[HN Gopher] After self-hosting my email for twenty-three years I...
___________________________________________________________________
After self-hosting my email for twenty-three years I have thrown in
the towel
Author : carlesfe
Score : 841 points
Date : 2022-09-04 17:28 UTC (5 hours ago)
(HTM) web link (cfenollosa.com)
(TXT) w3m dump (cfenollosa.com)
| AndrewUnmuted wrote:
| This was a great read. Thanks for posting it here!
|
| I found this line to be especially intriguing:
|
| > Hellbanning everybody except for other big email providers is
| lazy and conveniently dishonest. It uses spam as a scapegoat to
| nerf deliverability and stifle competition.
|
| The big tech firms criticized in this article are guilty of these
| sorts of transgressions in other arenas, as well. It's always
| been my contention that the "hellbanning" of user-generated
| content by big media and big tech alike comes from the same
| motivations. YouTube and CBS alike want to make niche content
| difficult to consume in order to stifle any competition that
| might get vaulted up as a result of that niche audience finding
| the new distribution endpoints. This comes with the added bonus
| of reducing cost of goods sold, by reducing the firehose of new
| content to process. Or, as the article puts it:
|
| > Unfortunately, the computing power required to filter millions
| of emails per minute is huge. That's why the email industry has
| chosen a shortcut to reduce that cost. The shortcut is to avoid
| processing some email altogether. Selected email does not either
| get bounced nor go to spam. That would need processing, which
| costs money.
|
| I would be very curious to learn if there are any proposed
| explanation as to why this phenomenon is so commonly spread
| throughout the big tech space. Do we get the same kind of
| behavior out of other enormous multi-national firms like oil
| producers, ocean freight companies, defense contractors, and
| chemical suppliers?
| jeffbee wrote:
| Is there actually a "big tech" email provider that accepts a
| message with a 2xx SMTP code and then deletes it? The only one I
| personally know of never does that. That one also does not use
| anything like an IP address blacklist. This article doesn't name
| names, it just waves its hands and throws around some innuendo.
| But as far as my own personal experience goes, this author has no
| idea what they are talking about.
| sillystuff wrote:
| > Is there actually a "big tech" email provider that accepts a
| message with a 2xx SMTP code and then deletes it?
|
| Agreed, that is really broken behavior. Once you accept mail
| for delivery, it should be treated as a contract to deliver
| that mail. Rejects during SMTP conversation are fine as they
| notify the sender and do not generate backscatter.
|
| I have heard complaints that Microsoft's hosted mail offerings
| accept then silently delete mail. It is somewhat believable, as
| MS Exchange server would respond 2xx for any message to any
| (including non-existent) destination address and later spam the
| possibly spoofed sender with bounce messages. Maybe MS has
| broken behavior like this in their hosted offerings too? And,
| rather than fix their software, they silently delete mail since
| they have finally learned that backscatter is a bad thing?
|
| And, MS o365 allows 'delete' as an option for the centralized
| spam rules maintained by the admin. These mails are accepted
| 2xx then silently deleted.
|
| MS does other questionable things on their 'free' hosted
| offerings to mitigate their abysmal spam filtering. I have a
| couple burner @outlook.com addresses, and they no longer
| receive any mail reliably from any sender. MS provides the user
| a place to whitelist senders and domains, but after wasting a
| bunch of time whitelisting domains, mail still is marked spam.
| "Junk" is effectively the inbox on those accounts.
|
| Disclaimer: experience is dated, from a past job, running
| Postfix MTAs for a large organization and dealing with /
| mitigating MS issues, but never directly involved with any MS
| stuff.
| Avamander wrote:
| Microsoft and maybe sometimes very rarely Google does it.
|
| > But as far as my own personal experience goes, this author
| has no idea what they are talking about.
|
| He's not very informed about being on the receiving end.
| singularity2001 wrote:
| Despite my friends repeatedly marking my email as "not spam"
| google keeps classifying them as spam. Still hoping that one day
| European anti trust laws will fix that.
| eduction wrote:
| The Helm email server -- funded by future YC CEO Garry Tan's VC
| firm, but I bought one before he returned - is a really great
| compromise between privacy and convenience.
|
| The IP block is managed by the Helm co., they tunnel connections
| and sell you the (tiny, silent) server and software. Each Helm
| server generates its own TLS cert, so the tunneling does not
| violate your privacy (unless it was delivered without TLS, in
| which case your privacy already vanished upstream).
|
| The only delivery issues I hit are sometimes with
| Outlook/Microsoft managed domains. It's been at least a year
| since I had that issue. When I first bought one someone on gmail
| had to move a message of mine out of spam, but it's been fine
| since. Last I checked their infra is hosted on AWS but apparently
| they have some screening technique for getting clean IPs.
| schappim wrote:
| Looks like the op decided to go w/ iCloud for the cfenollosa.com
| domain[1].
|
| [1] https://files.littlebird.com.au/Shared-
| Image-2022-09-05-07-2...
| 2Gkashmiri wrote:
| how many of posters here have used mailinabox ? or something
| similar? how was your experience?
|
| i am almost 2 years into it now and beyond the first months
| hiccups, it just works
| no_time wrote:
| MIAB user here. I pay ~$4 for a small VPS hosted here in
| Hungary. The company did a pretty good job of keeping it's IP
| range clean apparently. I only had to request whitelisting from
| 2 spamlists. One being Outlook's. I filled out their form and
| my mail was delivering a few days later.
|
| I wonder how the ubuntu 22.04 upgrade is progressing though.
| The EOL of 18.04 is getting pretty close.
| derekzhouzhen wrote:
| I am still doing it, on a cheap VPS no less. Yes, it is hard, and
| yes, some large email vendors drop my emails for no reason.
| However, if everyone throws in the towel, they (the monopolies)
| won.
| sgt wrote:
| Very interesting, I've self hosted my e-mail since 1999, which
| incidentally is 23 years ago. My current server is at Hetzner in
| Germany.
| z3t4 wrote:
| do you have your own asn? The entire Hetzner network has been
| banned by Microsoft, so you can't send to Hotmail addresses
| prmoustache wrote:
| Is that really a problem?
| sgt wrote:
| Not at all, just a /29
| nor-and-or-not wrote:
| Do you have a source for this? Because I don't think it's
| true.
| williamtrask wrote:
| It's time for the US mail service to digitise and fulfill its
| constitutional obligation to provide a private, secure mail
| service for all American citizens.
| rootusrootus wrote:
| Of course it all started with spam. But the response was just as
| destructive. I worked for a small ISP (25K email customers) back
| in the mid-2000s, and it was so hard to keep email flowing. All
| it took was one random customer somewhere on our DSL who had a
| misconfigured open relay, and spamhaus would blacklist us. They
| wouldn't respond when we'd try to get the block lifted. We tried
| and tried to work with them to streamline the process, nobody
| wanted spam to go through our servers, but they weren't really
| interested in any cooperation. They were perfectly happy to stop
| all legitimate email if it stopped a single spam.
|
| I don't work there any more, but I'd be surprised if that little
| ISP hosts their own email servers nowadays. It's so expensive to
| deal with such issues, it's just not worth it.
| awinter-py wrote:
| Hard to untangle the incentive for collusion + need to police
| legit bad behavior.
|
| This _could_ be a few large providers saying 'we control most
| email traffic, let's control _all_ email traffic '. Or it could
| be serious players saying 'spam hurts our users, let's stop
| criminals using a blanket rule'.
|
| More likely it's a schelling point where large players are rent-
| seeking (crowding out some competition), but only to the extent
| they can preserve the illusion this is about policing spam.
|
| Suspect we'll start asking platforms to offer something like due
| process in the law -- administrative checks that increase the
| cost to administer a system, and reduce the quality to end users,
| but increase transparency and make it harder for the platform to
| engage in corruption.
| the_third_wave wrote:
| Oddly enough I do not have these problems after self-hosting for
| close to 27 years now (i.e. from before spam became a problem). I
| hardly ever get any spam and my messages seem to arrive where
| they need to be even when that destination lies in Microsoft- or
| Google-land. I have the usual assortment of DKIM/SPF configured
| for my domain, I send mail through a smart host operated by my
| IAP (at no extra charge) but for the rest I do not do anything
| special. Am I the exception to the rule, am I just lucky that my
| IAP's smart host has not been blacklisted by the likes of
| Microsoft and Google or is the perception of self-hosting mail to
| be fraught with problems erroneous? I suspect the latter to be
| true, self-hosting is neither difficult nor bound to fail just as
| long as a) you have some good spam filters (easy), b) your MTA is
| set up with the correct SPF and DKIM records (also easy) and c)
| you send outgoing mail through a smart host (easy to configure
| once you've found one).
| damir wrote:
| I would just like to point out, you _don't_ actually own your
| domain...
| warent wrote:
| For those interested, I made a post related to this topic a few
| months ago: https://news.ycombinator.com/item?id=31180379
| johnklos wrote:
| You start with the premise that you can't host your own email,
| which is problematic. I don't know why the people who fail at
| self-hosting email are so adamant about telling others that
| nobody should self-host, but it seems more like a squeaky wheel
| problem than a real one.
|
| In every scenario, deliverability problems can be solved by
| smarthosting through a reputable email provider. Period.
|
| You get all the benefits of your own filtering, your own logs
| showing every delivery attempt, you get to store your data on
| your own systems, access it however you prefer, et cetera - all
| the reasons to self-host are there except for delivery logs,
| and those can be arranged through your smarthost provider.
|
| Simple, huh? So why are so many people emphatically telling us
| to NOT self-host email?
| Dylan16807 wrote:
| If you're sending through someone else then you're not self
| hosting!
| johnklos wrote:
| Actually, yes, you are still self-hosting:
|
| You're in control of all deliveries to you, so you can grep
| through your logs and see any and every delivery attempt,
| which you can't do with, say, Gmail.
|
| You can store your data however you like, with as many (or
| as few) security considerations as you please. Want full
| disk and OS encryption with a Yubikey that has to be
| physically present when you boot the system? Sure! Want to
| encase it in a cube of concrete? Install your server at the
| top of a tree? Why not? Want to store all of your email
| encrypted in memory? Go for it!
|
| You can back it up as you like, you can make sure nobody
| else sees or indexes it, you can access it via command
| line, webmail, IMAP, POP, whatever. You can more (less)
| your spool file directly. You can overwrite the disk where
| the mail was stored when you delete it. It's up to you.
|
| Smarthosting does mean you have less control at delivery
| time, though. For instance, I can choose to refuse to
| deliver email to domains that don't negotiate TLS.
| Smarthosting doesn't easily allow this (or at least I don't
| know of any way to do this).
|
| But every other part will still be 100% in your control.
| leohonexus wrote:
| > In every scenario, deliverability problems can be solved by
| smarthosting through a reputable email provider. Period.
|
| Could you provide an example of such a smarthost email
| provider that has the benefits you mentioned?
|
| Not challenging you, just genuinely curious.
| johnklos wrote:
| Sure! I would never recommend, for instance, Dreamhost, but
| I set up a company's smarthosting with Dreamhost because
| the company was already using them. Dreamhost in general,
| though, is quite spammy.
|
| Linode and Panix come to mind.
|
| Really, though, many hosting companies won't necessarily
| list "smart hosting" / "smarthosting" as a service. If they
| offer a cheap VPS and offer outgoing SMTP, you can set up
| smarthosting through a VPS.
|
| One can even smarthost through Outlook / Gmail, if you
| really want.
| pseudalopex wrote:
| Deliverability problems sending from VPS providers like
| Linode are common. The article mentioned using a VPS.
| aimor wrote:
| Funny thing happened to me today: Gmail sent its own Google Fi
| customer support email to spam. Haha, wish I noticed that before
| spending my morning going in circles with chat support.
| tannhaeuser wrote:
| gmail also puts mails from mailing lists into spam, despite
| repeated "not spam" tagging. Wondering whether mail getting
| flagged as spam is even a problem anymore as people get used to
| erratic results, at which point we can get rid of spam
| filtering, or what's left of it, altogether when on balance it
| does more harm than good, such as preventing SMTP self-hosting.
| Fuzzeh wrote:
| And yet I continue to get "Walmart Confirmation Receipt" or
| "Verizon Confirmation Receipt" all coming from addresses like
| "verizon_info_nlAT2Q7uf0d@zfgfdyyqsckxbvwg.linenight.com"
| which means google are't even trying for some.
| sbuk wrote:
| If you continually mark those emails as read without
| opening them, then gmail will learn that they are junk _for
| your account_.
| hammyhavoc wrote:
| I see this same behaviour. It's infuriating. At this point,
| I'd almost rather be able to disable all their spam filtering
| and simply run an App Script, or email client with its own
| rules that then syncs changes back to the server.
| indigodaddy wrote:
| bashblog!
| [deleted]
| kazinator wrote:
| > _So, starting today, the MX records of my personal domain no
| longer point to the IP of my personal server. They now point to
| one of the Big Email Providers._
|
| A MX records don't have to point to an IP; it can point to a host
| name.
|
| My MX record is a dynamic DNS host name.
|
| > _Big email servers permanently blacklist whole IP blocks and
| delete their emails without processing or without notice. Some of
| those blacklists are public, some are none._
|
| OK, but if you're having trouble sending, that's no reason to do
| anything with your MX record, which is for receive only. Just
| route outbound SMTP through someone forwarding service.
|
| I've run my mail domain for twelve years. In that time, I've not
| sent SMTP directly to anyone; always through the SMTP forwarding
| host run by my ISP.
|
| Well, you know, the mail is going through that ISP anyway! If I
| could directly connect to port 25 of various hosts around the
| net, I would still be routing through that ISP's hardware. So the
| fact that mail is routed at a higher semantic level through their
| SMTP server, rather than just at the IP level, just almost just a
| footnote.
| dn3500 wrote:
| Unless you're doing something special, there is a big
| difference between sending your mail to the recipient's smtp
| server and relaying it through you ISP's smtp server. The
| difference is that if you send it direct the ISP can't read it,
| because it's encrypted. If you relay it, the ISP can read your
| mail, and even tamper with it, unless the message itself has
| been encrypted with something like pgp.
| SoftTalker wrote:
| Your ISP can log and analyze all SMTP traffic if they want
| to, whether it's being processed by their mail relays or not.
| jeffbee wrote:
| According to Hoyle, MX records _must_ point to a domain name.
| The _cannot_ contain addresses or point to aliases. Some
| mailers can tolerate IP address literals in MX records, but
| that is not universal and _will_ cause problems.
| machidarabbit wrote:
| optimalsolver wrote:
| I love the idea of self-hosting my email, but there's no way I'm
| going through all that work if getting my mail delivered will be
| a toss-up. Complete motivation-killer.
| greatjack613 wrote:
| I have had the exact opposite experience, I used mail in a box
| and set it up on digital ocean on a 5$ droplet.
|
| Have not had any spam or blacklisting issues and it was super
| easy to setup.
| cm2187 wrote:
| I am somewhere in the middle. Have been running my personal
| mail server for 15y, it mostly works but my emails do get often
| flagged as spam by the major providers (but not deleted).
| Though those very same providers are themselves a major source
| of the spam I receive. Do as I say, not as I do.
|
| The nice thing if you control your domain is to be able to
| create unique email aliases, which is a way to cut spam to
| zero. A company starts spamming or leaks your email address,
| just delete the alias.
| john_minsk wrote:
| Wanted to get my own email specifically for this. Is it
| possible on one of the serviced emails?
| [deleted]
| secabeen wrote:
| Part of the problem is silent deliverability issues. You can
| send to someone @gmail.com that you've never messaged before
| and it won't get rejected. It will probably end up in their
| Junk folder. You don't know it, they don't know it, and unless
| they check, which many people don't, it will be as if you never
| sent it.
| whyoh wrote:
| >You can send to someone @gmail.com that you've never
| messaged before and it won't get rejected. It will probably
| end up in their Junk folder.
|
| That happens even if you send from @gmail to @gmail. Well, it
| happened to me not long ago.
|
| But I've mostly been using lesser known email providers and I
| haven't noticed any problems.
| devy wrote:
| OP Carlos Fenollosa mentioned this:
|
| > Over time I realized that residential IP blocks were banned on
| most servers. > You just cannot create another first-class node
| of this network. > Email is now an oligopoly, a service gatekept
| by a few big companies which does not follow the principles of
| net neutrality.
|
| It's unfortunately true. However, the reason that how we end up
| like this is more nuanced than just the big players trying to
| power grab (perhaps) but rather because of the rise of
| spam/scams/phishing/malware. All big players like Google (Gmail),
| Microsoft(Outlook/Live.com/Hotmail), Yahoo!, Apple (iCloud) are
| suffering from those threats, wasted bandwidth and compute on
| spam detection heuristic AI.
|
| There are industry consortiums like Spamhause and commercial
| entities like Barracuda to maintain blacklist/whitelist to
| restrict access of major MTA network interconnect to fight off
| spams/malwares/phishing/malware delivery from botnets and
| individuals. And it helps, at the mean time, it consolidated the
| control of who can send outbound emails.
|
| We are seeing this trend repeatedly in other communication
| channels like phone calls (due to robocalls, VoIP numbers are
| being blacklisted by all major players' services) or Text
| messaging (due to spam texts, major U.S. wireless carriers band
| together established Campaign Registry to control who can mass
| send outbound text messages. This is also known as 10DLC
| registration).
|
| I think the vulnerabilities of previous communication protocols
| (email, VoIP, SMS/MMS) lie in the fact those protocols are
| designed with security in mind. Modern community protocols like
| Push Notification has been designed with security in mind, which
| make it less susceptible to abuse and spamming. That's probably
| the way go forward.
| eruci wrote:
| I threw in the towel a few years ago, after 15 years running my
| own server on top of dan bernstein's qmail.
| amelius wrote:
| Why can't we have an open source mail hosting solution that self-
| updates?
| jasode wrote:
| You've actually asked that question before and the answer is
| still the same: you can't embed "trusted sender status" into
| source code for a mailserver or a software package. The
| invisible rules for rejecting email is an _emergent external
| property that exists outside of the software package_ :
| https://news.ycombinator.com/item?id=20853157
|
| E.g. Software that "auto-updates" cannot solve the problem of
| how different participants change their criteria on which ip
| blocks are "bad".
| amelius wrote:
| Good catch :)
|
| But I'm not completely convinced. Sender reputation is made
| up of at least two parts: the software (rules) used to send
| the emails, _AND_ the actual emails sent, frequency of emails
| and number of unique recipients.
|
| If you're a spammer you can still use the same software as
| everyone else, but your reputation will be bad because of the
| number of bad emails you sent.
|
| In other words, if everyone used the same software to send
| emails, then anti-spam systems will have to use other metrics
| to blacklist people.
| jasode wrote:
| _> In other words, if everyone used the same software to
| send emails, then anti-spam systems will have to use other
| metrics to blacklist people._
|
| Right, and the _" other metrics"_ is what spam heuristics
| already use now.
|
| In other words, you replied to this author's problem with
| "self-updating software" but software cannot solve his
| outgoing email getting rejected/spamholed. It's those
| "other metrics" that made him give up running his
| mailserver from home.
| johnklos wrote:
| This is sad, but it's a gross and inaccurate oversimplification.
| Let's look at the summary of "What are we left with?":
|
| > You cannot set up a home email server.
|
| This is true enough to not care about edge cases.
|
| > You cannot set it up on a VPS.
|
| This is definitely _not_ true.
|
| > You cannot set it up on your own datacenter.
|
| This is absolutely, unambiguously untrue.
|
| I get that there are many people out there who don't want to
| administer an email server, or who administer one (or more) and
| are tired of trying to train users to DTRT and care about
| security. The truth is that if you have lots of users, it's
| likely that one will get compromised, and their account will be
| used to send spam.
|
| Is it the end of the world? Heck, no, unless you let it go on for
| days. "It's not if, it's when. Say goodbye to your email. Game
| over. No recourse." That's just plain not the case at all,
| unless, again, you don't have monitors in place.
|
| A super simple example: a script which counts the number of email
| sent by any given user in a certain timeframe is really not
| complicated. I've used something like this and it has caught a
| mail loop which wouldn't end because the entity causing the
| looping was rewriting so much that typical anti-loop checks
| failed.
|
| So a user gets compromised. If this is a real concern (say, for
| instance, you have a lot of Windows users), your script should
| send an alert to you when this user's account has sent several
| hundred messages over the past hour. You disable the user's
| account, you clean the mail queue, and you deal with the fallout.
| Sure, that may mean watching your logs for a few days for
| rejections and visiting other networks' delisting pages, but it
| happens.
|
| So there's the largest problem with running your own email server
| handled. Boom. Done. If you've hosted email for years yet can't /
| won't do this little bit of work, then that's you. The rest of us
| understand this.
|
| What about deliverability in general? Isn't that the largest
| problem, you ask? No. No, it isn't at all. You can even run an
| email server on your home Internet connection, if your ISP allows
| incoming connections, the same way you can handle any other
| general deliverability issue: smarthosting.
|
| If you want to claim that there are NO ISPs out there that can
| reliably send email outside of Yahoo / Outlook / Google / Amazon,
| then you might say smarthosting isn't a solution. However, you'd
| be flatly wrong, so wrong you shouldn't be hosting email.
|
| If your home network can't send email (it almost certainly
| can't), and your VPS can't send email (it'd probably have
| issues), and your datacenter can't send email (you're clearly
| doing something wrong, but let's pretend), then you can smarthost
| through an email provider that has a good reputation. Period.
|
| Anyone who wants to argue that hosting your own server can't be
| done today because of deliverability ignores this super obvious
| solution, which negates this entire article.
|
| Let's move past that and look at the suggestions this article
| makes:
|
| Should we throw in the towel, proverbially speaking? Certainly
| not. I disagree with this emphatically.
|
| "This doesn't only affect contrarian nerds." No, it doesn't, but
| discouraging others isn't the solution. Your lack of solutions
| isn't a good reason for others to throw in the towel. But why are
| so many "contrarian nerds" so quick to tell others to NOT do
| something? Do you tell people to not paint or draw, because it's
| too hard for you? Or to carve, or write fiction, because you're
| not good at those things?
|
| "You can no longer set up postfix to manage transactional emails
| for your business. The emails just go to spam or disappear."
| Nope. You're accepting that as normal and equal. It isn't. This
| is the same basic idea as "I can't afford to not run Windows,
| because everyone else runs Windows" - it's a fundamental
| misunderstanding on your part that leads you to assume you're the
| victim, and you're powerless. If your email is being silently
| dropped, then you need to tell the recipients that they need to
| 1) complain to their provider, and / or 2) find real,
| deterministic email services. I've told many people that I'm not
| responsible for overzealous spam filtering, and I provide proof
| that the email was delivered. It's on them after that. "But I
| can't afford to do that!" Then smarthost. This isn't difficult.
|
| "One strike and you're out. For the rest of your life." Nope.
| Demonstrably, nope, unless you're letting spam flow from your
| servers for days at a time.
|
| Your recommendations:
|
| "Let's keep antispam measures." Sure, but consider the fact that
| they're part of the problem. Spam filtering shouldn't be
| arbitrary - for instance, I do ZERO content filtering, unless or
| until I can prove to myself that there are no false positives.
| Email with "storage.googleapis.com" URLs? 100% spam. Email from
| random addresses / networks with Gmail Reply-To? Absolutely 100%
| spam. Email from servers with a HELO / EHLO name that doesn't
| exist? Rejected. But keywords? No. That's stupid. I've seen, for
| instance, too many abuse email addresses that don't accept spam
| complaints because of content-based, rather than behavior-based,
| spam filtering. The problem with Gmail is that they do too much
| content based filtering, with no rules and no logs that we can
| see.
|
| "Change blacklisting protocols so they are not permanent and use
| an exponential cooldown penalty." Fair.
|
| "Blacklists should not include whole IP blocks." I disagree. If
| your network neighbors are shitty, then you should 1) ask for
| your IPs to be SWIP'd to you, 2) find a better company that
| punishes spammers / scammers, and/or 3) smarthost.
|
| "Stop blackholing." Yep. But, "No need to bounce every email" -
| 100% disagree. If you're sending so many messages that you're
| overwhelmed by returns, then you're doing something horribly
| wrong. Every email needs a bounce. This is how email works.
|
| "There should be a recourse for legitimate servers." 100% agree.
| I think someone who has the time and resources should take all
| the large providers to court to compel them to have methods for
| correcting interoperability. If Google, for instance, wants to be
| like a utility, then they should be forced to act like one and
| they should have real ways to interoperate. As it is right now,
| it it not possible to reach an actual human at Google about
| anything via email. Every single message goes nowhere. They
| shouldn't be allowed to operate like that, or if they want to be
| arbitrary, they should lose the right to be called RFC compliant
| email and the use of Gmail accounts shouldn't be usable for
| anything public. That's another whole battle, though - why should
| a company get to call themselves an email provider when they
| don't provide reliable, repeatable service? Sigh.
|
| "Email discrimination is not only unethical; it's a risk for the
| industry." Agreed. I think there's already legislation proposed,
| if not already passed, making certain types of communication
| unblockable. It's shitty legislation, but it's a first step at a
| precedent we all need - we need to be able to dictate to large
| corporations the parameters of what they can do and can't do if
| they want to be considered email.
| [deleted]
| tedivm wrote:
| I started hosting my own email in 2004 before finally giving up
| and migrating my email to Fastmail last year.
|
| Besides the problems mentioned in this post the real problem I
| had was dealing with spam. The open source community around spam
| has really degraded over time, to the point where most solutions
| are extremely high maintenance and require regular tweaking.
| Methods that used to work, like greylisting, cause problems when
| dealing with GMail because google doesn't play nicely with it.
| The big spam blacklists have also gotten a bit less trustworthy
| over the years.
| coggs wrote:
| After 30 years running my own MTA I also gave up and moved to
| fastmail.
| noAnswer wrote:
| I started self hosting in 2017. (With a fresh domain. I'm the
| only user.) My sever closes the incoming connection if it
| doesn't has a rDNS or the HELO doesn't match the rDNS. Apart
| from that I have no anti spam measures! Friends and family have
| my firstname.lastname@domain address. Websites and companies
| get a <random>@domain address. So far I have only reserved 3
| spam mails. Two times they got the address from a public
| mailing list I participated. One time it was from a webshop
| that sold or leaked my address.
| azinman2 wrote:
| I've noticed since switching to Fastmail from gmail my spam
| filtering is very problematic. I always end up with legit
| emails in spam, and I just can change if I want even more legit
| in spam or more spam in inbox, which still gets through.
|
| I think it's both a tough problem, as well as something that
| only becomes easier when you have both talent and scale to have
| a wide perspective.
| beprogrammed wrote:
| Know what will kill self-hosted email? Giving up and hosting your
| email with the big guys, the less self hosted email servers there
| are the less the big guys feel any requirement to support it
| kmeisthax wrote:
| >In many countries politicians are forced to deploy their own
| email servers for security and confidentiality reasons. We only
| need one politician's emails not delivered due to poorly
| implemented or arbitrary hellbans and this will be a hot button
| issue.
|
| "I just the other day got... an Internet was sent by my staff at
| 10 o'clock in the morning on Friday. I got it yesterday!", as Ted
| Stevens would say.
|
| Unfortunately the man said this as part of a massive, uninformed
| speech[0] about why big tech[1] needs _less_ regulation.
|
| [0] https://en.wikipedia.org/wiki/Series_of_tubes
|
| [1] Comcast inclusive
| Avamander wrote:
| > Unfortunately the man said this as part of a massive,
| uninformed speech about why big tech needs less regulation.
|
| Sometimes they'll regulate themselves to avoid the exact
| problem you've cited.
|
| https://www.fec.gov/files/legal/aos/2022-14/202214R_1.pdf
| sk55 wrote:
| We need new protocols. Blockchain protocols can somewhat solve
| the spam problem by charging to send. Receiving addresses can
| also whitelist or charge to receive.
| fay59 wrote:
| How does one verify that their server has never ever sent spam,
| for instance through a security breach?
| m3nu wrote:
| Have around 100 users on my self-hosted mailserver. Works alright
| for the most part. Once or twice a year, there are connection
| issues to small companies with weird settings. I just route those
| over an external ESP.
|
| Then there is also mxroute.com, which is an indie email provider.
| He seems to do fine too. Didn't use them yet.
|
| So I think having at least some sending volume is key to running
| an indie server. You can't do it just for a few mailboxes/users.
|
| I still wouldn't recommend to learn or start with email in 2022.
| There are better uses of your time.
| hammyhavoc wrote:
| _He_? Is it a one-man-band? If so, that 's a scary single point
| of failure for something as critical as your email.
| m3nu wrote:
| Nah, he should have some staff. I just know the founder
| ("Jar") from forum posts.
| rospaya wrote:
| RBLs and other blacklists have been annoying for decades, even
| more so when they were maintained by annoyed individuals rather
| than corporations like today. You had to beg a single person to
| remove you off a list that an ISP somewhere used without thinking
| twice about it.
| dsr_ wrote:
| I can't send mail to mit.edu addresses. It gets rejected with a
| message that says I should talk to Microsoft.
|
| I frequently end up in GMail's spam folders. No idea why.
|
| I see no more than one piece of 'spam' a week; everything else is
| caught by a combination of a 15 minute greylist, the zen spamhaus
| BL, and SpamAssassin evaluating things. There are a bunch of
| spammers who send from accounts with valid SPF and DKIM, by the
| way.
|
| Spam is a reasonably solved problem, but SPF and DKIM aren't much
| help.
|
| (I get lots and lots of business spam, where the sender clearly
| believes that they have a right to try to sell me crap. The
| difference is that if I respond to business spam, someone will
| answer, trying to sell me crap.)
| massaman_yams wrote:
| I might be reading into this a little, but you seem to be
| arguing that "Spam is a reasonably solved problem at my scale,
| therefore spam is a reasonably solved problem at global scale",
| and those are very different things. One of the key differences
| is: a small domain like yours is multiple orders of magnitude
| less attractive of a target, vs. Gmail, and as a result Gmail's
| filters are subject to constant, high-volume adversarial
| attacks, and you are not.
|
| SPF and DKIM are pretty explicit in their RFCs that passing
| authentication isn't a sign the mail is legitimate. The
| presence of passing auth in a message does change how filters
| should handle it, but for most larger-scale production
| filtering systems (not spamassassin) that mostly ends up as
| "change the weight of certain reputation identifiers in the
| spam filtering inputs", more or less.
| rsyring wrote:
| SPF/DKIM are not intended to prevent people from sending spam.
|
| They are intended to let a domain owner tell other email
| providers what servers have the right to send email from that
| domain (and sign email).
|
| I can send email all day from joboffers@google.com. But most
| email providers will check SPF and see that my VPS IP is not
| authorized by google.com to send email, and it will go to spam.
|
| Those standards wouldn't keep me from registering example.com,
| setting up SPF correctly, and then spamming. There are other
| techniques to filter out that kind of behavior.
| Symbiote wrote:
| > I can send email all day from joboffers@google.com. But
| most email providers will check SPF and see that my VPS IP is
| not authorized by google.com to send email, and it will go to
| spam.
|
| Actually, it will be discarded completely.
|
| Google's DMARC policy is for mail from unrecognized origins
| to be rejected: host -t txt _dmarc.google.com
| _dmarc.google.com descriptive text "v=DMARC1; p=reject;
| rua=mailto:mailauth-reports@google.com"
|
| p=quarantine would send it to spam.
| jacobsenscott wrote:
| It was a huge mistake for email receivers to take on the cost of
| filtering spam. Of course given the evolution of the internet and
| email it is easy to see how that mistake happened. Nobody had a
| crystal ball. But the only solution here is to raise the cost of
| sending email to the point where spam is no longer profitable.
|
| It seems like one solution is to bcrypt hash (or some similarly
| expensive algorithm) the email and include the hash in a header.
| Of course you need to hash per receiver or a spammer can just
| hash it once and spam away.
|
| The receiving client hashes the email and compares the result
| with the value in the header and discards emails that don't
| match.
|
| You'll never get industry buy in though - the FAANG companies
| don't want to pay that cost for their semi-legitimate email. They
| prefer to keep that cost externalized.
|
| I believe there have been attempts at something like this, but it
| clearly never went anywhere.
| kortex wrote:
| That is a clever idea but I think it'll still fail so long as
| email (SMTP) is a fire-and-forget architecture. As long as you
| have that asymmetry, your SNR is going to suck.
|
| If it were a back-and-forth protocol, more like TCP, then you
| have way more options for congestion control, error reporting,
| load balancing, and the like. The server can choose to accept
| the incoming request, ask for more verification, or interrogate
| the client in various ways. This could be something just like
| DKIM / DMARC / SPF, or even something more exotic, like making
| the client do proof-of-work with difficulty tied to how
| suspicious that client is to the server, and also the delivery
| scope/scale. Or forcing the client to wait for ACK for valid
| delivery while slow-walking it.
|
| This gets around some of the issues in cousin comments, with
| respect to punishing botnets and rewarding lawful players.
| Established, high-trust players pay no cost. Suspicious players
| can still get through, albeit with a tax (that should be
| trivial for low-volume personal MX, but expensive for high-
| volume spam). Furthermore, it's adaptable.
| Avamander wrote:
| > If it were a back-and-forth protocol, more like TCP, then
| you have way more options for congestion control, error
| reporting, load balancing, and the like. The server can
| choose to accept the incoming request, ask for more
| verification, or interrogate the client in various ways.
|
| That's basically what graylisting aims to achieve.
| kortex wrote:
| Yeah, this is essentially a form of greylisting. The
| difference is (as I understand it, this is fairly outside
| my domain), with the current setup, MTAs can accept an
| email, and it ends up getting blackhole'd or spam-folder'd
| anyways. My hypothetical scheme would put more onus on the
| first "boundary node" to report on errors/compliance.
| Basically the MTA tells the client what hoops to jump
| through, and the client gets some indication what will
| happen once those conditions are met.
|
| That could be an exchange like: "Sign this nonce, and your
| message will be vetted", or "this is very suss, you have to
| do X difficulty hashes to have any chance of delivery, and
| regardless it'll be flagged as potential spam". Or perhaps
| just a guarantee on how an action would affects the
| message's "spam score".
|
| This could be used alongside nested packets/envelopes and
| various headers/trust levels in a network of trust to give
| a message some overall trust level.
| kevincox wrote:
| The problem to adding a cost to email is that it affects
| everyone. The amount of CPU power you need to waste to make
| most spam not viable is so much that it isn't worth it.
| Groxx wrote:
| It definitely does not - you can allow different work loads
| for different senders. Mailing lists you actually want can be
| dropped to zero for instance.
|
| Most spam comes from new address pairs, not existing ones.
| Requiring high cost to get past a first-contact filter, then
| near zero forever after, is completely reasonable and would
| practically eliminate unsolicited spam.
| kevincox wrote:
| But now the sender needs to know the receivers policy and
| if they remember that there has been contact before. Or I
| guess you change SMTP but we still allow unencrypted
| connections so good luck with that.
| Groxx wrote:
| For newsletter style stuff, nah. The "confirm your
| registration" email can "pay" to get past the wall, and
| then you're done - approved pair established, future
| letters can probably be zero cost and everyone receives
| the same one.
|
| I wholly admit that this is arguing theoretical setups
| and that's always problematic, but _of course_ patterns
| would be established pretty quickly. There are loads of
| simple tactics that would still make spam dramatically
| harder, and legitimate use nearly unaffected. The current
| reputation system has clear, _massive_ gaps that really
| don 't need to exist.
| SoftTalker wrote:
| Most spam is sent by hijacked machines and botnets is it not?
| They don't care about wasting CPU power; they aren't paying
| for it.
| klibertp wrote:
| This indeed looks like a good direction. A decade ago Freenet
| (not sure if it still exists?) had a problem with spam on its
| equivalent of USENET. It was pretty bad, until they changed the
| protocol so that it's the sending node that keeps the message,
| which is then pulled (or not) by the recipients. It made a lot
| of sense to me: I'm the one sending you the message, I want you
| to see it, while you don't even know whether you want to get
| that message. So it's me that should pay for storage and
| propagation of the message in terms of bandwidth and disk
| space. Not sure how it turned out in the end, but the approach
| seems right to me. It's like phone calls: it's the caller that
| pays the cost, not the one receiving the call.
| klabb3 wrote:
| Wow that's ingenious - and obvious when you think about it. I
| guess evolving the email standard is a much bigger obstacle
| though, no matter how clever the proposal.
| flomo wrote:
| An attempt was made.
|
| https://en.wikipedia.org/wiki/Internet_Mail_2000
| pas wrote:
| it's ridiculously easy to create a template that is stored
| and when the remote client pulls the message only a few
| variables has to be substituted. it's how spam is generated
| after all :)
| barrkel wrote:
| Something different: a hash which is expensive to calculate but
| cheap to verify. E.g. calculating a string of bytes to append
| to a hash stream on order to produce a hash with a certain
| number of leading zeros; you provide the hash and the bytes,
| and it's trivial to verify.
| amelius wrote:
| Not good from an energy-wasting perspective.
| zootboy wrote:
| There were proposals for this sort of thing a while back, but
| they never caught on:
|
| https://en.wikipedia.org/wiki/Hashcash
| quickthrower2 wrote:
| Like cryptocurrency this will be a moving target. You would
| need a difficulty setting - but where as cryptocurrency only
| has to track one thing "total hash rate" this would need to
| track two things "minimum supported hardware for legit
| sender" and "hardware threshold for attacker to be successful
| with a mining rig they can afford, based on the income from
| the spam".
|
| Each email provider might come up with different difficulty
| levels based on what they thing this is. So some handshaking
| might be required. And less computer literate people would be
| stressed why their email is taking 6 minutes to send. I think
| it would be hard to implement.
| heckelson wrote:
| yeah, I believe it is called "HashCash" and works similarly to
| "proof of work" in cryptocurrencies
| seabrookmx wrote:
| HashCash is actually referenced as part of the inspiration
| for Bitcoin by Satoshi themself. It's the birthplace of proof
| of work.
| xtracto wrote:
| Right, I can't believe people are re-discovering HashCash. It
| was a brilliant idea way ahead of its time. Sadly it was not
| adopted for email.
| drchiu wrote:
| A big problem with the way the big companies fight spam is that
| sometimes it is a bit too aggressive. Happened a couple of times
| where legitimate government-agency emails had trouble getting
| through.
|
| Personally, I prefer defining my own spam list rather having an
| algo decide what pops into my inbox.
| thewebcount wrote:
| Totally naive questions:
|
| Could we come up with a new protocol (possibly based on
| SMTP/IMAP/whatever), that would only guarantee to get your email
| to its recipient if you included some sort of token generated by
| the recipient and given to you? Something where you could
| text/message/whatever a unique token to a friend/business/etc.
| and then they can send you email? And if you email someone, your
| outgoing email includes the token necessary for them to reply?
| The contents (including who it's being sent to) would be
| encrypted by default rather than being plain text that anyone in
| between sender and recipient (or at least sender and recipient
| servers) could read. Is something like that possible?
|
| Obviously at first nobody would have it implemented, so you'd
| have to get developers interested in writing server and client
| software, and convince people and companies to use it instead of
| or in addition to regular email. But I wonder how many people
| would be interested in such a system and whether it would be
| workable?
| david927 wrote:
| Seems like we need to write a law (draft a bill).
| reuven wrote:
| Yeah, I ran my own e-mail server from 1995 until about 10 years
| ago. It used to be fairly simple, but between incoming spam and
| attacks, the various standards that were developed, and my e-mail
| not getting through... this became a problem that was worth
| paying someone a few dollars a month to solve for me.
|
| I still use my own domain, but I'll let actual delivery and
| security experts deal with the day-to-day running of things,
| while I run my business (which definitely isn't that).
|
| It was a bit sad to give up, but the time and frustration it
| saved have been more than worthwhile.
| jitbit wrote:
| > You can no longer set up postfix to manage transactional emails
| for your business
|
| Well, actually you can. But it's _tough_ :
| https://news.ycombinator.com/item?id=20553028
| teddyh wrote:
| E-mail is complicated, sure. But I've had it up to here with
| people who give up running their own server and then go on to
| vastly exaggerate how infeasible it is, in order to placate their
| own conscience. It's not that they've gotten tired of doing it,
| oh no; (they say,) it's entirely the fault of Google, Microsoft,
| etc. who've made it literally _impossible_ to run your own e-mail
| server. Except it's not _impossible_ - lots of us do it, still.
| And now there's one fewer of us, so the rest of us have to work
| that much harder when the next monopolizing standard comes along
| (BIMI, anyone?). Sure, you don't _owe_ us anything, but thanks
| for nothing when making these public rants; you are _scaring
| away_ people who might still be inclined to help!
| Avamander wrote:
| How is BIMI "monopolizing"? It's a trivial DNS record.
| teddyh wrote:
| https://news.ycombinator.com/item?id=28196403
| Avamander wrote:
| There's the catch - VMCs are not a mandatory part of BIMI.
| Though if you want to establish _trust_ , someone has to be
| willing to put their name on the line and verify everything
| required. If you have a better approach in mind, I'm sure a
| lot of people would love to know.
| teddyh wrote:
| Trust (by way of VMC) is the _whole point_ of BIMI; it's
| what's in all the marketing copy: The fact that nobody
| else can send mail with your logo. If you merely wanted
| to send e-mail with your icon on it, that already
| existed: the X-Face header has been around for decades.
| Avamander wrote:
| Absolutely not, BIMI is a way to provide brand identity
| for recognition/marketing purposes. Trust or security is
| not the standard's goal. Being able to trust the logo is
| an optional extra.
|
| Also nobody really uses X-Face, it's irrelevant.
| teddyh wrote:
| You're talking nonsense. What is the improvement of BIMI
| (without VMC) over X-Face? The only things I can think of
| are:
|
| 1. BIMI logos are in color.
|
| oh yeah, and:
|
| 2. BIMI logos are inherently a tracking pixel so the
| sender can see when readers read the mail.
| Avamander wrote:
| You are free to read the BIMI standard's section 2.1
| containing its high-level goals.
|
| The next section also literally says "This document does
| not cover the different verification and reputation
| mechanisms available, but BIMI relies upon them to be in
| deployed in order to control abuse." It's not a standard
| meant for establishing trust, it does not mandate
| requiring a VMC.
| teddyh wrote:
| Just like with e-mail, it doesn't matter what's in the
| standard, what matters is what the big providers actually
| do. If Google (Gmail), Microsoft, etc. will simply show
| any BIMI logo without VMC verification (which will never
| happen), then I will concede that BIMI is not a
| monopolizing standard. It'll just be a tracking pixel.
| Avamander wrote:
| Showing any BIMI logo is an absolutely unreasonable thing
| to demand from a large-scale BIMI implementation. It does
| not make it "monopolizing", I don't think you even know
| what the word means.
| teddyh wrote:
| So VMC _isn't_ optional?
| Avamander wrote:
| Is it that difficult to grasp that there's a "depends"
| option between "optional" and "not optional"?
|
| Nobody really forces you to use HTTPS either, it's not a
| "monopolizing" standard if someone doesn't trust you
| without.
|
| And again, if you have a way of establishing just as much
| trust without such a labour-intensive/expensive
| verification process, please do share.
| teddyh wrote:
| When the big providers all require VMC to show BIMI, then
| VMC is not optional, no matter what the spec says.
| Claiming it is optional is then disingenuous.
|
| As I said in the linked post, logo verification is not a
| problem which can be solved. Identical trademarks can
| _legitimately_ be issued in different fields, and both
| still be valid. Let's say you are a brick manufacturer,
| and have paid an arm and a leg to a VMC certificate
| authority (previously a HTTPS EV certificate authority)
| for your logo, a nice iconic square logo. Then someone
| else can simply come along, register a flower shop in
| another country, use a different VMC issuer and get an
| _identical logo_ issued to them. They can now send e-mail
| invoices to your customers with your logo on it,
| legitimately obtained, and the BIMI system will have
| trained your customers to trust your logo.
|
| Any fix for this you try to implement will make the
| system even less usable for its stated purpose, or more
| suited to only large players and unusable in practice for
| smaller operators.
| Avamander wrote:
| > When the big providers all require VMC to show BIMI,
| then VMC is not optional, no matter what the spec says.
| Claiming it is optional is then disingenuous.
|
| What do you mean "no matter what the spec says", it _is_
| the spec we 're talking about. It is what you argued
| against several times.
|
| If you had started with saying "big providers'
| implementations of BIMI", then it wouldn't be wrong to
| say it's required but it's still not "monopolizing".
| Requiring you to prove your claims using a third
| unrelated party is simply not that.
|
| > As I said in the linked post, logo verification is not
| a problem which can be solved. [...] and the BIMI system
| will have trained your customers to trust your logo.
|
| There are caveats to each system. It does not mean the
| problem is not solvable to a large extent.
|
| Secondly, it's pretty clear who to jail for the attack
| described. I'd say it's even a positive side of the
| system if that's the type of attacks we'd get.
|
| > Any fix for this you try to implement will make the
| system even less usable for its stated purpose, or more
| suited to only large players and unusable in practice for
| smaller operators.
|
| That's simply not true. The price of a VMC is really not
| that high for any business that doesn't only employ one
| man and his dog.
| teddyh wrote:
| > _If you had started with saying "big providers'
| implementations of BIMI", then it wouldn't be wrong_
|
| That's just splitting hairs.
| arriu wrote:
| I'm genuinely interested. Where would you recommend a newcomer
| starts?
| IronWolve wrote:
| Not seeing anyone talking about email lists, now you need to buy
| a mailchimp type service, but many mailchimp type companies ban
| political customers if your not on their team.
|
| Setup a private listserv or mailman use to be easy, but now you
| need to have a smtp provider in front, or you will quickly get
| blacklisted. Even then, get too big, and you will trigger some
| email email providers.
| toun wrote:
| The topic often comes up. Can't say I share the experience. My
| servers have never been put on a blacklist in the 7 years they've
| been running, and one of them operates from my residential DSL
| connection. Standard postfix+dovecot stack on an Archlinux VPS, I
| log in once a year to update the packages and make sure there is
| enough disk space left.
| tacon wrote:
| Essentially all residential IPs are blacklisted for email
| servers, at least on port 25. Many ISPs blackhole any traffic
| on port 25 to residential IPs. Do you have port 25 working on
| your residential connection?
| no_time wrote:
| Just did a test with my own mailserver hosted on a small-ish
| local vps.
|
| Outlook: OK (had to bother with this one when I started out)
| Google: OK iCloud: OK
|
| I have a pristine track record and not a single byte of outgoing
| spam so I cannot attest how easy is it to get back into the game
| after an incident. I do agree with the larger point being made
| here. It is clear some kind of anti racketeering legislation
| would be the only fix. Sadly, currently there is zero will from
| both the EU and the US to fix any of these blatant anti
| competitive issue on the internet.
| tacon wrote:
| My experience is that Outlook will accept email from a new IP
| ... for awhile. But rather quickly they block it. I think they
| watch for a commercial amount of traffic, enough to get a
| reputation from various services. Not enough traffic for a
| reputation? Very suspicious, adios... How else would legit
| commercial email senders bring up a new server?
|
| From the MailOp commercial mailers mailing list, it seems
| Outlook will eventually unblock you, but you have to keep
| appealing, etc., for multiple rounds.
| seomint wrote:
| Completely agree this is anticompetitive and worthly of
| examination under the light of antitrust laws. Of course the
| defense that will be offered and one which is partially true will
| be one of providing safety from spam, phishing, and other evils
| prevalent in the email system today. Maybe texting is the new
| email after all...
| jwie wrote:
| The range IP bans hit home. Been hit by this more than a few
| times. You don't have to be sending spam, but if someone in the
| range did, ever, you will be blacklisted all the same, and
| treated like a spammer.
|
| The people who run these blacklists are unreasonable. I can
| understand why, they tend to interact with the bowels of the
| internet and the heuristic is effective. Usually people who need
| to talk to them are doing something naughty, so why bother taking
| a chance?
|
| Guilty until proven innocent would be an improvement.
| ironmagma wrote:
| Alright blockchain nerds, now is your time to shine. An actual
| problem that can be attacked through distributed consensus.
| dane-pgp wrote:
| If you insist. I put my suggestion as a reply to another
| comment in this discussion, specifically here:
|
| https://news.ycombinator.com/item?id=32717921
| type_Ben_struct wrote:
| I relate to this. I also stopped hosting my own mail server for
| this exact reason.
|
| However I do think it's a case of damned if you do damned if you
| don't. As a consumer of big tech email I become equally
| frustrated when spam makes it past the filter and I expect them
| to do more.
|
| If it's easy for the average person to setup a mail sever with
| high reputation then it's easy for spammers to do the same. I
| can't think of a great way to manage this at scale for the
| average person using a $5 a month Digital Ocean VPS sending < 10
| emails a month.
|
| One thing I have noticed is that there's still a load of large
| organisations failing to implement basic deliverability best
| practices like SPF records. These organisations have themselves
| to blame.
| lolinder wrote:
| The paradox here is the same one patio11 discussed in "The
| optimal amount of fraud is non-zero", on the front page
| yesterday [0]. The more non-tech people have an email address,
| the more we have to prevent fraudulent email, and the harder it
| becomes to run your own email address.
|
| The original email users were much more savvy and needed less
| protecting against fraud. Now my grandma has an email, and if
| we're not careful she ends up on the phone with "Microsoft
| customer support" giving them full access to her computer. Spam
| filters aren't just a question of irritation anymore, people's
| life savings are at risk.
|
| [0] https://news.ycombinator.com/item?id=32701913
| gpapilion wrote:
| I actually would rephrase it as there weren't enough users
| with money to make using email a worthwhile scam medium.
|
| Email is low trust and almost any user is susceptible to
| being scammed, because there aren't good trust markers in
| emails, and companies use it in ways that make it
| indistinguishable from spam.
| lolinder wrote:
| I think both are true. The kinds of scams my grandparents
| (and even parents) fall for are trivially recognizable as
| scams to me. It takes more work to defraud someone who
| knows more about the way thing are supposed to work.
|
| But yes, it's definitely still possible for anyone to fall
| for more sophisticated scams, and there being more money to
| be had is a huge part of it. Either way the effect is the
| same: more protection is necessary than was before.
| mikece wrote:
| " This concept may sound familiar to you. It's called a racket."
|
| Wouldn't RICO statutes apply then?
| manquer wrote:
| The author is confusing not being independent one person setup
| friendly to an oligopoly.
|
| There are plenty of ISPs that offer email services , plenty of
| small businesses, government orgs, universities host on their
| own, most have no problems .
|
| Email is still very much small business friendly, it is no
| longer easy for indie one person setups anymore.
|
| Many industries are not one person shop friendly , that is just
| nature of the industry, doesn't make it a racket
| iamgopal wrote:
| We need kubernetes level of distributed messaging system to beat
| email. What's most popular next option?
| hammyhavoc wrote:
| Matrix protocol. Can be bridged with existing platforms and
| protocols, including Facebook Messenger, WhatsApp, and email.
| 60m+ publicly addressable users, not including EU military,
| gov, healthcare, emergency services et al.
| tomxor wrote:
| > There should be a recourse for legitimate servers
|
| ... one of the "big three" being google, this will never happen,
| there is no recourse in anything, even when you pay them for it.
| betwixthewires wrote:
| I know a lot of older guys will disagree with me here, the guys
| that use mailing lists to work on FOSS projects, many of whom I
| respect very much, but I think email sucks. I only use it for the
| same reason I have a phone number: because some people need me to
| have one in order to contact me.
|
| I don't like email. I think the problems with it are shortcomings
| of the protocol. I'd rather not use it. But I do, as a last
| resort contact method.
|
| For me, people that use email are like people that primarily
| communicate over SMS. If I need to talk to you and that's all
| you'll use, I can. But if there's another way to talk to you I'd
| rather use that. Xmpp, matrix, signal, shit even telegram and
| discord if I have to, are preferable to SMS or email. But
| otherwise, yeah I have some email addresses and a phone number if
| you insist on doing things that way.
| taf2 wrote:
| I like a lot of what's being discussed here. One thing to
| consider is a similar problem I am facing is people trying to
| hack into a login page. We see thousands of requests per minute
| from different IPs... many from VPS, some from obviously hacked
| TVs/devices. We could implement an exponential back off on
| abusive IPs but detection requires observation of action that
| action could result in a compromised account... so another idea
| is we simply block large ranges of know bad IPs from
| blacklists... I think this is similar to the email sending
| issue... it's not fair and I think a solution could be some kind
| of "block chain" - make it expensive to login... make it
| expensive to send an email... but I'm not sure and for email it's
| way harder because you need agreement from the oligopoly of email
| providers... not sure what the solution is
| secabeen wrote:
| The general rule of thumb for my home server is that messages to
| people I've contacted before, or to addressees that were in a
| thread that I'm also part of get delivered reliably. Messages to
| new people I've never emailed before often go to spam. I've
| learned to accept this.
| tambourine_man wrote:
| The biggest challenge is in the sending.
|
| If, for whatever reason, Gmail doesn't like your setup, even if
| it's 100% according to specs, it's effectively broken. And
| there's no one to resort to, often no previous relevant search
| result, because the errors are vague when not silent (you don't
| get to know the email was hard rejected, i.e. has not even
| reached the recipient's Spam box).
|
| Your only hope is for your complain to go viral on HN or
| Twitter and some Googler takes pitty on you.
| daitangio wrote:
| I am still hosting my emails via docker mailserver[1] I got some
| trouble with outlook.com bans, but Linode helped me to switch to
| a "good" ip address and it is working fine for now.
|
| I will try ti resist as much as possible, because email is your
| primary identity "link" on the Internet, and you deserves to own
| it if you want.
|
| [1]: https://gioorgi.com/2020/mail-server-on-docker/
| Kim_Bruning wrote:
| It should be possible for everyone to participate in internet
| systems equally as peers.
|
| Somehow it seems like the Overton window has shifted such that
| people find it acceptable that ordinary individuals can no longer
| take part in the email infrastructure as equal peers.
| tsimionescu wrote:
| Spammers are also equal peers, and are a huge problem. The
| concept of every computer being an equal peer is in fact part
| of the problem with email.
| ttul wrote:
| My company exists to solve this problem at scale for the web
| hosting industry. It's too bad that self-hosting isn't viable
| because of IP reputation problems, but it's a reality that is
| unlikely to change any time soon.
|
| I'd say if you want to continue self-hosting, just let go of the
| delivery part. Use a service like SendGrid; it probably won't
| cost you anything and it's easy to set up.
| TekMol wrote:
| It would be possible to solve the spam problem once and for all
| with a crypto currency: if (Sender is
| whitelisted by receiver): All emails arrive in the inbox
| else: Sender has to send $1 for their email to arrive in
| the inbox The $1 will be returned if the receiver
| replies
| neilk wrote:
| e-postage, knows-SMTP-4, knows-SMTP-5 ->
| https://www.rhyolite.com/anti-spam/you-might-be.html
|
| We have cryptographic identity in SMTP already. In fact, almost
| all our protocols and formats for signing and identity were
| first adapted from email standards. This has already failed.
|
| "You might be an anti-spam kook" does need to be updated to
| also include cryptocurrency solutions. You're neglecting the
| transaction costs associated with cryptocurrency, which might
| be punitive both for senders and for those attempting to
| collect the spam bounty. Of course the big email providers
| could aggregate settlements... but now we're back to having big
| email providers.
| fortran77 wrote:
| > "You might be an anti-spam kook" does need to be updated to
| also include cryptocurrency solutions
|
| I was scanning this thread to see if someone would post that
| old copypasta email solution checklist form again.
|
| Here's one version: https://craphound.com/spamsolutions.txt
| akmittal wrote:
| I will stop replying to my mail for sure
| dinosaurdynasty wrote:
| I think ideally replies would have a token to bypass it
| (since replies are expected)
| eli wrote:
| This was a bad idea when it was first proposed 30 years ago
| rekrsiv wrote:
| Why are we still using email?
|
| No, I'm serious, why?
| userbinator wrote:
| One of the few means of online communication that isn't a
| proprietary walled garden?
| rekrsiv wrote:
| So in the few other means of online communication that aren't
| proprietary walled gardens, what else we got?
| dane-pgp wrote:
| IRC, XMPP, and Matrix (in increasing order of support for
| E2E crypto).
|
| I'm not sure how well those protocols (as implemented, in
| practice) support clients that go offline for long periods
| of time.
| sys_64738 wrote:
| 1999 was a pretty late adopter to the self-hosting email cause
| since it was pretty apparent since 1997 that free email was going
| to win out. As Gmail filters get smarter then it becomes an
| altogether more fruitless cause. Email hosting at the individual
| level died out for most due to this and the pointless rivers of
| spam you had to deal with. If you've only now come to the
| realization that you can't make it then you've been wasting a lot
| of your life.
| tamsaraas wrote:
| Sad, but true...
| aeharding wrote:
| I have self-hosted my personal email account for years without
| issues. At some point early on I started relying on AWS for
| sending emails, but that can be easily switched out or removed at
| any time (and its free for my small volumes of sent emails).
| renewiltord wrote:
| Honestly wish there were a mode where you pay me $x to send me
| email and I can sort by spend.
| hammyhavoc wrote:
| The name evades me, but this was a thing a few years back.
| IIRC, it was the equivalent of what a stamp for an envelope
| would cost, and the recipient got a chunk, as did the service
| provider. Will try and find the name for you, but AFAIK, it's
| no longer doing business.
| the_third_wave wrote:
| Would that be Hashcash you're thinking of?
|
| http://www.hashcash.org/
| hammyhavoc wrote:
| Alas not! Much more recent, had a very polished of-its-era
| SaaS style website. IIRC, you might have even been given a
| specific email address for it, which then forwarded to your
| chosen personal address.
| andai wrote:
| >You cannot set it up on your own datacenter.
|
| There are still new email providers appearing every few years
| right? What special incantations are they performing to be
| allowed in the club? Do they buy large IP ranges? Do they pay
| protection money to Google et al?
| structural wrote:
| They buy their own IP range, establish their own AS, and pay
| for peering/bandwidth as an independent network and not as a
| single user/customer on someone else's network.
|
| This is fairly straightforward to do, but requires more
| commitment than renting some CPU time and bandwidth on someone
| else's machine.
| Morizero wrote:
| Totally agree with the tone & premise, but
|
| > At some point your IP range is bound to be banned, either by
| one asshole IP neighbor sending spam, *one of your users being
| pwned*,
|
| feels like a hint that
|
| > My current email server IP has been managed by me and used
| exclusively for personal email with zero spam, zero, for the last
| ten years.
|
| Might not be entirely accurate.
| rkagerer wrote:
| _Nowadays, if you want to build services on top of email, you
| have to pay an email sending API which has been blessed by others
| in the industry ...
|
| This concept may sound familiar to you. It's called a racket._
| jasode wrote:
| The sweet spot for having control over your email while
| simultaneously minimizing unforseen headaches is to simply own
| your domain name and point the MX record to whatever hosting
| provider you want instead of self-hosting a server at home.
|
| Same philosophy for exposing a your personal blog of html files
| or content like mp4 videos. The sweet spot is to focus on buying
| a domain name you control. Then let Amazon S3, or Cloudflare,
| Hezner etc, host your html or mp4 files.
|
| I quit self-hosting email at home over 15 years ago. It's just
| not something I want to babysit anymore because I have other
| things to focus on. As long as I control the MX record on my own
| domain, that's really all that's necessary.
| mechanical_bear wrote:
| It isn't about what's convenient for you. It's an individual
| cost benefit analysis. Your needs are different than mine.
| mordae wrote:
| You are totally missing the simple fact that the number of
| blessed email providers to choose from is slowly going down.
| I've seen ISPs with thousands of clients to give up and move
| the mailboxes to large players simply because their clients'
| email was ending up in the spam so often that running the
| support has gotten too expensive.
|
| It's definitely an anticompetitive practice.
| api wrote:
| It's just because of spam. All open systems that do not
| impose a cost to participate are destroyed by spam.
| bbarnett wrote:
| Spam has been a thing forever. Literally forever. Yet
| people have been dealing with spam far better than the big
| boys, and doing so for decades.
|
| Want to talk about anti-competitive? Gmail will accept
| mails, provide a 250 SMTP response, then drop the email
| internally.
|
| That's not right. At all. You can reject the email easily
| during SMTP exchange, and people have been doing that
| literally for 20+ years.
|
| No valid excuse here. None. Zero.
|
| And if your 250 OK accept then drop the message, _and_
| provide no way to notify, or discuss, or find out why, you
| make it impossible for a remote admin to fix the problem.
|
| This is 100% on purpose. Yahoo, outlook/hotmail, gmail,
| collude to resolve issues like this, while blocking all
| others to resolve issues their own purposefully broken
| policies cause.
|
| If you see Alphabet with a policy, or action, you can be
| 100% sure it is aligned to increase market dominance.
| antod wrote:
| Agreed. It's the increasing difficulty in getting things
| delivered to the big providers making it harder rather
| than spam.
|
| At this rate, eventually we'll have a handful of mail
| senders (Mailchimp, Sendgrid), and a handful of mail
| receivers (Google, MS).
| ratata wrote:
| True. But they are not calling for a completely open
| system. I like this proposal from the author.
|
| > Change blacklisting protocols so they are not permanent
| and use an exponential cooldown penalty. After spam is
| detected from an IP, it should be banned for, say, ten
| minutes. Then, a day. A week. A month, and so on. This
| discourages spammers from reusing IPs after the ban is
| lifted and will allow the IP pool to be cleaned over time
| by legitimate owners.
|
| > There should be a recourse for legitimate servers. I'm
| not asking for a blank check. I don't mind doing some
| paperwork or paying a fee to prove I'm legit. Spammers will
| not do that, and if they do, they will get blacklisted
| anyways after sending more spam.
|
| But Big Tech will not do that because they will gain more
| from eliminating the competition.
| tinus_hn wrote:
| Spam has been been fought for decades, you can rest
| assured any obvious solution has been tried and either
| doesn't have the desired effect or is impossible to
| implement.
| cowtools wrote:
| I think we ought to move email (or some future
| incarnation of email, like matrix) to a completely
| whitelist (opt-in to receive messages) basis.
| KoftaBob wrote:
| That's essentially how www.hey.com works! I thought it
| would be tedious at first, but I don't mind it, and it's
| done a great job of making it so I only see what I want
| to see in my inbox.
| pas wrote:
| signup confirm emails are like that.
|
| similarly, any "hello pls add me to your allow-list"
| emails could be made auto-disappear to the "will be
| deleted in 30 days" folder in ~10-15 minutes, so even if
| you get a 100 spam messages per day you only see the last
| of those, you can easily pick what you are looking for,
| and don't worry about the rest, they'll just disappear.
|
| (and you still have 30 days to look for messages that
| might be interesting/important/etc.)
|
| ...
|
| the real missing piece is the feedback mechanism. DMARC
| is meh. of course large senders have implemented FBL, but
| they are not available for mere mortals.
|
| https://en.wikipedia.org/wiki/Feedback_loop_(email)
| cowtools wrote:
| signup confirm emails are not what i'm describing,
| because you need to establish and filter the initial
| offer that they send you via email itself, which is still
| prone to phishing.
|
| What I'm describing is a situation where users themselves
| have to proactively subscribe to a connection using some
| sort of out-of-band mechanism. For example, if a website
| wanted to send you emails, they could produce some sort
| of "connection ticket" that you can give to your email
| client in order to subscribe to them.
| pas wrote:
| I know, but anything out of band won't really work,
| because that can be phished even more, plus as described
| above, there's no real need for it either (IMHO).
| franga2000 wrote:
| This makes sense for service emails and is similar to how
| push notification services like Pushbullet work, but
| can't work for humans. You need to be able to give your
| email to someone IRL so they can send you a message.
| Mutual approval would be possible in the "we just met and
| want to exchange emails" situation, but that too breaks
| when you legitimately want to give anyone the chance to
| message you.
| michaelmrose wrote:
| This is useless because users are stupid, people sending
| the mail are stupid, people getting the mail are stupid,
| UI people creating interfaces are so stupid society could
| be improved by putting them in a box and mailing them all
| to some wasteland and hoping they form their own society
| there or starve.
|
| This would result in half the planet being frustrated all
| the time and the other half never getting their mail.
|
| If your goal is to secretly destroy email this is the
| way.
| Javantea_ wrote:
| You ignore the fact that there are perverse incentives
| among the participants. It's possible to implement, and
| I'm doing it myself. If I had more time to spend on it,
| we could end spam. Instead I am fine as is: most of the
| spammers have given up.
| dane-pgp wrote:
| > I don't mind doing some paperwork or paying a fee to
| prove I'm legit.
|
| Then how about this: The big email companies all declare
| one day that any newly registered domain (with an MX
| record) needs to post a bond for good behaviour in escrow
| somewhere. If any of them find the domain being used to
| send spam, they can slash the bond (sending it to some
| charity or something).
|
| This has the advantage that it doesn't affect any
| existing senders (so there's no one to complain about
| it), and it makes transparent the cartel-like power that
| these companies have over email. Perhaps, to democratise
| the process a bit, the ITU could organise a ballot (one
| vote per country) to elect 5 companies/non-profits who
| would have this bond-slashing power.
|
| Unfortunately to implement something like this, they'd
| also probably have to demand that DKIM signing become
| mandatory (so there are cryptographic proofs of any
| evidence of spamming), and this sort of global consensus
| / money processing scheme would probably end up being
| built using a blockchain, whether that was a good idea or
| not.
| hug wrote:
| I can just imagine the headline. "Ask HN: Google sent my
| mail bond to charity for no reason and has torpedoed my
| small business, and I can't get in touch with anyone to
| make it right"
| dane-pgp wrote:
| I can imagine headlines like that too, but the idea of
| electing 5 (or some other odd number of) entities is that
| they would be able to share among themselves the
| cryptographically signed evidence of the spam they
| detected, and then the bond slashing would require a
| majority vote.
|
| So instead, the headline should be something like "Ask
| HN: Google, Amazon, and the Shanghai Cooperation
| Organisation forced me to send $100 of Ether to UNICEF
| and I couldn't send any new emails until I sent another
| $100 payment to my domain registrar. How do I take them
| to the World Court to force them to reimburse me?".
| That's not a great situation, but it's slightly better
| than the status quo.
| IgorPartola wrote:
| Is there any actually money to be made in hosting email
| for people? I genuinely don't know but my suspicion is
| that GMail, Yahoo, Outlook, et al are loss leaders for
| their owner companies. I suspect people at those
| companies would be quite happy if the protocol got
| unfucked enough that it small players could participate
| without negatively impacting the network.
| 0x445442 wrote:
| I gladly pay for Fastmail and I assume they're not
| running a charity. Also, I think hey.com is charging $100
| per year.
| GekkePrutser wrote:
| O365 web costs me 5 bucks per month and I only use it for
| a few emails a week so I doubt it's a loss leader.
|
| If I'd actually use all of it a lot, sure but I don't.
| [deleted]
| dhosek wrote:
| Indeed. I host my domains with dreamhost and it turns out
| that outgoing mail from their servers will get marked as spam
| by Google. The exact same mail sent through a gmail address
| (whether under gmail.com or a custom domain) will be
| delivered no problem (although after the sudden closing of
| legacy free email, I found that emails that I had been
| sending via gmail with my own domain that had been getting
| blocked by spam filters were being delivered when they came
| from a gmail.com address).
| grepfru_it wrote:
| The problem is your outbound mail server does not have a
| good reputation. You also probably do not have a large
| enough swath of IP space to prevent bad neighbors from
| becoming your problem. Lots of tricks to getting your email
| sent reliably to most mail servers. What got me out of
| hosting mail was trying to send an email to a potential
| lead I met at a local meetup. His email was hosted at some
| very small and relatively unknown university, but my email
| was flat out rejected. Something about that moment just
| clicked that it's not worth my time to chase down the
| admins and resolve the problem. I'll just start shunting my
| email through O365. I still selfhost everything else I can,
| but I offload mail management to a provider
| aidenn0 wrote:
| I'm guessing dreamhost has a decent chunk of IP space...
| cameldrv wrote:
| It's more than that. I'm on a mailing list for a social
| organization that I've belonged to for 20 years, and has
| been hosted at the same place for all of that time. I
| have marked hundreds of the messages not spam, and still
| Google sends about 80% of them to spam.
|
| Google does not care even if you have regular
| correspondence with an address -- if the server isn't big
| enough, it's going to spam. The user's wishes or ideas
| about what is or isn't spam are irrelevant.
| killjoywashere wrote:
| > It's definitely an anticompetitive practice.
|
| Or maybe it's an overly competitive protocol? Like playing
| Monopoly. Even a neophyte can end sweeping the game despite
| not understanding any of the underlying mechanics that drive
| the game's outcome. Those remaining mail providers are also
| fighting back the insanity. They 'just' won.
|
| Don't hate the player, hate the game.
| prox wrote:
| I wonder if we can't build a far simpler postoffice app on
| http (self hosted domain space) and have a whitelisted
| encrypted exchange.
| fuzzzerd wrote:
| Of course we can, but good luck getting people to use it.
| They'll keep using what everyone else uses.
| chrismeller wrote:
| Substitute "HTTP" with "SMTP" and you already have that
| today... SMTP in plain text isn't generally used anymore,
| it's always transported over TLS. Of course you can run
| whitelist-only, but how is that ever going to work?
|
| SMTP is text based and we'll defined, so I would also
| argue that the transport being "simpler" is nonsense.
| prox wrote:
| Whitelist is easier. If I added an mail of a friend in
| this system, we can communicate. Everything else goes
| blackhole.
|
| Nothing is easy about email! Having worked for years just
| to get reliable in and outboxes is definitely not
| trivial. Also SMTP is a system out of your control if you
| want anything verified and actually delivered.
| chrismeller wrote:
| Of course whitelist is easier, but how valuable would
| your email be if you only allowed your friends to email
| you? Goodbye order confirmations, subscription reminders,
| recruiter emails, notifications...
| tomohawk wrote:
| A normal company could engage in these practices, but it is
| settled law that a monopolist may not. A monopolist may not
| use their monopoly in one are to supress activities in
| another area.
|
| You can't put these big tech monopolists into the same
| bucket as normal companies. They have way too much power,
| and even when they do not intend to smash things, they end
| up smashing things.
| rnd0 wrote:
| >It's definitely an anticompetitive practice.
|
| yeah, but in this climate what are you gonna do? It's not
| like there's any kinda recourse for monopolistic behavior
| that has any teeth to it.
| srkaplan wrote:
| I just randomly looked at 8 different emails in my inbox. All
| of them were from different email providers (except google
| which was there twice). There's hundreds or thousands of
| email providers you can chose from.
|
| iphmx 1 google 2 kornet 1 linkedin 1 secureserver 1 amazonses
| 1 self hosted university email 1
| redeeman wrote:
| > It's just not something I want to babysit anymore because I
| have other things to focus on
|
| Dont know about you, but I have setup my mailserver years ago,
| and outside of regular OS updates, havent had to touch it.
| Joeboy wrote:
| For me, the issue wasn't that I had to fix it _frequently_ ,
| but that when I did it was urgent, stressful and disruptive.
| Eventually the VDS I was renting had a fatal HD crash and I
| gave up.
| miketery wrote:
| Where is it hosted? Isn't the primary issue being blocked by
| the major providers due to spam filters?
| abdullahkhalids wrote:
| I have used Mailinabox on a Hetzner server for about an
| year. My email delivers to all the major providers.
| However, small providers will occasionally block my email.
| So I continue to use my Gmail address for now.
|
| With small amounts of evidence, I think if my contacts on
| those providers email me first, and I reply to those
| emails, then my domain is not blocked.
| redeeman wrote:
| server4you.
|
| there is one blocklist im aware of that simply
| categorically blocks all their IPs, but thankfully none of
| the "big tech" players use it, so its really of no
| consequence to me
| theturtletalks wrote:
| How do you make sure your emails don't end up in spam?
| redeeman wrote:
| i just have spf+dkim, nothing fancy
| megous wrote:
| That's a recipient's problem.
| lisper wrote:
| > point the MX record to whatever hosting provider you want
|
| You can even have a hybrid solution where incoming mail goes
| directly to your self-hosted server and (some) outgoing mail is
| relayed through a third party.
| mmsnberbar66 wrote:
| What would be the advantage?
| Snild wrote:
| Benefiting from the large provider's reputation in regards
| to spam blocklists etc.
| lisper wrote:
| There are many benefits to running your own server. The
| three biggies for me are:
|
| 1. Control. A third party can change anything about the
| service any time they want, and if you don't like the
| change they made you're screwed.
|
| 2. Expectation of privacy. Because I am not contracting
| with a third party, the government cannot argue that I have
| waived my right to privacy. (As a practical matter of
| course this matters not at all. If the government -- or
| anyone with the right technical skill and access -- wants
| to read your email they will. But if push ever comes to
| shove in a court of law it could matter.)
|
| 3. Spam filtering. I think the whole industry is doing it
| wrong. The Right Way to filter spam is to use your
| _outgoing_ mail as ground truth for what is not spam. I
| have a custom spam filter that I wrote based on this idea
| and it works like a charm. No Bayesian analysis needed. I
| don 't even look at content _at all_. Just the headers are
| enough to achieve >99% accuracy.
| tsimionescu wrote:
| > The Right Way to filter spam is to use your outgoing
| mail as ground truth for what is not spam
|
| Could you elaborate? Does this mean that email from
| people/domains you haven't corresponded with before is
| spam?
| lisper wrote:
| Anything that comes in from an address I have never seen
| before is handled specially. But it's not hard to filter
| out the obvious spam. Just a handful of heuristics on the
| from and subject lines (e.g. if the sender's name
| contains common English words it's probably spam) takes
| care of >90% of the cold calls. The rest I just look
| through manually once a day or so.
|
| I was planning to institute a system where my contact
| page included a special keyword to include in the subject
| line to get past the spam filter, but that has turned out
| not to be necessary so I haven't implemented that yet.
|
| The only remaining case is things like confirmation
| emails for new accounts, but those just get lumped in
| with the other cold calls. They are super-easy to spot
| because I'm almost always expecting them, so they are
| always at the top of the list.
| WretchedEarl wrote:
| > simply own your domain name and point the MX record to
| whatever hosting provider you want
|
| That's not necessarily a sure cure, depending on the hosting
| provider. RoadRunner (Spectrum / Charter) in the US and Shaw in
| Canada won't deliver emails from my domain hosted at Runbox.com
| (or sent directly from the runbox.com domain.) Spectrum's
| bounce message references an error code that translates to
| "Spectrum limits the number of concurrent connections from a
| sender, as well as the total number of connections allowed.
| Limits vary based on the reputation of the IP address. Reduce
| your number of connections and try again later."
| eikenberry wrote:
| There is also a happy medium. Host your own MX servers but use
| someone else's SMTP servers. You have complete control over the
| incoming mail but dodge the filters by using the established
| business for sending mail.
| 1vuio0pswjnm7 wrote:
| This should be made a standard practice.
|
| Third party email providers, the so-called "established
| businesses", get a free pass as sending SMTP servers that are
| accepted by almost all receiving STMP servers. Everyone just
| assumes everything coming from those SMTPs is legit.
| Establishing this "legitimacy" and getting the "free pass" is
| difficult and some have suggested, the third parties may
| employ anticompetive tactics.
|
| However, IMHO the receiving SMTPs is a different issue. Why
| do we let these third parties receive and store our email.
| (Why do our homes have their own mailboxes. Why not use a
| "P.O. Boxes" instead.) Eventually we could move away from
| letting third parties control the receipt of our mail.
| Neither "POP3" nor "webmail" was part of the original concept
| of email.
|
| Today, it is easier than ever to set up overlay networks
| where we can assign our own IP addresses and run our own SMTP
| servers that can communicate directly with other SMTP servers
| on the overlay network. These networks are not open to the
| world, they may only be open to people we know. Much of our
| mail is between people who know each other, e.g., friends,
| family, colleagues. Or businesses that we contact first. We
| can separate different social and business networks on
| different overlay networks.
|
| Anyway, the sending and receiving of mail can be separated.
| We do not need to let a third party control both.
| Animats wrote:
| > Host your own MX servers but use someone else's SMTP
| servers.
|
| Yes. My outgoing email goes out via Sonic's SMTP server, with
| the SPF records to allow it to have a source address of my
| own domain. Incoming email goes to my own domains and gets
| forwarded.
|
| This seems to be trouble-free. The domain is on a cheap
| shared hosting account. I'm not running a server. I own the
| domain, and not though the hosting company, so I can switch
| to another provider if necessary. In 27 years, I've had to do
| that twice, because the hosting provider went out of
| business.
|
| This is easy to do, and I don't have to deal with Google. I
| don't even get much spam. All the spammers seem to be
| targeting the big services now.
|
| I just looked at my spam folder. I'm regularly being offered
| dental supplies, large hydraulic sheet metal bending presses,
| and ammonium sulfate fertilizer. It seems that having your
| own domain now means you get mostly business-to-business
| spam. I subscribe to Machine Design, which gets me some heavy
| industrial marketing, but I have no idea why I get dental
| supply ads. The fertilizer spams, from China, look like a
| scam - there's a fertilizer shortage, so that's a spam which
| might get replies.
| xanaxagoras wrote:
| I do this too with a different provider whose whole
| business is relaying for self hosters. I have had exactly 0
| problems since I started a couple of years ago. Its kind of
| perfect.
| pixl97 wrote:
| It can very much depend on your domain. In the early 2000s
| I ran a domain for a firm and the domain had 'UT' in it.
| Well spammers thought it was related to university of Texas
| at some point and we went from around 10 messages a day to
| over quarter of a million. The immediate issue I has was
| poor back scatter protection so I had to configure that in
| a few days. That stopped 99.99% of the spam, but still
| caused massive issues with the mailboxes that did exist
| getting hundreds of messages per day even though we were
| blocking tens of thousands of mails per valid email
| addresses.
|
| Spammers are miserable, I don't fault anyone for giving up.
| Fuzzeh wrote:
| SPF and DKIM no longer have any real value. Just look at SA
| and the values it assigns by default to mail with those
| headers. Couple that will the fact that spam now has valid
| SPF and DKIM - just makes them pointless.
| sbuk wrote:
| DKIM and SPF, along with DMARC are more about
| authentication - they let you know that the message has
| come from where it says it does. This makes spoofing
| harder, not necessarily spam. Greylisting deals with most
| of the "spray and prey" spammers, though it does have
| it's own issues.
| joecool1029 wrote:
| >I just looked at my spam folder. I'm regularly being
| offered dental supplies, large hydraulic sheet metal
| bending presses, and ammonium sulfate fertilizer. It seems
| that having your own domain now means you get mostly
| business-to-business spam. I subscribe to Machine Design,
| which gets me some heavy industrial marketing, but I have
| no idea why I get dental supply ads. The fertilizer spams,
| from China, look like a scam - there's a fertilizer
| shortage, so that's a spam which might get replies.
|
| I used to have a 'Shirley' email all the time from China
| about elevator parts. It was such a niche kind of spam that
| I eventually replied and requested pictures of a bunch of
| parts. They sent them!
| thaumasiotes wrote:
| > I used to have a 'Shirley' email all the time from
| China about elevator parts. It was such a niche kind of
| spam that I eventually replied and requested pictures of
| a bunch of parts. They sent them!
|
| https://web.archive.org/web/20030412191437/http://www.pen
| ny-...
| dhosek wrote:
| I remember in grad school, one of my classmates being
| upset about getting a porn spam email in Chinese and
| saying, "but don't they know that I'm a _girl_?" I
| pointed out to her that I got the same emails (but had no
| idea what they were saying) and explaining to her that
| they send them to everybody.
| chx wrote:
| Whose SMTP service you'd recommend?
| eikenberry wrote:
| I use zoho.com, $12 a year and I haven't had any issues
| with blacklists.
| butterknife wrote:
| Sendgrid works well for small volumes
| conradev wrote:
| You can also use an MX backup service which will accept mail
| when your server is offline (and it will resend it when the
| server comes online)
|
| You can also even keep Gmail as your MX server! Just move
| messages off of it as soon as they arrive. It's just a
| mailbox, after all
| RunningDroid wrote:
| > You can also even keep Gmail as your MX server! Just move
| messages off of it as soon as they arrive. It's just a
| mailbox, after all
|
| Do you have more information about this?
|
| I've been looking to do something similar so that I can
| have my mail sorted into folders without setting up the
| same rules on multiple clients. (Gmail's sorting doesn't
| seem to support some of the sorting I'm currently doing in
| Thunderbird)
| iam-TJ wrote:
| I've been hosting and operating my own MTA MX with
| Postfix since 2005. I have Postfix set to use "MailDir"
| format storage (one file per email) and then use Procmail
| filters to direct emails into per-sender or per-topic
| specific folders when they arrive on the server - nothing
| needed to be done in the email client. Dovecot provides
| the IMAP4 client interface. Thunderbird connects via
| IMAP4.
|
| Each domain has its own user home directory so for each
| there is a /home/${domain_name}/Maildir/ directory as the
| base for storing emails, and each IMAP4 folder has an
| associated directory. Snippet: $ ls -1da
| Maildir/.Technology.FOSS.Projects.Linux*
| Maildir/.Technology.FOSS.Projects.Linux
| Maildir/.Technology.FOSS.Projects.LinuxContainers
| Maildir/.Technology.FOSS.Projects.Linux.drbd
| Maildir/.Technology.FOSS.Projects.Linux.kernel
| Maildir/.Technology.FOSS.Projects.Linux.linaro.dev
| Maildir/.Technology.FOSS.Projects.Linux.linux-i2c
| Maildir/.Technology.FOSS.Projects.Linux.linux-input
| Maildir/.Technology.FOSS.Projects.Linux.linux-pci
| Maildir/.Technology.FOSS.Projects.Linux.linux-usb
|
| Here's an extended snippet example from $HOME/.procmailrc
| that directs deliveries into the correct directory (IMAP4
| folder): :0H * ^List-id: .*linux-
| usb\.vger\.kernel\.org
| $HOME/Maildir/.Technology.FOSS.Projects.Linux.linux-usb/
| :0H * ^List-id: .*linux-wireless\.vger\.kernel\.org
| $HOME/Maildir/.Technology.FOSS.Projects.Linux.linux-
| wireless/ :0H * ^List-id:
| .*yaffs\.lists\.aleph1\.co\.uk
| $HOME/Maildir/.Technology.FOSS.Projects.Linux.yaffs/
| :0H * ^List-id: .*util-linux\.vger\.kernel\.org
| $HOME/Maildir/.Technology.FOSS.Projects.Linux.util-linux/
| ### LinuxContainers :0H * ^List-id: .*lxc-
| devel\.lists\.linuxcontainers\.org
| $HOME/Maildir/.Technology.FOSS.Projects.LinuxContainers/
| ### Linaro :0H * ^List-id:.*linaro-
| dev\.lists\.linaro\.org
| $HOME/Maildir/.Technology.FOSS.Projects.Linux.linaro.dev/
| :0H * ^List-id:.*linaro-kernel\.lists\.linaro\.org
| $HOME/Maildir/.Technology.FOSS.Projects.Linux.linaro.kern
| el/
| [deleted]
| intelVISA wrote:
| Yep SMTP relay is the only sane choice nowadays sadly.
| Sending your own mail is a losing battle against the email
| blacklist cartel.
| LinuxBender wrote:
| Adding to the happy medium is to teach your friends and
| family to use Thunderbird so they can easily GPG encrypt [1]
| their emails keeping the nosey email providers off the email
| body. Also teach them to use the IMAPS (TLS) endpoint for
| their mail provider, usually port 993. There are probably
| simpler how-to's with pictures, I just do not have any of
| them handy.
|
| [1] - https://support.mozilla.org/en-US/kb/openpgp-
| thunderbird-how...
| sneak wrote:
| Most of my friends and family don't own computers, only
| phones and sometimes tablets.
| m12k wrote:
| I'm sorry to say, that's nowhere near a medium stance or
| ask.
| LinuxBender wrote:
| It could be we have different circles of acquaintances. I
| have managed to get non technical friends to GPG encrypt
| their emails. I also talked 2 lawyers into using this and
| the two lawyers are not only non technical but have
| nearly zero patience.
| oynqr wrote:
| I guess a lawyer might know a thing or two about
| confidential messages.
| orev wrote:
| I think you'd be very surprised at how much lawyers don't
| know or care about any of that. They store stuff in the
| cloud without ever having heard of the Third Party
| Doctrine (which allows the US government warrantless
| access to those documents).
| JumpCrisscross wrote:
| > _store stuff in the cloud without ever having heard of
| the Third Party Doctrine (which allows the US government
| warrantless access to those documents)_
|
| Or because they know the third-party doctrine doesn't
| apply to attorney work product and privileged materials.
| pixl97 wrote:
| After doing work for lawyers for years, they really are
| the worst when it comes to understanding computers.
| [deleted]
| squarefoot wrote:
| Not all of them. I keep seeing lawyers sending photos of
| sensitive documents using their cellphone and Whatsapp
| (before encryption), and most of them don't even care
| about all those documents still residing on their
| cellphone, at the mercy of whoever steals it since all
| the security they have in place is that swipe thing that
| anyone with good eyes spots in 2 seconds straight.
| LinuxBender wrote:
| They do. Most of them use proprietary https web
| interfaces that usually have "secure email" or "secure
| messaging" in the description but they are just fancy web
| portals. I despise those systems. The content is not
| encrypted at rest and can be leaked. With OpenGPG the
| emails are only decrypted on the recipients end points
| and can be deleted by request.
| marvel_boy wrote:
| Apple supports encryption on Mail:
|
| https://support.apple.com/en-gb/guide/mail/mlhlp1180/mac
| [deleted]
| deltree7 wrote:
| ok, this is the text book definition of "out of touch"
| briandear wrote:
| Apple mail support GPG easily. No need to use Thunderbird.
| Avamander wrote:
| Can you please provide a few references to that claim?
| zikduruqe wrote:
| They might be talking about S/MIME.
|
| I use https://github.com/Free-GPGMail/Free-GPGMail which
| is a plugin for GNUPG, without the "support" plan.
| sbuk wrote:
| https://gpgtools.org
|
| GPG Mail is a paid for add-on, but it works and it works
| well.
| usefulcat wrote:
| Yeah, I've been doing exactly this for over 20 years. The only
| problem I can recall is related to the fact that the hosting
| provider uses a single SSL cert for the machine that hosts my
| domain (and many others, presumably), so of course the cert
| doesn't match my domain name. It's pretty easy to work around,
| and I only have to deal with it every few years when they do a
| hardware upgrade, which sometimes means moving my domain to a
| different machine.
| pretext-1 wrote:
| Certs for MX servers are supposed to have the MX as subject
| or SAN, not your email domain. It's important when the sender
| enforces encryption with a valid cert (e.g. MTA-STS, or
| config in the mail server, or many hosted solutions like
| Google Workspace also support enforcing this for selected or
| all domains).
|
| Example:
|
| example.com. MX aspmx.l.google.com.
|
| Cert should have aspmx.l.google.com as subject or SAN.
| kro wrote:
| The MX servers cert in my experience does not need to include
| your email domain name .
| usefulcat wrote:
| I believe you're correct. I should clarify that the SSL
| cert problems I have are only related to my client
| connecting to the server to send or receive messages.
| skywal_l wrote:
| I am ashamed to admit that I have no idea how email works. Is
| there a dumb down explanation of what are the moving parts and
| how you can achieve that sweet spot?
| nvahalik wrote:
| You send your email through a client. That client then sends
| (transfers / SMTPs) that email through an MTA either bundled
| with it or provided by your mail server.
|
| The MTA parses the message, figures out who it needs to go to
| (To, CC, BCC headers), figures out what servers receives mail
| for those recipients, and then transfers (SMTPs) it to the
| server.
|
| What OP is referring to is that the MTA essentially does a
| DNS lookup for the recipients domain for a record of type MX
| (Mail eXchanger).
|
| If you own the domain you have complete control over where
| that mail goes: you own the MX record.
| jeffbee wrote:
| There is no such thing as a BCC header. That's the entire
| point of the BCC.
|
| What you've described might be correct in some cases but is
| not universal. The mainstream way that messages are sent is
| your "email client" or MUA speaks the ESTMP protocol to a
| mail transfer or submission agent (MTA or MSA). The client
| directly specifies the envelope recipients, which are not,
| generally speaking, parsed out of the formatted message.
| That is why it is possible for me to send a message to
| myself but the message is subsequently delivered to
| hundreds of unnamed recipients.
| megous wrote:
| > The MTA parses the message...
|
| That may happen, but not for the purpose you stated. MTA
| just uses addresses you told it to use in the SMTP dialog.
| It doesn't use addresses from the message. In fact the
| addresses in the message may be totally different.
| delecti wrote:
| Typically, if you sign up for an email account, you get an
| email address like skywal@gmail.com or skywal@yahoo.com.
| Alternatively, if you own/host skywal.com, you can have an
| email address like skywal@skywal.com served from a computer
| in your home.
|
| The "sweet spot" is combining the two, where you own
| skywal.com, and have your email send/receive through Google
| or whoever. Then, if Google decides to ban you, you just
| register skywal.com with another company who provides that
| same service, and you keep your same email address.
|
| That's the broad strokes anyway.
| patmorgan23 wrote:
| Email is complicated but the jist is there are relays and
| mailbox/mail-exchanger servers (and email clients). And a
| million different anti-spam measures that make making sure
| people actually get you email difficult.
|
| When you send an email you mail client contacts you mail-
| exchanger (MX) and drops the mail in your outbox. Then the MX
| will look up the MX record for the domains in the TO field
| and attempt to send the email to it using SMTP.
|
| The first thing receiving server ussally does and look up the
| IP of the sending server and see if it's on a spam black
| list. If it is it will probably just drop the connection.
| Then it will look up the SPF record for the domain in the
| FROM address and see if the sending server is allowed to send
| that mail.
|
| Larger email services will have an internal 'reputation'
| scoring system that will use data from reported spam to
| figure out what IP's and domains are sending spam emails and
| filter them out. They'll also look at if it's a residential
| IP, in an IP pool for a major cloud provider etc. Each
| provider has a different system and it can be really
| difficult to get a provider to trust your IP or whitelist
| your IP so you can make sure that your mail actually gets to
| who you're trying to send it to.
|
| Relays are pretty simple they'll take email from one place
| and send it to the recipient. The mail exchanger usually has
| a built-in relay. A lot of people will use a third party
| relay service so they don't have to worry about managing the
| reputation of the IP of their sending mail server. They'll
| just add an SPF record for the relays service to their
| domain. And then configure their mail exchanger to send all
| outbound mail to the relay and then the relay will do the MX
| lookup.
|
| A lot of mail services will also have their MX records
| pointed at relays. These inbound relays will often have a lot
| of those anti-spam services bolted onto them and they can
| also be used for load balancing to make sure that the service
| is always able to accept mail even if it doesn't make it in
| the mailbox immediately.
| zahllos wrote:
| I can type out an explanation relatively easily.
|
| Let's imagine I'm sending from user@zahllos.example to
| user@skywall.example. I'm doing it from say Thunderbird or
| Outlook, and you're using the same.
|
| I need to send, and to do this I typically use an SMTP
| server. This is something configured, probably on
| zahllos.example, maybe with the domain smtp.zahllos.example.
| My mail client contacts this and 'logs in' with my details,
| then transmits the email message I want to send to this
| server. The server says 'right fine' and closes the
| connection.
|
| At this point, the message is in a mail queue ready to go.
| The SMTP server then does a DNS request for the MX record of
| skywall.example. Let's say this is 'mail.skywall.example'. My
| server, smtp.zahllos.example, then connects to
| `mail.skywall.example', also speaking SMTP, and says "hey, I
| have this message to deliver".
|
| It is at this point that mail.skywall.example can decide to
| do some things. It might check SPF, so it will query the SPF
| record of zahllos.example to find the list of servers that
| may send email for that domain. In this example, let's assume
| smtp.zahllos.example is in the list. Great.
|
| It may then also check the mail headers for a signature,
| called a dkim signature. My server signed the message before
| sending; mail.skywall.example can query
| <uid>._domainkey.zahllos.example and find a public key (or
| not) and check that this signature matches (or not). Again,
| let's assume it matches.
|
| It might also check something like TXT _dmarc.zahllos.example
| to see what my DMARC policies are. If I have something like v
| =DMARC1;p=reject;sp=reject;pct=100;ri=86400;fo=1;aspf=s;adkim
| =s;rua=mailto:postmaster@zahllos.example;ruf=mailto:postmaste
| r@zahllos.example;" this tells you I'd like you to outright
| reject anything not matching policy, that I expect everything
| to match SPF and have DNS signatures, and you can send
| reports if you support that to postmaster@zahllos.example.
| Your server can then enforce these checks as it likes.
|
| One of the first things that will happen is that my server
| will announce itself via an EHLO statement. An obvious check
| to do is to check that the sending IP actually matches
| smtp.zahllos.example. by querying 'reverse ptr' records.
|
| Your receiving server will also likely hand the message over
| to various spam-checking tools for analysis, such as against
| DNS blocklists and so on. Larger providers likely have much
| more sophisticated infrastructure here. Ultimately, you're
| going to do one of a few things: 1) deliver to inbox or apply
| user-specified rules and deliver to a folder; 2) deliver to
| junk (which is typically just another folder, but treated
| specially by clients), 3) reject, and tell
| smtp.zahllos.example you don't want the email.
|
| Once the email passes through the smtp dameon, assuming
| either 1 or 2, it then gets stored somehow and in some way.
| I'm being a little bit vague here, because 'it depends', but
| in the simplest scenario, the smtp daemon will write the
| message to an mbox or maildir-style format. More complex
| setups definitely exist, indeed, there can be multiple layers
| of servers doing analysis on separate machines, but for
| simplicity, mail.skywall.example is one VM that makes its
| decisions and the result ends up in /var/mail/user@domain/ or
| some such.
|
| A key aspect of this step that makes email very nice is that
| if smtp.zahllos.example cannot, for some reason, reach your
| server now it will queue the message and try again at set
| intervals. You can reasonably safely turn off
| mail.skywall.example for a couple of hours.
|
| Another aspect is that you can have multiple MX records where
| you are prepared to accept email, with priorities. So if you
| can't accept at one address because the server is down for
| maintenance, another will accept.
|
| So, now you've technically got an email, but you don't know
| it. So you open thunderoutlook, and you connect to an IMAP
| server imap.skywall.example - in our example let us assume
| this is really the same thing as mail.skywall.example. The
| server checks you are really you with your credentials. At
| the backend, this is just another daemon that knows to read
| /var/mail/... and find new messages; it finds one, downloads
| its headers and displays it on your screen.
|
| Since we're in a slightly more modern world now, in the case
| your client was already open you might have an "idle"
| connection with the server at all times, in which case it can
| push the message down to you.
|
| In the case of webmail, it is really all the same thing,
| except you point your browser at a webpage, and that webpage
| communicates with the servers instead of your client
| communicating directly. Open source webmail might even use
| IMAP underneath; things like Zimbra use their own java mail
| agent, while Google is entirely custom.
|
| That might seem complicated, but in the end it isn't: between
| two domains at the 'edge', in the end, there's an SMTP
| conversation. One sending server tells a receiving server it
| has mail for delivery, and it finds that server by asking DNS
| where it is. The receiving server may do a bunch of checks
| against DNS also before making a decision on what to do with
| the email.
| skywal_l wrote:
| So in the example of the parent, he's got a domain name
| registered somewhere (mydomain.com) and he set, in its MX
| records, the gmail server. But how does gmail make the
| connection between that address and your gmail address
| then?
| zahllos wrote:
| So normally in the cases like this, you also have to tell
| Google about this, and you typically do this by using one
| of their paid-for products like workspaces or apps for
| business or whatever they call it. So let's say that you
| decide to host skywall@skywall.example with Google. You
| pay them for workspaces and you likely tell them "I would
| like to use this domain I already have, with email". They
| then tell you "OK, add our servers as your MX record in
| your DNS, or transfer the whole domain to us and we'll do
| it for you". In this case we're doing the 'changing the
| MX records' part.
|
| Now when a sending server asks "where should I deliver
| skywall.example email" by querying MX skywall.example it
| gets google's servers and starts an smtp conversation
| with them, saying "I'd like to deliver a message for
| skywall@skywall.example". At this point, Google knows it
| can accept that, so they say yes, and then continue doing
| whatever they do to check for spam beyond that, including
| queries for spf and friends.
|
| The reason the parent suggests this is that if at any
| point you decide to move off Google, you can pay someone
| else, e.g. fastmail, for their services, and modify your
| MX record. 24-48 hours later, DNS around the world
| catches up and everyone will get fastmail as a response
| when they ask for your MX record. Any new email goes
| there instead of Google, and thus you aren't 'tied' to
| the provider: you just have to move all your old email
| over. Whereas Google cannot let you move a user@gmail.com
| address, because they can only change the MX records for
| the whole of gmail.
|
| DNS is the source of truth here. Whatever your MX records
| are is where other servers will try to contact to send
| email. The MX record is typically just another DNS
| address that will be queried for AAAA/A (i.e. what is the
| IP), and that doesn't need to be on the same domain at
| all.
|
| Here's an example of what it looks like:
| delv MX ycombinator.com @9.9.9.9 ; unsigned
| answer ycombinator.com. 295 IN MX
| 20 alt2.aspmx.l.google.com. ycombinator.com.
| 295 IN MX 10 aspmx.l.google.com.
| ycombinator.com. 295 IN MX 20
| alt1.aspmx.l.google.com. ycombinator.com.
| 295 IN MX 30 aspmx4.googlemail.com.
|
| This is me using DELV to ask "where should I send email
| for ycombinator.com?" and I have four responses. Column 5
| tells me the priority. Lower numbers are higher priority.
| Unsurprisingly, this is Google. But let's see where they
| host their DNS, shall we? delv NS
| ycombinator.com @9.9.9.9 ycombinator.com.
| 159148 IN NS ns-225.awsdns-28.com.
| ycombinator.com. 159148 IN NS
| ns-1914.awsdns-47.co.uk. ycombinator.com.
| 159148 IN NS ns-1411.awsdns-48.org.
| ycombinator.com. 159148 IN NS
| ns-556.awsdns-05.net.
|
| So AWS. So they have separate DNS to Email, and could
| change those MX records to host their email anywhere
| else, without needing to change or move ycombinator.com's
| DNS from AWS.
|
| I'll cover off the SMTP outgoing as well while I'm at it.
| You _can_ also not run your own outgoing smtp server but
| use someone else's. The key here is that if you use SPF
| and DKIM, you should put their IPs into SPF and their
| keys into DKIM, as that is what the receiving server will
| use. So smtp.zahllos.example could be replaced by
| sendgrid, provided in my DNS I say so. This may work
| better, as sendgrid may have a better reputation than the
| server I chose.
| nullc wrote:
| > The sweet spot for having
|
| no forth amendment protection for your email because its stored
| by a third party.
| MichaelVangard wrote:
| Most emails are still going through servers owned by
| Microsoft or Google, so what does self-hosting email
| accomplish in reality? Some government entity likely has
| warrant-less access to most of your emails regardless. I like
| email as a way to communicate, but speaking pragmatically,
| it's just not a secure means of communication in 2022.
| ilovecaching wrote:
| This is what I do. The downside is that a lot of email
| providers make it really difficult to set up 3rd party clients
| outside of their own clients. I've struggled to get mutt to
| work with a lot of email providers because they use their own
| auth mechanisms.
| colordrops wrote:
| I'm pretty happy using protonmail bridge with local clients.
| It does take some effort to setup though.
| WheelsAtLarge wrote:
| "The sweet spot for having control over your email while
| simultaneously minimizing unforseen headaches is to simply own
| your domain name"
|
| You would think. The issue no one seems to think about is that
| you need to make sure to pay for the domain for the duration of
| your life(at least). Otherwise, as soon as you lose your domain
| you lose ownership of your email. Any one that has control of
| the domain has control of your e-mail.
|
| This dawned on me after a place I worked at reactivated the
| email I used for work when I worked there. It has my name but I
| have 0 control over it. Lucky for me I never used the email for
| things other than work so it's not a big deal. It is still
| bothersome that they can do that and I have no say so on its
| use.
| lisper wrote:
| > The issue no one seems to think about is that you need to
| make sure to pay for the domain for the duration of your life
|
| But that's true for any delivery endpoint in any medium,
| including physical mail and phone numbers.
|
| It's pretty easy to set up auto-pay for domain names so that
| all you really need to do is keep the billing info up to
| date. After that it all runs on autopilot.
| Aeolun wrote:
| Unless your registry messes up and forgets to renew your
| domain. It's happened to me before (don't use them anymore
| though).
| vereis wrote:
| You can always use a different email address to manage the
| domain if that's the issue?
| tsimionescu wrote:
| I would imagine the issue is someone else buying the
| domain, and subsequently receiving any email meant for you
| (such as a password reset request).
| matheweis wrote:
| > The issue no one seems to think about is that you need to
| make sure to pay for the domain for the duration of your life
|
| Is there a registrar that will allow you to do this? Most of
| the ones I've looked at have an upper limit of around 15
| years or so
| WheelsAtLarge wrote:
| You don't have to do it all in one shot but you should make
| sure it gets paid so you don't lose access.
| [deleted]
| DrudgeCorporate wrote:
| While this is true I don't see it as a huge deal. Treat it
| like any other annual bill (e.g Insurance, property taxes)
| and you will be fine.
| colordrops wrote:
| I agree with this assessment, and it's what I do. There is
| still the single point of failure of losing your domain due to
| a hostile registrar or mismanagement e.g. allowing registration
| to lapse.
|
| Ideally there would be some a decentralized permanent domain
| registry keyed on certs (I know these exist but have not been
| adopted), or at least a fallback domain you could configure
| somehow in case you lost control of your main domain.
| [deleted]
| npteljes wrote:
| I agree with the pains, but the options are not juts Big Tech or
| self-hosting. There's a myriad of not-big-tech email providers
| out there, for example there's Posteo, who use open source
| software and green energy. They are going strong for 13 years now
| with 400+k accounts.
|
| https://en.wikipedia.org/wiki/Posteo
| jrm4 wrote:
| This isn't actually that hard to fix, it's just that for whatever
| reason, we seem to frequently have this blindspot that we don't
| seem to have in other industries.
|
| Namely that "do it yourself at home" and "massive oligopolist"
| aren't the only two options. It's like saying "You can only have
| hamburgers two ways, cook them yourself or McDonalds."
|
| I do the third and it's been great. I let my paid webhost handle
| it. (hostdime if you're interested, but I'm sure others do it
| well also)
| colinsane wrote:
| > like saying "You can only have hamburgers two ways, cook them
| yourself or McDonalds."
|
| and your comment seems to be saying it's OK if we lose the
| ability to cook hamburgers at home, because there are other
| (more ethical) restaurants that aren't McDonalds. am i
| misunderstanding?
| jrm4 wrote:
| No. To beat up the metaphor, I'm saying if we support the
| restaurants that aren't McDonalds and that are more "mom and
| pop" (and get others on board) then we can beat McDonalds or
| at least live in harmony with them.
| Avamander wrote:
| The metaphor is kinda good. It's okay for people to refuse
| your home-cooked burgers because they don't trust them to be
| safe. There are actual small food vendors that comply with
| sanitation rules and you can have them provide catering
| services, professionally. And that is okay.
| nathias wrote:
| we shold come up with a more universal approach to tackle spam
| fnordpiglet wrote:
| What the author doesn't mention is he uses his email to discuss
| his penis enlargement company with his friend, a Nigerian prince.
| jacooper wrote:
| I know the pain and the annoyances of hosting Email.
|
| But still, I won't switch to big providers, I use Proton Mail
| personally, and Postale.io for many projects.
|
| There is also mailbox.org and many others, you have a choice to
| not use the big providers, it totally possible.
| tony-allan wrote:
| "Newsletters from my alumni organization go to spam. Medical
| appointments from my doctor who has a self-hosted server with a
| patient intranet go to spam. Important withdrawal alerts from my
| bank go to spam. Purchase receipts from e-commerces go to spam.
| Email notifications to users of my company's SaaS go to spam."
|
| Are you talking here about incoming emails? I expected that these
| would be reliably delivered to you and that the problem is only
| with emails you send to the large providers?
| rkagerer wrote:
| For those who are still self-hosting, what tools & services do
| you use and find useful?
| electric_mayhem wrote:
| The fix here is use a commercial provider for outbound smtp but
| continue to self-host inbound.
|
| Not ideal, but it works.
| gingerlime wrote:
| what do you use for outbound SMTP? do you need to
| add/authenticate each domain or from address with it? (I host
| several domains and mailboxes)
| johnklos wrote:
| Actually, smarthosting is precisely ideal for deliverability
| problems, particularly with IP reputation that can't be fixed.
| jokethrowaway wrote:
| Sending emails with dkim + sfp and I never had big problems with
| reachability and a postfix server on Digital Ocean.
|
| I haven't done it since last year though. Has something gone
| terribly wrong?
|
| I remember debugging issues with email sent via aws ses to
| Hotmail addresses at $dailyJob but I can't think of a single
| Microsoft product that works well (windows, teams, azure, now
| even GitHub is starting to work every other day) so it doesn't
| surprise me.
| armchairhacker wrote:
| I support the author but let me tell you a counterargument I
| don't think he devotes enough to:
|
| Spam is a real issue.
|
| The amount of spam emails which get sent are absurd and likely
| _orders of magnitude more than non-spam_. And spammers do a lot
| to mimic real emails, including just hacking legitimate addresses
| and adding them to botnets.
|
| Even on gmail, I still get spam sent to my inbox. Fortunately
| very rarely, but it still happens.
|
| And even if it isn't bad today, spam has the potential to be much
| worse in the future with transformer networks and hostile state
| actors.
|
| And even if it really isn't that bad and never will be, the big
| companies and those arguing against self-hosting will claim it
| is. They don't want to allow a relative few self-hosted email
| servers in exchange for much more difficult and less effective
| spam detection. Forget Gmail and Outlook, why not just use
| Fastmail or Protonmail?
|
| If you want a legitimate argument for self-hosted emails you
| _need_ to address the spam. It may be as simple as registering
| your official email with some organization sponsored by open-
| source, and all the big companies can trust that one
| organization. Then the org has to deal with spam registrations
| but maybe there won't be much and it will work out. idk much
| about self-hosting so this org might already exist.
|
| But this article doesn't mention that org, in fact doesn't say
| much at all about spam besides "keep existing spam-prevention
| because it already works". But you should at least explain why.
| Because spam is a legitimate argument for big-co forming an
| oligarchy that's not just "so they can make more money", and it's
| the main argument that big-co uses.
| pas wrote:
| email spam is not a real issue. big uncooperative gigacorps
| fucking it up for everyone is.
|
| responsibility for spam (and other kinds of abuse) can be
| delegated via simple reputation scoring for netblocks, sender
| authentication and a proper feedback mechanism along the chain.
|
| when the user clicks "spam" gmail already uses that to train
| their fancy AI and _if_ you are not a small nobody, then they
| already alert you that ooops you sent something spammy via a
| feedback loop [1]. (see also how Mailchimp proudly claims they
| work with big integration partners like gmail ...
| https://mailchimp.com/help/how-mailchimp-prevents-and-handle...
| )
|
| whitelist clearinghouses exist [2] but they are not terribly
| useful, because there's most of the signal to use for
| reputation is hidden :/
|
| [1] https://en.wikipedia.org/wiki/Feedback_loop_(email) [2]
| https://www.dnswl.org/
| armchairhacker wrote:
| > responsibility for spam (and other kinds of abuse) can be
| delegated via simple reputation scoring for netblocks, sender
| authentication and a proper feedback mechanism along the
| chain.
|
| Are there any real-world examples of this? I know other
| decentralized networks like Tor and BitTorrent have some sort
| of reputation and feedback system. What type of "spam" do
| they deal with and how well do they deal with it? Are there
| any systems more similar to mail with mechanisms to prevent
| spam?
|
| Spam is a serious issue, not just in email, not just in
| decentralized systems - it's one of the main issues in
| technology today. If there's a solution, even a proof-of-
| concept in a smaller system would be great
| Avamander wrote:
| Very well-put.
|
| > And even if it isn't bad today, spam has the potential to be
| much worse in the future with transformer networks and hostile
| state actors.
|
| > Even on gmail, I still get spam sent to my inbox. Fortunately
| very rarely, but it still happens.
|
| It is as good as it is _exactly_ because of the requirements
| author finds tedious.
|
| > It may be as simple as registering your official email with
| some organization sponsored by open-source, and all the big
| companies can trust that one organization. Then the org has to
| deal with spam registrations but maybe there won't be much and
| it will work out. idk much about self-hosting so this org might
| already exist.
|
| They do exist but there are a bunch of problems with that.
| People have varying definitions of spam, getting paid to
| whitelist someone creates a perverse incentive or not getting
| paid will quickly overwhelm the organisation.
|
| Things could be better if we could enforce sender
| authentication (SPF/DKIM). It would assign a direct cost to
| getting your domain blacklisted. But if nobody is taking away
| rest of the spammer's domains (or keeps selling them new ones),
| they'll continue.
| KennyBlanken wrote:
| Spam is an issue, but it's not the one that impacts me the
| most. I rarely get true 'spam' in my inbox.
|
| What impacts me the most is a never-ending problem with Gmail
| classifying messages as spam that were actually important to
| me. Time sensitive announcements of meetings or events, for
| example. Many are coming from senders I've been receiving email
| from for years.
|
| Gmail is convinced that almost every technical-related email
| mailing list I'm on is a spam source, despite my _constantly_
| going into my spam folder and telling it dozens of messages
| from those mailing lists are not actually spam.
|
| Meanwhile, what I do get is a barrage of promotional emails -
| what I consider very much to be spam - from corporations that
| at some point have had my email address and now email me
| multiple times a week. Those sail right past the spam filter
| into my "promotions" folder and accumulate...
| xeno42 wrote:
| I've been hosting my email on my own server since the 90s, but
| got tired of dealing with keeping up with spam filters. Updated
| the MX to deliver inbound to mailroute.net and have them do the
| filtering before forwarding to my server and that's been working
| great for years. Not free, but not expensive and still gives me
| 99% of the control i want with very good spam filtering too.
|
| Outbound mail is relayed via mailroute too, which solves the
| tainted IP delivery problem.
| bob1029 wrote:
| Proper, artisanal self-hosting of email can still be viable
| depending on your expectations and tolerance levels for random
| issues.
|
| These days, I operate with the medium-temperature bowl of
| porridge: AWS WorkMail with custom domains & users. My use case
| is basically "Replace gmail for personal email". I don't have a
| lot of patience for running an actual email server, so this is
| about as custom as I can get.
|
| Running a custom email domain can have other practical
| implications, such as having to carefully re-iterate spelling
| when mentioning your email address over the phone to a customer
| support agent. With a gmail or hotmail account, virtually
| everyone can type that hostname in without thinking about it.
| This concern is moderated by being able to select a username with
| fewer than 5 characters, rather than your full legal name
| appended with your date of birth.
| pif wrote:
| Part of the problem is that the wrong people are complaining.
|
| Using Google as an example, the author has no right to push
| anything to a gmail inbox. Google has no contract with the author
| to accept mail from him.
|
| What Google is doing, it's failing _its_ customers, the people
| who signed on gmail to have an address where other people could
| send data to.
|
| And now those people are not receiving everything they could, but
| it's only up to them to decide whether this is actually a problem
| and whether it's serious enough to contact gmail support.
|
| I do understand the point and the spirit of the author, but he is
| actually conflating the freedom of speech with the right to be
| listened to.
| peter_retief wrote:
| I tried to host a home email server a few times and it was a pain
| to say the least. Finally I created a droplet on Digital Ocean
| and used Mail in a Box https://mailinabox.email/ with a glue
| record to act as a name server. So far so good
| rkwasny wrote:
| After 19+ years of hosting my own email - It's worth it!
|
| Imagine someone revokes your access or deletes all your emails
| because of an error, at the scale of gmail or outlook.com it just
| happens.
|
| For spam there is one solution:
|
| - implement greylisting. It just solves the problem.
| Fuzzeh wrote:
| ..or imagine if google just shuts down your account. Gives you
| no reason and suddenly stuff on your phone, your email and all
| those related services stop.
|
| The issue with greylisting happens when you receive a lot of
| email from Google or Outlook servers. Different one each time,
| unless you're whitelisting them all - which defeats the
| purpose.
| lxchase wrote:
| Reminds me of this fun story:
|
| A person at a company mistakenly created an email list segment
| (or lack thereof) resulting in an email to the entire email list
| of hundred of thousands of emails. This combined with inexistent
| (we were a naive startup without an email specialist role) list
| hygiene practices meant we were blacklisted by Gmail after some
| time.
|
| Took a year to get a hold of someone on Gmail's spam team. We
| found out were on 4+ Gmail blocklists, some of which were ML-
| based. We couldn't do anything to remove ourselves after we fixed
| the issues. A $1-2 million revenue channel dried up because we
| couldn't get out of the Gmail blackhole (short of rebranding
| completely, rewriting content, and using a different ESP). Fun
| times.
| zzo38computer wrote:
| I run my own email server for receiving, but use the ISP's server
| for sending (and setting up Exim on Ubuntu provides such an
| option at installation time). I have no problem.
| yonrg wrote:
| I'll keep going with my private server (on a vps). I just moved
| it to another hoster, meaning new IP block. This caused blocking
| issues: Some but not all gmail address delivered to the spam
| folder. Another big mail provider asked me to set up a web page
| with contact info on the same domain I use for mail. And another
| self hosted mail server from a public service agency had me on
| block list.
|
| This caused me some headaches and I was thinking this could be
| the end and I have to use one of the big players. But I did not
| give up, invested time and it works now again!
| f1recat wrote:
| Same here, I've been hosting my email since 2007 and gave up in
| the beginning of this year, mostly due to constant delivery
| issues with microsoft infrastructure, which can be mitigated for
| a couple of months before coming back again
| cerol wrote:
| Totally unrelated. But this guy has an amazing OS-from-scratch
| tutorial [0].
|
| [0] https://github.com/cfenollosa/os-tutorial
| almog wrote:
| > The industry should fix email interoperability before
| politicians do. We will all win.
|
| Not sure if by "politicians" he means legislators, but given very
| few players that control today's email deliverability, while
| doing very little to provide observability (=feeback loop) to the
| users who needs it most (that is users who cannot afford to build
| an expensive pipeline that optimize deliverability), given all
| that, I think regulation around distributed protocols
| observability/fairness is not unlike AI explainability
| regulation, only I expect that with mail it shouldn't be as hard
| to implement.
| Ferret7446 wrote:
| Maybe the approach is all wrong? Maybe we should be educating
| users to scan their spam folder regularly because spam filters
| will never be perfect. Then it will not be as big an issue if
| self-hosted email gets marked as spam, and the users of providers
| like Gmail can complain and push for filter improvements.
| martin_a wrote:
| I've been self-hosting my mail for 17 or 18 years now, by
| purchasing just some managed webhosting package from somebody who
| cares about their services not being used for shady stuff (any
| reputable managed hosting provider) and I think I've never "lost"
| an outgoing mail for personal use.
|
| I don't understand what the author thinks it's so hard here and
| why he's painting it so black and white. There's lots of more to
| "my own e-mail" than choosing between some old notebook running
| and collecting dust in your garage and using GMail.
|
| Some people just want to find a hair in the soup.
| AlbertCory wrote:
| I managed 3+Mail at 3Com 35 years ago, and in fact, it gets its
| own subplot in The Big Bucks (https://www.albertcory.io/the-big-
| bucks), back when email was brand-new (well, for most people).
|
| However, nowadays I'm bored with stuff like this. PITA. So I
| totally sympathize with the author.
| gwnywg wrote:
| I host my mail for around 12 years so only half as long as the
| author of the article, I faced the same problem- that my emails
| land in spam for some people. In most cases it's those people who
| care to receive my email and I always tell them it's their
| provider who is at wrong and that they should switch. We have
| some laugh together, exchange some jokes and continue with our
| lives. I'm one of not many who love postfix and dovecot enough to
| use it to self host, but I'm fine with that, I won't throw towel
| and will continue to run my email, hopefully I'll be lucky enough
| to run it for next 12 years :) Peace everyone :)
| capdeck wrote:
| My fear is that something similar will slowly happen to
| everything "compute". How long before my bank's website won't let
| me login if I don't use a computer with secure boot and a browser
| installed from an app store? McDonalds app on Android won't run
| on a de-googled or rooted device... At this point one may argue
| that there will always be computers that you can compile and
| install your own Linux. Yes, that is true. But just like I am not
| likely to have un-googled andorid for some apps and googled one
| for others, the same way it won't be practical to have one
| computer for some apps and the other one for others. And the one
| that will win will be the one that lets you login into your bank
| account, for simple and practical reasons.
| throwawaygram wrote:
| It's ironic, 23 years for me too and my towel is not thrown in at
| all.
| cush wrote:
| Big email companies were never threatened by self-host. Spammers
| ruined it, not big email companies. Spam is an incredibly
| difficult problem to solve.
| yonixw wrote:
| > ... [They use] spam as a scapegoat to nerf deliverability and
| stifle competition.
|
| Disagree. It was a way too open protocol to begin with. From a
| time of innocence best suited for places with inherit trust like
| inside a business. And it's not just spam. Phishing is also a
| huge issue.
|
| As much as I want to sympathise, Email for the big WWW is
| unsalvageable IMO. Too many bad actors are out there.
|
| > [Solution:...] * There should be a recourse for legitimate
| servers
|
| This is the same Big tech story. They want to cut cost, you want
| a human touch. You can see similar stories here in HN every week.
| Which is why I think it will never happen.
| SQueeeeeL wrote:
| > This is the same Big tech story. They want to cut cost, you
| want a human touch. You can see a similar story here in HN
| every week.
|
| Dang, sounds like our monopolized tech dystopia is probably
| inevitable. If only there was some state level mechanism to
| help balance the interests of industries maximizing profits and
| those of users who need a robust system which doesn't harm
| them.
| yonixw wrote:
| A previous thread (5m old) here showed it is not that cut and
| dry, a good read:
| https://news.ycombinator.com/item?id=30788681
| SQueeeeeL wrote:
| There is a really great bit from Robert Reich (labor admin
| from the Clinton years) about how if you're business would
| collapse if you need to pay people more than minimum wage,
| you shouldn't be in business.
|
| If your business suddenly fails as soon as you need to...
| _support_ your customers, then you probably shouldn 't be
| in business and only exist as a fluke in the current
| economic model.
| bArray wrote:
| I know of some small servers that get a lot of spam and hacking
| attempts, and their most effective tool against abuse is an IPv4
| block ban. Increasingly this became more and more difficult, and
| I assume email servers are at the same point. Thanks to VPNs,
| people appear to be able to spawn insane numbers of random IPs.
|
| One solution this decentralized server system came up with is the
| concept of accounts that have some barrier to entry to create
| (which involves a delay and proving identity). This account has a
| private key and it uses this to access the servers through any
| IP. Abuse on this account and any connected accounts of course
| leads to the key being temporarily revoked. Lots of positive
| interactions with well established accounts increases your
| credibility. Lots of reports decreases you credibility.
|
| If you have been sending credible emails with multiple hosts for
| 10 years, even if you did get flagged, you would be given the
| benefit of the doubt. Hell, it should be easy to email the host
| and give them the headers and the reason why the email was
| flagged.
|
| About the email space now being owned by big tech, it could
| simply be time for a boycott until they improve their practices.
| There is far too much centralization on the web now, and we all
| contribute to it every time we use an external service rather
| than host our own.
| Avamander wrote:
| > One solution this decentralized server system came up with is
| the concept of accounts that have some barrier to entry to
| create (which involves a delay and proving identity). This
| account has a private key and it uses this to access the
| servers through any IP. Abuse on this account and any connected
| accounts of course leads to the key being temporarily revoked.
| Lots of positive interactions with well established accounts
| increases your credibility. Lots of reports decreases you
| credibility.
|
| That's essentially DKIM being fed into your average domain
| reputation system.
| jbreckmckye wrote:
| Is email itself broken? What could replace it, that isn't a
| "platform" like WhatsApp?
| sylware wrote:
| Wrote my smtp server 5 years ago. Still running.
|
| BTW, did you know the smtp protocol works without DNS?
|
| You just need to puth the ipv4 between brackets
| @[xxx.xxx.xxx.xxx] and for ipv6 @[ipv6:...].
|
| spam? simplicity and freedom has a price (personnaly, I have have
| very, very little spam since I am self-hosted), and don't think
| corpos won't try to force you to use their servers one way or
| another... Whose coding the virus? It is sane to presume it is
| the seller of anti-virus software...
| alyandon wrote:
| I'd like to consider migrating from my self-hosted solution but
| it seems like all major email providers want $ per month per
| user|mailbox. Are there any providers out there that charge a
| reasonable fixed amount for say 50 mailboxes?
| Daegalus wrote:
| I gave up self-hosting ages ago. For a while I even used the old
| Google for Families grandfathred in setup. That also went the way
| of the dodo a few years ago for me.
|
| I signed up for ImprovMX, setup my domains there, and just route
| my emails to whatever service I want. I use a random gmail
| account that I use for my login and Google services, but the
| email itself is never exposed anywhere, I only give out the
| custom domain one.
|
| ImproveMX handles routing for my whole family. My mom uses
| Outlook, and it routes there for her. If google, microsoft, or
| whatever give me trouble or ban me, I just quickly switch the
| email and nothing lost.
|
| If you pay for their service, since they have a super generous
| free tier, you also get SMTP servers to use as outbound, which
| lets me send emails through them and not have the `on behalf of`
| email thing. Also they do all the work to make sure their IPs
| aren't blocked and in good standing with MS, Google, etc.
| gist wrote:
| There is even a much larger problem here other than not being
| able to self-host your own email. The issue is that large
| providers and large companies have no accountability. No way to
| ever have a conversation with an actual person (email or by
| phone) to resolve a simple problem or mistake in an algorithm or
| automated process (or even a manual process if that's what it
| is). Canned replies not reply to follow up question not a care in
| the world or a conscience. And the fact that the service is free
| (to someone) does not mean a company should be able to so easily
| do what they want and cause aggravation to others.
|
| And it happens even with paid services at large companies.
|
| That is not 'just business' and has never been the way business
| operated pre-internet except in a few super rare (and perhaps
| rare monopoly) situations.
| zh3 wrote:
| Hosting an email server on a consumer IP does seem to a losing
| proposition,
|
| Hosting an email server on a cheap (reputable) cloud server and
| doing the basics (PTR records, SPF etc) still works well.
| jacobsenscott wrote:
| How do you know? SMTP wasn't designed for reliable delivery.
| You don't know if your emails are being received, and even i
| they are, you don't know if they'll be received tomorrow.
| johannes1234321 wrote:
| You can know from getting responses and sending test mails to
| different mailboxes.
|
| Doesn't give full certainty, but can be well enough. (If all
| my recipients respond I don't care about the ones I don't
| send to anyways)
| 3434111 wrote:
| johnklos wrote:
| If you're not getting bounces, then the receiving email
| servers are not RFC-compliant.
|
| If you're really that worried about it, smarthost.
| zh3 wrote:
| Statistically. I communicate with a lot of people via email,
| and if I don't get an expected response to something of
| consequence I follow up - it's far more common the recipient
| simply missed it/didn't get around to it than it is to get "I
| never got it/I found it in my spam folder".
| gingerlime wrote:
| Sending email out is a royal pain. Trying to deal with a
| Microsoft ban on my IP even though it's sparkling clean for
| several years. DKIM, DMARC, SPF etc all ser up, reverse dns, you
| name it. Looks like Linode is being blocked as a whole pretty
| much?
|
| Hate the level of centralization, particularly since there's
| still a shit ton of spam still around. Sorry for the rant.
|
| https://docs.microsoft.com/en-us/answers/questions/674558/55...
| tsukikage wrote:
| I've been running a private mailserver for myself and a couple
| of friends since 2002. I hit a similar issue with Microsoft
| last year.
|
| I route outgoing mail to hotmail.com, live.com, outlook.com and
| msn.com domains via email-smtp.us-east-2.amazonaws.com. I
| started doing this when I noticed a large portion of e-commerce
| email I was receiving originated from amazon vms and they
| clearly had no deliverability issues.
|
| The ability to do this is a paid-for service, and needs to be
| configured appropriately. I was expecting to have to pay for a
| VM when I set out to do this. However, it turns out you do not
| need that - you can just configure the SMTP forwarding without
| needing to purchase any other products, and the cost for this
| is a few cents per 10k emails, which I can see would be
| significant for commercial services and/or spammers, but for a
| private mail server essentially means I will never have to pay.
| Amazon go to great pains to maintain deliverability for those
| servers, so you don't have to.
|
| I don't really see a problem with adding one extra SMTP hop to
| outgoing emails tbh, but as no-one other than Microsoft has (to
| date) a permanent IP block ban with no recourse whatsoever
| policy, while I've had transient issues with most other big
| providers at one time or another, those four Microsoft domains
| remain the only destination I have to route this way.
| gingerlime wrote:
| office 365 hosts a bunch of domains though. My bounce was to
| a .berlin domain hosted there. Yes, I could route all smtp
| via a ESP and pay for it, but that's centralization.
| tsukikage wrote:
| Interesting - whatever permaban it is that my IP block got
| didn't affect office 365 hosted services (verified with
| several different domains at the time) - just literally the
| domains I mention. Guess I've lucked out so far.
| zahllos wrote:
| Wouldn't surprise me if Linode were entirely blocked. Also
| anything in M247 Ltd's ASN. They host a lot of VPN endpoints,
| including Mullvad's.
|
| Step 1, I'd move off Linode. Find a local DC or business you
| can support by hosting a VPS or dedi box with them. LowEndBox
| might be an interesting place to search but avoid anything too
| famous.
|
| Step 2, join this https://sendersupport.olc.protection.outlook.
| com/pm/services.... They don't actually email me when they
| block my IP, but at least when I contact them I can argue I'm
| already in their program and they didn't actually notify me of
| any sending issues. I've got myself unblocked relatively
| quickly this way.
| SoftTalker wrote:
| IMO, _any_ low-cost VPS provider is going to have a poor
| reputation. I 've even had trouble running websites on some
| of them, as some "endpoint security" products have their IP
| addresses blacklisted, causing users to get alarming warnings
| if they try to visit sites hosted there.
|
| You'll run into the same issues with the "free/trial" tiers
| of bulk email services like Mailgun.
|
| I agree with OP, you pretty much have to at least send your
| outgoing email via an established, widely-accepted SMTP
| service provider, or in some other way pay a lot for a
| "clean" reputation.
| zahllos wrote:
| I'd still say it depends. I've used memset (www.memset.com)
| in the UK in the past without issue. They have low end VPS
| offerings, but they're not as well known as say Linode.
|
| It isn't so easy to categorise such a service by pure ASN,
| as they also offer dedicated and colocation services, so
| you might be blocking a licensed 'on prem' exchange box for
| a local UK council.
| throwawaygram wrote:
| I had that issue with them once in the past, I found a form on
| their site, filled it out and they had it fixed in a week or
| so. No issues since then.
| teddyh wrote:
| > _Trying to deal with a Microsoft ban on my IP_
|
| https://sendersupport.olc.protection.outlook.com/snds/index....
| gingerlime wrote:
| Thanks I'll check it out. The bounce link was to an office
| 365 spam delist portal. My request was auromatically rejected
| and my only option was to escalate it to support (one click
| luckily). I'm yet to hear back, but from the stories on the
| link I shared, I doubt it will do anything.
| lamontcg wrote:
| I have my personal e-mail on linode for probably 15 years or so
| and haven't had any issues with e-mail delivery (knock on
| wood). Had the same two static IPs there for years, and have
| always had things locked down so I couldn't be used as a relay
| for spammers.
| gingerlime wrote:
| mine is maybe 10 years? I don't recall. No issues so far, but
| started seeing those Microsoft blocks when I moved my
| brother's domain over to my server. I hardly send email out,
| so it could be unrelated to his domain, just that he sends
| much more email out.
| DarkmSparks wrote:
| I pretty much stopped using email altogether once I realised this
| is what was happening. Maybe 10 years ago now.
|
| Email was really useful if you wanted to send a message or
| notification to multiple people at the same time, but that got
| abused so much literally everyone disabled it, at which point
| email was no longer useful.
|
| People can still send me emails (e.g. for plane tickets), but the
| chances of me replying to one are nearly zero. Now I send maybe 4
| or 5 emails a year and only to people who wont use literally
| anything else.
| zahllos wrote:
| I'm on 12 years of self hosting email and counting. Once every so
| often, I do end up being blocked, usually by Outlook and once by
| Yahoo. I'm in their 'sender program' and they still don't
| actually bother to contact postmaster@, but a few emails is
| usually enough to unblock the block within 24h.
|
| Agree with a sibling comment that many major providers fail to
| operate the SPF/DKIM/DMARC tools they insist you do.
|
| Each to their own, but ultimately if we don't hold on to the
| freedom to operate our own mailservers, it will be taken away
| through inaction. This means doing some things right: DMARC,
| DKIM, SPF of course, server maintenance, good password policies
| and of course IP reputation. The best way I can recommend for IP
| reputation is to use a dedicated provider or VPS provider that
| disallows things like VPN endpoints, where it is less likely
| they'll assign an address with a poor reputation. A good provider
| might also ask you what you intend to host, and you might be able
| to discuss IP addresses with them.
| bornfreddy wrote:
| Agree completely.
|
| To those that still persist, there is a page I found recently
| that helps you make sure that your outgoing mail is configured
| correctly: https://appmaildev.com/en/dkim. They generate an
| e-mail address, you send a mail to them, they do the check and
| display results (not affiliated, just a happy user).
| Avamander wrote:
| EU's MECSA is nice as well https://mecsa.jrc.ec.europa.eu/en/
| flyinghamster wrote:
| I've also been self-hosting email for years, and the only
| deliverability problem I've ever had has been with AT&T. If I
| try to send something to an AT&T customer, I get an automated
| "your message has been eaten" notice, and following its
| directions accomplishes precisely nothing. At this point, I can
| only guess they're hellbanning the IP block in which my VPS
| resides, because it does not show up on any public DNSBLs.
|
| Google? No problem. Comcast? No problem. Charter? No problem.
| AT&T? Problem.
| DanAtC wrote:
| At least you get notified. Microsoft/Outlook on the other
| hand silently drops emails leaving you and the recipient in
| the dark.
| pas wrote:
| that seems new, or maybe a different beast from the MS zoo
| of madness.
|
| gmail on the other hand does what others said, report smtp
| 250 and silently discard some emails. (mostly those that
| lack DKIM)
| yomkippur wrote:
| was just gonna ask how you would handle DKIM and SPF stuff.
| Hetzner? Digitalocean?
| zahllos wrote:
| I use a small datacentre in my country, actually not far from
| where I live. DKIM/SPF are independent of the provider. The
| easiest way to understand is to consider how receiving works.
| If I'm getting an email from hnemail.example, the first thing
| I do is consider the IP address. Oh, 257.257.257.1? Ok. So I
| then ask DNS "what is the SPF record for hnemail.example?"
| and it returns v=spf1 mx -all
|
| This tells me only to accept emails from 'MX' entries for
| that domain. So I query 'MX' against the DNS server and I get
| a list of A records, which I can get IPs from. If the IP is
| in the list, spf passes. Otherwise it fails, mark as spam.
|
| For DKIM, when the email was sent it was signed with a key by
| the sending server. It is identified by a UUID in the
| incoming email. So the receiving server again queries DNS for
| TXT <UUID>._domainkey.hnemail.example and receives the public
| key as a response. Signature verification passes? Accept
| email. It fails? Mark as spam.
|
| This doesn't have a lot to do with IP reputation. This is
| different. If you are a very large email provider, you might
| develop custom spam filters. IPs are allocated to 'autonomous
| systems' i.e. who actually uses them and hands them out to
| users, and depending on the business you might make some
| decisions about reputation. For example, if the IP address is
| part of a consumer ISP block that is handed out to users of
| broadband, chances are high that if they're sending email, it
| is probably a Windows PC compromised by malware.
|
| Similarly, you might decide some ASNs are better than others.
| Some hosters are more liberal in what they will accept, such
| as VPN endpoints, tor nodes and such and as a consequence of
| this more spam comes from these ranges.
|
| Rightly or wrongly, larger email providers try to add these
| extra filters to the process to protect their users from
| spam. This obviously sucks if you are genuinely trying to run
| an email server on your symmetric home fibre connection with
| a dedicated IP, but that's the world we live in.
|
| I can't make any general statement on which providers might
| be best, and some people will have no issue whereas others
| will find themselves unable to send anything. I don't work
| for Outlook/Microsoft or Google and never have, so I don't
| know exactly what rules they use, and in all likeliness they
| shift constantly depending on spammer patterns. I can only
| say I've found running from a small DC to work pretty well.
| PinguTS wrote:
| I completly agree with you. While Hetzner is my actual neighbor
| as their headquarters is right in the neighboring town, I still
| use a server at very small scale provider. I have no problem
| with my email server. I receive some spam here and there,
| mostly from Russia. But I immediatly block the according IP
| addresses for some time.
|
| For years I avoided to use any external service to decide
| whether its Spam or not. But about 2 years ago I started to
| rely on some of the external Blocklists.
|
| Till today I have no problem sending Email. Even as I don't use
| DKIM or DMARC.
| exabrial wrote:
| How do people that work for Google on HN continue to work there
| without their conscience bothering them? These are terrible
| monopoly abuses and you're contributing.
| znpy wrote:
| In fairness, things like postfix usually ship with very poor (not
| to say "moronic") defaults.
|
| Like, postfix won't even try to connect to tls-enabled smtp for
| outgoing email by default, and you have to explicitly point it at
| the certificate bundle it's supposed to consider valid.
|
| And you have to tell explicitly to reject incoming plaintext
| connections from the public internet.
|
| And quite a bit more... Like, why doesn't postfix have its own
| freaking spf/dkim implementation BUILT IN?
| Avamander wrote:
| There are so many mesolithic defaults in email software. So
| many things have to be constantly reinvented. I really wish it
| weren't like that.
|
| Things like Maddy (https://maddy.email/) aim to simplify all
| this. Really great potential, but they're still work in
| progress.
| baskethead wrote:
| Nah. I'm glad that people like the OP are squeezed out of sending
| their own email. I have no problem with an email oligopoly at
| this point.
|
| For every "good" email server owner, there's probably a million
| bad ones. And the problem of spam is a big one. If you want to
| send your own email, get used to telling people to check their
| spam lists and/or add your email account.
| recroad wrote:
| Couldn't agree more. I had to leave Zoho even though I didn't
| want to. Google just blocked emails to my Gmail customers and
| left me with no choice.
|
| Write about it here https://bitbytebit.substack.com/p/customer-
| hacquisition
| rabite wrote:
| > Blacklists should not include whole IP blocks. I am not
| responsible for what my IP neighbor is doing with their server.
|
| This is obviously laughably naive and creates infinite sources of
| spam.
|
| Before doing a proposal on a core Internet technology you should
| be required to be on the other side for a while. Do anti-spam at
| a large retail e-mail service provider for a year and then you
| can understand the problem space.
|
| You might not be responsible for what your neighbor is doing with
| their server, but the ESP is responsible for filtering it. The
| idea that they need to treat each and every comcast IP with equal
| weight is nuts. IP reputation is the single most valuable tool in
| the industry; the largest statistical predictor of whether or not
| an email is abusive.
| kuon wrote:
| I just moved from fastmail to self hosted and it works with no
| email blocked so far. Had that setup for 6 months. The most
| important point being sure to have a static IP with reverse DNS.
| jwildeboer wrote:
| My little e-mail Server on an OVH VPS is happily sending and
| receiving e-Mails to/from the big ones without problems for my
| 20+ domains. Just a basic postfix/dovecot setup with letsencrypt
| certificates and SPF/DKIM/DMARC working the way it should. I
| described everything in a short blog series at
| https://jan.wildeboer.net/2022/08/Email-0-The-Journey-2022/ in
| case you are interested.
| jwr wrote:
| I've been hosting my mail for 20+ years now, with minor issues. I
| guess I've been lucky.
|
| Reading the comments here makes me incredibly sad. Every answer
| that tells me to use a provider misses the point. The Internet
| was created so that there could be many independent nodes, not so
| that everybody has to rely on one of several blessed providers. I
| should be able to run my own E-mail.
|
| The real problem is lack of incentives. The big corps do not care
| about e-mail. It doesn't make money and isn't easily
| controllable. You can't turn it into a walled garden and lock
| users in. So, it gets minimal attention, and only defensive
| measures are developed.
|
| Either we solve the spam problem, or things will get worse. The
| big tech corps won't solve it for us.
| neop1x wrote:
| I have also been self-hosting email for 15 years and only had
| couple of problems at the beginning, mainly until my IP got
| enough reputation. I have been hosting it on a bare metal
| Supermicro server in a proper datacenter, though. It has
| reverse-DNS, SPF, DKIM, TLS, MTA-STS and even DANE with DNSSEC
| (on a self-hosted BIND but that's another story). It is
| implemented using Exim, Dovecot, SpamAssasin, DNSBL and
| Roundcube with OpenLDAP auth. I can recommend this awesome
| hand-on guide provided by Netherlands Domain Registration
| Foundation as a basis of a nice configuration
| https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-...
|
| I had some troubles with IMAP search. I set up CLucene, it was
| easy and enough for me (no need for Java Lucene). It just took
| me a long time to figure out why it wouldn't search a domain
| part of email addresses. It just required to set up the
| tokenizations in such a way to split words also on @ character,
| i.e. don't consider a full email address as a word. :P I also
| had some troubles with OpenLDAP until I finally decided to read
| the docs and examples there properly. Since then I have been
| using this setup happily and it appears I will continue to do
| so! I also share the LDAP with NextCloud btw.
| rootusrootus wrote:
| The problem is that collectively we love 'free' (at the point
| of sale) so much that we'll gladly allow gmail to just walk in
| and own almost the entirety of the email infrastructure. Then
| later we realize this gives them the ability to unilaterally
| make the rules, and we complain. But it's too late.
| Barrin92 wrote:
| >the Internet was created so that there could be many
| independent nodes, not so that everybody has to rely on one of
| several blessed providers.
|
| any community that grows large enough needs some mechanism to
| manage trust, this is a universal issue. The early internet was
| more permissive and less differentiated simply because it was
| smaller.
|
| The big corps do an alright job at managing spam given the
| sheer size of the problem, and more importantly you don't just
| need to solve spam, you need to do so _economically_ , because
| for your system to stay distributed the nodes need to do the
| job competitively.
|
| Given that there's intrinsic benefits to managing these things
| at scale that's not really realistic, in large systems you're
| always going to have division of labor and stratification for
| that reason.
| pas wrote:
| spam is solved between the big players, they already use
| various feedback mechanisms ... it's just not enabled for
| small fish.
|
| https://en.wikipedia.org/wiki/Feedback_loop_(email)
|
| gmail silently drops emails (while reports smtp 250 accepted)
| - they could just as easily report that it's blackholed.
| spammers already do get through their fancy AI filters.
|
| microsoft proactively blocks half of the world, rejects the
| incoming mail, and sends the sysadmin on a wild goose chase
| to get the IP/domain/whatever allowed. then you diligently
| register, and wait. and then no signal from them, and the
| problem still persists.
|
| so big corps, small shops, everyone and their dog flocks to
| the good old microsoft/google duopoly.
|
| and at this point if someone asks what to use for email
| knowing ... well, it's hard to not recommend folks to just
| use google workspace and have some kind of backup ready for
| when G bans their whole account just because.
| jms703 wrote:
| Email is broken. Fix that first so that hosting it isn't such a
| terrible chore.
| noncoml wrote:
| Forget about self hosting. Even a custom domain is a pain
| sometimes.
|
| According to a lot of web apps, my email is not valid and can't
| use it.
|
| Also I have been told by a customer support person that my email
| is not right as it has to end with gmail.com
| johnklos wrote:
| The fact that it's too hard for you doesn't mean it's too hard
| for everyone else.
| [deleted]
| unixhero wrote:
| I am self hosting. It works and I have no problems.
|
| I use https://cloudron.io for orchestration, security - to run it
| on a VPS. Everything just works.
| ryan-c wrote:
| I've been self-hosting since 2004. I currently route via a VPS.
| The only issues I have seem to be with
| outlook.com/hotmail.com/etc - free Microsoft accounts. That goes
| to junk, though replies seem to work fine. Paid Outlook365 seems
| fine.
|
| Even after speaking with Microsoft's email admin team on the
| phone a couple times, I still have issues. It's kind of
| infuriating.
|
| I have properly configured SPF+DKIM (selector rotated
| daily)+DMARC, and I've gotten set up with dnswl.org.
| okasaki wrote:
| All that "security" just to fight spam. IIRC it was estimated
| that globally spammers make $300M per year from their spam. It
| doesn't seem like much. Somebody joked that it would be better if
| we just paid them that much to do nothing.
| iamgopal wrote:
| For Poor country 300 million is a huge sum of money.
| pkulak wrote:
| Kinda makes the point even more valid.
| warent wrote:
| I think they mean 300 mil isn't a lot in the scope of an
| entire market. The entire spam market isn't centralized in
| one poor country
| b0afc375b5 wrote:
| I wonder what the underlying problem is.
|
| Gabe Newell once said that "Piracy is not a pricing issue. It's
| a service issue". I believe this has been proven by
| netflix/spotify as well.
|
| Is spam just a symptom of a much deeper problem? If so what is
| it? Or is it naive to think of spam this way?
| PragmaticPulp wrote:
| > I wonder what the underlying problem is.
|
| The underlying problem is that a sufficiently motivated
| spammer can target tens or hundreds of millions of people
| with their spam without too much effort.
|
| As a result, every possible scam and spam with even the
| slightest possibility of converting 0.00001% of recipients
| can now be a viable spam campaign.
|
| The underlying problem is that it's so easy to scale spam to
| a lot of targets.
| bornfreddy wrote:
| Yup. Just requesting the sender to solve some riddle (and
| waste their energy in process) would turn the tables
| completely because the cost of sending would be non-zero.
| Unfortunately it would also mean that we would be
| sacrificing our planet again. But maybe the difficulty of
| the challenge could adapt according to some trust score?
| structural wrote:
| Spam is just the opposite, it is actually a pricing issue and
| not a service issue.
|
| As long as the expected value per message of spam sent is
| positive, someone in the world will send as many messages as
| they are able to. You either fix this by raising their costs
| so that spam no longer has a positive expected value, remove
| their ability to send an unlimited number of messages, or
| both.
|
| This is not exclusive to the e-mail system, robocalls are
| still a major annoyance, and the global telephone system is
| much more regulated. Mobile phones now automatically filter
| calls, even! It's wild.
| robertlagrant wrote:
| I think the deeper problem is sending an email (or a billion
| emails) triggers someone else's servers to do most of the
| work. Email is beautifully cooperative computing, but that
| means it can easily be taken advantage of.
| andruby wrote:
| I think it is different. With Piracy people want something
| (product/service/media). The quote from Gabe is about the
| fact that they are willing to pay for it, if it is convenient
| and affordable.
|
| Nobody wants spam or the things promoted in the spam. The
| companies want attention from the users. I think the better
| version is targeted ads on Facebook, etc. Maybe that's the
| closest analogy to Gabe's quote.
| luckylion wrote:
| > Nobody wants spam or the things promoted in the spam.
|
| Lots of people want Viagra without having to see a doctor.
| There definitely is a market for it, and now there are
| companies that do provide it, I wonder if this will cause
| spam to shift to other products.
| johannes1234321 wrote:
| Many also wants to be heir to a Nigerian prince worth a
| few million ...
| luckylion wrote:
| That's true! I had considered those to be scams rather
| than "normal" spam. When I look at what my filter
| catches, it broadly falls into three categories: scams,
| viagra/dating/sex-related products, and every day
| products ("buy this great ladder for your garage"). Too
| bad you usually can't analyze how many clicks and sales
| they generate.
| katbyte wrote:
| I think you can exclude Netflix from that list. Streaming
| services have fractured into a dozen different ones so piracy
| has come back.
|
| Still applies to games/music and probably audio books.
| dogleash wrote:
| Steam and Netflix made it possible for people to play/watch
| media more easily than going to the pirate bay.
|
| What are spammers trying to accomplish, that a better product
| would prevent them from using email (that isn't just them
| shitting up the other service the way they shit up email)?
| pcai wrote:
| > Somebody joked that it would be better if we just paid them
| that much to do nothing.
|
| I know this is in jest, but in economics there's this concept
| called "induced demand" that comes to mind.
|
| "Public extortion" would be an interesting challenge, as it
| would be difficult to solve the problem of "Hey why don't you
| also pay ME to do nothing too?"
| EGreg wrote:
| Here's an idea
|
| Make a new protocol for this decade, that isn't email.
|
| HTTP is supported nearly everywhere SMTP is. Just build something
| over that, and this time around make sure to avoid SPAM bullshit.
|
| People shouldn't be able to just message you based on your
| address. They receive a capability to email you. People can be
| empowered to give out your capabilities. If a particular such
| branch leads to spam, you simply cut off that branch and boom, no
| new user can reach you with that capability anymore. Hashes of
| Public keys can identify users.
| tayiorrobinson wrote:
| I did training provided by a large email security firm, and one
| thing the presenter said was along the lines of "this spam filter
| defaults to block the senders domain & IP, you can set an
| expiration on that block butI don't see a reason why you would".
| One misconfigured server sending out a single email and I assume
| by extension someone impersonating your domain could get you
| perma-blocked from sending emails to that company, and I assume
| it'd reduce your trust rating for other orgs using that provider.
| psyfi wrote:
| I hosted my mailman stack on VPS for some time, it worked well
|
| I stopped self-hosting because it's too much hassle, but it was
| any difficult to maintain, (by difficult I mean complex)
|
| It didn't worth the time I spent though, so I quit, but I would
| do it again if I need to
|
| If I had to maintain a server at home and my ISP blocks it, I
| would get a VPS and host proxies on the VPS and use VPN tunnel to
| keep the mails stored locally
|
| But I don't have any reason to do that currently, as well as most
| people
| ShowalkKama wrote:
| >I implemented all the acronyms, secured antispam measures,
| verified my domain, made sure my server is neither breached nor
| used to relay actual spam, added new servers with supposedly
| clean IPs from reputable providers, tried all the silver bullets
| recommended by Hacker News, used kafkaesque request forms to
| prove legitimity, contacted the admins of some blacklists.
|
| I cloned a repo, edited two lines in a yaml file, ran docker-
| compose, logged into a web ui, added my domain, added a couple of
| dns records (MX, spf, dkim, dmarc) and everything worked (yes, I
| can deliver emails to gmail and outlook).
|
| I honestly have no idea why so many people say that self hosting
| emails is hard.
| [deleted]
| nine_k wrote:
| IP addresses and whole address blocks may have a bad karma: if
| somebody ever sent spam from them, they may be marked as
| untrusted in various databases, and unblocking them is pretty
| hard. The filters prefer to err on the side of mis-marking a
| few legitimate self-hosted emails, instead of passing a spam
| salvo.
|
| Decentralized trust is still hard.
| spijdar wrote:
| You can deliver email to gmail and outlook until you ... can't.
| Whether the IP block your mail server is on gets blacklisted,
| some heuristic shifts against you (domain name becomes "bad"
| and shifts a point score over a threshold for being spam), or
| some other external factor happens, your perfectly configured
| mail server will suddenly and possibly with no warning or sign
| that it's failed, fail.
|
| For even personal mail this is pretty annoying, but if you're
| relying on mail for business reasons, this is completely
| unacceptable. You need to be able to assume that mail you send
| reaches your clients/customers. The chance of your private mail
| server getting banned might be low, but it's not low enough,
| and over time that chance only increases (especially if you're
| hosting from a server on big shared IP blocks with naughty
| tenets like on most major cloud providers).
| frostwarrior wrote:
| Maybe it's a joke, but a problem I see in every "open source
| self hosted alternative" is that people tend to underestimate
| how much work is to self-host everything.
|
| It's either paid hosting like AWS, some intermediate docker-
| compose solution or your own personal server machine. In every
| case someone has to do the gritty work. It's either a paid
| service, a volunteering open-source contributor, or you.
| palata wrote:
| I guess try to use it as your main e-mail for a few years and
| you may see...
___________________________________________________________________
(page generated 2022-09-04 23:00 UTC)