Language:
switch to room list switch to menu My folders
Go to page: First ... 16 17 18 19 [20] 21 22 23
[#] Thu Jan 12 2023 17:03:37 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

I've been thinking lately: I need to undergo a personal email reform.

IG has frequently railed about the evils of gmail. What do you recommend individuals use instead who don't want to buy a domain and setup their own mail service?

This wouldn't need to be anonymous mail. Here are the two issues I want to address. One, I hate that everything asks for your email now. I can hardly buy a sandwich anymore without having to provide an email address, which they no doubt will inundate with spam to buy more sandwiches, and/or sell it to other spammers on the side who will try to sell me Viagra. Second, I'm growing increasingly uncomfortable with my email provider knowing about everything I do. They know where I shop and what I buy, when it's delivered, where it's delivered to, how much I paid for it, when my credit card statements are ready, who I work for, whether I got a tax refund or owed, how much LNG I use each month, and on and on and on.
So I want to foil this linkage. I don't want the spammers to reliably connect an address to me, and I don't want my provider to reliably build such a complete profile on me.

I've thought about handing out yopmail addresses, but the problem there is that a lot of these companies send me very personal, private things via email, and I can't get them to stop. I've seen a state government office email me confirmation before that included my name, address, and SSN!!

I've lost trust on both ends. I don't trust companies or the government to treat my email responsibly, and I don't trust my email provider to not spy on it.

What do I do now?

[#] Thu Jan 12 2023 17:24:59 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

If you want anonymous and dont want to setup a domain.  how about proton mail? Basic use is free .. 



[#] Thu Jan 12 2023 18:36:05 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

2023-01-12 22:24 from Nurb432 <nurb432@uncensored.citadel.org>
If you want anonymous and dont want to setup a domain.  how about
proton mail? Basic use is free .. 


Still requires me to trust that Proton isn't going to steal personal information that morons send me.

In fact, after giving it a few minutes of thought, I think that alone means I need to setup my own.

And I probably should do this, anyway, just for the experience (I still have only a vague idea of how email works) and for the vanity address. I never liked my public email username, anyway.

[#] Thu Jan 12 2023 18:45:10 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

If you want to operate under zero trust, yes. that is your only option, self hosted domain.

 

 

 

Thu Jan 12 2023 06:36:05 PM EST from zelgomer
2023-01-12 22:24 from Nurb432 <nurb432@uncensored.citadel.org>
If you want anonymous and dont want to setup a domain.  how about
proton mail? Basic use is free .. 


Still requires me to trust that Proton isn't going to steal personal information that morons send me.

In fact, after giving it a few minutes of thought, I think that alone means I need to setup my own.

And I probably should do this, anyway, just for the experience (I still have only a vague idea of how email works) and for the vanity address. I never liked my public email username, anyway.

 



[#] Fri Jan 13 2023 09:48:17 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


My solution for the last two decades has been Spam Gourmet [ https://www.spamgourmet.com ]. Yes, you have to create an account and give them your real email address.
Yes, I trust them; they've been operating this service since the turn of the century and they aren't in the spam business.

Let's say your account name is "zelgomer" and you have it configured to forward your mail to "zel@mydomain.com". No one else ever has to see your real mail address at all anymore. But here's the fun part: you don't need to go to spamgourmet.com every time you need a disposable address. For example, you sign up for a promotion or something and they want your address, so you could just go "promotion.zelgomer@spamgourmet.com" and the first time Spam Gourmet sees that address, it starts a counter. You get three deliveries to that address, and then it stops working.

You can also have addresses that self-destruct after a different number of messages; for example, promotion.10.zelgomer@spamgourmet.com would give you ten incoming emails before it stops working. And no, someone can't just see that number and change it. They also have a couple of other domains, like spamgourmet.net, spamgourmet.org, spamcannon.net, antichef.com, antichef.net, neverbox.com, recursor.net, dfgh.net, spameater.org, and xoxy.net, which are attached to the same system.

Check it out. It's free, it's run by people who aren't going to distribute your address or send spam, and I've been enjoying it hassle-free for 20 years.
And although you never have to actually visit the site again, it's satisfying to go in once in a while and see which of your disposable addresses ended up getting hundreds or even thousands of spams after they self-destructed.

[#] Fri Jan 13 2023 14:47:42 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

That sounds great, except that it introduces yet another party who can read my emails.

Am I taking crazy pills, or is consumer grade email one of the least secure systems in our daily lives? I really wish we would all discourage its use by organizations for sensitive information!

[#] Fri Jan 13 2023 16:15:26 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

If you're that concerned about other people reading your email, then you need your own email server and a private instance of SpamGourmet (you can download the software) to create disposable addresses.

[#] Fri Jan 13 2023 17:39:10 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

its too bad end to end encryption of mail never became a thing. then if your host DID read it, they would only get garbage.



[#] Fri Jan 13 2023 19:44:42 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

2023-01-13 22:39 from Nurb432 <nurb432@uncensored.citadel.org>
its too bad end to end encryption of mail never became a thing. then
if your host DID read it, they would only get garbage.


Yeah, this is my hang up. In an era when HTTPS is expected at a minimum, I don't understand how everyone is comfortable with unencrypted email. Of course, the Googles and Yahoos or whatever othee public providers there are out there probably actively derail any end to end initiatives because they want to be able to spy on your emails and serve you targetted ads.

[#] Fri Jan 13 2023 19:46:08 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

Yeah, this is my hang up. In an era when HTTPS is expected at a
minimum, I don't understand how everyone is comfortable with

And now we even have DNS over HTTPS to hide from our ISPs

[#] Fri Jan 13 2023 20:01:03 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

consolation is its bots, not humans

Fri Jan 13 2023 07:44:42 PM EST from zelgomer
spy on your emails and serve you targetted ads.

 



[#] Sat Jan 14 2023 12:23:31 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

its too bad end to end encryption of mail never became a thing. then

Phil Zimmerman wishes to have a word with you.

[#] Sun Jan 15 2023 05:45:18 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

I've been thinking lately: I need to undergo a personal email reform.



IG has frequently railed about the evils of gmail. What do you

recommend individuals use instead who don't want to buy a domain and

setup their own mail service?

I am sure IG here would provide you with an awesome email service.

Failing that, some email providers that promise not to sell your data over and also promise you to add encryption layers upon requests are Tutanota, Protonmail and Startmail.

Startmail lets you create throwaway accounts on the fly, so if you are worried about spammers, worry not. Enter your account, create a throwaway and give the throwaway address to the site you are registering with. I think Protonmail also offers the service.

There are someother cool services such as fastmail, but they use Google infrastructure, so beware.

[#] Tue Jan 17 2023 14:13:00 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

I've been thinking more about this. I should have waited before I made that first post, it was sort of a knee jerk reaction to something that had blind sided me in my personal life.

After reflecting on it for a bit, I recognized a good summary of what's been happening. Over the past several years, I have taken some peripheral interest in electronic privacy and opsec. I never had any concious direction or goal (I'm not doing anything illegal, and I'm not hiding from any specific entity for any particular reason), but the more I learn, the more what started as just curious interest (what geek doesn't love spy stuff and trade craft?) steadily morphs into paranoid obsession. And aside from paranoia, I think that also part of my motivation is to expose these complacencies in daily "normie" life, perhaps with the hope that I might identify better practices to share with others, or perhaps even to come up with some solution that will make me the next Bill Gates (only even more sinister).

So that's how it goes. I'm just going about my daily life, and when I recognize poor practices, I'm trying to improve them. It's sort of an effort to recondition my approach to all things to be more security minded. It started with cutting out all public social media unless I can post anonymously using I2P and Tor, which then turned into using a Tails-style gateway VM model for I2P/Tor, and then it turned into full disk encryption, and then replacing all of my logins with randomized password management, and on and on and on. Now, the email situation has finally bothered me enough that it's time to harden this area of my life.

To approach this more methodically, I think that I can categorize senders into three classes, and there may be overlap where some senders exist in two or all three classes:

1. Senders who may produce unwanted spam (either intentionally, or their database may be insecure and they inadvertently leak my address to spammers). These would be things like online merchants, barbers, forums, and so on. These are foiled by giving out proxy "throwaway" addresses.

2. Senders who may use my address irresponsibly and send personal details. These are things like doctor's offices, government agencies, banks, or utilities. I think that the only way to truly resolve this is to give them an address to a domain and service which I control. Anything less forfeits the end-to-end encryption of TLS to some third party who you must completely trust, and I don't want to have to completely trust anybody.

3. Senders with whom I want to obfuscate association. In other words, I don't want my web mail provider, my ISP, or the FBI to know that I've signed up for darknetuser's used underwear mailing list, or that I have to order a new flesh light every month, or that I'm attending the local Family Circus cosplay convention next Saturday. I think it's enough to use public web services that I access only anonymously (I2P or Tor), though when I order my flesh lights, my name and mailing address would provide a deanonymizing vector.

If I have to run my own mail service to address #2, then I suppose that also closes #3.

So is that where I'm at? There's just no way to escape rolling my own, is there?

Also, I was thinking about how I would do it. In order to have TLS all the way into my house, I think that I would have to run the deamon on my home machine, and then point the domain to a public VPS which simply proxies to my home. That's fine, but then what happens when someone tries to send me mail and my power is off or my machine is rebooting for a system upgrade? Does the mail get dropped? Is this when the sender gets back a mailer daemon "could not send" message? Will it retry a few times before it gives up? Like I said before, I'm actually rather ignorant of the details about how email works.

[#] Thu Jan 19 2023 10:21:42 EST from fandarel

[Reply] [ReplyQuoted] [Headers] [Print]

https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-thr

ee-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

This has been my experience in a nutshell. I ran my own mail server for many years, until it got to the point that prospective employers were not receiving my replies.
I switched to fastmail.fm, who run quite a large reputable organization and come highly recommended. Occasionally my emails to the big-3 ended up in people's spam folders, but i can live with that. At least they were delivered.

Starting about a year ago, emails to big-3 destinations stopped being delivered.
No bounce, no spam folder, just p00f gone. The problem, as you can probably guess, was mostly to gmail. I didn't much care until I became an officer in an Engineering society where 95% of the other members were on gmail. It became extremely painful.
2 months ago I moved my MX to Google. Every email now goes through fine. Occasionally I miss incoming emails from non big-3 providers, including very large corporations still running their own servers. That sucks, but I am not sure what to do about it.

Email is fucking broken. I wish I had a stronger word than fucking.
I have a friend, der Mouse, who has solved the problem quite elegantly. His MX is a local mail server which blocks any incoming emails from big-3 providers. If you want to communicate with him, you have to find an email account elsewhere. Basic accounts on fastmail, protonmail, etc, are free and work just fine. If email is delivered to him, he knows that chances are good he will be able to reply. I'm close to setting up a second email account on that principle.

[#] Thu Jan 19 2023 11:12:26 EST from nonservator

[Reply] [ReplyQuoted] [Headers] [Print]

Seriously, if you're gonna use email, that's the way to fix the problem.



[#] Thu Jan 19 2023 12:26:27 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

Also, I was thinking about how I would do it. In order to have TLS all

the way into my house, I think that I would have to run the deamon on

my home machine, and then point the domain to a public VPS which simply

proxies to my home. That's fine, but then what happens when someone

tries to send me mail and my power is off or my machine is rebooting

for a system upgrade? Does the mail get dropped? Is this when the

sender gets back a mailer daemon "could not send" message? Will it

retry a few times before it gives up? Like I said before, I'm actually

rather ignorant of the details about how email works.



Your email server can afford to be unreachable a couple of days. Most email services will try to deliver messages to you, and if your site is down, they will keep trying every now and then until they give up.


If you can't afford an ISP subscription which allows you to send and receive traffic from other SMTP servers, there are dedicated providers that offer SMTP relaying services. If you opt for one of these, you need to trust them they won't be spying on your traffic. If you trust none, you are back at square one. The same principle applies to VPNs.

Running the SMTP server on its own IP is also problematic because if it ends up in a spamlist you are in trouble. Also, in the US, ISP subscriptions that are good enough to hosting this sort of service are more expensive.

In practice, I think that the best options are to either self-host and take the risks, or host your service with some party you really trust. My email infrastructure is hosted in my job's datacenter because my boss' trust in me is absolute at this point and the other way around.

(As for implementation details, you can either build your email service manually using any tutorial, or use a pre-packaged email system such as iRedmail).

[#] Thu Jan 19 2023 18:40:57 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I am sure IG here would provide you with an awesome email service.


True. If you want I can email-enable your account here. I'm not lazy like that guy in the article and I will run this server until the day I die. I can even I2P-enable our SMTP/POP/
IMAP servers if that's your thing. Just don't send *actual* spam. :)

[#] Thu Jan 19 2023 18:54:15 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

If you can't afford an ISP subscription which allows you to send and

receive traffic from other SMTP servers, there are dedicated providers


Right. It is very much true, you're not going to be able to reliably run email from a residential Internet connection like the lazy dweeb in the article tried to do. You need to host it at a legit provider, or at least tunnel through a legit provider. And your forward & reverse DNS have to match, which is what gets most people who try it thrown into the spam bin.

I highly recommend my VPN provider, Ace Innovative [ https://www.aceinnovative.com/internet-access/static-ip-vpn/ ] who offers a static VPN service that tunnels a /29 IPv4 and a /64 IPv6 to any location for USD$15/month. They even send you the router (I don't use it).

Barring that, a cheap virtual machine from a provider like OVH Cloud [ https://us.ovhcloud.com/vps/ ] can also work well.

This year marks 30 years that I have hosted my own email (plus a few more if you count the days of ...bang!path UUCP links). It is not a lot of work, but it is not maintenance-free either. Once in a while you have to update something. For example, last year I had to get my DMARC strategy in order.

Yes, the big tech hitlers would like to have an email oligopoly. But they don't. I will commandeer a meteor and land it on Google before I give up my email server.

And remember: not too long ago, the slobbering masses had @aol.com and @hotmail.com addresses. Now they have @gmail.com addresses. Tomorrow they will have something else. The guy who wrote that article is probably a moron whose server got hacked and was used to deliver spam, and he was too lazy and decided to give up instead of working to get out of the gmail blacklist.

(For those offended by the word "blacklist" : good, I'm glad you're offended.
Let me offend you more.)

Go to page: First ... 16 17 18 19 [20] 21 22 23