
Fastmail.com suffering DDOS attack - moonlighter
http://www.fastmailstatus.com/services/general/2016-06-30
======
reptation
Is this part of a more general attack on Internet infrastructure today in the
U.S.? [http://downdetector.com/](http://downdetector.com/) has been showing
many sites with issues (Google, Outlook, etc.)

~~~
misframer
Does Google ever have DDOS problems?

~~~
Tiksi
Just going off the public numbers for one of google's ASNs[0], with the amount
of public peers they have (and likely far more private peers, and I'm just
assuming google doesn't buy transit and ignoring that), it's unlikely that a
DDoS would ever cause an outage for more than a small subset of people. You
may be able to saturate a link or two, but that's not difficult to route
around generally.

That is of course only for network saturation DDoS, I'm sure there are ways
google could be ddosed at the application or server level, but they likely
have enough infra in place to be able to eat the attack without anyone outside
of google noticing.

[0] [https://www.peeringdb.com/net/433](https://www.peeringdb.com/net/433)

------
tracker1
Given the timeframe, I commend them for keeping the notices open and public.
It's nice to see. When I went through the A(zure)pocolypse a few years back,
didn't see anything for about 15-20 minutes... though admittedly if I weren't
in the middle of testing something may have not noticed for a while either.

All said, you can't mitigate all DDoS easily, and it's nice to see that they
were pretty responsive and open... Also, while email can be very important, it
shouldn't be eminently critical.

------
peterwwillis
Something i'm realizing more and more... What the hell do I _really_ need
remotely hosted mail for?

We all know mail is insecure. Unless you look _really really hard_ , you
aren't sure if the mail you received was spoofed or modified, a child can
spoof mail and any MitM can modify it. So in general you can't trust your mail
anyway, even if it's received by a reputable company. Sending mail is almost
just as subjective... a random ISP's mail smarthost is just as good for
getting your mail delivered as a hosted mail provider.

All I _really_ need is a way to get my mails, once. Once you have the mail,
you can back it up to an infinite number of places (Git repository, anyone?)
if in the future you need to search it.

So really, the only thing I need is 1) to receive mail, 2) to filter the spam,
and 3) to keep a backup of my mail somewhere.

Considering this, why do we even need domain-specific mail? Like, myusername
at Gmail dotcom, for example. I don't _need_ it sent to GMail... I need it
sent to _me_. I don't care what server receives it. I don't even need to store
my mail there once i've read it - I can keep it offline, and back it up to
remote repositories to search. With a format + protocol like Git, this would
be fast, efficient, reliable, secure, and compatible.

So really, if we just had a distributed decentralized peer-to-peer mail
network, a unique address system, and a retrofitted mail storage protocol
(IMAP5?), we could send mail anywhere, receive it anywhere, store it anywhere,
and spam could be filtered by whatever product or company was hosting your Git
backup. With the new address system we could even build in personal crypto
keys and teach people how to send real, honest-to-god, secure mails,
potentially even anonymously.

Now somebody tell me how someone already thought of this and how it won't work
:-)

~~~
cjcole
> format + protocol like Git

> distributed decentralized peer-to-peer network

> a unique address system

> personal crypto keys

Funny. You just described a perfect fit for Urbit.

~~~
peterwwillis
Urbit seems to try to provide a centralized, personalized model for
application services. I don't think centralizing is the way to go, mainly
because my entire digital life is dependent on _de-centralizing_ all my
services. They try to make it out to be like some kind of container you can
put anywhere, but that's like saying we should all use one kind of bag for
everything we ever need to carry in our daily lives. There's good reasons I
have 10 different kinds of bags at home.

------
gnopgnip
There is a significant outage for Office 365 mail today also.

------
abpavel
As an avid fastmail user I did notice slight loading delays, but I attributed
them to my wifi/iphone. I mean... It's mail, not live SCADA telemetry...

------
PaulHoule
That's why it wasn't so fast today.

------
616c
I guess this had to be recent. I had not noticed all day, but it seems to be
the last few hours?

------
tshtf
Not many alternatives:

1.) Run your own SMTP infrastructure. Setup SPF/DKIM/DMARC. Realize your
outbound emails still don't always reach their destination. Also you have to
fight inbound SPAM.

2.) Use gmail or Google Apps. Things just work. Cede control to Google.

~~~
JoshTriplett
> 1.) Run your own SMTP infrastructure. Setup SPF/DKIM/DMARC. Realize your
> outbound emails still don't always reach their destination. Also you have to
> fight inbound SPAM.

And if someone wants to DDoS you, you're a lot more vulnerable than a major
provider like Fastmail.

Personally, I use a hybrid solution: I use Gandi's SMTP servers for outbound
and inbound mail, but I run my own IMAP server for unlimited storage under my
control.

~~~
b101010
If the attacker has ever seen the headers of a message you sent through
fastmails SMTP service they have your public IP (Received from header) and can
Dos you directly anyway.

They do something similar with their webmail service, but the data is
encrypted so it can't be read by a third party.

[https://www.fastmail.com/about/reportabuse.html](https://www.fastmail.com/about/reportabuse.html)
(last paragraph)

EDIT: Fastmail is fairly priced (for me) and i like the features they offer
but i wish they wouldn't do this (or rather, i wish they would do the same for
the SMTP service as they do for the webmail service)

~~~
unhammer
What happens if you send through port 565 instead of 587/465? :)

