LifeDesign Learning Zone
Email is a decentralized, non-web messaging transport, with user interfaces that enable a wide range of message formats and styles, and commonly used for account recovery by web sites and applications.
Email can be useful for:
- Asynchronous posting to your website.
- A POSSE destination to reach people who use email as a reader
Older reasons to use email:
- One on one or one to many messaging among older internet users, some professions, and academia.
- Messaging to a (often self-)selected group, i.e. email list
How to POSSE
How to POSSE to email:
This section is a stub. For now, see the examples below and analyze how individuals are POSSEing from their personal sites to email.
Indiewebcamp creators currently posting to their sites via email, and/or POSSEing to email:
- he also occasionally publishes emails sent to an email list
... more posting POSSEing here ...
Due to its popularity and ubiquity email is extremely widely supported.
Of particular interest is the fact that many native applications (especially on iOS) include it in their share/export/action menus by default. This could be an excellent UI to piggyback on for quick and easy posting to our own sites.
questo.email is an indieweb/email bridge that aims to be a hub for all kinds of interactions between indie sites and email addresses, including email-to-webmention and webmentions-to-email.
- 1 Why
- 2 How to
- 3 IndieWeb Examples
- 4 Support
- 5 Brainstorming
- 6 Criticism
- 7 FAQ
- 8 Email Services by Type
- 8.1 Custom domain email providers
- 8.2 Mail as a Service
- 8.3 Mail Forwarding Services
- 8.4 Handling it Yourself
- 8.5 Security Issues
- 9 As Commenting
- 10 See Also
Redirect to public issues
One possible approach is to redirect incoming email to public issues, hosted on your own site, or GitHub, per:
I wonder what would happen if I set an email auto-responder that instructed people to open an issue on github.com/aaronpk/self instead of send me an email. #email #lifehack
Bad for more than two people
Whilst adequate for some one to one conversation it scales extremely badly to conversations with more than two people.
Bad for collaboration
- URLs == web
- email addresses != web.
Not web identifiers
- email addresses are internet identifiers, not web identifiers, by definition.
- "I would rather futz with a domain and shared hosting than my own SMTP server any day"
Bad for identity
Encourages Constant Distraction
Email delivery, especially with your own domain, has shown to be anecdotally unreliable due to overzealous spam filters' false positives, e.g.: https://twitter.com/dangillmor/status/579770619367170049
Is there a way to find out if my email is ending up semi-routinely in spam filters? Several folks recently said they didn't get my messages
Ecosystem discriminates against indie servers
The email server ecosystem has evolved to a small handful of very large (100s of millions of accounts) services that peer with each other, and are actively hostile to indie servers sending their own mail with the excuse that those indie servers lack "reputation" (an ineffable an ill-defined requirement) for the larger servers to accept email from them.
For more details see:
- 2015-10-17 Jody Ribton: The Hostile Email Landscape
See and extract/cite from:
Can I point my domain to my VPS(/web server) but still use hosted email services? I don’t want to run a mailserver
Yes, your domain name can resolve to the IP address of your web server for HTTP traffic, but direct mail agents to look elsewhere. See also DNS.
Email Services by Type
Here are various levels of email services available from different providers, roughly ordered from easiest/cheapest/friendliest to most powerful/technical.
Custom domain email providers
Custom domain email providers have the ability to set up an email account to send email as if it is from your own personal domain.
You have to separately configure your domain (perhaps at your DNS provider or web hosting provider) to forward domain sent to your domain (e.g. firstname.lastname@example.org) to whatever email provider you use.
IndieWeb community members using this approach:
- Jonny Barnes is using Fastmail's service for receiving/reading/sending jonnybarnes.net emails. Fastmail works by setting up a custom domain as an alias for your fastmail inbox.
- Tantek Çelik is using Gmail for receiving/reading/sending tantek.com emails.
- Kyle Mahan is a Fastmail user too. They recommend letting fastmail be your actual nameserver, but I opted to continue using my registrar's nameserver and just copy/paste MX, DKIM, and SPF records from Fastmail.
- Pelle Wessman is using Soverin for his newest set up domain and an old free G-Suite/Google Apps account for his other account (also using a calendar on the G-Suite account).
Gmail (gmail.com run by Google) is a free email service that has the ability to set it up to send email as if it is from your own personal domain, optionally using the SMTP server from your domain host (web host).
FastMail is a paid email service that has a range of options from only giving you a @fastmail address to others that allow you to have your own personal domain. Other differentiators are with how much email you can store.
Pawnmail(https://pawnmail.com/) is a service dedicated to provide "Email hosting for custom domains" that gives 2GB storage "free forever" to anyone. It provides a webmail client along with SMTP, IMAP and POP3 access.
Soverin(https://soverin.net/) is a paid one-plan only email service that provides a "private mailbox that’s truly yours". It's a European service, based in Amsterdam, that focuses on privacy and making it simple to get up and running with e-mail on a personal domain. Makes it easy to conf
Mail as a Service
Mandrill is a service for sending and receiving emails run by Mailchimp. It formerly had a generous free plan, but will require a paid MailChimp account beginning 2016-04-27 and paid e-mail volume, now starting at 30$ a month.
Greyed-out information below probably not correct any more -> if you still use Mandrill, please update it!
Note: Madrill does not charge for inbound email. See: https://twitter.com/sandeepshetty/status/463330411636994048
- Register at http://mandrillapp.com
- Create a new inbound domain and set up MX records for the domain you’ve chosen detailed here
- Set up your web server to accept POST requests to the URL you configured
Beware: I have experienced some inconsistencies in the mandrill responses. Namely that sometimes attachments are in the msg.attachments key, but I have also seen them in msg.images. I am currently using
attachments = msg.attachments || msg.images ||  to cater for both cases. --Waterpigs.co.uk 10:26, 24 May 2013 (PDT)
Other Inbound Email Providers
There are other email PaaS companies which offer similar inbound POST request hooks instead of using Mandrill. More details coming soon.
Mail Forwarding Services
- The service provider handles all of the issues that are involved with mail delivery such as spam filtering, DKIM and SPF support and will also cache your mail if your MTA goes offline
- You still need to setup a MTA to receive the email being forwarded by the vendor
IndieWeb community members using this approach:
- Bear is using MailRoute for receiving/sending bear.im emails.
MailRoute allows you to specify its mail servers in your domain's MX records and then specify what server domain or IP Address to forward sanitized emails to. It offers spam filtering, greylisting and a number of other features. Once you have an account and have configured it for your domain you are then ready to setup your local MTA.
Handling it Yourself
Mail in a Box
Running your own mail server
A MTA (Mail Transfer Agent) is a process that runs on your server and accepts incoming SMTP (port 25 generally) connections for mail delivery. Running your own MTA is fraught with trouble and can be so very time consuming that even people who run servers for a living generally use a forwarding service to handle all of the messy bits.
The example I give here will be to use Mailroute as the forwarding service and Postfix as the local MTA, but other combinations can be used.
- Note* this is a draft work-in-progress - I'll be filling in more concrete examples and other suggestions as I get time.
I use Postfix primarily because it comes from all of the OS Distros with a very sane set of defaults that you enter during setup and it just works. The reason Postfix becomes a drop-in tool is because of the work that is being done by the Mail Forwarder you setup in the prior step.
The key bits to configure is to tell the installer that you are using Postfix as "Stand-alone Internet Host" and then make sure the main.cf entries for mydestination contains your domain and relayhost contains the domain name for your Mail Forwarder.
- tls and sasl configuration
- show how to configure the host's MDA (Mail Delivery Agent) to deliver emails to a program instead of a user mailbox
- show how to configure a mailbox to use store mail to be read by a cronjob or other agent
A guide to setting up a self-hosted email server
User:Petermolnar.eu had been running his own mail stack; the current setup is postfix ( with postscreen ) + dovecot + dspam + opendkim + opendmarc. A few tutorials on petermolnar.eu about the topic:
- Getting DKIM, DMARC and SPF to work with Postfix, OpenDKIM and OpenDMARC
- Lightweight, secure, database-free, spamfiltering mail server with Postfix, Dovecot, openDKIM and dspam on Debian 7
Anyone can send fake email from any email address. You need some way of determining that inbound email does indeed come from who it appears to. Possible solutions include:
- Make sure you’re verifying the authenticity of the request sent to your webhook
- Using “secret” email addresses by embedding the password in the address, e.g. email@example.com — then store it in a private address book to save typing
- Use a mechanism such as SPF to determine the authenticity of an email
phishing is the act of sending an email (a phish) with both a forged from address and HTML contents that pretend to be from a popular service provider (often silo), and usually have some sort of fear-invoking subject like "Account Termination", or greed-invoking like "Transfer Notification" from a bank, with a link or button to "Log in", "Verify Account", "Initiate Transfer" which appears to go to the service provider but actually goes to an attacker's website that looks very similar (if not identical) to the service provider in order to trick you into entering your username and password, so the attacker can gain access to your service provider account.
The term "phish" comes from the attacker "fishing" for your username and password, which if you enter, then you've been "phished".
E.g. (documented examples of phishing emails)
spearphishing is the act of tailoring a "phish" specifically for a particular individual, sometimes seeming to come from a trusted contact, friend, co-worker.
In 2015, when shutting down their comment section, Motherboard recommended people to take discussions to email rather than getting them burried in public discourse:
Comment sections inspire quick, potent remarks, which too easily veer into being useless or worse. Sending an email knowing that a human will actually see it tends to foster thought, which is what we want.
As of 2020, several personal blogs started including links to solicitate replies via email to their feeds. Specifically to interact with people not visiting the blogs directly and using non-social readers.
The following are all announcement posts of personal blogs adding email links to their feeds:
- 2020-07-12 : Reply link in RSS feed posts (archived)
- 2020-07-12 : Reply links in RSS feeds (archived) – crediting Jonnie for the idea
- 2020-07-13 : RSS reply links (archived) – crediting Jonnie and Robin for the idea
- 2020-07-13 : Replyin’. (archived) – crediting Jonnie, Simon, and Robin for the idea
- 2020-07-14 : Reply via email (archived) – crediting Ethan and Robin for the idea
- 2020-07-14 : add reply link to rss feed (archived) – No announcement, but change on GitHub.
- 2020-07-20 : Reply via Email (archived)
- 2020-09-04 : Reply links in RSS items (archived) – crediting Jonnie, sharing WordPress code snippet, linking to both email and own comment form.
- private posts
- email list
- Mailsploit: list of vulnerabilities in email clients, sender spoofing, code injection attacks, etc.
- 2017-11-30 Katie Notopoulos / BuzzFeed I Tried Emailing Like A CEO And Quite Frankly, It Made My Life Better
- Email is your electronic memory
- 2018-03-25 Criticism: https://twitter.com/SarahJamieLewis/status/978059205218205696
- "(Another grand example is email, where a ridiculous amount of power is now concentrated in the hands of google despite the decentralized nature of the protocol)" @SarahJamieLewis March 25, 2018
- 2018-04-07 The dots do matter: how to scam a Gmail user - problem of email addresses being used for identity, different email providers do different email address collapsing (e.g. Gmail and dots or +something)
- 2013-06-13 Krebs: The Value of a Hacked Email Account
- Secure email that does not require a phone number to sign-up: https://twitter.com/vectorvekar/status/1143301499008585728
- use-case: necessary for job applications. Thread: https://threadreaderapp.com/thread/1143275350777978880.html and original tweet: https://twitter.com/lisackaplan/status/1143275350777978880
- POSSE example: http://self-issued.info/?p=2001 and POSSE copy to list: https://mailarchive.ietf.org/arch/msg/oauth/8uWRYfTmw9Bilbidcwb-R11Cais
- Criticism: Running your own server means people may not get your emails: https://twitter.com/lightcoin/status/1214300933200515073
- "indeed email has survived but if you run your own server people might never get your emails. it's already getting like that with Mastodon (as your suggestion to avoid http://madtodon.social shows). that's simply not an architecture I can invest energy into/ converting others to." @lightcoin January 6, 2020
- "If Google blacklists your email server's IP address, good luck getting anything done via email.
Email taught us that federated isn't good enough. The protocol needs to be P2P for it to be truly resilient to censorship." @lightcoin May 14, 2019
- "If Google blacklists your email server's IP address, good luck getting anything done via email.
- email authentication
- Good reason to keep all email encrypted, including on laptops: 2020-08-17 US Border Patrol Says They Can Create Central Repository Of Traveler Emails, Keep Them For 75 Years
- 2020-09-02 Krebs on Security: The Joys of Owning an ‘OG’ Email Account — lots of warnings about mistakes people make with email signing up for services, recovery email, and a good SMS debate in the comments.