It’s a sad situation, email today. I ran my own self hosted email for close to a decade but finally gave up on it because mail that I send gets flagged as spam every now and then and I also received a ton of spam. Those two things were eating away my time. And either way, basically everyone who I correspond with use third party mail hosting so it’s not like it did much good that I was self hosting it anyway.
Email as a whole really is a mess. An outdated protocol with too many bandaids and a fundamentally broken model.
I've been running a mail server for about 8 years now for me privately. I use it only for ordering stuff and for communicating with vendors but it works very well. Large e-mail providers never block me as far as I can tell, small ones i don't know. But I never get the feeling that my mails don't arrive in time.
I've also run servers with applications that send out automatic mails and there, problems were bigger. I think this is because there are a lot of mechanisms such as SPF that miss when an application simply uses sendmail. I've followed the archwiki instructions [1] mostly, a couple of years ago, and it works very reliably.
This won't help protonmail with abusing users but for a private server, it works well. I think a server also builds reputation over time.
But honestly I don't understand why it works entirely. However, I wanted to say that private mailservers are not doomed :)
Same here. Had my own mail server for 20+ years. Occasionally tweak it when things change, e.g. SPF being enforced or DMARC.
Registered in most postmaster tools, but at my rate of sending, this is only to have a chance of being herd if problems arise.
There were a few blockages over the years, the last ones came from Microsoft: once in a while they refuse to use A records if MX is not present, or just swallow your mails.
For the important mails to first-time recipients I ask to RSVP, which works out beautifully. People know that email can be unrealiable.
I gave up on my domain registered back when an ISDN 64k channel was a viable internet connection, partly because the amount of inbound email spam was absurd. The spammers ruined email long before Gmail was a thing.
That's a good way to make sure only spammers can contact you. I don't conceal my email address and I get at least a thousand spam emails per day. If it lets one good stranger contact me per day then it's worth it. Being a Gmail early adopter, I also get so many emails due to typos or incorrectly filled out forms where people are trying to contact someone with a similar name. It's interesting to learn about what people who share my last name are doing.
I see a dozen spam emails per day at most, there are weeks when I do not see spam at all. This is not a big price to pay for independence. The rest is caught by spamassassin. I retrained it several years ago last time.
Sometimes I miss being part of a larger network of email providers that share spam signatures, but not enough to start searching.
That sucks. All I can say us that I run spamassassin and never lose mails. I receive some marketing on my info@ and webmaster@ aliases, mostly for SEO. But fortunately there isn't much coming in. I use custom aliases for registrations and such so I can notify the source in case my associated mail address with them is being spammed. But that rarely happens. I've never had to block an address, spam always stopped coming in after 2-3 mails when it leaked from somewhere.
It's probably good not to have html / load external media enabled. Makes the address seem inactive because tracking mechanisms won't work (e.g. tracking pixels [1].
Jesus Lord. I don't receive that much email in a week, legitimate plus spam combined.
I get what you're saying about independence, but using your own domain and pointing MX to any decent email service gets you 90% there with way less pain IMHO.
I feel like the problem is that people got too touchy about spam delivery.
This gave large email providers license to nuke everyone but other large providers or impose various performative-dance "standards" like SPF/DKIM which seem to just be footgun factories for non-experts.
The other problem was some very black-and-white models of mailer behaviour. Back when ISPs actually published delivery guidance, it was either "you're an individual sending 10 messages a year" or "You're sending a mailing list of 500,000 per day." The guidance was usually limited to nonsensical for things like transactional email or notifications, and I suspect smaller "regular mail services" hit similar corner-cases.
I have to wonder if these conditions eventually became a perverse incentive: oh, deliverability sucks for your small business? We'll happily host your domain and emails and make sure they get through. It's now in their best business interest to be as balky and hostile as possible.
To me, spam filtering rules should be entirely at the USER level. The provider can offer an array of tools, but they have no business blocking unless there's a distinct "the user checked this specific box and this is why the message was denied" paper trail available.
Maybe I'm an outlier -- I'm far more worried about false positives than false negatives. My work email gets negligible spam, but I've definitely seen the "can't be fully disabled" filters chuck actual time sensitive business-related messages into the spam folder repeatedly, and had to patch together anti-filtering rules for it.
You're definitely right about that. I remember back in the day of Slashdot whenever somebody posted a solution to fixing spam this used to a default reply (1) and it was pretty hard to refute.
> Email as a whole really is a mess. An outdated protocol with too many bandaids and a fundamentally broken model.
Perhaps true at a technical level, but in a practical sense it's vastly successful. Super-quick communication between a few billion people, where all you need to get in touch with someone is their address.
Payment. Every emailed sent needs a payment token. Maybe like a few cents similar to postage. If your reputations got screwed because doing spamish activities, rates go up cost say 1 dollar per email. Each sender must have verified account just like FB that maps to your national IDs. Over night spam will plunge. Of course getting this implemented across the world would be impossible. We could wage war with any countries that refuse to participate...just like any countires wishing to undermine USD. So to summarize, just live with it. Nothing can be done without you sacrificing something dear to you. Spam is a minor nuisance we all can tolerate.
So instead of hacking servers to mine crypto, we hack them to send paid spam and possibly collect the delivery fees too for some double dipping.
I had this same idea as you, and I simply don’t see why people would pay to send emails when they’re already nearly free for most personal use cases. Businesses already pay to send email via third parties usually. Wouldn’t fake email signups get spammed to receive the sending fees from compromised email servers?
I could foresee a sending fee in the form of attention, with captchas for email sending, possibly attached to the outgoing email as metadata.
Why not just do things like instant messaging? Everyone signs their email and you only accept email from people you know. Define an introduction message format that would get run through a spam filter and be put in a separate folder. If you want to interact with the entity that sent the introduction then you add them to your keys.
Can be done entirely with stuff available in the fundamentally broken model. I mean, if you want to accept email from just anyone, how can you complain when just anyone sends you email? Not a technical problem, it is a people problem.
And at the same time there is an uptick in obvious spam that gmail mistakenly classifies as ham.
Recent example:
---
From: linda bartony <linda.bartony151985@gmail.com>
Hi jacquesmattheij Team,
Hope you are doing well.
My experts were analyzing your website and found that your website is not handling recent updates from search engines.
It’s a fact that having a website won’t make you bring in visitors. If you do not get higher search visibility, rankings, and organic search traffic, you may fall behind your competitors.
Google wants its visitors to have the best possible experience and these factors play an important role in determining your rank in SERP:
1. For most of the competitive keywords or phrases you rank beyond 100.
2. Your website is not ready for the upcoming responsive design update.
3. So many technical errors present on your website making it difficult to index.
4. Lack of theme-based quality backlinks.
We follow a technically advanced and tested approach to adhere to the latest algorithmic updates. We will prepare an advanced digital marketing campaign to generate maximum traffic and enhance your ranking.
Sounds Interesting! Please reply to us back and our PR executives will get in touch, with a detailed analysis report without any obligation.
Best Regards,
Linda barony
---
It doesn't get much more obvious than that, but hey, the origin is gmail so it must be good. Meanwhile, I can't reliably send mail from my own email server to my gmail account without it routinely being classified as spam.
> the origin is gmail so it must be good. Meanwhile, I can't reliably send mail from my own email server to my gmail account without it routinely being classified as spam.
This sounds like an anti-competition filter rather than a spam filter.
In other words, Gmail again blocks desired email based on the preferences of other Gmail users. Gmail is like a really toxic high school; you won't do well if you are into things that the majority doesn't like.
The problem comes from the giants using close source algorithms for mail filtering... yes, they are very efficient at filtering spam, but you have no way to align on their close source filtering process to make sure your email goes through/not marked as spam. Ironically, I once in a while receive a spam from a gmail account, and it is not marked as spam.
I would also add we are the problem, we picked the giants because they are free and convenient. By doing so, we gave them way too much power over the email ecosystem and they can start making their own rules.
The only way forward in my opinion is moving out of these allegedly free services and making the internet user centric again by de-centralizing.
> The problem comes from the giants using close source algorithms for mail filtering
The root cause is that email is an open messaging network without moderation and sending cost. Other open network is SMS, but because of the sending cost the spam problem is much smaller, albeit still exists.
Not a new idea, and one I've been mildly enamored of at various points. At this point I'm somewhat ambivalent, but I think the standard responses are (depending on details of the plan):
(X) Mailing lists and other legitimate email uses would be affected
(X) Users of email will not put up with it
Specifically, your plan fails to account for
(X) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Jurisdictional problems
(X) Public reluctance to accept weird new forms of money
(X) Extreme profitability of spam
(X) Armies of worm riddled broadband-connected Windows boxes
(X) Dishonesty on the part of spammers themselves
and the following philosophical objections may also apply:
(X) Sending email should be free
(X) Killing them that way is not slow and painful enough
In the last couple of months I’ve been receiving enormous amounts of entirely obvious spam to the spam folder on gmail. Like it or not things are misclassified so you need to keep an eye on that folder. I’m now getting 10-20 spam emails a day about bitcoin, missed delivierie etc. it’s as if they have made a decision to not filter those entirely anymore.
I wish it was possible to let users manually white list domains.
Emails could contain some form of standard header to ask users if they want to white list/add an address to their contact list, and other emails would be down as default.
I know email is a good protocol, but reading email headers made my eyes bleed.
One problem is that Spam is not a well-defined concept. There is criminal activity using harvested or generated addresses. And there is annoying marketing from perfectly legal organizations I have given my address to. I would prefer a spam filter that just handles the first case. I can handle the second case by filter rules or unsubscribing. The problem is that Gmail tries to solve both problems with one solution and the result just doesn't work even close to reliably.
> The problem is that Gmail tries to solve both problems with one solution and the result just doesn't work even close to reliably.
Does it? My understanding is that gmail's spam filter only tried to catch the first kind of mail? I guess if you mark stuff you've signed up to as spam then it will put those in spam for you, but that's a user choice.
Gmail is definitely known to have weird blackbox rules about when and why something ends up in spam. I used to work somewhere that sent out a daily newsletter to a large audience and Gmail would occasionally decide to send it to spam for people who would read the e-mail everyday.
I am pretty sure it does. Doesn't it even say "Why is this message in spam: Because similar messages have been marked as spam before"? (Don't recall the exact wording). I hardly get any false negatives, so I don't mark much as spam. but I get regularly false positives and I mark them as "not spam". Still the behavior does not seem to improve. So I assume others marking newsletters and marketing as spam will also affect how the spam filter works for me.
I get very little real spam (abuse from harvested addresses). I use throw-away addresses everywhere. If one gets harvested I throw it away. I forward all mails to gmail and their false positive rate in spam detection is well over 50%. I cannot see that clicking not spam improves the situation. Well, I don't know how much they would classify spam if I'd never clicked it.
From some experience this seems to not always consistently work. If people don't explicitly whitelist me I'll often start showing up as spam years later.
Email as a whole really is a mess. An outdated protocol with too many bandaids and a fundamentally broken model.
But what can we do?