Hi,

It had been twenty year that I stopped my couples of self-hosted email servers… ( That did run on a 10 years span )

Now, I’m digging to relaunch one… OMG the GAFAM etc… did well screw us !!

Selected quote (I'm open for more)

 

13 June 2023 10:06
You’re right. It’s a mess nowadays with email hosting because Google for example just rejects everything except the other big services even if you comply with DKIM etc. Fuck them honestly

25 November 2024, 16H57
I guess what I mean is that even a single user email system is a pain.

Want to send an email from one person to another? Stupid easy, I can do that with a single command.

Want to be able to send messages over long periods (years) to friends/family AND clients AND prospective employers (who are probably running their own email system) AND various businesses that you are trying to get support or services from? Well, okay, but the more messages you send, the more chances for some douche (or automated system) to report as spam because they think that anything other than @yahoo or @gmail is a hack-spam (I’ve had this happen, and had someone call me frantically telling me that my identity was stolen, and I had to tell them it was actually me; People are fucking stupid). And if you navigate all that, you still have to worry about your IP going wayward because you needed to change your infrastructure for some reason (switching regions, system types, whatever), and if that happens you basically start from scratch with an IP that might have had a shitty reputation (even if only due to range association).

And it’s not just needing to maintain your IP/domain/account reputation with dumb people/systems/lists. You also need to set up SPF and DKIM or you’ll be summarily rejected (even though SPF has fallen out of favor, some services still use it, or use both). One time config, sure, but not intuitive unless you work with systems all the time, and it’s just a matter of time before they introduce yet another secure email verification system that you need to jam into your DNS (or server, or header, or…).

So now you’re sending mail (probably), but you still have to receive it. More DNS configuration, and you have to make sure your email server never goes down, or you permanently miss any messages you might have gotten (yes, email systems are supposed to retry, but I’ve seen a LOT of admins at very recognizable names in email basically just retry for 15 minutes then dump the mail, rather than keeping their outbound queue backed up for multiple days).

And god help you if you set up multiple incoming servers, because now you have to deal with some kind of centralized storage, which itself also needs multiple nodes to avoid yet another SPOF. Again, not super hard by itself, but now you’re basically designing multi-tiered infrastructure, which you have to maintain and pay for. We’re definitely in for more than you’d end up paying for an email service, and that’s not counting your personal time at all (which even a single hour of is probably double the monthly cost of an email provider’s top tier offering, if you know how to manage all this crap).

TL;DR, you’re still not wrong that centralization is very, very bad, but if you actually care about people receiving your messages, and not missing any important incoming messages, it’s not easy to deal with. Not saying people shouldn’t try it, but they need to be ready for a mountain of headaches.

I think those two post summarize well what happened…

On the technical level email are OLD ! ~1982(SMTP), and since then few revisions were released, but they only build extra thing complexity on top of it !! and the last revision date was in 2008 ! ( 17 year ago… )

And they are complex because of this build-up,
For the example, the list of the daemons running in docker-mailserver give a clue…

  • Postfix
  • Dovecot
  • Rspamd
  • Amavis
  • SpamAssassin
  • ClamAV
  • OpenDKIM
  • OpenDMARC
  • Fail2ban
  • Fetchmail
  • Getmail6
  • Postscreen
  • Postgrey
  • Support for LetsEncrypt, manual and self-signed certificates
  • SASLauthd with LDAP authentication
  • OAuth2 authentication

On the mass level, the GAFAM managed to convince the mass that email server (and more broadly any self-hosted (aka computing) ) is complicated, so “let’s us do” that could be understand as “Let’s us own your technology”

For a time I was thinking “maybe I should get away from email, that only belong the GAFAM now… and maybe found an alternative… ?” But If I found an alternative, I must convince the others to do the same… slower… way slower…

No ! , the first step is to have more and more people re-owing their technology ! So having more and more self-hosted email server again…

To reverse the tendency, instead of feeling like a black sheep (and be censored) to not have a GAFAM email. It will be people that use a GAFAM email that will pointed out ! to have deleted ( or move email to SPAM without reason etc…) your email from YourEmail@MyLittleHosting.MyPlace

If you use a none GAFAM email ( like me ), and someone tell you:
“hoo sorry I didn’t get it”
“Sorry, I didn’t see it, it felt in my SPAM folder” (with a tone that’s your fault because you use something else than everyone else (aka GAFAM))

Please note, that legally, is their responsibility ! Whenever it was automated or not !
If your MTA[1] did send your email the the recipient MTA it’s their sole responsibility…\

and if the attempt has been blocked before reaching the destination MTA, by a firewall or something else on their side (even on ISP level), no matter if they own it or not, it’s also their responsibility :) )


  1. Mail Transfer Agent Handles the transfer of emails between servers using SMTP ↩︎

  • hexagonwin@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    24
    ·
    5 months ago

    email does still seem like the least bad way of receiving stuff from corpos though. I’d rather get emails than whatsapp messages or nonfree apps’ push notification.

    • hendrik@palaver.p3x.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      5 months ago

      Yes, this. And with WhatsApp or an dedicated app they’re either directly on your phone. Or have your (personal) phone number. Which isn’t great. With eMail you can just have another spam address. And that’s more complicated with phone numbers and most people don’t have a second one dedicated to spam and advertisements…

      • Onomatopoeia@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        5 months ago

        Encrypted messaging is unrelated to phone numbers. That’s an issue of using apps like WhatsApp (which I refuse to use), and a beef I have with Signal (part of why I really don’t trust them).

        Simplex doesn’t use your phone number, why would it? It’s not technically difficult to solve this, it’s a business/social/political issue.

        Apps have no need of your telephone number, not that it isn’t hard to find anyway.

        • hendrik@palaver.p3x.de
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          5 months ago

          Of course. These all are different issues. Encrypted messaging has nothing to do with handing out my phone number to everyone.

          I can’t remember why I skipped SimpleX. I tried it some time ago, maybe it sucked too much battery on my old phone… Should I have another look at it? Respectively, is it any good for someone like me who already uses a Matrix messenger? I mean not theoretically, but for every-day use.

    • Onomatopoeia@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      It’s a tough call, I don’t disagree at all with the concerns you pose.

      However… Email is every bit as another data point for tracking you, and worse it’s in the clear. Every email address I’ve ever used over the years is in databases with IP addresses, timestamps, locatiin/region data, last used, associated device ID’s, etc… Plus any analysis from content that was ever done. Yahoo/Google, etc certainly know lots about the user of those addresses, even ones that aren’t their addresses.

      I’d happily use an encrypted system(s). I’d simply create multiple accounts, and isolate them in different ways.

      For example, my healthcare org sends nothing through email except a notification that you have some kind of update. You then log in to their system to view the info. I do wish they’d develop an app for iOS/Android, it’s a bit of a nuisance otherwise. In their defense, App dev with sensitive info isn’t their forte, so at least they aren’t opening that Pandora’s box.