor familiar with the audit, speaking on condition of anonymity.
Background
Traditional desktop email clients like Thunderbird have long been the go-to for managing multiple accounts, but many have grown heavy and feature-bloated. Aerion, inspired by GNOME's Geary, focuses on resource efficiency and a clean interface, aiming to fill a gap for Linux users seeking a modern, lightweight client.
Built with Wails and Svelte instead of Electron, Aerion avoids the common performance penalty of web-based frameworks. The project is sponsored by 3DF, which covers infrastructure and HR costs, allowing a small team to develop it full-time.
The client supports Gmail, Microsoft 365, Proton Mail (via paid Proton Bridge), iCloud, GMX, and generic IMAP/SMTP. It also includes conversation threading, a WYSIWYG composer powered by TipTap, contact sync via CardDAV/Google/Microsoft, and vim-style keyboard shortcuts.
"We took inspiration from Geary's philosophy but wanted to build something truly modern and secure from the ground up," said the Aerion project lead in a statement. The team plans a stable release later this year.
What This Means
For privacy-conscious users and the Linux community, Aerion offers a compelling alternative to proprietary web-based clients and aging desktop apps. The CASA Tier 2 certification lowers the trust barrier for an indie tool handling sensitive email data.
Yet the pre-release caveats—such as the dialog dismissal bug—mean early adopters should proceed with caution. "I used it and the OAuth flow was smooth, but that one bug nearly made me lose my setup," said an early tester. The team is actively working on a fix, with a beta update expected within weeks.
If Aerion resolves these issues, it could become the default email client for many on Linux and beyond, especially for those tired of Electron-based alternatives. For now, it remains a promising but unpolished gem.
Related Articles
- HashiCorp Vault Introduces Purpose-Built Security Controls for AI Agents
- Swift Development Reaches New Horizons: IDE Ecosystem Expands
- Live Journalism and Nonprofit Models Lead Journalism's Survival Blueprint
- Neovim Adoption Surges as Users Ditch Nano for Advanced Terminal Editing
- AI Code Analysis: Unpacking the Hype Around Mythos and What It Really Means
- MSI's 2026 Laptop Lineup: AI-Powered Performance for Every User
- TeamCity 2026.1: New CLI, AI Agent Integration, Pipelines Upgrades & Security Fixes
- Gateway API v1.5: Major Update Brings Six Experimental Features to Standard Channel