Interesting history and analysis of SMTP’s history. How can we prevent fedi and other open protocols from suffering the same fates?

  • observantTrapezium@lemmy.ca
    link
    fedilink
    arrow-up
    63
    arrow-down
    3
    ·
    4 months ago

    You can’t successfully use a home email server.

    Mostly true (server can be home but using the ISP network directly probably won’t work)

    You can’t successfully use an email server on a (cloud) VPS.

    Bullshit

    You can’t successfully use an email server on a bare metal machine in your own datacenter.

    Bullshit

    As such, it is my distinct displeasure to declare the death of SMTP. The protocol is no longer usable. And as we can see, this devolution occurred organically.

    Bullshit

    • ramble81@lemm.ee
      link
      fedilink
      arrow-up
      20
      arrow-down
      1
      ·
      4 months ago

      You can’t successfully use an email server on a bare metal machine in your own Datacenter

      Calling complete BS on that. I work in a medium size company and we do just that. Don’t know what he’s thinking.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      4 months ago

      I’m going to add “bullshit” to the first. I’ve gone 2 decades running a few email domains on my home servers, on 3 different ISPs. Its not rocket surgery.

    • makeasnek@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      13
      ·
      edit-2
      4 months ago

      Sure, you can run one, good luck getting even a halfway decent delivery rate to mailboxes at any major mail provider. Even if they never receive a spam message from your server, your server is an “unknown” which counts against you. And if one person in your small company of 10 or 100 or even 1000 people gets their e-mail hacked and sends spam? Prepare for the rest of them to get punished for it. Running an SMTP server is a nightmare which is why, over time, more and more of the economy has just shifted their SMTP servers to organizations who professionally run SMTP servers instead of having their own.

      • the_crotch@sh.itjust.works
        link
        fedilink
        arrow-up
        27
        arrow-down
        1
        ·
        4 months ago

        Set up dkim/SPF properly, make sure the ip you plan to use is clean before you start, sign up for MXtoolbox blacklist alerts and if you get on a blacklist (doesn’t happen often if you do a bare minimum of proactive security), you request removal. It’s really not hard.

      • digdilem@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        3
        ·
        4 months ago

        You’re spot on, and even smaller ISPs routinely get blocked by larger hosters (anyone who doubts this, please look around for the many stories along the lines of “gmail silently drops my email”)

        Residential IP blocks are scored much higher and given a negative trust from the start - not surprising since that’s where much of the world’s spam comes from through compromised computers, routers etc.

  • Handles@leminal.space
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    6
    ·
    4 months ago

    I know there are problems with big email providers subverting decentralisation to benefit their business models, and throttling mail from independent or self-hosted domains. But I couldn’t take the analysis seriously past this statement:

    You may know me as a Bitcoin educator and engineer.

    Yeah well, in that case, fuck you and the hypercapitalist horse you rode in on.

    • makeasnek@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      11
      ·
      edit-2
      4 months ago

      You may know me as a Bitcoin educator and engineer.

      Yeah well, in that case, fuck you and the hypercapitalist horse you rode in on.

      This guy is a protocol engineer, talking about protocols. You may not like like Bitcoin, but it’s pretty hard to argue it’s not one of the most successful, widely-used, and forked open source protocols developed in the last several decades. Bitcoin core is in the top 100 starred repos on Github. It has a unicode character.

      Bitcoin’s market cap (> 1 trillion USD) is bigger than Sweden’s GDP and it moves billions of dollars around the world every year. You can use it to send money to anybody with a phone and a halfway reliable internet connection in under a second for pennies in fees, and it settles instantly. And it’s been working for 15 years without a single hour of downtime, bank holiday, or hack despite pandemics, wars, financial crises, and attempted bans by global powers.

      Like, be mad if you want, but it’s a pretty successful and robust protocol. And if you don’t like it, you can fork it and change it, because it’s open source.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        4 months ago

        No, see — if I dont like it I don’t need to fork it. I can just leave it and all its forks the hell alone. I’d do the same for national currencies if I could, cryptocurrencies are just the same bullshit without the regulatory checks and balances.

        TL;DR — I see what you’re selling and I’m not buying it.

    • ___@lemm.ee
      link
      fedilink
      arrow-up
      4
      arrow-down
      25
      ·
      edit-2
      4 months ago

      Bitcoin is hypercapitalist? A decentralized value store not controlled by any one country and immune to money printing inflation? What are you smoking?

      • Sethayy@sh.itjust.works
        link
        fedilink
        arrow-up
        12
        arrow-down
        2
        ·
        4 months ago

        Capitalists will even sell you communism if it makes them a dime, end result is cryptocurrency is half assed solving a problem that doesn’t really exist.

        Like inflation is a great example, you shouldnt have to add modifiers onto its definition, inflation is inflation - bitcoin by design must inflate

        • ___@lemm.ee
          link
          fedilink
          arrow-up
          2
          arrow-down
          2
          ·
          4 months ago

          By design, it will slowly stop inflating at the snails pace it does vs unpegged paper currency.

          A central bank regulating where money is printed and to whom it’s distributed at what contrived rates is horrifying. It’s also the default in most of the world.

          You can trade bitcoin and use it as a currency in a non-capitalist market. The fact that it has been abused and traded into stratospheric value is a result of manipulation, sanctioned exchanges, and propaganda.

          Bitcoin just allows you to write debits and credits on a distributed, verified, ledger. That’s it really. How the market is regulated is on the people, not the technology. There is nothing inherently capitalist about the technology other than allowing any individual to trade value with another in a free market manner. You would be trying to escape supply and demand dynamics to remove that “capitalist” aspect of it.

          The power draw on the other hand… the first imagining of a digital decentralized and distributed currency was bound to have some problems.

          • Sethayy@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            Snails pace??

            You wanna take a 2 second peek at the value of bitcoin over the past decade (over 7 years bitcoin is about 3000%, USD is approximately 32% over 10)

            Banks do suck but there’s absolutely no reason rich people can’t manipulate bitcoin - maybe even easier than traditional money.

            Put your money in gold or something that actually exists instead of an imaginary number that’s limited in supply

            • ___@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              4 months ago

              That value was increased initially through usage as countries adopted ATMs and online retailers accepted bitcoin. This obviously reduced the supply due to increased demand. Then the speculators started buying it up making it even more scarce.

              It has a fixed amount. It’s normal to rise in value as it becomes more useful for either transacting, holding value, or making money through speculation. You can’t compare it to a 300 year old dollar which was unpegged from gold and has the US economy/government backing it now.

              The dollar is also manipulated, but the effects are less pronounced due to the sheer amount in circulation around the world. Some of the effects are also thrown on other economies through the Forex markets too. If bitcoin were as ubiquitous as the $, it wouldn’t be easy to manipulate either. It’s like having your own coin with only 100 physical coins in circulation. All someone has to do is buy a bunch and refuse to sell and the value rises for the uninformed.

      • Kogasa@programming.dev
        link
        fedilink
        arrow-up
        9
        ·
        4 months ago

        Bitcoin is more widely seen as a vehicle for speculation rather than a decentralized currency. Unlucky.

  • SorteKanin@feddit.dk
    link
    fedilink
    arrow-up
    14
    ·
    4 months ago

    Defederating bad actors/spammers should in theory be good enough? Domains aren’t free and I don’t think it’s worth it for them to buy a new domain to just be able to spam for a short time again.

    • makeasnek@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      2
      ·
      edit-2
      4 months ago

      Domains aren’t free and I don’t think it’s worth it for them to buy a new domain to just be able to spam for a short time again.

      Literally what e-mail spammers do.

      Agreed defederating can help solve obviously malicious instances, it doesn’t solve spammers abusing good instances. E-mail and AP are very similar at a protocol structure level.

      • SorteKanin@feddit.dk
        link
        fedilink
        arrow-up
        10
        ·
        4 months ago

        Is it though? Don’t email spammers just spoof the domain or send without a domain? I’m not entirely sure if that’s different from how the fediverse works. I’m not too knowledgeable about this topic.

        • Handles@leminal.space
          link
          fedilink
          English
          arrow-up
          8
          ·
          4 months ago

          Don’t email spammers just spoof the domain or send without a domain?

          Very much so. Out of the spam that I do see in my inbox, the sender domains are usually spoofed, while the reply-to addresses are usually gmail.com, hotmail.com or outlook.com.

        • makeasnek@lemmy.mlOP
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          4 months ago

          Don’t email spammers just spoof the domain or send without a domain?

          They do both, depending on the spammer and the type of spam they send. In e-mail, you have an e-mail server, you can use it to send mail to users on other e-mail servers. Each e-mail server can choose to accept or reject email from other e-mail servers based on whatever reason they want. AP/Lemmy/Mastodon is basically identical to this. I’m not sure how exactly bluesky is setup but I get the impression it’s similar. In Nostr, servers aren’t federated (each relay is seperate, if you want to send/recieve content to another user on a different relays you just talk to that relay directly instead of having “your relay” act as an intermediary), but the structure is still pretty similar.

          Nostr does have this hashcash type system (requiring proof-of-work to weed out spam), but I haven’t come across any relays that actually enforce it, it will be interesting to see if that changes in time. I also saw a GitHub issue about adding something similar to AP but I think they chose not to implement it.

          • SorteKanin@feddit.dk
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            4 months ago

            Replying to your edit:

            it doesn’t solve spammers abusing good instances

            This is an instance moderation problem. If you’re letting spammers in, you need to use a better application process or something similar to that. A big problem with email spam is that most email services allow anyone to sign up for free without any checks.

            Ultimately defederating bad actors and defederating “good” actors who fail to moderate their own users is necessary.

            • makeasnek@lemmy.mlOP
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              1
              ·
              edit-2
              4 months ago

              This is an instance moderation problem. If you’re letting spammers in, you need to use a better application process or something similar to that. A big problem with email spam is that most email services allow anyone to sign up for free without any checks.

              Which is one reason, this author is arguing, that e-mail has become so centralized. Doing that kind of manual moderation and curation is expensive, the bigger instances out-compete the smaller ones who don’t have as much resources to dedicate to it. As more and more instances get “de-federated” for not having as good of anti-spam measures as the bigger instances, more users will sign up at big instances to avoid defederation risk. Just like how many people use gmail simply because their email delivery rate is so good. If I send from g-mail, there’s very few servers which will reject my message or throw it in the spam folder. I’d love to run my own mail server, but even as a dedicated sysadmin it’s impossible to get decent delivery rates.

              The more anti-spam checks we have, yes we weed out spam, but we also make it accessible to less users as well.

              AP has been blessed so far with not having to fight too much spam. Look at very popular, very centralized, very resourced platforms like Facebook, spam is still a problem on their platform despite massive resources put towards fighting it.

              • SorteKanin@feddit.dk
                link
                fedilink
                arrow-up
                4
                ·
                4 months ago

                Hmm I feel like some pooling of effort with spam detection built into the software (lemmy for instance) could help spread the effort of spam fighting to other, smaller instances and not just centralised to the big ones.

                But it’s difficult to say what will happen I guess. We need to just keep being vigilant when it comes to stopping spam while keeping in mind our shared goal of a decentralised social Internet.

            • Telorand@reddthat.com
              link
              fedilink
              arrow-up
              2
              ·
              4 months ago

              Ultimately defederating bad actors and defederating “good” actors who fail to moderate their own users is necessary.

              Agreed, and this is what makes the Fediverse so good. It would be annoying to lose your instance, true, but you just move to another or roll your own. Additionally, let’s say they start spamming Mastodon from mastodon.social; their messages would go to the Global channel, but if I only ever read Local or Subscriptions, I’ll never see their spam.

              The Fediverse and ActivityPub will continue to evolve, but unlike SMTP, they were created after the internet became adversarial. This author isn’t the first to try to fearmonger over the future of AP, and they won’t be the last.

              • makeasnek@lemmy.mlOP
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                edit-2
                4 months ago

                It would be annoying to lose your instance, true, but you just move to another or roll your own.

                This is a problem nostr solved, and I believe bluesky solves as well though idk as much about the protocol. On nostr, your identity and your instance are different things. Relay goes down? There’s no meaningful impact to you. You’re typically connected to several, each of which store your content. You identity isn’t username@somerelay dot com, it’s just username.

                As a user, I had this happen to me early in mastodon and it was very frustrating to lose all my follows, followers, tweets, settings, etc. I realize there’s now ways to manually backup etc but properly moving an account requires a cooperative instance which can’t happen if it’s de-federated or just drops offline randomly like mine did.

                The Fediverse and ActivityPub will continue to evolve, but unlike SMTP, they were created after the internet became adversarial. This author isn’t the first to try to fearmonger over the future of AP, and they won’t be the last.

                This isn’t fearmongering, it’s him reviewing the ways SMTP tried to solve the spam problem and became centralized as a result. These questions of how we tackle spam and moderation are valid, important questions. And Fediverse, at a structural level, is basically the same as SMTP. We have users at instances (e-mail hosts), they can send messages/tweets/links (emails) to users on other instances. Each instance is free to accept/reject messages from other instances based on their own criteria. That’s the whole thing. That’s exactly how SMTP works.

                • Telorand@reddthat.com
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  4 months ago

                  It is fearmongering, albeit unintended, but I don’t think it completely applies to the Fediverse as it stands. We should always remain vigilant and never complacent, and I’m sure the devs and moderators are keeping spam control in their minds. This isn’t the 1980s, and we’re not trying to retrofit a protocol that came before spam was ever a thing.

        • the_crotch@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          You need to set up dkim to prevent spoofing. Each message sent has a digital signature that matches one on a DNS record for your domain. You can also set an SPF record, which will tell the recipient what up addresses are authorized to send mail on behalf of your domain.

          The recipent must have policies in place that reject mail which fails dkim/spf

      • SorteKanin@feddit.dk
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        I’m not sure what you mean with that or how it relates to what I said, could you elaborate?

          • SorteKanin@feddit.dk
            link
            fedilink
            arrow-up
            4
            ·
            4 months ago

            Nono, I’m saying it costs to spam because spammers have to keep buying new domains as their previous domains get blocked or defederated.

            • GolfNovemberUniform@lemmy.ml
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              4 months ago

              Why don’t they use existing domains? I don’t think 100% of them require a phone number. And didn’t know it’s possible to defederate an email provider.

              • SorteKanin@feddit.dk
                link
                fedilink
                arrow-up
                3
                ·
                4 months ago

                No, my point is that if spammers were to spam on the fediverse, they’d need to buy new domains constantly as their previous domains are defederated, I’m not talking about email.

                • GolfNovemberUniform@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  4 months ago

                  So you’re offering a system that requires the instance/provider admins to manually federate with others instead of the federation being enabled by default?

              • makeasnek@lemmy.mlOP
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                4 months ago

                And didn’t know it’s possible to defederate an email provider.

                It absolutely is, your mail provider “de-federates” aka blocks mail from plenty of other e-mail providers.

  • notannpc@lemmy.world
    link
    fedilink
    arrow-up
    15
    arrow-down
    3
    ·
    4 months ago

    Immediately skeptical by the ai generated tombstone as the article image, and the skepticism was warranted. Massive L take from a “bitcoin educator”.

  • pyre@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    4 months ago

    i can’t read anything that’s presented with that shitty cover image without a hint of irony

  • digdilem@lemmy.ml
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    edit-2
    4 months ago

    (This is as much an answer to some of the comments already raised, as to the article - which like most such personal pieces has pros and cons.)

    As part of a previous job I used to host email for a small business - this was about 15 years ago. I ended up spending several hours to a day a week working on it; apologising to users, tracing and diagnosing missing sent email and the endless, ENDLESS arms war against incoming spam (phishing was much less of a problem then). The trust from the company in our email operation was very poor and you’d regularly hear someone apologising to a customer because we hadn’t contacted them, or answered their email. The truth is much was going astray and staff were relying more on the phone than email because they knew it worked. You might guess from this that I’m terrible at running an email system but I don’t think I am. I started moving email back in the late 80s when Fidonet was the thing, so I have some miles travelled. Tools have improved a bit since then, but so have those used by the bad guys.

    I still consider one of the best things I did for that company was move our company email onto Gmail Business (which was free for us as a charity) Every single one of those problems went away immediately and suddenly I had a lot more time to do more important stuff. I would never self-host email again despite running several personal servers.

    Plenty of people say they self-host just fine, and great for you if that’s so. But the truth is you won’t always know if your outbound mail silently gets dropped and you have a far higher chance of it arriving if it comes from a reputable source. There are a huge number of variables outside of your control. (ISP, your country, your region, your software, even the latency of your MX or DKIM responses factor into your reputation)

    You take the decision on whether any perceieved risks of privacy through using a third party outweighs the deliverability and filtering issues of self hosting, but please don’t say it’s simple or reliable for everyone. If it’s simple for you, you’re either incredibly lucky or just not appreciating the problem.

  • umami_wasabi@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    4 months ago

    I never run a mail server but Google already placing my mail sent via my xyz domain hosted on proton to spam folder silently.

    I guess running my own will be a lot worst.

    P.S. I know that’s a bad TLD choice, and I’m planning to migrate, but that will take a lots of time and work to the point I wonders if that worth it as I don’t sent many anyways.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Don’t even bother with an xyz domain. Pay for something useful, its not expensive via Namecheap or Porkbun

      • umami_wasabi@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        I bought it about a year after general availability when I’m still in college, and doesn’t know it will be this bad.