Which leads me to my current setup: use simplelogin.io from Proton with a fallback to Cloudflare Email Routing.
The description of the setup is probably shorter than the list of advantages, which is probably a good thing
v=spf1 include:simplelogin.co include:_spf.mx.cloudflare.net -all
That’s it! Here is again a the relevant DNS records for grey-panther.net:
;; CNAME Records
dkim02._domainkey.grey-panther.net. 1 IN CNAME dkim02._domainkey.simplelogin.co.
dkim03._domainkey.grey-panther.net. 1 IN CNAME dkim03._domainkey.simplelogin.co.
dkim._domainkey.grey-panther.net. 1 IN CNAME dkim._domainkey.simplelogin.co.
;; MX Records
grey-panther.net. 1 IN MX 20 mx2.simplelogin.co.
grey-panther.net. 1 IN MX 10 mx1.simplelogin.co.
grey-panther.net. 1 IN MX 147 amir.mx.cloudflare.net.
grey-panther.net. 1 IN MX 119 linda.mx.cloudflare.net.
grey-panther.net. 1 IN MX 163 isaac.mx.cloudflare.net.
;; TXT Records
_dmarc.grey-panther.net. 1 IN TXT "v=DMARC1;p=reject;rua=mailto:[email protected];ruf=mailto:[email protected];fo=1;"
grey-panther.net. 1 IN TXT "v=spf1 include:simplelogin.co include:_spf.mx.cloudflare.net include:sites.nearlyfreespeech.net -all"
grey-panther.net. 1 IN TXT "sl-verification=xznetmbmfgmkinlnopzlakneigjhzk"
Nothing is perfect, and I’m enabling quite some people to spy on my in the worst case:
* Yes, unencrypted email can be considered mostly public anyway – still, basic security precautions like making sure that your email server speaks SSL/TLS for incoming and outgoing emails is useful.
** So, if I sign up with [email protected] for two different sites, it’s easy to conclude that it’s one person who owns both accounts. However if I use [email protected] for one site and [email protected] for the two different sites, it’s much less clear that there is the same person behind them.
]]>I’m a long time Yahoo Mail user. Just to illustrate how long I’ve been with them: when I joined the space available was a couple of MBs! I staid with them because I was mostly satisfied (never really caught the GMail bug), however recently I started looking for options to consolidate the different email accounts (work / personal / yahoo / gmail / etc). I explicitly wanted IMAP support because I really need to keep in sync between multiple machines.
The common wisdom seems to be on the ‘net that Yahoo! Mail doesn’t support IMAP (not even for paid accounts) or that various hacks are needed to support it (like sending custom / non-standard commands after login). This information however seems to be outdated, since I was able to find a least 3 IMAP servers (I’ve tested them all and they all work – with standard email clients with no hacks!):
All of the servers support SSL/TLS encryption, so they are safe to access even from public hotspots. The outgoing server is smtp.mail.yahoo.com, which also supports SSL/TLS (and you should use it!)
The easiest to set up is Mozilla Thunderbird, however Evolution seems to work much better. One important feature in particular is that it works with large (10 000+ emails) folders, while Thunderbird chokes with an error (“UNAVAILABLE] UID FETCH too many messages in request”). To have Evolution work properly, you need to select “IMAP+” (also called IMAPX) as the protocol.
HTH somebody out there.
]]>
use strict; use warnings; use Net::SMTP::TLS; my ($from, $password) = ('[email protected]', 'MySuperSecretPassword'); my $mailer = new Net::SMTP::TLS( 'smtp.gmail.com', Hello => 'smtp.gmail.com', Port => 587, User => $from, Password => $password); $mailer->mail($from); $mailer->to('[email protected]'); my $data = <<'EOF'; X-Face: "8.]Z_3ptuNK'CA~DM>M,G.T(h=1.y9"0gXW3V91E:dw2?|&G2R(?/no'F2g4%8Fv. J1p5K-^1epKXxIG)mj4}nGWTi<=iz8n)bUVhLu}MXRFl9"J%'=-;IfMXcuPK>-%^;$uW87O/B Subject: Hello X-Faced World! email body. EOF $mailer->data(); $mailer->datasend($data); $mailer->dataend(); $mailer->quit();
The code is largely based on this snippet: Sending Mail Through Gmail with Perl. The X-Face header was generated using the Online X-Face Converter (yes, I know that there is a Image::XFace module, but it was very cryptic โ it didnโt mention supported input / output formats). One word of warning: if you are using ActivePerl under Windows, Net::SMTP::TLS isnโt available in the default module list (AFAIK, because of encryption restrictions), so you might need to experiment with alternative package sources or using Linux :-). Iโve also tested the script with an email account I control (using Thunderbird with the Mnenhy plugin โ which can read but not create X-Face emails) and it worked nicely.
There you have it: how to use an old (from the 1980s according to Wikipedia) method for embedding pictures which is not supported by most of the email clients
]]>Return-Path | <[email protected]> | ||||||||
Authentication-Results | mta403.mail.mud.yahoo.com from=hosts.co.uk; domainkeys=neutral (no sig) | ||||||||
Received | from 85.233.160.25 (EHLO outgoing-smtp.namesco.net) (85.233.160.25) by mta403.mail.mud.yahoo.com with SMTP; Sat, 18 Oct 2008 17:04:47 -0700 | ||||||||
Received | from [192.168.0.7] (helo=artemis.hosts.co.uk) by outgoing-smtp.namesco.net with esmtp (Exim 4.67) (envelope-from |
||||||||
Received | from babs-education.info by artemis.hosts.co.uk with local (Exim 4.64) (envelope-from |
||||||||
To | [email protected] | ||||||||
Subject | |||||||||
From | Cosmote Romania <[email protected]> | ||||||||
Reply-To | [email protected] | ||||||||
MIME-Version | 1.0 | ||||||||
Content-Type | text/plain | ||||||||
Content-Transfer-Encoding | 8bit | ||||||||
Message-Id | <[email protected]> | ||||||||
Sender | Site Administrator <[email protected]> | ||||||||
Date | Sun, 19 Oct 2008 00:05:18 +0100 | ||||||||
Content-Length | 422 | ||||||||
Acum cu Cosmote te poti bucura de -Oferta Creditului Dublu-.Trimite un ~e-mail reply~ la acest mesaj cu un cod de reincarcare valid (neutilizat) impreuna cu numarul tau de telefon Cosmote, urmand ca la un interval de maximum 30 de minute Cosmote sa iti atribuie un credit dublu fata de cel reprezentat de codul de reincarcare trimis. Oferta ramane valabila pana la data de 25 octombrie 2008.
Cosmote-Alaturi de tine ! |
There is nothing particularly interesting about the scam itself (it promises something in return if you buy a prepaid card and send the number to them – such scams circulate over every media – e-mail, sms, phone, etc). What I wanted to exemplify is the multitude of actors involved (which makes stopping the scam that much harder):
There is my e-mail provider (Yahoo) who managed to classify this message (correctly) as spam.
There is the account the email originated from ([email protected]). Now, as far as I can tell, the website babs-education.info is a completely legitimate site for the “British Association of Barbershop Singers”, hosted at the provider hosts.co.uk (hence the email address). My current working theory is that this account was hacked and being used to send spam. I’m not really sure who to contact (supposedly the attacker has full control over the email account, so mailing there won’t do much good – I also tried to sign up to their forum, but it requires “administrative approval” which I still didn’t get – probably the administrator gets notified through the same email account).
There is also a third actor – Gmail – who will get the reply messages. Their abuse department got notified.
It is interesting how humans calculate the utility function. Email, as a tool, is completely inadequate in situations where we have active, hostile activity. Yet we don’t try to move on to something engineered having this situation in mind. Simply because our email (kind of) works, we regard it as more useful than future systems which would work better.
Also: closed systems like Facebook messaging, which some people claim “replaces email”, won’t ever substitute it for at least two reasons: (a) they are seeing a low(er) volume of spam because they are not as ubiquitous as email (as their popularity increases, so will the volume of spam) and (b) it is a closed system, making it useless for many usecases (companies internal messaging system for example).
]]>Some random dude in Taiwan couldn’t browse the web (because an undersea cable broke due to a recent earthquake) and he decided that using a webserver (probably configured by him) which ran arbitrary executables mailed to it (hint: the from e-mail field is not a reliable authentication mechanism) is a sane thing to to because I need Slashdot!
. Of course he made the front page on Slashdot.
Please, don’t reinvent the wheel! I’m too young to have used any of the following services, but at least I know that they’re out there: