Interesting history and analysis of SMTP’s history. How can we prevent fedi and other open protocols from suffering the same fates?
I don’t buy this. I’m still using SMTP on my own domain and it’s working fine, a bit of spam but not unmanageable, real messages get read. Main challenge is digesting so many potentially-interesting list messages, indicating email’s continued dominance for professional topics. Seems this author has another agenda.
Having said that, it’s a pity the world never agreed a protocol for micro-payment for emails (and for many other services), which would resolve the spam problem, and not be a burden for honest users.
I also host my own mailserver and I agree that it mostly works fine. However, there are some email providers that cause trouble:
Google seems to randomly sort some of my mails into the recipients spam folder, while others are delivered fine to the respective inbox. It kinda sucks that you can never be sure whether the recipient actually received your mail or whether they just don’t reply. My IP and domain are not blacklisted on any spam list; SPF, DKIM and DMARC are set up correctly as well.
Even worse is the Telekom (German ISP), who use an explicit whitelist of IP addresses (only IPv4 of course) and require you to display your contact information publicly on a website reachable via the same domain your mailserver uses. Once you’ve set this up you need to message them to be put on their whitelist. If you’re not on their whitelist, they simply reject your mails, they are not even delivered to the spam folder (maybe it’s not worse than Google, because you at least get a notice from your mailserver that your mail couldn’t be delivered). In the end I decided that I don’t care enough to comply with their regulations and just don’t send any mails to Telekom customers.
Aside Google and Telekom, I’ve really never had any issues though.
Defederating bad actors/spammers should in theory be good enough? Domains aren’t free and I don’t think it’s worth it for them to buy a new domain to just be able to spam for a short time again.
But most people don’t pay for software, especially if there are “free” and legal alternatives.
I’m not sure what you mean with that or how it relates to what I said, could you elaborate?
As I understood you said that we should make email paid to stop spammers.
Domains aren’t free and I don’t think it’s worth it for them to buy a new domain to just be able to spam for a short time again.
Literally what e-mail spammers do.
Agreed defederating can help solve obviously malicious instances, it doesn’t solve spammers abusing good instances. E-mail and AP are very similar at a protocol structure level.
Is it though? Don’t email spammers just spoof the domain or send without a domain? I’m not entirely sure if that’s different from how the fediverse works. I’m not too knowledgeable about this topic.
Don’t email spammers just spoof the domain or send without a domain?
They do both, depending on the spammer and the type of spam they send. In e-mail, you have an e-mail server, you can use it to send mail to users on other e-mail servers. Each e-mail server can choose to accept or reject email from other e-mail servers based on whatever reason they want. AP/Lemmy/Mastodon is basically identical to this. I’m not sure how exactly bluesky is setup but I get the impression it’s similar. In Nostr, servers aren’t federated (each relay is seperate, if you want to send/recieve content to another user on a different relays you just talk to that relay directly instead of having “your relay” act as an intermediary), but the structure is still pretty similar.
Nostr does have this hashcash type system (requiring proof-of-work to weed out spam), but I haven’t come across any relays that actually enforce it, it will be interesting to see if that changes in time. I also saw a GitHub issue about adding something similar to AP but I think they chose not to implement it.
Don’t email spammers just spoof the domain or send without a domain?
Very much so. Out of the spam that I do see in my inbox, the sender domains are usually spoofed, while the reply-to addresses are usually gmail.com, hotmail.com or outlook.com.
You need to set up dkim to prevent spoofing. Each message sent has a digital signature that matches one on a DNS record for your domain. You can also set an SPF record, which will tell the recipient what up addresses are authorized to send mail on behalf of your domain.
The recipent must have policies in place that reject mail which fails dkim/spf
I should have expected the rug-pull at the end when I read:
You may know me as a Bitcoin educator and engineer
However, I was still surprised!
i can’t read anything that’s presented with that shitty cover image without a hint of irony
You can’t successfully use a home email server.
Mostly true (server can be home but using the ISP network directly probably won’t work)
You can’t successfully use an email server on a (cloud) VPS.
Bullshit
You can’t successfully use an email server on a bare metal machine in your own datacenter.
Bullshit
As such, it is my distinct displeasure to declare the death of SMTP. The protocol is no longer usable. And as we can see, this devolution occurred organically.
Bullshit
Sure, you can run one, good luck getting even a halfway decent delivery rate to mailboxes at any major mail provider. Even if they never receive a spam message from your server, your server is an “unknown” which counts against you. And if one person in your small company of 10 or 100 or even 1000 people gets their e-mail hacked and sends spam? Prepare for the rest of them to get punished for it. Running an SMTP server is a nightmare which is why, over time, more and more of the economy has just shifted their SMTP servers to organizations who professionally run SMTP servers instead of having their own.
I am running my own mailsever for over 10 years without any blacklisting problems…
Right, but try doing that with a 10 day old server created in 2024. That’s the hurdle people are referring to.
You’re spot on, and even smaller ISPs routinely get blocked by larger hosters (anyone who doubts this, please look around for the many stories along the lines of “gmail silently drops my email”)
Residential IP blocks are scored much higher and given a negative trust from the start - not surprising since that’s where much of the world’s spam comes from through compromised computers, routers etc.
I work as a Sysadmin for a web host who sells VPS’s. I’ve helped many people setup domains on their server to cover SPF, DKIM and DMARC passes on a daily basis. Most use these for personal or business level mail delivery without issue.
Are there hurdles to overcome? Sure. But it’s not exactly hard as long as you have a IP that’s isnt a poor reputation (which as an ISP we help delist and improve). But it’s not impossible.
Its more “convenient” to use a third party mail provider just as Office365 since you pass on all that setup and responsibility onto their framework, but it’s not hard to setup a decent level of mail service yourself.
That’s not why people move to big hosters.
They move because you don’t need to waste money managing them, and they have reliable backup
We used to host our own, but big providers are so cheap and have such a good interface that it doesn’t make sense to host our own.
It’s the same reason why most companies don’t host their own web servers.
Even large corporations use AWS or similar.
Can, yes.
Should, maybe.
Enjoy doing, unlikely.
And for sure your home isp has all the email ports blocked upstream.
With all that being said, to call SMTP dead is wildly insane. I do figure it will die someday though. Probably around the same time of universal IPV6 adoption during the year of the linux desktop.
My ISP doesn’t. It an electric company that offers fiber, so not your typical telecommunications company. Still though, not a single blocked port.
On topic, I tried an email server and it is too much of a pain in the ass IMHO, without the requisite training and experience, but certainly not impossible.
My most recent ISP does CGNAT. They don’t hide it, it’s mentioned in their support pages. A quick email is all it takes to switch you over to an open address though.
Anyway I’ve got a $5/mo server with akami that looks after my email and it’s associated domain.
It took about three hours of following a guide to set up DMARC and etc etc and it works unobtrusively, and is about ten times faster than my old ISP IMAP account that I had for about twenty years.
I’m going to add “bullshit” to the first. I’ve gone 2 decades running a few email domains on my home servers, on 3 different ISPs. Its not rocket surgery.
Same here. Static IP though. I did set up another experiment with a haproxy vps just to see if I could do it if I lost my static IP, worked perfectly done that way too.
Fail2ban, pfblocker, and soamassassin work great.
