@aral @cancel

Getting a privately run mail server to play with the big guys is damn hard.

@aral @cancel Correct. It is unlikely that individual fediverse servers will continue to be a thing and that would be a terrible shame because there is no fediverse without treating the smallest and/or the slowest (or not always online) servers the same as the biggest & the fastest ones.

@aral@mastodon.ar.al @cancel@merveilles.town Sharing the fear. If mastodon.social defederates you, you're out. #fediverse

@aral @cancel I don't think e-mail is example of embrace extend extinguish. I think it has two other problems:

1) people mostly did not self-hosted in past (you got your e-mail adress from employer, university, internet provider or big web portal)

2) SPAM

Also e-mail is ancient protocol and tooling is also ancient.

@aral @cancel this precisely. Cory Doctorow ( @pluralistic ) wrote about the same topic here: https://doctorow.medium.com/dead-letters-73924aa19f9d

@aral @cancel That's exactly what people get scared about when they hear that companies like Cloudflare get interested in the Fediverse.

I did not give it a deep look, but Cloudflare's Wildebeest runs exclusively on Cloudflare infrastructure. That's already a way towards a strong position for 'extend' and also 'extinguish' techniques like "spam filtering".

@aral @cancel .

I've always thought of email as a service like old telephony, electricity delivery system, or a reasonably well paved highway system to take long motorbike rides on.

The idea of hosting a mail server sounds interesting but coming from the days of teletype and BBS it's an anachronism akin to a "free" operator doing a directory lookup for a "land line" number.

@aral @cancel the difference is that with email part of the deal is that you can send a message to anyone else with email. Nobody would join a group of 100 like-minded individuals and have their own email network in addition to the Big Email one.

The fediverse is more like a loose collection of forum sites which intercommunicate - so while yes, there could end up an oligopoly as far as the masses are concerned, that doesn't stop the open fediverse from existing alongside it.

@aral Exceptionally clear and well written. I also read his proposal for a solution. Could NGO's like @edri and @bitsoffreedom help by advocating? How should we go about this?

@aral @cancel

FWIW, just FTR, just my 2 cents etc...

I and many others are still fighting the good fight. See here:

https://stop.zona-m.net/tag/email/

the posts marked in the screenshot. If you like them, and those coming in the next reply about the other Standards That Must Not Die, thanks in advance for sharing them as much as you see fit.

@aral @cancel Yeah, I used to host my own mailserver too, but trying to get things actually delivered became too much of a pain. It's a shame.

@aral
Read this article while thinking of the "please, no talks about politics, only tech here" folks.

Enjoy.

@cancel

@aral @cancel I made an anonymous message box on my onion website that sends a message into a txt file on my computer. I think I can do a reply page setup. So people could check for my replies. That could go around all of the big tech bullshit.

@aral @cancel

cause it encodes its attachments in base64 ?

...

J\k

@aral @cancel they cloned my gmail , yahoo mails inbox.

@aral @cancel this got to me a bit and it's weird to think how much email has changed.

I've been round long enough to remember when everyone's email addresses were either their university, company or ISP. Even most universities now seem to just point their domain at Gmail or Microsoft. It's a real loss to the diversity of the net.

I can easily imagine a future where megacorp fediverse instances grow and then defederate from independent servers.

@aral @cancel I can very much relate to that. During my masters final project, the team and I developed a phishing platform and we found out that it was *really* hard to get e-mails sent to the end inbox, especially on some providers.

Debugging this case is hell as those o365, and other providers, blackbox are just meant to keep their advantage and force users to them.

Later as a pentester in charge of most phishing missions, I found out that Google was from far the worst.

@aral @cancel I keep seeing this comparison and IMO it misses the point. Consolidation of non-technical users onto well-run servers isn’t an if but a when and at some point spam will likely force those servers to not default to federate. However the fediverse, like email, always allows for an escape hatch. Expecting to leave it default open for federation is not realistic. Similar to BGP, the era of the “assume positive intent” internet is long over.

@aral @cancel let's be very clear, the email oligarchy became a thing because everyone took email for granted. They failed to evolve the user experience. The email #ux literally stagnated for a long time. That's why Gmail was so huge, it came with fresh ideas and experiences. It made email pleasant again and forced the other big providers to do the same. Sadly local application based email wasn't as good and so everyone moved to the next available.

@aral

That's why proactive blocking of entrenched interests coming in should be a strategy in fediverse communities. Most totalitarianism friendly instances get blocked I don't see why should Google, Apple, Microsoft, Medium, Valve, etc be allowed free reign.

@cancel

@aral @cancel

It's not a simple "my personal server" vs "big tech".

There are many smaller companies that provide email.

One of the advantages of using a specialist provider vs self-hosting is that it's their full-time job to manage spam filters and blacklists while ensuring their mail gets through.

You'll get better service than big tech.

I've worked for one before. Managing spam and malware, and following up blacklists is a lot of work.

@aral @cancel many people here complacent about this but I've been given reason to be optimistic by the numbers who aren't, and also how some who were have heard my arguments and changed their minds. (Mainly on my tech account. I did a poll there recently and off the bat 30% favoured banning corporate instances and there were some great discussions in the replies.)

@aral @cancel I’m glad I’m not the only one dismayed by this trend.

@aral @cancel

Seeing a lot of parallels to my own experience here with self-hosted email.

I had a personal server setup for $5 a month, handling all the mail for my immediate family. Did all the same hoops mentioned in the post, and still saw emails going to spam or “hellbanned”.

Ended up moving it over to Fastmail, it was far too much hassle to keep running and fighting blocklists.

@aral @cancel After nearly 20 years of hosting my own mail servers I finally gave up last year. I was embraced and extinguished.

@aral @cancel ...not because of some corporate conspiracy theory... because of SPAM.

@aral @cancel Maybe a bit more like BBSing back in the '90s, when the BBS networks came in.

BBSing didn't end because someone took over BBSing. AOL came along and everyone went there, because everyone went there.

@aral @cancel all that being true, if email had opt-in for receiving email (aka 'follow') my inbox would be spam free. And the moving goalposts of DKIM & SPF records & mail server IP reputation etc that were added to try deal with spam/filters and allowed the monopolies to squash competitors, wouldn't be needed.

(Which isn't to say the fediverse doesn't have big centralisation vulnerabilities say around caching/media storage/notifications etc - but more that not all monopoly risks are the same)

@aral this is breaking my heart, I shouldn’t have read this first thing in the morning 😭

I’m intimately familiar with this problem (been running my own mail since at least 1999) and they’ve almost worn me down too. When I consider this I can’t see any reason they can’t use the same trick to undermine any protocol, including ActivityPub.

The worst part is that my email server work just fine talking to other email servers, it’s just not compatible with AOL err.. Gmail.

Fuck

@cancel

@aral @cancel @mgifford Last year I had to stop self-hosting as well. It just became increasingly impossible to meet the demands of the big players and have mail delivered.

Interestingly enough, I started my first mail server in 1998 as well.

@aral @cancel Sheesh! I guess I will keepI using #Google / #Gmail for my email provider. Space is cheap & it works around the world.

@aral @cancel I think we need to inform EU bureaucrats and politicians about that.

@aral @cancel while I do feel this I don't think its really that true. I self-host my email and only once every 30/60days do I have to fallback to a mail address from the big 5. 29/30 times it works fine.

@aral @cancel But why? The primary destroyer of e-mail was spam, not the silos. The silos triumphed because they were able to defend well enough against spam to keep e-mail useful. That’s my concern about the fediverse. I don’t see enough inherent hardening in the design against organized large scale abuse.

@aral @cancel I disagree. Running a secure email server with a good reputation is hard work, and not the kind of thing you can do casually any more, but I'm not convinced that the big providers have much of an advantage beyond having the resources to properly configure and manage their services (and IP blocks). Actually, even Microsoft has some low-rep IP blocks (which it manages to its advantage). If anyone has the time to manage their mail services properly, they absolutely can still do that.

@aral @cancel I have helped run an email server for a decade for a few thousand people. I think that to use the words "embrace" and "extend" misrepresents the problems, attributing malice where there is only a mismanagement of network effects and a lack of long-term vision. Much of the internet is rickety infrastructure maintained with the precarity of sailors treading water in a perennially sinking boat.

@aral @cancel The network is populated by hostile actors as well, solving spoofing and spam required giving the best connected nodes of the network a proportional responsibility for its authentication, to cooperate for the common good. That is how networks work. That's what decentralization actually looks like. Now the question is why did some nodes get so damn big?

@aral @cancel despite all of the truly evil things Google does, *this* is why I hate them.

@aral @cancel It should still work, unless they have closed port 25 for incoming traffic?

@aral @cancel fucking connection providers blocking the ports for email. For the moment I solved by using a forward service. I don't manage a high volume of emails. Not the best for privacy but you can encrypt your email if this is an issue for you. Where I live if you don't own a static IP you're dead meat.

@aral @cancel

https://github.com/mail-in-a-box/mailinabox

@aral @cancel This isn't simply about spam -- from
CALEA to #chatcontrol , the main purpose of online communications has been to generate records for prosecution. It is harder for companies to scan, AI-read, archive, and provide law enforcement services about your email ... if they don't have a stranglehold on the email! See also

https://chatcontrol.dk/en/

@cancel @aral I’ve been running my own mail server on a VPS without issue for a few years now. Once all the SPF, rDNS, DKIM, certificates were sorted I made it past even the most strict servers like Google and Office 365.

@aral @cancel We can't let this happen with other self hosted services. It is currently much easier to run a fediverse instance, RSS server, and other services, but people using browsers and other tools provided by the big gatekeepers get scary messages about the site being unsafe. I tell people to switch to a different browser or email client that doesn't 'monitor them for their protection'. I don't know what other solutions we have to get around them and prevent this from expanding.

@aral @cancel Question: why haven't people like you replaced email with a standardized web contact interface? I was thinking you'd provide a website link with some name for a soon-to-be-familiar-looking interface, where people can leave you messages or even files on your own server. The idea of SMTP, with personal messages running around through multiple unsecured servers, never really made that much sense anyway.

(But can you dodge the ID check and key escrow for https now?)

@aral @cancel @gregpak I gave up two years ago, the worst offender in this space is Microsoft, there is no way to get off their blacklists. Using Proton now.

@aral @cancel

Well, this is depressing, I was thinking of doing exactly this after two decades of NOT running my own services.

Oh well, at least you saved me several days of frustration. 😼

@aral @cancel Which opened up the idea of "Why isn't there an independent fediverse of independent email servers?"

@aral @cancel I would also disagree with that article. I have been self-hosting my mail server on #gentoo from my broadband for 6 years or so with no issues at all.

It's even fairly low maintenance, mostly runs fine after initial setup.

@aral
@cancel @elias

It saddens me when people are confused my email address doesn't end in Gmail.com, icloud.com, or Outlook.com.

I've never had my own, but I did leave Gmail.

@aral @cancel Just don't comply with their demands. Eventually someone is going to have to contact you but can't. If enough independent servers are uncontactable, it will become a problem with the big companies. Eventually, companies will have to cave. @ryo has already made a blogpost about it. (Tor only though)

http://asc7ewkcvat2wsoi5yuwkej5ukyrqqnpnzpj4u34r2jxnoxhnbx6yqad.onion/blog/liberate-email-ignore-dkim/

@aral @cancel "tried all the silver bullets recommended by Hacker News, used kafkaesque request forms to prove legitimity, contacted the admins of some blacklists."

oh my gooddd. as someone who's had to do this in recent memory just because the domain name *extension* was flagged as "bad vibes" i feel this article in my bones.

yes, spam is an issue, but email deliverability has become a shitfest.

jeezaus

and this is a good heads-up. big tech will obviously try to throttle mastodon too =/

@aral @cancel you are a brave lad. Or a pro admin! Running a host in the cupboard under the stairs is not for amateurs.