we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

  • barsquid@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    4 months ago

    What’s your alternative to the fake privacy company? I’m assuming the correct thing would be: if your threat model does not include governments, self hosted email, or if it does include governments, probably don’t use email.

    • Banshee@midwest.social
      link
      fedilink
      English
      arrow-up
      20
      ·
      4 months ago

      Self hosted email is its own can of worms. I wouldn’t recommend it to anyone outside of experienced IT people. You’ll end up blacklisted before you send your first email if you do anything wrong (and there’s a lot that can go wrong), and it doesn’t solve any security problems email has.

      Anything sent over email just isn’t private. That goes for Proton customers when they send or receive anything from a non-Proton address too. The one thing privacy email providers can actually do is keep your inbox from being scanned by LLMs and advertisers. That doesn’t prevent the inboxes and outboxes of your contacts from being scanned, though.

      If you use email, the best thing you can do is be mindful of what kinds of information you send through it. Use aliases via services like simple login or anonaddy when possible. Having a leaked email is a security vulnerability. Once bad actors have your email, they now have half of what they need to breach multiple accounts.

      • David Gerard@awful.systemsOPM
        link
        fedilink
        English
        arrow-up
        18
        ·
        edit-2
        4 months ago

        have been that sysadmin setting up a company email server. postfix is trivial to set up, absolutely the easiest experience. following that, though, was weeks of supplicant emails to MS to beg them please not to block us. My recommendation was never do this again, use a third-party outgoing email vendor, email is lost.

        • Avatar_of_Self@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          4 months ago

          MS will send your mail straight to spam if you do not set up your domain keys and DMARC in DNS correctly and do not have a reject or quarantine RUA or the email(s) in your RUA bounce.

          Sometimes you may get temporarily sent to spam if your IP is in a /28 of a known spammer IP.

          That’s about it.

          • David Gerard@awful.systemsOPM
            link
            fedilink
            English
            arrow-up
            8
            ·
            4 months ago

            plus the bit where you wait six weeks for a response to your request that they unblock you

            none of this process is fucking simple

            • Avatar_of_Self@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              4 months ago

              I’ve never had to ask MS to unblock me and it sure as hell doesn’t take 6 weeks or even 3 days for them to automatically see if everything is right again.

              I even set up a non traditional domain with a “non-generic” tld a couple of years ago and I think it was around 16 hours or so before my test emails were hitting outlook inboxes.

              Additionally, I think Google still wants SPF setup though it is pretty useless now. And if your RUA was set up right, as I recall, you get an automated email from MS telling you why your mail went to spam (or was rejected), which is the point of it to begin with.

                • Avatar_of_Self@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  As a tip for next time, if you really want to host your email but you don’t want to put up with dealing with emails being sent to spam boxes, you can just use an SMTP relay/proxy provider. Your email isn’t hosted there but they do send it on and will be the ‘source’ mail server and is going to be much, much, much cheaper than paying someone to host your email for a bunch of users.

    • ssm@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      Self hosting on a bulletproof vps that actually deletes their logs and has a proven track record like buyvm is my preferred solution. I used this guide. It’s not perfect, it doesn’t set up encryption, and is a bit dated, but it’s an okay starting point. I didn’t bother setting up rspamd. You can also technically avoid setting up dovecot if you don’t want to use IMAP/POP3, but really limits your selection of mail clients to basically mailx and friends. This setup will let you mail to major mail providers, but be wary of what TLD you buy, my .work TLD means I get autospammed. :(

      • froztbyte@awful.systems
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        4 months ago

        that’s…extremely off the beaten path, and incredibly very not how most people use / experience email

        for the viewers at home: treat this as extremely niche through outright bad advice to follow if you ever want to try set up your own mail

        (e: there are more than a few parts of it that are also laughably insufficient for what it aims to do, but this isn’t the place and it’s saturday on top; free tech support comes on other days)

        • ssm@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          smtpd.conf(5), pf.conf(5), and openssl(1) manpages and friends are your best resources for setting this up, I just provided that guide as examples as setting all this up can be daunting with just the manuals and no other context. The short guide provided in that blog is not going to teach you firewalling, filtering your maildir; and there’s definitely stuff missing, like restarting daemons after certs expire, and setting up your outbound dkimsign filter (was not available at the time of writing)

          • David Gerard@awful.systemsOPM
            link
            fedilink
            English
            arrow-up
            8
            ·
            edit-2
            4 months ago

            oh my fucking god

            you have defnitely never been the guy on the hook professionally for email working

            • ssm@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              4 months ago

              I’ll eat as many downvotes as I’d like, though I don’t really know what I said that attracted so much ire.

              • self@awful.systems
                link
                fedilink
                English
                arrow-up
                8
                ·
                4 months ago

                you’re the type of reply guy who rattles off man page names when you’re out of your depth, and you’re reply guying about administrating email to people who professionally administrate email

                I don’t expect you to have caught onto that last bit, mainly because you never fucking shut up long enough to catch onto anything at all

                • froztbyte@awful.systems
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  ·
                  4 months ago

                  who professionally administrate email

                  I take immense offense at this utterly spurious insult! I only unprofessionally administer email these days, having managed to get the fuck out of having to do anyone else’s mail for money :D

                  • froztbyte@awful.systems
                    link
                    fedilink
                    English
                    arrow-up
                    5
                    ·
                    4 months ago

                    there is a(n early career) period of my CV that literally has “mailserver administrator” as the job title/description, though

                    it was kinda lol. apparently the guy who had the gig before me worked real, real hard (down to sometimes sleeping in the server room). I automated much of the role out with mairix, par2, a couple of extremely nasty shellscripts, and a bit of common sense. got pretty bored from month 4, and left a while after

              • flere-imsaho@awful.systems
                link
                fedilink
                English
                arrow-up
                6
                ·
                edit-2
                4 months ago

                let me repeat something i wrote in another thread: bringing up the smtp daemon in basic configuration (and, by the way, my preferred one is exim) is trivial. managing working and usable mail service is not.

                it’s a process! you need to reserve time for that! you need to understand basic networking, you need to intimately know how dns works. you need to know how to use swaks. you need to know your RFCs, and the subtle breakages of the protocol that you need to introduce in order to reduce the amount of spam you’re receiving. you need to understand why everything that SPF promises is a lie, but you’ll be using it anyway. you need to know how DKIM works, and what is the true meaning of DMARC. you will learn that google wants you to use experimental features in order to be able to deliver your fucking mail to them. you need to understand that the anti-spam blacklists are managed by fucking racketeers, and that you can’t avoid them. you need to understand the difference between sending mail and receiving it, and why a correctly configured MX record does absolutely nothing to improve the ability to deliver remote mail. you need to have time to deal with petty tyrants on a mission, and with oblivious bureaucracy of large providers, and learn to be happy if you can reach a human person on the other side at all.

                and that’s just the SMTP part.

                • froztbyte@awful.systems
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  ·
                  4 months ago

                  you need to understand why everything that SPF promises is a lie, but you’ll be using it anyway

                  fuckin’ mood

                  and that’s just the SMTP part.

                  hi can I interest you in a serving of “you have 5 OSs and 25+ different versions of OS variants and even more client apps, please make autodiscovery work with” to go with that? no? how about a bit of caldav and carddav?