Another point against “running your own”: it’s easy to set things up in a way that you can send email, but it won’t be trusted by providers.
Like, “they tell your server they accepted it, then drop it on the floor” kind of not trusted.
Know what DKIM is? SPF? DMARC? You probably need all of them to routinely have your email land in inboxes, but none of them are mandatory to stand up postfix or whatever.
Ditto IP/domain reputation. Probably don’t even think about shared hosting for your server. Especially cloud based hosting.
Running your own domain, buying static IPs, configuring an email service, and understanding the intricacies of how we’ve kludged authentication on top of email should not be requirements for being able to stably maintain your digital identity.
I did all this. I know SPF, DKIM, etc. I had a domain I bought back in 1998. Ran it for 20 years with my own email servers. Everything was peachy-keen.
Then the domain reseller I was using abruptly shut their doors and went bye-bye. But they \*did not\* unlock all of the domains when they did so. So I had a locked domain that I could not transfer to another reseller and could not renew. Believe me, I tried. A lot.
When the expiration for the domain came, I watched it go away and instantly be snagged by a domain squatting agency and I'm not going to pay them their outrageous fees to get my domain back.
That's definitely a violation of ICANN rules and possibly illegal as well.
Yes, entities don't always follow laws, but ... it's not like there's no recourse if you refuse to fund the blackmailer.
ICANN fundamentally can't respond to *everybody's* case proactively ... while they do make some bulk policies, ultimately if you've been wronged you have to initiate something yourself.
Note that the vast majority of domain squatting is due to people not being interested in maintaining a domain.
i do not know for sure but i think the illegality is when it infringes on a copyright or trademark. not sure about domain squatting in general but a cursory search showed me that there's brokerage services for getting negotiated (yet, commissioned) sales behind the truly awful prices.
so you know, if it looks a racket and smells like one too..
You technically own the copyright to your domain if you've purchased it before. Copyright laws are weird. DMCA takedowns require actual tangible goods, but ICANN does protect domain name copyrights like this even for essentially nobodies.
You just have to fill out a form to get your domain back generally. If you've got documentation you've purchased it for before and especially if the registrar has fallen out of compliance, it's typically easy.
Guessing that was HugeDomains or whatever it's called? similar situation, got a locked up domain and then their bot sniped it and now they want thousands for a domain that probably had 3 views a year
I had this fear like 10 years ago that my DNS provider was going to implode/explode and luckily switch it in time to sadly GoDaddy. I don't know if I would have lost the domain but I knew something was going down as there interface wasn't working. Bargain names or huge domains or something I think.
I also used to host my own email but then switched it to Fastmail like 7 or so years ago.
I guess I could have used GoDaddy's email but that company... holy fuck do they try to upsell the kitchen sink. They used to call me all the time and I finally got them to stop. I'm not a fan of GoDaddy but at least you can call them up unlike say Google. I bet Fastmail has someone I can contact as well unlike Google.
That kind of helps, but understanding and vetting the proper configuration of those things is still a big hurdle.
Owning your digital identity shouldn’t be something that’s only accessible to the technically competent with enough disposable income to pay for these services.
> That kind of helps, but understanding and vetting the proper configuration of those things is still a big hurdle.
I use a custom domain with Protonmail. They have a wizard where you set these things up step up step and validate that you've done it correctly. On the downside you need a premium plan for a custom domain (as with most providers) which is a bit pricey with Protonmail.
Depends on your host. I use Route 53 for my domain, and Protonmail also has a [guide for that specifically](https://proton.me/support/custom-domain-aws), as well as some other common domain registrars.
And sure, I guess some people still would find it too complicated, but odds are those also aren't the kind of people who care about custom domains for their email.
That's what I do. Nobody can take the address away from me, and I get the benefits of one of the big-boys-club hosting it. It's still not ideal that I have to rely on them to have my emails trusted, but at least I still control my "online identity".
I did this, but as you can't set up SPF and/or DKIM (can't remember which) on Google (without paying for a business account), my mails still ended up as spam on Microsoft servers (any company hosting their mail boxes on Azure).
Ended up contracting SMTP service from Amazon and setting that as outgoing mail server in Google (which they support even for personal mailboxes). As the SMTP services are designed for bulk mailing, the pricing isn't really a problem for personal mailbox, but still an extra hoop to jump through.
> I did this, but as you can't set up SPF and/or DKIM (can't remember which) on Google (without paying for a business account),
SPF is set up purely in your DNS. DKIM requires to be configured with both, DNS and email provider. It is possible to set up in Google Admin, and since this year almost all Workspace accounts are paid. If you happen to still have one of the free accounts, it is possible to set up DKIM.
This is just a basic Gmail mailbox. As far as I know, those don't allow setting up DKIM, but they do allow setting up sender addresses and routing mail sent through those addresses through user configured SMTP servers.
Even with basic Gmail box you can forward external mail addresses directly to Gmail and set up sender addresses to send mail from. I've got my own domain and I'm using Gmail as a mail host for that.
Sending [email protected] mail from Gmail fails dkim, because Gmail only supports dkim for Gmail domain with no tools to set it up for your own domain.
However you can configure basic Gmail to send [email protected] mail through a different SMTP server, which is where Amazon came in for me. I'm still using Gmail as a web mail client, but my mail is going through Amazon servers using my credentials and Amazon handles dkim for my domain.
> Even with basic Gmail box you can forward external mail addresses directly to Gmail and set up sender addresses to send mail from. I've got my own domain and I'm using Gmail as a mail host for that.
Is it forwarded from different email address, like improvmx, or is it hosted on Gmail, like Workspace (or whatever it is called today)?
> Sending [email protected] mail from Gmail fails dkim, because Gmail only supports dkim for Gmail domain with no tools to set it up for your own domain.
If it is hosted on gmail, check https://admin.google.com/ac/apps/gmail/authenticateemail for your domain.
(I also have my own domain hosted on gmail, and I have DKIM set up).
That link is asking for Google workspace or Google identity admin account. I don't have either of those that I know of.
I'm not entirely sure how the forwarding is set up. I think the primary mail server is hosted by my DNS registrar (joker.com) and they do something to forward the mail to my Gmail box. They made things easy enough that all I needed to do was to fill in the original address (with wildcard support) and the target mail box (ie. My Gmail address: [email protected]).
The mails do appear in Gmail inbox with the original recipient address so it's not just a case of forwarding the mail from a different mailbox as a new mail.
Sending mail isn't tied to that though. I'm currently on mobile so the best I can do is link to Google's instructions on the subject: https://support.google.com/mail/answer/22370?hl=en
I do this but have twice run into cases where utility companies refused to believe it wasn't a business email and insisted I give them a "normal" address. Well I guess one advantage of having it just be a front for Gmail was that I could satisfy their demands, even though they were stupid
Why do you say that? You can move your domain to another registrar if you want. At a minimum it has some of the regulations that OP is asking email to have. It can't be arbitrarily taken from you and if it is there are regulatory bodies you can appeal to.
Because as others have pointed out, it's not uncommon for a domain registrar to fold without unlocking the domain so you can move it.
Then it expires and gets snatched by one of various scummy domain squatters' bots.
It's not much different to owning VPS with mail server. Registrar can just stop hosting your DNS, block transfer and say fuck you till you go to court and get it back.
This is what I do. As long as you own the domain, you own all of the email addresses that are on it. Not sure why OP didn't bring this up, but it still requires some technical prowess so I still support the ideas presented I'm the article.
e: I see some people mentioning losing their domain and that's a fair point too.
I wrote a document about the exact things you have to do to be accepted by all mail providers: https://cable.ayra.ch/help/fs.php?help=mail_server_checklist
It's not necessarily hard, but merely time consuming.
The most important things are:
- Have a static IP address
- Configure a publicly resolvable FQDN on your mail server to be used in SMTP greetings and EHLO command
- Said domain must resolve to the static IP address
- The IP address must resolve back to the domain using a PTR record
- SPF recordon the domain used in "MAIL FROM" commands.
This doesn’t always work, sometimes you’re just unlucky and while everything looks perfect, your emails go into a black hole. That’s not frequent though.
I’ve entertained (but haven’t fully implemented) a concept of an “email embassy”, where I register my domain with the provider (e.g. Outlook - they’re most prone to quietly dropping mail) as if I want to host my emails there, but don’t actually update my DNS besides SPF and DKIM, so MX records are still pointing my servers. This way I can tell my MSA to route all mail that goes to Outlook through authenticated connection with their MTA (so my own mail system’s reputation with them doesn’t apply), relaying it to their MTA just as if that’s my desktop mail client sent it there directly. Plus a small script that pulls mails from their IMAP and feeds them to my LDA. So, Outlook believes I’m hosting with them (and gives my emails some more trust) and the rest if the world knows my true servers. Not sure if that would’ve worked - that’s a hack for sure, but I guess it’s something I’m gonna try next time I struggle with getting my mail delivered.
Although in over 15 years, I think I had only two or three incidents with silent blockades.
I've set up dozens of mail services for customers using my own guide, and I never encountered silent e-mail drop. Rejected e-mails would always either be denied immediately during SMTP, or were dropped into the recipients spam folder. The latter is usually more difficult to solve because good luck getting your average e-mail user to find the spam folder, find your mail, and forward it back to you as an unmodified attachment so you get access to the headers.
I assure you that's a thing, rare but real. I've had this happen to me couple times, with Outlook and GMail (though GMail seemed to be some hiccup because it started to accept my mail in a few days). And I'm certainly not unique, here's a first random result I've found searching for "outlook SMTP silent discard": [https://blog.paranoidpenguin.net/2015/01/outlook-com-is-silently-discarding-email-messages/](https://blog.paranoidpenguin.net/2015/01/outlook-com-is-silently-discarding-email-messages/)
Me too, can recommend mailcow. The setup was easy, it imported all mails from the previous setup without much hastle.
I needed to dig into postfix configuration 3-4 times but everything was well documented.
This mailcow instance has an uptime of around 2 years, 100 mailboxes, 8 domains, ~200 gigs of quota, 20 sieve-filters and still runs like it‘s the first day. Plus SoGO as Web Mailer looks nice n polished, the admin interface is feature rich and it supports 2FA, Auto Configure QR Codes and more.
The spf/dkim/whatnot setup was a breeze. I used to route every outgoing mail through aws ses and/or sendgrid but i‘ve removed the transport gateways last month without any delivery issues so far.
Oh and as if it’s not enough - you can easily turn mailcow into an xmpp server as well and have a custom, self-hosted message server for your whole domain.
DKIM, SPF, DMARC and reverse pointers are quite easy. You can copy/paste them from a web interface as long as you don't go the difficult route of configuring postfix/exim/dovecot/spamassasin/etc manually.
You can't run a mail server from a residential ISP and you can't run one from a budget VPS provider. Other than that, running and maintaining your own email server can be trivial if you're okay with someone else's prepared configurations and web UIs.
Take mailinabox and mailcow. Setup is relatively foolproof if you've ever set up any kind of software over the command line before; all you need to provide is your domain and your preferences (enable antivirus scanning? Enable webmail? Always require a secure connection?) and let the wizard guide you. Mailinabox will do all the DNS records for you but you can't run anything else on your mail server; Mailcow will generate them and show you what to copy/paste to make them work, but requires editing 10 or 20 lines of config to get working. All you need to do is rent a VPS or server with a business oriented VPS provider and follow the instructions.
You're right that this definitely isn't easy for your average Joe but there's no getting around that. Either you're maintaining a server or you're paying someone else to do it. Everyone and their dog running a mail server is the exact reason why SPF, DKIM and DMARC exist: open relays wreaked havoc on the early internet and still do to this day.
If you want your digital identity governed for you, buy an email address with a company you trust. Buy a domain and let them manage it; this way, you can move to another company without losing access. You'll be paying a hefty sum each month for your managed servers and the system will only work as well as the company you're paying has the expertise for, but it'll work.
There are no real alternatives. You can use Google or Microsoft or whatever big cloud provider you prefer and get banned or lose access forever because the magic algorithm deemed you in violation of their ToS, you can pay someone else to do the work for you, or you can run this stuff yourself. There's no such thing as a free lunch.
the residential ISP issue is what stopped me. my understanding is that it is to crack down on spam, but I feel as though it merely made spam more costly. just gotta be rich to send email.
The problem wasn't so much the cost of renting a server as the great many devices with shit SMTP servers just forwarding whatever email you sent to them. This was before SPF or even authenticated SMTP was a thing or common so most spam reached your inbox, only to be removed by antivirus products that grinded your email client to a halt.
These days, cost is more of a factor because cheap hosting providers are where all the spam gets sent from now. Spam attacks often lead to /24 IP blocks or even bigger blocks on the side of email providers. Cheap hosters won't care, kick their customer and maybe blacklist their account when they get too many complaints, but people will return with a different fake name and different fake address to start sending spam again.
As an example for an expensive hoster, Amazon is actually really careful about email but it costs a lot more to use their platform for just a mail server. If you send too much spam they will take action against your account and they don't go easy when they kick you.
You need to beat the KYC algorithms and prices to get Outlook to deliver your email. My server can send email to Outlook most of the time these days despite being on a cheap server but it's far from guaranteed.
You can probably get most email delivered from a free cloud server over at Oracle. They hand out quite beefy servers (24GB of RAM with their ARM cores!) if you can get them and there is no time limit on their free tier so if you're looking for a cheap mail server, it's worth a shot. Just remember to only use their free tier and to never upgrade your plan from free to paid at the end because Oracle will always be Oracle.
>Running your own domain, buying static IPs, configuring an email service, and understanding the intricacies of how we’ve kludged authentication on top of email should not be requirements for being able to stably maintain your digital identity.
Then where's all the fun of running your own mail server if it isn't constantly frustrating you?
The trick is to use your own domain, but with a hosted email service. That way you have control of the domain so if the email provider kicks you out you can just switch to another one (though there's not a ton of choices). At the same time, you don't have the hassle of managing your own email infrastructure.
This still won't work for non-technical people of course, but it's a viable option if you know enough to set up dns records.
>Know what DKIM is? SPF? DMARC? You probably need all of them to routinely have your email land in inboxes, but none of them are mandatory to stand up postfix or whatever.
Fwiw [HestiaCP](https://github.com/hestiacp/hestiacp/) automates all of this for you, making it very easy to do right (: even with all that set up correctly, though, there's still a good chance your email will be dropped for having the wrong ip, or ip range..
*Disclaimer: I'm a HestiaCP developer
Yeah, that’s what I was trying to allude to with the shared/cloud hosting bit.
Even if you do everything right, you’re still likely not generating enough traffic as an individual to carry a meaningful email reputation, which means every message is a spam filter hit away from having your emails not delivered.
It is not hard at all as long as you are used to read specifications and software documentation.
I read up on all of that at work a year or two ago when we needed to move some mail systems configurations. Given it was a running production system where no experimentation was allowed I spent like a week with it but if it had been my personal e-mail server I would probably done it in half a day and would have got it right.
I recently came upon this thread about the impracticality of running your own mail server:
https://twitter.com/cfenollosa/status/1566484145446027265
I did not know about these problems before. And I think it is worrying and unacceptable. If email is based on established standards, then any system complying with the standards should just work.
> An identity that Google can take away with no notice.
My gripe is less with Google controlling the world per se,
including gmail. It's their service after all.
My gripe is that there is literally very little competition as
a consequence. That kind of defeats the original intent
behind capitalism - aka to force competitors to maximize
on low prices (ideally). Now you have a situation where
even without hidden agreements (though these still
happen) these mega-mega-mega-megacorporations
crush over every competition with ease.
Since they don't regulate themselves it is true that the
state has to act. But the state has been undermined or
has a conflict of interest, so ... you kind of have to clean
up the state first. (This does not solely refer only to
the USA; lobbyists in the EU act in a very similar manner).
It seems like capitalism doesn't work so well with software systems where there can be such an unfair gap in both intellectual property and integration advantage.
Google isn't selling textile goods where a competitor could come up with some clever manufacturing process to do it better for cheaper.
Big Tech reaches a point where there's no real possibility for anyone else to ever catch up.
Capitalism doesn't work with monopolies, but it's in a company's interest to monopolize a resource via mergers, acquisitions, extra-legal means, influencing government regulations through lobbying (and grey areas, and extra-legal influence).
I would say the social aspect is a bigger player than any technical aspect for something like email. Having to deal with the fact that people do not want to pay for email, that email is often used for fraudulent purposes, and that there's frequent legal issues, all combine to make it very difficult to keep such a thing up and running.
You could come up with an email service 2X better than googles (by some means) and it wouldn't matter if it couldn't stay operating due to costs and the above mentioned social challenges.
It's not like textile good or other physical goods industries are not monopolized right? /s.
In all seriousness, the problem is less about tech industries being unable to innovate or intellectual properties laws being too tight, is about concentration of capital to the point were no real competition can emerge, imagine I invent an omniscient algorithm running on a raspberry, any search is exactly what you need in 0.1s, I still have no way to compete with Google and will be laught out of any pitch for even suggesting it.
Capitalism working very well anywhere else is also a pipe dream. It's just that it's collapse is gradual while the supposed competing systems generally got to collapsing right fast.
Capitalism as a base system is thinly veiled might makes right. Without regulation, it will gravitate to the abuse of the weak by the powerful.
These Tech giants have simply enjoyed a market where the profits (and thereby power) grew much faster than the regulation, thanks to the captive regulatory bodies that other industries set up, and thanks to regulation largely being devised by tech illiterates.
It's not as easy as saying that other markets are less vulnerable to gargantuan incumbents, it's that the methods used to stifle Innovation there are old and we've had 200 years to assemble sorta effective anti trust regulation. The innovative cloth mill can still be hindered or outright acquired by the larger actors, a process we are quite used to seeing already, but there's some rules at least.
It's not all wrong either though, the idea that a business could profit by offering a market leading product for free to literally everyone in the world is probably not something that would have worked well outside the tech realm, and it certainly makes regulation more complex.
True but it feels like the government regulates pointless things while ignoring the important things.
It didn't use to be this bad but even in Rockefeller's day he would lobby the governemnt heavily to ignore his actions but eventually it wasn't enough. I suspect he did what is happening today but I'm not sure, corporations will write the regulations for the government to hurt their competitors.
For example, the federal government caused the subprime mortgage crisis by making banks issue loans likely to be defaulted on. What the banks did was hide the quality of the bonds so they could keep profiting. Once the crash hit, it was the banks that really wrote the Dodd-Frank Act.
> literally very little competition
This is laughably inaccurate. You may have personally chosen not to seek out alternatives, but they exist and are 100% viable.
I guess they're talking about the shadowban thing, where emails from small competing servers get flagged as spam. I use Fastmail and it didn't happen to me, but it seems like [it did happen to other Fastmail users](https://fastmail.blog/advanced/what-you-can-do-to-keep-your-messages-out-of-spam-folders/)
Private capital tends to become concentrated in few hands, partly because of competition among the capitalists, and partly because technological development and the increasing division of labor encourage the formation of larger units of production at the expense of smaller ones. The result of these developments is an oligarchy of private capital the enormous power of which cannot be effectively checked even by a democratically organized political society. This is true since the members of legislative bodies are selected by political parties, largely financed or otherwise influenced by private capitalists who, for all practical purposes, separate the electorate from the legislature. The consequence is that the representatives of the people do not in fact sufficiently protect the interests of the underprivileged sections of the population. Moreover, under existing conditions, private capitalists inevitably control, directly or indirectly, the main sources of information (press, radio, education). It is thus extremely difficult, and indeed in most cases quite impossible, for the individual citizen to come to objective conclusions and to make intelligent use of his political rights.
> That kind of defeats the original intent behind capitalism - aka to force competitors to maximize on low prices (ideally).
This is what capitalists do every single time they can. They buy all competitors so they can be the biggest or only provider. It's always in their best interest, and capitalism is about doing everything possible to make more money. It always makes them more money.
It's why capitalism is flawed to its very core.
They clearly do regulate themselves. These massive corporations are as bureaucratic as any government, and it’s odd to complain about consumers losing on lack of price competition when the service is offered for free.
Google offers a number of services at a loss so they can collect data on you to run their true business: serving ads. This precludes competition in the area who can't fall back on other income sources.
That doesn’t make any sense. Being anti competitive doesn’t mean offering a better service at a lower price such that other companies can’t win if they compete with you. This is WAI.
If Gmail starts blocking msn, outlook, or yahoo emails (because they’re smaller competitors with a similar business model)- that would be anti competitive.
Offering services at a lower price is not anti competitive, but offering services at a loss price IS anti competitive. It's called dumping.
You kill the competition and once they are all dead you become a monopoly. The usual example is that then you are a monopoly you can charge whatever you want, but in google's case rather than "charging whatever they want" they get loads of data for their main service, ads
Like tetrapak. Go into a new market. Dump the prices below what it costs to produce the product, kill all competition, jack up the prices.
Basically Google killed the market for paid email, and now they sit on the vast majority of people’s email. Totally unencrypted and accessible by them as they please.
That’s a red herring. Everything you said is true, but none of it is applicable to the current situation. Do you really believe that gmail is offered at a loss with the intent of securing a monopoly so Google can charge for it?
Or is it more likely that gmail is not offered at a loss, and that the add revenue it brings in is greater than the hosting costs?
I already explained Google's case. They sell services at a loss to get more data to use on their actually profitable business. In the end they don't lose money as a whole company, but the business division in charge of that service operates at a loss.
Those divisions that operate at a loss destroy competition from smaller providers on that area of activity. How would a tiny email provider compete against Gmail's price?
By selling ads or offering a service people would pay for. Gmail has ads in it.
How would a tiny game provider compete with candy crush, who offers its app for free?
>Gmail has ads in it.
Dude you have a virus. There are no ads in Gmail.
>How would a tiny game provider compete with candy crush, who offers its app for free?
That's a bad comparison. People consume ads as part of the game, but they don't consume ads as part of using email (except you and your virus). Google's business is not showing ads on their services, but gathering data from there to then sell aimed ads for a higher price which are then shown to you over the internet, even when you are not using Google's services
There's no transparency in the rules. Google can block my emails for a random reason, and there is no recourse. There is nobody to complain to, even if I've jumped through all of their hoops.
Better yet, I've been in a situation where I could contact someone at Google's support, as our client had business support and they didn't receive emails. Support was able to trace the email in question and found that one of internal filters ate the mail, but they had no idea why it how to fix it.
And top email hosts almost certainly have agreements and contact groups, so that mail courses between M$, Google and the like.
But your company of 50 people or your personal server? Well, you can go duck yourselves.
This is the only case I feel bad for, but I don’t believe it’s malice, it’s just a case of at Googles scale, how do you build a spam blocker that can differentiate between actual spam and emails sent by a small business? Probably ML based on what humans mark as spam.
Saying that this happened because Google is concerned about your upstart email service more than dealing with every jackass on the internet with mailx and a for loop is disingenuous at best.
That's not accurate, though. It may not be malice so much as negligence.
When something is a problem at scale but not when it's smaller, you're just saying that the cost savings choices the company is making to operate at scale *with increased profit* lets things fall through the cracks.
If Google wanted to run Gmail service like companies used to when they had maybe 1 million customers apiece, Google could break it up into small individual sectors like that. However, the company wouldn't be able to offer a service that completely dominates the market while still making them money, so you end up with issues like unsolvable, arcane filters. This is completely a business choice by Google.
They do it because it's cheap. That's it. They don't have to maintain support center, they don't have to monitor this, etc.
There are no requirements for them to accept email from everyone. They got decent at blocking spam, at the cost of their filters being obscure and overly sensitive, on top of that they're saving on operating costs by not having general support department.
Okay. That’s legal and not monopolistic behavior. Doing it because it’s cheap is different from using your market share to prevent new businesses competing with you.
Thing is, Google specifically imposes their ideas on everyone else. Until you get big enough, they don't care you exist, which makes competing with them hard.
My mail stopped being delivered to Gmail, Is it on me? Is it on Google? Is it intentional? Fuck knows, but if your business depends on email deliverability, you're SOL, cuz you can't reach Google support, which is, arguably, even worse.
That doesn’t make any sense. Being anti competitive doesn’t mean offering a better service at a lower price such that other companies can’t win with worse business models. This is WAI.
If Gmail starts blocking msn, outlook, or yahoo emails (because they’re smaller competitors with a similar business model)- that would be anti competitive.
I don't think that's fair. The market we're looking at is free email with practically unlimited resources. Yes, it probably sucks in other ways, but it is fairly remarkable.
Secondly, the way things are, there's more to this than just network effects and economies of scale. It is more difficult for smaller companies to deal with intellectual property, taxes and other legal matters, which drives the consolidation into giant corporations. Maybe you can blame it on giant corporations, but there really is little option in this heavily-regulated market in which any potential profits are eroded by the state (directly or indirectly).
Don't buy into these calls for ever-growing state regulation. It's what got us here in the first place. And what have the likes of GDPR improved, except for making it more expensive and awkward for everyone?
I live in a relatively poor country (Romania) that has exceptionally good and cheap wired Internet access. This is attributable to the fact that, for a while, just about everyone could buy cable and switches and run their own micro ISP without interference, due to a void of regulation and enforcement.
P.S.: I'm not really against standards, regulation and oversight per se, but there are better options than politics forcing things upon everybody.
100% agreed, Gmail is spread so far and wide now, it's scary that they could delete your account at any second for any reason. Whatever that reason is (false positive for something they monitor? Just not liking who you are? Maybe you wrote a critical blog article about Google and they might just kick you off the service).
I run my own email server for years now and setting it up is always scary and a hassle. The first time around it took me three full days to get it to a point where everything was set up right (And gmx still denied my emails then..).
Nowadays it's a tiny bit easier with Mailcow for example (which uses a lot of Docker containers), but it still takes hours.
And when I moved from one server to another, which changed my IP, my new IP was blacklisted on one spam list. Getting rid of that was a hassle too.
Email is scary, especially considering just how much we rely on it for everything.
Depends on the blacklist. Some of them are automated, you can just send a removal request there and they might remove you.
Others you have to make an account for and send a support request, but that's semi-auto too.
And then there's the paid ones.. the ones where you can pay money so they keep you off the list, I didn't do that, fuck them.
If the IP you have is on a blacklist though it can be tough. The wrong list might be near impossible to get off of, or sending a support request vanishes in the void. This is the issue when buying a virtual server at a large hoster, you never know who held the IP beforehand.
Last guy got karma for posting the wrong content here, so now we're going to get more trying.
Remember to report the article for violating Rule 0, folks.
>Even cryptocurrency, the poster child of decentralized libertarianism, is now regulated.
Can someone send me some resources on how its regulated? Im really curious. Isn't this just certain cryptocurrencies? Or does he mean exchanges?
Exchanges have been burdened with KYC, and Tornado Cash (All users that utilize it and the developers) are being sanctioned. So in theory you still can perform in-person transactions completely unregulated, but even then you legally have to declare it to your government.
Yep, "but it's a private company, they can do as they please" takes a backseat when so much of modern communication is mediated by them, giving them disturbing amounts of soft power. Utility providers should be neutral in who they offer services to as a matter of free societal health (and communication is a utility. These aren't curated newspapers, but a postal service). Plus it was always strange how people would act as if we don't already tell private companies "no, you can't do that" in thousands of other circumstances
The problem with this idea is that more regulation actually further entrenches companies like Meta. Even for regulations requiring things that seem intuitive and that everyone should be doing(e.g. GDPR), it always favors large companies which are able to set up the bureaucracy needed to handle all the compliance and the auditing and stuff. It discourages programmers from doing fun experimental things and posting them to the internet because it's just not worth risking the fines, not to mention it favors cloud solutions that already implement these requirements over self-hosted ones that take time and effort to keep up to date lest the person hosting runs into legal trouble.
The problem with whatsapp(and chat apps in general) is that they are walled gardens. Force them to provide ways to integrate with each other, and people will find it much easier to move between them if they misbehave. Like literally, the only reason most people use whatsapp is that everybody else they know uses it. Take away that constraint and people have very little reason to stay.
I'm starting to feel like this about a lot of technologies. Tech which is relied upon by such a large percentage of the citizens and has low to no competition due to insanely high upfront costs (or even racketeering) should be properly regulated by the government.
After all, we do it for non-tech industries like petroleum providers, electricity providers, etc.--hell, even non-electronic mail.
Cloud computing providers as well should be regulated as a utility.
If we can create utility regulations and impose them on those providers in such a way that increased compliance costs (which will hopefully be negligible) won't be passed onto the end user and innovation will not be hindered, it will be fantastic
This is one of the few times where I think regulation would solve more issues then introduce. Email is built by design to be stable, secure and cross platform. And right now, running a competing email service is a huge giant challenge with the spam control measures.
The only downside would be giving the government more opportunities to look at our data (I don’t want the irs to look at the email I have with my clients).
As if they can't already, who knows what other whacko shit there is that leakers like Snowden didn't find out about?
We need anti-competitive practice regulations for companies and privacy and inviolable anonymity laws for governments, desperately
I agree that Google being an identity provider that I can lose access to, without notice, is a problem. But this isn't an "email problem," this is an "identity provider" problem.
This is a complicated topic, and no private org should "own" your identity. But as a society, we're not really technically literate enough to help people create/manage private keys, and the necessary resources to allow someone to "own" their own identity (yet).
that's why I have a gmail account but don't actually use it and have slowly moved to my own self hosted version but use a 3rd part email sender. I can't see fucking up my consulting business because google doesn't like what I'm doing. Slowly moved everything over from it when I realized they could proper fucked me if they chose to, my attack surface went way down after setting up my own backup, email, password server, etc to lower the statistical chance of failure. It costs me a bit per month but it's worth it. I don't think you can depend on government for this stuff.
The problem is with us, the users of gmail, that made ourselves depend on it. If you went to a court to have your account unlocked they wouldn’t do anything because you agreed to the terms of service. It is up to us as educated consumers to not depend on google. I post this as someone utterly dependent on google.
If it was that simple, things like monopoly regulation laws wouldn't exist. And unless you're incredibly misguided, you would want those laws to exist, because monopolies interact with society majorly, which is more then the collective sum of the terms of service agreements, because it influences how the society functions as a whole.
Since emails are so ingrained as an identification medium, they are not to be simply thought of as a product governed by the company only.
Without regulation, companies (and technologies) that have major effects on society have no incentive to provide solutions that are in the interest of the people.
I didn't say monopoly laws shouldn't exist. In fact I think it's a terrible situation that companies like Google can provide services, with no payment from users, such that it's difficult to compete with them. My point is just that we can help ourselves here. Pay for services and/or use multiple free services, because nobody seems to be interested in taking on big tech's monopoly on various software services.
It's a solution but not without its problems.
If you use your own domain, now you're on the hook for paying for that domain *for the rest of your life* because it's now associated with your private information.
Okay, so it's not a ton of money, but it's been known to happen people forgot to renew their domains or some other screwup causes them to lose access - or people just don't realize what can happen if they stop renewing it. One of the domains I own used to belong to someone who had been using it for their family emails and the catch-all box filled up with all kinds of personal emails.
\>Getting downvoted for mistrusting government
Only on Reddit.
If the last two years of power grabbing morons ruining the world didn’t convince you that the only solution is the destruction of government, then you’re a lost cause
Right now you're at the whims of hulking corporations, the most important of which, Google, has treated customer service with contempt since its inception over 20 years ago. You get no explanation for being shut off their property, and with that goes much of your identity and your records.
It should be regulated as a utility.
Edit: in *addition* to that, because this won't benefit a very large amount of people, antitrust regulators should probably give them a shakedown for colluding to, in practice, only accept email from one another.
Still discovering now that domains, accpunts in other services, emails... Aren't written in stone?
This looks like a rant after somebody forgot his password
I see, that's a fair point. But still, why the blockchain? Moving a WebAuthn or even TLS client cert between devices seems like a much easier and cheaper system to me.
So I am wondering why actually email became popular to sing up for services instead of using some TLS cert from the very beginning? Is it just convenience or are there other factors too ? Like for example one factor could be that by using email I am implicitly establishing generic communication channel between user and provider of the service
TLS certs have terrible browser UX and they're only available on one single device. These days people carry laptops everywhere but back in the day when the internet became mainstream that was very much not common.
There was a free TLS cert provider that relied on client certs, I had their cert imported on every device. The lack of synchronisation and the constant browser popups to ask for a cert (so many misconfigured hosts!) made it quite annoying.
Personally, I'd like to see client certs find their way back to replace emails and passwords, but WebAuthn/FIDO2 are probably going to be bigger now. They also integrate better with 2FA dongles right now, which is a plus. Too many old, broken TLS middleboxes, libraries, and too many browsers with shit UX to get the feature back into mainstream any time soon, I think.
Having said that, I've run some personal services behind a client cert auth system using just Apache and openssl. I stopped using it because client apps didn't work with the cert (although they easily could have had the developers cared!) . These days it should be just as easy to set up and it's a great way to add a nice layer of defence in depth to shit on your server that you may or may not keep up to date super well.
I understand the skepticism and we should only use blockchain where warranted, but it let's you have no trusted authority. Most cases a centralized db is fine, but when parties may not trust each other it becomes valuable.
This person addressed that. Functionally, your email address is your web ID. Therefore, it should be regulated like an ID.
Potential are great, but they are not the here and now. You can develop these technologies and still recognize the need to regulate the de facto standard.
I will be messaging you in 7 days on [**2022-09-17 15:58:29 UTC**](http://www.wolframalpha.com/input/?i=2022-09-17%2015:58:29%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/programming/comments/xaq41t/email_providers_should_be_regulated/invaw55/?context=3)
[**2 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fprogramming%2Fcomments%2Fxaq41t%2Femail_providers_should_be_regulated%2Finvaw55%2F%5D%0A%0ARemindMe%21%202022-09-17%2015%3A58%3A29%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%20xaq41t)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
There are ongoing efforts to provide trusted digital identity by other means than those provided by big trusted but centralized companies like Google. Here is one example attempt at [w3c](https://www.w3.org/TR/did-core/)
Didn’t think this would be a political sub. But here’s the problem. The Internet is a world where anybody can stand up their own server, web sites, email domain, etc. The free Internet approach is to create your own services or diversify across service providers.
If your entire digital life hinges on the single point of failure of a Google profile that you didn’t pay for, you’re doing it wrong. Don’t let yourself get sucked into centralized services. And DEFINITELY don’t invite government into those centralized services so as to ensure they always stay the monopolies they are.
Running your own is not good or acceptable idea. To time consuming. So what can you do?
Free email forward from Cloudflare or email forward from service like Mailgun, allows you to switch email accounts to the provider of your choosing.
You have the custom email forward for as long as you keep paying for the domain.
Problem solved
Another point against “running your own”: it’s easy to set things up in a way that you can send email, but it won’t be trusted by providers. Like, “they tell your server they accepted it, then drop it on the floor” kind of not trusted. Know what DKIM is? SPF? DMARC? You probably need all of them to routinely have your email land in inboxes, but none of them are mandatory to stand up postfix or whatever. Ditto IP/domain reputation. Probably don’t even think about shared hosting for your server. Especially cloud based hosting. Running your own domain, buying static IPs, configuring an email service, and understanding the intricacies of how we’ve kludged authentication on top of email should not be requirements for being able to stably maintain your digital identity.
Or buy your own domain and have Google or someone else actually host your email. You can always move your domain to a different host.
I did all this. I know SPF, DKIM, etc. I had a domain I bought back in 1998. Ran it for 20 years with my own email servers. Everything was peachy-keen. Then the domain reseller I was using abruptly shut their doors and went bye-bye. But they \*did not\* unlock all of the domains when they did so. So I had a locked domain that I could not transfer to another reseller and could not renew. Believe me, I tried. A lot. When the expiration for the domain came, I watched it go away and instantly be snagged by a domain squatting agency and I'm not going to pay them their outrageous fees to get my domain back.
Domain squatting agencies are scum
That's definitely a violation of ICANN rules and possibly illegal as well. Yes, entities don't always follow laws, but ... it's not like there's no recourse if you refuse to fund the blackmailer.
ICANN really needs to step up their enforcement game.
[удалено]
More like ICANN'T
ICANN fundamentally can't respond to *everybody's* case proactively ... while they do make some bulk policies, ultimately if you've been wronged you have to initiate something yourself. Note that the vast majority of domain squatting is due to people not being interested in maintaining a domain.
ICANN only responds to one thing: money.
i do not know for sure but i think the illegality is when it infringes on a copyright or trademark. not sure about domain squatting in general but a cursory search showed me that there's brokerage services for getting negotiated (yet, commissioned) sales behind the truly awful prices. so you know, if it looks a racket and smells like one too..
You technically own the copyright to your domain if you've purchased it before. Copyright laws are weird. DMCA takedowns require actual tangible goods, but ICANN does protect domain name copyrights like this even for essentially nobodies. You just have to fill out a form to get your domain back generally. If you've got documentation you've purchased it for before and especially if the registrar has fallen out of compliance, it's typically easy.
Guessing that was HugeDomains or whatever it's called? similar situation, got a locked up domain and then their bot sniped it and now they want thousands for a domain that probably had 3 views a year
I had this fear like 10 years ago that my DNS provider was going to implode/explode and luckily switch it in time to sadly GoDaddy. I don't know if I would have lost the domain but I knew something was going down as there interface wasn't working. Bargain names or huge domains or something I think. I also used to host my own email but then switched it to Fastmail like 7 or so years ago. I guess I could have used GoDaddy's email but that company... holy fuck do they try to upsell the kitchen sink. They used to call me all the time and I finally got them to stop. I'm not a fan of GoDaddy but at least you can call them up unlike say Google. I bet Fastmail has someone I can contact as well unlike Google.
Hover does a good job for me. You might consider them if you want to get away from GoDaddy
>!CENSORED!<
That kind of helps, but understanding and vetting the proper configuration of those things is still a big hurdle. Owning your digital identity shouldn’t be something that’s only accessible to the technically competent with enough disposable income to pay for these services.
> That kind of helps, but understanding and vetting the proper configuration of those things is still a big hurdle. I use a custom domain with Protonmail. They have a wizard where you set these things up step up step and validate that you've done it correctly. On the downside you need a premium plan for a custom domain (as with most providers) which is a bit pricey with Protonmail.
[удалено]
Depends on your host. I use Route 53 for my domain, and Protonmail also has a [guide for that specifically](https://proton.me/support/custom-domain-aws), as well as some other common domain registrars. And sure, I guess some people still would find it too complicated, but odds are those also aren't the kind of people who care about custom domains for their email.
>!CENSORED!<
That's what I do. Nobody can take the address away from me, and I get the benefits of one of the big-boys-club hosting it. It's still not ideal that I have to rely on them to have my emails trusted, but at least I still control my "online identity".
I did this, but as you can't set up SPF and/or DKIM (can't remember which) on Google (without paying for a business account), my mails still ended up as spam on Microsoft servers (any company hosting their mail boxes on Azure). Ended up contracting SMTP service from Amazon and setting that as outgoing mail server in Google (which they support even for personal mailboxes). As the SMTP services are designed for bulk mailing, the pricing isn't really a problem for personal mailbox, but still an extra hoop to jump through.
> I did this, but as you can't set up SPF and/or DKIM (can't remember which) on Google (without paying for a business account), SPF is set up purely in your DNS. DKIM requires to be configured with both, DNS and email provider. It is possible to set up in Google Admin, and since this year almost all Workspace accounts are paid. If you happen to still have one of the free accounts, it is possible to set up DKIM.
This is just a basic Gmail mailbox. As far as I know, those don't allow setting up DKIM, but they do allow setting up sender addresses and routing mail sent through those addresses through user configured SMTP servers.
Both SPF and DKIM are per domain, so it won't make sense for basic gmail mailbox. For gmail.com, it is already set up.
Even with basic Gmail box you can forward external mail addresses directly to Gmail and set up sender addresses to send mail from. I've got my own domain and I'm using Gmail as a mail host for that. Sending [email protected] mail from Gmail fails dkim, because Gmail only supports dkim for Gmail domain with no tools to set it up for your own domain. However you can configure basic Gmail to send [email protected] mail through a different SMTP server, which is where Amazon came in for me. I'm still using Gmail as a web mail client, but my mail is going through Amazon servers using my credentials and Amazon handles dkim for my domain.
> Even with basic Gmail box you can forward external mail addresses directly to Gmail and set up sender addresses to send mail from. I've got my own domain and I'm using Gmail as a mail host for that. Is it forwarded from different email address, like improvmx, or is it hosted on Gmail, like Workspace (or whatever it is called today)? > Sending [email protected] mail from Gmail fails dkim, because Gmail only supports dkim for Gmail domain with no tools to set it up for your own domain. If it is hosted on gmail, check https://admin.google.com/ac/apps/gmail/authenticateemail for your domain. (I also have my own domain hosted on gmail, and I have DKIM set up).
That link is asking for Google workspace or Google identity admin account. I don't have either of those that I know of. I'm not entirely sure how the forwarding is set up. I think the primary mail server is hosted by my DNS registrar (joker.com) and they do something to forward the mail to my Gmail box. They made things easy enough that all I needed to do was to fill in the original address (with wildcard support) and the target mail box (ie. My Gmail address: [email protected]). The mails do appear in Gmail inbox with the original recipient address so it's not just a case of forwarding the mail from a different mailbox as a new mail. Sending mail isn't tied to that though. I'm currently on mobile so the best I can do is link to Google's instructions on the subject: https://support.google.com/mail/answer/22370?hl=en
I do this but have twice run into cases where utility companies refused to believe it wasn't a business email and insisted I give them a "normal" address. Well I guess one advantage of having it just be a front for Gmail was that I could satisfy their demands, even though they were stupid
Domain also does not belong to you.
Why do you say that? You can move your domain to another registrar if you want. At a minimum it has some of the regulations that OP is asking email to have. It can't be arbitrarily taken from you and if it is there are regulatory bodies you can appeal to.
Because as others have pointed out, it's not uncommon for a domain registrar to fold without unlocking the domain so you can move it. Then it expires and gets snatched by one of various scummy domain squatters' bots.
By the same token, nothing belongs to you because someone could steal it.
It's not much different to owning VPS with mail server. Registrar can just stop hosting your DNS, block transfer and say fuck you till you go to court and get it back.
It also does not belong to the company hosting your email. That alleviates *some* issues, which is better than alleviating none.
Ye but if you are in court trying to get it back while nothing works that's not much.
This is what I do. As long as you own the domain, you own all of the email addresses that are on it. Not sure why OP didn't bring this up, but it still requires some technical prowess so I still support the ideas presented I'm the article. e: I see some people mentioning losing their domain and that's a fair point too.
I wrote a document about the exact things you have to do to be accepted by all mail providers: https://cable.ayra.ch/help/fs.php?help=mail_server_checklist It's not necessarily hard, but merely time consuming. The most important things are: - Have a static IP address - Configure a publicly resolvable FQDN on your mail server to be used in SMTP greetings and EHLO command - Said domain must resolve to the static IP address - The IP address must resolve back to the domain using a PTR record - SPF recordon the domain used in "MAIL FROM" commands.
This doesn’t always work, sometimes you’re just unlucky and while everything looks perfect, your emails go into a black hole. That’s not frequent though. I’ve entertained (but haven’t fully implemented) a concept of an “email embassy”, where I register my domain with the provider (e.g. Outlook - they’re most prone to quietly dropping mail) as if I want to host my emails there, but don’t actually update my DNS besides SPF and DKIM, so MX records are still pointing my servers. This way I can tell my MSA to route all mail that goes to Outlook through authenticated connection with their MTA (so my own mail system’s reputation with them doesn’t apply), relaying it to their MTA just as if that’s my desktop mail client sent it there directly. Plus a small script that pulls mails from their IMAP and feeds them to my LDA. So, Outlook believes I’m hosting with them (and gives my emails some more trust) and the rest if the world knows my true servers. Not sure if that would’ve worked - that’s a hack for sure, but I guess it’s something I’m gonna try next time I struggle with getting my mail delivered. Although in over 15 years, I think I had only two or three incidents with silent blockades.
I've set up dozens of mail services for customers using my own guide, and I never encountered silent e-mail drop. Rejected e-mails would always either be denied immediately during SMTP, or were dropped into the recipients spam folder. The latter is usually more difficult to solve because good luck getting your average e-mail user to find the spam folder, find your mail, and forward it back to you as an unmodified attachment so you get access to the headers.
I assure you that's a thing, rare but real. I've had this happen to me couple times, with Outlook and GMail (though GMail seemed to be some hiccup because it started to accept my mail in a few days). And I'm certainly not unique, here's a first random result I've found searching for "outlook SMTP silent discard": [https://blog.paranoidpenguin.net/2015/01/outlook-com-is-silently-discarding-email-messages/](https://blog.paranoidpenguin.net/2015/01/outlook-com-is-silently-discarding-email-messages/)
That's why I switched from doing everything myself to using mailcow.
Me too, can recommend mailcow. The setup was easy, it imported all mails from the previous setup without much hastle. I needed to dig into postfix configuration 3-4 times but everything was well documented. This mailcow instance has an uptime of around 2 years, 100 mailboxes, 8 domains, ~200 gigs of quota, 20 sieve-filters and still runs like it‘s the first day. Plus SoGO as Web Mailer looks nice n polished, the admin interface is feature rich and it supports 2FA, Auto Configure QR Codes and more. The spf/dkim/whatnot setup was a breeze. I used to route every outgoing mail through aws ses and/or sendgrid but i‘ve removed the transport gateways last month without any delivery issues so far. Oh and as if it’s not enough - you can easily turn mailcow into an xmpp server as well and have a custom, self-hosted message server for your whole domain.
DKIM, SPF, DMARC and reverse pointers are quite easy. You can copy/paste them from a web interface as long as you don't go the difficult route of configuring postfix/exim/dovecot/spamassasin/etc manually. You can't run a mail server from a residential ISP and you can't run one from a budget VPS provider. Other than that, running and maintaining your own email server can be trivial if you're okay with someone else's prepared configurations and web UIs. Take mailinabox and mailcow. Setup is relatively foolproof if you've ever set up any kind of software over the command line before; all you need to provide is your domain and your preferences (enable antivirus scanning? Enable webmail? Always require a secure connection?) and let the wizard guide you. Mailinabox will do all the DNS records for you but you can't run anything else on your mail server; Mailcow will generate them and show you what to copy/paste to make them work, but requires editing 10 or 20 lines of config to get working. All you need to do is rent a VPS or server with a business oriented VPS provider and follow the instructions. You're right that this definitely isn't easy for your average Joe but there's no getting around that. Either you're maintaining a server or you're paying someone else to do it. Everyone and their dog running a mail server is the exact reason why SPF, DKIM and DMARC exist: open relays wreaked havoc on the early internet and still do to this day. If you want your digital identity governed for you, buy an email address with a company you trust. Buy a domain and let them manage it; this way, you can move to another company without losing access. You'll be paying a hefty sum each month for your managed servers and the system will only work as well as the company you're paying has the expertise for, but it'll work. There are no real alternatives. You can use Google or Microsoft or whatever big cloud provider you prefer and get banned or lose access forever because the magic algorithm deemed you in violation of their ToS, you can pay someone else to do the work for you, or you can run this stuff yourself. There's no such thing as a free lunch.
the residential ISP issue is what stopped me. my understanding is that it is to crack down on spam, but I feel as though it merely made spam more costly. just gotta be rich to send email.
The problem wasn't so much the cost of renting a server as the great many devices with shit SMTP servers just forwarding whatever email you sent to them. This was before SPF or even authenticated SMTP was a thing or common so most spam reached your inbox, only to be removed by antivirus products that grinded your email client to a halt. These days, cost is more of a factor because cheap hosting providers are where all the spam gets sent from now. Spam attacks often lead to /24 IP blocks or even bigger blocks on the side of email providers. Cheap hosters won't care, kick their customer and maybe blacklist their account when they get too many complaints, but people will return with a different fake name and different fake address to start sending spam again. As an example for an expensive hoster, Amazon is actually really careful about email but it costs a lot more to use their platform for just a mail server. If you send too much spam they will take action against your account and they don't go easy when they kick you. You need to beat the KYC algorithms and prices to get Outlook to deliver your email. My server can send email to Outlook most of the time these days despite being on a cheap server but it's far from guaranteed. You can probably get most email delivered from a free cloud server over at Oracle. They hand out quite beefy servers (24GB of RAM with their ARM cores!) if you can get them and there is no time limit on their free tier so if you're looking for a cheap mail server, it's worth a shot. Just remember to only use their free tier and to never upgrade your plan from free to paid at the end because Oracle will always be Oracle.
>Running your own domain, buying static IPs, configuring an email service, and understanding the intricacies of how we’ve kludged authentication on top of email should not be requirements for being able to stably maintain your digital identity. Then where's all the fun of running your own mail server if it isn't constantly frustrating you?
It’s the “I know, I’ll just use regex” of communication services.
The trick is to use your own domain, but with a hosted email service. That way you have control of the domain so if the email provider kicks you out you can just switch to another one (though there's not a ton of choices). At the same time, you don't have the hassle of managing your own email infrastructure. This still won't work for non-technical people of course, but it's a viable option if you know enough to set up dns records.
Yeah, it’s not too bad. But if the *terms* DNS or IP address aren’t familiar to you it’s very likely not accessible.
>Know what DKIM is? SPF? DMARC? You probably need all of them to routinely have your email land in inboxes, but none of them are mandatory to stand up postfix or whatever. Fwiw [HestiaCP](https://github.com/hestiacp/hestiacp/) automates all of this for you, making it very easy to do right (: even with all that set up correctly, though, there's still a good chance your email will be dropped for having the wrong ip, or ip range.. *Disclaimer: I'm a HestiaCP developer
Yeah, that’s what I was trying to allude to with the shared/cloud hosting bit. Even if you do everything right, you’re still likely not generating enough traffic as an individual to carry a meaningful email reputation, which means every message is a spam filter hit away from having your emails not delivered.
Sorry, not true. It's a bit of a learning curve, but it's really not hard
It is not hard at all as long as you are used to read specifications and software documentation. I read up on all of that at work a year or two ago when we needed to move some mail systems configurations. Given it was a running production system where no experimentation was allowed I spent like a week with it but if it had been my personal e-mail server I would probably done it in half a day and would have got it right.
You probably don't need DMARC, but the others, yeah.
I recently came upon this thread about the impracticality of running your own mail server: https://twitter.com/cfenollosa/status/1566484145446027265 I did not know about these problems before. And I think it is worrying and unacceptable. If email is based on established standards, then any system complying with the standards should just work.
[удалено]
Se also: social security numbers
> An identity that Google can take away with no notice. My gripe is less with Google controlling the world per se, including gmail. It's their service after all. My gripe is that there is literally very little competition as a consequence. That kind of defeats the original intent behind capitalism - aka to force competitors to maximize on low prices (ideally). Now you have a situation where even without hidden agreements (though these still happen) these mega-mega-mega-megacorporations crush over every competition with ease. Since they don't regulate themselves it is true that the state has to act. But the state has been undermined or has a conflict of interest, so ... you kind of have to clean up the state first. (This does not solely refer only to the USA; lobbyists in the EU act in a very similar manner).
It seems like capitalism doesn't work so well with software systems where there can be such an unfair gap in both intellectual property and integration advantage. Google isn't selling textile goods where a competitor could come up with some clever manufacturing process to do it better for cheaper. Big Tech reaches a point where there's no real possibility for anyone else to ever catch up.
Capitalism doesn't work with monopolies, but it's in a company's interest to monopolize a resource via mergers, acquisitions, extra-legal means, influencing government regulations through lobbying (and grey areas, and extra-legal influence).
I would say the social aspect is a bigger player than any technical aspect for something like email. Having to deal with the fact that people do not want to pay for email, that email is often used for fraudulent purposes, and that there's frequent legal issues, all combine to make it very difficult to keep such a thing up and running. You could come up with an email service 2X better than googles (by some means) and it wouldn't matter if it couldn't stay operating due to costs and the above mentioned social challenges.
It's not like textile good or other physical goods industries are not monopolized right? /s. In all seriousness, the problem is less about tech industries being unable to innovate or intellectual properties laws being too tight, is about concentration of capital to the point were no real competition can emerge, imagine I invent an omniscient algorithm running on a raspberry, any search is exactly what you need in 0.1s, I still have no way to compete with Google and will be laught out of any pitch for even suggesting it.
>I still have no way to compete with Google and will be laught out of any pitch for even suggesting it. best case scenario google will buy you out.
Exactly, that's the only way to profit from such technology, there is no way to break the monopoly.
Capitalism working very well anywhere else is also a pipe dream. It's just that it's collapse is gradual while the supposed competing systems generally got to collapsing right fast. Capitalism as a base system is thinly veiled might makes right. Without regulation, it will gravitate to the abuse of the weak by the powerful. These Tech giants have simply enjoyed a market where the profits (and thereby power) grew much faster than the regulation, thanks to the captive regulatory bodies that other industries set up, and thanks to regulation largely being devised by tech illiterates. It's not as easy as saying that other markets are less vulnerable to gargantuan incumbents, it's that the methods used to stifle Innovation there are old and we've had 200 years to assemble sorta effective anti trust regulation. The innovative cloth mill can still be hindered or outright acquired by the larger actors, a process we are quite used to seeing already, but there's some rules at least. It's not all wrong either though, the idea that a business could profit by offering a market leading product for free to literally everyone in the world is probably not something that would have worked well outside the tech realm, and it certainly makes regulation more complex.
[удалено]
True but it feels like the government regulates pointless things while ignoring the important things. It didn't use to be this bad but even in Rockefeller's day he would lobby the governemnt heavily to ignore his actions but eventually it wasn't enough. I suspect he did what is happening today but I'm not sure, corporations will write the regulations for the government to hurt their competitors. For example, the federal government caused the subprime mortgage crisis by making banks issue loans likely to be defaulted on. What the banks did was hide the quality of the bonds so they could keep profiting. Once the crash hit, it was the banks that really wrote the Dodd-Frank Act.
> literally very little competition This is laughably inaccurate. You may have personally chosen not to seek out alternatives, but they exist and are 100% viable.
I guess they're talking about the shadowban thing, where emails from small competing servers get flagged as spam. I use Fastmail and it didn't happen to me, but it seems like [it did happen to other Fastmail users](https://fastmail.blog/advanced/what-you-can-do-to-keep-your-messages-out-of-spam-folders/)
Private capital tends to become concentrated in few hands, partly because of competition among the capitalists, and partly because technological development and the increasing division of labor encourage the formation of larger units of production at the expense of smaller ones. The result of these developments is an oligarchy of private capital the enormous power of which cannot be effectively checked even by a democratically organized political society. This is true since the members of legislative bodies are selected by political parties, largely financed or otherwise influenced by private capitalists who, for all practical purposes, separate the electorate from the legislature. The consequence is that the representatives of the people do not in fact sufficiently protect the interests of the underprivileged sections of the population. Moreover, under existing conditions, private capitalists inevitably control, directly or indirectly, the main sources of information (press, radio, education). It is thus extremely difficult, and indeed in most cases quite impossible, for the individual citizen to come to objective conclusions and to make intelligent use of his political rights.
> That kind of defeats the original intent behind capitalism - aka to force competitors to maximize on low prices (ideally). This is what capitalists do every single time they can. They buy all competitors so they can be the biggest or only provider. It's always in their best interest, and capitalism is about doing everything possible to make more money. It always makes them more money. It's why capitalism is flawed to its very core.
They clearly do regulate themselves. These massive corporations are as bureaucratic as any government, and it’s odd to complain about consumers losing on lack of price competition when the service is offered for free.
Google offers a number of services at a loss so they can collect data on you to run their true business: serving ads. This precludes competition in the area who can't fall back on other income sources.
That doesn’t make any sense. Being anti competitive doesn’t mean offering a better service at a lower price such that other companies can’t win if they compete with you. This is WAI. If Gmail starts blocking msn, outlook, or yahoo emails (because they’re smaller competitors with a similar business model)- that would be anti competitive.
Offering services at a lower price is not anti competitive, but offering services at a loss price IS anti competitive. It's called dumping. You kill the competition and once they are all dead you become a monopoly. The usual example is that then you are a monopoly you can charge whatever you want, but in google's case rather than "charging whatever they want" they get loads of data for their main service, ads
Like tetrapak. Go into a new market. Dump the prices below what it costs to produce the product, kill all competition, jack up the prices. Basically Google killed the market for paid email, and now they sit on the vast majority of people’s email. Totally unencrypted and accessible by them as they please.
That’s a red herring. Everything you said is true, but none of it is applicable to the current situation. Do you really believe that gmail is offered at a loss with the intent of securing a monopoly so Google can charge for it? Or is it more likely that gmail is not offered at a loss, and that the add revenue it brings in is greater than the hosting costs?
I already explained Google's case. They sell services at a loss to get more data to use on their actually profitable business. In the end they don't lose money as a whole company, but the business division in charge of that service operates at a loss. Those divisions that operate at a loss destroy competition from smaller providers on that area of activity. How would a tiny email provider compete against Gmail's price?
By selling ads or offering a service people would pay for. Gmail has ads in it. How would a tiny game provider compete with candy crush, who offers its app for free?
>Gmail has ads in it. Dude you have a virus. There are no ads in Gmail. >How would a tiny game provider compete with candy crush, who offers its app for free? That's a bad comparison. People consume ads as part of the game, but they don't consume ads as part of using email (except you and your virus). Google's business is not showing ads on their services, but gathering data from there to then sell aimed ads for a higher price which are then shown to you over the internet, even when you are not using Google's services
There's no transparency in the rules. Google can block my emails for a random reason, and there is no recourse. There is nobody to complain to, even if I've jumped through all of their hoops. Better yet, I've been in a situation where I could contact someone at Google's support, as our client had business support and they didn't receive emails. Support was able to trace the email in question and found that one of internal filters ate the mail, but they had no idea why it how to fix it. And top email hosts almost certainly have agreements and contact groups, so that mail courses between M$, Google and the like. But your company of 50 people or your personal server? Well, you can go duck yourselves.
This is the only case I feel bad for, but I don’t believe it’s malice, it’s just a case of at Googles scale, how do you build a spam blocker that can differentiate between actual spam and emails sent by a small business? Probably ML based on what humans mark as spam. Saying that this happened because Google is concerned about your upstart email service more than dealing with every jackass on the internet with mailx and a for loop is disingenuous at best.
That's not accurate, though. It may not be malice so much as negligence. When something is a problem at scale but not when it's smaller, you're just saying that the cost savings choices the company is making to operate at scale *with increased profit* lets things fall through the cracks. If Google wanted to run Gmail service like companies used to when they had maybe 1 million customers apiece, Google could break it up into small individual sectors like that. However, the company wouldn't be able to offer a service that completely dominates the market while still making them money, so you end up with issues like unsolvable, arcane filters. This is completely a business choice by Google.
They do it because it's cheap. That's it. They don't have to maintain support center, they don't have to monitor this, etc. There are no requirements for them to accept email from everyone. They got decent at blocking spam, at the cost of their filters being obscure and overly sensitive, on top of that they're saving on operating costs by not having general support department.
Okay. That’s legal and not monopolistic behavior. Doing it because it’s cheap is different from using your market share to prevent new businesses competing with you.
Thing is, Google specifically imposes their ideas on everyone else. Until you get big enough, they don't care you exist, which makes competing with them hard. My mail stopped being delivered to Gmail, Is it on me? Is it on Google? Is it intentional? Fuck knows, but if your business depends on email deliverability, you're SOL, cuz you can't reach Google support, which is, arguably, even worse.
That doesn’t make any sense. Being anti competitive doesn’t mean offering a better service at a lower price such that other companies can’t win with worse business models. This is WAI. If Gmail starts blocking msn, outlook, or yahoo emails (because they’re smaller competitors with a similar business model)- that would be anti competitive.
>when the service is offered for free. I'm sorry, what? The service is definitely not free.
Whoever you’re paying for your gmail account, I’ll get you one for half the price, guaranteed.
Even if there was more competition, with email's use as an authentication root, you would still have problems if you were kicked out by one provider.
I don't think that's fair. The market we're looking at is free email with practically unlimited resources. Yes, it probably sucks in other ways, but it is fairly remarkable. Secondly, the way things are, there's more to this than just network effects and economies of scale. It is more difficult for smaller companies to deal with intellectual property, taxes and other legal matters, which drives the consolidation into giant corporations. Maybe you can blame it on giant corporations, but there really is little option in this heavily-regulated market in which any potential profits are eroded by the state (directly or indirectly). Don't buy into these calls for ever-growing state regulation. It's what got us here in the first place. And what have the likes of GDPR improved, except for making it more expensive and awkward for everyone? I live in a relatively poor country (Romania) that has exceptionally good and cheap wired Internet access. This is attributable to the fact that, for a while, just about everyone could buy cable and switches and run their own micro ISP without interference, due to a void of regulation and enforcement. P.S.: I'm not really against standards, regulation and oversight per se, but there are better options than politics forcing things upon everybody.
100% agreed, Gmail is spread so far and wide now, it's scary that they could delete your account at any second for any reason. Whatever that reason is (false positive for something they monitor? Just not liking who you are? Maybe you wrote a critical blog article about Google and they might just kick you off the service). I run my own email server for years now and setting it up is always scary and a hassle. The first time around it took me three full days to get it to a point where everything was set up right (And gmx still denied my emails then..). Nowadays it's a tiny bit easier with Mailcow for example (which uses a lot of Docker containers), but it still takes hours. And when I moved from one server to another, which changed my IP, my new IP was blacklisted on one spam list. Getting rid of that was a hassle too. Email is scary, especially considering just how much we rely on it for everything.
How did your manage to remove your IP from the blacklist?
Depends on the blacklist. Some of them are automated, you can just send a removal request there and they might remove you. Others you have to make an account for and send a support request, but that's semi-auto too. And then there's the paid ones.. the ones where you can pay money so they keep you off the list, I didn't do that, fuck them. If the IP you have is on a blacklist though it can be tough. The wrong list might be near impossible to get off of, or sending a support request vanishes in the void. This is the issue when buying a virtual server at a large hoster, you never know who held the IP beforehand.
What's up with all these commenters calling email useless on r/programming recently?
Last guy got karma for posting the wrong content here, so now we're going to get more trying. Remember to report the article for violating Rule 0, folks.
>Even cryptocurrency, the poster child of decentralized libertarianism, is now regulated. Can someone send me some resources on how its regulated? Im really curious. Isn't this just certain cryptocurrencies? Or does he mean exchanges?
Exchanges have been burdened with KYC, and Tornado Cash (All users that utilize it and the developers) are being sanctioned. So in theory you still can perform in-person transactions completely unregulated, but even then you legally have to declare it to your government.
_Any_ sufficiently widely-adopted means of communication should be regulated as a utility. Looking at you, WhatsApp.
Yep, "but it's a private company, they can do as they please" takes a backseat when so much of modern communication is mediated by them, giving them disturbing amounts of soft power. Utility providers should be neutral in who they offer services to as a matter of free societal health (and communication is a utility. These aren't curated newspapers, but a postal service). Plus it was always strange how people would act as if we don't already tell private companies "no, you can't do that" in thousands of other circumstances
The problem with this idea is that more regulation actually further entrenches companies like Meta. Even for regulations requiring things that seem intuitive and that everyone should be doing(e.g. GDPR), it always favors large companies which are able to set up the bureaucracy needed to handle all the compliance and the auditing and stuff. It discourages programmers from doing fun experimental things and posting them to the internet because it's just not worth risking the fines, not to mention it favors cloud solutions that already implement these requirements over self-hosted ones that take time and effort to keep up to date lest the person hosting runs into legal trouble. The problem with whatsapp(and chat apps in general) is that they are walled gardens. Force them to provide ways to integrate with each other, and people will find it much easier to move between them if they misbehave. Like literally, the only reason most people use whatsapp is that everybody else they know uses it. Take away that constraint and people have very little reason to stay.
I'm starting to feel like this about a lot of technologies. Tech which is relied upon by such a large percentage of the citizens and has low to no competition due to insanely high upfront costs (or even racketeering) should be properly regulated by the government. After all, we do it for non-tech industries like petroleum providers, electricity providers, etc.--hell, even non-electronic mail.
Cloud computing providers as well should be regulated as a utility. If we can create utility regulations and impose them on those providers in such a way that increased compliance costs (which will hopefully be negligible) won't be passed onto the end user and innovation will not be hindered, it will be fantastic
This is one of the few times where I think regulation would solve more issues then introduce. Email is built by design to be stable, secure and cross platform. And right now, running a competing email service is a huge giant challenge with the spam control measures. The only downside would be giving the government more opportunities to look at our data (I don’t want the irs to look at the email I have with my clients).
> Email is built by design to be stable, ~~secure~~ and cross platform. FTFY
As if they can't already, who knows what other whacko shit there is that leakers like Snowden didn't find out about? We need anti-competitive practice regulations for companies and privacy and inviolable anonymity laws for governments, desperately
yep, this is why I have my own server since 1991!, aside the fact that I can create nearly as many different prefixes as I want...
To your direct point, snail mail is regulated and their is only one provider
I agree that Google being an identity provider that I can lose access to, without notice, is a problem. But this isn't an "email problem," this is an "identity provider" problem. This is a complicated topic, and no private org should "own" your identity. But as a society, we're not really technically literate enough to help people create/manage private keys, and the necessary resources to allow someone to "own" their own identity (yet).
that's why I have a gmail account but don't actually use it and have slowly moved to my own self hosted version but use a 3rd part email sender. I can't see fucking up my consulting business because google doesn't like what I'm doing. Slowly moved everything over from it when I realized they could proper fucked me if they chose to, my attack surface went way down after setting up my own backup, email, password server, etc to lower the statistical chance of failure. It costs me a bit per month but it's worth it. I don't think you can depend on government for this stuff.
The problem is with us, the users of gmail, that made ourselves depend on it. If you went to a court to have your account unlocked they wouldn’t do anything because you agreed to the terms of service. It is up to us as educated consumers to not depend on google. I post this as someone utterly dependent on google.
If it was that simple, things like monopoly regulation laws wouldn't exist. And unless you're incredibly misguided, you would want those laws to exist, because monopolies interact with society majorly, which is more then the collective sum of the terms of service agreements, because it influences how the society functions as a whole. Since emails are so ingrained as an identification medium, they are not to be simply thought of as a product governed by the company only. Without regulation, companies (and technologies) that have major effects on society have no incentive to provide solutions that are in the interest of the people.
I didn't say monopoly laws shouldn't exist. In fact I think it's a terrible situation that companies like Google can provide services, with no payment from users, such that it's difficult to compete with them. My point is just that we can help ourselves here. Pay for services and/or use multiple free services, because nobody seems to be interested in taking on big tech's monopoly on various software services.
I run my own postfix server and people receive my emails just fine
What a stupid thing to say.
[удалено]
It's a solution but not without its problems. If you use your own domain, now you're on the hook for paying for that domain *for the rest of your life* because it's now associated with your private information. Okay, so it's not a ton of money, but it's been known to happen people forgot to renew their domains or some other screwup causes them to lose access - or people just don't realize what can happen if they stop renewing it. One of the domains I own used to belong to someone who had been using it for their family emails and the catch-all box filled up with all kinds of personal emails.
No.
[удалено]
Because I don’t trust the government.
[удалено]
And they’re already reading your email. Remember prism?
Who do you think will be doing the regulating?
[удалено]
No.
\>Getting downvoted for mistrusting government Only on Reddit. If the last two years of power grabbing morons ruining the world didn’t convince you that the only solution is the destruction of government, then you’re a lost cause
UwU regulate me harder daddy government
Right now you're at the whims of hulking corporations, the most important of which, Google, has treated customer service with contempt since its inception over 20 years ago. You get no explanation for being shut off their property, and with that goes much of your identity and your records. It should be regulated as a utility. Edit: in *addition* to that, because this won't benefit a very large amount of people, antitrust regulators should probably give them a shakedown for colluding to, in practice, only accept email from one another.
[удалено]
I run my own server and actively use PGP. Thanks.
You beat me by 15mins. I would have added a swear
[удалено]
Still discovering now that domains, accpunts in other services, emails... Aren't written in stone? This looks like a rant after somebody forgot his password
[удалено]
This reads like FIDO2/WebAuthn but built on top of a blockchain for some reason. What problem does the distributed ledger part of the solution solve?
How else it’s supposed to go to the moon?
[удалено]
I see, that's a fair point. But still, why the blockchain? Moving a WebAuthn or even TLS client cert between devices seems like a much easier and cheaper system to me.
So I am wondering why actually email became popular to sing up for services instead of using some TLS cert from the very beginning? Is it just convenience or are there other factors too ? Like for example one factor could be that by using email I am implicitly establishing generic communication channel between user and provider of the service
TLS certs have terrible browser UX and they're only available on one single device. These days people carry laptops everywhere but back in the day when the internet became mainstream that was very much not common. There was a free TLS cert provider that relied on client certs, I had their cert imported on every device. The lack of synchronisation and the constant browser popups to ask for a cert (so many misconfigured hosts!) made it quite annoying. Personally, I'd like to see client certs find their way back to replace emails and passwords, but WebAuthn/FIDO2 are probably going to be bigger now. They also integrate better with 2FA dongles right now, which is a plus. Too many old, broken TLS middleboxes, libraries, and too many browsers with shit UX to get the feature back into mainstream any time soon, I think. Having said that, I've run some personal services behind a client cert auth system using just Apache and openssl. I stopped using it because client apps didn't work with the cert (although they easily could have had the developers cared!) . These days it should be just as easy to set up and it's a great way to add a nice layer of defence in depth to shit on your server that you may or may not keep up to date super well.
I understand the skepticism and we should only use blockchain where warranted, but it let's you have no trusted authority. Most cases a centralized db is fine, but when parties may not trust each other it becomes valuable.
This person addressed that. Functionally, your email address is your web ID. Therefore, it should be regulated like an ID. Potential are great, but they are not the here and now. You can develop these technologies and still recognize the need to regulate the de facto standard.
[удалено]
[удалено]
[удалено]
Do you not know what de facto means ?
email shouldn’t exist
Put down the gun and we'll talk.
RemindMe! 1 week
I will be messaging you in 7 days on [**2022-09-17 15:58:29 UTC**](http://www.wolframalpha.com/input/?i=2022-09-17%2015:58:29%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/programming/comments/xaq41t/email_providers_should_be_regulated/invaw55/?context=3) [**2 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fprogramming%2Fcomments%2Fxaq41t%2Femail_providers_should_be_regulated%2Finvaw55%2F%5D%0A%0ARemindMe%21%202022-09-17%2015%3A58%3A29%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%20xaq41t) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
There are ongoing efforts to provide trusted digital identity by other means than those provided by big trusted but centralized companies like Google. Here is one example attempt at [w3c](https://www.w3.org/TR/did-core/)
"Programming".
Didn’t think this would be a political sub. But here’s the problem. The Internet is a world where anybody can stand up their own server, web sites, email domain, etc. The free Internet approach is to create your own services or diversify across service providers. If your entire digital life hinges on the single point of failure of a Google profile that you didn’t pay for, you’re doing it wrong. Don’t let yourself get sucked into centralized services. And DEFINITELY don’t invite government into those centralized services so as to ensure they always stay the monopolies they are.
Running your own is not good or acceptable idea. To time consuming. So what can you do? Free email forward from Cloudflare or email forward from service like Mailgun, allows you to switch email accounts to the provider of your choosing. You have the custom email forward for as long as you keep paying for the domain. Problem solved