On 2024-12-27 07:25, Jaroslaw Rafa via mailop wrote:
I sent one, literally ONE, and quite important, mail, to Gmail user.
I am using a partial solution, and am cogitating on a more comprehensive
solution adapted to my need to reach mailboxes at providers such as
Google while preserving mail server independence/sovereignty (definition
and reasons below).
TL,DR: create accounts with the problematic services (Google anyways
require an account to get access to their Postmaster Tools) and relay
your mail through those accounts. Easier said than done, and with
challenges / conflicts ahead, but this is my way to deal with the
balkanization of email until the problems of anti-competitive nature
become sufficiently painful and apparent for authorities to fix.
This post has four parts:
(A) PARTIAL SOLUTION: what I am currently doing that fixed my short-term
problem of delivering email to recipients captive of
Google/Microsoft-services
(B) MORE COMPREHENSIVE SOLUTION: I have not implemented it yet, because
other priorities
(C) DEFINITION: mail server sovereignty. why it is important not to go
with the flow (or rather: the tsunami of big tech carried by what
economists call network effects) and travel the harder way instead
(D) CHALLENGES/CONFLICTS AHEAD. Because it is strategically important
to see things in context. Because big tech is typically at least two
steps ahead of government and even one step ahead of the combined
intelligence on this list. Else it would not have become big tech in
the first place.
Dive in with me, thank you in advance for indulging with the personal
anecdotes and opinions sprinkled through the dry tech/biz/law stuff.
(A) PARTIAL SOLUTION: Postfix relayhost configuration
SHOUT OUT to Jarland Donnell, one of the ethical people that make this
community so valuable. A while ago I opened an account at
https://mxroute.com/ and have configured my self-hosted Postfix
instances to relay through MXroute. In main.cf:
relayhost = taylor.mxrouting.net
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/mxroute_credentials
smtp_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = no
smtp_tls_security_level = encrypt
I use various domains/addresses and MXroute kindly accepts that my
server, once authorized as m...@example.com, can send also VERY LOW
VOLUMES of emails, including for other domains that I control such as
m...@example.com or m...@example.org. I do not know how MXroute makes
sure that I really control those domains, and generally that I am not an
abuser, but I am certainly not the one who will abuse their generosity.
I hate spam, and I hate "legitimate" spam as in: reminders, surveys, how
did we do, upgrade your stay, rate us five stars, or whatever else the
marketing genius are thinking will make me throw more money at their
business and instead just irreversibly waste more of my time.
(B) MORE COMPREHENSIVE SOLUTION: destination-based Postfix relayhost
The above is currently all or nothing. Eventually, I will want to
improve, set up multiple relays with accounts on the too big to ignore
balkanizing providers and automatically relay based on recipient address
through accounts at each specific provider, while maintaining the
reply-to: address as my original one. I hoped to find time during this
Winter break, but, oh well, priorities, priorities.
For now, I got more than one account and credentials ready -- the usual
suspects: Google and Microsoft. But I have not had time to actually
connect the plumbing and test (not sure that sending to my own account
qualifies as enough testing). I expect some challenges, see further below.
(C) DEFINITION: mail server sovereignty
My business model and requirements are different from yours, YMMV.
Below are my specific reasons for my choices to take the harder road
less traveled rather than the road big tech would like us all to take.
Before my specific reasons, however, some more general ones that may
apply to more people on this list, and some jabs at some of the
expressed opinions (but not to the people expressing them) in this thread.
Mail server sovereignty is first and foremost the *unmediated* control
of my own mailbox; and the protection of the messages I sent from
interference of all sorts. I do not need a service provider with
interests that are not perfectly aligned with mine.
* competition is healthy. it prevents all of us from being lulled into
the complacency of the insiders' oligopoly that leads to stagnation and
eventually crumbles from its own rot, not without consequences to users
and society as a whole. Anti-competitive forces take many different
shapes and forms, including convenient anti-spam filtration that at
first sight seems to be based upon statistics and mail flows. Heck,
simply based upon statistics and mail flow, Google would be the first
sender I would block, but, alas, it has grown TBTB. The point is that
even if an act or omission is not directly anti-competitive, if its
effect is negative on competition it ought to be reviewed by competition
watchdogs and corrective enforcement action may be justified. Keeping
the door open to new entrants increases competition. Invariably, new
entrants start as tiny little volumes and that's why senders like
Jaroslaw have my empathy, my sympathy, and ought to be protected by
strategically thinking regulators and industry participants (I may have
just typed an oxymoron). Hence the argument that it is anti-competitive
to perform some kind of filtering when the result of that filtering
prevents alternatives to orthodoxy, such as freebie subdomains on a
non-governmental domain that has a track record at being better at
policing its users than many TLDs set up according to current orthodoxy.
* freeriding is bad. Freeriding is the offloading of the cost or other
negative consequences of one's action on someone else. There is plenty
of freeriding in email space, specifically from sender to recipient,
including dumping HTML on a recipient with color-blindness or other
disabilities, and even just plain preferences. Is sender's content
irrelevant or uninteresting to you? oh, just hit delete. Don't like
RSI from the delete key? just waste more of recipient's computing
cycles, energy, money on ever growing sophisticated filtering and other
processing that would not be necessary in the first place if senders
were better policed to be more respectful of recipients. I am not
proposing to go back to email as it was in the seventies. However, I
would like to see better enforcement against senders at their service
providers who are currently aiding and abetting the onslaught of
annoying "legitimate" email.
* price is information. Until it is not. Shrewd business actors try to
make pricing as opaque and uninformative as possible to eskew
competition and get away with lesser quality or higher price than
transparent competition would dictate. Look at your local airline or
the hotels at your travel destination for a total disconnect between
price and quality. sadly, you will only find out when it is too late.
eu.org may be a high quality service with a communication problem,
because its price does not communicate the quality it has compared to
some TLDs that offer much lesser quality for a higher price.
My professional reasons:
I am a lawyer and I receive, process, and send sensible information. I
have professional obligations to my clients. I hold myself to the
highest possible standard, and outsourcing to Google/Microsoft does not
qualify. I know I am pedantic: many other lawyers in my jurisdiction
simply use Google or Microsoft.
IMHO outsourcing my mailbox and, to a lesser extent, my sent messages to
big tech is problematic, starting with the jurisdiction in which the
servers are located. Continuing with the (over)reach from the
jurisdictions that can exercise leverage on said companies (head office
and other multi-national establishments). Last but not least it is
problematic in terms of business intelligence (anything from industrial
spying, down to the surveillance economy model of harvesting consumer data).
If my client uses Google, I am happy to use Google. If my client uses
Apple, I am happy to use Apple. If my client uses Microsoft, I am happy
to use Microsoft. But I do not want to add to the mix an uninvited
party; nor do I want to monitor so many mailboxes at so many providers.
I am proficient about encryption but not all of my clients are, and even
just the metadata is sensible enough. To tease the list's imagination
with an hypothetical: imagine the initial emails between MacKenzie
Bezos and her divorce lawyer were going through your server (and its
analytics) before the news made it orderly to the stock market and you
had some money to invest in (or divest from / short) her husband's company?
I want control over the email-receiving server. I cannot control what
clients are sending, so I control second-best where it is
received/stored and who/what has access to it and for what purpose. I
can trust the sysadmin I hire/contract and on whom I can impress the
proper priorities. Big tech's track record has repeatedly demonstrated
that big tech cannot be trusted, and keeps adamantly adding to that
track record, as if trying to push the limit of what the world will
tolerate. The main reason not to use Microsoft Windows on the desktop
these days are the leaks by their screenshooting AI. I know defaults
can be changed, but defaults matter, and their model of asking for
forgiveness rather than asking for permission has more negatives than
positives and in my context it is a recipe for disaster, for which it is
difficult to hold them accountable (ever read their T&C? I do).
On the sending side, I am less concerned, because I control the message
routing and content.
My private reasons:
My time is my most valuable resource, and it is not renewable. My
leisure time is even more valuable to me than my professional time, and
I sometimes feel ashamed at how high my professional hourly rate is (and
it is still in line and even a bargain compared with similar lawyers).
I like controlling my SMTP on the in-way because I can hard-block the
various sources of "legitimate" mail that I have requested not to
receive, such as the Qualtrics survey (not singling them out, just the
most recent piece of legit spam) that a company I do business with
commissioned while overriding my preference for no marketing. They may
call it a way to "legitimately" engage with me. I am less diplomatic
and call it harassment. I know my stand is on an extreme end of the
range and that some in those industries who are here on this mailing
list, would find themselves unemployed if everyone was like me. I am
unapologetic: all of this marketing is a zero-sum game at best. Does
anyone seriously believe that it is a good idea to reach an individual
who just got seated at a restaurant following an online reservation with
a message "you just got seated at your reserved table at restaurant
XYZ?" I personally find it unappetizing, and I even jokingly asked my
friend if they see the red laser tracker of a sniper on my forehead.
Step back, surveillance economy! Needless to say that the restaurant
will not see me again any time soon, and so do other abusers using the
same abusive booking system. I understand they have a problem with
no-show. Do not punish the rest of us for the no-show and require a
deposit on reservation instead.
(D) CHALLENGES/CONFLICTS AHEAD.
The practical challenges I foresee for my model of routing through
accounts at the various providers are that they will limit sending from
the actual account / their domain. That's the whole point of network
effects, attracting participant into the closed system (see FaceTime or
Whatsapp). Of course Google/Microsoft will want me to migrate my
sending and my mailbox to them and will find some technical way to
override my reply-to preference, or just to make it known to the people
I am communicating with that they should reach me over there, not at my
regular mailbox. See what Apple does to move users from (global) text
messaging to (Apple-controlled and subject to the purchase of an
Apple-device) iMessage. And of course, said service provider with the
freemium pricing model wish they could charge ne for the use, or at
least benefit from the flow of information like Meta does from WhatsApp
users despite assuring the EU to the contrary when that acquisition was
under review.
The conflict of interest is pre-programmed in this one, and it is only
temporary until regulators recognize the market-dominant position of big
tech and force some form of opening / interoperability. Of course it
will be of the clumsy sort like the EU got us used to with the Digital
Markets Act, that is likely to result in sub-optimal outcomes such as
the USB standard across devices despite Apple's Lightning being a
mechanically superior connector; all while forgetting to catch the lower
value end of rechargeable electric razors and other such devices that
still come with their own wall warts and their own incompatible
connectors that make traveling with them so cumbersome.
I will find out if things work out when I test the approach of relaying
over the different accounts. Thank you for indulging with my writings.
I look forward to read of other's experiences from small operators
relaying to Google/Microsoft rather than demanding Google/Microsoft bend
over for us.
Yuv
--
Ontario-licensed lawyer
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
