SoylentNews is people
SoylentNews
The Canadian Broadcasting Corporation reports:
A Halifax [Nova Scotia] man is facing the daunting task of going through almost two decades of email messages after his email provider served notice it was deactivating his account in 30 days because of his email address: noreply@eastlink.ca
"I had it since the late '90s, probably 1998 when I really started getting online," Steve Morshead told CBC News.
"I asked for it, it was available and they gave it to me without hesitation."
He said he picked the handle "noreply" because he wanted an unusual address--and back in the '90s, it was.
Morshead never expected to lose his email address, which he uses for communicating with everyone from friends to banks to lawyers. He is in the process of selling his home and says this couldn't come at a worse time.
[...] "Now, after all these years, 20 years almost, I find it reprehensible they want to pop out of bushes and just give me 30 days to go through 20 years worth of emails and decide what I want to keep," he said.
[...] Morshead did ask the company to transfer the contents from the existing email account to a new one but they said no.
"Just flat no. No offers of help. Just the bullying that 'We're going to do it, you're going to take it. That's it.'"
Also at The Inquirer.
(Score: 2) by Nerdfest on Thursday July 06 2017, @07:09PM (22 children)
I see. This happens a lot, does it?
Don't be ridiculous. This would be an exceedingly rare thing to happen. The value in having your own domain is very much better than being tied to an "email provider". This is like saying that there's no point in getting out of bed in the morning as we're all just going to die anyway.
(Score: 5, Informative) by Unixnut on Thursday July 06 2017, @07:46PM (18 children)
> I see. This happens a lot, does it?
Yes, in a nutshell, but it is a bit more insidious than the blunt "seize your domain" mentioned by GP. I provide my anecdotal evidence here (sorry for the length).
So, in the late 90's/early 00's I ran my own email service on my own domain. While msn.com was giving 5mb attachment limits and 30mb storage limits, I had gigs of space and could send large attachments if needs be. All good.
Then Google came along, and all of a sudden all that space, large attachments, and simple interface. The rest of the competition suddenly had to provide similar to stay relevant. At the same time spam emails were becoming bad. Seriously bad, so bad there was talk that it could usher the end of email as a useful communication medium.
Google did really good spam filtering, and others followed. It seems a losing proposition to run your own service, and when I left the family home to go study, I shut down the email server and got a "hosted address" at a place that was called "nerdshack.com", which provided excellent service and security to boot.
Cue the years going by, nerdshack.com renamed itself to mailshack.com, then eventually to lavabit.com, which is what most people knew it as. Then Snowden was caught using it, and it was shut down, and I lost my account.
So, looking around, no other privacy based hosted providers that I could find. Google and the "big hosters" are all into reading your stuff and spreading it far and wide for "monetizing" purposes, so they were out.
So, I decided to revisit my own mail server. Things have changed a lot. Firstly, you have a bunch of companies that provide "spam lists" of what they call "known spammers". In reality they are really lax in what they consider a "spam mail server", and seem to follow a "guilty until proven innocent" methodology for classic mail servers as spammers.
For example, you can't have a dynamic IP, automatically a spammer. In the old days a Dynamic DNS address with mx records was fine. Now it isn't, so you have to pay for a static IP. Even then, if the spam list provider things your static ip falls in a "dynamic ip range" you are screwed. most ISPs, when they provide a static ip, just give you a statically assigned IP From their dynamic list, so you are seen as a "dynamic IP" to the spam list providers.
Next, just setting up the DNS records isn't enough, you have to get your ISP to set the reverse DNS pointer of your static address to point to your email servers domain, instead of the generic rDNS (so no name based virtual email hosting anymore). If you don't do this, you get flagged as a spammer (even if it would work otherwise). So here you need not only to pay for reverse DNS, but your ISP has to be willing to provide it, and many won't unless you upgrade to their "business package" for some outrageous cost per month. Plus once you get it you can only assign it to one mail domain per static IP.
Once you do this, there is still no guarantee you won't be marked as a spammer. Some lists just assume if you are not one of the big "known" email providers, you are a spammer, and you have to prove to them you are not.
I am not alone, this guy ranted quite nicely about it, and I pretty much experienced the same: http://pigeonsnest.co.uk/stuff/crapstuff/sorbs.html [pigeonsnest.co.uk]
Running your own mail server is a massive PITA. Had I known how much harder it had become to do so, I may not have bothered. However now having done it, I will keep using my email system.
However I am never sure if my email actually gets through. Many people receiving email don't even know about the spam lists or blacklists, they never get the email, and I never get a clue to whether it was blocked or not, so if I don't get a response. Sometimes if I ask for a delivery report, the mail server will lie and say "successfully delivered" when it went to the bitbucket (presumably to prevent spammers working out they are being blocked).
I found that GPG signing seems to improve things, having signed emails is a plus when passing spam filters (at least for now), but running your own personal mail server (or just for your family) is much harder.
And the best thing is, they can still pull the rug under you. So I set all this up, but I am still at the mercy of the ISP and the spam list people. If they decide that my ISP IP range has a bit too much spam potential, they can blacklist the entire range, and I'm screwed. My ISP may no longer provide static IP, or reverse DNS changes, or they go bust and I need to find another ISP that provides the same. So many things that can go wrong.
And that is ignoring seizure of domains, which, while rare, can happen as well. That is the worst, because then they can receive all email destined for you, and impersonate you (another good reason to sign everything with GPG, but even then they can create a new private GPG key tied to an identity on the domain). And there have been cases of social engineering being used to unlawfully transfer domains to others, but it seems to have reduced somewhat, presumably because domain registrars were getting it in the neck from people due to lax security.
(Score: 4, Informative) by NewNic on Thursday July 06 2017, @08:29PM (2 children)
I have suffered similar problems with running an email server, but I think that you haven't really touched on the worst issue.
There are ISPs and email providers that seem to have their own lists of spam sources. They refuse to accept email from me, despite it being sent from a private server in a datacenter, despite my IP address not being listed with any reputable spam block list. Perhaps my IP address was used to send spam before I got hold of it, but that was years ago. These ISPs simply don't care. They don't respond to any attempt to contact them to fix the issue.
Hotmail was also a source of problems. They had my IP address blacklisted, but at least they responded and removed my IP address. However, their listing was years old, based on how long I had control of the IP address.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 2) by Unixnut on Thursday July 06 2017, @09:29PM (1 child)
To be honest, I haven't come across that issue. Primarily because I would have no idea if those emails are being blacklisted and for what reason (not like they ever tell you).
I mean, if my IP was used by spammers before, I would not know about it. It isn't like a remote mailserver will respond with "Yeah sorry, this IP is blocked since $date for spamming". Hence I mentioned that I can't ever be sure my emails actually reach their target.
It is a complete fiasco quite frankly, and you've added yet another layer of crap I didn't think of. Thanks, lol.
(Score: 2) by NewNic on Thursday July 06 2017, @09:36PM
What I have found is that, with Postfix (you are using Postfix, aren't you, not that abomination called Sendmail?) it is easy to create a list of domains for which outgoing email is routed through my ISP's mail server. No one is going to block any of Comcast's main outgoing email servers, so this is quite reliable. It requires a login, of course, but that is easy to configure.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 0) by Anonymous Coward on Thursday July 06 2017, @08:55PM
Damn boy
(Score: 2) by tangomargarine on Thursday July 06 2017, @09:05PM (1 child)
Geez, after reading that link...I have a hard time believing anybody could be this incompetent. It must be malicious.
"If you're not satisfied with our service, use one of the following contact methods: {lists 4 different things that are all either broken or actively ignored}."
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by nobu_the_bard on Thursday July 06 2017, @09:19PM
A few IP/domain blacklists are actually malicious. Most are not. The problem is usually the operators of the systems using the lists; they don't really differentiate between them and haven't updated theirs since the 2010. They just throw 50 lists on their system so they can advertise "checked against 50 blacklists!" to clients. They don't really take into account that 20 of them are dead, 20 of them are scams, and 9 are just okay.
Your system can use blacklists but it can't use just one. About the only one I really have the highest confidence in is Spamhaus, but even that one, if there are enough traits the mail is probably okay I let it through. Anyway the goal of these lists is to identify the sending systems, because the actual email addresses and even domains that are on the mail are borderline meaningless (trivial to send each spam mail with its own address).
The blacklists focused on sending systems are okay-ish, but really need to be fast to matter, because most spam are sent out in very tight bursts infrequently rather than a continuous stream. Sending out bursts like that makes them a lot harder to block. After 15 minutes the listing is too old to matter much for better than 50% of spam.
Google doesn't really use IP/domain blacklists. They rely almost entirely on content scanning. This is a riskier proposition for those of us with some dislike to continuously scan the contents of users' mailboxes. Google doesn't care. They'll scan everything in your mailbox constantly and even pop things out to put into the spam folder after delivery.
(Score: 2) by butthurt on Thursday July 06 2017, @09:27PM
Off the top of my head, OVH rejects e-mail for that reason. Many e-mail providers--the great majority, in my experience--accept it.
(Score: 0) by Anonymous Coward on Thursday July 06 2017, @10:03PM
You're not just using your own domain, you are trying to run your own email server.
You're not just trying to run an email server, you also try to run the sending part.
Yes, it's lamentable that that is no longer possible, but most freemail providers allow you to send email with arbitrary "from" address, so you can just forward to such an account and let them handle that.
The worst that can happen then is that you can't send email anymore.
But apart from that, the problem in the article is silly, just using a provider that offers IMAP (NOT Outlook, what they implemented is so broken, calling it IMAP should be considered false advertising).
Then run something like offlineimap or isync and you don't need to care what happens to your email account, the own domain would just be there so that people can still reach you at the same address even if you switch providers.
(Score: 3, Insightful) by Nerdfest on Friday July 07 2017, @01:12AM
This is *not* having your domain seized, which the GP was on about. I assume because it sounded like some other product or service. Bull.
You don't have to run your own email server if you have your own domain, you can get your host to provide it, Goggle, etc. It's still *your* domain though, and it's not going to get seized. er
This whole set of comments have lowered my perception of the people here. I would think that people would know that having your own domain is a *good* thing, and having it seized pretty much *never* happens.
(Score: 2) by linuxrocks123 on Friday July 07 2017, @05:55AM (5 children)
Here's my experience:
I rent a VPS and use it to send password reset emails to people with GMail addresses. The IP address I have has an extremely bad history somehow, and students occasionally have problems accessing my website because some shitty antivirus program they're running thinks it's a malware site based solely on the IP's reputation. (On that ... what the actual fuck? ... antivirus programs are the spawn of Satan I guess.)
The emails get through. Always. They sometimes get put in the spam folder; the students sometimes think the email didn't get through because they ignore the 72-point all caps bold font instruction to CHECK YOUR SPAM FOLDER -- but they do get through. Always.
(Score: 2) by linuxrocks123 on Friday July 07 2017, @06:06AM (4 children)
And, btw, I am doing nothing right with the email server.
I have no MX record. I have no SPF record. I have no DKIM whatever. I'm not an open relay; I'm not actually spamming; but, that's about the only thing I'm doing right running that email server. I literally just did chmod +x rc.sendmail after installing Slackware.
So I do absolutely zero kneeling before the anti-spam gods. No special DNS records to please them. No security-related recitations in the bodies of the messages. An IP with a history so horrible it makes antivirus programs faint at the sight of it (also: fuck antivirus programs). I am the absolute ugliest, shittiest possible domain to be getting emails from.
And my emails get through. To GMail and Outlook 365. They never get dropped, ever, and they only ever go to spam in GMail, never Outlook 365.
So, from my experience, self-hosted email is working. That's my personal experience only, of course, but I thought it was worth saying.
(Score: 2) by FatPhil on Friday July 07 2017, @07:50AM (3 children)
Yet strangely, we use that server for all client communication, we too just have to occasionally tell clients to check their spam folders, and point the finger at them, they have made the incorrect conclusion about the mail, not us.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by linuxrocks123 on Friday July 07 2017, @01:35PM (2 children)
Thank you for the corroboration, but I don't think you needed to be rude to me? My point was "self-hosted email's death has been greatly exaggerated", not "I'm awesome for doing nothing at all". If I was forceful, it was only to counter the loud chorus of "evil megacorps drop any mail not from other evil megacorps as spam".
(Score: 2) by FatPhil on Friday July 07 2017, @02:36PM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by linuxrocks123 on Thursday July 13 2017, @03:55AM
I understand now. Thanks.
(Score: 2) by Reziac on Friday July 07 2017, @06:02AM
A trick for when you're not sure if your emails go through, at least when you expect an answer -- dual reply-to (me@here.com,me@there.net) with the other one being some public provider -- at least that way you can check.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 4, Interesting) by Anonymous Coward on Friday July 07 2017, @08:10AM (1 child)
It gets even worse.
Many years ago, I was hired at a spam company. At the time there were something called SPF and Domain Keys, but they weren't widely used yet. Except for one thing: The number one most important thing when working at a spam company like the one I worked with was to ensure that all our spam mails always had both SPF records and domain key signatures, because then the big e-mail providers (i.e. Gmail and Hotmail) would value our spam HIGHER than real e-mail. The only e-mail we sent out that didn't have SPF and Domain Keys were the ones from the Exchange server, i.e. the actual business mail we sent to lawyers, accountants, etc.
On top of that, there was a company called Senderscore/Return Path (oh my, they still exist) that would provide early warnings when one of our IPs were about to be blocked by Hotmail. Usually between a couple of hours and a day before they blocked. I did they know? I don't know for sure, but they claimed to have some sort of deal with Microsoft, that allowed them to get the data straight from the Hotmail spam filtering system, so that they could inform spammers like us of when it was time to switch IP addresses. And no, that was not us abusing some kind of ISP cooperation facility, the communication we received from them was worded to make it clear that their purpose was to help spammers (I clearly remember the word "campaigns" used, as in "advertising campaigns", aka. SPAM).
(Score: 2) by FatPhil on Friday July 07 2017, @10:46PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 4, Informative) by tangomargarine on Thursday July 06 2017, @08:50PM
Well, it only has to happen once to matter...to you :P
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Friday July 07 2017, @08:15AM (1 child)
It does over here.
Our law says that you are not allowed to own a domain for the purpose of selling it. So if someone wants your domain, they will just claim that you do. Then a judge with no IT knowledge will take a look at your home page (e-mail, SSH and all that stuff he doesn't understand doesn't count), and conclude that since there is no financial purpose of your private web site, that you have no use for the domain other than possibly selling it. And so he orders that it be transferred to the company that wants your domain.
I have personally decided to not get a .dk domain for that reason.
(Score: 2) by kaszz on Friday July 07 2017, @01:57PM
Danish courts are that retarded? Maybe it can be countered with a website documenting some hobby project of yours to make it look occupied?
(not that I hold other courts higher, they seem to be populated with the same retards worldwide)