Well ok, according to claude:
--
Because mobile push notifications usually cannot be delivered directly from your own mail server to your phone. Instead, eM Client uses its own cloud push servers as intermediaries. Those servers may be hosted in another country, so their IP addresses appear as “foreign” in your mail logs or firewall.
The flow works roughly like this:
- Your phone registers with eM Client’s push service.
- eM Client’s servers maintain an IMAP connection to your mail provider.
- When a new email arrives, their server detects it.
- Their server asks Google Firebase or Apple Push Notification service to notify your phone.
- Your phone receives the notification even if the app is closed.
So if you see connections from IPs such as:
157.90.238.23723.88.57.79167.235.141.164
those are documented eM Client push servers, not random attackers.
Most of these IPs are hosted in European datacenters (for example Germany / Hetzner-hosted infrastructure), which is why they can look “foreign” compared to your own country or mail provider.
Important detail:
- This mainly affects the mobile apps (iOS/Android).
- Desktop eM Client usually connects directly from your own machine and does not need this push relay architecture.
eM Client states that for push notifications they temporarily hold encrypted credentials or OAuth tokens in memory only, and only process email envelope metadata (sender, subject, timestamp), not full message bodies.
If you do not want any third-party server accessing your mailbox:
- disable “Use Push Notifications” in the mobile app settings,
- then the app will rely on periodic sync/polling instead.
--
Well I'm mildly excited by this, but at least it can be disabled.