Post ANHCI6fkCFhY3Flvvs by kamme@mastodon.xyz
 (DIR) More posts by kamme@mastodon.xyz
 (DIR) Post #ANFz30GEG8K1GDLU8m by stevelord@mastodon.social
       2022-09-05T13:56:07Z
       
       0 likes, 3 repeats
       
       Seeing a lot about self-hosting mail futility. Having self-hosted mail since the mid-90s on and off, thought I'd mention things people often miss.Yes, DKIM, SPF and DMARC matter. But IP reputation matters too. As well as IP reputation, IP block reputation matters. I found this out using DO. DO runs free signup credits, and these VPSes are deployed in normal ranges. Shockingly, these signup credits are abused by pro spammers.
       
 (DIR) Post #ANFz318T0ThtyQingG by stevelord@mastodon.social
       2022-09-05T13:57:37Z
       
       0 likes, 0 repeats
       
       I also ran a Kimsufi (OVH) box for a while. My box came online, I did an IP blacklist check at MxToolbox (https://mxtoolbox.com/blacklists.aspx) and sure enough, the IP was blacklisted.
       
 (DIR) Post #ANFz31df8Uf1XBJiIy by modulux@mastodon.social
       2022-09-05T14:00:33Z
       
       0 likes, 0 repeats
       
       @stevelord But what do you do in those cases? Usually you can't exactly choose which IP you get assigned. IP block stuff is even less controllable. I've been lucky so far, I self-host and my email gets where it needs to, but I dread the day it stops.
       
 (DIR) Post #ANFz320hkp5mge67Dk by stevelord@mastodon.social
       2022-09-05T14:02:24Z
       
       0 likes, 0 repeats
       
       @modulux you pick a hosting provider that doesn't offer free credits or isn't bargain basement prices. If you want *cheap* email, don't self-host (or at least relay through a provider). If you want to self-host email, don't do it cheaply if you want reliability.Also never put your newsletters or any bulk mail on the same domain/ip as the rest of your mail.
       
 (DIR) Post #ANFz32NkN9WXq6sW8W by msh@coales.co
       2022-09-05T14:25:46Z
       
       0 likes, 0 repeats
       
       @stevelord gives good advice @modulux I have hosted my personal and small businesses email continuously for 23 years, using a "small business" internet plan that offers a fixed IP for a little extra fee. Although I have had to jump through hoops to stay out of junk mails they have almost all been related to DNS and my IP has never made it onto a block list. My IP address only changed once when my ISP was taken over and their infrastructure merged into the larger network.ISPs don't tolerate sketchy customers the way the big cheap VPS/cloud providers do so they are more trusted.That "cloudflare mentality" of offering super cheap service to all-comers is the single biggest reason spam and DDoS continue to be as huge problems as they are today honestly...and I don't mean the cheap part I mean the all-comers no questions asked part.
       
 (DIR) Post #ANFz35C9uh2MZ2TnzU by stevelord@mastodon.social
       2022-09-05T14:04:21Z
       
       0 likes, 0 repeats
       
       If you're running a newsletter, don't host it on the same infrastructure and ideally not the same domain. Subdomains (e.g. news.foo.com) can work when the IPs are completely separate in different ranges, but there are different types of blacklisting that affect different types of mail use. The objective is not to trigger a blacklist in one mail use type that affects another.
       
 (DIR) Post #ANFz36qblmzFgmPcg4 by stevelord@mastodon.social
       2022-09-05T14:07:27Z
       
       0 likes, 0 repeats
       
       At the con I used to run we used the same domain for regular and bulk mail. We used GMail for the domain and mailchimp for bulk mail. The from address was only used for the mailing list, not a real person.If I was self-hosting I wouldn't have used the same domain for bulk and regular mail.
       
 (DIR) Post #ANHCI61KcVNK1urewS by stevelord@mastodon.social
       2022-09-05T19:16:10Z
       
       0 likes, 0 repeats
       
       I think there's a temptation to believe hosting email should be as easy as running a webserver. It isn't, and thinking otherwise would suggest a lack of understanding of the problem and solution space. Email is designed to run across anything from uucp to exchange and managed through several tiers of disparate systems. It's going to be more complex than nginx.conf, even if you don't use all the parts.
       
 (DIR) Post #ANHCI6fkCFhY3Flvvs by kamme@mastodon.xyz
       2022-09-05T20:05:16Z
       
       0 likes, 0 repeats
       
       @stevelord tbh, email is also something that went from pretty simple to extremely hard. Getting an email was accepting a connection and verifying you knew the recipient + they had space to receive the message. Now it’s a mix of nested dns lookups, starting new threads to scan text contents, new threads to scan attachments, lookups to AD, lookups to services for blacklists, keeping state to see if sender tries again, verify key signatures to check if hashes match, …
       
 (DIR) Post #ANHCI7GbzBBxtb1NOi by lxo@gnusocial.net
       2022-09-05T20:42:53Z
       
       1 likes, 0 repeats
       
       ... plenty of complexity introduced ostensibly to contain spam, but evidently to turn email into a MitMaaS oligopoly for surveillance capitalists to rejoice with
       
 (DIR) Post #ANHCI8N1snv5Jn212W by kamme@mastodon.xyz
       2022-09-05T20:09:27Z
       
       0 likes, 0 repeats
       
       @stevelord there were harder parts as well, like keep trying for 72hours to deliver if it fails, but that’s a lot simpler to program than all the extra requirements you need now. This is what makes it hard to do imho, it forces you to not solve one problem (getting a message from someone), but solving the fact you actually don’t trust _anything_ the sender gives you and you have to make 100% sure it’s legit.
       
 (DIR) Post #ANHrNkPBzfxqqkq3e4 by dusnm@fosstodon.org
       2022-09-06T06:17:58Z
       
       0 likes, 0 repeats
       
       @stevelord @gabriel Yeah, no. Even I as a professional web developer who knows my way around administering a Unix environment don’t want to deal with all that. You’ve got to admit that the barrier to entry is really unnecessarily high. Big tech is totally to blame here. They use spam as a scapegoat to claim dominance in the email market.
       
 (DIR) Post #ANHrNl2tc3iuptPlWy by stevelord@mastodon.social
       2022-09-06T06:34:28Z
       
       0 likes, 0 repeats
       
       @dusnm @gabriel There is no big tech conspiracy, its the intersection of 50+ years of software, protocol and footgun arcania stitched together. The barrier is as emergent as the services themselves. Mail hosting can't abstract config settings away like HTTP can.
       
 (DIR) Post #ANHrNlS46TrA5xBrlI by gabriel@mstdn.starnix.network
       2022-09-06T12:09:18Z
       
       0 likes, 0 repeats
       
       @stevelord @dusnm There is no big tech conspiracyThere absolutely is, it's just probably about more than just email.