I run a mail server for my own company and my immediate friends and family.
I hope you aren't planning on using one of the many ESPs to do your actual delivery; increasingly I am blacklisting them (and by ASN) since despite any claims to the contrary they don't give two shits about spam or UCE. There may or may not be collateral damage but I really don't care anymore; I have a home-grown analysis script that runs daily over my logs and generates pretty HTML summary reports of who got blocked and why, and 6 months in it's looking pretty good.
One size fits no-one for email (which is why Spamassassin always fails me sooner or later). There are entire ASNs that have no business talking to me and get the firewall. There are entire countries that (on the basis of GeoIP lookup) get aggressively greylisted. Nobody has ever sent any of my users a legitimate email with a utf8-encoded subject. The list of rules just keeps growing.
And finally, if anyone reading this has anything to do with
But you're missing out on the all the fun of managing your own DKIM & ADSP DNS records! And debugging mobile device SSL issues. And Courier-IMAP IDLE support for various broken IMAP clients. Not to mention Outlook's amusing approach to TLS. What do you DO all day?
Also, does Gmail do S/MIME? I see a Firefox plugin, and Penango which appears to be Firefox/IE. What about Chrome / Android?
> Nobody has ever sent any of my users a legitimate email with a utf8-encoded subject.
I suppose you and your users only ever communicate with Westerners. Or are all of your Japanese correspondents (for example) kind enough to encode their subjects in EUC-JP instead of UTF-8?
You suppose correct; obviously that might change, but for now it's the case that in 20 years of email not one single legitimate message has had a non-7 bit ASCII subject line, whereas there's always plenty of ⋎Іǎḡɾǎ, ѵἲàɠṝà and ѷἰẫǧʀẫ to go around (in the form =?utf-8?Q?=E2=8B=8E=D0=86=C7=8E=E1=B8=A1=C9=BE=C7=8E?= of course)
Pro tip: if anyone is trying to block this shit without blocking legitimate Unicode, you'll be wanting Unicode::Normalize and something like
utf8::decode($rawSubject);
my $normalised = NFKD($rawSubject);
$normalised =~ s/\p{NonspacingMark}//g;
to strip the composing diacritics before you reach for the regexes. Good luck.
It very much depends on your account visibility. I have the email address helpme@gmail and it gets about 20 spams a day into my inbox (and thousands to my spam folder, so I'm not arguing that it's a bad filter). So it's far from solved.
However I used to work in anti-spam and so know full well that it's not a solvable problem - no matter what some new startup claims.
1) Have central control, central management. Facebook has this in their messaging app, and still spend millions of dollars fighting spam on it every year.
2) Have whitelist only email - basically get pre-approval for who can message you. Instant Messaging has this and people still get spammed on it. Plus you lose so much under this model - how many times a year do you email someone you've never emailed before? For me it is in the hundreds.
I don't know what your pedigree is in the anti-spam world (personally I wrote large chunks of SpamAssassin, implemented Symantec's Cloud anti-spam engine from scratch, wrote the Haraka SMTP server, and am one of the authors of RFC 6471), but this is called a FUSSP for a reason.
In short, build a better client, sure, but don't have delusions that you can make spam a thing of the past. It's impossible once you get any level of traction worth talking about.
I understand your point. I'm not convinced that spam with its dangers as we know today can be gone with any solution. I think it needs a long process to reach a point where sending out spam will cost more than profits coming out from it. I'm probably naive and too ambitious but I am going that path.
I don't want to belittle anyones work on fighting spam. It's very complicated and I do know the responsibility of the job and how all of us rely on it.
To be clear on our launch, it will start out as a mail hosting with a nice client having some cool features. All this questionable stuff on spam, parsing receipts, etc. is coming in the future if we're lucky enough to have your support to be around that long.
False positives are WAY too high for me with Gmail. Once I discovered how many important, obviously-legitimate messages were being marked as spam, I started monitoring my spam folder on a daily basis. You'd think they'd at least whitelist my contact list, but no.
I don't know how they intend to beat Gmail, but that's not because Gmail is without major flaws.
I hear you. The problem with spam is that the current infrastrucutre allows anyone to distribute spam on a massive level and forces online apps to use expensive third party services to deliver their newsletters to inbox. For a regular end user on Gmail the problem is hidden but not solved. When you have spam, you need spam filters. Spammers get better, you must catch up...
We want to solve that by replacing mail as you know it now. It's a long way ahead but we're on it.
Yes, it's not our main focus right now. We have planned this for later next year. It's not just the Google - everyone who runs online app or shop needs to get to you with order information, registration confirmation, invoice... If it's a pain to get into your inbox for them, it's a pain for you too not getting what you want. We will make it impossible to send out and receive spam using our infrastructure.
As usual with Google, they're still not handling multilingual situations too well. It has been a long time since I've seen any spam in English, but tens of mails in languages like Finnish and Georgian get through every day.
I wonder if the easiest solution would be a language blacklist. I have no legitimate reason to want to receive email in languages I don't understand.
But it's not a cut and dried situation. It's hard to identify language in very short emails. It's quite possible to get false positives too, when you get mail from someone with an accented name. Language detection gives you a probability that it's in a particular language, not a yes/no.
Here's a thought to toss out and see if it sticks (or has been done):
How about an email app which groups messages by frequency/familiarity of sender? If someone sends me messages often, or has sent stuff on occasion over a very long time, group it at one end of the inbox; if seldom and not known for long, somewhere in the middle; if sender (&/| reply-to) has never been seen before, shove it to the other end. Maybe also track how long I read their messages: if I spend time on what's sent (relative to content size), it's important; if it's straight to trash or less than a half-second, put it in the "junk to screen" pile. VIP/white/black-lists are a pain because I have to screen every address listed; do some probabilistic sorting for me! don't just list things in a linear or threaded by-receipt-date line.
Inky (http://inky.com) already lets you sort by relevance. It's much more useful than VIP/whitelist/blacklist but we're continuing to play with the relevance metric to further improve it. It does take sender frequency into account.
I have to say that whilst your site is making some very bold claims, I think it's extremely clear what your goals are. Furthermore, I found it really engaging that your request for an invite form was a little more interesting than simply entering my email. It's nice you're offering a mini service around this, and furthermore the idea of running a mail check on a friend's mail account is a nice way of ensuring some virality.
Best of luck, and I really do hope you can solve the problems you outline. I can't wait to try it out!
Looking forward to trying it, however requested an invite and the scanner on the Thank You screen mentions my @gmail.com account got a thumbs down for Deliverability and being 'weakly secured'. Kind of a bold statement to make about gmail, no?
I appreciate your interest. :) That check looks for blacklisted IPs of your provider. Gmail is blacklisted very often, thus making deliverability of your messages to some servers lower. Might be a poor wording on our side. We'll take a look at that.
That check looks for blacklisted IPs of your provider. Gmail is blacklisted very often, thus making deliverability of your messages to some servers lower. Might be a poor wording on our side. We'll take a look at that.
- Delivery tracking. This is the single most exciting feature that I found in your screenshots (welovemail.com). Mass mailing solutions and Transactional email services have had this feature for ages, and it's about time regular email got it, too. No more need to parse the incoherent ramblings of MAILER-DAEMON, hooray!
- Three-column view. (Or was it four-column?) I'm not particularly fond of 16:9 widescreens, but I might as well use all the space since I can't seem to buy anything else anyway.
- Managing multiple accounts.
- "The only way we can build a product that we can go and use without any stress today is to make the best out of what’s already available." -- Absolutely agreed. Email is email. It's not a todo list, it's not an instant messaging protocol. I'm glad you're taking this seriously.
- "Get a receipt from a local store directly to your inbox formatted the way for use in an accounting app." -- Wonderful. Don't stop with a pretty app, please go ahead and write an RFC that defines the standard markup for electronic invoices, receipts, to-do list items, etc. Then we'll be able to use SMTP, HTTP, or any other protocol to ship them around.
Things I'm not sure I'm going to like, although it seems early to make a judgment:
- "How simple a life could be if every citizen would own a mail account allowing them to vote in any election from anywhere in our solar system." -- What does email have to do with voting? My email account is not my identity, no matter how hard Mozilla Persona et al. tries to shoehorn identities into email addresses. It's just an address that I happen to be occupying at the moment, and that I can leave behind whenever I want. So please don't try to sell your product as a candidate for universal adoption from the first day. You'll be disappointed.
- Managing multiple accounts. Although I also mentioned this in "things I like", one of the reasons I keep multiple accounts is to put firewalls between them. For example, my primary email account is never accessed from a mobile device, I use a "proxy" account for that. The password recovery address is yet another account at a different provider. If one of my accounts get compromised, I don't want the attacker to gain access to any other account. How is your app going to manage user credentials and flow of information to/from your servers to minimize vulnerabilities?
Some questions/suggestions about the UI mockup:
- Social media integration, from Facebook/Twitter in the sidebar to nicely cropped photos for all your correspondents. Please tell me this can be turned off. When FastMail.fm rolled out its new interface a few months ago, there was a significant outcry from privacy-sensitive users who discovered that the webapp was pulling in everyone's Gravatar.
- Where's the metadata, like those ugly CC/BCC/Reply-To lines, "display source" links, and the message size? If you leave them out, you'll be lacking some of the features that email pros can't live without, and therefore earn the criticism that you're trying to replace email with something less. On the other hand, if you put them back in the UI, it won't be as neat as your screenshots currently are.
- Can I compose full-screen, or do I have to live with 100px of darkened, unusable space around your cute pop-up whenever I'm trying to write something?
- Is this a hosted web service? iOS/Android app? OSX/Windows program? All of the above?
- Voting: We understand that it's just what a future could be. We are not working on this right now and won't till we're in a position it might get useful. It will start out as a mail hosting with a nice client having some cool features. This is just how we'd like to use mail in the future if we're lucky enough to have your support to be around that long.
- Multiple accounts: You have a username/password to your account that has access to all your mailboxes. Mailboxes themselves don't have any username/password combo. Owner of a domain can give you an access to a mailbox. We're using SMS to verify you and is used again in case of a lost password. To have a better control over access on a different devices it's a nice idea to disable some mailboxes from mobile devices. We'll look into it. Messages will be encrypted and communicate with your devices only over HTTPS. We're taking security very seriously and we're enhancing all of this all the time even for the beta to be absolutely safe.
- Social media: Honestly, we don't have any plans to make this optional to be displayed.
- Metadata: Don't worry, I myself need those basic information at hand. The app as it's getting developed changes a bit from design screenshots but not so much it makes it overwhelming. Still looks simple.
- Compose: It'll be possible to compose fullscreen and/or in a new tab.
- Service: It's a mail hosting, you need to own a domain to be able to use our service. At the moment you need to also use only our client solution, beta will be browser-based web app and mobile and desktop apps are coming next. In the future we have plans to create an API to connect our hosting into more clients.
"We have a strategy how to wipe out spam for good. [...] Phishing is going to be just a story too."
Whitelisting pretty much solves this. (Multiple accounts also help; one you give to people directly, and one you use for everything online, helps bump personal communication to the top)
"Are your important messages always delivered? We will guarantee a delivery in less than a second."
Those are two different things. Immediate delivery has nothing to do with guaranteed delivery.
"Get a receipt from a local store directly to your inbox formatted the way for use in an accounting app."
Are you writing RFCs for receipts? If not, this probably won't be picked up by anyone but customers of the accounting app.
In our experience, whitelisting really doesn't solve the problem. I often get email from people I don't know about things I want to read about ("hey, I'm a VC who wants to give you money!").
Automagically parsing receipts is certainly cool, and several mail vendors are working on it, including us (Inky).
Guaranteed delivery isn't really possible without controlling both sender and recipient's client; nor is immediate delivery.
You're right about delivery. This is something we are going to work on. Don't think of us as a competitor. We want to create an infrastructure and we need client solutions to work with us ;-)
I hope you aren't planning on using one of the many ESPs to do your actual delivery; increasingly I am blacklisting them (and by ASN) since despite any claims to the contrary they don't give two shits about spam or UCE. There may or may not be collateral damage but I really don't care anymore; I have a home-grown analysis script that runs daily over my logs and generates pretty HTML summary reports of who got blocked and why, and 6 months in it's looking pretty good.
One size fits no-one for email (which is why Spamassassin always fails me sooner or later). There are entire ASNs that have no business talking to me and get the firewall. There are entire countries that (on the basis of GeoIP lookup) get aggressively greylisted. Nobody has ever sent any of my users a legitimate email with a utf8-encoded subject. The list of rules just keeps growing.
And finally, if anyone reading this has anything to do with
bestpure.co.uk besttip.co.uk bighut.co.uk exclusivetips.co.uk liteme.co.uk officialnow.co.uk opost.co.uk piple.co.uk savertips.co.uk retailrat.co.uk tipmail.co.uk websaveguide.co.uk wepost.co.uk
please go and get an proper job. Or die. I don't mind which.