Gmail is one problem, but in my experience it is even more difficult to work with Outlook.
to this day it is possible to host your own mail server, and lots of companies do so. However, it seems that even if you get SPF, DKIM etc. right, Gmail does not like it when you send emails from your own mail servers.
Gmail is one problem, but in my experience it is even more difficult to work with Outlook.
Yeeeah... Bullshit. It doesn't matter how old your mail server is. Gmail will still randomly tag you as a spammer for no reason and then fix itself a few days later, no action required. As always,...
Yeeeah...
newly set up mail servers are regarded as spammers
Bullshit. It doesn't matter how old your mail server is. Gmail will still randomly tag you as a spammer for no reason and then fix itself a few days later, no action required. As always, it's impossible to communicate with Google.
More frequently, Microsoft will also tag you as a spammer because they still think it's the 90s and IPv4 addresses in the same neighborhood all belong to the same company. Yes, you will literally be blocked because of the actions of others, recurringly, forever. Microsoft's block requires proactive action to get rid of, which can take a few days and require multiple attempts if your form is processed by a particularly bad tech support drone. There are certain unwritten requirements that don't make sense, such as for example having a website in the domain.
Both companies will tag MTAs as spammers even when the volume of e-mail they send is so low their own tools aren't even capable of generating any of the statistics that supposedly prove your nefarious spam. They're malicious, incompetent bullies.
Since Office 365 came out thousands of companies have been moving their e-mail services to Microsoft with no regard for how they're breaking e-mail for everyone by making it harder for their users to receive messages from many sources.
Yeah I've had just as many issues with Yahoo and Outlook as I have with Gmail. Actually, Yahoo is likely the worst when it comes to blacklist issues. They seem to use a lot more public lists,...
Yeah I've had just as many issues with Yahoo and Outlook as I have with Gmail.
Actually, Yahoo is likely the worst when it comes to blacklist issues. They seem to use a lot more public lists, whereas Google and Microsoft have their own.
Microsoft's SNDS tool is okay, but is clearly a decade out of date (no really, copyright date of 2013). I find it difficult to get the appropriate data I need when there's a problem.
Running mail servers sucks. Don't do it unless you have to, folks.
Or unless you're just really interested in it and are willing to wade through a lot of headaches. The unfortunate part is that this is just one more example of the decentralized potential of the...
Don't do it unless you have to, folks.
Or unless you're just really interested in it and are willing to wade through a lot of headaches. The unfortunate part is that this is just one more example of the decentralized potential of the internet being fenced off by corporations. So in other words, don't self host unless you accept that you're going to put in a lot of effort to be part of the resistance against corporate centralization of internet services.
Spam, in general, is ruining many services. Phone, email, text, etc. Honestly I'm not sure how to resolve it or if it realistically can be resolved in capitalistic societies. Perhaps AI/ML will...
We have a solution, it's just not the one people on this site want to hear. You sign up with a major email provider and your email just works. The provider has a large incentive to prevent spam...
We have a solution, it's just not the one people on this site want to hear. You sign up with a major email provider and your email just works. The provider has a large incentive to prevent spam being sent from their platform and a large reputation which is trusted by other providers.
Your $3 VPS with a recycled IP address just can't be trusted because they are so disposable. Personally I use a custom domain with Fastmail and it just works. I can move to another provider later if I want so there is no lock in.
The problem goes far beyond that. I have seen university Office365 and Gmail systems inexplicably spam-filter emails from a clean, multi-decade-static IP of a long-used mail server of a number of...
Your $3 VPS with a recycled IP address just can't be trusted because they are so disposable.
The problem goes far beyond that. I have seen university Office365 and Gmail systems inexplicably spam-filter emails from a clean, multi-decade-static IP of a long-used mail server of a number of academics on a clean two digit ASN. I have a colleague who had one of the two inexplicably spam-filter emails from Nature's review system, something that no academic would ever want filtered. My personal server can deliver mail to Gmail from a static IP in my own ASN that only ever delivers my personal mail, to a recipient who corresponds with me frequently, and still end up in their spam, despite everything being configured properly. None of these are disposable.
Meanwhile, much of the spam I see on Office365 is from Gmail, which it seems very reluctant to filter, despite it seeming like the messages would clearly get caught by a Bayesian content filter.
Sometimes my gmail account lets spam through. Invariably it's spam received directly by the gmail address. SpamAssassin (spamd) running on my MTA usually filters everything properly before...
Sometimes my gmail account lets spam through. Invariably it's spam received directly by the gmail address. SpamAssassin (spamd) running on my MTA usually filters everything properly before anything is forwarded to gmail.
I suppose things might be different if spammers weren't tailoring their messages to fool gmail and their ilk to the detriment of more traditional filters these days.
You're not wrong, but I also have a gmail and it still gets plenty of spam. Significantly less than a third party provider or self host solution, I'm sure, but still stuff gets through. I pay for...
You sign up with a major email provider and your email just works.
You're not wrong, but I also have a gmail and it still gets plenty of spam. Significantly less than a third party provider or self host solution, I'm sure, but still stuff gets through. I pay for cell phone service with a major provider and I still get spam/phishing calls and texts too.
It's not gmail, it's any spam threat detection service. I have a domain. I forward all email@domain.com to gmail via cpanel. I could not get an automated email from Hulu until I changed my email...
It's not gmail, it's any spam threat detection service.
I have a domain. I forward all email@domain.com to gmail via cpanel.
I could not get an automated email from Hulu until I changed my email to email@gmail.com
The same is true for almost all my financial institutions.
A unique email address adds another level of security to financial institutions who only offer 2FA via email.
It sucks, but I will take less spam over the slight increase in risk of getting hacked, any day.
Related, my email is xx@domain.com, and it’s surprising how many email validation regexes think that it’s not a valid address! Probably because the first bit is so short. If you validate an email...
Related, my email is xx@domain.com, and it’s surprising how many email validation regexes think that it’s not a valid address! Probably because the first bit is so short. If you validate an email address either use an RFC compliant parser or keep it simple.
I've gotten stuck on email lists because they allowed me to sign up with xx+y@domain.com but their unsubscribe feature wouldn't accept +y as a valid email address.
I've gotten stuck on email lists because they allowed me to sign up with xx+y@domain.com but their unsubscribe feature wouldn't accept +y as a valid email address.
That sort of thing is 100% over-hasty (or possibly, but IMO less likely, incompetent) development, not malice. For circumstantial evidence, note that you can never observe the inverse pattern...
That sort of thing is 100% over-hasty (or possibly, but IMO less likely, incompetent) development, not malice. For circumstantial evidence, note that you can never observe the inverse pattern (where the unsubscribe form accepts addresses that the subscribe form does not), because you then couldn't have subscribed in the first place.
It was a decent online magazine that gets posted here on Tildes occasionally. I had to directly email the editorial production manager and have my address manually removed, and she very...
It was a decent online magazine that gets posted here on Tildes occasionally. I had to directly email the editorial production manager and have my address manually removed, and she very apologetically said she would have the IT staff fix the unsubscribe form. I won't name the mag because I'm pretty sure it was just an unfortunate slip up.
I wouldn’t attribute it to malice. The number of people who do the + trick is very small in the grand scheme of things and there’s not much point in not letting them unsubscribe (since they can...
I wouldn’t attribute it to malice. The number of people who do the + trick is very small in the grand scheme of things and there’s not much point in not letting them unsubscribe (since they can just block mail to x+y@whatever.com which is half the point anyway).
While e-mail address parsing is an infamously difficult problem (the usual guidelines these days is to just not bother, use a basic regex that makes sure it looks something like an email and try sending an email to validate), so it’s more likely brittle email parsing.
E-mail services can be weird. One of my active e-mail addresses (very old) is webmaster@something. Tip: Don't use "webmaster" as your e-mail address, ever. A surprising amount of services thinks...
E-mail services can be weird. One of my active e-mail addresses (very old) is webmaster@something.
Tip: Don't use "webmaster" as your e-mail address, ever. A surprising amount of services thinks this is a catch-all address(?) and prevent e-mail outgoing to it.
Yeah, admin@, webmaster@, contact@, info@ are pretty standard catch-all email addresses used on a LOT of sites. So it's not surprising that having one of those as your primary outgoing email...
Yeah, admin@, webmaster@, contact@, info@ are pretty standard catch-all email addresses used on a LOT of sites. So it's not surprising that having one of those as your primary outgoing email causes issues. :P
Some domains specify IP addresses that emails from that domain are allowed to come from, so that way random scammers can't send emails that look like they're from the domain. When you forward...
Some domains specify IP addresses that emails from that domain are allowed to come from, so that way random scammers can't send emails that look like they're from the domain. When you forward emails, the receiving side may not know to specifically trust your forwarder and then decide to block emails from it whose domains say they can only come from certain IPs that aren't your forwarder. It's a very awkward problem that breaks the simplicity of email forwarding.
I think there are supposed to be solutions to this problem (I think DKIM is supposed to provide a solution for this?) but I think it might require the forwarder and/or the sender's domain configuration to have special support for some standard which isn't always done.
The best route in my opinion to receiving email at a custom domain is to set it up as its own email account with something nice like Fastmail that you can use directly, or with a basic email provider that you set your email client (Gmail, Outlook, Thunderbird, etc) to import all the emails from continuously (over POP/IMAP).
Thank you. The only issue I care about is that I am not receiving 2FA emails from very specific services. It used to be just financial institutions, but now it is increasingly more and more...
Thank you.
The only issue I care about is that I am not receiving 2FA emails from very specific services. It used to be just financial institutions, but now it is increasingly more and more providers.
I tried to get a 2FA email from Steam today. It did not come through. My guess is email verification services before sending out 2FA emails are becoming increasingly prevalent and increasingly strict.
I think I have a few different things to try.
1.a. What you suggest. Pay for FastMail (giving them my actual cell phone number, because no one accepts VOIP services anymore) then redirect my MX to FastMail via NameCheap.
1.b. Same thing but pay ProtonMail (no need for a phone number or email address, more private)
1.c. Same thing but pay ZohoMail (free and no need for a phone number, less privacy)
2. Use NameCheap's default DNS server, instead of my hosting providers DNS Server, this allows me to forward emails via NameCheap to any email service. I would need to configure NameCheap to forward website requests to my hosting provider via the "A Record" on the "Advanced DNS" in the "Host Records" section. ~~ I don't think this works. A quick test with never-bounce email verification gives me "UNKNOWN" - which means "The server cannot be reached."
3. Continue to use my hosting providers DNS server. Works with most email verification services, but fails with breadcrumbs.io with "SMTP Not Accepted" error.
4. Pay for my own IP Address from my hosting provider, instead of having a shared IP Address? I dont think this will help with 2FA email verification, but I've always wanted my own IP address, so I am going for it.
One of the frustrations for me about spam and Gmail and Office365's terrible filtering is that valid SPF, DKIM, and DMARC should be enough to prevent spam, but they aren't being used effectively...
One of the frustrations for me about spam and Gmail and Office365's terrible filtering is that valid SPF, DKIM, and DMARC should be enough to prevent spam, but they aren't being used effectively from a technical standpoint and don't have the laws to make them effective legally.
SPF and DKIM effectively change an email's source from being verifiably from an IP address to being verifiably from a domain. Domains actually have costs, and are supposed to have some level of contact information. They're not as disposable as IP addresses.
So from a technical side, they could be used in a scoring system to see that a domain tends to send ham, and if so, then an SPF and DKIM passing email from that domain is very likely to be ham. It seems like Gmail and Office365 do nothing of the sort, however. They could also be used to penalize domains, or penalize registrars, for too much spam. But they don't seem to be.
From a legal side, domains have owners who should be known, and registrars who have them as clients. Countries could have laws to allow pursuit of the owners of spam domains. They could make registrars who don't shut down spam domains liable for them. But they don't: that is reserved for intellectual property enforcement. In fact, the US essentially makes spamming explicitly legal, and bans, at a federal level, any state laws against spam.
Gmail is one problem, but in my experience it is even more difficult to work with Outlook.
Yeeeah...
Bullshit. It doesn't matter how old your mail server is. Gmail will still randomly tag you as a spammer for no reason and then fix itself a few days later, no action required. As always, it's impossible to communicate with Google.
More frequently, Microsoft will also tag you as a spammer because they still think it's the 90s and IPv4 addresses in the same neighborhood all belong to the same company. Yes, you will literally be blocked because of the actions of others, recurringly, forever. Microsoft's block requires proactive action to get rid of, which can take a few days and require multiple attempts if your form is processed by a particularly bad tech support drone. There are certain unwritten requirements that don't make sense, such as for example having a website in the domain.
Both companies will tag MTAs as spammers even when the volume of e-mail they send is so low their own tools aren't even capable of generating any of the statistics that supposedly prove your nefarious spam. They're malicious, incompetent bullies.
Since Office 365 came out thousands of companies have been moving their e-mail services to Microsoft with no regard for how they're breaking e-mail for everyone by making it harder for their users to receive messages from many sources.
Yeah I've had just as many issues with Yahoo and Outlook as I have with Gmail.
Actually, Yahoo is likely the worst when it comes to blacklist issues. They seem to use a lot more public lists, whereas Google and Microsoft have their own.
Microsoft's SNDS tool is okay, but is clearly a decade out of date (no really, copyright date of 2013). I find it difficult to get the appropriate data I need when there's a problem.
Running mail servers sucks. Don't do it unless you have to, folks.
Or unless you're just really interested in it and are willing to wade through a lot of headaches. The unfortunate part is that this is just one more example of the decentralized potential of the internet being fenced off by corporations. So in other words, don't self host unless you accept that you're going to put in a lot of effort to be part of the resistance against corporate centralization of internet services.
Spam, in general, is ruining many services. Phone, email, text, etc. Honestly I'm not sure how to resolve it or if it realistically can be resolved in capitalistic societies. Perhaps AI/ML will help fight these issues, or maybe it'll make it worse. I don't know but I sure do waste a lot of time, energy, and resources on fighting spam in my daily life and I'm not even a provider or trying to do something not mainstream 😩
We have a solution, it's just not the one people on this site want to hear. You sign up with a major email provider and your email just works. The provider has a large incentive to prevent spam being sent from their platform and a large reputation which is trusted by other providers.
Your $3 VPS with a recycled IP address just can't be trusted because they are so disposable. Personally I use a custom domain with Fastmail and it just works. I can move to another provider later if I want so there is no lock in.
The problem goes far beyond that. I have seen university Office365 and Gmail systems inexplicably spam-filter emails from a clean, multi-decade-static IP of a long-used mail server of a number of academics on a clean two digit ASN. I have a colleague who had one of the two inexplicably spam-filter emails from Nature's review system, something that no academic would ever want filtered. My personal server can deliver mail to Gmail from a static IP in my own ASN that only ever delivers my personal mail, to a recipient who corresponds with me frequently, and still end up in their spam, despite everything being configured properly. None of these are disposable.
Meanwhile, much of the spam I see on Office365 is from Gmail, which it seems very reluctant to filter, despite it seeming like the messages would clearly get caught by a Bayesian content filter.
Sometimes my gmail account lets spam through. Invariably it's spam received directly by the gmail address. SpamAssassin (spamd) running on my MTA usually filters everything properly before anything is forwarded to gmail.
I suppose things might be different if spammers weren't tailoring their messages to fool gmail and their ilk to the detriment of more traditional filters these days.
You're not wrong, but I also have a gmail and it still gets plenty of spam. Significantly less than a third party provider or self host solution, I'm sure, but still stuff gets through. I pay for cell phone service with a major provider and I still get spam/phishing calls and texts too.
It's not gmail, it's any spam threat detection service.
I have a domain. I forward all email@domain.com to gmail via cpanel.
I could not get an automated email from Hulu until I changed my email to email@gmail.com
The same is true for almost all my financial institutions.
A unique email address adds another level of security to financial institutions who only offer 2FA via email.
It sucks, but I will take less spam over the slight increase in risk of getting hacked, any day.
Related, my email is xx@domain.com, and it’s surprising how many email validation regexes think that it’s not a valid address! Probably because the first bit is so short. If you validate an email address either use an RFC compliant parser or keep it simple.
I've gotten stuck on email lists because they allowed me to sign up with xx+y@domain.com but their unsubscribe feature wouldn't accept +y as a valid email address.
Come on, that's BS. That's gotta be hostile by design.
That sort of thing is 100% over-hasty (or possibly, but IMO less likely, incompetent) development, not malice. For circumstantial evidence, note that you can never observe the inverse pattern (where the unsubscribe form accepts addresses that the subscribe form does not), because you then couldn't have subscribed in the first place.
It was a decent online magazine that gets posted here on Tildes occasionally. I had to directly email the editorial production manager and have my address manually removed, and she very apologetically said she would have the IT staff fix the unsubscribe form. I won't name the mag because I'm pretty sure it was just an unfortunate slip up.
I wouldn’t attribute it to malice. The number of people who do the + trick is very small in the grand scheme of things and there’s not much point in not letting them unsubscribe (since they can just block mail to x+y@whatever.com which is half the point anyway).
While e-mail address parsing is an infamously difficult problem (the usual guidelines these days is to just not bother, use a basic regex that makes sure it looks something like an email and try sending an email to validate), so it’s more likely brittle email parsing.
I'm sorry Hal, I can't unsubscribe you.
Even though you never agreed to get marketing emails the first place.
E-mail services can be weird. One of my active e-mail addresses (very old) is webmaster@something.
Tip: Don't use "webmaster" as your e-mail address, ever. A surprising amount of services thinks this is a catch-all address(?) and prevent e-mail outgoing to it.
Yeah, admin@, webmaster@, contact@, info@ are pretty standard catch-all email addresses used on a LOT of sites. So it's not surprising that having one of those as your primary outgoing email causes issues. :P
Some domains specify IP addresses that emails from that domain are allowed to come from, so that way random scammers can't send emails that look like they're from the domain. When you forward emails, the receiving side may not know to specifically trust your forwarder and then decide to block emails from it whose domains say they can only come from certain IPs that aren't your forwarder. It's a very awkward problem that breaks the simplicity of email forwarding.
I think there are supposed to be solutions to this problem (I think DKIM is supposed to provide a solution for this?) but I think it might require the forwarder and/or the sender's domain configuration to have special support for some standard which isn't always done.
The best route in my opinion to receiving email at a custom domain is to set it up as its own email account with something nice like Fastmail that you can use directly, or with a basic email provider that you set your email client (Gmail, Outlook, Thunderbird, etc) to import all the emails from continuously (over POP/IMAP).
Thank you.
The only issue I care about is that I am not receiving 2FA emails from very specific services. It used to be just financial institutions, but now it is increasingly more and more providers.
I tried to get a 2FA email from Steam today. It did not come through. My guess is email verification services before sending out 2FA emails are becoming increasingly prevalent and increasingly strict.
I think I have a few different things to try.
1.a. What you suggest. Pay for FastMail (giving them my actual cell phone number, because no one accepts VOIP services anymore) then redirect my MX to FastMail via NameCheap.
1.b. Same thing but pay ProtonMail (no need for a phone number or email address, more private)
1.c. Same thing but pay ZohoMail (free and no need for a phone number, less privacy)
2. Use NameCheap's default DNS server, instead of my hosting providers DNS Server, this allows me to forward emails via NameCheap to any email service. I would need to configure NameCheap to forward website requests to my hosting provider via the "A Record" on the "Advanced DNS" in the "Host Records" section. ~~ I don't think this works. A quick test with never-bounce email verification gives me "UNKNOWN" - which means "The server cannot be reached."3. Continue to use my hosting providers DNS server. Works with most email verification services, but fails with breadcrumbs.io with "SMTP Not Accepted" error.4. Pay for my own IP Address from my hosting provider, instead of having a shared IP Address? I dont think this will help with 2FA email verification, but I've always wanted my own IP address, so I am going for it.One of the frustrations for me about spam and Gmail and Office365's terrible filtering is that valid SPF, DKIM, and DMARC should be enough to prevent spam, but they aren't being used effectively from a technical standpoint and don't have the laws to make them effective legally.
SPF and DKIM effectively change an email's source from being verifiably from an IP address to being verifiably from a domain. Domains actually have costs, and are supposed to have some level of contact information. They're not as disposable as IP addresses.
So from a technical side, they could be used in a scoring system to see that a domain tends to send ham, and if so, then an SPF and DKIM passing email from that domain is very likely to be ham. It seems like Gmail and Office365 do nothing of the sort, however. They could also be used to penalize domains, or penalize registrars, for too much spam. But they don't seem to be.
From a legal side, domains have owners who should be known, and registrars who have them as clients. Countries could have laws to allow pursuit of the owners of spam domains. They could make registrars who don't shut down spam domains liable for them. But they don't: that is reserved for intellectual property enforcement. In fact, the US essentially makes spamming explicitly legal, and bans, at a federal level, any state laws against spam.