I ran into this problem as well. So, now, as standard practice, when I set up forwarding between GMail accounts, I add a single filter to the account being forwarded:
Matches: -96f0f0036730a7d970a678e8f933e8b7
Do this: Never send it to Spam
The string is just a random hex string, the minus (-) tells it to match all messages that do not contain this string. No message should ever contain it, so no message should ever be sent to spam in the original account. Once it gets to the end account, GMail will still filter it and put it in Spam if it is spam.
Unfortunately, you can't use "in:", "is:", "label:", or "has:star" in filters. Filters are applied before these things are determined. If you try to, you get the following message from GMail:
Filter searches containing "label:", "in:", "is:", or stars criteria (i.e. "has:yellow-star") are not recommended as they will never match incoming mail. Do you still wish to continue to the next step?
This works because this filter will match every mail, not just the mails that have the spam label. In the end it does what you wanted but the error is still right.
I specifically tested for this when consolidating various Gmail addresses behind an Apps account, and my fix was similar: a match on * seems to include spam.
It's slightly bizarre that the email forwarding you can configure in settings would not skip all spam checks, and not even indicate as much.
I did this as well, and it has been working great for me for a few years. A month ago I noticed by chance that it had stopped forwarding 12 hours earlier for no apparent reason. Deleting the rule and recreating it got it working, but it got me thinking of doing a more robust solution.
People who do this are really annoying and have no concepts of separating business and personal life. If you don't mix business with pleasure then why are you doing it with your e-mail? How hard is it to check two accounts or have two accounts setup on your phone? There are some lines where business and personal shouldn't cross and e-mail is one of them.
How does the appearance look? You send e-mail to foo@business.com and then funkyjizzbeats20@gmail.com replies to you! What could be more professional than that?
Also, what about security? How would people feel to know you've forwarded an e-mail they sent to a business account to your personal account? Is this just something no one thinks about?
> How does the appearance look? You send e-mail to foo@business.com and then funkyjizzbeats20@gmail.com replies to you! What could be more professional than that?
If you configure your GMail account correctly, it will reply via the other account's own SMTP servers. There will be no evidence of your private GMail account, even in the headers. (This is not the same thing as just configuring GMail to set a particular "From:" address.)
> Also, what about security?
If both accounts are hosted by Google, then unless you're doing something stupid with one of the passwords they're pretty much equally secure.
If your business account has privileges within the app domain, you might actually get a security benefit by not being logged into it all the time. Kinda like not being logged in as root all the time.
In the "Accounts and Import" settings, you add an account and instead of choosing "Send through GMail (easier to set up)", choose "Send through <example.com>'s SMTP servers".
And then you need to enter the username, server, password, etc for the other account, which can even be another GMail account.
Gmail allows you to send from your other email addresses through the web interface. It is nice having multiple accounts in the same mailbox so they can share labels.
I don't think it's a violation of trust to have mail forwarded from one account to another account on the same provider. Email does not have an implied amount of security or privacy. Sending email is like sending a postcard--Anyone involved in its transit has the opportunity to read it.
Ok, so I'm sure you won't mind then if you send an e-mail to csr@myhealthprovider.com with your latest lab results and someone replies from their personal Gmail/Hotmail/Yahoo? More importantly, why would you have e-mails from multiple people in the different inbox's? If you're allowed to check your e-mail at work then keep your family/friends using your personal account and your business contacts using your work one.
Your comment about security is extremely disturbing. You're right people can intercept it, however, if I send an e-mail to someone at a company and they forward it to their personal account, that's the minute I stop doing business with that company.
I get the appeal of combining them, but it's sloppy and too many people take the easy way out instead of being professional.
Read underwater's comment as well. He has some good points.
I would never send an e-mail about confidential medical information. Knowing how insecure e-mail is, that would be reckless. Read my other comment in this thread to learn about how insecure e-mail is. The fact that people think it's private or secure is a major problem. But your outrage is not misplaced -- knowingly mishandling mail is not simply excused because e-mail is already insecure.
> ... it's sloppy and too many people take the easy way out instead of being professional.
My defense of the "many inboxes forwarding to one" scenario was not meant to cover every perceivable scenario. Obviously I would not advocate it in all situations and many situations would not be appropriate for that. If someone does not set it up right, I am not trying to defend that sloppiness.
An example of a good fit: someone who works part time at several companies, or the sole proprietor of a few businesses. If mail goes to CEO@ABC, replies are from CEO@ABC; mail to CEO@XYZ is returned by CEO@XYZ. If all of them are on Google Apps for Domains anyway, it is not a big deal, it's not less secure, and the owner of the e-mail address has less authentication and security overhead. Note that if you are mixing providers, like google apps and self-hosted mail, it gets much more complicated. In that case you are altering the physical security of that data.
Examples of bad fits: customer service, sales messages, bug tracking, official company broadcasts, and many others.
Regarding underwater's comment: obviously if the e-mail does not belong to you, you should not forward it somewhere other than the owner's server without the owner's permission.
Re-reading my comment, I should've mentioned that a shared mailbox is only appropriate in some cases.
Unless things have changed recently, sending as an address other than the Gmail account you're sending from results in a tacky "On Behalf Of" clause that displays both addresses to the recipient.
There is a simple fix for this. Gmail can be configured to send via any arbitrary mail server. So you can configure your person account to send via the SMTP settings of your business account.
This leaves no evidence of your personal account, even in the headers.
Not if you are sending as a @gmail account from a different @gmail account. No way to remove your `Sender:` header in that case. Ridiculous, as you can easily fix it for any other @domain.
I would agree with the envelope analogy if the message was not encoded in plain text. Say base64--an intermediate has to go through a slight process to read it, like opening an envelope.
Mostly, it's worse than a postcard. It'd be like if every letter carrier makes a copy of the postcard, then is supposed to discard theirs once the next person has their copy. There is zero guarantee that any of the several copies were actually discarded, and it's highly improbable that they were erased securely by any of the intermediates.
Knowing that the messages are transmitted in plain text across at least two mail servers (often more), and across several intermediate ISPs, it is ... unlikely... for an informed person to have an expectation of privacy in email.
Encryption solves all these problems, but we all know that's not in mainstream use. Not even signing!
Plus, Gmail lets you be logged in to two accounts from two different tabs in the same browser. Though usually I actually set up two separate browser profiles entirely, it's really not that hard to keep business and personal separate.
There may also be liability when you leave the job as you're retaining copies of data that doesn't belong to you.
Not to mention that in the case of a lawsuit you might be required to give access to relevant emails. Mixing personal and professional accounts could quickly get messy.
^^^ This x1000, all of the kids starting businesses and using the cool new thing Google Apps and forwarding it to their personal Gmail account have no concept of this.
Most startup founders do not have a separation of business and personal life or have very little separation. When setup properly outgoing emails will be sent from the correct address. There are no security concerns, someone can easily download all their mail if they're trying to get a copy.
It depends, if they're starting a company then they should be setup separately from the start. You can't honestly tell me that you want Frank from the call center at your health provider getting a copy of your health records that you just sent in to his personal Gmail account?
If they're simply creating something to make some extra money then sure you could use the same account, but to be taken professionally you should keep them separate.
If you never interact with a gmail account, the spam filtering isn't going to work very well. It can't tell what you've read or skipped, and you never compose anything, so it doesn't know who are your real correspondents. That's why forwarding in this way is a bad idea.
> To be more efficient, I started forwarding my work email running on Google Apps to my personal email at Gmail. This is pretty common. All of the devs at my previous company handled their email this way. Why log in to two places, right?
This is a terrible practice. Work mail will be full of confidential information which shouldn't be mixed with your personal files, especially after your employment ends.
That's not good enough in this case. The problem here, as I understood it, was that spam in the work email wasn't coming into the personal email in the first place, rendering the personal email incomplete. You would have to check all of the spam boxes.
Fair enough. The article is just titled to obnoxiously grab attention "Gmail is ruining your company!" instead of "Gmail forwarding doesn't always work" or something similar.
But hey, it's at the top of HN, so it must have worked.
Gmail's handling of multiple accounts is just about the poorest I've seen in any email client. Even Microsoft Outlook handles multiple accounts better!
The worst is their abysmal "On Behalf of:" handling when sending as an @gmail.com address from another @gmail.com address. There is no way around having your "main" email end up in plaintext in the header of every email you send as the "anonymous" email. And anyone replying to you via Outlook replies to the main address. You can send as @yahoo or @hotmail addresses with no evidence of your main gmail account, but for some reason they don't let you with a second gmail address.
Where does this "On Behalf of:" text appear? I just tested this, and sending an "on behalf of" email to another gmail account doesn't result in this text appearing anywhere in the gmail client. The original mail address appears in the headers under "Sender:" with the alias mail address appearing under "From:". However, if you open the email in gmail and don't check the headers manually, there's no indication it's not from the alias address. Replying to such an email, the "To:" field populates properly with the alias address.
In gmail, you'll be able to see the person's "secret" main email address in the `Sender:` field after clicking `Show Original`.
The real annoyance is Outlook. If someone responds to that email via Outlook/Exchange, the reply will be sent `To:` your main email address rather than to the address you sent with.
Would probably be a good idea for Google to add an "Include spam?" checkbox in the forwarding settings. Checked by default if the destination address is within gmail, otherwise unchecked by default.
Personally I think if you turn on forwarding at the account level, everything should be forwarded straight away and no filters or spam processing should be done.
If you forward a filtered set of emails (if that's even possible in gmail) then you presumably know what you're asking for.
The joke is that filtering seems to happen prior to spam classification, so you can use filtering to get around this oversight (there are example cited above).
Why would anyone want to forward work e-mail to a personal account when both are on Gmail? I would understand if the work e-mail messages were on a server that cannot be accessed from outside the office (although, if such a policy exists, you should ask yourself why and, probably, not auto-forward it) or something with a horrible and confusing interface or very limited space, but not here.
I suffered from this and now have set up a filter on the forwarding account that goes something like: 'Matches: from:(*) Do this: Never send it to Spam' so it forwards absolutely all email. My personal account then dumps then filters stuff in to spam folder that I do check.
Did you know Chrome has multiple profile support? It's under Settings -> Users. After you've got more than one user, there's a quick-user-switch icon in Chrome's title bar.
You can actually sign in to multiple google accounts and switch between them (at least for email / docs - not analytics / other services). I can't remember exactly how to do it, I think you need to enable multiple sign in on the account first.
They certainly do. I've found that feature to be pretty buggy, personally. Command + tilde is faster than clicking a drop down and waiting for the switch.
When I was using it, not all of their services were supported, and to get into the right account I'd frequently have to log out (which logged me out of every account).
Another fun one was clicking on Google Docs links. It rarely was using the right account and allowed me to go forward. Usually got the "Please request access to this document" message.
You're talking about Google's multi-login, which allows you to log into Google with multiple accounts. This thread, however, is about Chrome's profiles, which lets you open multiple browser windows each with a different profile (i.e. cookies, Google account, extensions, etc.).
>You can actually sign in to multiple google accounts and switch between them (at least for email / docs - not analytics / other services). I can't remember exactly how to do it, I think you need to enable multiple sign in on the account first.
Pretty sure you can use two regular windows to run separate accounts (although the colour coding would be useful). Another option is running multiple user profiles in Chrome.
I use Fluid (http://www.fluidapp.com/) with Separate Cookie Storage for my gmail accunts. (And also for separate facebook, xing, linkedin etc. accounts)
I usually set the new Gmail to retrieve email by POP/IMAP from old one, and have a filter defined in the old one:
Matches: from:(*)
Do this: Never send it to Spam, Exclude from SmartLabel categorization
In this way, every single email is forwarded to the new account and filters in the new one deals with spams or whatever. But you can always conveniently check mistakenly spammed emails in your new account.
Sorry about the Linkedin one (it was partially mine, and other like me's, fault).
You see, I signed up for many Linkedin groups and then realised that they were sending me too many emails. I removed all of the emails in Linkedin and then found that this would take at least a week before I stopped getting the emails. I waited two weeks, the emails had not stopped and so I classified them as spam.
The issue is that Google is using collaborative filtering, which will tend to weight such emails more highly as spam given that I and others have noted them as spam. Its normally quite effective, but you do need to check your spam box quite often. This isn't because the algorithm doesnt work, its just because of noise created by people using the spam button inappropriately for your use cases.
The root cause of the problem is the hassle in dealing with multiple email accounts. OP decided to consolidate by forwarding emails from multiple accounts int one. I found the WebMail Notifier add-on for Firefox invaluable when dealing with multiple email accounts. It let me keep the accounts separate yet able to see new emails in them and login to multiple accounts with ease. There's no need to consolidate, just managing them better.
If you fetch/read mail locally, you can get around this by pulling down emails from the spam folder directly via IMAP.
Hotmail email forwarding has this same issue, but only has POP access, so you can only access the inbox without the web interface. You can tune down the aggressiveness of the spam filter to a minimum (but not turn it completely off).
After reading this thread I went over to my gmail spam filter. Five business opportunities right there waiting in the spam folder for a reply.Gmail was the last Google service I was using, but I must now depart for better pastures. Hello nuuton email. You have just been borned.
For very important email, consider using an email address that is not published on the web and that is difficult to guess. Search on the user name of your address to make sure there are no results.
Only when you decide that someone is both important and trusted, have them use that email address.
Does anybody have a suggestion for a simple email forwarding service for random domains? e.g., if I own example.com, is there a simple way with high uptime to forward all incoming email to all addresses to an email account at a separate domain?
Yes, and this is why I don't really advertise any other e-mail than my personal e-mail, though I reserved a couple real-name addresses for when there is a real need. Good thing I don't really need a work email as a student yet...
A better way of doing this is to create a filter that forwards everything to your personal Gmail, then create another filter in your personal Gmail account to label it.
HN has an international audience. While the word retarded appears to be common in the US it's an offensive slur in other parts of the world; especially the UK.
Please, I'm not telling you not to use it, but I am gently asking you to consider using some other word instead.
Come on, it's absolutely mundane and non offensive to call a thing or a behaviour retarded, it's really only offensive when talking about disabled or unintelligent people. For example:
"Steven Hawking is retarded" == offensive
"The design of this chair is retarded" == inoffensive
I'm not going to try to persuade you that a hateful slur is offensive, even when it's not being used about people.
"Bob is so gay" == offensive
"That chair is so gay" == probably still offensive
I'm happy to agree to disagree. You don't think your use of the word is offensive - that's fine. But you don't get to tell me what I (or others) find offensive, and many people find any use of the word retarded offensive.
Perhaps it's a generational thing. Are you young? (Less than 35?)
Sexual orientation (and race, because someone's sure to make the analogy) has little effect on one's public life, it's just taking society a long time to realize that it's not relevant enough to make any sense as a pejorative. I don't think we're likely to regard intelligence that way, whichever words the euphemism treadmill brings.
Sexual orientation and skin colour are still used as insults even though sensible people agree that it's stupid to do so.
> I don't think we're likely to regard intelligence that way
I have no problem with people saying "This decision is dumb" or "This decision is stupid" or "This decision is idiotic". I do have a problem when people say "This decision is retarded" because that's not general stupidity, it is linked specifically to people with learning disabilities.
Some, maybe all, of those words used to be diagnoses of intellectual disabilities. I don't think laymen distinguish them much at all; I was never taught to do so. If the goal is to deter everyone from showing contempt for lack of intelligence (though I don't think that's going to happen) I don't see another word with the same connotation as progress. Am I overlooking something?
The goal is not to deter people from showing contempt for lack of intelligent action. (Unless that contempt is for someone who lacks intelligence because of a disability). When someone does something stupid it is fine to call them stupid.
The goal is to ask people to consider using words that are not recently (even currently) used for learning disabilities. Retard has strong links with learning disabilities. Enough time has passed that words like 'moron' has little connection to its original meaning.
In time retard will have enough distance from its current use to be less hurtful.
>I don't see another word with the same connotation as progress.
The only reason words like "moron" are no longer deemed grossly offensive is precisely because people started using those words to describe things other than their literal meanings and over time their impact as slurs and insults has been reduced, and this is exactly what has happened with the word retarded. For probably the majority of the English speaking world the word has already reached this watered down status. Languages evolve, meanings change, sometimes rapidly, any attempt to regulate it will fail.
A learning disability tends to be defined by IQ (IQ less than 75 or so), rather than anything else.
Thus, someone with a chromosomal disorder, or someone who was deprived of oxygen during birth, or someone who is just stupid because of genetics all have learning disabilities. They just have different forms of learning disability.
Google's spam filter seems to be having more issues these days. I used to ignore the spam filter, but got a reminder email which forced me to check the spam folder, and lo behold there was the email. I always open emails from that person and Gmail marks it as important, I wonder how it could possibly classify it as spam(assuming the email servers remained the same). The funny part was that just a few days prior I read a comment on HN warning about the spam filter and I had been meaning to check the spam folder but didn't.
I've been getting increasingly fed up with gmail, but not quite to the point of making me set up exim. Does anybody know of a mail server I can throw on ec2 and forget about?
As we converge on a handful of major email providers, are we really much better off? Would you be singing the same song of Hotmail a decade ago, or is it just because Google seems to be the Monopoly with a Heart of Gold?
If hotmail gave better service than your typical bigcorp's email servers (which is subjective) I'd be saying the same thing. I'm not too worried about a monopoly on email hosting, just because there's very little lock-in; it's trivial to set up as a new email hosting company, and almost as trivial for companies to migrate.
It doesn't really matter if it's "a smart idea", it already happens and you have no control over it. A simple search for setting up your own mail-server is just a search for people who have done that saying "don't ever setup a personal mail server because it's guaranteed to be blacklisted".
Spam has lead email to basically become this closed ecosystem. If you don't use one of the already established major email providers, ISP's or domain name registrars the reliability of email hits the floor.
While I understand your sentiment, I respectfully disagree that it does not matter if it's a smart idea. Because if it is not a smart idea then that means we can do better. One of the projects I'm working on solves the "closed ecosystem" problem. The use of the term "closed ecosystem" is ironic because it seems to me that the "open" nature of email receiving (not sending) is what leads to the spam problem. In other words, I do not see the problem as the fact that people can send mass quantities of junk email. I see the problem as the fact that daemons accept and deliver mail from anyone. (And then resort to blacklisting.) What if the system was "closed" by default and instead a sender would contact the receiving SMTP daemon directly (no internediary) and would first need either a means of authentication (i.e. he has been pre-approved) or a way to have his sending address revieved and then receive permission to send. Right now you can see someting like this within a domain. For example, one gmail user might be able to send to another gmail user, directly, as they are both able to authenticate. They both have accounts (private accounts, not some RBL, DKIM or other scheme managed by an interloper) and these accounts can be checked. But if one gmail user wants to send to some non-gmail address, the non-gmail recipient has no knowledge of the sender in the form of an account against which he can authenticate. There's no privity between sender and receiver. Instead third party schemes are used. Such as blocklists for sending.
Consider the idea of running a mailserver than only accepts mail from a predetermined set of sending addresses. What would be the chances of receiving junk mail?
"Consider the idea of running a mailserver than only accepts mail from a predetermined set of sending addresses."
How is this functionally any different then blacklists? That's just a whitelist instead. So instead of new mail severs "quite likely" being on a blacklist, they are definitely not going to be on a whitelist.
And no, it doesn't matter if isn't a smart idea when you aren't in a position to change anything. Even if you have a perfect technical solution to the problem, you still have to convince every existing major provider to adopt a solution that isn't even a direct problem for them.
If Alice and Bob agree to run their own SMTP daemons, closed to the public and not necessarily on port 25, and they each agree to put the other on their "whitelist", how is this functionally different from the current third party controlled system? Answer: 1. Immediate delivery, assuming Bob and Alice keep their machines online. 2. No spam. 3. No third parties exerting control over their mail. No idiosyncratic delivery policies.
I'm afraid there's no need to convince any provider of anything. At this point, Alice and Bob are sending and receiving email without the need for any third party "email provider".
Functionally blacklists and whitelists are the same. They both have the same goal. But they are not the same in their effect. Blacklisting an entire netblock to stop one bad IP address affects many IP addresses who do not need to be blocked. Whitelisting a single known IP address does not have that side effect. For Alice and Bob, handling their own messages may be a desired option. Of course, not everyone may follow Alice and Bob's example. But who cares? The population using email is enormous and diverse. The point is that if someone wants a better solution than what "email providers" offer, she can get it.
Your proposed solution isn't really email though. What you are describing has already been solved by instant messaging/jabber/twitter/facebook PM etc. Some of the solutions that already exist need a third part provider, others don't.
The problem to solve is how do you have a fixed address where anyone can contact you, spam doesn't get though and you don't have to maintain personal black/white lists. This is what email currently provides. Granted, the spam part varies depending on the provider.
Yes, you defined the problem in the opening sentence of your second paragraph. But I disagree that you should not have to maintain a whitelist. What are your email contacts i.e. what is your email address book? You already maintain a list of people you correspond with, whether you think of it that way or not. And when you want to correspond with someone new, you have to give them your email address. As it stands, there is no _reliable_ way for them to look it up. There is no worldwide directory of email addresses. In fact, what do we do? We try to hide lists of email addresses.
If everyone had a fixed address with a mail server running, "lookup" i.e. simple MX lookup, might be possible, e.g. if your IP address is 1.2.3.4, anyone could send mail to inquiries@[1.2.3.4] or something like that. But I'm not sure that alone really solves the problem.
Email still works without a worldwide directory. People exchange email addresses and they keep lists of them known as address books.
It's starts closed and it is opened by invitation. Yep. That is exactly how it works.
If you cannot understand that approach, then that just means it's not how you think. It does not mean that the approach makes no sense or has zero utility.
Maybe a stupid analogy can be made if we pretend "Facebook" is the internet (of course it's not, but it does present a messaging system so play along for a moment). On the one hand you could make every Facebook user your "friend" and thus able them to send you messages, and then when people abused that privilege - and we know from experience some would - you could block them. On the other hand, you could only make a select number of people who you know and trust your "friends" and thus only give a select number of people the privilege to send you messages. Chances are, they won't try to sell you Viagra.
On the one hand there are times you may want to enable the entire network to be able to send you messages. On the other, there are times you may only want to allow a small subset to send you messages. Not sure about you, but I don't receive important email from all that many different people.
People's social circles are only so big. There is a certain carrying capacity beyond which it becomes unmanageable.
Your posts contain a baffling mix of incompatible ideas.
You argue against block listing, but then suggest blocking the entire Internet except the few people you want to send you email.
You say that only people who you have given your email address to should be able to send you email, and then you say there should be a lookup system to get email addresses. (But what's the point of the email directory system if you can't send email to someone because they haven't white listed you yet?)
> but I don't receive important email from all that many different people.
Eh, depending what you mean by "important" I do receive a lot of important email from lots of different people. My email addresses have been used on the public Internet for many years, and I've had a lot of communication to those email addresses, and those communications have brought me great joy. And I also have a variety of people who email me about work related stuff - I won't have prior knowledge of those people.
I think I'm missing something about your system. Please, is it something that you already have well planed out? (Even if not in a state that can be deployed yet) Or is this something that you've just started thinking about?
So long as you're not suggesting Challenge Response we can have a discussion about it.
I never said there should be a lookup system. Where are you seeing that? I said there isn't one and people still manage to get by. The other commenter was suggesting looking up addresses was some sort of problem. I'm saying it's a non-issue. If not having a public name-to-email lookup was a show stopper, then we would not be having this discussion because email would not be popular. People get by just fine without lookup. They exchange addresses and store addresses on their own.
Discussion is great. But you have to read carefully to understand what's being said. (If I am not being clear, then I apologize.) But if your mind is closed then there's no point reading what I'm typing because I am not regurgitating the usual ideas on email.
Anwyay, discussion is irrelevent when juxtaposed against running code. I'm interested in stuff that works more than getting approval from people in online forums.
This is not some new thing. Anyone can use email this way now. We all have good connections and bandwidth. There is no need for store and forward. What has stood in the way of using email as direct communication is people who can only see email being used one way: daemons that accept commands from any connection, spoofed IP's and all, and email as a service run by someone else, not a small program on the client's machine. If it was impossible to authenticate connections based on any other means besides real-time challenge-response, or DNS run by someone else, then how would people manage to run ssh daemons without the same problems as email?
Blacklists are run by anti-spam zealots who really don't care about what is fair or a smart idea.
For example my employer's mail server--which has been sending legitimate person-to-person emails for years (no bulk)--has ended up on blacklists several times because some blacklist operator decided to black-hole an entire netblock at our ISP.
From the blacklist operator's perspective, the broad effect of the block is intended to cause headaches for a ISP as a form of punishment for allowing outbound spam. Our deliverability (and many others) was just cannon fodder for that fight.
I wish we could get these anti-spam zealots to apply the same effort to stopping junk postal mail. The history of direct mail is interesting and perhaps instructive. It has been kept alive by those who do the delivery (cf. those who do the sending). I have sometimes wondered if the same might be true for email.
If your emplyer knows its recipients (e.g. business partners) and can coordinate with them to run an SMTP service for recieving and sending messages on a different port, would that solve the problem?
This is not a workable solution because the problem is not based on what port SMTP is running on. Organizations and ISPs voluntarily subscribe to email blacklists because they are desperate for any help in reducing spam volumes. They would filter email coming from blacklisted IPs regardless of what port it came in on.
You're basically proposing a whitelist solution, which has many known problems: it does not scale well; it does not handle new or unexpected email partners; it relies on the simultaneous cooperation of all parties; etc. In this particular case it also relies on spammers remaining ignorant of the new port for SMTP--which seems unlikely.
The problem is the open internet. There are ways to establish connections to a peer-to-peer overlay that take this out of the equation. The ISP is unlikely to block UDP traffic on some high port. Throttle perhaps, but not block.
That gets us around the port issue. Once you log on to the overlay, the ISP only sees one port.
Then we are free to do our SMTP of other messaging as we desire. Each connected machine can choose what ports it wants to listen on, if any.
And what if this does not need to scale? What if it's only being used for a small group of people? What if all the people know each other? A very specific but very common use case. Not everyone is a celebrity with a gazillion "friends". Nor is everyone constantly conversing with new acquaintances. Some people have old friends and family. So I've heard.
Is it worth the spammer's time to try to find an SMTP daemon for each indivdual email address? Under the current system, things are centralized enough that a spammer can spam hundreds, thousands or even hundreds of thousands of recipients via sending to a single SMTP daemon.
Spammers have to send enormous amounts of spam to be successful. Having to do extra work to find an SMTP daemon just to send email to one recipient, and have to do this repeatedly, seems like it would not be worth a spammer's time. At least, not when it's so easy to just spam people that are using email the usual way: allowing some third party to handle their mail.
If his employer knows the recipient the employer can ask the recipient to either stop using the block list, or to poke a whole in it and whitelist their email.
> For example my employer's mail server--which has been sending legitimate person-to-person emails for years (no bulk)--has ended up on blacklists several times because some blacklist operator decided to black-hole an entire netblock at our ISP.
You replied:
> If your emplyer knows its recipients (e.g. business partners) and can coordinate with them to run an SMTP service for recieving and sending messages on a different port, would that solve the problem?
That solution introduces a bunch of problems: you're running more software that's open to the Internet and thus introducing insecurity; you're asking people (who might not be technical) to install and run software and use a different mechanism when they want to communicate with a subset of users.
The other solution is to just ask the people that you're sending email to, but who are using a whitelist / block list to add you to the white list or exclude you from the block list.
You're making assumptions. About how things would work and about users and what they can and cannot do. Typical online discussion. Lots and lots of assumptions.
I do not understand your last sentence. Didn't he say his ISP is blocking outgoing mail? The recipients are powerless to unilaterally change that situation.
Think about this for a moment. Forget the corporate example. Imagine one user has a daemon listening for mail (no setup, it's all been set up for him:- it's "built-in" to his OS). Imagine there is an authentication method e.g. a shared secret and perhaps even some obfuscation like port knocking to hide the open port. Even assuming a determined spammer can get past this, is it worth his time? He will reach a grand total of one user.
We can even use a small overlay, where the IP addresses are private, not routable on the internet. The spammer needs to get into the overlay network first, again defeating things like shared secrets or perhaps private keys to identify machines before he can even get a shot a access to a listening mail daemon. That's not easy to do if the users stay logged in. And again, if the network is small, with a few hundred users or less, maybe only a handful, is it worth his time?
> It would seem to degrade the usefulness of EC2 for anyone wanting to run their own mailserver.
People chose whether or not to use a block list. Thus your problem isn't really with the person creating the list, but with the mail admin choosing to use that list to filter email. That person feels it works for them.
Very few people should run their own mail server. Email is, now, toxic. Spammers pretty much destroyed email; especially the ability for people to run their own servers for sending.
For a history of a (perhaps overly vigorous block list) look at SPEWS - spam prevention early warning system - which had a few honeypots and which happily blocked large ranges. The Usegroup news.admin.net-abuse.email has very many threads from innocent blocked users and wingnuts screaming "change your ISP!!"
Spammers destroyed an open email system that relies on a centrally controlled DNS. Probably because they were among the only ones who learned how email works. We never made the effort to teach the population at large, preferring instead to let email be centralized via "email providers". And now, after decades of spam, we still have people who argue it is the best, or even the only, way to do things.
Spammers did not destroy the protocol or well-designed email servers and clients.
"Very few people should run their own email server"
That mindset is why we have a problem, in my opinion. We have actively tried to prevent people from learning.
The history of block lists is a history of the failure of the "email provider" (i.e. "very few people should run email servers") idea. Of course, anti-spam is a career for some people, so "failure" is relative. They've succeeded in trying to exert control over a common internet capability, for profit.
The internet began as peer-to-peer. There was no "DNS". And there were no "email providers". Everyone had a responsibility to learn how to use the network and the basic services it could provide e.g. messaging. Then some people got some bright ideas about how to make money. "Spammers" were not the first ones.
Enjoy that spam in you inbox. It is the product of ignorance.
But if you're doing it legitimately, and not bulk emailing, EC2 has proper SMTP forwarders you can use. And if you ARE bulk emailing, they have a service (plus you're not using Gmail for that anyway).
SMTP doesn't just drop messages if the destination server is unavailable. It'll either get held back at an intermediary server until your server comes up again, or else it will be bounced back to the sender.
That's not true. It should either send the email to the recipient or return it to sender. But it should never just drop the message (except for bounces which can be dropped since there is nowhere to send them if delivery fails).
I think you and the parent are using different meanings of "guarantee."
Yes, everything in the protocol leads to the fact that nothing should drop an email unless it has passed responsibility of it to another server which has accepted the message.
Yes, one misconfigured server between source and destination can "eat" email and you'll never be the wiser. Doesn't happen often, but it can and the protocol does not detect it.
An SMTP daemon will try to send the message a certain number of times, at a certain interval, then, eventually, it will stop ("bounce"). You can configure these settings if you run your own SMTP service.
I risk new messages getting bounced, but all of my email is backed up on my computer. And I'd archive everything to s3 (which has never lost data to my knowledge) in case both my ec2 instance and my laptop disappeared.
You can set up a different mail server with a lower priority. I run my own server on a VPS, but have Google Apps' SMTP server as backup for those cases, and it's been working fine for months.
Assuming your ISP is not blocking port 25 and your internet address is not on some blacklist you can send mail directly from your machine. No need to use intermediary SMTP servers.
Is it possible that someone people might like to use their native SMTP capability for low volume noncommercial email? Does every person who sends email have some overwhelming urge to send spam? Such that we must place pseudo control over sending email, any email whether commercial or noncommercial, in the hands of "email providers"?
My ISP doesn't block port 25, but since my IP address is technically dynamic, it's on Spamhaus' Policy Black List. That said, my ISP offers SMTP servers for proxying outgoing messages, so I used that for a while. I switched to a VPS because my home server died.
Well, yes, because my ISP only offers static IPs for business contracts, which are more expensive overall, and my VPS only costs $2.3/month (and it doubles as a web server, hosting my personal landing page and an instance of Tiny Tiny RSS).
"Spammers use cheap dynamic IP's therefore anyone with a cheap dynamic IP that sends an email is a spammer."
That's not what they're saying.
"Very many spam emails come from people running an email server on a dynamic IP. Some companies were happy to host spam sending companies, and would put them in dynamic ranges so they could continue to get money from those spam sending companies and keep changing the IP address. The ratio of good email servers to bad email servers on dynamic IPs is so poor that blocking all dynamic IPs is, unfortunately, the only reasonably solution".
You can be on a dynamic IP and send email. Just don't send that email from a server on a dynamic IP.
What they're doing is making a very dodgey assumption. They might stop a few hundred potential spammers but they also stop millions of people who could potentially be using email more effiently and reliably (and Spam Free) by sending and/or receiving mail directly between their machines.
Email could be even more decentralized than it already is in practice. This could potentially make spam far more difficult.
Reading that quote (from SpamHaus?) two things come to mind:
1. We are entrusting the rules on our mail delivery to someone who begins sentences with "Very many" and lacks the attention to detail to spell "reasonable" correctly. Make of that what you will.
2. The "problem" is not the existence of "bad email servers" on dynamic IP's, it is the lack of "good email servers" on dynamic IP's. Why the heck aren't the millions of people on dynamic IP's using this capability? Answer: They do not know it exists.
To "replace email", we do not necessarily need to fundamentally change anything about how email works. What we need to do, perhaps, is replace the people controlling it and instruct "good" people how it works. As it stands, in general, the only folks who understand how email works are a. email providers (e.g. ISP's), b. spammers and c. spam fighters.
If the vast majority of email sent directly to recipients from dynamic IP's was low volume and noncommercial, the "bad apples" would be overshadowed by the good ones. And so would the anti-spam zealots be overshadowed by reasonable people who just want to communicate with each other (not necessarily trying to sell ED treatments to the whole of humanity).
Education is the way forward. People arguing against any sort of consumer education on something so basic as internet messaging are an interesting spectacle to behold. Their attitude should fuel the fire of anyone working on this "dangerous idea" of "replacing email". You know who you are.
It's not a quote from spamhaus. It's me re-wording your text.
> Why the heck aren't the millions of people on dynamic IP's using this capability? Answer: They do not know it exists.
No. Millions of people have no interest in running their own email server. What benefit do most people get from running their own server? (Where most people are those who have one or two email addresses, which they use for a couple of hundred contacts.) What benefit do small businesses get from running their own email server, rather than paying someone else to host the server?
> If the vast majority of email sent directly to recipients from dynamic IP's was low volume and noncommercial, the "bad apples" would be overshadowed by the good ones.
You clearly have no idea just how many spam emails were being sent. Something like 90% - 95% of all email was UBE. Much of this was sent from botnetted machines, and many of those would have been on dynamic IPs.
> anti-spam zealots
Conversation is fruitless if you attack the people who have the same aims as you.
> People arguing against any sort of consumer education on something so basic as internet messaging are an interesting spectacle to behold
But you're not suggesting to educate people on internet messaging. You're suggesting that people are educated on installing and maintaining a mail server.
Installing and maintaining a mail server. What OS doe you use? I'll bet there a whole host of dameons or services running and you never pay much attention to them. Someone else installed and configured them for you. And they just run all the time and you don't even pay attention to them.
What is an "mail server"? At its essence it's just a program that listens on a port for an incoming or outgoing message. Then you have programs for storing, delivering, forwarding, etc. And maybe you have perceived issues of being able to handle lots of messages. But you don't necessarily need all that if you are not providing email for other people. What if you're just a casual user who wants to send or receive a message to/from your friend? If I have an email daemon (or a "service" in Microsoft parlance) listening on a local port, I can type some text and "hit send" (or whatever method I choose to send the text to the daemon) and the mail is sent. No email provider needed. If the recipient has her email daemon listening for messages from my IP address (and only my IP address), she gets the message "immediately". There is no third party email provider. This is how email works.
There is also no spam if we do it that way. Her daemon is not open to the whole internet. It's only open to me. Why is this so baffling?
Neither third party email providers nor some rule that "no one wants to run an email server" or "no one should run their own email server" are a part of the email protocol. Those are your observations of what people have done so far and your opinions. They do not set limits on what can and cannot be done. Are we in the business of startups and trying new things or are we here to preserve status quo?
Email is internet messaging, one of the oldest forms of it. Email is a message sent in a specified format* over the internet. What could be more simple?
*Granted the format is rather rigid, but it's not too difficult for anyone to learn. It's like writing a business letter.
Millions of people have an interest in sending messages to each other over the internet. And millions of people have no interest in sending bulk email for commercial purposes. That's all I need to know. A project is born.
There is a need for an "email replacement" as many others have voiced and as pg identified in his list, but I'm afraid it's not going to come from anti-spam zealots. I appreciate what they try to do, but I do not appreciate their mindless, blunt-force methods and ideas about "good guys" and "bad guys".
There is an enormous amount of bulk email sent every minute of everyday. Just because it is "opt-out" doesn't make it any less impersonal and unwanted (or any less of a huge drain on the world's computing resources). Can we accept that some people have little interest in receiving bulk email, and that there may be a market (besides you) for email inboxes that are not open to marketers, but only to known contacts? Alas, that's not what the anti-spam zealots aim to address. They do not want to curb bulk email. They just want to stop certain senders.
This does not really move me toward my vision of email. It's just the same old thing. An inbox full of garbage.
