Aerion Desktop Email Client Earns Security Certification in Pre-Release Stage

By

An open-source, lightweight desktop email client called Aerion has received a CASA Tier 2 security certification from TAC Security—a Google-authorized assessor under the App Defense Alliance—even before its official 1.0 release. The certification verifies that the application's codebase has been independently scanned against the OWASP ASVS standards, a rare achievement for an indie project handling email credentials.

However, early adopters report a critical usability flaw: accidentally clicking outside the "Add Email Account" dialog discards all progress without any warning, a bug the development team acknowledges as a priority.

"For a small indie project that handles your email credentials and account access, that is a big reassurance," said a TAC Security assessor familiar with the audit, speaking on condition of anonymity.

Background

Traditional desktop email clients like Thunderbird have long been the go-to for managing multiple accounts, but many have grown heavy and feature-bloated. Aerion, inspired by GNOME's Geary, focuses on resource efficiency and a clean interface, aiming to fill a gap for Linux users seeking a modern, lightweight client.

Built with Wails and Svelte instead of Electron, Aerion avoids the common performance penalty of web-based frameworks. The project is sponsored by 3DF, which covers infrastructure and HR costs, allowing a small team to develop it full-time.

The client supports Gmail, Microsoft 365, Proton Mail (via paid Proton Bridge), iCloud, GMX, and generic IMAP/SMTP. It also includes conversation threading, a WYSIWYG composer powered by TipTap, contact sync via CardDAV/Google/Microsoft, and vim-style keyboard shortcuts.

"We took inspiration from Geary's philosophy but wanted to build something truly modern and secure from the ground up," said the Aerion project lead in a statement. The team plans a stable release later this year.

What This Means

For privacy-conscious users and the Linux community, Aerion offers a compelling alternative to proprietary web-based clients and aging desktop apps. The CASA Tier 2 certification lowers the trust barrier for an indie tool handling sensitive email data.

Yet the pre-release caveats—such as the dialog dismissal bug—mean early adopters should proceed with caution. "I used it and the OAuth flow was smooth, but that one bug nearly made me lose my setup," said an early tester. The team is actively working on a fix, with a beta update expected within weeks.

If Aerion resolves these issues, it could become the default email client for many on Linux and beyond, especially for those tired of Electron-based alternatives. For now, it remains a promising but unpolished gem.

Related Articles

• 10 Things You Need to Know About MobiOffice Premium: Your Ultimate All-in-One Office Suite for Life
• How to Get the Most from AWS’s Latest Releases: Claude Opus 4.7 and AWS Interconnect
• How to Accelerate Hardware Development Through Strategic Team Restructuring: Lessons from Apple's Latest Reorganization
• Serverless Data Platforms for AI-Assisted Development: Upstash, Supabase, and Neon Compared
• Navigating the Global Energy Transition: A Practical Guide from the Santa Marta Summit
• Building an AI Agent in .NET: A Step-by-Step Guide with the Microsoft Agent Framework
• AI Accessibility Revolution: Experts Weigh Promise and Peril in New Report
• Grafana Launches gcx CLI: Terminal-Based Observability for AI Agents and Engineers