The true value of a company can be measured by our ability to communicate with them. If we can't communicate except after public outrage, then what does that say about the company?
Here's a genuine question: is Proton Mail the least shitty of companies that provide email services?
I self-host email and will continue until I die. But for others who need a company to do this for them, is Proton Mail the least shitty of options? Does this change the evaluation? I'm genuinely curious about the opinion of others here.
To answer your question, from my limited experience: no.
There are better or less shitty companies like Fastmail, Runbox (tried them), even Purelymail (but 1 or 2 people setup), Mailbox (shitty support, solid setup; I am a customer), Migadu (good name, I have never used them), there's Tuta (but somehow they seem off to me; like Proton they also do not allow IMAP/POP - Proton allows with some circus), MXRoute has good name at places like LET forum. There's even Zoho if you just a mail service (but then if you use Zoho then only reason to not use Google or MSFT will be cost or just the middle finger :D) … and many more.
So there are options.
PS. as per self hosting email - I can't self host my seedbox properly on a VPS, I don't think I should even try email :)
Not allowing IMAP/POP isn’t just for the lulz, it’s not compatible with the encryption architecture Proton uses, which is kind of the selling point of the product. You can either have your emails encrypted at rest with your key OR you can have plain IMAP/POP without a bridge client, you can’t have both.
I never really understood the point of that. If you are exchanging emails with someone using one of the most popular email services that together make 99% of the marketshare, their server retains your email unencrypted anyway. So the only time that encryption will really matter is when emailing someone who is also using Proton.
I self hosted for 20 years, worked flawlessly, gave up because of security concerns. I would like to go back to it.
Question: How do you manage the security on such a box? Is there any simplification I missed?
I couldn’t keep up with it. So many patches, unrelated to mail, broke something in the stack, bringing the server into a critical state. Often, I had to lock down everything before going up again, consuming a day’s effort or two. These were two days without mail.
forget about self hosting email... I tried it for years, and even if you get it working (needs months), it will eventually stop working again. The problem is that in order to get the big boys to accept you as an email provider, you have to jump through infinite hoops, and be treated like a criminal and/or scammer in the meantime (or at best a business that is trying to send newsletters). You will never get a human to talk to, it's just an infinite loop of automated processes.
Anyway, the problem is "trust" which boils down to IP reputation. And since we are all still on ipv4, your IP was reused. Which means you need to spend months cleaning it. And you won't have a guarantee that you won't lose this IP in the future.
> I tried it for years, and even if you get it working (needs months), it will eventually stop working again.
I've been self-hosting for decades and have never, ever seen the sort of problems you suggest. Once its working, its working.
When people have a problem, its usually because they are trying to either:
(a) host off a home internet connection; or
(b) host off a less than reputable hosting provider.
Both of which should frankly come to no surprise to anyone with a modicum of technical know-how.
Hosting off a home internet connection, assuming the ISP will even open the ports in the first place, has been something to avoid since, well, basically forever ... certainly anywhere after the late 90's.
Hosting off a less than reputable provider is the same. I'm not going to name names, but certain providers are well known for originating spam or not responding to abuse@ messages.
I too have self-hosted for decades, there was a brief period of annoyance where I had to set up SPF records long ago, but since then it hasn't been problematic AFAIK (not that I'm in constant contact with people on all the major providers).
However, a close friend and fellow ex-sysadmin who also has self-hosted since the 90s, has had some headaches in recent years. He upgraded his dedicated server at the same US provider I use, without attempting to preserve his original IP addresses.
He hosts email for his wife's small business, and with the new IP addresses has come a lot of problems.
Her billing is performed primarily via email, when the emails get blocked, her income is directly affected. It's so bad sometimes I'd say it's straining their marriage.
This isn't at a disreputable hosting company. It's simply the reality of provisioning new systems receiving new ipv4 addresses inherently from a pool outside the pre-spamers-and-scammers-everywhere era, these addresses have passed through a dumpster fire of abusers.
At this point I'll never retire my dedicated server just to hang onto its IP address with a clean history I've controlled since the 1990s. Even if the machine becomes nothing more than an overpriced reverse proxy to somewhere else I run the real back-end on... the address has become the primary value.
So when advising people begin self-hosting, at least consider the reality of available ipv4 addresses they're likely to end up with. Even the reputable vendors have been used by malicious actors buying hosting with stolen credit cards and fake identities. We can't have nice things.
Not who you asked, but I self-host some non-critical mail domains using Mailu[0], which is a set of docker containers. It's been fairly low maintenance. Ease of setup depends on your technical knowledge, but if I can do it, and you're on HN asking the question, you'll probably manage.
I'm still running Sendmail on NetBSD, the way I've been running it since the '90s.
You'll find plenty of people telling you to not do it, but they mostly seem to think that others shouldn't do things because they can't.
The biggest problem with self-hosting email is deliverability, and it's easily handled by smarthosting through a reputable service, so anyone who says it can't be done hasn't really thought things through very much.
I've been self hosting my email for a couple years. Currently using mox https://github.com/mjl-/mox
I'd avoid popular server providers like Hetzner or DO. Lots of abuse there so you might get dropped.
https://www.eth-services.de sponsors mailcow and has been pretty reliable
OpenSMTPd + Dovecot is extremely easy to setup and maintain.
For my parents, I registered a domain on OVH and they use the free email accounts they come with. So that's an independent, ready to migrate, email account for about 8 euros per year.
So, now you have to worry about your VPS/Internet provider deplatforming you. Or about your domain name being seized. And spam filtration, backups, redundancy...
I'm not saying email self hosting should not be done, I just say a bit of planning should be done.
DNS seems like the most annoying part, it is SPoF by design. The problem can be mitigated, but seems like cannot be solved. For example, owning multiple domain names in multiple jurisdictions. And round-robin them. You cannot eliminate SPoF for any one specific service you want to login using email. But you won't lose access to everything at once.
Edit:
P.s. At the same time, owning your domain for mail seems to be one of the most impactful things to do to reduce digital serfdom. Banned at *mail? Just switch those MX records and go on.
> So, now you have to worry about your VPS/Internet provider deplatforming you. Or about your domain name being seized. And spam filtration, backups, redundancy...
Your VPS / ISP better have a good reason to "deplatform". If you're really worried, use two different ones.
Also, people have more problems with being "deplatformed" by Google, often with no reason given, and with no way to communicate with a human about the issue. Look it up. I'd be more worried about that.
DNS isn't a single point of failure. Nor is email when it comes to reception (that's what backup MXs are for). If you need redundancy when it comes to being able to fetch email, you can easily have the primary MX also forward to mailboxes on another host so you have two (or more) copies of everything. None of this is all that hard, and people have been doing it for ages. Give it a try :)
1) To quote myself: "I'm not saying email self hosting should not be done, I just say a bit of planning should be done". I self host my email. I just meant it is not "just rent a VPS and slap some docker containers on it"
2) I never said receiving email is a SPoF
3) Please explain in detail what do I do in order to keep receiving emails using "me@johndoe.com" after johndoe.com gets undelegated. I do not know of a way and would very much like to know. If there is no way.. It is a SPoF.
Discussions about the corporatization of Linux largely move on emotion. Imagine getting flagged multiple times for asserting that writing code that assumes little endianness is bad programming practice, just because someone had a talk where he suggested 32 bit should die and perhaps even all things big endian.
The speaker didn't give any reasons, mind you, why big endian should die other than handwaving about how it means "more maintenance", and the responses to "can you give any examples of how it means "more maintenance" other than saying it?" were largely, "can you give proof it's not "more maintenance"?"
I feel the same happens with Wayland. People who don't understand its position have strong feelings in both directions, yet very little discussion is about the underlying rationale for it in the first place, about who benefits by marginalizing people with non-mainstream hardware and who benefits from forcing the software ecosystem down narrower paths.
X11 and Wayland really should coexist, at least for as long as it takes for Wayland to lose a majority of its major issues, yet Wayland designers didn't seem to think that'd be worthwhile. Some of the projects that're working on making them work together need more attention than they're getting.
> Wayland designers didn't seem to think that'd be worthwhile.
The Wayland designers are the people who maintained X11 for years. They have no problem with X11 coexisting so long as they don't have to work on it. However everyone demanding X11 is really demanding Wayland designers stop their work and go back to X11 - and none of them are paying for that.
There are people paid to work on Wayland - some used to be paid to work on X11 (and sometimes still are), but they convinced their boss to pay them to work on wayland instead. Since you are not their boss you don't have any input into that.
You have it wrong. Rather than reuse parts of X11, like the compositors that support hardware that nobody will ever be paid to support, Wayland is trying to reinvent the wheel and replace X11, with support for only what's new and/or popular.
> However everyone demanding X11 is really demanding Wayland designers stop their work and go back to X11 - and none of them are paying for that.
Absolutely nobody is demanding that Wayland developers should stop their work and go back to working on X11. Nobody. That's a ridiculous, hyperbolic statement.
What some of us would like to see is Wayland not try to make everything either/or. But, just like systemd, things started with, "you can do both", then went to, "it's harder to do both, but you can", then to, "the old way is dead, so stop writing code that supports it", and eventually to, "let's completely rip out the old way of doing it because "maintenance" and everyone will be forced to use the new way". GNOME is already doing this, even though it's supposed to be open source, platform agnostic and portable.
The fact that you bring up paid work shows you're happy to accept idea that support for things is only worth what people will pay for it. Consider how that fits with corporatization, and consider how that fits with open source in general.
In other words, should all open source project be drivable by some corporation deciding to just throw money at something?
If you think about this for more than 30 seconds, you may finally understand why those of us who aren't fans of the corporatization of Linux and aren't fans of projects that don't interoperate and ultimately end up fragmenting the open source software world are not fans of the eventual consequences of projects like Wayland.
It's not "X11 is great and Wayland sucks" - it's "why is this project fragmenting things rather than interoperating, and why are people so eager to be led by corporations in to supporting corporate interests?"
> The fact that you bring up paid work shows you're happy to accept idea that support for things is only worth what people will pay for it. Consider how that fits with corporatization, and consider how that fits with open source in general.
No, I bring up paid work because somebody needs to do the work. Either do the work yourself, or pay someone to do the work.
If you are not willing to do either than shut up: you get no voice. While you can ask someone else to do something, you don't get to force them.
I'm not willing to develop X11. Thus I'm going to let the people who are doing the work do that work even if I don't agree.
You try to make it either/or in the most overly simplistic way possible. I wonder if you do, in fact, know that it's not a matter of only one or the other, but instead of acknowledging that, you'd rather pretent to be ignorant.
Don't tell me to shut up. That's not very nice, no matter your justification. The open source world is definitely not do it yourself or pay, and everyone else needs to shut up. Again, it's more likely that you know this, but you want to be intentionally antagonistic.
You also neatly avoid discussing what I brought up. These things all make me think you're not participating in good faith.
I like those scare quotes. They really show the lack of respect for the people who actually maintain the stuff you use daily, most of them in their free time, including the ones that get paid (all the paid maintainers I know go well beyond the work hours, by a big margin).
I'm one of those people. I compile thousands of open source packages on VAX, m68k, SuperH and other less popular architectures. I think I know at least a bit about how much of this "maintenance" is repeated-but-not-substantiated bull and how much is real.
Claiming that actual maintainers spend more than trivial amounts of time on "maintaining" endianness correctness, I think, is somewhat disrespectful to those maintainers.
I've preserved a number of machines by building them in to rackmount cases. It never occurred to me to make a faux product out of them. This is amazing! The graphics and detail are wonderful.
The story is confusing in that they don't link to the actual project, which you can only get to by visiting the Github link, then going to the developer's projects page, then finding nano11.
I'm not sure, but I think nano11 is even more aggressive than tiny11builder's "tiny11coremaker.ps1":
"The resulting OS is not serviceable. This means you cannot add languages, drivers, or features, and you will not receive Windows Updates. It is intended only for testing, development, or embedded use in VMs where a minimal, static environment is required."
When you're building your own CPUs, why be beholden to US companies for GPUs? This makes perfect sense.
GPUs are great if your workload can use them, but not so great for more general tasks. These are more appropriate to more traditional supercomputing tasks, as in they're not optimized for lower precision AI stuff, like NVIDIA GPUs are.
Maybe I should try to port this to the 65CE02 on the Commodore A2232 seven port serial card. It could use one of the serial ports for BASIC input and output.
If I wanted to get fancy, I could even use the Amiga side to load and save programs from the A2232's 16K of memory...
Sounds about right for Google.