Hacker News new | past | comments | ask | show | jobs | submit login
A SpamAssassin Surprise (lwn.net)
85 points by rwmj 5 days ago | hide | past | favorite | 88 comments





Please do not let a story like that discourage you from running your own mail server. I am really worried about the future where 2-3 adtech corporations control what we receive and read, and we are not far away from that future.

As a counterpoint, I have been running my own E-mail server for the last 25 years or so, and haven't found it to be terribly problematic. Yes, there is an occasional issue, but I'd rather control my mail, than hand it off to someone else.


Don't let the ad companies run your email. There are a number of large email providers who are not ad companies and so have your interest at heart. I moved my email to fastmail over a decade ago and I don't miss running it myself, people who have moved to one of the other non-ad providers also report good results (though fastmail tends to get the largest share of responses when someone suggests running your own)

Obviously :) We're just the best!

More: Fastmail is a bunch of techies who really enjoy working with email and unlike a lot of the big companies we have a core of people who've been doing this stuff for 20 years, but are also keeping up with (or even writing) the latest standards. It's a good combination.

ok, ok - I haven't been at Fastmail for 20 years yet. That's still a couple of weeks away.


I have an unfortunately pointed question:

How good are you guys at preventing account takeovers? We live in a world where your digital property is backstopped by "send me an email with a link I can click to regain access to a broken account". Everything I've collected digitally over the course of 20 years "belongs" to my email address through that power dynamic. Tens of thousands of dollars of value that I can only maintain access to if I can guarantee that me and me alone have access to my email account, and I will always have access to that account.

I would love to get my email away from Google, I do not trust them at all. But they have demonstrated to me multiple times that they are adept at preventing unauthorized access to my account.

Do you have behavioral account takeover prevention? Do you have a risk and fraud department whose job it is to ensure that me and me alone have access to that email? Do you have people who I can call and demonstrate my identity to in order to regain access to that email account if it does get hacked?

2FA is not an answer.


On one hand, I acknowledge Google's security is amazing.

On the other hand, I am puzzled by your assertion that 2FA is not the answer. Fastmail has passkeys and TOTP... you are a seriously high profile target if that's not enough for you.

> Do you have people who I can call and demonstrate my identity to in order to regain access to that email account if it does get hacked?

Google doesn't have this, right? And actively doesn't want it. Once your account is locked down and you're not falling for the phishing attacks, this is the route in.

> Tens of thousands of dollars

So your security only has to stand up to say $50k of assult? No problem. That's not 0-day money. Just stick with your TOTP 2FA.


You're right, what I actually should have asked is "How do you guarantee I never lose access"

If I lose the key to my house, I can change the lock, it's my property. If I lose the key to my Post Office box, the Post Office will charge me money to set up a new key. I have RIGHTS to my physical property and physical business relationships.

What happens when I lose my Fastmail key? Currently the status quo is "get fucked". Which is utterly insane to me. My options in that reality are to either, set up 2fa and ensure that I lose my digital life at some point, or not have 2fa and get my shit taken instead.

Google doesn't do much in that regard, other than making me confident that they won't let anyone else pollute my ad profile, but I was an actual child when I set that up, and it doesn't cost $5 a month.


I have no feelings one way or the other about Fastmail, but since the offer TOTP as an option why not just archive the TOTP secret somewhere safe and offline? Put it with important papers that you'd store in a safe deposit box, with a trusted family member, etc.

We have a much better account recovery process than, say, Protonmail where if you lose your encryption key then you really are screwed.

Obviously, the more information we have about you, the easier it is for you to prove your identity! Often the people who lose all their credentials and can't get the account back at all are the ones who used anonymous payment methods, clear all their cookies, use a fake name. Hard to identify those!

But generally, we help people regain access with a combination of payment method, backup communication methods they have registered with us like another email address or a phone number, and at the most extreme - Government ID. Provide enough of those and survive the lockout period in which we've informed the person with access to the account and given them a chance to object, we can get you back in.

Seriously the "24 hour lockout while we make sure nobody is accessing the account" is a pretty key part of slowing down attacks - generally if someone's identity is stolen then the attacker's main advantage is speed rushing through all their other accounts, so the slow-down is hugely advantageous.


As a user going on 5+ years now I just wanted to say thanks! Reassuring to hear the team is passionate about what they’re building.

Fastmail is such an obviously better choice than Gmail these days. I moved over a few years ago, and I have zero regrets. I'm a bit nervous that someday they'll sell out or run out of things to build and enshittification will set in, but honestly I haven't seen anything like that yet.

The day they start trying to put AI trash in Fastmail, though, is the day I start looking elsewhere.


How is it better? Honest question.

I use Fastmail for my personal account. I use gmail at work.

Fastmail's UI is a ton more user-centric. It just feels more thoughtful to me.

Fastmail treats keyboard shortcuts as first class citizens, so you can run it almost completely mouse free.

Spam filtering is on par with gmail, if not better.

Aliases and throwaway accounts are easy to use if you have your own domain. I don't know how gmail handles that.

When you click a link from fastmail it doesn't pass through a fastmail server as gmail does, but instead goes directly to the source.

The calendar is decent but it's a hassle to import .ics files. It's readable and searchable though. If you attach external calendars then there's some delay when you change something on the external calendar. That can be annoying.

The Contacts manager is OK. It's definitely not special but that also means it's not over-engineered.

They have some file storage and notes capabilities which I don't use, and honestly I worry that it's the beginning of adding features for features' sake, but if that continues I can always keep fastmail and move back to Thunderbird or whatever, although that would suck a little bit.

The android app seems good, but I came from K9 mail which wasn't the most polished. I don't use gmail on my phone so I can't compare, but to me Fastmail's app proves the adage that the better a tool is, the less you're aware you're even using it. It just does its job and stays out of the way, which is cool.

I guess adding new calendar entries on a phone can be annoying. Like you tab the box to add a contact and the dropdown menu is obscured by the edge of the screen, stuff like that.


The files storage is handy and is like a lite version of Google Drive / Dropbox and in other ways has a few more features.

Upload files (or save attachments) to folders. Okay that's pedestrian. But then you can share links to the individual files or a folder as a .zip, which is heaps handy. So far google drive can do this already.

You can also convert a folder into a website using fastmail's domain or a custom address using your own domain, to share as a listing of files or photo gallery, optionally password protected. I've used this quite a bit.


> You can also convert a folder into a website using fastmail's domain or a custom address using your own domain, to share as a listing of files or photo gallery, optionally password protected. I've used this quite a bit.

Holy cow I didn't know you could do this!


I use the notes. It's nothing special, just a text box. I can write them on my PC and easily edit them on my phone, without any system to maintain for that.

One annoyance is that editing notes doesn't auto-save. I've lost some big edits.


This applies to any commercial service (I am using a different one, but it's all the same): no tracking because they have no incentive to (they have the opposite incentive, actually), and responsive support provided by real humans when you need it.

Search on HN or elsewhere for what happens when Google's automated systems ban your account and you lose access to email and everything tied to it. You have no recourse and no chance to recover it unless you have inside contacts or manage to stir up a social media shitstorm.

You can also use your own domain (for example, tied to your real identity: firstname@lastname.com) and move it to a different provider if your current one goes to pieces.

Additionally, I use a separate email address for each service (hn@domain.com, paypal@domain.com, amazon@domain.com, etc.) and can simply remove the alias if it starts receiving spam. You know then who leaked your email to spammers. You can add a random "IV" to be sure (i.e. amazon-5VoXwj5@domain.com).


Everything you mention I can do with Google Workspace.

The only thing is the automatic banning which could be a huge problem.


You cannot be sure that google workspace isn't scanning your email for ads/tracking purposes.

I can bring my own domains easily, I'm someone who gives companies <companyname>@example.com. That way if I start getting spam, I can block it easily and I know which company sold my email or had a breach. But they land in the same inbox.

I find the UI much snappier, and I don't have to deal with some of the accessibility frustrations of gmail.

Plus, it's a service I pay for, and isn't an ad tech offering.


They are not an ad company at all and so they don't have a division making a lot of money tracking you. Even if you pay for gmail, that ad division is making a lot more money and is looking for why to track you.

Works fantastic with catch-all aliases, being able to compose or reply with a custom alias, and automatically selecting the correct alias when replying to an email. I've yet to find a provider's web interface that does this correctly, or allows you to do it at all.

Gmail is hostile when it comes to alias / catch-all.


Really fast/responsive, both the UI and the mail itself, great features, support is great, even power-user stuff is supported in the UI and support knows to set it all up if you talk to them. I really can't recommend Fastmail enough, I'm just sorry I wasted years on Gmail.

Thanks! We're all pretty happy to keep doing what we're doing for a long time yet :) Have plenty of new stuff on the go (see the email work happening at IETF, a lot of it's being led or shepherded by someone from Fastmail)

AI is... yeah. I can see in theory being able to have an AI answer questions like "who sent me a question I haven't replied to yet?" or "who have I emailed something expecting a response to and not heard back from?" could be powerful - but the tech is really immature and it hallucinates the craziest things. I don't think it's something we need to do in-house - it's something that could be added on with an IMAP or JMAP connector for those who want it.


Sadly someone flagged the hilarious response "...spamming every online discussion about selfhosting email, [just go with Fastmail, it's greeaaaat!] or like that." before I got back to it.

True fact, many of us do love reading HN and chiming in. We don't mind self hosters at all. Eventually they get sick of it and move their email to Fastmail, or in extreme cases come work for us!

(it took me a good year of being a Fastmail staff member to finally decide to shut down my own self-hosting and just make it a Fastmail Family account... figured if I was going to get paged by my family for the email being broken I might as well be on the clock)


> More: Fastmail is a bunch of techies who really enjoy

...spamming every online discussion about selfhosting email, [just go with Fastmail, it's greeaaaat!] or like that.

FTFY


> There are a number of large email providers who are not ad companies and so have your interest at heart.

You must be naive to say that. They don't have your "best interest in heart" - they have to increase revenue. And they will become thew "ad company" sooner or later.

Fastmail is not any different. It's just not there yet.


Nobody knows the future of course, but their incentives are to not become an ad company at this time.

Same. Though as mine is getting to the point I want to change things around quite a bit, I am wondering if I really have the time or if I should go “hosted”.

Running your own mail can be harder from the start than from our position of having done it for years though. All the things that we know and learned one at a time as they came up, a new mail admin needs to learn at the start. Also, I have old domains with no bad rep, and my mail is sent from static IPs that have been reputationally clean for all the time I've had them (well over a decade). If you run your mail server on a VPS provider you might have more trouble from their IP range than I have from mine (though you do always have the option of paying a little for a relay service like mxroute which will deal with deliverability problems for you).


I've done so as well, and once it's fine-tuned it isn't a huge deal. But, I'm getting old now, and now that it's time to upgrade my mail server, I'm wondering if I should jump to a hosting service (or SMTP service) instead. I've never had deliverability problems with Google, Hotmail, Comcast, or Charter, but AT&T has always been hostile to me.

You could go with https://mailcow.email, it's pretty easy to setup and keep up to date.

Or, if you don't want to do the Docker thing and have daemons running on a 'regular' (Debian) system:

* https://workaround.org/ispmail-bookworm/

(They include instructions for upgrading from their previous iterations, e.g., buster->bullseye->bookworm.)


I run my own mail server since 7 years. (OpenSMTPD and Dovecot for IMAP (NextCloud for contacts and calendar) on OpenBSD.)

Apart from rDNS and FCrDNS (which the connecting host has to have) I don't have a Spam filter (and never had). I create a new mail address for everything. (name-number@...) I have gotten like ~2 Spam mails.

(I still have my 25 year old GMX address. (I even have premium.) I use it for my providers in order not to create a chicken and egg problem. Only my MX is public. Everything else is behind a VPN.)


I'd second this.

Get yourself some managed hosting package with a TLD at Hetzner or somebody like them and run your own stuff. NextCloud with calendars, mail, maybe a blog will cost you sth. like 3 Euro/month.

That's totally fine and the hardest part is finding a good domain name anyways. :-D


I've been running my own for about a decade or so.

Recently, I finally gave up running my own outbound email, because I realized that no matter what I do, I'm still being blocked based on my IP address.

I now pay FastMail 5 USD a month basically for their IP address, using them for outbound email only.

Email is anyway inherently and fundamentally inadequate for security.

I'd rather not use it at all now, and stop having an email address.


25 years for me too, 2 issues in 25 years. A few years ago, someone on reddit suggested to stop using Spamassassin so I did and found it didn't have much of an impact. I also have my own service I wrote which checks a few things Postfix doesn't and that helps but overall it's not difficult, it is a hobby that demands some of your personal time but I feel it's worth it.

> Yes, there is an occasional issue

For me it's quite the opposite, I'd rather let someone who does nothing else all day than providing email services to people for money handle the occasional issue.


At the same time, don't run your own mail server.

E-mail is not, in practice, a federated protocol which anyone can participate in. E-mail is, in practice, a protocol where Microsoft, Apple and Google can send mail between each others' systems.

Stop using e-mail.


That’s one problem I never had. With DKIM, SPF, and the other right DNS records in place, I had no worse trouble with deliverability in general than I do with a large host. Every couple of years I’d try to email someone with an rule like “don’t accept email from a VPS, at all, ever”, and shrug it off because they were already use to discarding a huge chunk of valid email so what’s one more.

> Stop using e-mail.

Right after everyone and your grandma stop using e-mail as a UUID. No, phone number doesn't cut.


No, that's the one thing e-mail actually works decently well for. Just stop using it for all these other things.

It is. Don't let people who don't run mailservers tell you otherwise.

Supporting your counterpoint, I have been also running my own E-mail server for the last 20 years.

There were occasional issues, mostly a few years ago, with the big providers dropping silently messages or delaying them by a day or so, but eventually it has always worked well. This year has been a hassle with the new rules forced by Google, but during most years the time spent with managing the E-mail server has been completely negligible.


Same. The last time I had to change something for my email server was to add SPF and DMARC support five years ago or so, and that was well-documented and pain-free.

Regarding the SpamAssassin issue, TFA doesn’t clarify whether it’s Validity or SpamAssassin that is using the DNSWL interface wrong.


I have only been running my own mail server for about two years, and the only problem I have is delivering to Hotmail.

It has become a lot easier than it used to be thanks to things like Mailinabox.


> I have been running my own E-mail server for the last 25 years or so, and haven't found it to be terribly problematic.

Not quite 25 yet but approaching and same view. Keeping on top of DKIM and SPF and all that have reduced the "I can't send mail to XYZ" issues. Pretty much the only thing I get now is family being temporarily locked out of SMTP by fail2ban when the automatic family-unbanner has missed that entry.


I used to run my own but for 8 bucks a month (spouse and me) to hand it off to Microsoft, it quickly became a no brainer. Not to mention running my own helped me be a better SRE back in the day, most businesses handed it off as well and it wasn't a skill worth me knowing outside the basics of SMTP.

[flagged]


"Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes."

It's a mistake to think that if self hosting email is hard, then you should not do it. This will incentivise giants to gakekeep by making it even harder.

Ideally we should get to a point where self hosted email ecossystem is self sustaining and makes them not irrelevant, but also not so dominant. As developers, we should aim to create out of the box solutions, with batteries included (I've seen more and more such solutions, like maddy, wildduck, etc), that anyone can setup as easily as wordpress.

It should have default sane and secure configs, with a simple UI with a setup wizard with options like "Single vs Multi Tenant", integration with DKIM, SPF, DMARC APIs on most DNS providers, etc.

The goal is to kill the "misconfigured email server" argument from the giants.


At some point, we have to acknowledge that e-mail is already dead. Use something better.

Apparently some 360 Billion emails are sent daily:

https://www.demandsage.com/how-many-emails-are-sent-per-day/....


Most of those are spam, and the rest are sent between the big email providers.

Like?

I don't know, maybe invent something. E-mail is not it. It's almost completely unfederated, and e-mail sent from one client usually doesn't even display properly in other clients. The amount of times I've had to read black text on dark grey backgrounds is insane.

Its not the 90s. You can no longer get traction for new protocols without backing from big tech and they will push walled gardens.

I have very rarely had issues reading email.


In that case, you have resigned to being stuck without a working federated messaging protocol forever.

pretty much. I would love to be wrong so please convince me.

I think the best bet is making email better and easier to self host,


E-Mail is working. You might not be able to make it work.

A messaging protocol where messages are highly likely to not arrive at their destination, and where one messaging client can't properly render mail sent from other clients, does not work.

Again, seems like a you-issue.

In what way? I didn't make the e-mail clients I'm using, I didn't make the e-mail hosts which drop messages

Maybe you should. Like you suggested to invent a new protocol.

This is a problem with HTML email, which has been a terrible idea since the day it was created. Some people who can afford it automatically bounce HTML email on the server and notify the sender to use a more sane format; I cannot afford to, unfortunately. What I can do is configure my email client to extract text from HTML and remove everything else, and it works fine with rare exceptions. The worst offender is PayPal, who used to send easy to read plaintext mail about a decade ago, but then switch to an HTML mess that is unreadable in either form.

https://devblogs.microsoft.com/oldnewthing/20060523-10/?p=31...

https://useplaintext.email

> maybe invent something

Good luck with that. So many have tried, none have prevailed.


Thank you for agreeing with me that e-mail is a horrible horrible thing.

text/plain works fine.

I don't typically receive text/plain.

In my view the importance of email is the provide communication between two consenting parties. This function has been co-opted by those entities that have another interest. Google uses gmail in order to enhance it's business. MS is the same. Then there are mailing list companies who have made a business from sending millions of emails.

In the current email system who represents the interests of the common user? Not gmail. Not mailchimp. I'm not saying they are bad, just that their interests are not my interests.

So perhaps the right thing is to add a layer to email that provides common users control. Email servers that provide consensual service can talk to each other. Not a white list, a trust list. Otherwise just use gmail.

How to do this? If you send a non-consensual mail, you pay a fine. A way for mail providers to make money by improving the basic function of common users.

I'm just making this up, I'm sure you can come up with a better system. Or perhaps you can help me understand whether the purpose is valid or not?


> If you send a non-consensual mail, you pay a fine.

Spam is already illegal, but spammers don't pay a fine because good luck actually finding them.


> What was once a nice, federated service (in a much simpler time) has become a complex mess with high barriers to entry, pushing users into a small number of large, proprietary services

This also describes all other communications and socialness on the web; from bbs and forums to modern "social media". Is there anything small and niche (apart from, literally, HN) that hasn't been completely utterly destroyed by the nasty people online?


Is there anything small and niche (apart from, literally, HN) that hasn't been completely utterly destroyed by the nasty people online?

Local and specialist fora are doing quite well. Some have been around for decades because they offer what social media promises but doesn't deliver. Examples:

  https://thestampforum.boards.net
  https://thehaif.com
  https://forums.atariage.com
Most offer RSS, so you can roll your own "feed" like a social media site, but without being followed, tabulated, and monetized to death.

Their secret is friction and moderation. You have to jump through a hoop or two get registered, unlike social media where the barriers to entry are so low that bots step over them without a care. That's because these web sites care about the content, not tallying up monthly user statistics for shareholders.

It's like radio. If you're in Los Angeles, you can listen to KROQ, which serves its corporate owners and shareholders far away, or you can listen to KCSN, which serves its listeners locally.


Basically, it's small(ish) forums that have survived over the years without migrating to Reddit or such, and even those are not immune (and could go away without warning).

User upvote/downvote systems can be helpful, provided there are checks and balances against being gamed.


I'm running my own email server for more than 20 years now. And spamassassin still works fine, filtering locally. But even before spamassassin gets stuff to analyse, my postfix server checks if a sender's ip address has a reverse dns mapping (most hacked office clients don't have one) and last but not least asks the postgrey policy server if it should accept an incoming message immediately or tell the sender to retry after some time.

That is, I'm using greylisting, and yes, this still blocks quite a number of incoming messages, as spammers do not retry to send their spam, if it doesn't work at the first attempt.

So with excellent software like Wietse Venemas Postfix and a rather restrictive setup, an email server is a low maintenance server to use IMHO.

Edit: running your own email server gives you enough email address for you and your family to make it much easier to detect phishing emails: one address per shop and you'll notice if an email to the address of a shop tries to pose as your bank or some other sender. And it's easy to block certain senders after their job is done.


I’m one of the people who gave up on self hosting. After 25 years, I now run my personal domains off Apple, who does it for free if you have a paid iCloud plan. It was fun. It was educational as hell. It was an adventure. It was also an incredible time suck keeping up with new spam and anti-spam and anti-anti-spam methods.

I highly recommend the experience for those interested. I also recommend regularly reevaluating whether you’re still having fun doing it.


Indeed it's not a great idea to rely on 3rd party services for allow/block-listing. You're giving power to those 3rd parties, and it centralizes email. Ironically, quite some people running their own mail servers use blocklists, pushing deliverability problems due to being blocklisted onto fellow self-hosters.

Another reason why it's not great to use allow/block-lists: You're passing the IP's of everyone you're communicating with to those 3rd parties.

In mox (a mail server, I'm the author), junk filtering is first done based on known good/bad reputation of the (verified) domain of the address of the sender, based on classifications made by the user (and mox helps with those classifications). That means everyone you've seen good/bad mail from before, can quickly be classified without the need to contact any allow/blocklist. For first-time senders, a bayesian content-based classification is used. That is almost always is good enough. But you can also configure blocklists. They will only be consulted as long as there isn't enough reputation for the sender. Once you've corresponded with someone a few times, the blocklist isn't used for their messages anymore.


While I like LWN and respect their writings, AND I appreciate and respect a good post-mortem story which involves some "I fucked up", this really just highlights negligence on their sysadmin staff. And, in that respect, I don't they have any business telling other people to not run a mail server given their demonstrated negligence. Not everyone else is a fuck up, but LWN sure is.

> configuration was introduced as part of a hurried email server replacement driven by the demise of CentOS 7

They knew for YEARS, and even after the Red Hat controversy of shitting down CentOS, they still sat on their butt and did nothing until the very last minute, and then f*ked it up. That's some serious negligence.

Also, any competent self-hoster knows you need to run a recursive DNS resolver on-host to avoid these kinds of issues. Many other DNS-based RBL services already had such limits and those issues were extremely well-known. This is another sign of negligence.

This guy is an idiot and should not be running a mail server. And, he/they have no business telling anyone else what to do.


rspamd has worked wonderfully for me. It’s operated more or less on the same level as iCloud, Gmail, or Outlook.

I feel articles like this overstate the burden. I can agree that running a self-hosted server at scale (multi tenant/multi user) could be very painful and would be a full time job.

But if it’s a single user (you), it’s almost set it and forget it. Many resources out there to test your mail server is configured correctly (ie, mailtester).

The only painful issues I have had:

- if using a “dynamic” IP from a VPS host. You might find that many RBLs block them by default. It’s somewhat easy to get it reset though, and have only had to do it twice (cloudmark and outlook).

- occasionally have to deal with obvious brute force attempts to find vulnerable accounts. But this is resolved with fail2ban and setting up alerts on postfix and dovecot logs

Also, compared to the old days. There are many projects that make it stupid simple to setup a mail server with sane defaults.

Current projects I am watching:

- stalw.art

- docker mail server

I have been considering stalwart. Especially since there are plans to add in CalDAV (Calendar), and CardDAV (Contacts) support. I was previously looking at Cyrus IMAP for this functionality but will ultimately wait/support stalwart for the AIO solution.


+1 for rspamd making life much easier.

Would highly recommend rspamd over SpamAssassin, I've found its results to be much more accurate.

I really wish I could move my personal email over to gmail -- I've run my own local email server for 30 years, and tbh I just don't really care to do that anymore.

But I'm stuck -- I exclusively use 'tagged' email addresses when giving anyone my email address, so every incoming message is addressed to "myusername-sometag@domain"... and gmail, of course, uses a + instead of a - for doing that kind of tagging. So if I tried to migrate hosts, literally none of my incoming email would arrive anymore.

Sucks that a decision I made before gmail even existed now restrains me so much. :/



Even the longest journey begins with one step.

I have a similar mail address pattern (ebay-534389@foo etc.) When I started 7 years ago. I opened my password safe and changed one account after another. If the old account received something I overlooked and I was still interested in it, I changed this address too. A year later and the old address receives nothing anymore.

Nothings stops me or you from changing it back.

Update: And yes, there are a million providers that provide a catch-all mechanism. Even some domain registrars provide catch-all forwarding.


I think Fastmail can deal with this. I don't know about using "-"(dash), specifically, though ...

And never use "+" as a separator. There are zillions of shitty regex email address "validators" that won't take it even though gmail uses it.


Exactly the same thing for me. While it is clearly not good to suddenly receive a ton of spam, I rather have a ton of false negatives than false positives, so in this case, no real harm was done.

The big companies have these issues too. MS started allowing lots a SPAM in a few months ago. Took a couple of weeks for them to fix it.

Self-Host or Email as a Service both have their intermittent issues.


Huh, I noticed a handful of obvious spam emails make it into my inbox in fastmail over the last few months, wonder if they had a similar issue.

I've got an account on Google apps, and spams have landed in the main mailbox. Attached PDFs was the common thing. Obviously spoofed sender. One new attempt is sharing (virus) files via Dropbox - been getting a bunch of those invites recently.

I had a quick look into this rule, and I have an entirely different concern. It appears to me Validity is essentially a "pay for good reputation" service. Not sure that aligns with the goals of Spamassassin...

It feels really strange to read an article starting with some free advice like that. "What do they sell?" is what could expected then.

What a nothing-burger. Bug discovered in default Spamassassin. Yawn.

The number one sources of the very worst spam that lands in my inboxes are Google, Microsoft, and Apple, and by worst I mean the most legitimate-appearing messages that contain the most hideous of links and attachments.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: