we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

  • Banshee@midwest.social
    link
    fedilink
    English
    arrow-up
    20
    ·
    5 months ago

    Self hosted email is its own can of worms. I wouldn’t recommend it to anyone outside of experienced IT people. You’ll end up blacklisted before you send your first email if you do anything wrong (and there’s a lot that can go wrong), and it doesn’t solve any security problems email has.

    Anything sent over email just isn’t private. That goes for Proton customers when they send or receive anything from a non-Proton address too. The one thing privacy email providers can actually do is keep your inbox from being scanned by LLMs and advertisers. That doesn’t prevent the inboxes and outboxes of your contacts from being scanned, though.

    If you use email, the best thing you can do is be mindful of what kinds of information you send through it. Use aliases via services like simple login or anonaddy when possible. Having a leaked email is a security vulnerability. Once bad actors have your email, they now have half of what they need to breach multiple accounts.

    • David Gerard@awful.systemsOPM
      link
      fedilink
      English
      arrow-up
      18
      ·
      edit-2
      5 months ago

      have been that sysadmin setting up a company email server. postfix is trivial to set up, absolutely the easiest experience. following that, though, was weeks of supplicant emails to MS to beg them please not to block us. My recommendation was never do this again, use a third-party outgoing email vendor, email is lost.

      • Avatar_of_Self@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        6
        ·
        edit-2
        5 months ago

        MS will send your mail straight to spam if you do not set up your domain keys and DMARC in DNS correctly and do not have a reject or quarantine RUA or the email(s) in your RUA bounce.

        Sometimes you may get temporarily sent to spam if your IP is in a /28 of a known spammer IP.

        That’s about it.

        • David Gerard@awful.systemsOPM
          link
          fedilink
          English
          arrow-up
          8
          ·
          5 months ago

          plus the bit where you wait six weeks for a response to your request that they unblock you

          none of this process is fucking simple

          • Avatar_of_Self@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            5
            ·
            edit-2
            5 months ago

            I’ve never had to ask MS to unblock me and it sure as hell doesn’t take 6 weeks or even 3 days for them to automatically see if everything is right again.

            I even set up a non traditional domain with a “non-generic” tld a couple of years ago and I think it was around 16 hours or so before my test emails were hitting outlook inboxes.

            Additionally, I think Google still wants SPF setup though it is pretty useless now. And if your RUA was set up right, as I recall, you get an automated email from MS telling you why your mail went to spam (or was rejected), which is the point of it to begin with.

              • Avatar_of_Self@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                5
                ·
                5 months ago

                As a tip for next time, if you really want to host your email but you don’t want to put up with dealing with emails being sent to spam boxes, you can just use an SMTP relay/proxy provider. Your email isn’t hosted there but they do send it on and will be the ‘source’ mail server and is going to be much, much, much cheaper than paying someone to host your email for a bunch of users.