De Mi caja de notas
L'e-mail moderne est un patchwork de protocoles et d'extensions. Voici un article pour les comprendre tous.
2021-05-07 : e-mail explained from first principles
sur indieweb
Email is a decentralized, non-web messaging transport, with user interfaces that enable a wide range of message formats and styles, and commonly used for account recovery by web sites and applications.
Why
Email can be useful for:
- Asynchronous posting to your website.
- A POSSE destination to reach people who use email as a reader
Older reasons to use email:
- One on one or one to many messaging among older internet users, some professions, and academia.
- Messaging to a (often self-)selected group, i.e. email list
How to
(stub)
How to POSSE
How to POSSE to email:
This section is a stub.
- Several WordPress plugins (Jetpack, for instance, uses the WordPress.com infrastructure for syndication) enable visitors to subscribe to your posts by email and will send out a message when you publish a new post.
For now, see
- Brainstorming: POSSE techniques for proposed details for POSSEing to email informed by existing practices
- IndieWeb Examples below and analyze how individuals are POSSEing from their personal sites to email.
IndieWeb Examples
IndieWeb community members currently posting to their sites via email, and/or POSSEing to email:
Nick Doty
Nick Doty occasionally publishes emails on bcc.npdoty.name that he also POSSEs to mailing lists since 2009-01-22, e.g.:
- article: http://bcc.npdoty.name/Re-programmatic-typesetting
- he also occasionally publishes emails sent to an email list
Barnaby Walters
Barnaby Walters has been posting to his site occasionally via email since 2013-05-22. Example:
Aaron Parecki
Aaron Parecki has occasionally syndicated posts (POSSE) from his site to email lists since 2014-11-18. Example(s):
- reply note: https://aaronparecki.com/replies/2014/11/18/1/
- reply note: https://aaronparecki.com/2018/11/19/19/oauth
It is currently a manual process of first making the post, then manually copying the text to reply to the email list.
gRegor Morrill
gRegor Morrill: syndicated at least one post from my site to email since 2023-06-20
- An email to government officials: https://gregorlove.com/2023/06/please-keep-our-communities/
Kelson Vibber
Kelson Vibber uses Jetpack to syndicate WordPress posts to email subscribers.
Add yourself!
Add yourself here… (see this for more details)
PESOS
It's also possible to PESOS your email that you send to people or email lists to your own site. Examples of IndieWeb creators that have PESOSed email to their site.
Tantek
Tantek Çelik has at least once PESOSed an email sent to co-workers, to his own site, with some bits redacted for public consumption, since 2004-06-29:
Support
Due to its popularity and ubiquity email is extremely widely supported.
Application integration
Of particular interest is the fact that many native applications (especially on iOS) include it in their share/export/action menus by default. This could be an excellent UI to piggyback on for quick and easy posting to our own sites.
Bridgy
Bridgy does not support email currently, however there is an issue filed to support POSSE to email lists in particular (and backfeed replies)
Webmention
questo.email was an indieweb/email bridge that aimed to be a hub for all kinds of interactions between indie sites and email addresses, including email-to-webmention and webmentions-to-email.
Clients
This section is a stub. You can help the IndieWebCamp wiki by expanding it.
Thunderbird
Thunderbird is a cross-platform open source email client.
Enigmail
Enigmail is a plug-in for Thunderbird that supports sending OpenPGP signed or encrypted email. A guide on doing this is published by the Free Software Foundation.
Gmail
Google Gmail is a popular Web-based email client.
Apple Mail
Apple ships a mail client with most of its operating systems. It can handle both POP and IMAP email, as well as mail from Yahoo, Exchange and others.
Brainstorming
POSSE techniques
Some thoughts on techniques for POSSEing to email, based in IndieWeb Examples above.
- publish an article
- name of the article --> email Subject:
- author: <-- intended email From: of yours
- audience: <-- intended from email To & CC:
- content: --> email body
- hyperlink with
class="u-syndication"
<-- email list permalink
If you are POSSEing a reply to an email (e.g. on a mailing list)
- publish a reply note (no need for an article, since the name/title isn't something you came up with, but rather "just" a "Re:" and the name/title of the original email you are replying to, which can go in the reply context
- author: <-- intended email From: of yours
- audience: <-- intended from email To & CC:
- content: --> email body
- use
<blockquote>
for portions of the original email that you’re quoting to respond to, or lines starting with > in a plain text note (which you can upgrade to<blockquote>
when rendering on your site) - hyperlink with
class="u-syndication"
<-- email list permalink
Redirect to public issues
One possible approach is to redirect incoming email to public issues, hosted on your own site, or GitHub, per:
- http://aaronparecki.com/notes/2014/01/07/1/email-lifehack
I wonder what would happen if I set an email auto-responder that instructed people to open an issue on github.com/aaronpk/self instead of send me an email. #email #lifehack
Criticism
Bad for more than two people
Whilst adequate for some one to one conversation it scales extremely badly to conversations with more than two people.
Bad for collaboration
It is also appallingly bad for collaboration (wikis or version control systems are much better for this[1]).
Not web
Not web identifiers
- email addresses are internet identifiers, not web identifiers, by definition. [4]
Maintenance disinterest
- "I would rather futz with a domain and shared hosting than my own SMTP server any day" [5]
Bad for identity
Encourages Constant Distraction
Unreliable Delivery
Email delivery, especially with your own domain, has shown to be anecdotally unreliable due to overzealous spam filters' false positives, e.g.: https://twitter.com/dangillmor/status/579770619367170049
Is there a way to find out if my email is ending up semi-routinely in spam filters? Several folks recently said they didn't get my messages
Ecosystem discriminates against indie servers
The email server ecosystem has evolved to a small handful of very large (100s of millions of accounts) services that peer with each other, and are actively hostile to indie servers sending their own mail with the excuse that those indie servers lack "reputation" (an ineffable an ill-defined requirement) for the larger servers to accept email from them.
For more details see:
- 2015-10-17 Jody Ribton: The Hostile Email Landscape
Email deliverability services such as Mailgun can help with this. Setting up Postfix + Mailgun for multiple outgoing domains
- 2022-09-04 : After self-hosting my email for twenty-three years I have thrown in the towel. The oligopoly has won. (archived):
Email is now an oligopoly, a service gatekept by a few big companies which does not follow the principles of net neutrality.
- Author posted excerpts of the article in tweet format, interesting comment threads.
More Problems
See and extract/cite from:
- http://tantek.com/w/EmailEfail
- https://twitter.com/EmailFail
- https://gimletmedia.com/episode/22-bonus-episode-the-man-who-refused-to-email/
FAQ
Can I point my domain to my VPS(/web server) but still use hosted email services? I don’t want to run a mailserver
Yes, your domain name can resolve to the IP address of your web server for HTTP traffic, but direct mail agents to look elsewhere. See also DNS.
Email Services by Type
Here are various levels of email services available from different providers, roughly ordered from easiest/cheapest/friendliest to most powerful/technical.
Custom domain email providers
- to-do: providers from this subsection need to be copied into email-hosting, and then leave a summary list here of only the top 3-5 providers being used by IndieWeb folks and recommended for new folks.
Custom domain email providers have the ability to set up an email account to send email as if it is from your own personal domain.
You have to separately configure your domain (perhaps at your DNS provider or web hosting provider) to forward domain sent to your domain (e.g. example@example.com) to whatever email provider you use.
Advantages:
- ...
Disadvantages:
- ...
Services roughly sorted by number of IndieWeb examples, and recommendations thereof:
FastMail
FastMail is a paid email service that has a range of options from only giving you a @fastmail address to others that allow you to have your own personal domain. Other differentiators are with how much email you can store.
IndieWeb examples:
- Jonny Barnes is using Fastmail's service for receiving/reading/sending jonnybarnes.net emails. Fastmail works by setting up a custom domain as an alias for your fastmail inbox.
- Kyle Mahan is a Fastmail user too. They recommend letting fastmail be your actual nameserver, but I opted to continue using my registrar's nameserver and just copy/paste MX, DKIM, and SPF records from Fastmail.
- Dr. Matt Lee is using Fastmail as part of his grand email strategy.
- Add yourself here… (see this for more details)
mailbox.org
mailbox.org is a paid email service starting at 1 Euro a month and based in Germany. There is a help page for "Using e-mail addresses of your domain," which includes instructions for adding SPF, DKIM, and DMARC records. mailbox.org also supports "catch-all" aliases. See also: https://en.wikipedia.org/wiki/Mailbox.org
IndieWeb examples:
- Ethan Yoo is using mailbox.org to send and receive emails for both ethanyoo.com and yooand.me.
- Dr. Matt Lee is using mailbox.org as part of his grand email strategy.
- Add yourself here… (see this for more details)
Gmail
Gmail (gmail.com run by Google) is a free email service that has the ability to set it up to send email as if it is from your own personal domain, optionally using the SMTP server from your domain host (web host).
IndieWeb examples:
- Tantek Çelik is using Gmail for receiving/reading/sending tantek.com emails but does not recommend this to new folks.
- Dr. Matt Lee is using whatever legacy gratis-GSuite is called now as part of his grand email strategy.
- Add yourself here… (see this for more details)
Pobox
Pobox is a paid email service that has two types of accounts: mailstore and forwarding. All of their plans allow for personal domains. In late 2024 Pobox accounts were set to merge with Fastmail accounts.
IndieWeb examples:
- Dr. Matt Lee is using Pobox as part of his grand email strategy.
- Add yourself here… (see this for more details)
Soverin
Soverin is a paid one-plan only email service that provides a "private mailbox that’s truly yours". It's a European service, based in Amsterdam, that focuses on privacy and making it simple to get up and running with e-mail on a personal domain. Makes it easy to conf
IndieWeb examples:
- Pelle Wessman is using Soverin for his newest set up domain and an old free G-Suite/Google Apps account for his other account (also using a calendar on the G-Suite account).
- Add yourself here… (see this for more details)
HEY
hey.com is a paid email service and client from 37signals. You can use it with a personal domain name or get email service from 37signals. Unlike most traditional email services, hey.com does not support POP or IMAP access to the mailbox, but mbox format exports are available. Once a hey.com account is paid for once, 37signals will forward email to that account elsewhere gratis.
IndieWeb examples:
- Dr. Matt Lee is using HEY.com as the primary part of his grand email strategy.
- Add yourself here… (see this for more details)
Pawnmail
Pawnmail is a service dedicated to provide "Email hosting for custom domains" that gives 2GB storage "free forever" to anyone. It provides a webmail client along with SMTP, IMAP and POP3 access.
IndieWeb examples:
- Add yourself here… (see this for more details)
Zoho Mail
Zoho Mail has a free account plan that allows you to receive mail in your own domain (1 per account, in the free plan).
IndieWeb examples:
- Add yourself here… (see this for more details)
Mail as a Service
Mandrill
Mandrill is a service for sending and receiving emails run by Mailchimp. It formerly had a generous free plan, but will require a paid MailChimp account beginning 2016-04-27 and paid e-mail volume, now starting at 30$ a month.
Greyed-out information below probably not correct any more -> if you still use Mandrill, please update it!
Note: Madrill does not charge for inbound email. See: https://twitter.com/sandeepshetty/status/463330411636994048
- Register at http://mandrillapp.com
- Create a new inbound domain and set up MX records for the domain you’ve chosen detailed here
- Set up your web server to accept POST requests to the URL you configured
Beware: I have experienced some inconsistencies in the mandrill responses. Namely that sometimes attachments are in the msg.attachments key, but I have also seen them in msg.images. I am currently using attachments = msg.attachments || msg.images || []
to cater for both cases. --Waterpigs.co.uk 10:26, 24 May 2013 (PDT)
Other Inbound Email Providers
There are other email PaaS companies which offer similar inbound POST request hooks instead of using Mandrill. More details coming soon.
Mail Forwarding Services
Advantages:
- The service provider handles all of the issues that are involved with mail delivery such as spam filtering, DKIM and SPF support and will also cache your mail if your MTA goes offline
- ...
Disadvantages:
- You still need to setup a MTA to receive the email being forwarded by the vendor
- ...
IndieWeb community members using this approach:
- Bear is using MailRoute for receiving/sending bear.im emails.
- ...
MailRoute
MailRoute allows you to specify its mail servers in your domain's MX records and then specify what server domain or IP Address to forward sanitized emails to. It offers spam filtering, greylisting and a number of other features. Once you have an account and have configured it for your domain you are then ready to setup your local MTA.
Handling it Yourself
Mail in a Box
Mail in a Box is a script that Josh Tauberer has put together to turn a VPS into a functioning mail server.
Running your own mail server
A MTA (Mail Transfer Agent) is a process that runs on your server and accepts incoming SMTP (port 25 generally) connections for mail delivery. Running your own MTA is fraught with trouble and can be so very time consuming that even people who run servers for a living generally use a forwarding service to handle all of the messy bits.
The example I give here will be to use Mailroute as the forwarding service and Postfix as the local MTA, but other combinations can be used.
- Note* this is a draft work-in-progress - I'll be filling in more concrete examples and other suggestions as I get time.
I use Postfix primarily because it comes from all of the OS Distros with a very sane set of defaults that you enter during setup and it just works. The reason Postfix becomes a drop-in tool is because of the work that is being done by the Mail Forwarder you setup in the prior step.
The key bits to configure is to tell the installer that you are using Postfix as "Stand-alone Internet Host" and then make sure the main.cf entries for mydestination contains your domain and relayhost contains the domain name for your Mail Forwarder.
TODO:
- tls and sasl configuration
- show how to configure the host's MDA (Mail Delivery Agent) to deliver emails to a program instead of a user mailbox
- show how to configure a mailbox to use store mail to be read by a cronjob or other agent
A guide to setting up a self-hosted email server
Indieweb examples
Peter Molnar had been running his own mail stack for 10+ years; the current setup is postfix ( with postscreen ) + dovecot + dspam + opendkim + opendmarc.
- Getting DKIM, DMARC and SPF to work with Postfix, OpenDKIM and OpenDMARC
- Lightweight, secure, database-free, spamfiltering mail server with Postfix, Dovecot, openDKIM and dspam on Debian 7
Security Issues
Anyone can send fake email from any email address. You need some way of determining that inbound email does indeed come from who it appears to. Possible solutions include:
- Make sure you’re verifying the authenticity of the request sent to your webhook
- Using “secret” email addresses by embedding the password in the address, e.g. myreallysecurepasswordorrandomkey@example.com — then store it in a private address book to save typing
- Use a mechanism such as SPF to determine the authenticity of an email
phishing
phishing is the act of sending an email (a phish) with both a forged from address and HTML contents that pretend to be from a popular service provider (often silo), and usually have some sort of fear-invoking subject like "Account Termination", or greed-invoking like "Transfer Notification" from a bank, with a link or button to "Log in", "Verify Account", "Initiate Transfer" which appears to go to the service provider but actually goes to an attacker's website that looks very similar (if not identical) to the service provider in order to trick you into entering your username and password, so the attacker can gain access to your service provider account.
The term "phish" comes from the attacker "fishing" for your username and password, which if you enter, then you've been "phished".
E.g. (documented examples of phishing emails)
spearphishing
spearphishing is the act of tailoring a "phish" specifically for a particular individual, sometimes seeming to come from a trusted contact, friend, co-worker.
As Commenting
In 2015, when shutting down their comment section, Motherboard recommended people to take discussions to email rather than getting them burried in public discourse:
Comment sections inspire quick, potent remarks, which too easily veer into being useless or worse. Sending an email knowing that a human will actually see it tends to foster thought, which is what we want.
- 2015-10-05 : We're Replacing Comments with Something Better (archived)
As of 2020, several personal blogs started including links to solicitate replies via email to their feeds. Specifically to interact with people not visiting the blogs directly and using non-social readers.
Examples
The following are all announcement posts of personal blogs adding email links to their feeds:
- 2020-07-12 : Reply link in RSS feed posts (archived)
- 2020-07-12 : Reply links in RSS feeds (archived) – crediting Jonnie for the idea
- 2020-07-13 : RSS reply links (archived) – crediting Jonnie and Robin for the idea
- 2020-07-13 : Replyin’. (archived) – crediting Jonnie, Simon, and Robin for the idea
- 2020-07-14 : Reply via email (archived) – crediting Ethan and Robin for the idea
- 2020-07-14 : add reply link to rss feed (archived) – No announcement, but change on GitHub.
- Loves the idea (tweet), retweeting Chris Coyier who thinks it is “a neat idea” (tweet, post) but has not done it yet.
- 2020-07-20 : Reply via Email (archived)
- 2020-08-06 : Note on August 6, 2020 (archived) – crediting Hidde, Ethan, and Robin for the idea
- 2020-09-04 : Reply links in RSS items (archived) – crediting Jonnie, sharing WordPress code snippet, linking to both email and own comment form.
A smaller number of personal blogs do the same right on their posts:
- Jim Nielsen started with an email link in his feed, citing Robin and Jonnie. Then added it to the footer of all blog posts during a design “realignment” (GitHub PR) and has experimented with hiding his email address to combat spam. Blog posts:
- 2020-07-20 : Email Replies in Feeds (archived)
- 2021-01-20 : Feat: New Style (archived)
- 2021-10-10 : Hide My mailto: Email (archived)
- 2021-07-03 : Online Conversations & Website Engagement (archived)
Problem was, despite all the useless comments, I still wanted the engagement from genuine readers, as that’s the main reason I write content. So I replaced the comment form with a simple button that said Reply via email, which linked to my email address.
See Also
- private posts
- email list
- texting
- https://theconversation.com/the-only-safe-email-is-text-only-email-81434
- Mailsploit: list of vulnerabilities in email clients, sender spoofing, code injection attacks, etc.
- 2017-11-30 Katie Notopoulos / BuzzFeed I Tried Emailing Like A CEO And Quite Frankly, It Made My Life Better
- Email is your electronic memory
- 2018-03-25 Criticism: https://twitter.com/SarahJamieLewis/status/978059205218205696
- "(Another grand example is email, where a ridiculous amount of power is now concentrated in the hands of google despite the decentralized nature of the protocol)" @SarahJamieLewis March 25, 2018
- 2018-04-07 The dots do matter: how to scam a Gmail user - problem of email addresses being used for identity, different email providers do different email address collapsing (e.g. Gmail and dots or +something)
- https://www.theatlantic.com/amp/article/560780/?__indieweb_impression=true
- 2013-06-13 Krebs: The Value of a Hacked Email Account
- Secure email that does not require a phone number to sign-up: https://twitter.com/vectorvekar/status/1143301499008585728
- "http://tutanota.com doesn’t need a phone number and it’s encrypted." @vectorvekar June 24, 2019
- use-case: necessary for job applications. Thread: https://threadreaderapp.com/thread/1143275350777978880.html and original tweet: https://twitter.com/lisackaplan/status/1143275350777978880
- POSSE example: http://self-issued.info/?p=2001 and POSSE copy to list: https://mailarchive.ietf.org/arch/msg/oauth/8uWRYfTmw9Bilbidcwb-R11Cais
- Criticism: Running your own server means people may not get your emails: https://twitter.com/lightcoin/status/1214300933200515073
- "indeed email has survived but if you run your own server people might never get your emails. it's already getting like that with Mastodon (as your suggestion to avoid http://madtodon.social shows). that's simply not an architecture I can invest energy into/ converting others to." @lightcoin January 6, 2020
- https://twitter.com/lightcoin/status/1128198395632521216
- "If Google blacklists your email server's IP address, good luck getting anything done via email.
Email taught us that federated isn't good enough. The protocol needs to be P2P for it to be truly resilient to censorship." @lightcoin May 14, 2019
- "If Google blacklists your email server's IP address, good luck getting anything done via email.
- email authentication
- Good reason to keep all email encrypted, including on laptops: 2020-08-17 US Border Patrol Says They Can Create Central Repository Of Traveler Emails, Keep Them For 75 Years
- 2020-09-02 Krebs on Security: The Joys of Owning an ‘OG’ Email Account — lots of warnings about mistakes people make with email signing up for services, recovery email, and a good SMS debate in the comments.
- Criticism: 2018-08-31 Fast Company Stop annoying everyone with these common email mistakes
“Email is a to-do list you don’t control,” says Aye Moah, chief of product and cofounder of the productivity software provider Boomerang. “It’s an open protocol, and anybody who can get hold of your email address can impose on you and demand attention in your inbox.”
- UK Government Digital Services article about communicating that a domain is never used for email
- https://www.newyorker.com/tech/annals-of-technology/e-mail-is-making-us-miserable
- the importance of your own domain University of Cambridge abandons open standards for proprietary ones, and starts to pay the price
- Google Admin Toolbox's MessageHeader: Tool to paste in email headers to verify if SPF records/DKIM signing worked correctly
- MX Toolbox: site with a variety of tools to check email health/deliverability, including SPF record lookup: https://mxtoolbox.com/spf.aspx