Shoe Bill19h ago

Okay, now the main concern I have with SMTP: is it even possible for me to self-host an SMTP server, and to expose it ONLY via Cloudflare Tunnel, and NOT open any ports in the firewall?

Does that work, I mean?

I've read things that have confused me even more about this; the general consensus, as I understand it, is that that should work in theory but it probably doesn't actually work, or if it does work then for some reason it goes straight to spam anyway (which I would need to see to believe, frankly, because Cloudflare's IP addresses being misinterpreted as spam, would be weird and also ironic, I think).

#SelfHosting #SelfHosted #SMTP #Cloudflare #CloudflareTunnel

Show threadSheldon19h ago

@the if you're sending from a Cloudflare IP address, I would expect your undeliverable rate to be higher than expected because the typical volume of emails that come from a specific IP address is part of the that IP addresses' sender reputation.

An IP address that never sends emails and suddenly starts sending emails is suspicious as hell. Or an IP address that typically sends 1000 per week suddenly starts sending 100,000 per week will suffer extra scrutiny.

If you get to keep the same IP address, you might end up being able to build up a positive reputation over time, but if you're just sending personal emails, your volume is probably going to be so small that it won't matter much. At low volumes, you'll always look like a non-sending IP that is sending email.

Show threadShoe Bill18h ago

@sysop408

Okay, that makes sense, thanks. Is that why the built-in webmail you get automatically, when you register a domain through Gandi (and I would assume probably likewise for any of the popular registrars) doesn't seem to bounce; is it because their IP addresses already send a high volume normally?

Show threadSheldon

@the assuming that they're keeping their users honest, yes. Having a stable history that allows monitoring services to judge whether your activity is following expected patterns helps.

You can get an idea of what goes into email IP reputation by looking some up using this Cisco tool:
https://talosintelligence.com

One thing you'll notice there is there's a column for rDNS matching. That's become a big thing. Your Cloudflare IP isn't going to have matching rDNS and that will hurt a lot.

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Cisco Talos Intelligence Group is one of the largest commercial threat intelligence teams in the world. Comprised of world-class cyber security researchers, analysts and engineers and supported by unrivaled telemetry, Talos defends Cisco customers against known and emerging threats, discovers new vulnerabilities in common software, and interdicts threats in the wild before they can further harm the internet at large.

Mar 26 at 1:27amWeb