Hacker News new | ask | show | jobs
by suriya-ganesh 147 days ago
Interesting take, but this feels like one of those tarpit ideas that YC discourages their portco to start attacking.

Guaranteed this is going to attract a ton of abusers who are looking to use this for signing up to services, spamming or other nefarious purposes, which then blacklists the doman. This is an infinite whack-a-mole.

do you guys have some ways of handling it?
2 comments
mhykim 147 days ago
We do have robust checks in place to catch spam and bad actors(reputation, SPF DKIM DMARC, etc.) but as with all tools there will be bad actors who come up with creative ways to scheme for nefarious purposes.

We expect our infra and policies to evolve with usage, and one of our goals is to make agent driven email safer than the status quo, not just more scalable

link
bofadeez 147 days ago
But as of now you're just wide open for abuse? Okay

Resend uses SES since it's almost impossible to get private IP mail to hit the inbox through ProofPoint filters. Looks like you have no idea about any of this. You don't even have knowledge of email reputation, much less a plan. Have you heard of Senderscore? You will have all zeros. Saying "SPF DKIM DMARC" is wild - that's a checklist from 15 years ago.

link
mhykim 147 days ago
I think we’re aligned on the hard parts here, so let me be precise.

We’re not wide open for abuse nor are we bypassing the hard parts of email reputation. Quite the opposite. We also utilize SES's infrastructure and monitor reputation continuously, but we don’t assume SPF/DKIM/DMARC are sufficient on their own. They’re basics we have implemented, not the entire strategy.

You are correct private IPs per customer make sense once you’re sending meaningful volume (on the order of ~10k+/day per IP). But its inaccurate to say we are sending from a single private IP. IP pools are typically segmented by reputation and traffic profile for customers.

Reputation here is earned at multiple layers: per-IP, per-domain, per-inbox, and over time. We rate-limit, isolate, or revoke bad actors without poisoning unrelated senders. Hopefully this makes sense.

link
themanmaran 147 days ago
I don't think they use the agentmail domain for sending emails. Users connect their own domain and manage reputation (similar to all the other email marketing tools)
link