Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Straight2Spam – Send your email right to someone's spam folder (straight2spam.com)
318 points by adnanaga 35 days ago | hide | past | web | favorite | 109 comments



#1 $$$ 100% Act now Action Additional income Affordable All natural/new Amazed Apply now Avoid Be amazed/your own boss Beneficiary Billing Billion Bonus Boss Buy Call!!!!!! free/now Cancel Cash Casino Certified Cheap Click here Clearance Collect Compare rates Congratulations Credit card/check/offers Cures Deal Dear friend/somebody Debt Discount!!!!!! Direct email Don't delete/hesitate Double your income/cash Earn Extra Expire Fantastic Free!!!!! access/money/gift Freedom Friend Get it now/started/paid Great Guarantee Hello Income Increase sales/traffic Instant Investment Junk Limited Lose Lowest price Luxury Make $/money???? Medicine Money Name!!!!!!! No credit check/experience Now Obligation Offer Only Open Order now Please Presently Problem Promise Purchase Quote Rates Refinance Refund Remove Request Risk-free Sales Satisfaction!!!!!! Save Score Serious Spam Success Supplies Take action Terms Traffic Trial Unlimited Urgent!!!!! Weight While supplies last Win Winner XJSC4JDBQADN1.NSBN32IDNENGTUBE-STANDARD-ANTI-UBE-TEST-EMAILC.34X


I know we're not supposed to comment on voting, but... this has got to be the spammiest-looking comment to ever gain this many legitimate upvotes without being removed.

...Well done.


It's just the content of the text you put into your email to get it flagged.


Yes, we know


no doi


I hope that was some kind of meta-comment.


The last part of the text is the Generic Test for Unsolicited Bulk Email (GTUBE), a string to test anti-spam systems.

https://en.wikipedia.org/wiki/GTUBE


Yeah. Makes the rest rather unneccesary.


It's not universally recognized by all filters, and much less entertaining.


I know this is the myth that'll never die when it comes to email, but keywords aren't a big trigger for modern spam filters.


I sent an email from ProtonMail to Gmail and it is right there at the top of my inbox. I even put spam in subject line. Maybe Gmail knows I emailed myself? That is a scary thought.

The only difference is there’s an ad for protonmail at the bottom

#1 $$$ 100% Act now Action Additional income Affordable All natural/new Amazed Apply now Avoid Be amazed/your own boss Beneficiary Billing Billion Bonus Boss Buy Call!!!!!! free/now Cancel Cash Casino Certified Cheap Click here Clearance Collect Compare rates Congratulations Credit card/check/offers Cures Deal Dear friend/somebody Debt Discount!!!!!! Direct email Don't delete/hesitate Double your income/cash Earn Extra Expire Fantastic Free!!!!! access/money/gift Freedom Friend Get it now/started/paid Great Guarantee Hello Income Increase sales/traffic Instant Investment Junk Limited Lose Lowest price Luxury Make $/money???? Medicine Money Name!!!!!!! No credit check/experience Now Obligation Offer Only Open Order now Please Presently Problem Promise Purchase Quote Rates Refinance Refund Remove Request Risk-free Sales Satisfaction!!!!!! Save Score Serious Spam Success Supplies Take action Terms Traffic Trial Unlimited Urgent!!!!! Weight While supplies last Win Winner XJSC4JDBQADN1.NSBN32IDNENGTUBE-STANDARD-ANTI-UBE-TEST-EMAILC.34X


Spam filters often white list any emails comming from an address in your contact list.

When you send an email, said address is often automatically added to your contact list.

So if you ever a test message the other way around, it will be white listed.


How do I get a refund?


Or just set up your own SMTP server ;)


As some who has suffered through managing a qmail smtp cluster and dealing with DNSBLs, allow me to say just one thing: Very. Underrated. Comment.


As someone who has set up many SMTP servers even on very new domain names. Yhe only issue I've actually come across is outlook.com who happily will whitelist if you poke them via their support once you you have dkim and spf set up.

EDIT: if you are working from IPs that may not be clean (and in an IPv4 world thats prob true) many DNSBLs will work with you to remove your ip's from their lists if you are actually nice and polite with them. Just check your IP's before your set up your network so they have a heads up that someone will be on the other end of any complaints.

That has always works for me.


In my experience, ATT is the worst. They've been blocking me for well over a decade. They're the only provider who has ignored every contact attempt I've made.

I don't care, from my perspective they're irrelevant. The last person I communicated who used their MX died recently, and otherwise ATT can bite me. But in a fit of annoyance several years ago I did configure my servers to deliver a heartfelt custom 550 response to ATT MXes.


IIRC AT&T is handled by Yahoo so pester them at https://io.help.yahoo.com/contact/index?page=contactform&loc...

EDIT: https://www.att.com/esupport/postmaster/digital-signature/ checked the AT&T support about delievery. Seems like they do use Yahoo these days.


Yahoo made a deal with them to service the mail services SBC bought/built that were rolled up into att.net. That is one of several mail services associated with them, and not the one I'm talking about.

I'm talking about the ones managed by Synacor, formerly managed by an ATT spinoff with a bland name I can't remember. I still have my notebook logging my (lack of) progress, which happened over several years and involved a bunch of entities - partners and internal spinoffs.

Trust me, I know how to google "att email".


I wasn't saying you didn't know any googlefu. just when you said ATT my head went to "oh you are dealing with their consumers... should thought I would C+P the link thats helped me in the past.

EDIT: As a follow up. I used to have contacts with BlueYonder, Sky and BT All ISP's that used to manager their own email systems but outsourced them to gmail and yahoo so my peronsal contacts within those companies for email have died off. It wasn't a slight on you. just one geek to another trying to help.


I think that came off as a lot snippier than intended, apologies.

All I meant is that I spent entirely too much time researching the web of entities supporting the Death Star's SMTP needs through the last decade, who on Linkedin listing those companies might be attached to the production technical team, etc. At some point I started joking that I knew knew more about their corporate structure than anyone not suing them or working in their legal department.


outlook.com is indeed the worst. Got a pointer how to make this whitelist happen @outlook? Got SPF and DKIM setup since I started my personal mailserver, but still piggybacking of my old University's open relay (on campus) to get my mail to land in outlook inboxes...


https://support.microsoft.com/en-us/supportrequestform/8ad56...

And if you get rejected with your first request, pester them with a follow up saying something like "Hey, I'm, a cloud customer. I don't control the whole IP range. I ask you to reconsider the initial rejection."

That's always worked for me with outlook. Takes a few days (which is why I say do it as soon as you know what your IP range is)

Be nice and polite (from what I understand real humans read that request) be honest with what you have done as of time of writing the requyest and what you are planning to do.

But be persistent with them and they will basically grant you a whitelist unless you start fucking up.


What about Gmail.


Yep. Just send it from a residential IP.

I ended up subscribing to an SMTP service that explicitly masked my home IP as Google's sending service included it and was causing my emails to my bank to automatically get flagged as spam.


What even is the best way (reliably and free) these days to set up a website that occasionally sends email? I have a hobby site on a linode for creative writers to follow up to each other's chapters, and it's very low volume, but I don't want to sent it all through my gmail account, either.


Mailgun reduced their free tier drastically recently, I think to 625/month. If that fits your needs it's a decent choice.


Hmm, I can't find a free plan: https://www.mailgun.com/pricing


Looks like you're right, they abandoned the free plan altogether on March 1. The new deal is $0.80 per thousand messages with no minimum spend, which may be negligible for you, but there are likely free alternatives out there too.

HN discussion from when they downgraded the free tier, includes some discussion of alternatives: https://news.ycombinator.com/item?id=22192543


They eliminated the free tier, but as of June they won't be billing for <=1250 messages a month.

Link from the email they sent: https://help.mailgun.com/hc/en-us/articles/360048661093-How-...


Shameless plug for transactional mail , i got a little comparison site setup. https://bestsendmail.com/


No SparkPost, Mandrill, Postmark or Mailgun?


Something like sendgrid?


Unpopular opinion, but... set up your own e-mail server. I've been running my own off my home connection for quite a while with basically no spam problems.


Mails sent from dialup IPs are almost guaranteed to be classified as spam (probably to prevent spam sent by malware). Many servers won't even accept such mail at all.


Nah, I even do okay with gmail actually. I did do SPF, DKIM, and DMARC, so maybe that helped.


Wanted to comment the same. Initial setup is a bit bumpy - make sure reverse dns is ok, set up dkim, dmarc, spf - but once up, is should be fine, especially if it's only to send, and not receive.


Just an addition to that: Don't use the cheapest possible provider available if you get a VPS to use as an email server; chances are the spammers are doing the same thing and that your emails will be sent straight to spam.

DigitalOcean, OVH and Hetzner are especially difficult. It is possible to run an email server there, but getting the IP reputation up will be a tedious process and some providers will simply reject sent emails simply for using one of those hosts.


Thank you for sharing your experience on digitalocean and OVH hosting providers. I want to understand the issue a bit more because we have a plan to host email service on both the platforms. Your inputs will help us to decide to go with them or to choose any other service provider. Can you please let me know when you sent those emails using both service providers is your emails authenticated with SPF and DKIM or you have used any free email service provider like gmail or yahoo as a from email address. Thank you in advance.


I've had luck with digital ocean by sending friends emails (who have accounts at major providers) and having them mark it as not spam a few times over the course of a week or two. After that, it worked without issue.


It is definitely possible to get it up and running, but there's often problems due to entire ranges having bad reputation. There was a gigantic thread about it in the Mailop mailing list last year. If you have access to it's archives then it's definitely a worthwhile read (and entertaining too!).


I've used Linode VM's for my mail server as long as Linode have existed. No issues. In full disclosure, I do not send a lot of email.


It probably helped that you got an IP early on before they'd been rotated through various users.


Use an external SMTP and several of them have free tier that includes several hundreds emails a day.


Postmark, or sendgrid


I recently discovered: https://github.com/foxcpp/maddy

It takes a lot of the legwork out. Obviously you're referring to the likelihood of a major email provider marking you as spam, which is pretty likely if you're sending much volume. But if you have all your ducks in a row, you just might be able to make it work with this.

FAQ: https://github.com/foxcpp/maddy/blob/dev/docs/faq.md


Uncommon gTLDs work great too. I thought I was clever registering a .email domain for my email. Not so much.


Actual advice to setting up your own mail servers: set up DKIM & SPF to sign and validate your email to keep it out of spam folders.


Better advice, Don't attempt email manually. Use something like mailinabox and have everything configured for you and it just works.

Been running my own mail server with mailinabox for 2 years and never had issues with spam.


That and opportunistic TLS on outgoing email.


This runs the risk of it just not being delivered at all, when what you want is for it to be deliverable enough to reach the spam folder but not deliverable enough for inboxing.


You don't even need a SMTP server. Just make direct socket connection to the MX server. It will definitely end up in their spam folder.


Been there, done that... it's why I think SES is one of the AWS services that I truly believe is worth every penny.


Every time someone says this (jokingly or not) I take the opportunity to recommend FASTMAIL.


You won't trick me with that again!


Why do I feel like this is something Larry David’s character in Curb would just love.


Susie Greene: You sick fuck, Larry David! What do you think you're doing, sending invites straight to spam folders?


I feel like it will be more like Jeff who would call him out on it.Susie will just get mad she did not receive it.


Yeah this is Larry's version of the MAGA hat:

https://www.youtube.com/watch?v=B2oLFKYNInQ


Small print inspiration. I miss you Nathan!

https://www.imdb.com/title/tt3844780/


Here's a video of the original system from the TV show Nathan for You: https://www.youtube.com/watch?v=p9KeopXHcf8


Would have appreciated a snail mail version of this for my wedding ...


Print wedding invitation on collection agency stationery.


Send fancy size/shape envelopes without the extra required postage (and no return address label). Whoops, must’ve gotten lost in the mail!


I run loads of small business email systems and have done for decades, in the UK.

That thing has GTUBE at the end of it, which doesn't look quite as dodgy as EICAR to humans.

lol.

Without the GTUBE string, rspamd scores 10.50, which is flagable by default. With it, rspamd scores 15.0 (ie whatever REJECT is set to) and ignores the rest of the message.

rofl.


Cute, but you could also just include the eicar text: https://en.wikipedia.org/wiki/EICAR_test_file


Actually I got my test signatures mixed up for a second, what you want is GTUBE: https://spamassassin.apache.org/gtube/


If you look at what gets copied to the clipboard, GTUBE is at the end of it.


I just sent an email from my gmail to my Gsuite backed mailbox with the gtube text, didn't work :(

the email landed in my inbox.


My selfhosted mailcow (https://mailcow.email) instance blocked me from sending it (the SMTP server actually rejected it), and then blocked the one I sent from Gmail to it with 554 5.7.1 Gtube pattern. Didn't even show up in Spam.


Why not both?


Because EICAR might get the email straight blocked instead of marked as spam.


that is pretty cool, it's like a virus hello, world!


Just so the uncertainty is out and you know for sure where your message is? “Hi, I sent the email. Check the spam folder, it's there”.

Note also: dunno about webmail, but e.g. Thunderbird ignores most formatting when displaying a message marked as spam.


Gmail keeps basic CSS, I once received the famous "I recorded your webcam watching naughty stuff!" spam, and the particular attacker "hid" the compromised password (long since changed) in white text between each paragraph, making it essentially invisible.


Why would they send you a compromised password and disguise it?


I suspect to key the email to a particular user and prevent scambaiting? And possibly gather the tiniest bit more information in case someone replies from another email address. (Now they know that the sent email is read and the received is actively used)


Keep in mind that this has the possibility of creating an awkward situation if someone notices what you added to the email.


You can always claim your machine had malware that includes this to all emails. Would be nice if the order of the filler words was random so you couldn’t search for all of it and end up on this page.


Even better. You can claim the email is phishing.


I suspect this would actually get through a lot of advanced spam filters. It would be easier to just send an email “from” you through a relay that has no dkim or spf configured, that will always land in spam.


Agreed, if spf/dkim of the email checks out, and they replied to your messages before, chances are that it will go through regardless of content.


It needs one inch penis, two inch penis -- all the way up to 10 or something.


"Unlike every other Penis which only go up to 10, our Penis goes up to 11."


Generally you want to put things too good to be true…


Next big idea: Straight2Spam detection.


That's the monetization plan.


I love the Nathan for You reference in here. One of my all time favorite shows.


Now, can somebody make a version that takes my normal email message, change a few characters, and turn it into spam in the eyes of the neural nets, similar to the one pixel attack?


Since it has the GTUBE you are intentionally making an email that will get bounced almost everywhere so you may as well not send it.


but "I check my spam folder every day" :)


Holy emoji batman!


doesn't work. lol


sorta like Slydial


For those unaware of what Slydial is, it is an app that sends calls directly to a person's voicemail.


lol


Spam folder is one of things that annoys me in email. It really doesn't make sense: if message is spam, then why store it at all? But legitimate messages silently going to spam folder is critical, unacceptable failure. You could regularly browse spam folder, but then.. what's the point? You would be skimming through all the junk anyway, that's defeating whole purpose of filtering.

Personally I don't have spam folder: either message is rejected immediately at SMTP time, or it goes straight to my inbox. (another thing that annoys me is greylisting, it just breaks instant messaging for no good reason)


Storing spam messages does make sense. If you asked me the number of times when we've sent something to someone, they told us "We haven't received anything", and we answer "Check your spam", and there it is...

Checking the spam folder is useful when you know something should be there. It's not made to skim through the junk in the hopes of finding a mislabeled email. And storage is so cheap nowadays that it doesn't make sense to not store everything to shave a few megabytes of space.


Most spam filters do silently delete messages that they are particularly confident about.

But spam detection is not black and white. The existence of "maybe" spams means that you need to let some through.

Having a separate folder is still useful because you can check it less often, and have no notifications for it. I check mine every couple of days or so. No email is so urgent that I need to see it in 24 hours.


You seem to be very convinced that there is an efficient way to filter 100% of spam without false positives. Which seems optimistic if you have ever dealt with email, text analysis or any aspect of spam detection.


Google is incredibly good at this. I see maybe 20 false negatives a year (they usually get corrected if I don't check my mail for a few hours) and 1-2 false positives. This out of thousands of good emails and 100,000+ spam mails.

That said, I think it's good to keep the "spam" folder. I normally only check it if I learn through another channel that I should have got a mail, I don't "browse it every few days" as some others suggest.


> google is incredibly good at this.

Interesting. My experience has been exactly the opposite. For me, using Gmail is like using Microsoft word in 2007. Slow interface, 34 different navigation menus, emails from friends appear in either promotions or updates at random, spam filter has a false positive once per week.

The only thing missing is the little animated paperclip guy.


Can't say I've ever had personal email end up in Promotions, but would have thought it would learn after you move a message that had landed there into your inbox...


Obviously perfect method doesn't exist. But sender must be aware of delivery failure, silently diverting messages from inbox is unacceptable.


The problem is that then it would turn into an arms race - the spammers would use that information to perform reconnaissance and learn what gets through and what doesn't.


OP is saying that any failure should propagate back as an SMTP error code, rather than lying to the sender with success while silently hiding the message. OP is not wrong - it's just not how most MTAs are currently set up.


No they are saying that since 0% false positives is not possible we still need to browse the spam folder which defeats the whole point.

If there is a subset of messages for which we can be 100% then these messages don't need to be stored.


An imperfect classification is still useful. I can focus on messages that are more likely to be important most days, and only check the spam folder once a week or so. Checking the spam folder generally requires little attention and can be scheduled for when I'm tired/distracted/whatever.


Searching the spam folder is a source of entertainment to me. Every so often I'll get an especially elaborate one, they're pretty funny to read sometimes.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: