@resist1984 @nwalfield I disagree. For about a decade my personal e-mail account has been (and continues to be) hosted with the Warsaw Hackerspace, who self-host their e-mail system. Never had any major problems with mail delivery to third-parties, including GMail and MS infrastructure.

A few months ago I also set-up my own self-hosted e-mail system using @yunohost, which makes it easy to have DMARC and SPF. It works well. No delivery problems so far either.

@resist1984 @nwalfield @yunohost and even *with* DNSBL and spam issues, e-mail is STILL more open and self-hostable than WhatsApp and Signal, and the like.

Yes, it's a bit of a chore (although it got easier with Yunohost), and no I would not expect a non-techie to host.

But even a fantastic techie would not be able to "self-host" Signal or WhatsApp to stay in touch with their users. The very thought is absurd, because these are walled-gardens.

@rysiek @yunohost @nwalfield You've simply gotten lucky with your IP address. Or if it's not luck, you paid extra for a static IP / business account. Most residential IPs from the US are blocked, and in Europe most ISPs block egress port 25 packets so you can't even attempt to send your own self-served mail.

@resist1984 @yunohost @nwalfield I do have a static IP, and yes - hosting e-mail server on a dynamic IP is currently impossible.

Yes, I would love these issues to go away.

But if the alternative are completely walled gardens, not compatible with one another, and each controlled completely by a single company, e-mail *still* is better for self-hosting. This matters a great deal for orgs and businesses, who *can and do* self-host on static IPs. Which makes e-mail the common denominator.

@resist1984 Residential / DUL space is a lost cause at this point, and quite frankly has been for nearly two decades. Spam took care of that.

Reputation matters, and gateways (whether commercial email providers or well-managed colo / hosting space) are pretty much a requirement.

@rysiek @yunohost @nwalfield

@dredmorbius @nwalfield @yunohost @rysiek sometimes i get away with sending email directly to a recipient if their ESP is not a #MACFANG one. This proves that it's viable, & that the tech giants have chosen to be anti-competitive under the false claim of anti-spam.

@rysiek @yunohost @nwalfield @dredmorbius So in knowing that it's not really anti-spam (there are ways to counter spam without oppressing legit users), I choose not not email gmail & outlook users in order to avoid supporting the oppressor.

@dredmorbius @nwalfield @yunohost @rysiek sometimes I send them a fax & add "this came by fax because your email provider is blocking". The fax likey still goes through gmail/outlook on their end, but I think it's less prone to mass snooping as MS & Google would have to OCR it, and even then the metadata is harder to parse.

@resist1984 @dredmorbius @nwalfield @yunohost @rysiek actually gg and ms are far from being reluctant with other email providers. They just follow several public rules which most self hosted tools such #mailinabox #younohost or #mailu makes automated. Your statement about IP address is not really relevant. I understand there exist rules for email. And its fairly easy to selfhost today for few dollar a month.

@parisni @rysiek @dredmorbius @nwalfield @yunohost the rules are written in an RFC, which exists for the purpose of interoperability. When Google & MS refuse to accept RFC-compliant email, they are breaking the rules & breaking email. They've made their own profit-driven rules that they force others to comply with. Playing by #GAFAM rules supports them.

@resist1984 @rysiek @dredmorbius @nwalfield @yunohost spreading information that email is blocked by #gafam is a bad idea because this is wrong. Self hosting emails is simple and almost anyone can do it by simply deploying 100% FOSS solutions which I mentioned earlier in few minutes. The email rules are fair and IP black list is inevitable among dkim, SPF and so on

@parisni @rysiek @dredmorbius @nwalfield @yunohost It's of course accurate to say #GAFAM is blocking email. They block connections discriminating solely on IP address & w/out cause. It's a destructive intentional practice of #GAFAM to do that & that's where the blame goes.

@yunohost @nwalfield @dredmorbius @rysiek @parisni The RFC's rules are fair because the RFC does not impose being able to afford a static IP address. The corporate rules of #Google & #Microsoft are unfair b/c they don't care about access equality, just profits, & they are happy to marginalize anyone not profitable to them.

@parisni @rysiek @dredmorbius @nwalfield @yunohost It's actually a #netneutrality problem for MS & Google to block on the basis of IP address, because that policy creates access inequality. It's comparable to what #Cloudflare is doing to Indians & Serbians, whereby they force users of cheap ISPs (which use CGNAT) to solve #CAPTCHA. Those users must pay a fee to get the privs of IPv4 or IPv6.

@yunohost @nwalfield @dredmorbius @rysiek @parisni Poor people can "pay" by giving up privacy in both cases (either by relaying email through a privacy abuser, or by letting the CAPTCHA service collect data on them). But that's unfair b/c they don't have the luxery of buying higher levels of service. It's a break from #netneutrality principles.

@resist1984 @yunohost @nwalfield @dredmorbius @rysiek hosting jami, matrix or anything is not available for poor people too.

@parisni @rysiek @dredmorbius @nwalfield @yunohost how is Jami blocking poor ppl?

@resist1984 @rysiek @dredmorbius @nwalfield @yunohost because without self hosted async server (if exist) Jami is NOT reliable. I mean turn out your phone and conversation is broken. This is not praticable. Even with love to Foss and p2p you never want such chaotic conversation app

@parisni
Do you have a Hotmail/Outlook/WindowsLive email address? I could send you an email from my self-hosted open source server (which took much more than a few minutes to set up) with valid DKIM, adhering to its strict DMARC policy, from a non-blocklisted IP address, etc. When you find it in your Junk folder, you can tell me what more I could have done.
@yunohost @nwalfield @resist1984 @dredmorbius @rysiek

@resist1984 Small providers who know you may explicitly whitelist your address(es). If you're not running static IP, even that is all but hopeless.

I've run and administered large-scale (tens of millions of accounts) email services. Since the early 2000s, standard practice has been to simply block all dial-up / residential user space.

For the big providers, there's simply not enough administrative capacity to individually whitelist individual mailserver IPs. You might do OK with colo space, SPF, and DKIM, but even then it can be iffy (I've had my own issues, working for a large SAAS operation, trying to peer with several of the larger email services). Though Yahoo at the time stood out as particularly bad. (It was then probably the largest email provider, though was in the process of being eclipsed by Gmail.)

@nwalfield @yunohost @rysiek

@resist1984 @nwalfield @yunohost and that's kind of the point, isn't it.

There are plenty of problems with e-mail, and some can be fixed. And yes, it's hosting is very centralized. It still remains a more self-hostable solution, and one that gives the users more agency, than walled gardens.

@rysiek @yunohost @nwalfield in Europe you can't self host unless you pay more. In the US, you can self host but most recipients (dominant tech giants in particular) will reject. That's not "the point", it's missing the point. EFF wrote a good article on the collateral damage.

@nwalfield @yunohost @rysiek the point to security is /availability/ (ensuring that ppl can communicate). Spam degrades quality, but blunt anti-spam efforts actually kill availability, when the whole point to fighting spam is to increase availability.

@resist1984 @nwalfield sure, and currently security is *unavailable* for *most* of communication, a large part of it happens to go through e-mail.

That is *not* going away, because e-mail is infrastructure much more than Signal and WhatsApp *could ever be*.

Ignoring e-mail is ignoring hundreds of millions of users. Telling them to move to walled gardens is simply not going to work, long-term. For all the reasons mentioned in the blogpost linked at the start of this thread.

@resist1984 @yunohost @nwalfield and with Signal and WhatsApp you *cant self-host, full stop*!

I honestly do not understand what you are arguing for here?

@rysiek @nwalfield @yunohost i oppose both Signal and WhatsApp. they are even more exclusive than email. But email is also exclusive. A premise that email is a "common denominator" is a broken premise

@resist1984 @nwalfield @yunohost okay, it's just much closer to being a common denominator, than Signal and WhatsApp could ever be. Does that sound better?

@rysiek @yunohost @nwalfield i've not suggested walled gardens. #Jami is a decent option that is not a walled garden. It's more inclusive than email, signal, and whatsapp.

@resist1984 @yunohost @nwalfield sure, but the question the blogpost answers is not: "what better system can we try to get people on?"

...but: "should we perhaps consider actually making e-mail encryption work?"

And the answer to that question is a strong "we absolutely should".

Simply because not doing that is leaving millions people vulnerable.

@rysiek @nwalfield @yunohost i'm running into lots of cases where a business or gov. agency or NGO service assumes (and expects) me to send them email. Then their server blocks me. The assumption is quite damaging because alternates are not offered. There needs to be pushback on the assumption. I'm actually taking companies to court over this.

@yunohost @nwalfield @rysiek i'll say to them in a written letter: "i can't send you email because your server blocks me.. you need to give me a phone number or discuss by letter", and their reply is "send us an email and we'll go from there".

@resist1984 @nwalfield good luck (honestly)!

Polish @panoptykon foundation sued Polish gov't agencies for blocking their e-mail server's IP address based on the fact that the same IP is running a tor node. They've won, and their server's IP got un-blacklisted.

@resist1984 @yunohost @nwalfield and I think what really annoys me (not necessarily with your position, but definitely with EFF's) is that they make a huge thing about how "exclusive" e-mail is, and then proceed to tell people to move to Signal.

🤦‍♀️

I've seen this pattern with the EFF for years - one can see a similar thing with their criticism of social media monopolists but still shunning of fedi. I even spoke to them about it. They don't see a problem there.

@rysiek @nwalfield @yunohost EFF's article which correctly criticizes collaterally damaging email practices long predates Signal. It was written when email was the only game in town

@yunohost @nwalfield @rysiek but certainly the #EFF's endorsement of #Signal today is despicable

@resist1984 @nwalfield I could understand it if it was a piece of a bigger puzzle: "for these specific kinds of things, Signal is your best bet; otherwise you might want to look at Jami, Briar, or OpenPGP e-mail even".

I know first-hand how important OpenPGP e-mail is for journalists in the field. And I also remember how utterly fscked I was when during E-Fail debacle, the only info EFF was sending out is "stop using e-mail", and I had nothing to work with regarding ~150 PGP-using journalists.

@rysiek @nwalfield Jami should be your first port of call because it's the most inclusive and also more secure than PGP mail (due to all the plaintext metadata). Sure failing that, PGP email may suit some circumstances but that's always a subset of what Jami can accomodate.

@nwalfield @rysiek to get an idea of the severe availability/reliability problem with email, I suggest reading this email vs #Fax article => https://oasis.code-cat.com/posts/1833714

@rysiek @nwalfield you two are addressing the 5th to the last bullet on that article (a good thing), but it's nowhere near enough to be able to consider email a common denominator.. it's more of something for cornercases or when dealing w/someone who is stuck in their ways (which I believe are the same as those who would resist PGP anyway)

@resist1984
@yunohost @nwalfield @rysiek

I have a feeling many signal folks are waiting for session msgr (getsession.org) to improve, include voice and video features before jumping ship. that's just my feeling though.

@rysiek @resist1984 @yunohost @nwalfield
S/MIME (as built into many popular mail clients) is a lot easier for unskilled users than PGP. The problem is it requiring a signed TLS cert.

@rysiek
@resist1984 @yunohost @nwalfield

take a look at https://pep.software for zero trust encrypted email

@NatCor @nwalfield @yunohost @rysiek the problem is not crypto. I have gpg & s/mime setup. The problem is transmission -- mail servers refusing legit mail on the sole basis of IP address.

@resist1984 @rysiek @yunohost @nwalfield sadly I have to disagree on #jami (same apply to #briar) : it’s not a decent replacement for email because both user shall be online to communicate, by design there is no server to deliver or receive the message in case the devise is shut down. It is impractical to use a message system with this behavior equivalent to posting letters.

@parisni @rysiek @nwalfield @yunohost for asynchronous msgs, #Wire is better. It's centralized, but it's more inclusive and less exposing than email. It relies on email for registration, but you only need to be able to receive email so it avoids all the pitfalls of sending email.

@resist1984 @rysiek @nwalfield @yunohost IMHO matrix is the best. But this is #offtopic : email should be securized and #autocrypt is one step for this

@parisni @rysiek @nwalfield @yunohost matrix uses #Cloudflare for some of their web stuff so i've not looked further into it. I should mention that Jami can be used asynchronously, but it's not straight forward.. someone at one end has to run their own server for it to work. So indeed it's still impractical for novice-to-novice async comms.

@resist1984 @rysiek @nwalfield @yunohost matrix isself hosted. You can chose tour instance and never deal with cloudflare

@resist1984 @rysiek @nwalfield @yunohost good to know Jami can be async. I will dig this

@parisni @rysiek @nwalfield @yunohost i heard about it from someone in #jami on freenode. BTW, there are (were?) matrix bridges to some freenode channels, and those bridges went through Cloudflare servers. IIRC the only way to avoid CF was to not use matrix and connect to freenode another way. i'm sure there are CF-free ways to use matrix but I was just put off by the fact that key organizers were using CF.

@resist1984 @rysiek @nwalfield @yunohost i dont see a real problem for matrix being behind cloudflare or any man in the middle. Matrix is e2e encrypted.

@parisni @rysiek @nwalfield @yunohost there are a couple ways to promote privacy abuse. One way is to directly expose profitable data to the abuser. The other way is to use the services of some entity that has a privacy abuser in the supply chain.