
Helm: Personal Email Server - keehun
https://thehelm.com
======
keehun
Interesting product with great potential. Their website doesn't seem to
address my two main concerns:

1\. How do they ensure high, non-spam delivery rates to the main email
services like Gmail, Fastmail, Yahoo, and Microsoft?

2\. How would the product work in case Helm the company/service goes away (or
even just service outage)? Can the device work on its own without the need for
their web service (perhaps with lower delivery rate/higher spam score)?

They claim:

>> We’ve designed your Helm to ensure as little information about you as
possible is communicated back to us. That’s why the only account you create is
directly with your server, not with us, and why only encrypted data passes
through our servers.

But how does that work with sending emails? (Please excuse my ignorance on
this matter.)

~~~
wpietri
Yeah, as somebody who has run their own mail server for years, #1 is a huge
concern. It has been a real struggle for me despite having a server I own in a
rack with net-neighbors I know.

Another big one for me is the failure modes. What do I do when my home
connection is down? How about when my connection is down and I'm traveling?
What happens when the hardware fails? How about when the hardware fails 5
years from now?

Having email just down for a couple days while you wait for new hardware to
would be a very bad experience.

~~~
djsumdog
So if they route everything through the same set of EC2 instances, that might
actually take care of the SPAM issue. I run my own e-mail server and have run
into that same issue of not being able to send to gmail/microsoft addresses
(unless I contact the person via Facebook/Twitter/Reddit/etc. and tell them to
check their spam folder):

[https://penguindreams.org/blog/how-google-and-microsoft-
made...](https://penguindreams.org/blog/how-google-and-microsoft-made-email-
unreliable/)

The way most of these providers deal with spam is they slowly white-list IP
addresses. When a company like Mailchip or Mailgun spin up a new server, it's
always in a large subnet range they've purchased and they slowly start sending
low priority e-mail through it to existing/known receivers and throttle it up
to full speed.

If you're running a personal server that sends like 5 or 6 e-mails a days,
well that's an issue.

The big players make it difficult to run a small personal server, but running
a dedicated business or corporate server that sends 100s of e-mails per day is
typically fine once it's well established.

You know what would be a better product? A relay SMTP server that works with
Google/Microsoft/Amazon/Fastmail et. al. to pump e-mail from personal servers
and ensures it won't get caught in spam filters.

~~~
zrail
"You know what would be a better product? A relay SMTP server that works with
Google/Microsoft/Amazon/Fastmail et. al. to pump e-mail from personal servers
and ensures it won't get caught in spam filters."

That's basically Sendgrid or Mailgun or even Fastmail itself. They can all
relay SMTP for arbitrary domains.

~~~
ryan-c
It's actually a totally different product vs Sendgrid/Mailgun/etc.

Such a product would need to have a ToS that states it can only be used for
low volume personal and business correspondence, and have per-account rate
limiting to enforce that. Doing it this way is necessary to avoid having mail
treated as bulk.

I've tried relaying through mailgun to get mail to outlook.com, it does not
work.

~~~
tyre
Rate-limiting would be interesting. If the cost of the service was
specifically high enough to be unscalable. Like, $10 per month and you can
send 200 emails per day. That’s expensive compared to anything else but fine
for personal use.

~~~
aidenn0
fastmail already is available for $10 per month, so I guess problem solved?

~~~
ryan-c
Do they handle a send-only smarthost configuration that allows arbitrary from
addresses within a domain?

~~~
zrail
As far as I can tell, yeah.

------
paraditedc
I read the whole tech page and some of the comments here. I might be willing
to pay for this service, but not in its current form. I wouldn't want to spend
500USD on a proprietary hardware in addition to paying a subscription fee.
What needs to happen to convince me to pay:

Open up the hardware component as a platform for anyone to extend (allowing
direct ssh, or using my own hardware). It's fine to not open source the email
server code. But I would like to utilize the hardware to do other things, like
file storage, etc. Instead of waiting for your company to build other
features, I would rather have community contributed (preferably open source)
plugins that integrates with your ecosystem and runs on the hardware.

~~~
garry
This is extremely valuable feedback and worth strongly considering.

When the iPhone came out, it didn't support apps - just built-in features like
Mail and Mobile Safari. I agree with you that an app store for Helm could be
valuable.

~~~
Alex3917
This could be especially valuable as a way to build email apps for enterprise.
Especially if there were a good API that returned email data in JMAP format.

I know Nylas tries to do this, but their model doesn't really work for me.

~~~
dpedu
Why JMAP over something universal like JSON?

~~~
Alex3917
JMAP returns data in JSON, but with a standardized schema. It's better than
the current status quo, where each email provider returns API data in JSON but
using their own schema, meaning you need to build different endpoints and
methods to work with each email provider. The spec is about to be finalized,
so there is no reason why email providers who haven't yet released an API
shouldn't be using it.

------
jawns
Don't most ISPs ban residential accounts from running something like this?

Comcast terms:

> use or run dedicated, stand-alone equipment or servers from the Premises
> that provide network content or any other services to anyone outside of your
> Premises local area network (“Premises LAN”), also commonly referred to as
> public services or servers. Examples of prohibited equipment and servers
> include, but are not limited to, email, web hosting, file sharing, and proxy
> services and servers

Verizon terms:

> You also may not exceed the bandwidth usage limitations that Verizon may
> establish from time to time for the Service, or use the Service to host any
> type of server.

AT&T terms:

> using such account for the purpose of operating a server of any type;

Sources:

[https://www.xfinity.com/corporate/customers/policies/highspe...](https://www.xfinity.com/corporate/customers/policies/highspeedinternetaup)

[https://www.verizon.com/about/terms-conditions/verizon-
onlin...](https://www.verizon.com/about/terms-conditions/verizon-online)

[https://www.att.com/legal/terms.aup.html](https://www.att.com/legal/terms.aup.html)

~~~
gsreenivas
hey jawns, great question. I'm Giri Sreenivas, co-founder and CEO of Helm. To
answer your question, ISPs block port 25 and email service providers typically
reject emails coming from residential IP blocks.

To build a plug and play solution, we knew that our server could not require
listening for inbound connections on a residential internet connection. So we
set about looking into how we could route traffic to and from a home server
but we needed to do this in a way that prevented us from being able to spy on
traffic. We investigated solutions like sshuttle and eventually settled on the
combination of a simple iptables configuration combined with a VPN connection.
Helm establishes an outbound VPN connection to a dedicated EC2 instance with
an iptables configuration that routes packets to and from the connected Helm
server. The EC2 instance also has a static IP address associated with it.

It's important to stop here and explain that the only way this architecture is
viable while adhering to our design tenet of knowing as little about our
customers as possible is because of the Let's Encrypt project. Every Helm
server has a unique domain associated with it and trusted certificates for
that domain are fetched from Let's Encrypt. We strive to ensure that all
inbound and outbound traffic routed through the EC2 instance is using TLS with
these certificates from Let's Encrypt. This way, our EC2 instance is
effectively just an extra hop on the Internet.

I hope that answers your question, let me know!

~~~
dagi3d
I thought that sending email from EC2 instance was not allowed and only option
was using their SES service.

~~~
specialp
You can send email from an EC2 instance but good luck getting anyone to accept
it. A lot of email providers block EC2 wholesale, or if they do accept it you
are going to have to have a long standing reputation.

~~~
CogitoCogito
What do you mean by blocking "wholesale"? I started hosting an email server in
EC2 and the worst I've had is my emails going to a spam folder if that person
hasn't received an email from my address yet (and never after they've marked
me as not being spam). That happened surprisingly rarely and didn't feel like
much worse than I would get by just sending people email from gmail with an
address they don't know. I don't think things are as bas as you make them out
to be.

edit: I guess I should be clear that I have an elastic IP (which is free) and
setup reverse DNS and DKIM and SPF, but I think those are fairly standard now
a days (I don't know honestly I've only run an email server for a few months).

~~~
specialp
It depends on whom you send to. Like ironically I sent an abuse complaint to
Verizon for a spammer and got rejected because they blocked all of Digital
Ocean's IP space. Yahoo was particularly difficult too sending me a response
saying they won't take my mail immediately on a single email to my brother. I
had to go through a lot to get that fixed. Again this was due to being on
cloud provider IP space.

GMail is more reasonable with perhaps being spam filtered but never blocked
outright. I have also been blocked by government labs and academic
institutions. I also have complied with RDNS, DKIM, SPF and got a top score on
mx toolbox. Now that I have been up for a while I have had less issues besides
with the ones that block cloud provider spaces.

~~~
jethro_tell
Microsoft is the toughest one. Fortunately, I don't have friends that use
outlook.com or w/e

~~~
jedieaston
Does your email get blocked if it is sent to a business on O365?

~~~
jethro_tell
haven't tried in a while. It can, they dont' follow all the rules and do a
little more blocking in the interest of their users or based off a ML spam
detection or something.

Some things that should be delivered are not. I'd have to dig back into this
to see what the exact issue is.

------
andr
I never understand why people think having your files physically in their
homes is somehow more secure than a data center.

\- You run the risk of hardware failure, which would take days to recover.
When your warranty expires, it'd cost you, too.

\- Disk failure may lose all your data.

\- Fire, theft, or hurricanes may destroy it.

\- You still give access to your data to a company, which controls software
updates and the EC2 proxy (in this case).

\- Many home ISPs have shitty upload connectivity, so your email won't work
that well on the go.

\- Internet and power outages mean you won't send or receive any email.

\- You lose the knowledge email providers get from scale, including ever-
evolving spam filters, and a guaranteed clean outgoing IP.

If you really want to control your data, just spin up something like ownCloud
(not sure if that's the best solution, just an example). Companies like
DigitalOcean make it as simple as point and click.

~~~
garry
I'm the first and biggest investor in Helm and I'm on the board. I created
email-based Posterous previously (YC funded) and was a YC partner for 5 years.
I funded this team because they're high integrity software engineers first,
and we built this out of need— a company like this needs to exist because for
this to work, you need both great user experience as well as great software.

Helm actually solves this exactly - they already have continuity of service
coming in the pipeline, and the product as-it-ships will support encrypted
backup/restore out of box, similar to how your iPhone supports iCloud backup.

I've run my own mail servers for Posterous before and it was probably 2 to 10
hours a month of maintenance, software updates, etc. And that's not something
normals can do.

The company itself is run by folks who are committed to running this as a
sustainable long term business that takes are of its customers and is super
responsive to the community. As a board member I promise you we'll do that.

~~~
cwyers
If I can trust someone to do off-site cloud backups of my e-mail, why can't I
trust the same person to run a Fastmail-like service so I don't have to have a
$500 server in my house to get e-mail?

~~~
garry
Because with Helm only you hold the encryption keys.

~~~
cwyers
But that's completely orthogonal to owning a piece of hardware. You could run
a managed cloud e-mail service where only the users hold the encryption keys,
too. How is this a hardware problem?

~~~
sjs382
> You could run a managed cloud e-mail service where only the users hold the
> encryption keys, too. How is this a hardware problem?

This is the key question, in my mind. There's only one reason I'd want to own
the hardware—to manage/add/create my own services and handle my own backups
because I don't trust a company's involvement in these[0].

If this is so tightly controlled that I can't add my own services and I can't
restore a backup without Helm's involvement, why do I even want the hardware?

[0] I don't mean that I don't trust them in a privacy sense. I mean that I
don't trust them to make sure the backups are actually working and able to be
decrypted and restored. Or be able to be restored without _their_
software/hardware. There doesn't seem to be any transparency wrt/ these
concerns.

~~~
garry
This is a valuable and useful criticism and we're going to talk about this at
our next board meeting.

How do you know who to trust? You surely have to trust someone. It feels
generally true that we can trust Apple since we pay them for hardware and
their ongoing business interest is in protecting their revenue streams through
their hardware and iOS app store, which means you are aligned.

Generally for Helm that's a good case. That's why we charge money for this
hardware and software: it aligns interest.

Free cloud services are not truly free and that's what most people seem to be
OK with... but not all people.

This is the classic trade-off. Open source software you can read the code but
usability suffers. For the people on HN, most people can run their own
servers, but for normal people that's not an option.

Apple has managed to create a computing environment that is highly usable for
normal people. This is what Helm is trying to do too.

~~~
sjs382
So, we're in agreement that this sort of thing should 1) be paid for, 2) not
readable by the provider, and 3) maintenance-free for the user.

I still don't understand why this is a _hardware_ play. There are advantages
to owning the hardware but _none_ of those advantages seem to apply here.

The hardware feels like a bit of an albatross.

~~~
bostonvaulter2
How could it NOT be a hardware play? Then how else can you verify and trust
that you know what code is running in some datacenter in who knows where?

~~~
sjs382
It doesn't matter what code is running server side, as long as decryption
happens client side and the keys are never transmitted to the server.

------
stevehawk
I feel like I'm the target market for this as I pay for Fastmail ..

1 - how many domains can I use? I currently use ~6 with my Fastmail account 2
- can I have multiple users? I recognize that fastmail doesn't let me but at
this price point I would want it. It looks like you support that but I'm
unsure. 3 - How do you convince my ISP to let me receive traffic on the ports
required to run a mail server? (most firewall them on residential accounts) 4
- If I were this committed to my email, why wouldn't I just set it up for free
myself? This is actually my biggest question in regards to the product/target
market. Are there that many people out there that both care about how email
works to this degree and aren't willing to host their own?

The website is heavy on theatrics and bold statements but I feel actually kind
of lacking in terms of the meat. There's more than a few parts made it
difficult for me to get any information at all (the automatic slide show on
the Product page, the 'see the inside' slideshow on the tech page). If I had
to guess I'd say this site wasn't tested against Firefox (doesn't seem that
any are anymore due to its low market sharE).

~~~
gsreenivas
hey stevehawk - thanks for your questions. I'm the co-founder and CEO of Helm.
Let me take them one by one: 1 - how many domains can I use? Each Helm
Personal Server currently supports 1 domain 2 - Can I have multiple users?
Yes, we have no limits on the number of users. 3 - Please see my response
above about how we navigate around ISPs blocking ports. We route traffic
through an EC2 instance with an iptables configuration and an outbound VPN
connection. We utilize Let's Encrypt certs for this traffic to be encrypted
with TLS. 4 - I've run my own email server for 15 years. It's a pain and more
and more people are willing to pay for convenience and peace of mind that
comes from a dedicated team like ours looking out for them.

On the meat - we have a post coming tomorrow that is the first in a series
where we will dive into the technology.

Regarding Firefox issues, please email me at giri@thehelm.com and we'll look
into it. We have avid Firefox users on our team and did test it but may have
missed some things.

Thanks for your questions and let me know if I can answer any more.

~~~
stevehawk
I appreciate the response. Anecdotal situation - I have to admit the 1 domain
thing is a drawback for me. In order for me to commit the financials to this
I'd need to be able to use it for more domains (ie, spread the costs across my
personal businesses as well). As a solution for 1 domain only it has the feel
of Silicon Valley millionaires solving problems for Silicon Valley
millionaires.

There is no break-even point on this because by default the subscription is
more than Fastmail, including their business offering, and even amortizing the
device over a decade is still a stretch (what device lasts a decade anymore?).
I think what I'm realizing is that even with a gross annual household income
over half a mil USD is that I can put a price on email and it's lower than
this.

All of that said I do think you've got a neat product. The EC2 solution for
tunneling is novel and explains the higher subscription cost. I hope you are
successful because I'm curious to see what version 2 would be like
service/pricing wise.

~~~
gsreenivas
Thanks for the feedback stevehawk. We'll look to support multiple domains -
right now costs scale with the number of domains due to the simple fact of
supporting reverse DNS.

------
megous
To me there are these risks to e-mail:

1\. e-mail address loss (domain loss, service termination if you don't own the
domain, ...)

2\. email service loss (server goes down, ...)

3\. delivery mechanism compromise (someone gets to read future messages, can
be used to hijack online accounts)

4\. sending mechanism compromise (partial impersonation, etc.)

5\. e-mail archive compromise (someone gets to read old messages)

6\. archive loss

You have to think hard about each point:

\- how it can happen,

\- how would you detect it,

\- what it could lead to,

and then prepare for those circumstances via preventive measures, and by
having a plan for when it happens.

For example if you register your domains under an account where email that was
used for registration comes from one of those domains 3. can easily lead to 1.
and you're hosed. You have to have way to restore 2. without access to e-mail
addresses that will not work while 2. is happening. You will most probably
have no way of detecting 3./4\. before bad things start happening. etc. etc.

E-mail is not really something to fuck with, because of how important it is
for authentication on the web.

Helm website doesn't work for me, but if you're thinking about an _easy_ way
to have a _personal_ email server, and don't have experience, be careful.

------
simias
So this is bikeshed territory but what with the shape of the "box"? You can't
stack anything on it and it seems to take much more room than necessary that
way.

Reading the (mouse hijacking) technology page I see:

>Helm is a high-performance server with capabilities normally found in larger,
business-class hardware. To accomplish this performance in a smaller (and
quieter) form factor, Helm has been engineered to dissipate heat through its
aluminum base.

Is that the reason behind the design? Does it mean it's fully passive cooling?
Also is it really necessary to have that much cooling in the first place? An
email server doesn't need that much juice normally, especially for a small
handful of users.

~~~
garry
The design actually allows for server stacking when you need more compute or
storage. It does fully passive cooling with no fan.

~~~
npongratz
Are there third parties selling servers with this form factor? Or would we be
locked into Helm when we need more compute or storage?

------
Tepix
If you feel like doing this yourself, get something like a Raspberry Pi 3 (or
better, like the Asus Tinker Board) and use sovereign (from github) to
automatically install your own mail server/owncloud on it.

Then get a dirt cheap VPS (less than $15/yr) from lowendbox/lowendtalk and run
a OpenVPN tunnel.

So what's the advantage of having this at home instead of an ISP? For one,
backup and restore is fast and easy. You can use your NAS that's at home. You
may want to have an additional offline backup in case your home network gets
completely compromised. A box at home is also more difficult to tamper with.
If you're paranoid, put it into a tamper resistant box.

~~~
lolc
Unfortunately reputation management is a requirement nowadays for all senders
of MTA. And it's an ongoing hassle.

Helm promises to handle this in a way that doesn't let them read transmitted
mails. You still have to trust them ultimately, but the stakes are higher.

~~~
lvh
The only Helm EC2 instance I've seen listens on 587 and 993, which seems
incongruent with that promise.

~~~
gsreenivas
You missed some other ports including 25.

~~~
lvh
That wasn't intended as a complete list? Elsewhere I also mentioned the
mystery HTTP services on something like 8443 (but that's to wit).

------
bachmeier
$99/year? They are targeting an extremely small market. I can get Fastmail for
a fraction of that amount, and I don't see much of an advantage with this -
and I'm one of the few willing to pay for something I get elsewhere for free.

~~~
heavenlyhash
I mean, "a fraction" is "half" in this case, which is actually pretty close to
par in my mind. And that's what I pay for one address for a year; so if this
is more addresses and more domains at better scaling prices, that's quite
interesting.

~~~
xienze
Fastmail lets you use all the domains you want with one account, it just
routes the messages to a different folder.

Also, remember the $99 per year is AFTER shelling out $500 for the device.

~~~
cycop
Until the device fails and you need to replace.

------
michaeltbuss
I'm having a hard time understanding who would buy this. Non-techies aren't
looking for a solution to this problem. And, the moment you mention encryption
keys in your marketing you've lost them.

For $499 and $99/yr (!!), I don't think you'll convince techies this a
worthwhile product either. Maybe the ultra paranoid users. But, in my
experience those are also the people who can build their own solution.

------
JamesAdir
Seems like an amazing solution for really a non-existent problem. The average
consumer doesn't bother with his email privacy if he had other online solution
would have been much more popular. The more technical consumer will probably
would prefer to run something open source on his own server. So I wonder who
is willing to buy and pay for this kind of solution.

------
ktamura
I have to point out that while their marketing copy claims that they want to
know "as little as possible" about their customers, they have Segment's
JavaScript tag on thehelm.com

Do you know what Segment does? It makes it easy to send data anywhere ->
[https://segment.com/catalog](https://segment.com/catalog)

~~~
Anthony-G
Also, no actual content appears on the page without allowing third-party
JavaScript. Even though I'm interested in hearing about new mail services, I
chose to close the tab rather than spend time figuring out which of the 17
third-party domains I should white-list in order to see some text.

I doubt I'm the only one who made this choice. For some of us, content is
still the reason we use a web browser; that includes those of us who value
privacy and minimising the amount of arbitrary code we run on our devices.

------
lwf
They're "solving" the residential ISP email blacklist issue by offering an
IPSEC VPN with static addresses they control:

> Helm just works with your home network—no configuration needed. Helm
> connects securely to a unique gateway, which is assigned a static IP address
> so Helm is reachable by other mail servers and secure TLS sessions can be
> established.

A nice approach, but it does sort of chip away at the decentralisation claim
that's at the core of their messaging.

~~~
plopz
I wonder if they check that the IP addrs they use are in good standing with
the large mail receivers or if they somehow pre-warm the IP with "good" email.

------
have_faith
On the homepage

> Do you know where your email is?

You show, Google, NSA, etc... but doesn't this service route email through
your own servers to get to the box in my home? what makes your servers more
secure than Google's at handling the emails? If I have to trust you to route
the emails, I might as well just use something like Fastmail that hosts them
too.

More crucially, what can I do with the box if I ever stop paying you? or you
go under, etc.

------
balabaster
This is my perspective alone and isn't meant to sway anyone's opinion, this is
just my experience as it's been.

Having owned and run my own mail servers myself for some 10 years, I'll tell
you something for nothing. Owning your own mail server is not something that
comes for free. At least, it wasn't for me.

Unless your product has brought something that's drastically different in
terms of software, security and spam maintenance, it's too much of a pain in
the ass for a non-technical person to manage. Heck, I'm about as technical as
they come. I ran plenty of different kinds of mail servers in those ten years.
The effort and inconvenience it caused in that time just wasn't worth it to me
any more.

Having to stress out every time I moved, needing to make sure my internet
wasn't shut off until I left the premises and making sure it was already on at
the new premises before I could move anything, always being the guy on call if
my mail server went down.

Then came Cloud and I no longer had to worry about physical hardware ownership
and maintenance. I no longer had to worry about if my internet at home was
working. The opportunity to move my mail server to a VM, and then hosted
Exchange and now Office 365. This has offered me so much mental freedom, I
don't think I could go back.

The added stress wasn't worth the extra flexibility and security in my mind.
All my email is now handled by Microsoft. Sure it costs me a little money each
month, but I've got the peace of mind that their security team is on it and
while I'm pretty security savvy, I've got nothing on their security team. In
addition, I'm not the guy on call when everything falls to pieces.

I realize that most technical people won't have my perspective on this, but
it's definitely something you should think about.

~~~
garry
Helm was built specifically for you. I know because I had to run dozens of
mail servers myself for email-to-blog platform Posterous, my startup 10 years
ago. It was terrible.

I've been up and running with Helm for the past month on my garrytan.com email
domain and it's been zero maintenance.

------
Taranli_Maren
This is an interesting project. I've been following FreedomBox for ages hoping
it would end up as a good way to do this, but development has been slow. I do
have some questions about the technical details:

1) Is email access provided through the Helm App, SMTP/IMAP, or is there a
webmail interface as well? Can you use this device without a smartphone?

2) Which Linux distro is this based on?

3) What file system is used? Is it something like ZFS or BTRFS, which could
protect against corruption? Since there seems to be only one drive, I assume
there is no RAID-like redundancy included to protect against drive failure?

4) Where are the encrypted backups stored? What is the procedure for
recovering them? I expect that the backup recovery keys are also stored
offline on the flash drive?

5) How are software updates performed? Are they pushed from a managed system
that you control, or does the device itself pull updates automatically on a
schedule? How long will you guarantee software updates for? If you stop
providing them, or are slow to patch a vulnerability, is there any way for the
user to patch the device themselves? Local SSH access perhaps?

Lastly, a comment, please consider not overriding the scroll behaviour on your
website. It may look slick when it works, but when it doesn't (as it doesn't
on my Firefox), it totally breaks the website. In the case of your technology
page, it is super-annoying, since the details I want are at the bottom, and
I'm forced to watch the slideshow before I can see them.

~~~
panilsson
How about alternatives that are completely open
[https://www.kinguardproject.org/](https://www.kinguardproject.org/) ? As
mentioned in other comments, having all the sources provides the possibility
to review/recreate/modify the code to see what is really going on.

Disclaimer, I'm engaged in The Kinguard Project.

------
sandov
I'm sorry, but I'm pessimistic about this. 99% of people just don't care about
privacy, and those who do would probably prefer to set up their self-hosted
email by themselves.

I really hope to be proven wrong.

~~~
EGreg
It’s not even that. It’s that the flipside of decentralization or even
federation is SPAM. How do you prevent getting SPAM from people you don’t
know, while at the same time having others accept YOUR emails?

That’s why today ANTISPAM on the net has all but shut down the option of
having email outside the big boys or edu.

------
canthonytucci
This looks pretty cool. Very happy to see email space still being explored.

Somewhat off topic, but another nice project named Helm is the Helm Synth by
Matt Tytel, which is open source and sounds pretty freakin good!

[https://tytel.org/helm/](https://tytel.org/helm/)

~~~
Legogris
For devops/ops/cloud folks, Helm the k8s package manager will be the first
thing that comes to mind.

[https://github.com/helm/helm](https://github.com/helm/helm)

------
framebit
That's a heck of a name conflict with [https://helm.sh/](https://helm.sh/)
although I suppose the target audiences are fairly different.

------
freen
Try [https://mailinabox.email](https://mailinabox.email)

It's rad, does all of the DNS/SSL/DKIM foo necessary to make your email fully
deliverable, includes contacts and calendar sync, is multi-user, multi-domain,
etc.

~~~
freen
Or, if you want something a bit more, well, everything and the kitchen sink:
[https://yunohost.org](https://yunohost.org)

~~~
freen
Or Homebox:
[https://github.com/progmaticltd/homebox](https://github.com/progmaticltd/homebox)

Ansible, yaml config, I _think_ only a single domain.

~~~
TrueDuality
Now _this_ is interesting... Appreciate it

~~~
the_common_man
Or [https://www.iredmail.org/](https://www.iredmail.org/) or
[https://cloudron.io](https://cloudron.io) and
[https://mailcow.email/](https://mailcow.email/)

~~~
freen
Cloudron.io is closed source and hosted, I believe.

Mailcow only does smtp and pop/imap, no dns, CardDAV and CalDAV.

Iredmail looks neat!

Thanks!

~~~
the_common_man
It's not hosted - you install it on your server.
[https://cloudron.io/get.html](https://cloudron.io/get.html). Why is closed
source an issue? gmail, helm etc are all closed...

------
dhruvmittal
The hardware looks slick, but are my emails going to bounce when my not
commercial comcast/spectrum/at&t/whoever has a maintenance outage? I'm not
sure it's too useful to bring that out of the datacenter and into my house...

~~~
gsreenivas
Hey there, I'm Giri Sreenivas, co-founder of Helm. Glad you like the hardware!
Good question on email bounces. As Arubis mentioned, email has retry built in
and most servers default to retrying for 48-72 hours.

~~~
jstanley
This answer implies that you have no idea what the problem is, which doesn't
bode well.

The problem is that the major email hosts send to the spam folder any emails
from IP addresses they don't explicitly trust.

My solution to this is just to ignore it and tell people if they want to
receive my email they should work out how, as the problem is on their end not
mine.

But lots of your customers won't like that answer.

~~~
gsreenivas
hi jstanley - I was answering the question about retry when there's a service
outage. Did you interpret the question differently?

~~~
jstanley
Sorry! Yes, I thought you were answering a question about dealing with bounces
in general. My mistake!

------
_verandaguy
This looks really interesting, but I'm disappointed that you apparently _need_
a subscription to their DDNS-like service.

In a lot of cases, users may be paying for a static IP from their ISPs (or
even have one for free, by default), or they may be running their own DDNS via
a cloud instance already. This does nothing but add a $100/year fee for
something that is exceptionally non-reusable and narrowly-scoped.

~~~
qwertay
I host my email on a vps for $2.50/month. At that price there is really no
reason to do it at home.

------
linsomniac
I'm not usually one to theorize spying, but I'm gonna call it here: I'm
betting that "remote administrative access" is found between the EC2 instance
and the at-home box.

My first thought in seeing gsreenivas' discussion about the VPN/iptables/EC2
is that the physical box at home makes it feel more secure than an EC2
solution, but I'm not sure that is actually the case.

~~~
gsreenivas
there is no remote administrative access from the EC2 instance or anywhere

------
ArtWomb
Related story just popped up on Bloomberg: A majority of board members are
still using personal email accounts to share corporate information

[https://www.bloomberg.com/news/articles/2018-10-17/dusty-
pro...](https://www.bloomberg.com/news/articles/2018-10-17/dusty-prodigy-
accounts-lost-tablets-put-company-secrets-at-risk)

~~~
WrtCdEvrydy
How do you think I make my money at my job?

Tag a few high level corp accounts and play the market as deals are closed
over gmail accounts.

+17% on Twilio buying Sendmail just this month :)

------
kirillzubovsky
Had a pleasure of setting up and running a personal mail server before, and
honestly, unless you are highly technical and enjoy doing that, a consumer
solution is nice to have. It’s not just the original setup that takes a long
time, it’s configuration and maintenance, software updates, mail delivery
hacks... Basically if you’ve ever wanted your own mail server, Helm should be
it.

------
TrueDuality
You mention that you use a hardened Linux OS, but you don't discuss any of the
other opensource software that you use. While you technically only have to
distribute the sources to the people that receive your hardware, it would be
nice to know these kinds of things before purchasing. This is a niche market
you're marketing to that has a history of researching these kinds of things.

Are you using a custom distro or one of the off the shelf ones? What webserver
(presumably there is one) is running on this? MTA? What're you using for
backups? Is this just a ownCloud running under the hood with a tunnel to AWS
and small proprietary layer on top?

Along different lines, how to do the backups work? Are they just stored on the
device (what happens when its drive dies)? If not where are they stored and
how much manual intervention is required. If your company goes under can I use
any opensource software to decrypt the backups and access my emails?

Edit: With the list of sources in hand I can answer a lot of the questions I
posited. So for others interested:

Distro: Still unknown, but see additional interesting tidbits.

Webserver: Neither nginx or apache are present. If I had to guess its using
golang's net code to run any webserver / API that is present

MTA: postfix, dovecot, opendkim, opendmarc, spamassassin (might be more
components I missed)

ownCloud: Doesn't appear so

backup software: Duplicity

backup location / process: Unknown

Interesting other tidbits:

OpenVPN is present, and so is ipsec-tools/strongswan. So they might be using
either IPSec, OpenVPN or a combination of both for the tunnels. They could
just be distribution defaults.

It's running docker, I'm guessing they're using some form of container image
sync update system rather than a proper package manager.

It contains a fully developer toolchain, so presumably this is a full
distribution rather than a minimized / custom one.

Based on the versions it appears the ARM processor is a QorIQ variant which is
an ARM evolution of the PowerPC architecture.

Contains the libatomic libraries, so perhaps this is running on Fedora Atomic
as an underlying OS? Would explain the presence of docker and give an idea how
they're providing updates.

Appears to have a wifi chip (I couldn't find any information about
connectivity on their site). Specifically it seems to be using a Qualcomm
ath10k chip.

~~~
gsreenivas
Hi TrueDuality - Giri Sreenivas, co-founder and CEO of Helm here.

We will be publishing more details to answer your questions in depth in a
series of coming posts. I'll give you some quick answers right now.

We use Yocto to spin our own Linux build. Key projects we utilize: OpenLDAP
Postfix Dovecot Darwin Calendar and Contacts Certbot OpenDMARC OpenDKIM
OpenSSL Python SPF Policy Sieve SpamAssassin Duplicity StrongSwan Docker

We're using duplicity for backups. So you can use it to decrypt backups as you
will have the keys as well. Backups are stored on a service we run using S3
and will always be accessible for the user even if something happens to the
company.

~~~
cycop
I would like to see the option for backups to be held on you own own cloud
account of choice. I am in Canada and I use a Canadian cloud company called
sync.com for my secured data storage knowing it will not be stored in the US.

The price point is also a bit high for a Canadian Customer, so I like the idea
but a bit too pricey for North of the boarder after currency exchange.

~~~
gsreenivas
Thanks for the feedback - we will take this into consideration.

------
lazylizard
So. The case is interesting maybe. But 500usd for a $pi with a 30usd ssd? And
then 99usd/yr to route mail via a t2 nano on 1yr free tier? So in a year's
time the relay service will stop? Or before that the ec2 instance will go down
but then that means enough helms have been sold... I could be wrong....

------
iooi
So this is a bet that people will value their email privacy at $99/year. The
last time I went from not paying for something to paying for it was when I
started paying for streaming services instead of downloading media. The cost
difference was around the same (although $10/mo. feels cheaper than $99/yr),
but the benefits feel a lot stronger -- say instead of waiting for a download
to finish over the next hour, I can start watching content immediately. Even
as a privacy minded person (no social media accounts, etc.), I don't see
myself or a big market subscribing to this. The confidence factor is also
pretty important since I'm not going to subscribe to a service that I feel has
a high chance of shutting down in the next couple of years and possibly suffer
email interruptions / data loss.

------
Sophistifunk
I want nothing to do with the shit-sandwich that is hosting mail, and have
utmost respect for those of you that can.

But I would _love_ a small server box that can be simply stacked to increase
capacity for home labs and desktop k8s clusters without having to buy and
configure a switch and complicated power delivery.

~~~
WA9ACE
I'm not sure if this fits your use case, but it's what I plan on ordering soon
[https://www.ixsystems.com/freenas-
mini/#buyawesomefreenasmin...](https://www.ixsystems.com/freenas-
mini/#buyawesomefreenasmini)

------
vxNsr
I definitively believe that we need to fix the way email is handled, but I
don't think this is the solution.

I wanna get away from "free" email, but I think it requires a more full blown
solution, something which offers a client with the polish of gmail.com along
with it's excellent spam detection/protection, that can be self hosted on any
random computer/server (using docker, or similar) that is very nearly plug and
play.

Unfortunately, such a project would need to be OSS, with a consulting-type
income structure, but the big companies that would be willing to pay for such
a thing all use O365, and would never be willing to try something not nearly
as proven.

~~~
diego_moita
> I definitively believe that we need to fix the way email is handled, but I
> don't think this is the solution.

Sorry, I respectfully disagree. We shouldn't fix email, we should throw it
away and replace it.

It is almost impossible to have secure email that can't be eavesdropped, even
with PGP. Normal people just don't get the need for security and can't bother
the hassle of encrypting their email.

Also, from an usability perspective, email was a solution for an age without
mobile computing.

What we need is something like Signal: instant messaging with privacy built in
by default.

~~~
vxNsr
I don't think that idea is realistic. While I agree that it would be great if
we could find a fast, secure replacement for email, that's not happening.

Signal isn't federated and doesn't allow me to selfhost.

If you wanna start a messaging platform that can become a defacto standard you
need to allow anyone to implement it, you also need to prove a value-add aside
from security and privacy (which 99% of consumers don't care about) which
builds momentum, it also shouldn't piggyback or rely on email in anyway. Much
the same way that email didn't require a snail mail letter to create an
account.

email is a solution to a communication problem which happens when two people
aren't in the room together. It replaced memos, quick phone calls, long form
letters, etc.

Instant messaging UX really only addresses the quick phone call and possibly
short memos. The UX strongly discourages anything longer than 3-4 lines.

------
scruffyherder
So they use a registered ip proxy to your own email server. I've been doing
that for a super long time, and it's a great solution, at least until about 5
years ago.

Most providers will blacklist anyone who isn't one of them. So I front my home
email server with a big account to relay in and out of. It kinda sucks, but
all my stuff just works.

So I can happily fire up my Macintosh II, load up Outlook 98 and read email.

I use Office 365 to front my domain, I think it's like $12 a month for the
corporate version so I can have it front domain emails. And that means I get
office for all my devices so I'm not the one having to deal with having old
versions of stuff.

------
petilon
I don't like Google reading my email either. But I still use Gmail because I
can search 20 years of my emails (including ones I imported from Yahoo mail)
instantly. It is surprising no one has mentioned search in this discussion.

~~~
CaptSpify
Probably because Gmail isn't the only email provider that lets you search. I
run my own email server and can search them just fine.

------
vvilliam0
This is a market cash grab that preys on peoples' ignorance and fears. Fancy
looking hardware for an excessive cost that isn't stand-alone. For e-mail.
Really?

~~~
kirillzubovsky
I know the founders and can confidently say this is anything but a cash grab.
They don’t andvertise this fact, but the guys are really into privacy, and
they want to see this come to life for the sake of data protection. VC funding
is the means to make it a reality, as good hardware is expensive and takes
time to get right.

~~~
trendia
> as good hardware is expensive

They don't need to sell hardware to achieve what they're doing. In the current
form, they are mainly selling a service (SMTP relay on EC2) disguised as
hardware (imx board inside a fancy box).

Why not charge the service for $100/year and allow anyone to use a Raspberry
Pi and USB flash drive, which costs $35+$20? If they're using Linux on an imx,
then there's likely little difficulty in porting to Raspberry Pi.

~~~
kirillzubovsky
If I understand what you are asking correctly, then you are not wrong, and
there's definitely an option to do this, but you are not the customer they are
looking for.

If you have the chops to get a Rpi running, then you probably know how to run
a mail server or you are definitely able to read an EXIM book and get it going
on EC2 in a day... with all the consequences.

On the other hand, if you are a business professional, or a crypto holder, or
a privacy concerned mom, you don't have the time and chops to go through the
setup. What you want is an "iPhone for email", and this is what Helm will
provide.

One device, simple setup, no hassle, all updates and management are taken care
for you. It's beautiful, and $99/y isn't going to sway you. I pay $100/m for
Comcast and get subpar internet in return, but I am not going to go and setup
an ISP to save money.

That said, if you think this is a good idea but could be done at $100/y sub on
a Pi, perhaps is a great time to start a competing service ;)

~~~
trendia
If a .iso is provided, I can't see why flashing a custom "Helm iso" is any
different from flashing the default "Raspberry Pi iso", and there are a _lot_
of people who can flash the raspbian -- there have been 5 - 10 million
raspberry pi's sold so far. So, I think there are a lot of people who can use
the Raspberry Pi.

------
filmgirlcw
Despite my initial misgivings, I would actually consider something like this,
even at this price point, but there are a few things that for now are non-
starters.

1) I’d need to feel secure my email would actually deliver correctly. Zack
Whittaker on Twitter [1] mentioned that the CEO’s email wound up in his Gmail
spam folder. This would be utterly unacceptable for me, even though I don’t
frequently email new people.

2) The single domain per server totally makes this DOA for me. I have multiple
domains with separate, non-aliased mailboxes, controlled via legacy GApps
accounts. It winds up being a security advantage because I use different
accounts/domains for different services and that means that the likelihood of
me being severely hacked is lower as a result. But beyond that, a single
domain designation seems off for this type of product. The people willing to
spend $500 on this kind of hardware are the people who have multiple domains.

3) I worry about the long term future of a startup like this. If they go out
of business, not only is my hardware now worthless, I now have to migrate my
inboxes to Fastmail or GSuite or something else, or face configuring my own
local mail server, which is what I was trying to avoid to begin with. And in
my case, that would also potentially mean giving up grandfathered GApps
accounts with 50 users and custom domain support.

I wish Helm luck and we need disruptive email startups and better turnkey
hosting solutions, but I’m not sure this is the right solution at the moment.

[1]:
[https://twitter.com/zackwhittaker/status/1052619938349899776...](https://twitter.com/zackwhittaker/status/1052619938349899776?s=21)

------
jeannekamikaze
A proprietary piece of hardware that connects to a proprietary, US-based
cloud. This is the closest thing to garbage in the world of email.

------
ngngngng
Services like this are popping up everywhere. It seems to me that daplie's
successful indiegogo campaign started it. Of course, daplie was then taken
over by cryptocurrency nuts that turned what would have been a good product
into a token mining personal server for no good reason.

The founder of daplie is moving on to found ppl, which is also similar to
helm, but without email being the primary focus. I started helping with the
email feature before getting a new job and not having any spare time for the
project. This is a better solution to email than we had come up with.

I still wonder, does one successful kickstarter mean there's enough market
demand for these products to succeed? I just can't see personal servers at
home becoming anywhere near user friendly enough for the general population.
Go try a digital ocean 1-click install 3 times in a row. The results are
different every time. I see that same problem happening with these personal
servers.

------
kachurovskiy
I wish them all the best but I don't know a single person in the market for
this. For geeks, programmers and DIY folks it's overpriced, for the casual
user the benefits are questionable - you're switching from a proven, free
blackbox (GMail) to an unproved, paid blackbox. It's a tough market to enter,
I guess.

------
sigi45
Sooo you want me to pay 100$ per year for hardware i'm running at home
already?

Nope.

And i also do not want to have my email gateway at home. I do move, i do like
to shutdown hardware, i like to travel and might not be able to access my
hardware.

There are good small and secure email providers out there which costs money. I
would even prever a managed vps server somewhere.

------
agentdrtran
I have no idea who this is for. Non-technical people don't care, and this is
still too complex for them. Technical people can use Fastmail or other secure,
hosted options. $500 for proprietary hardware is so steep, there are software
options for the Rpi that do something similar for $40!

~~~
geuis
Well I might be a good example. I’m highly technical and I never want to try
configuring an email server again. Did that once and no thanks. I _can_ do it,
but since it’s not a particular technical subdomain I have much experience
with and its difficult and time consuming. And doing maintenance is just an
ongoing headache I don’t want.

However, I recognize the value of having my email served and saved on
premises. If I could have a fairly secure and automated backup from my local
files, that’s great.

If I can also use a self hosted webmail interface then I want that too.

I agree that $500 is a lot, but it’s not an absurdly large amount.

------
pacuna
Even if you dislike the idea or the price, you should be happy there are
companies trying to change what has become a real privacy problem these days.
At least for me, it gives me hope to think people out there are working on
these issues and trying new approaches with new technology.

------
isserson
I really appreciate that the "hero" video _asked_ me to click. That already
shows you respect me enough not to just auto-play in my face. I think the
video suffers from a bit too much dramatization, especially at the end with
the triumphant movie trailer music and awkward shots of people looking
directly into the camera. I also think some of the copy on the main page could
be edited to sound clearer and more natural. For example:

* "Keys only you have access to" -> "Only you have the keys"

* "Room for growth" -> "Room to grow"

* "Gets better over time" -> "Always improving [etc.]"

I mention all the above because I really like what I see here and I'm looking
for room in my budget after I post this comment :)

Good luck!

~~~
gsreenivas
Thanks for the feedback!

------
chaitanya
(I sent this as an email to helm's support but since the founders are
responding here I am duplicating this here)

Your technology page mentions that you provide an mx gateway (presumably for
inbound email for home networks that don't usually have a static IP address).
You also mention that emails forwarded to the helm server via your gateway are
encrypted end-to-end and your gateway cannot read the contents of that email.

I am unable to understand how this happens. TLS is not end-to-end -- since the
sending mail server will establish a TLS connection with your gateway it means
that you necessarily have to decrypt the incoming email before forwarding it
to the helm server.

Can you explain to me how I am wrong here?

------
hknd
Looks quite cool but why put a server into my flat? :thinking:

If I'm somewhere and my internet goes down, I will lose access to everything.
And as we all know, stuff will go down at some point (probably at the most
inconvenient time).

------
Scirra_Tom
If encrypted emails are stored on Helms cloud, why do we need hardware? Isn't
a software solution possible where the user holds the encryption keys?

And secondly, if residential internet cuts off - would I lose emails sent to
me?

------
brtknr
I will be surprised if this takes off. Sounds like a glorified Western
Digital's MyCloud with a raspberry pi server... Also that annual subscription
is a joke after purchasing the hard disk outright.

~~~
michaeltbuss
$99/yr is insane for this. Here's the reasoning they provide in their FAQ:

> Internet service providers normally don’t provide their customers with
> networking capabilities that are required to run an email server. In most
> cases, upgrading to an expensive business class internet service is needed.
> The subscription service that is part of the Helm service handles this for
> you without you having to upgrade your ISP.

> We handle all fees associated with domain registration and renewal when you
> create a new domain for your Helm. In addition, we also provide storage for
> offsite encrypted backups and include access to new features, service and
> security patches.

------
sarabande
Is it necessary to have a hardware device for this to function? I'd love to
pay $99/year for a 120 GB encrypted email service, but don't want the hassle
of owning more stuff. I'd go with ProtonMail but it's seriously expensive for
the data price (24€/mo = 288€/yr for just 20GB).

I also can't imagine that having a hardware device in-home actually reduces
the unit costs of that storage, so if this were an on-line service priced even
cheaper, I'd love to pay for it.

My concerns echo those of commenter 'andr'.

------
kjullien
Can anybody explain why they want me to buy a 500$ piece of hardware? Can the
same result not be achieved with a Raspberry Pi and any self-hosted open-
source mail server?

Why is this not simply a download?

~~~
nvarsj
Because Silly Valley.

------
xte
Mh, not much convinced. I'm a fan of the idea of personal home server and I
have built myself one having find a ISP that offer static IPv4 and v6
addresses with a reasonable price; for end-users I also understand the
opportunity and need of pre-built appliance since they may understand actual
sorry state of tech evolution but may not have enough knowledge to act
autonomously but... Well your appliance seems to be too ridden by "modern
design" I personally call it catastrophic.

------
lvh
If the thing you're going against is "corporate server controls your data",
why is the answer "EC2 proxy we control"? It sounds like I have to trust that
server just as much, and essentially you're telling me you're, for some
unspecified reason, more trustworthy than Google?

Do you have stats on e-mail deliverability given that you're suggesting I send
all my e-mail through a random EC2 EIP? (Is it actually an EIP, or is it just
default EC2 egress?)

~~~
gsreenivas
Hi lvh - it's not a proxy. The EC2 instance can't see your emails. The Helm
server initiates and receives TLS connections through the instance so it's
really an extra hop on the internet. We don't see or keep data on
deliverability of individual Helm servers. We use a dedicated EIP that we
ensure are not on blacklists and configure reverse DNS as well.

~~~
lvh
If that’s the case, why does it listen on IMAPS/993 and 587?

~~~
gsreenivas
because it's forwarding packets to/from the Helm server in the home

~~~
lvh
But that's IMAPS and SMTP submission. Is that for random hosts on the Internet
(like my phone on LTE) to read/send e-mail?

~~~
gsreenivas
Yes - these ports are forwarded so customers can reach the server in their
home from anywhere in the world.

------
jatsign
Honest question - What's up with that form factor? Seems designed to take up
more space than necessary. Is there some reason for it or was it just an
aesthetic choice?

~~~
calcifer
They say the units will be stackable to increase storage capacity. The form
factor seems suitable to that. Seems like it would also allow airflow on the
bottom side without visible vents.

------
8fingerlouie
It's great idea, though i'm not sure who the target customer is.

Most people who care enough about security understand what this device does,
along with actually buying one of these, will most likely already have the
technical skills to setup something similar themselves.

That being said, once it supports multiple domains/domain aliases and webmail,
I'll probably be picking one up, if not for anything else then for fun.

Is it open to users to be able to run their own docker images on it ?

------
wyldfire
> While offline, emails sent to you will not be delivered. This does not,
> however, mean that they are lost. ... the sender’s email server will
> periodically retry sending the email at a later time.

It could be interesting to see whether MTAs evolve away from that design
feature/constraint. Email seems ever-more centralized. Then again, it's a
great robustness feature with a very small downside if any, so hopefully it's
just my paranoia.

------
arkaine
Good luck with AWS/Azure IP addresses. Most cloud providers have their entire
IP blocks of compute services (VM, etc.) blacklisted by the majority of DNSBL
and antispam actors. If the EC2 instances act as the last outgoing relay (the
last IP) you will encounter email being rejected by recipient mail servers at
some point.

Best solution is to have your own AS number and IP ranges and your own
hosting.

------
tknot
There are of course alternatives that are completely open
[https://www.kinguardproject.org/](https://www.kinguardproject.org/)

Not sure about the Helm but i havn't found any source code nor any description
on which open source components they use. But i for one would not trust my
personal information to a closed box.

Disclaimer, i'm engaged in the Kinguard project.

------
apo
_Helm just works with your home network—no configuration needed. Helm connects
securely to a unique gateway, which is assigned a static IP address so Helm is
reachable by other mail servers and secure TLS sessions can be established._

This sounds like Helm becomes the email gateway. Sure, an email server might
be running on the device, but emails will be routed through Helm the company.
Am I missing something?

~~~
gsreenivas
Hi apo - Giri Sreenivas, co-founder and CEO of Helm here. The gateway funnels
packets to and from the Helm servers in people's homes. These are packets of
encrypted TLS sessions so we can't do anything with this traffic. Happy to
answer any further questions or concerns.

~~~
Taranli_Maren
That is not entirely true. Perhaps in the stated configuration it is, but
since the domain points to the EC2 instance, you could always register a new
LetsEncrypt certificate for it, and do a silent MITM.

Perhaps the architecture you describe is the best, however I would hope for
two things to be supported: 1) The ability to run your own gateway server
instead of having to trust one managed by your company. 2) The ability to
disable the gateway entirely if you happen to have a business connection
already.

~~~
gsreenivas
It's possible but not something we would ever do. We are looking at STARTTLS
Everywhere from EFF as means to help ensure that any cert changes would be
tracked transparently.

#1 is something we will support via open source.

~~~
jakejarvis
If running our own gateway server on a cloud provider of our choosing will
really be an option, that might sell this for me. Would that remove the yearly
$99 requirement? I understand we wouldn’t get support for a lot of the things
you handle transparently behind the scenes blacklist/DNS-wise.

------
jreyes333
This is cool guys. Kicking things off at the right time as well. However think
I might be missing a few things.

1) Wasn't the whole point of email moving to the cloud to enable access on any
device anywhere? If I move my email to Helm can I still access it on the go?

2) Assuming I can access it on the go. I'd need pretty fast upload speeds
right? I live in Australia, and our internet is god awful.

~~~
gsreenivas
1.) it is globally accessible through the gateway it connects to 2.) for email
services, you don't need much in the way of bandwidth for this to work very
well.

------
auganov
This feels like the infamous HN dropbox thread. I don't know if it's solving
the problem well or not but this can totally make a killing. Privacy has
really gone mainstream, it's pretty clear people are looking for new ways to
engage with tech regardless of utilitarian considerations. The holiday season
is coming and 500$ is reasonable.

------
dguo
Just a heads up to any Helm employees, it looks like the website is running
React in development mode. It should be easy to fix:
[https://reactjs.org/docs/optimizing-performance.html#use-
the...](https://reactjs.org/docs/optimizing-performance.html#use-the-
production-build)

------
readitone
I like the design. Its cool. But i cannot see the price to be reasonable.
Personally if someone wants local server - mail with be not enough of a
selling point for 499usd. So why not buy ds218+ (300usd) from synology and two
4tb NAS hard disks (200usd)- 500 usd? The setup is dead simple. It has mail
server backup and media software.

------
solipsism
Who is this for? The regular person doesn't trust Helm any more than they
trust Google... nor do they care that much.

The privacy oriented techie doesn't trust Helm any more than they trust
Google... so they're going to do everything themselves from scratch anyway, so
what does Helm do for them?

------
cosinetau
I really need an open source composition of preexisting technologies that this
product is trying to solve.

------
GNOMES
As someone who has a homelab, I would be interested if there was an option to
use your own hardware, and just subscribe to their email service. I would
accept the "risks of having my own hardware" that they couldn't guarantee up
time etc. +1 if it was containerized.

------
sreitshamer
I use mailinabox [https://github.com/mail-in-a-
box/mailinabox](https://github.com/mail-in-a-box/mailinabox) on DigitalOcean
droplets for my personal and work email domains. It’s been working great for
months.

------
edpichler
I personally like very much the solution, but I don't like having one more
device on my table.

PS: For some reason, people are willing to pay more and see more value on
"physical things" than virtual solutions. Anyone knows the psychology behind
this behaviour?

------
jrnichols
Interesting idea, but i'm not going to lie - I hate the case design. it
reminds me of how obnoxious the Boxee Box was. Needs its own footprint, can't
stack it or anything else, and it is anything but unobtrusive.

the NUC form factor would be great.

------
jxy
I can't help but feel that this is something that Apple should do with their
AirPort Time Capsule. Give user the choice of hosting their own iCloud
instance on the AirPort Time Capsule. It feels like a great way of selling
more hardwares.

------
otterpro
Helm, also known as "Hillary Clinton" v1.0 (just joking, no politics
intended). Anyway, while it is kind of awkward having a physical server at
home or office, there's a sense of peace knowing i control my own privacy,
especially when I can see the server with my own eyes. While people argue
about using SaaS email service like Fastmail, nothing can be truly secure,
with exception to true end-to-end encrypted email service like ProtonMail.
Most email providers, even the privacy-centered email service like Mailfence,
are still required to turn over their data in case of local (Belgian) court
order.

The only thing I'd really want is to have option to not pay for annual $99
fee, and instead have everything configurable so that I can point tunnel it to
my own VPS/VPN or I can use it at the office, where the business ISP account
allows me to host my own email server.

------
bostonvaulter2
This looks really exciting, and I hope we see more offerings like this in the
future.

------
skrebbel
I _really_ love the tin-foil-hat reference in the name and the product design.

------
ppeetteerr
Have you heard of Synology? Their NAS's are not just personal email server,
but personal document servers, web servers, everything, configured through an
online interface. I would highly recommend you check it out.

------
thesausageking
If you have to rely on propriety code which makes a constant connection to a
server hosted on AWS, I don't see any benefit over Fastmail or Proton. It's
less secure and has a higher failure rate.

------
baldfat
Thought it was the awesome Open Source Music Synthesizer.
[https://github.com/mtytel/helm](https://github.com/mtytel/helm)

------
devilmoon
Am I missing something or is 500$ an awful lot for an email server? You could
probably set up a personal e-mail server with a Raspberry and have more or
less the same functionalities.

------
xienze
Wow, $500 for the device and $100 per year for service? AND the usual concerns
about keeping the device up and running?

What honestly makes this more appealing than $50 per year for Fastmail?

------
BigChiefSmokem
I would never invest in anything like this because we should all be making
strides to kill email not make it better or owning it or building services
around 40 year old tech.

~~~
pmoriarty
People have been trying to kill email for 40 years and failing. Their
reinventions are usually worse than what they're trying to replace.

Unix, vim, emacs, lisp, the shell, and even the web itself is all old tech at
this point. Old doesn't have to mean bad. It's tech that's stood the test of
time.

------
Jemm
"Helm currently ships to anywhere in the United States. Unfortunately, we
cannot ship to PO Boxes, Army Post Office (APO) or Fleet Post Office (FPO)
addresses."

------
jonbronson
The average home computer user has terrible security practices. Frankly, their
email is safer being managed by a competent business. So who is the intended
market here?

------
jamesfisher
I got a long way down the page before I realized this was a physical device.
Most of the text suggests it's a self-hosted email server, like postfix etc.

------
honkycat
Awful name, there are so many projects called helm already.

------
alexkavon
How hackable is this I wonder? Would just be cool to have a machine this
shape. Of course you could probably do the same with a raspberry pi and a 3D
printer.

~~~
gsreenivas
Alex - Giri Sreenivas, co-founder of Helm here. We've designed security from
the silicon up to make this device very difficult to hack. That means
implementing secure boot, full disk encryption and utilizing a Secure Enclave
for managing keys on the device.

And yes, you could definitely do this on a raspberry pi. That's what we used
to prototype. It's not great for a long last, durable and secure platform
though.

~~~
q3k
Fairly sure parent meant 'hackable' in the good sense of the word - ie.
repurpose the hardware for your own uses and have root on it.

~~~
gsreenivas
good point - I read it with the other connotation in mind. We plan to make a
developer program available in the future. Stay tuned!

------
nikisweeting
I'd rather purchase their software and run this on my own FreeNAS box. The
features sound awesome, but I don't need their fancy custom hardware.

------
lrvick
As someone building a personal email system in using Helm (the kubernetes
package manager) I have a feeling the naming conflict is going to get
confusing.

------
blahyawnblah
What's the advantage over building your own email server at someplace like
aws/linode/azure/gcp/rackspace/digital ocean?

------
nwmcsween
It's entertaining that setting up an email server is so painful that there is
specialized prepackaged hardware is coming out for it.

------
rounce
I'm surprised that I'm the only person who thought this was a Helm chart to
run a personal email service on Kubernetes.

------
asprouse
What happens when there is a power or ISP outage?

~~~
dragonwriter
You don't have independent redundant internet connections and reliable backup
power at your home?

~~~
fred_is_fred
I suspect everyone here has at least multiple redundant internet connections
if they have a cell phone.

~~~
dragonwriter
While I have a cellphone, and can and do use it as a hotspot, I wouldn't
exactly say it could provide a fallback connection for a server in my home,
because it usually spends a significant part of the day out of WiFi reach of
my home.

------
reitanqild
On my wishlist.

Also the yearly fee seems high compared to a lot of other stuff but still
reasonable, especially as you start adding more services.

------
lifeformed
The stackable expansion is a really nice idea.

------
tracker1
Don't most home ISPs block inbound server ports? I know Cox in particular
does, as well as a few others. I have a business account for this reason that
I pay a bit more (better support response too), but not sure if this is
something a lot of people can even use without a backing service.

Cool idea though.

As an aside, any suggestions on easy to install/configure/update mail in a box
+ letsencrypt options? Thinking of throwing something on an rPI for similar
chores.

~~~
ekianjo
They block port 25, but secure ports are usually open.

------
starlightfury
[https://mailinabox.email/](https://mailinabox.email/)

------
icco
Wait, how does this hardware stacking work? Anyone have photos of the actual
product? This all looks rendered.

~~~
Willamin
It almost looks like there's a port in the top that expansions attach to.
However, in the specifications, there is no expansion port listed. This makes
me think that stacking is simply stacking, then we use a usb cable to attach
the pieces.

~~~
gsreenivas
There is no cable for stacking. The expansion units expose a USB-C male
connector and plug into the base unit's USB-C female connector.

------
mcguire
Ok, in the "Do you know where your email is?" section, what's the dot in
northeast Alabama?

------
eeZah7Ux
FreedomBox does that, and FreedomBox is Debian.

It runs on a cheap SBC and you can use a 15$/year VPS as a relay.

------
egonschiele
Given the recent microchip hack, do folks feel more or less safe having this
in their house?

------
lvh
If the EC2 instance is just a proxy and not where your mail lives, why does it
run IMAPS?

------
yingbo
I always own my email. The title itself is misleading and decreases my trust
to the Helm.

~~~
garry
Well the point is that if you trust a cloud provider, you don't own your email
because Google owns it too. They have it all, in plaintext.

~~~
yingbo
If I leave my car in a garage for repairing, I still own the car, even the
garage can access it.

That means, even google can scan my emails, I still own the emails. The topic
is about privacy while the title makes it to ownership. That's the misleading
part.

------
dabei
How does this work for mobile? Most of my emails are read on the phone,
outside of home.

------
amelius
Nice, except for the form factor which doesn't allow stacking objects on top
of it.

------
Ultimatt
Or you could use a raspberry pi and an SD card for like 10% of the price of
this device.

------
makk
I imagine exactly 0 mainstream consumers care about this. What is the target
market?

------
lvh
Have you gotten any third party audits? Are you publishing the results?

------
mdevere
i really like the idea but it's too expensive for me. i would consider this it
if was $200 didn't have a subscription fee.

------
saudioger
Wish this wasn't software bound to hardware

------
emilfihlman
Another product ruined by "design".

------
leowoo91
It is not even April 1st.

------
leksak
I came here looking for something related to Emacs and am now disappointed
beyond belief.

------
jonthepirate
Am I the only person who wished Hillary Clinton would have appeared in that
promo video?

------
linuxdude314
Do you use SPF and DKIM?

~~~
gsreenivas
yes - we do! and DMARC as well

------
hidiegomariani
$499 - waaaat?

------
jurschreuder
@hillary_clinton ???

------
watchmecalc
"Want to do sketchy stuff, but not nerdy enough to set up your own email
server?"

------
dang
Please don't be a jerk on HN ("Oh come on", "modern art installation"). Your
question would be just fine without those bits.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
cwyers
Understood. Comment edited.

~~~
dang
Appreciated! I've detached this subthread from
[https://news.ycombinator.com/item?id=18239371](https://news.ycombinator.com/item?id=18239371)
and marked it off-topic.

------
franciscrick1
Yeah, but is it RISCV?

~~~
O_H_E
Nope, the specs page says that it's ARM Cortex processor.

RISC-V is still new and expensive for companies like this

------
tpetry
One of the worst ideas. Every big email provider (gmail, yahoo, outlook ...)
do block every mail sent from a home isp. so you will not be able to send
anyone a mail.

~~~
tathougies
Very ignorant response. It's fairly straightforward to set up SPF for a new
domain, and most big emails will follow these policies.

~~~
Taranli_Maren
SPF won't help if the spam filter blocks residential addresses outright, which
is commonly done using DNSBLs.

