[HN Gopher] Cloudflare Email Service: private beta
___________________________________________________________________
Cloudflare Email Service: private beta
Author : tosh
Score : 410 points
Date : 2025-09-25 14:33 UTC (8 hours ago)
(HTM) web link (blog.cloudflare.com)
(TXT) w3m dump (blog.cloudflare.com)
| Topfi wrote:
| That seems very similar to Resend, which has been a joy to use
| for my part.
| amonroe805-2 wrote:
| This is great. I've had many side projects with Cloudflare where
| I've wanted a way to send emails as a part of it, and it's
| slightly annoying having to go find another service to use to get
| that done. Having this baked-in will he sweet!
| mosura wrote:
| Eventually all Internet protocols will be MITMed by cloudflare.
| Your single point of interception!
| bilekas wrote:
| Yeah it's already a known point of failure. The annual chaos is
| always when they have some downtime. They do offer an
| incredible service though. Would like to see some competition
| but it's not easy.
| pluc wrote:
| https://blog.cloudflare.com/enterprise-grade-features-for-al...
|
| That's great - and maybe I'm cynical - but that's right where
| my mind went when I read that. Trading income for control isn't
| a bad game..
| olivermuty wrote:
| I have been logging in via ssso on business non enterprise
| plan for a year. Am I a part of an a/b test or what?
| gethly wrote:
| Was about to comment on this but you got right to the point.
| All of this is because people are lazy to build, let alone
| maintain, their own damn programs and servers.
| 2OEH8eoCRo0 wrote:
| It's not laziness, it's greed. People want to build and host
| their own things but that costs money.
| fibers wrote:
| Is this even true for such a sensitive subject like email
| where there are insane blacklists/whitelists everywhere in
| which you are forced to use a middleman either way so your
| emails enter someone's inbox?
| sophacles wrote:
| And this sentiment of "every company should have to run
| their own servers and pay 'me' to do that at a higher cost"
| isn't greed?
| gjsman-1000 wrote:
| Always has been; remember AOL basically reinventing DNS?
|
| _And always will be._
| hamdingers wrote:
| A lot more people and organizations would self-host email if
| it wasn't a minefield. It's not laziness that Google and
| Microsoft have effectively decided nobody's allowed to do
| that.
| op00to wrote:
| I was part of a team ran EMail services for a ~15,000
| person campus of a ~80,000 person university in the late
| 90s and early 00s. It was a full-time job for a team of
| people to keep things running, up to date, control spam,
| etc. It was a minefield 25 years ago! Literal years before
| GMail was a thing.
| mbesto wrote:
| Your website provides "paywalled hosting and sales platform
| for digital content creators"
|
| Are digital content creators lazy too? Why don't they just
| host their content on their own damn servers?
| NetOpWibby wrote:
| OOF
|
| Do you talk to your customers with that mouth?
|
| _For those who are lazy to click, this guy 's business is
| hosting and maintaining a sales platform for people._
| overfeed wrote:
| What's the problem? GP is addressing a market need
| consistent with their comment above. I wouldn't be
| surprised by a auto mechanic stating that (too) many people
| are too lazy to change their oil - they might be the best
| person to manke that observation, given their PoV.
| toomuchtodo wrote:
| I have more money than time. Take my money to do things I do
| not have time for. What you call lazy, I call time and
| capital/cashflow efficient.
|
| (cloudflare customer, in both personal and professional
| capacities; i pay Fastmail to host family email; both can
| easily be switched if needed to prevent lock in, with DNS
| changes and in the case of hosted email, an export of
| mailboxes and tenant config)
| layer8 wrote:
| What GP is effectively saying is that you don't value
| independence enough to invest the necessary money and (for
| personal use) time into self-hosting.
|
| And there is a spectrum to this. For example, using a
| small, independent email or hosting provider may cost a
| little more time, but makes you more independent from big
| tech, and maybe more importantly, contributes to reducing
| the power of big tech. We are all paying for it, down the
| line.
| toomuchtodo wrote:
| This is a fallacy, as self hosting means you remain at
| the whims of receiving or interfacing systems. Does you
| hosting your own email change the concentration of email
| accounts hosted at Yahoo, Microsoft, and Gmail? It
| doesn't. Does hosting your own domain or website change
| Cloudflare's concentration and centralization of internet
| traffic? It doesn't. You vote with your dollars by
| picking providers who won't lock you in, you vote with
| your dollars by picking protocols over platforms that
| cannot lock you in.
|
| Paying Fastmail, along with others who do so, means
| Fastmail will remain as a non Big Tech option, for
| example (they also developed and championed, JMAP, for a
| more efficient user experience). Paying Kagi means Kagi
| will remain as a non Big Tech option. Donating to Let's
| Encrypt means Let's Encrypt will remain as a public good
| independent of Big Tech. I could go down the list of
| every service I pay for to de-Google and de-Big Tech, but
| that's likely unhelpful to further demonstrate the point.
|
| > We are all paying for it, down the line.
|
| Indeed, so establish and fund organizations that provide
| systems and services for benefit vs profit and control
| that cannot be captured. Self hosting your own box at
| home helps you (which is totally fine and reasonable, I
| run my own on prem infra across two continents at small
| business enterprise scale for use cases I cannot procure
| commercially at reasonable cost), but does nothing else,
| and doesn't scale.
|
| (think in systems)
| rsync wrote:
| Hosting your own email means the subpoena (or warrant) is
| delivered _to you_.
|
| _You_ get to respond to requests and your data cannot be
| handed over without your knowledge.
| toomuchtodo wrote:
| You will still be required to hand it over, or sit in
| jail while your confiscated, inventoried equipment is
| processed by forensics. If I want to be subpoena proof,
| I'd host the subject system outside the jurisdiction with
| an org having no connection or nexus in the adversary
| jurisdiction. Admittedly, this is up to your threat
| model. Do you want to know, but still be legally required
| to provide access? Or do you want to be out of reach
| entirely? The answer to that will guide your
| implementation and operating model in this context.
| blibble wrote:
| I don't mind being warranted, if they come to the door
| with warrant I will give them my boring, pedestrian inbox
|
| but I do mind my data being drag-netted, or hoovered up
| by scummy big tech and then sold on
|
| (whether that's for slop training, ads, anything really)
| majkinetor wrote:
| Why do you mind that? Your life is exactly the same one
| way or another. Principles, I guess, but it looks to me
| its just for the sake of it. For me, time is precious,
| all I need is data safety so I backup stuff offline
| constantly.
| op00to wrote:
| > makes you more independent from big tech
|
| Citation requested. Big tech considers your IP address
| dishonorable, and blackholes your emails. How independent
| are you now when you can't email any providers that use
| blacklists?
|
| > contributes to reducing the power of big tech
|
| Again, citation requested. Big tech will just blackhole
| your emails and you'll only find out when your users
| complain.
| bakies wrote:
| running email servers is a huge and terrible time sink
| neximo64 wrote:
| And then they'll offer to 'protect' you from AI scrapers for a
| fee and then bulk negotiate against Google, etc for another
| fee.
| mosura wrote:
| I am certain this is the intended endgame. LinkedIn/X style
| verification to prove you are not a bot once the hold is in
| enough places.
|
| That such a database has other uses would be a happy
| coincidence.
| nextos wrote:
| If you use an old web browser, _lots_ of sites are already
| not usable because Cloudfare 's CAPTCHA will deny you entry.
|
| New but non-standard niche browsers are also problematic.
| pmdr wrote:
| I usually have the same (residential) IP for weeks on end
| and there's absolutely no malware or scraping or whatever
| the heck it is that Cloudflare thinks it's protecting
| against going on in my house. Yet I still get blocked or
| captcha'd.
|
| Website owners may understandably be appreciative of CF.
| But as as someone browsing the web, I think it's done a lot
| of irreversible* damage to the _open_ internet.
|
| * I say irreversible because I don't think they'll be
| looking to improve this anytime soon, but rather add more
| restrictions.
| sam_goody wrote:
| As a website owner who uses Cloudflare after having being
| DDOS'd, I agree whole heartedly.
|
| Cloudflare succeeded to do what Google tried and failed
| with AMP, and we are all the worse off for it. [Though at
| least it is not Google, that would be worse.]
|
| I cannot afford to be DDOS'ed and there are bad actors
| that have already proven that they _will_ take me down if
| they could. So, I feel bad for the internet being walled
| up, and I feel bad for users that will lose access. And I
| fret that one day CF may just decide to take all my
| content and use it somehow to shut me down.
|
| Meanwhile though, I hold my nose, cry inwardly, and
| continue to use Cloudflare.
| hnav wrote:
| What was your infrastructure like? Were the DDoSes
| affecting you at the application or network layer? I
| wonder if there's the case to be made for something like
| CF but integrated into your L4 and L7 LB infrastructure.
| johncolanduoni wrote:
| CFs single biggest piece of leverage on L7 DDoS is that
| once a node in a botnet attacks one of their properties,
| it usually can't be used to attack any others for a
| substantial duration. Botnets rely on being retasked
| frequently so this dramatically reduces their
| effectiveness. Volumetric DDoS is even worse: you need to
| have the peering relationships and hardware to handle
| Tbps of traffic to an IP you announce. Doing either of
| these in your own infra is not feasible if you're much
| smaller than a hyperscaler.
| hnav wrote:
| right, CF (along with Google and Meta) is already
| servicing double-digit percentages of the world's traffic
| so it can absorb whatever packets you can toss at it. On
| the other hand, I suspect most services are going to fall
| over at L7 first due to common patterns like pre-forked
| ruby/python servers that struggle to process more than 1k
| qps per node, unauthenticated user actions putting load
| on hard-to-scale resources like RDBMS, next to no load
| shedding designed into the system, etc.
| blibble wrote:
| and then capture the data on the sly and sell it to the AI
| scrapers anyway
| safety1st wrote:
| I dunno, I am basically a dick to Big Tech all the time, give
| me an opening and I will go after them with gusto, but I can't
| really find fault in Cloudflare offering email sending
| infrastructure.
|
| The ire should be reserved for if and when they establish some
| kind of monopoly or other anti-consumer practices, fall afoul
| of anti-trust law, and inevitably the US government gives them
| a free pass for criminality like it has been doing for years
| with dozens of other Big Tech mergers, rollups, exclusivity
| dealings, etc. and appears to have just done again with Google
| a few weeks ago.
|
| It is fine for big companies to offer competing email sending
| services. It is not fine for them to break competition laws.
|
| Also yes, please do set up SPF, DKIM and DMARC for me. I may
| very well end up using this down the road because they say
| they'll do that for me and I just don't want to think about
| them in some situations.
| toomuchtodo wrote:
| > Also yes, please do set up SPF, DKIM and DMARC for me.
|
| I'm going to take this opportunity, because hopefully
| Cloudflare will see it, to request they support SPF record
| flattening natively.
| stingraycharles wrote:
| To be honest, the internet was worse without Cloudflare, so as
| long as they provide a good service for their customers, I'm
| fine with it. This is one of those.
|
| Google is in a perfect position to compete but they don't, so
| it's not like Cloudflare is a monopoly or something.
|
| At least they're not selling ads using your data.
| azemetre wrote:
| If Cloudflare is so vital to the internet, it should be
| nationalized for the public benefit as having a private
| entity with so much control over the internet is not a good
| thing. Corporatized control of the internet should not be
| encouraged.
| citizenpaul wrote:
| I would say if the political environment pre 1980s was
| still in existence that might be true. Today that would
| just mean the entire thing would unravel as it ate its own
| tail in the race to the bottom environment we are currently
| in.
| azemetre wrote:
| You can create democratic policies to thwart this. Even
| something as basic as nationalizing Cloudflare then
| forcing workplace democracy provisions on it would
| probably do more good for, not just the Cloudflare
| workers, but society writ large.
| Gormo wrote:
| Which political environment pre-1980s do you want to go
| back to? 1930s? 1850s? 1760s?
| JumpCrisscross wrote:
| > _Which political environment pre-1980s do you want to
| go back to?_
|
| 1934 [1].
|
| [1] https://tile.loc.gov/storage-
| services/service/ll/usrep/usrep... _Humphrey 's Executor
| vs. United States_
| Gormo wrote:
| I can't imagine what a court case about whether the US
| president has the power to unilaterally dismiss officials
| in executive-branch agencies could possibly have to do
| with this.
|
| At least you're referencing the United States in 1934,
| though. Things were _very_ dysfunctional politically in
| the US at that time, but not nearly as bad as what was
| going on in some other parts of the world.
| JumpCrisscross wrote:
| > _can 't imagine what a court case about whether the US
| president has the power to unilaterally dismiss officials
| in executive-branch agencies could possibly have to do
| with this_
|
| Seriously? You don't see the relevance of independent
| agencies to this discussion?
| Gormo wrote:
| No.
|
| And the dynamics of inter-branch checks and balances
| _within_ the US federal government aren 't directly
| relevant to the question of whether the federal
| government as a whole is a reliable institution in the
| first place (nb: it isn't).
| Imustaskforhelp wrote:
| Can't believe if you are joking or not.
|
| I trust a corporation more than I trust the nation you want
| it nationalized in (America?)
|
| EU maybe. But yes I don't want cloudflare to be part of
| america after patriotic acts and all the dystopia.
|
| Honestly, cloudflare is not so vital to the internet. Like,
| The only thing its gonna be a problem if they stop working
| without giving any way to migrate. Then yes, its gonna be a
| bit of problem to the internet.
| encom wrote:
| >cloudflare is not so vital to the internet
|
| Really? Try distrusting CF certs, and see how much of
| your internet activity breaks. CF certs _should_ be
| distrusted, because it 's MITM by definition. At the very
| least, I'd like an addon that makes the URL bar bright
| red, so I know my connection isn't secure.
| swiftcoder wrote:
| It's not more vital, than, say, AWS. Blocking AWS
| certs/endpoints will break your internet too.
|
| Though arguably neither should be in a position to do so
| without being regulate as a public utility
| Imustaskforhelp wrote:
| Yup, I also meant the same when I was writing my comment
| and although I agree about regulation, the thing is, that
| I don't even trust that aspect...
|
| Also, I know that there are sometimes where cloudflare
| sits in the middle between your servers and your users
| for DDOS protection, and so yes theoretically its a point
| of interception but given how their whole thing is
| security, I doubt that they would exploit it but yes its
| a point of concern.
|
| On the other hand, if something like this does happen,
| migrating can be easier or on the same level if something
| like this happened on like AWS.
|
| But cloudflare still _feels_ safer than AWS y 'know?
|
| That being said, I am all in for _some_ regulations as a
| public utility but not nationalizing it as the GP comment
| suggested. Just some regulations would be nice but
| honestly we are in a bit of tough spot and maybe it was
| the necessity of the internet to have something like
| cloudflare to prevent DDOS 's.
| Imustaskforhelp wrote:
| Hm, you raise good points but I just thought when I was
| writing that comment, that if there was even a single
| case of somebody using that MITM then that would just
| make everyone leave cloudflare and find either other
| mechanism or something else that's safer for sure.
|
| I think that cloudflare is used by most as DDOS
| protection and so they still have the servers.
|
| There are also cloudflare workers and pages but even
| migrating them is somewhat doable as I think that cf
| workers have a local preview option somewhat available in
| their node etc., so you could run it locally somehow.
|
| Sure its gonna be a huge huge problem but something that
| the internet might look past of (I think).
|
| Honestly, I kinda wish that there was a way to have
| something like how the tor onion links work in the sense
| that the link has the public key of the person running
| the server and so uh, no matter if its cloudflare serving
| the link or something else, its still something that
| can't be MITM'd for the most part.
|
| Am I right in thinking so? Sure, its gonna make the links
| longer but maybe sacrifices/compromises must be made?
| drnick1 wrote:
| The EU is quickly becoming a dystopian nightmare with age
| verification, mandated encryption backdoors, and
| generally an extremely invasive form of government. So no
| thanks.
| wwweston wrote:
| No thanks to this level of evaluation which doesn't even
| rise to "analysis", it's just a word salad association
| that picks two hobby horses and pretends they represent
| the apocalypse while ignoring all the measures on which
| many EU participating countries are producing quality of
| life and personal freedom at outlier levels.
| Imustaskforhelp wrote:
| Lets just hope that EU doesn't add that age verification
| thing or those Cert based things which is controlled by
| the govt.
|
| My opinion is simple, age verification won't work unless
| they block VPN (something which UK wants to do/ is doing)
| and that sets a really really bad precedent and I doubt
| if its entirely possible without breaking some aspects of
| internet or complete internet privacy.
|
| EU in aggregate is net positive but it still has some
| things which are kinda flawed regulations that are a bad
| precedent, but germany kinda blocked the verification
| thing iirc so there is still a lot of hope and EU does
| look like its trying its best but I think that it can do
| just a bit better if they don't think of age verification
| or some other stuff but that's just my 2 cents.
|
| This was why I added "maybe" tbh. They are one of the
| best options but even they aren't thaat good. Like its
| questionable I think and needs a much bigger debate
| drnick1 wrote:
| What quality of life improvements? I seriously hope major
| tech companies pull out of the EU market altogether
| instead of complying when client-side scanning is
| mandated. Then you can come back here and brag about how
| great life is in the EU.
| Gormo wrote:
| To make sure I understand, your position is that anything
| vitally important to the internet should not be under the
| control of a plurality of institutions subject to
| heterogenous incentive structures, but instead should be
| under the centralized, monopolistic control of a single
| institution that is perpetually compromised by perverse
| incentives and ulterior motives, whose mechanisms of
| accountability are mostly performative and demonstrably
| broken?
|
| I'm not sure that sounds like a good idea, if that's what
| you're saying.
| azemetre wrote:
| My position is that if something becomes critical it
| should be under democratic constraints in a democratic
| society and not private enterprises that have no forms of
| control by the populace.
|
| Maybe if Cloudflare had workplace democracy my concerns
| would be different, but they don't and wield too much
| power.
|
| If it also helps I also think 99.99% of big tech should
| be broken up into separate, probably a few 100, different
| companies.
|
| So yes, anything vital for the internet should be
| controlled by the people through democratic norms,
| institutions, and values rather than dictatorships by
| those with money over those with none.
| Gormo wrote:
| No such thing as "democratic constraints" or "democratic
| society" at the level you're discussing. Democracy is an
| imperfect safeguard against certain types of extreme
| dysfunction of the political system -- a necessary one
| for sure, but not nearly sufficient to make the
| institutions it applies to trustworthy with monopolistic
| control over other aspects of society.
|
| Everything reduces to specific people acting on their a
| priori motivations in bounded contexts, and any system of
| centralized control is guaranteed to enable expressions
| of the worst motivations of the people involved. The
| distinctions you're making -- "private" vs. "public",
| "corporations" vs. "governments", etc. -- are
| fundamentally meaningless.
|
| There are no "democratic norms", just norms adhered to by
| specific people and the factions they form, contesting
| against each other for power over others. Performative
| "democracy" is often just cover to allow the currently
| dominant factions to function as "dictatorships".
|
| Decentralization and individual autonomy are the only
| solution to the problems you rightly care about, but what
| you're proposing is literally the opposite of that.
| mrbluecoat wrote:
| Arguably, ecommerce was worse without Amazon but are we
| really better off?
| busymom0 wrote:
| Shipping times are definitely better off industry wide
| because of Amazon.
| mrweasel wrote:
| Same day shipping was always the norm here. Order
| something before 14:00 - 16:00, depending on where the
| company was on the route for package pickups, and you'd
| have your package the next day. Amazon has normalized
| multi-day / weeks shipping, so they've made it worse.
| gruez wrote:
| Where is this?
| mrweasel wrote:
| Denmark, there is no close Amazon warehouse, so shipping
| always suck. Not only is shipping times frequently a week
| or more, it's also overpriced and items are frequently
| less expensive from local online stores.
|
| Amazons only advantage is it's massive selection, if you
| can find what you're looking for.
| 0x457 wrote:
| In the US, it's the opposite. If you order directly from
| the brand, you get multi-day or more often multi-week
| delivery times. Unless they are using amazon logistic and
| which case it's the same as buying off amazon - 0/1/2-day
| delivery times.
| surfingdino wrote:
| Amazon are no longer the golden standard of e-commerce. I
| think 5-10 years from today we're going to look back at
| 2025 as the year Amazon started to destroy itself from
| within. They are pushing AI to "update" and "optimize"
| product descriptions. It's already made art supply
| descriptions a mess and now I see the same thing happening
| in the music gear section. I noticed that I go to other
| sites to buy stuff I was planning to buy on Amazon, because
| I am not sure what I'm buying anymore on Amazon.
| NooneAtAll3 wrote:
| you're right
|
| internet is made sooo much better by negating all encryption
| effort of the last 20 years
| kalaksi wrote:
| > At least they're not selling ads using your data.
|
| Yet. Since it's an american company with an ever-growing
| influence, I dread and expect that to change, among other
| things, down the road. I assume the three-letter agencies
| also already MITM the traffic.
| nenenejej wrote:
| Assume your beloved tech company can be bought by Oracle
| and proceed on that basis.
| galphanet wrote:
| You forgot about Broadcom !
| riedel wrote:
| CDNs always existed IMHO. The world before cloudflare was
| just much more hidden. In general I find their take at the
| typical cloud business from a network perspective mostly
| refreshing.
|
| However, I guess they have become the major player now and
| certainly try to optimize the world towards their business
| model.
|
| IMHO it needs other enterprises entering the competition.
| Maybe it could be new more software defined mobile network
| providers offering edge compute. Maybe data from IoT could
| never enter the Internet and we could have some confidential
| computing power when we need it for our IoT stuff. Maybe we
| could get a more decentralized Internet again...
| motorest wrote:
| > However, I guess they have become the major player now
| and certainly try to optimize the world towards their
| business model.
|
| I don't think that's it, and I think the explanation is
| much more simple and straight-forward.
|
| Cloudflare established a very successful business model
| around a straight-forward, very transparent, no-bullshit
| CDN. Now, they started offering other cloud services build
| around their CDN. Cloudflare Workers kind of extend their
| CDN pipeline to allow clients to run arbitrary code to
| customize caching logic, but it turns out their function-
| as-a-service model is exceptionally good, and higher-level
| services like email are a low-effort way to meet existing
| needs.
| gpi wrote:
| Cloudflare is far from a no bullshit CDN. The vendor lock
| in is real with an aggressive unethcial sales model.
| vel0city wrote:
| I'm not entirely aware of all their products, but just
| thinking about a CDN, isn't that in many ways kind of
| fungible? Is it really that hard to migrate to your big
| cloud co's CDN (CloudFront, Google Cloud CDN) or the
| several other large competitors without an immense amount
| of work?
|
| Please, educate me and tell me what's up.
| gpi wrote:
| Many of Cloudflare's products are bundled together for
| reasons.
|
| Trying to unravel all that is an absolute nightmare.
| tick_tock_tick wrote:
| Like what? Give an example. I'm struggling to think of
| something they offer that is particularly unique and not
| offered by the other public clouds or several SASS
| companies.
| everfrustrated wrote:
| Much of their model and success was by giving away a lot
| of service for free.
|
| I'm not discounting their innovations but had they not
| been VC funded and given away free service I suspect many
| would still never have heard of them.
| agrippanux wrote:
| Oh I remember a time before CDNs and a big part of your
| startup fundraise was to build out your own setup inside a
| data center.
| TeMPOraL wrote:
| It's not the specialization around hosting that's the
| problem, but that entities running CDNs realized they're
| in a privileged position in the network, and decided to
| capitalize on it.
| makeitdouble wrote:
| I think the point is to keep them in that mindset, and that
| requires competition and some counterbalance that won't be
| there is everyone just moves to Cloudflare.
| immibis wrote:
| If CF limited their clients to big businesses (just like
| Akamai and who else?) it might be less bad, but as it is,
| they're trying to get the whole internet including small
| sites on board.
| mrweasel wrote:
| I still believe that CloudFlare means well, but that doesn't
| mean that I agree with the increased centralization. This
| isn't the fault of CloudFlare, they are just exploiting a
| business opportunity and as you say: At least they're not
| selling ads.
|
| It is a legitimate business, from my perspective. I'd just
| wish we weren't in a situation where CloudFlare isn't exactly
| struggling to sell their services.
| motorest wrote:
| > I still believe that CloudFlare means well, but that
| doesn't mean that I agree with the increased
| centralization.
|
| I'm perplexed by this sort of comment. Cloudflare doesn't
| even feature in the top 10 of cloud provider market share,
| and the number 8 spot already reports 2%. And here you are,
| complaining about Cloudflare and centralization.
|
| Furthermore, AWS is by far the biggest cloud provider,
| reporting around 30% market share, and I don't see AWS
| being referred as a concern.
| mrweasel wrote:
| 20% of websites uses CloudFlare(1, 2), even companies
| that use AWS, GCP and Azure have their services behind
| CloudFlare.
|
| 1) https://www.theregister.com/2024/12/13/cloudflare_2024
| _revie...
|
| 2) https://en.wikipedia.org/wiki/Cloudflare
| segmondy wrote:
| The internet is worse for me with Cloudflare. I'm using a
| cellphone router for my internet. My guess is I don't get a
| dedicated IP and probably behind a NAT with other users. 85%
| of my request needs me to solve a cloudflare captcha. on bad
| days I have to do this easily 100+ times.
| hnav wrote:
| Have you played with IPv6 vs IPv4? Wonder what's worse
| there, CGNAT-ed IPv4 or an inherently low-reputation IPv6.
| gruez wrote:
| But what's the counterfactual? People use cloudflare
| because they want protection from ddos attacks and bots. If
| cloudflare didn't exist there would probably be similar
| measures.
| TeMPOraL wrote:
| _Businesses_ want to protect the _continuity of their
| business operations_ , and to that end they buy such
| protection as a service, from a _business_ that managed
| to MitM half the Internet in order to provide such
| service.
|
| Point being, it's a commercial subverting the Internet
| from inside, reshaping it to better serve the interests
| of commerce. It is indeed protection, but it's
| accomplished by _reducing variance_. 99% of legitimate
| commerce on the Internet follows the same patterns, use a
| small subset of possibilities offered by the technology -
| so why not just block the remaining 1% that doesn 't fit
| and call it a day? It _will_ stop most of the threats to
| running businesses on the Internet. The 1% of legitimate
| commerce that doesn 't fit the pattern? It's not being
| ignored per se, just pressured to adapt and conform to
| the majority.
|
| What is being ignored is that the Internet is not just a
| place of commerce, and non-commercial use cases, ideas
| such as empowering people to better their lives, are
| gradually becoming impossible, as fundamental Internet
| infrastructure becomes inhospitable for them.
|
| Some of us still remember the Internet being more than
| just a virtual mall, and are unhappy about it gradually
| becoming one. And it's not like CloudFlare, et al. are
| hostile to non-commercial interests as a matter of
| principle - it's just _out of scope_ for them.
| bkettle wrote:
| I actually think that Cloudflare has made publishing on
| the internet _more_ accessible for many individuals. I've
| helped a few people get personal websites running on
| Cloudflare pages and run my own there--it's free and
| extremely easy. They could obviously pull the plug at any
| point, but with static sites it's easy to avoid lock-in.
| If it weren't for Cloudflare and other services that give
| free, easy hosting, I suspect there would be even fewer
| of the non-commercial small-internet sites that you
| value.
| sally_glance wrote:
| Your first paragraph summarize why businesses want to use
| Cloudflare and how it helps them maintain their business.
|
| Your second paragraph talks about other (non-commercial)
| sites. I think I'm missing the link here. Why would the
| admins of such sites resort to Cloudflare if 'fundamental
| Internet infrastructure becomes inhospitable for them' by
| making that choice? They could very well choose to
| implement their own or no measures at all.
|
| I think the issue is that the general threat level has
| massively increased compared to the past - not in terms
| of sophistication but frequency/scale. But that's a
| consequence of widespread adoption, nothing Cloudflare in
| particular is responsible for.
| TeMPOraL wrote:
| > _Why would the admins of such sites resort to
| Cloudflare if 'fundamental Internet infrastructure
| becomes inhospitable for them' by making that choice?
| They could very well choose to implement their own or no
| measures at all._
|
| Marketing and free tiers.
|
| But my point is that Cloudflare is addressing threats
| that predominantly affect businesses, and does so well,
| but the way it does is effectively changing the whole
| Internet to be more hospitable for commerce, and less
| hospitable for any other kind of use.
| r00f wrote:
| It is not Cloudflare's fault. It means the website
| operators were so fed up with bots and bad actors that they
| just applied a carpet ban and called it a day. Thanks to
| Cloudflare I was able to reduce my website load threefold
| and downscale my VMs and my monthly cloud bill, and seeing
| how 50k daily requests were shown CAPTCHA and not even
| tried to solve it makes me terrified of running anything
| without Cloudflare.
|
| Don't blame site owners and service that is trying to help
| them. Blame the fact that 90% of today's Internet traffic
| is bots
| Dylan16807 wrote:
| It's cloudlare's fault that it's so common to have very
| overzealous blocking. Site owners need access to bot
| protection but that doesn't mean highly flawed protection
| gets to be blameless.
| monkeywork wrote:
| That reads more like:
|
| - site owners can have protection as long as it doesn't
| inconvenience me.
| Dylan16807 wrote:
| Close.
|
| Replace "me" with "legitimate users" and replace
| "inconvenience" with " _very aggressively_ inconvenience
| or entirely block ".
|
| Then yeah you have it.
| ants_everywhere wrote:
| Of course it's cloudflare's fault. They monetized and
| scaled a service that blocks humans from interacting with
| websites.
|
| They're also essentially a deanonymization reverse proxy
| that can track everyone's browsing history and decide
| whether you get to see websites based on social credit.
| GoblinSlayer wrote:
| Won't anubis do the same?
| sssilver wrote:
| > At least they're not selling ads using your data
|
| Sounds great, until a new CEO steps in. Any company is
| exactly one (or more often zero) CEO away from doing whatever
| they want (within legal constraints) with their business, in
| order to fulfill their fiduciary duty (and greed).
| eastdakota wrote:
| I'm not going anywhere anytime soon.
| rcakebread wrote:
| How do you know?
| mike_d wrote:
| I am genuinely curious what protections are in place to
| ensure that? What is the plan after you are gone?
|
| It looks like you have voting shares with 10x the power
| of institutional investors, but activist investors aren't
| dumb either.
|
| My biggest fear of Cloudflare has always been that one
| day you'll get hit by a bus and someone will figure out
| that merging Cloudflare with an ad network would create
| so much more shareholder value. The road to hell is paved
| with free DDoS mitigation, so to speak.
| anonyfox wrote:
| Huge fan of Cloudflare here actually. It's always such a
| breath of fresh air compared to the heavyweight
| configuration hells like AWS. And for doing super
| convenient stuff like make node:http work on cloud
| functions recently, but guess only certain DevOps guys
| realize how cool that is compared to other FaaS wrapping
| ceremonies.
|
| Too bad you don't hire senior folks in Germany currently,
| would probably join in a heartbeat for emotional reasons
| alone. Keep going, lightweight features on a tap and
| solid reliability over years is exactly what I need and
| want at least.
| betaby wrote:
| > To be honest, the internet was worse without Cloudflare
|
| It was better. 'Wget' and 'links' worked with most of the
| sites.
| ezfe wrote:
| wget isn't _supposed_ to work on these sites. They 've
| chosen Cloudflare and asked them to do this.
| jasonvorhe wrote:
| I don't know what kind of internet you used but mine didn't
| randomly decide to block my access to a website because some
| quasi monopolist decided I wasn't allowed to use a certain
| website for intransparent reasons.
| troyvit wrote:
| Being blocked from a web site and having to hit a little
| box are two different things. Are you talking about the
| former or the latter? If it's the former ... that has
| literally never happened to me unless I'm on a VPN and even
| then it's rarely (if ever) CF that's doing the blocking.
|
| If it's the latter then it reflects the sad truth that we
| can't have nice things anymoret. I have lots of problems
| with the accessibility of that box, but either Cloudflare
| would be implementing it, somebody else would be
| implementing it, or a huge chunk of data would be
| unavailable to you anyway because of accidental DDoS
| attacks caused by irresponsibly deployed bots.
| inetknght wrote:
| > _Being blocked from a web site and having to hit a
| little box are two different things._
|
| Maybe for you.
|
| But I don't let random unvetted websites run code on my
| computer. Checking that box _requires_ it.
| tick_tock_tick wrote:
| So you're blocking yourself? Seems really disingenuous to
| imply it's someone's fault when you know it's your own.
| oasisaimlessly wrote:
| _Why do you keep hitting yourself? Hahah_
|
| --childhood bullies
| GoblinSlayer wrote:
| Due to implementation chosen by Cloudflare, allowing
| Cloudflare also allows the proxied website to run code,
| because Cloudflare blends with it, but why the proxied
| website should be trusted if the challenge is served by
| Cloudflare?
| forgotmypw17 wrote:
| This has happened for me on regular residential Internet
| access.
|
| (Check the box, and get redirected to check the box
| again.)
| hsbauauvhabzb wrote:
| Infinity captchas are the most toxic thing ever. I have
| trouble completing many of the challenges.
| justsomehnguy wrote:
| > never happened to me
|
| "Never happens to me means never happens to anyone"
|
| Also it's quite amusing what if you had got hit with an
| infinite captcha here then you couldn't post your
| comment.
| viccis wrote:
| I can't book a table at a local restaurant without
| calling because their resy link is behind Cloudflare and
| Cloudflare has decided that my up-to-date Firefox is out
| of date and therefore can't pass the challenge. In
| reality it's more likely that one of my ad blockers is
| stopping it from doing what it wants. It doesn't even let
| me hit the box.
| GoblinSlayer wrote:
| I might whitelist Cloudflare, but it pretends to be not
| Cloudflare, because it's MITM by design.
| jasonvorhe wrote:
| It was implied that the "let's check you're human" didn't
| do a good job at that, causing the block - without a VPN.
| Meanwhile, certain bots just circumvent it (there's even
| a couple of videos showing robot arms/fingers prove their
| humaness) while legit users, even coming from Tor, get
| blocked. That's the internet I used to know. (I am not in
| the "everything was better" camp though.)
| bogwog wrote:
| > Google is in a perfect position to compete but they don't,
| so it's not like Cloudflare is a monopoly or something.
|
| Not to comment on whether they're actually a monopoly or not
| (since idk much about CF's market share, except that it's
| big), but how does this prove they _aren 't_ a monopoly? If
| anything, it'd work as evidence to prove that they are.
| egorfine wrote:
| > the internet was worse without Cloudflare
|
| It had much more freedom. Currently it's up to Cloudflare to
| decide whether you will read that article or not. Tomorrow
| some stupid law will mandate certain ideas to be hidden from
| children[1] and Cloudflare will happily comply.
|
| 1. https://en.wikipedia.org/wiki/Think_of_the_children
| zenmac wrote:
| For example, recently certain big corp ask me to verify
| something. I clicked on the link in the E-Mail and it was
| suck on Cloudflare the click button over and over again. No
| matter how many times I clicked.
|
| Do I need to find another internet access now?
| paulgb wrote:
| I would bet in the direction of this being a bug on big
| corp's side rather than Cloudflare's.
| chipgap98 wrote:
| How is this not a problem with the law rather than a
| problem with Cloudflare?
| Spivak wrote:
| Because human nature is what it is. The best way to eat
| better isn't to be a better person, it's to not keep junk
| food at the house. It's not Cloudflare's fault that
| they're successful, but it's now everyone's problem that
| they're an easy throat for governments to choke.
| tavavex wrote:
| It's both. In allowing Cloudflare to grow so big, we now
| have one huge universal button for governments to push.
| If instead all of these customers were dispersed over
| hundreds of different services from different countries,
| good luck with trying to keep them all in line with your
| specific country's whims.
| stickfigure wrote:
| > It had much more freedom
|
| ...right up until you got DDoS'd off the internet by some
| script kiddie "for the lolz".
| ezfe wrote:
| It's not up to Cloudflare, it's up to the businesses that
| choose Cloudflare for that protection.
| t_mahmood wrote:
| We said the same thing with Google, "Don't be evil", "They
| are better than MS", now here we are, Google, became
| something that doing everything to squeeze every data off us,
| so that they can sell them to their partners.
|
| And, anything that stops them from doing it, well, you are
| kind of erased from the Internet. The freedom we had, slowly
| becoming non-existent now.
|
| Corporates have one and only one target. It is to make money.
| And this mentality, enables them.
| stevenfoster wrote:
| Yet...
| ies7 wrote:
| These sentences are what I would used to describe Google 10
| years ago.
| surfingdino wrote:
| I started building on Cloudflare, but after their "pay us
| 120k or else" tactics they got famous for I decided to move
| code elsewhere.
| kordlessagain wrote:
| I approve of this message.
| jimmydoe wrote:
| Good point, but I guess we are stuck here.
|
| I don't think Cloudflare did anything major wrong, most of what
| they offer have plenty of alternatives, but Cloudflare is able
| to do a lot for free which really isn't their fault.
|
| There are complain about its cache's captcha, I get it, ideally
| it should not discriminate any human user, but IMO it's an
| economical problem unless we collectively decide what they do
| is public utilities.
| matthewaveryusa wrote:
| Yes, but also you can't send an email in any meaningful way on
| the internet without going through a middleman anyways so while
| philosophically you're correct, in reality it's already the
| case.
| Onavo wrote:
| Well, this is their second try at this. They shut down their
| first attempt after a year (and left a ton of developers
| stranded).
|
| https://blog.cloudflare.com/sending-email-from-workers-with-...
| kentonv wrote:
| MailChannels was a different company that offered an
| integration with Workers, and then later decided to stop
| offering that integration.
|
| Today's announcement is a feature offered directly by
| Cloudflare.
| mips_avatar wrote:
| Email is already MITMed by gmail. 90% of my time managing
| transactional/marketing emails is just keeping gmail from
| moving my legit customer communications to spam.
| Faaak wrote:
| The new Room 641A
| op00to wrote:
| It's not really a big deal to MITM email anyway.
| TZubiri wrote:
| I think first they were hugely successful in their DDoS
| protection product that consisted of a DNS connected load
| balancer.
|
| But now they took the excuse of security to act as a MiTM for
| everything else, when conveniently, it makes for a great
| business model to just be slapped in the middle of every
| connection.
| johncolanduoni wrote:
| I've never understood the evil MITM endgame here. Cloudflare's
| ToS and contracts prevent them from doing nastiness with your
| data without breach, and approximately all their revenue comes
| from large enterprises that will leave in droves (and some will
| actually sue them) if they started exploiting it.
|
| The thing where they let DDoSers use them to protect their
| public sites from rival DDoSers is sketchy as hell, but doesn't
| rely on having your data.
| pier25 wrote:
| Great move. Will probably switch to it immediately from Sendgrid
| as soon as it goes GA.
|
| Sendgrid recently killed their free tier (100 emails per day) and
| their lowest plan is now $20/month for 50,000 emails. It's
| totally overkill for low traffic projects.
| richwater wrote:
| > Sendgrid recently killed their free tier (100 emails per day)
| and their lowest plan is now $20/month for 50,000 emails. It's
| totally overkill for low traffic projects.
|
| With a pricing structure like that it appears they became too
| tired of verifying/validating users to not send spam.
| Unfortunately I don't blame them.
| pier25 wrote:
| isn't this done automatically?
| sophacles wrote:
| Sure, and then the spammers figure out how to fool the
| checks. And sendgrid has to figure out how to detect the
| new and improved spammers. Then the spammers figure out how
| to fool the new and improved checks... and so on.
|
| The part where sendgrid has to keep figuring out how to
| make new and improved validation is expensive.
| bachmeier wrote:
| $10/year for 10,000 messages/year is 10 cents per message.
| (Or some other volume at 10 cents/message.) Surely too high
| for spammers but cheap enough for an app with a low message
| volume.
| richwater wrote:
| It's not about optimizing for low volume side projects.
|
| Barrier to entry for (12 * $20) is much higher than
| $10/year and they figure that was worth the tradeoff of
| losing small fish customers.
| bachmeier wrote:
| Well, I was responding to your claim that "it appears
| they became too tired of verifying/validating users to
| not send spam" is the reason for killing their low-volume
| free tier. It's a different story if they dropped the
| free tier to focus on large-volume customers.
| athorax wrote:
| $10/year for 10,000 messages is a tenth of a penny per
| message
| albertgoeswoof wrote:
| Try https://mailpace.com
|
| The lowest plan $40/year for 1k emails/month isn't on the
| Pricing page, but you can select it when signing up.
| pier25 wrote:
| Thanks. It's not very smart to not list that plan in the
| pricing page IMO.
| jasonfrost wrote:
| Or migadu for 19/yr
| sodality2 wrote:
| Migadu is more for personal emails - they aren't meant
| for transactional emails at all.
| johtso wrote:
| Thanks for recommending mailpace, PS7.50/month for 10,000
| emails is very reasonable, _and_ they support idempotency!
| Definitely makes me consider switching to them..
| iamcalledrob wrote:
| Been using Mailpace for a few years.
|
| Has been a 10/10 experience -- rock solid and extremely good
| deliverability.
|
| Wish the pricing increased non-linearly though at higher
| volumes.
| rcleveng wrote:
| Even with those pricing structures, 95%[1] of the spam I get
| comes from sendgrid. To their credit, their abuse@ address is
| good at handling the reports and they reply with a followup
| that the report was received and able to be acted upon[2].
|
| The volume of spam (for me) doesn't seem to be decreasing from
| them, so there's a lot of moles to whack.
|
| [1] Just a guess from looking at the last weeks [2] I know it's
| automated, but often there's 2 that come with the 2nd one
| stating it's acted upon, so i'm hopeful.
| friendzis wrote:
| These services are just spam-circumvention as a service. It's
| cheaper and easier to pay 20 bucks to sendgrid and let them
| fight the fight with google/microsoft/yahoo than to
| circumvent spam protections of the big providers.
|
| You can very reasonably and reliably expect spam amount to
| correlate with the cost of sending said spam or expected
| return. At any service. There used to be a time where you HAD
| to check your mailbox several times a week or it would
| (literally) overflow with spam.
| alpn wrote:
| smtp2go.com offers a free tier with 1,000 emails/month. I've
| been using it for a few small services I run and haven't had
| any issues so far.
| jabroni_salad wrote:
| smtp2go will let you have 200 a day or 1000 a month for free.
| bangaladore wrote:
| Switched to this from Sendgrid for my low email volume apps.
| tmiku wrote:
| Re: Sendgrid killing their free tier - I used them for the
| contact form on my personal website, and after they ended the
| free tier I was able to move to Resend (who has a similar free
| tier) without too much work. Pretty happy with it so far.
| mfkp wrote:
| Zeptomail by zoho has been reliable for me and extremely
| reasonably priced: https://www.zoho.com/zeptomail/
| stavros wrote:
| This is really cheap, is the deliverability good?
| mfkp wrote:
| Yes, honestly been much more reliable than my previous
| provider (mailgun). Their IPs were constantly getting on
| spam blocklists with yahoo and hotmail. No issues with
| zepto so far, been using about 9 months.
| stavros wrote:
| Thank you! I hope they verify me soon.
| pier25 wrote:
| This looks great. Thanks for sharing!
| mustaphah wrote:
| Mailgun offers 100 emails/day for free [1]
|
| [1] https://www.mailgun.com/pricing/
| Oras wrote:
| Been waiting for this for a long time! CloudFlare developer
| platform is underrated. The ability to use queues, cache (KV),
| Hyperdrive, and R2 (an S3 equivalent) with one line of code is
| just brilliant.
| pluc wrote:
| About their developer platform:
| https://blog.cloudflare.com/cloudflare-developer-platform-ke...
| codegeek wrote:
| I really like CF focus on developers but their R2 is not quite
| configurable yet as S3. I am looking forward to move away from
| S3 if R2 can get their bucket policies and permissions as
| advanced as S3.
| kylehotchkiss wrote:
| Could you accomplish your needs in R2 just using more
| buckets?
| codegeek wrote:
| potentially yes. but that will not be a clean solution. One
| bucket per customer is our rule.
| mtrovo wrote:
| Same here. Cloudflare products are a really good balance for
| small projects that could eventually need to scale up. Durable
| objects is such a cool concept in itself that I don't know why
| it didn't catchup the same way in other providers.
| ahmedfromtunis wrote:
| I've been using email workers for years now. Adding the ability
| to send emails directly from workers will be amazing!
| davidmurdoch wrote:
| https://blog.cloudflare.com/sending-email-from-workers-with-...
|
| They had it a few years ago, but the company offering the free
| integration essentially stopped offering the free part. I'm
| currently grandfathered in to mail channels.
| thomgo wrote:
| Fun fact, you can actually use the current send_email binding
| to send emails to verified emails in your account (but this
| announcement will make it possible to send emails to everyone)
| boarush wrote:
| You can also reply to incoming emails from what I know, you
| just cannot initiate any email directly to prevent the
| obvious abuse. I wonder how they plan to mitigate that apart
| from keeping the pricing sane.
| gen3 wrote:
| >// Classify incoming emails using Workers AI const { score,
| label } = env.AI.run("@cf/huggingface/distilbert-sst-2-int8", {
| text: message.raw" })
|
| This is neat but be careful using an LLM to parse email content.
| The demo is a BERT model which is a good but I can see how
| someone might swap this without realising the implications
|
| Also really nice to see emails from workers, its something I have
| wanted for a while!
| Handy-Man wrote:
| Cloudflare's email routing has been abused by malicious users for
| so long that I can no longer reliably use it with my domain, most
| times Outlook just blocks Cloudflare IP ranges and emails never
| get routed to my Outlook mail box.
| johtso wrote:
| Please tell me this supports some kind of idempotency.. I fear it
| wont.
|
| The kind of hoops I've had to jump through to achieve DIY
| idempotency with Postmark would make you cringe, a shared lock to
| avoid race conditions, and then using the API to check if an
| email with the unique id (manually added to the metadata when
| sending) has not already been sent before sending an email.
|
| Being safe in the knowledge that an email with some unique key
| will only be delivered once regardless of bugs, processes dying
| mid task, network issues etc. just makes life so much simpler.
| The risk of sending duplicate emails or at worst spamming your
| users due to some more nefarious bug is something that you really
| want to guard against at as low a level as possible. Sure this
| might not be quite as consequential as duplicate charges through
| the Stripe API for example (Stripe have always seemed to lead the
| way with good API design in this regard).. doThing(data) is _not_
| good enough for executing tasks over a network that are
| effectful, have a cost, and potentially risk your reputation if
| things go wrong. Idempotency keys should far more widely
| supported!
| RandomBacon wrote:
| My understanding is that "Best Practice" is to use different
| companies for different services (not to have all of your "eggs
| in one basket") in case something goes wrong with one company and
| they take everything down.
|
| This is what I have...
|
| Domain Name Registrar: Dynadot
|
| DNS: Cloudlare
|
| Hosting: Dreamhost
|
| Email: Fastmail
|
| Should everything be under Cloudflare? I think they also do
| domain name registration and now, soon email. Not sure off the
| top of my head if they do hosting.
| nojs wrote:
| They do, it's call "pages"
| hamdingers wrote:
| I'm not sure what best practice actually is, but each different
| company you depend on is a different failure point. If
| CloudFlare goes down half the internet does (which is a problem
| of course, but not _my_ problem), so from a purely utilitarian
| perspective depending on them feels like a safe bet.
| ry167 wrote:
| You can't connect to your email or hosting if your DNS with
| Cloudflare is down.
|
| Plus, Dynadot uses Cloudflare for their site, so you couldn't
| even change your nameservers if CF is down.
|
| A random scatter won't protect you from a service like CF / AWS
| / GCP being down, and most users won't benefit from protecting
| from that sort of unlikely and major scenario anyway...
| RandomBacon wrote:
| That's a good catch about Dynadot using Cloudflare.
|
| Ideally there would be a setup to avoid having the domain
| name registrar use a different DNS than me.
|
| I'm more concerned if an over-zealous algorithm or employee
| shutting down an account and being able to just switch that
| one service to another company rather than losing everything.
| bachmeier wrote:
| Does Fastmail have an easy API for sending messages from an
| app? I've tried it before but found it much more complex than
| an API call.
| turnsout wrote:
| I'm currently implementing SES for a new app, but I like the idea
| of having another option. I wonder what the pricing will be.
| scrollaway wrote:
| This sounds amazing... basically everyone in the space is either
| reselling Sendgrid or AWS SES.
|
| What other "root" email services are there out there? Even Google
| Cloud doesn't provide one...
| iamacyborg wrote:
| Mailjet, mailgun, sparkpost and a bunch of others.
| scrollaway wrote:
| Mailjet / Mailgun are one and the same service and since the
| acquisition, I haven't heard of anyone still happy with them.
| But yes good point, Mailjet is another one.
|
| Sparkpost to my knowledge is built on SES.
| iamacyborg wrote:
| Sparkpost roll their own MTA's on AWS, they're not sending
| via SES.
| BinaryIgor wrote:
| Postmark is pretty good as well :)
| jeffbee wrote:
| Google's Mail API for App Engine seems to still be available. I
| think they don't really want you to use it, but there it is.
| maz1b wrote:
| It's unfortunate that email hosting and email infrastructure can
| really be done only well by major players. The days of people
| running and maintaining their own are pretty much long gone.
|
| Fwiw, not a knock against CF. I like their products, mostly
| simple, fair pricing, etc. Just a bit unfortunate commentary on
| the state of email infra on the internet.
| sgt wrote:
| This is a myth though (with some truth to it in certain cases).
| I've run my own mail infrastructure since 1999, no issues.
| logicallee wrote:
| >This is a myth though (with some truth to it in certain
| cases). I've run my own mail infrastructure since 1999, no
| issues.
|
| when was the last time you got a reply to an email you sent?
| sgt wrote:
| All the time. I use it in production and I have many users.
| cj wrote:
| I suspect if you shared more info about your mail
| infrastructure, it might reveal that what is working for you
| is too complicated for 99.9% of people to set up and maintain
| themselves.
| seszett wrote:
| I don't think the goal is that every non technical person
| can host their own mail infra.
|
| But most people who can run a server should be able to
| setup OpenSMTPd with the DKIM filter and Dovecot. It's much
| easier than configuring postfix like we had to do in the
| past.
|
| To answer a sibling comment, the last time I received an
| answer is a few minutes ago. The correspondent's email
| infra is hosted by Google.
| kordlessagain wrote:
| Your argument might have worked 5 years ago. Now, with AI,
| it's very dated.
| sgt wrote:
| You're right, it used to be a bit complicated. Now you just
| need to have a reputable and clean IP address, and
| knowledge of running some services in docker and of course
| understanding DNS and its crucial role for running a mail
| server.
|
| I used to run all the components and maintain it (even that
| wasn't bad), but I changed to mailu[1] about a year ago
|
| [1] https://mailu.io
| nicce wrote:
| Have you had static IP since then? A problem is that most new
| mail servers will have IP address with history.
| sgt wrote:
| The current static IP (it changed over the years) I got in
| 2016 or so.
| lomase wrote:
| Every single IT team I know wanted to get rid of the mails
| servers.
|
| I don't know why. At the same time they don't want to get rid
| of the bbdd servers, or the app servers.
|
| Maintaining a email service must not be as easy for them.
| SoKamil wrote:
| Well, it's hard to beat 26 years of expertise.
| zokier wrote:
| It is probably because you have run it so long that you have
| good reputation and less issues. Too bad we don't have time
| machine to go back to ninties to start building up
| reputation.
| drnick1 wrote:
| I run my own email server and you couldn't pay me to use a
| commercial provider like Google instead. The privacy benefits
| are huge and there is no one to restrict my storage or change
| my "terms and conditions" overnight.
|
| The days of people running their own servers are gone because
| of the shortsightedness and laziness of IT managers. They
| though the "cloud" would be easier and cheaper, and they are
| now trapped.
| matheusmoreira wrote:
| You don't have deliverability issues?
|
| I entertained the idea of running my own mail servers for a
| while. After researching the topic it turned out that the
| internet now runs on an IP reputation system. Major email
| services like gmail assume that anything sent from unknown
| IPs is malicious.
|
| So it looks like we've gotta be well connected to federate
| with the other email servers now. A nobody like me can't just
| start up his own mail server at home and expect to deliver
| email to his family members who use gmail or outlook. So I
| became a Proton Mail customer instead.
| truekonrads wrote:
| Deliver via sendgrid*, receive directly is probably the
| only viable path for self hosted systems.
|
| Where sendgrid=any major player, could be Mimecast,
| proofpoint or anyone else who will forward outgoing email.
| dpifke wrote:
| FWIW, a huge percentage of the spam I get is via
| Sendgrid, and at some point in the past year or two their
| abuse reporting mechanisms all turned into black holes,
| so mail sent via Sendgrid is heavily penalized in my spam
| rules.
|
| Sending reputation is just as applicable if you're using
| a third party as if you're hosting it yourself, but much
| less under your control.
| drnick1 wrote:
| I don't have deliverability issues to the big providers,
| but that comes down to the age of my domain and my IP in a
| clean non-residential block. But you won't have reputation
| issues if your friends and family also run their own server
| and don't enforce such arbitrary requirements. Running your
| own servers, not only for email, is the only way to regain
| control over your computing.
| dpifke wrote:
| I've run my own mail servers for many decades and have
| never had any deliverability issues. I've also never used
| bargain basement cloud VPS services with horrible
| reputations.
|
| The best way to ensure a good reputation is to obtain your
| own address space from a RIR. Barring that, you need to
| choose a provider with a decent reputation to delegate the
| space to you.
| zokier wrote:
| > The best way to ensure a good reputation is to obtain
| your own address space from a RIR.
|
| There is the slight problem that RIRs ran out of (v4)
| addresses almost a decade ago.
| dpifke wrote:
| Not true, at least for ARIN. If you have an IPv6
| allocation, you can obtain one or more IPv4 /24
| allocations, so long as their stated purpose is to
| provide IPv4/IPv6 compatibility (e.g. for dual-stack
| services or NAT): https://www.arin.net/participate/policy
| /nrpm/#4-10-dedicated...
| matheusmoreira wrote:
| > obtain your own address space from a RIR
|
| How does one do that? And what are the costs involved?
| nicoburns wrote:
| > After researching the topic it turned out that the
| internet now runs on an IP reputation system. Major email
| services like gmail assume that anything sent from unknown
| IPs is malicious.
|
| You have to buy/rent a dedicated IP address (that you'll be
| able to keep long term), and it warm it up by gradually
| increasing mail volume over a few months to weeks. But once
| you have, deliverability shoudl be fine.
|
| I think the bigger issue is needing to keep on top of
| mainenance of the server.
| zenmac wrote:
| Like the parent have ran Email servers for many years
| now. If you get a bad IP, as long as you get the DKIM
| records right, over time it will 'warm' up the IP. And
| the more you use the email on that IP and NOT spam
| people. The IP will warm up. Make sure you actually own
| that IP!!! It will become valuable.
| op00to wrote:
| This does you no good for the months or years it takes to
| "warm up" your email while your messages are getting
| thrown into the trash.
| stackskipton wrote:
| I'm the reverse, I can Microsoft 8 bucks not to mess with
| this? Sign me up!
| xp84 wrote:
| Can you share what your antispam strategy is?
|
| I have arrived at the opinion that what I would do if I moved
| to selfhost would just be to pay some trivial amount for
| outbound email via a provider like sendgrid as someone else
| in these comments has also mentioned. Since I send out maybe
| a half dozen emails a month I don't think this would be a big
| deal.
|
| But when I relied on selfhosted email several years ago, I
| was always inundated with spam, which SpamAssassin was wildly
| undermatched to handle -- that was one of the main reasons I
| moved to gmail. So I'm curious what people who are happy
| self-hosting today are using.
| drnick1 wrote:
| My suggestion would be to use a unique alias for each
| website/company. This way, if you start receiving spam at
| that address, you know who leaked it, and can simply delete
| the alias. You should also then publicly name and shame the
| source of spam.
|
| I also run SpamAssassin on my server, but I don't believe
| it ever had to do anything.
| parliament32 wrote:
| > The days of people running and maintaining their own are
| pretty much long gone
|
| This is very much a myth. There's a lot of FUD around how mail
| is "hard", but it's much less complicated than, say, running
| and maintaining a k8s cluster (professionally, I'm responsible
| for both at my org, so I can make this comparison with some
| authority).
|
| Honestly `apt install postfix dovecot` gets you 90% of the way
| there. Getting spambinned isn't a problem in my experience, as
| long as you're doing SPF and DKIM and not using an often-abused
| IP range (yes, this means you can't use AWS). The MTA/MDA
| software is rock-solid and will happily run for years on end
| without human intervention. There really isn't anything to
| maintain on a regular basis apart from patches/updates every
| few months.
| drnick1 wrote:
| This is 100% my experience too. Self-hosting email isn't any
| harder than self-hosting something else and there is no
| maintenance beyond apt update and apt upgrade. Even if you
| choose to do this in hard mode using postfix/dovecot instead
| of a dockerized stack, you can get a working config in a few
| minutes from an LLM these days.
| btown wrote:
| I think that there's a mindset among younger coders that "if
| it's not a modern post-AWS cloud provider, servers will take
| ages to come online and aren't going to give me full access,
| that's why EC2 exists." And this is conflated with the myth
| that running a mail server is hard.
|
| But in practice, you can find any number of VPS providers,
| running in local datacenters, with modern self-service
| interfaces, with at least some IPs that aren't already spam
| flagged (and you can usually file a ticket to get a new IP if
| you need it), that are often cheaper per month than AWS, and
| give full root and everything. Find a service that will help
| you warm the IPs before you send to customers, and you're
| good to go!
| cullumsmith wrote:
| I've run my own mail for 10 years (postfix/dovecot/rspamd), no
| issues. Reverse DNS, SPF, and DKIM records need to be in place,
| but that's a small lift.
|
| Well, one time I was unable to send mail to a guy with an
| ancient @att.com email address from his ISP. I got a nice
| bounce message back with instructions to contact their
| sysadmins to get unblocked.
|
| To my surprise, they unblocked the IP of my mail server in a
| matter of hours.
| everfrustrated wrote:
| Private email will have no problems. I also ran my own mail
| server for personal use and had almost zero problem (and this
| was on an AWS IP!).
|
| Where people will absolutely have problems is trying to run a
| marketing campaign through their own IP. You absolutely will
| (and should) get blocked. This is why these mixer companies
| exist and why you pay for an intermediary to delivery your
| mail.
| mbeex wrote:
| There is a sweet spot between Gmail and self-hosting. I use
| Runbox and generally separate contexts, with CF being an
| exception as I use CF pages for static blog websites, some of
| their core services, AND as a registrar. For the latter, the
| default setting is porkbun. The reason for this is not CF's
| mandatory in-house DNS servers, but the simple fact that they
| do not register .de domains.
| egorfine wrote:
| > I like their products
|
| I do, too. What I don't like is that they became too large and
| now are effectively in position to gatekeep the whole internet.
| python273 wrote:
| It's really not that hard to run a mailserver with
| https://github.com/docker-mailserver/docker-mailserver
|
| The problem is that Gmail will bounce any emails from
| DigitalOcean IP, even if you sit on this IP for years (so no
| recent spam), even if replying to someone, even if you
| registered as 'Postmaster' on Google.
|
| So if you want to selfhost, you'll first need to find an IP
| that's not blocked to begin with.
| jasondigitized wrote:
| Resend was a breath of fresh air for me recently.
| TZubiri wrote:
| I see this common pattern where a previously private
| infrastructure is opened up (usually from low abstraction), and
| the ecosystem is split into an open base and a private thin
| layer, and that private layer might just reimplement the same
| tradeoffs that the incumbent private monoliths made.
|
| Examples being Git/Github, Crypto/Centralized Exchanges, and as
| per the topic, email.
|
| But I think that it's an important distinction that the base
| infrastructure is open, and that technically an incumbent could
| join the fray, albeit with a lot of catching up to do, and mix
| it up.
| cloudflare728 wrote:
| This is exactly the service I was looking for. I am using
| cloudflare email forwarding but couldn't find anything about how
| to send form data from webpage to email.
|
| All the email service that I could find has monthly subscription,
| no pay as you go offer. Hopefully, cloudflare will offer pay as
| you go.
|
| Is there a way to get priority in waitlist? I don't mind bugs.
| lagniappe wrote:
| For fuck sake is nothing sacred anymore
| iamacyborg wrote:
| Will be interesting to see how good of a reputation they can keep
| (IP/sender reputation, specifically) given their historically
| very libertarian attitude to compliance.
| superkuh wrote:
| No doubt cloudflare will refuse to receive emails from any
| mailservers except those that run special cloudflare extensions
| or whatever. It'll be a whitelist that's mostly corps only. For
| "security" of course.
|
| And eventually it'll be so popular other mailservers will stop
| accepting mail from any except cloudflare/ms/apple/etc.
| NetOpWibby wrote:
| Where are you getting this from?
| superkuh wrote:
| How cloudflare treats web browsers and their proposals for
| acting as gatekeeping for allowing websites to be spidered
| re: AI motivated corporations. Also cloudflare's near weekly
| proposals of unilateral protocol features that should be
| IETF'd but instead they just do and make others do because
| they're gatekeepers and they can. I expect them to keep
| behaving as they have and so posited likely 'cloudflare'-like
| actions for their announced attack on email.
|
| I get that most people never feel the discimination and
| exclusion mediated by cloudflare because most people are just
| using chrome or whatever standard browser on their phones.
| But just because one doesn't have the lived experience of
| discrimination doesn't mean it isn't actively happening to
| lots of people.
| Romanulus wrote:
| "Centralizing the decentralized." --(probably) Cloudflare
| _blk wrote:
| This is indeed great. I've been using emailjs dot com for low
| volume sending so far but they connect to your account and send
| it through there which is obviously problematic.. Will be
| interesting to see how pricing for low volumes is there. So far,
| I've found CF to be more than fair, esp. given their potential
| for abusive pricing.
| observationist wrote:
| It's always shocking to me how many people blindly sacrifice the
| principles that make the things their lives depend on actually
| worthwhile. The internet isn't just a thing that happened, it was
| developed and rolled out under specific principles and vision,
| and violating those principles destroys the system.
|
| The internet doesn't work if Matthew Prince gets to act as global
| gatekeeper, or if CloudFlare gets conscripted as the new PRISM or
| NSA censorship and surveillance apparatus whether they want it or
| not. Given the profit incentives and intense pursuit of control,
| it's apparent (to me, at least) they're positioning themselves to
| profit off of the next big horsemen of the infocalypse
| opportunity.
|
| Centralized control and gatekeeping of the internet, private or
| otherwise, should be shunned. Sacrificing that for walled garden
| features is despicable.
|
| Don't shit in the village well, even if the guy selling bottled
| water says he'll get you a great deal. There are better ways of
| doing things.
| BinaryIgor wrote:
| In principle I agree, but in practice - what the better ways of
| doing things, as of now?
| observationist wrote:
| Use other services where necessary, and sparingly. Use only
| what's functionally necessary, and diversify. Encourage your
| employer or organization to avoid vendor lock. Don't ever
| meet with salespeople, stay in charge of your websites and
| infrastructure. Find a highly disagreeable technical engineer
| to tell you what you can get away with; you probably don't
| need the scale of the things CloudFlare, AWS, et al impose by
| default.
|
| AI right now can do all of that for you; pay for the best
| initially, have it do deep searches that meet what you need,
| and find appropriate contractors and services. Drop down to
| the plus tier after you get what you need initially, if the
| $200+ versions are too steep, but you can absolutely afford
| one month to plan an overhaul that doesn't empty your wallet.
|
| Mandate open standards and bake in flexibility to your
| organization; pivot frequently and aggressively away from
| companies and services that don't meet your principles or
| standards.
|
| Wherever possible use self hosting, decentralized protocols,
| open standards, FOSS software, and pay for expertise over the
| massive overkill "but wait, there's more!" the conglomerators
| offer. Their economies of scale serve to consolidate unearned
| and unaccountable power, often in cooperation with very shady
| players.
|
| Yeah, tragedy of the commons, this is why we can't have nice
| things, because it's hard, and complex, and actual evil
| people exist who will absolutely ddos sites and exploit every
| and any opportunity to grift people out of their money.
| Cloudflare is a well marketed bundle of solutions for real
| problems, but it's definitely not the only solution.
|
| It's up to you to what extent you compromise on principles -
| with AI it's becoming much easier to find acceptable
| alternatives without having extensive domain expertise.
| Normal search engines are almost completely captured by SEO
| and big market players, and we have a window of opportunity
| to use new AI search to find things that defy the status quo.
| The window will probably close sometime in the near future,
| but until then, take full advantage and position yourself to
| not be subject to companies or industries that shouldn't be
| taking it upon themselves to gatekeep the internet.
|
| Also, yell at your representatives about getting a digital
| bill of rights, protecting the open internet, breaking apart
| monopolies, and cultivating what's best for the internet, and
| the world.
|
| We have to stop pissing away the good for the convenience of
| the cheap.
|
| /soapbox
| BinaryIgor wrote:
| Good points - thank you for a thoughtful answer!
| AJ007 wrote:
| Agreed.
|
| One thing I've grown concerned about, after watching the
| Twitter migration fizzle out, is we can imitate the old
| internet on a small scale, but on a large scale it just doesn't
| work. For Twitter specifically, the outcome was even worse,
| many users just migrated to other more centralized services or
| existing monopolies (like Instagram.)
|
| Users are too used to being able to instantly stream 4k HDR
| 60fps. They are too used to limited amounts of spam. They are
| too used to having most non-agreeable content filtered. All of
| this stuff that big tech delivered now is replicate-able at the
| cost of tens of billions of dollars. The only business model
| that can pay for that is owning a giant ad platform.
|
| Thinking about all of the issues the EU has had enforcing
| things like GDPR, which big tech companies largely haven't
| followed for years or straight up lied to their customers
| about, along with a possible failure of the DMA now due to
| tariffs.. and yet on the other side of the Atlantic, the US
| utterly failed to ban or control Tiktok. Endless announcements
| of upcoming deals that were either lies (Oracle protecting
| American's data) or postponements.
|
| Meanwhile, all of the spam, hacking, bots, and DDoS attacks
| persist and grow, along with layer upon layer of (probably
| intentionally) poorly written and often conflicting legislation
| across multiple jurisdictions have truly made it impossible for
| the internet as it was designed and meant to exist to continue.
| (Sure you can just set up a basic web forum like you could do
| 20 years ago, not use Cloudflare, not host it at a major
| datacenter, and ignore all of the GDPR and age verification
| laws, but good luck. Hell, it doesn't even sound like it's
| really legal to run a Mastodon server anymore.)
|
| One small hope is that if internet companies follow any pattern
| we've seen in other industries, when the growth ends, the
| managers will switch to tearing the conglomerates apart in to
| pieces and selling them off. One day CloudFlare might be split
| in to 30 pieces, along with Alphabet, Meta, and Amazon. But it
| could be a while.
| SirHumphrey wrote:
| Sure, I wouldn't want the Linux foundation or other pieces of
| critical FOSS infrastructure to be routed via Cloudflair. But
| if I am setting up a web shop for somebody they usually care
| much more about someone at least pretending to be doing
| something about a ddos they got hit with that the decentralised
| internet.
|
| To quote Raytheon "Morals are cool but 90k/year sounds a lot
| cooler".
| lloydatkinson wrote:
| Interesting development. Not really sure I trust Cloudflare on
| this one, the last time they tried this with "MailChannels" they
| got a bunch of people to use it and then killed it off a few
| months later. Still, their blog post was never updated to say the
| feature was removed: https://blog.cloudflare.com/sending-email-
| from-workers-with-...
| kentonv wrote:
| MailChannels is a separate company from Cloudflare. At one
| point they offered a Workers integration, and Cloudflare
| blogged about it because we like to encourage such things.
| Unfortunately MailChannels later decided to discontinue their
| integration.
|
| The new email product is built and operated by Cloudflare
| itself.
| mercurialsolo wrote:
| Cloudflare is the new AWS
| NetOpWibby wrote:
| I like this version of AWS
| cube00 wrote:
| Give it time, we always like them in the beginning.
| jasonjmcghee wrote:
| I feel like I'm missing something based on some of the comments
| here. How is this different than from SES? (Why is this
| controversial?)
| ZeroCool2u wrote:
| A lot of folks find SES or even just the broader AWS experience
| unpleasant.
| jasonjmcghee wrote:
| Oh sure, a nice emailing experience (compared with SES) seems
| positive. But there are negative comments like Cloudflare
| shipping this is net negative, so just trying to understand
| the context.
| wiether wrote:
| The negatives are probably around the fact that Cloudflare
| is soon to be the master of the web (80/443)
|
| If they launch an email service and are as successful, they
| could become the master of the email (25/465)
|
| So soon, they'll be the master of the entire Internet
|
| To be clear: I don't share this view, in part because
| Google and Microsoft already are the masters of the email
| jasonjmcghee wrote:
| Thank you for the context
| freetonik wrote:
| Finally. My two production projects are built entirely on
| Cloudflare workers platform, and I dread every time I have to
| login into AWS to manage SES. I even wrote a note for myself with
| instructions which buttons to press and where to navigate, like
| you'd write for your elderly relative who's "not good with
| technology".
| aprilnya wrote:
| Honestly this is why I like what Cloudflare is building
| nowadays. They aren't just a CDN but rather they're becoming a
| full on cloud, like AWS and Azure are - except their developer
| experience is just so incredibly better than any other cloud
| babuloseo wrote:
| I need to send upto 50k-80k emails per month
| codegeek wrote:
| Cloudflare at some point will basically compete with AWS as the
| entire infra platform for developers. They are slowly building
| tools one after another.
|
| I am really excited to follow how their Containers platform
| matures as it is still too early.
| everfrustrated wrote:
| Yup and why their share price has rocketed. Nobody in the CDN
| industry is making money - a large player went bankrupt
| recently. You don't want to look at Fastlys financials and
| share price Cloud is where the money is.
| mobilio wrote:
| Yup
|
| https://stratechery.com/2021/cloudflares-disruption/
| BinaryIgor wrote:
| Cloudflare have great products and engineering expertise, but it
| starts to get into a concerning territory; what kind of influence
| over various protocols of the Internet they (might) have.
| cube00 wrote:
| Especially when they decide you've used too much and shake you
| down for a higher business or enterprise plan.
| njsubedi wrote:
| Finally!
| citizenpaul wrote:
| WTF Cloudflare you are using a google form for the beta sign up?
|
| Sign up to the waitlist here. https://forms.gle/BX6ECfkar3oVLQxs7
|
| Edit: I see its an email sending service not client.
| wiether wrote:
| > This really irks me.
|
| It shouldn't.
|
| They are not launching a complete emailing service, this is
| just a service that you use to send emails from an app.
|
| "Moving" to their service is as easy as updating your DNS
| records so they can be seen as an authorized sender.
| divbzero wrote:
| To be clear, Cloudflare Email Service is not a full-blown email
| provider like Fastmail, nor is it even comparable to email
| services like AWS SES or SendGrid. Cloudflare already offered
| email routing and Cloudflare Email Service just adds the
| ability to send email via Cloudflare Workers, so there's a long
| way to go before Cloudflare could be an option for replacing
| Fastmail.
| XCSme wrote:
| What would be the difference if we are talking about
| transactional emails? Why not comparable to SES?
| divbzero wrote:
| You know, it might be closer to AWS SES and SendGrid than I
| thought initially. My first reading of blog post gave me
| the impression that Cloudflare Email Service was designed
| for Cloudflare Workers only because that's what they
| emphasized upfront. But I missed this piece:
|
| > _We're also making sure Email Service seamlessly fits
| into your existing applications. If you need to send emails
| from external services, you can do so using either REST
| APIs or SMTP._
| TiredOfLife wrote:
| That's nothing. One of the recent CloudFlare outages was
| because they hosted some essential stuff at Google cloud and
| that had an outage
| mtrovo wrote:
| Kind of off-topic, but it's such a pity that we arrived at email
| as the local minimum for the best communication protocol for
| transactional messages. Having to set up an email service just to
| be able to enable authentication flows on a new website is such a
| hindrance that I keep wondering if it would be different if
| sending push notifications to a cell phone was made an open
| protocol..
| ectospheno wrote:
| Spam push messages don't need to be a thing. Ever.
| pphysch wrote:
| China was able to pull that one off, pretty much no one uses
| email there.
| mtrovo wrote:
| What exactly are they using? Wechat messages?
| parliament32 wrote:
| For registering/authenticating to service, SMS mostly. Same
| deal in Russia in my experience, basically every
| website/service signup asks for your mobile number and just
| texts verification codes.
| eikenberry wrote:
| So smart-phone is required for everything there? No
| computer flows for website access? "We" definitely don't
| want that... but many others do as it takes control away
| from people.
| gabelschlager wrote:
| Smartphone is required for everything there, yes. Signing
| up for services, authenticating yourself (e.g. when
| entering a train station), payment, social media, etc.
|
| Computers used to be expensive and people had less money
| back then, so most of the country essentially just
| directly upgraded to smartphones. Many don't and never
| used to own a PC outside of work.
| tavavex wrote:
| For just SMS authentication, you just need a phone. Any
| kind of phone.
|
| But it also just so happens that in both of those
| countries, you must have your identity attached to any
| SIM you purchase. So, anything that makes you register
| with your phone number will indirectly link your real
| identity to that registration. It must be very convenient
| for their governments!
| parliament32 wrote:
| No, any kind of phone that can receive codes over SMS
| will work (like the ultra-cheap feature phones you can
| probably get at your local corner store). From a computer
| browser, you still enter your mobile number to login,
| then enter the verification code it sends you over SMS.
| I've also seen sites that offer phone call as an
| alternative to SMS, so you can presumably also login from
| a landline.
| citizenpaul wrote:
| I hear your pain. However I think if you really look at it
| email is a good thing. Its brokenness is a highly desired
| feature. It is the last generally accepted tech bastion that
| keeps us from becoming some sort of always on the job star trek
| borg style creatures that cannot have plausible deniability
| that the computer failed.
|
| Oh i didn't get that email.
|
| Oh spam filter.
|
| Oh so backlogged on email.
| charcircuit wrote:
| This is the fate of most open protocols. It becomes too hard to
| migrate to a new spec due to the increasing difficulty of
| coordination and then the protocol gets stuck in time.
| parliament32 wrote:
| It's because every communication protocol since has been a
| walled-garden with a rent-seeker attached. This is why open,
| federated protocols are so critically important.
| oulipo2 wrote:
| JSX email is an improved fork of the (very slow to be updated)
| react-email code https://jsx.email/docs/quick-start
| pizzafeelsright wrote:
| This is good and I am fairly certain email is dead with AI,
| hopefully soon.
|
| I went from hosting my own pop/imap/smtp email to ignoring it
| almost completely at work and personal for a variety of reasons.
|
| Text messages and chat or X/message boards are all I use now. I
| have the same ability to deliver messages, content, forward,
| save, export, and migrate between platforms. The spam in SMS is
| tolerable at this point.
| lxe wrote:
| I hope it doesn't throw you in a mental health crisis when
| attempting to set it up like AWS SES does.
| willsmith72 wrote:
| Ahhhh I've been waiting so long for this. SES is the last thing I
| have to keep logging into the clumsy AWS UI for
| cube00 wrote:
| > Now, sending an email is as easy as adding a binding to a
| Worker and calling send
|
| I hope it's easier to setup then the current mess of needing to
| use Wrangler to setup the send_mail binding the CF worker console
| can't even show in its binding list.
| pikdum wrote:
| As someone not currently using Cloudflare Workers, I'm not sure I
| want to build a worker and figure out how to interface with it
| though my existing application just to send email. What happened
| to SMTP?
| thomgo wrote:
| REST APIs and SMTP will also be available
| pikdum wrote:
| Oh cool, somehow missed that. :)
| maghfoor wrote:
| I would actually use an email service from Cloudflare. That
| literally means I don't have to rely on anything else to host my
| apps. Currently I use email forwarding to send emails to a
| different email address from my custom domain. This would help a
| lot
| danielspace23 wrote:
| How is that a good thing? Are we, as a society, forgetting the
| value of diversification, or just ignoring it because
| convenience is good? Do you really want to be just one wrongful
| ban away from being completely offline?
| tacone wrote:
| Email sending providers have become a bit of a cartel, with
| prices usually rising overtime. I am expecting much lower prices
| from cloudflare.
| htrp wrote:
| shut up and take my money!
| smacker wrote:
| That is exactly a service I was hoping Cloudflare would provide.
| Simple binding using wrangler is really a life quality upgrade
| when starting new projects.
| FuriouslyAdrift wrote:
| Everyone just forgetting Fastmail exits.
|
| https://www.fastmail.com/
| troupe wrote:
| Is Fastmail in any way similar to what is being described here?
| Fastmail looks like a replacement for Gmail or maybe Gsuite.
| FuriouslyAdrift wrote:
| Sorry... I though Cloudflare was offering full service email
| (SMTP/MTA). If it is just SMTP outbound email, then SMTP2Go
| would be a better alternative.
| dewey wrote:
| Fastmail is mentioned on every email provider suggestion thread
| on HN (Because they are great, happy user!), but they are not a
| transactional email provider which is what this product is
| about.
| FuriouslyAdrift wrote:
| By transactional, do you mean a bulk sender? For that, I
| recommend SMTP2Go.
| segmondy wrote:
| Only a matter of time till Palantir acquires them.
| keeda wrote:
| What are people's experiences using their current Email Routing
| service? Mine wasn't great -- right after I set it up I could not
| get a single test email through to my recipient account despite
| multiple attempts. No delivery failure emails or any responses at
| all. Nothing on their dashboards either.
|
| Searching their community threads turned up several other folks
| who had encountered similar silent failures that were never
| reported on the dashboards or any status page, leading them to
| question the company's interest in supporting this feature. I
| tabled that idea at that point as it was not critical.
|
| A few months later, I randomly tried sending a test email again
| and it just worked. However, the initial experience left a bad
| taste in my mouth. Could I trust it to start routing critical
| emails?
|
| Wondering what other folks here have experienced...
| pier25 wrote:
| I use it with a couple of addresses. No issues so far.
| cr3ative wrote:
| They enforced ARC without any notice which failed
| deliverability by about 50% for my catch-all address. I only
| noticed when someone told me they had emailed and it didn't
| come through.
|
| I just don't trust them now. That was a huge misstep.
| jamescrowley wrote:
| I had a similar experience and backed away from using it - non-
| spam emails were getting spam filtered without visibility or
| notification.
| NoahZuniga wrote:
| > Imagine a user emails your support address. A Worker can
| receive the email, parse its content, call a third-party API to
| create a ticket, and then use the Email Sending binding to send
| an immediate confirmation back to the user with their ticket
| number. That's the power of a unified Email Service.
|
| This is/was already possible. You can just reply to an email from
| an email worker.
| joshcartme wrote:
| I had the exact same thought. I guess now you could put
| something in a queue if you have to do non-trivial processing
| before replying, but that's not what they wrote
| xp84 wrote:
| Question for the Cloudflare people: We use sendgrid today, and
| create subaccounts through it (entirely with API calls) to allow
| our customers to add and verify their own domains (with a couple
| of DNS entries the customer can create). Then we can send out
| email on their behalf "from" their domains -- with DKIM, SPF, and
| all that still being happy.
|
| Does the Cloudflare email routing product provide this same
| capability?
| baggachipz wrote:
| I wonder what the pricing will be. I would love to have it be
| where X number are free, then each one additionally will be a
| small price. I hate having to change tiers based on usage. I
| would have no problem funding an account and using that to pay
| for the overage.
| joshstrange wrote:
| I'm interested to see pricing and what the backend dashboards
| look like for this. I'm currently using PostmarkApp for my
| transactional emails and they keep bumping the monthly price and
| my usage is tiny. If I could just pay per email that would be
| better.
|
| That said, I'm hosted on AWS so maybe I should look into SES as
| well if I'm going to replace my email sending service.
| dajonker wrote:
| I haven't experienced any price increase on the cheapest
| Postmark tier over the past 3 years or so? In any case they
| deliver excellent service and as a business earning money and
| sending emails per transaction it's almost free.
| mips_avatar wrote:
| I didn't see any pricing, but it would be amazing if they could
| get close to SES pricing with like Resend levels of usability.
| tambre wrote:
| Anybody know if it supports IPv6?
| tracker1 wrote:
| I keep thinking that Email would be a pretty natural extension
| process with the workers model in general... if they offered
| workers that could handle a tcp connection as stdin/out from the
| application perspective. Especially in concert with D1, R2 and
| other services.
|
| I think the biggest issues would come down to server-side search
| functionality though. For very basic services, and even most of
| common IMAP/JMAP, it could be pretty great. Working on an a major
| email platform is something I've really wanted to do for a while
| now. (cloudflare, call me)
| alberth wrote:
| So will this compete against SendGrid (transactional emails)?
|
| Or is this going after Gmail/M365 (personal inboxes)?
| mrshu wrote:
| This is a SendGrid alternative (transactional emails,
| potentially with a nice API).
| 6thbit wrote:
| > Today, we're excited to announce just that: the private beta of
| Email Sending, a new capability that allows you to send
| transactional emails directly from Cloudflare Workers.
|
| So many comments here assumed from the title they're offering a
| hosted email service, they aren't, they are announcing their own
| Sendgrid.
| stavros wrote:
| That's _exactly why_ I 'm excited. I could really use this.
| toomuchtodo wrote:
| Please blog about it if you do!
| stavros wrote:
| I can, but wouldn't that be a boring post? "I set my SMTP
| servers to this other thing and they still work"? :P
|
| Or do you mean if I get access to the beta? I probably
| won't :(
| SilverElfin wrote:
| What's the point of it for Cloudflare? It feels like they're
| randomly offering different products. Are they trying to be a
| full cloud platform like everyone else? If not, then what?
| qeternity wrote:
| > Are they trying to be a full cloud platform like everyone
| else?
|
| Yes.
| mustaphah wrote:
| More like Amazon SES than Sendgrid.
| throwaway12345t wrote:
| Email for developers will always trickle down to a commodity,
| wrappers will get left behind, acquired, or relegated to a small
| niche.
| ChrisArchitect wrote:
| From Zeno Rocha, CEO, Resend - I just shared this
| with the team: Today, Cloudflare entered the email
| sending market. While I didn't expect this to happen
| today, it didn't come as a surprise either. It was never a
| question of if Cloudflare would add an email sending API, but
| when. Back in 2022, they introduced Email Routing, and it was
| only a matter of time until they added the sending part.
| Some people will see this and will want to migrate off Resend,
| others will say we're dead. The reality is that they are after
| our target audience, otherwise they wouldn't create an example
| showing how to use React Email on their announcement post.
| Still, I truly believe this is good news. Here's why:
| When Cloudflare introduces millions of users to their email API,
| they're creating our next users. Developers will run into
| limitations and will want more from an email service. They will
| need bulk sending, advanced templates, no-code editors, and a lot
| more. That's where we step in. Email is not a winner-
| takes-all kind of market, and that's why we've been able to enter
| such a competitive space and still thrive. Competition is good
| because it forces the best product to win. We cannot
| let our guards down, and lose our sense of urgency. The bar is
| higher for us right now, but if there's a team that knows how to
| increase the bar, that team is this.
|
| (https://x.com/zenorocha/status/1971260006654742780)
| jlundberg wrote:
| For people looking to self host email, the mox software is
| surprisingly refreshing.
|
| Open source and available here: https://xmox.nl/
| mixcocam wrote:
| I hope they enforce the use of plain text versions of html email
| :)
| xaxaxa123 wrote:
| Cloudflare is NSA/CIA.
| Velocifyer wrote:
| I thoght this was a service like migadu or proton mail
| sroerick wrote:
| Tangental - could you deploy something like webtorrent which uses
| seeds, mitigating a DDOS attack? Is this what IPFS would
| theoretically do, if web gateways were not used?
___________________________________________________________________
(page generated 2025-09-25 23:00 UTC)