Didn't one of y'all write an ebook on hosting your own mail server? Or have a blog series about it or something? #hostyourown #smtp

My day started with welcoming agmKHzyPT1wK_sLBlBs0KzXZt_18274@skapet.bsdly.net to the imaginary friends population at https://nxdomain.no/~peter/traplist.shtml, this one generated by whatever runs the service check@taknc.com, hosted in AS134963 (Alibaba) address space.

How is your day going?

heh. my 2011 rantlet "The Problem Isn't Email, It's Microsoft Exchange" https://nxdomain.no/~peter/the_problem_isnt_email_its_microsoft_exchange.html made this week's "Valuable news" by @vermaden https://vermaden.wordpress.com/2025/03/17/valuable-news-2025-03-17/ #smtp #email #exchange #spam #security #timesinks

I thought I had seen it all when it comes to mail delivery and security issues.

But this morning I was introduced to the fact that there are Exchange admins who will implement a rule that all incoming mail from outside their own organization should be flagged as potentially dangerous and presented to the user with the option to block sender and no option to mark the message or the sender as valid.

Yes, that for every single message.

The Problem Isn't Email, It's Microsoft Exchange -- it turns out my 2011-vintage rant still rings true, now also available trackerless: https://nxdomain.no/~peter/the_problem_isnt_email_its_microsoft_exchange.html #inefficiency #timewasted #email #archiving #microsoft #exchange #compliance #deduplication #unsolvedproblems #smtp #mail #annoyances

Despite our efforts (such as those described in https://nxdomain.no/~peter/spammers_believe_in_300k_imaginary_friends.html btw that number rolled past 3 million some time back), *some* #spam will occasionally make it all the way through to an inbox and to be read by a person.

Today I offer a prime sample: https://nxdomain.no/~peter/blogpix/20250227_keelygz@vip.126.com_root@skapet.bsdly.net_Conditioner_etc._Inquiry.txt #spamtraps #cybercrime #mail #email #smtp #scams #greytrapping

What an unfortunate name…

STARTTLS has the innate issue that it is an upgrade of a plaintext session. Anything before TLS initiation can be sniffed off the wire. Unavoidable given the *purpose* of STARTTLS. It allows TLS to be used without dedicating a port to it. It is the ONLY way that mail *transit* is encrypted. *Nothing* there justifies non-support of STARTTLS.

The rest of the issues there are old & implementation-specific.

#email #TLS #InfoSec #SMTP #IMAP
https://mendeddrum.org/@fanf/114052544769710083

Shout out to #Postfix for being the most solid piece of software that just keeps on ticking. I've been self-hosting my own email for 20 years and I can't think of a single time it gave me trouble.

Still teasing and mulling a #greytrapping with #openbsd #spamd retrospective, so perhaps reprising "Maintaining A Publicly Available Blacklist - Mechanisms And Principles" (2013) https://nxdomain.no/~peter/maintaining_a_publicly_available.html might spur some inspiring comments?

I look forward to hearing your thoughts. #spam #email #smtp #antispam #cybercrime

My ISP has dropped our email address support silently YEARS AGO, without telling us, the clients!

Typical dispicable monopolistic behaviour! I found it through this site which offers certain services that the ISP used to offer

https://isp.datasur.sr/index.php?rp=/announcements/54/sr.net-email-addresses-are-no-longer-supported-by-Telesur.html

Hat die amerikanische Abrißbirne jetzt schon ihre Griffel in Mailservern drin?

550 Your country is not allowed to connect to this server.

Preventing enshittification of platforms rests on credible exit for users and devs. #ActivityPub and #SMTP are not perfect but

a) are implemented und understood by many players,

b) enable freedom of choice of servers and clients,

c) implement #RightToMigrate as well as self/community custody

Many #p2p projects promise to remove servers but often promote and depend on a single implementation stack, have no spec and no interop among #p2p islands, and thus struggle to provide credible exit.

Is SPF Simply Too Hard For Application Developers?
The Sender Policy Framework (SPF) is unloved by some, because it conflicts with some long-established SMTP email use cases. But is it also just too hard to understand and to use correctly for application developers? https://nxdomain.no/~peter/is_spf_too_hard_for_appdevs.html
(2016 but still holds) #smtp #spf #mail #spam #antispam #security #openbsd #spamd

Following a recent discussion of email security over at Linkedin, I think perhaps my old but recently updated spam and malware countermeasures article is still worth reading if the subject is important to you - https://nxdomain.no/~peter/effective_spam_and_malware_countermeasures.html.

The reference section has pointers to a seemingly endless sequence of field notes related to these matters. The so far last entry is my New Year 2025 post "A Suitably Bizarre Start of the Year 2025" https://nxdomain.no/~peter/suitably_bizarre_start_of_the_year_2025.html #email #smtp #spam #malware #security

Here's an interesting question for you:
Can RFC 2047 encoded text in the Subject line of an email contain encoded line break characters (i.e.,, ^J, a.k.a. 0x0A)?
I don't think they should, because the point of RFC 2047 encoding is to encode non-ASCII characters which would otherwise be legal in the Subject line, not to encode characters which would otherwise be _illegal_, which includes line breaks.
RFC 2047 itself doesn't give a definitive answer.
What do you think?
#email #MIME #SMTP #SysAdmin