
Show HN: Normail – un-fancy email with cal, contacts, and Nextcloud $50/year - jamescampbell
https://normail.co
======
iscoelho
I absolutely do not understand how you believe trusting an individual on the
internet creating a fly-by-night service is better than trusting a company
with 20-years in the industry, and GMail a product that has been around for
15-years.

You're hosting all of this on a single machine -- with no redundancy -- with
no DDoS protection -- and it makes me seriously doubt your sysops and opsec
skills to be able to deliver a secure and reliable product to your customer.

;; ADDITIONAL SECTION: box.normail.co. 3464 IN A 178.62.214.105
ns1.box.normail.co. 3430 IN A 178.62.214.105 ns2.box.normail.co. 3430 IN A
178.62.214.105

If you are wishing to achieve your objective of moving people off Google, you
should be suggesting a provider that _does_ have the infrastructure to provide
a reliable service, that is a reputable organization with a proven track
record for good sysops and opsec, and is an alternative to Google.

The most important part about e-mail is longevity. It is making sure your
emails can not be read by malicious actors. It is making sure your email is
never down. For many people it is the absolute backbone of their business and
maybe their life. I absolutely would never put this much trust in a service
like this. It is preying on ignorant paranoid people with impaired risk
analysis who (like you) believe Google is the devil.

~~~
jamescampbell
You believe something false. I created amazingly secure dns zone entries glue
records that are hosted on a cloud backbone. The very fact you cant see past
that firewall of dns glue is proving the point of exactly how secure they are
and how trustworthy the service is. Please educate yourself fully and dont
jump to a conclusion like this. You really think I am running this out of my
basement on bare metal or something? Would love to pentest this service since
it is so early. I would be dumb not to. I guess I can transparently share the
results of load at lets say 100k concurrent connections?

~~~
iscoelho
Let's start dissecting this.

~ dig NS normail.co @ns1.cctld.co.

;; ADDITIONAL SECTION: ns1.box.normail.co. 3600 IN A 178.62.214.105
ns2.box.normail.co. 3600 IN A 178.62.214.105

ns1.cctld.co. is the registry server for the ".co" domain tld. Everyone has
access to the glue records. It's how DNS works. They are not secure by any
definition. You can also see for yourself at
[https://www.ultratools.com/tools/dnsLookup](https://www.ultratools.com/tools/dnsLookup)
(in the Trace tab after you lookup)

And your only MX record:

normail.co. 3600 IN MX 10 box.normail.co.

I'm honestly surprised you even have DNSSEC setup. That one hugely surprised
me.

And the host of 178.62.214.105? A single Digital Ocean VPS in Amsterdam.

inetnum: 178.62.128.0 - 178.62.255.255 netname: DIGITALOCEAN-AMS-5 descr:
DigitalOcean Amsterdam

I'll accept that you're unaware of how the internet or cybersecurity works
besides a primitive level as an explanation for the incoherent technobabble in
your comment.

I say this in the absolutely nicest way possible: please don't run a service
where others rely on you when you know you are not capable of running a
reliable service. There is a point where incompetency becomes malicious.

------
cremp
This smells like Mail-in-a-box... A Free solution where a VPS is $5/month max.

You target people who want to go away from Google, yet you have even worse
transparency on what you're running.

Edit: As a fact... it _is_ mail-in-a-box... This is worse than I thought.
(Proof: [https://box.normail.co/admin](https://box.normail.co/admin))

Who in their right mind would give $50/year to someone they've never met, that
has no real worth, and is peddling a _free_ software suite as the real deal to
get away from Google.

~~~
jolmg
> Who in their right mind would give $50/month to someone they've never met,
> that has no real worth, and is peddling a free software suite as the real
> deal to get away from Google.

Someone who doesn't know how to configure that free software. There is worth
here for those people, but I do think $50/year is far too much considering
that gets you a probably far better service with Fastmail.

~~~
jamescampbell
Exactly. 90% of just US market doesnt understand how to run their own domain
let alone setup a linux mail-server. Appreciate the feedback on the $50/year.
We will see what the market will bear. Does fastmail offer cloud storage
included in the $50? I used to use them way back in 2013 but have been running
my own mailserver for 6 years now, so I need to update the competitor
landscape a bit. I garuntee with Fastmail you dont get the same level of one-
on-one support you get with this ;)

~~~
jolmg
> Does fastmail offer cloud storage included in the $50?

I don't use it, but yes. $50/year right now corresponds to the standard plan
which gives you 10GB of file storage. That's detailed here:

[https://www.fastmail.com/help/account/limits.html](https://www.fastmail.com/help/account/limits.html)

> I garuntee with Fastmail you dont get the same level of one-on-one support
> you get with this ;)

I had an issue once where I moved some 800 or so of the emails I had in my
Inbox to separate folders in my computer's Maildir and when I synched it via
IMAP (by using the MRA isync/mbsync) it caused the dates of all of them to
change in their web-client to the moment I did the move. Moving emails and
synching like I did is probably a very unusual thing for customers to do.
Someone in customer support ran a script (and maybe wrote it too, considering
this seems like an unusual problem) to fix the dates and explained what
happened to me in enough technical detail for me to figure out how to avoid
this happening again next time I do something like this with IMAP. It only
took 2 days to resolve the issue. I consider their support to be pretty good.
:)

------
jamescampbell
Got a few successful signups today, thanks everyone for the support! Im
working hard to improve the service, always love the feedback good and bad.
Thanks again!

------
constantskeptic
Does it have a way to integrate into iPhone mail?

~~~
jamescampbell
It actually provides the user with QR code to scan to open the link within
that is your specific mobile profile to install on your iPhone that shows up
as a Configuration Profile in settings with all of your information and mail
account magically appearing in the mail app.

------
brian_herman__
Do you support IMAP?

~~~
jamescampbell
Yes.

