Paul Taylor2d ago

I have been using email for 40 years. It used to work.

As an (independent) academic researcher, I need to contact new people, primarily in universities, to ask questions.

I refuse to use Google, Microsoft or the other American IT giants.

But they are increasingly preventing refuseniks from sending email at all.

I know what RFC, DNS, MX, SPF and DMARC mean. My email goes through small British companies with intelligent, friendly and helpful staff.

mxtoolbox.com says that I must have DMARC to send email to M$. So I set it up. I now get a dozen copies of the same report from G or M$ for each email that I send out.

They show that my email gets to G and M$ sites, but then it is marked as spam.

The stupid senior management of numerous universities has surrendered their staff email to M$.

Web searches and AIs preach about spam. I don't send spam - I want to contact my colleagues.

Rumour has it that previously unknown senders are treated with suspicion and their emails are sent to spam. In other words, it is impossible to **initiate** communication with someone.

Let's be blunt about this. They are a mafia that is enforcing an **oligopoly**. It's got nothing to do with reducing spam --- I have no doubt that they let through emails from "trusted partners", ie companies that bribe them enough to send their spam.

The result of this is that it will only be possible to send emails by paying M$ to do it, and then it will only be allowed to express "approved" opinions.

What can we do about this?

At the very least, those of you with senior positions in universities can tell your management to revert to competent standards-based email systems hosted on Linux systems.

Show threadStefan Baur 8 * đź’‰2d ago
@Paul_Taylor Doesn't even have to be Linux, as long as the particular mail server software is standards-compliant. Heck, any of the *BSD's would do, for example.
Show threadMichael Westergaard2d ago
Exchange is not the issue (for that). The issue is they are very strict and it's very hard to not get on their shitlist.

In addition to SPF, DKIM, and DMARC, which are all mandatory these days, you need to make sure that your IP is not on a blacklist (and most cheap cloud providers that allow port 25 traffic are), and that your domain isn't (if you sent mails with invalid DMARC/SPF/DKIM or you don't have DMARC in a strict mode and somebody used your domain to send spam, it is on a blacklist).

They often employ graylisting (deny mails the first time around, only accepting on re-send) and nebulous anti-spam rules (proprietary SpamAssassin-like checks – nebulous to prevent spammers from working around them).

It's hard, very hard, to run a working mail server. It makes the 90s/00s with sendmail config woes seem nice in comparison. You cannot just boot up a Postfix and expect to be able to send mail.

For the most part, this is fair. Each of the rules is there to prevent spam and makes sense. The unfortunate fact is that it simultaneously makes it very hard for self-hosters/small companies to send legitimate mail. Because their mail looks exactly like spam.

I had a domain blacklisted at Google due to slightly wrong DMARC + DKIM setting; took a good 2 weeks to get it removed despite all checks saying it was fine.

mxtoolbox is only the beginning (it found no issue with my blacklisted domain); mail-tester is better, being on Google Postmaster is a must, and a DMARC monitor is close to a necessity.

BIMI often helps because it's so extremely expensive.
Show threadPetr Tesařík1d ago
@michael @farbenstau @Paul_Taylor And a lot of self-hosting sites use third-party “industry standard” services that may put you on their own black lists for no good reason.
Oh, hi there #Fortinet!
Show threadOld Man in the Shoe
@ptesarik @michael @farbenstau @Paul_Taylor The software isn't the issue - MS killed on-prem exchange (or are trying). It's the services - they don't want you running a mail server of any kind now, even theirs. If you do, you own it.
Apr 13 at 2:53pmWeb