[codetrotter]

It’s a sad situation, email today. I ran my own self hosted email for close to a decade but finally gave up on it because mail that I send gets flagged as spam every now and then and I also received a ton of spam. Those two things were eating away my time. And either way, basically everyone who I correspond with use third party mail hosting so it’s not like it did much good that I was self hosting it anyway.

Email as a whole really is a mess. An outdated protocol with too many bandaids and a fundamentally broken model.

But what can we do?

[eloeffler]

I've been running a mail server for about 8 years now for me privately. I use it only for ordering stuff and for communicating with vendors but it works very well. Large e-mail providers never block me as far as I can tell, small ones i don't know. But I never get the feeling that my mails don't arrive in time.

I've also run servers with applications that send out automatic mails and there, problems were bigger. I think this is because there are a lot of mechanisms such as SPF that miss when an application simply uses sendmail. I've followed the archwiki instructions [1] mostly, a couple of years ago, and it works very reliably.

This won't help protonmail with abusing users but for a private server, it works well. I think a server also builds reputation over time.

But honestly I don't understand why it works entirely. However, I wanted to say that private mailservers are not doomed :)

[1] https://wiki.archlinux.org/title/Mail_server

[sam_lowry_]

Same here. Had my own mail server for 20+ years. Occasionally tweak it when things change, e.g. SPF being enforced or DMARC.

Registered in most postmaster tools, but at my rate of sending, this is only to have a chance of being herd if problems arise.

There were a few blockages over the years, the last ones came from Microsoft: once in a while they refuse to use A records if MX is not present, or just swallow your mails.

For the important mails to first-time recipients I ask to RSVP, which works out beautifully. People know that email can be unrealiable.

[technofiend]

I gave up on my domain registered back when an ISDN 64k channel was a viable internet connection, partly because the amount of inbound email spam was absurd. The spammers ruined email long before Gmail was a thing.

[3np]

One vital thing is to not put your email address in clear-text online, especially heavily indexed sites.

The moment I had a real email address end up in the AUTHORS file of nodejs, that address is now a spamhole. Domain is otherwise fine.

Another can be buying a new domain that (perhaps purely coincidentally) that has already made the rounds into spammers dbs.

[jart]

That's a good way to make sure only spammers can contact you. I don't conceal my email address and I get at least a thousand spam emails per day. If it lets one good stranger contact me per day then it's worth it. Being a Gmail early adopter, I also get so many emails due to typos or incorrectly filled out forms where people are trying to contact someone with a similar name. It's interesting to learn about what people who share my last name are doing.

[technofiend]

Oh for sure but although I got a fair amount my domain owner email address was just swimming in it. As others have said thousands of emails a day.

[3np]

Oh yeah, these days I hope it’s common practice to use separate email addresses for separate prurposes for individuals too.

So yeah, domain owner is a tough one but shouldn’t really receive legitimate inbound contacts as long as you have some other contact method on the/a associated website. Personally I just black hole that one.

[sam_lowry_]

I see a dozen spam emails per day at most, there are weeks when I do not see spam at all. This is not a big price to pay for independence. The rest is caught by spamassassin. I retrained it several years ago last time.

Sometimes I miss being part of a larger network of email providers that share spam signatures, but not enough to start searching.

[eloeffler]

That sucks. All I can say us that I run spamassassin and never lose mails. I receive some marketing on my info@ and webmaster@ aliases, mostly for SEO. But fortunately there isn't much coming in. I use custom aliases for registrations and such so I can notify the source in case my associated mail address with them is being spammed. But that rarely happens. I've never had to block an address, spam always stopped coming in after 2-3 mails when it leaked from somewhere.

It's probably good not to have html / load external media enabled. Makes the address seem inactive because tracking mechanisms won't work (e.g. tracking pixels [1].

[1] https://en.m.wikipedia.org/wiki/Web_beacon

[sam_lowry_]

Using mutt to read mail definitely helps.

[5e92cb50239222b]

> a dozen spam emails per day

Jesus Lord. I don't receive that much email in a week, legitimate plus spam combined.

I get what you're saying about independence, but using your own domain and pointing MX to any decent email service gets you 90% there with way less pain IMHO.

[lambada]

How much of that difference is because your external email provider is silently swallowing the most egregious spam such that you don’t even realise they’ve done so? I suspect the folks who run their own are monitoring all the email with none being missed from their stats.

[hakfoo]

I feel like the problem is that people got too touchy about spam delivery.

This gave large email providers license to nuke everyone but other large providers or impose various performative-dance "standards" like SPF/DKIM which seem to just be footgun factories for non-experts.

The other problem was some very black-and-white models of mailer behaviour. Back when ISPs actually published delivery guidance, it was either "you're an individual sending 10 messages a year" or "You're sending a mailing list of 500,000 per day." The guidance was usually limited to nonsensical for things like transactional email or notifications, and I suspect smaller "regular mail services" hit similar corner-cases.

I have to wonder if these conditions eventually became a perverse incentive: oh, deliverability sucks for your small business? We'll happily host your domain and emails and make sure they get through. It's now in their best business interest to be as balky and hostile as possible.

To me, spam filtering rules should be entirely at the USER level. The provider can offer an array of tools, but they have no business blocking unless there's a distinct "the user checked this specific box and this is why the message was denied" paper trail available.

Maybe I'm an outlier -- I'm far more worried about false positives than false negatives. My work email gets negligible spam, but I've definitely seen the "can't be fully disabled" filters chuck actual time sensitive business-related messages into the spam folder repeatedly, and had to patch together anti-filtering rules for it.

[superasn]

>But what can we do?

You're definitely right about that. I remember back in the day of Slashdot whenever somebody posted a solution to fixing spam this used to a default reply (1) and it was pretty hard to refute.

(1) https://craphound.com/spamsolutions.txt

[yosito]

> But what can we do?

Use Fastmail, or anything other than Gmail, basically.

[remus]

> Email as a whole really is a mess. An outdated protocol with too many bandaids and a fundamentally broken model.

Perhaps true at a technical level, but in a practical sense it's vastly successful. Super-quick communication between a few billion people, where all you need to get in touch with someone is their address.

[Jansen312]

Payment. Every emailed sent needs a payment token. Maybe like a few cents similar to postage. If your reputations got screwed because doing spamish activities, rates go up cost say 1 dollar per email. Each sender must have verified account just like FB that maps to your national IDs. Over night spam will plunge. Of course getting this implemented across the world would be impossible. We could wage war with any countries that refuse to participate...just like any countires wishing to undermine USD. So to summarize, just live with it. Nothing can be done without you sacrificing something dear to you. Spam is a minor nuisance we all can tolerate.

[aspenmayer]

So instead of hacking servers to mine crypto, we hack them to send paid spam and possibly collect the delivery fees too for some double dipping.

I had this same idea as you, and I simply don’t see why people would pay to send emails when they’re already nearly free for most personal use cases. Businesses already pay to send email via third parties usually. Wouldn’t fake email signups get spammed to receive the sending fees from compromised email servers?

I could foresee a sending fee in the form of attention, with captchas for email sending, possibly attached to the outgoing email as metadata.

[upofadown]

Why not just do things like instant messaging? Everyone signs their email and you only accept email from people you know. Define an introduction message format that would get run through a spam filter and be put in a separate folder. If you want to interact with the entity that sent the introduction then you add them to your keys.

Can be done entirely with stuff available in the fundamentally broken model. I mean, if you want to accept email from just anyone, how can you complain when just anyone sends you email? Not a technical problem, it is a people problem.

[jareklupinski]

move to the next thing, and then the next thing, and then the next thing

staying ahead of each Eternal September means getting up and moving :)

Discord/SMS/WhatApp/Signal... so many competitors trying to ferry our ASCII...

maybe its not the tech that's broken?

[dTal]

>But what can we do?

Bring a class action antitrust suit to Google?