| Ok, but what about as a CDN/website-proxy/WAF? I know we don't have the same automated reputation-propagation as with email, but same thing supposedly happens there, where eventually you get turned off if you don't act on lawful requests, which is exactly why Cloudflare is unavailable in Spain during La Liga matches, because Cloudflare don't take piracy streams down. In theory, Cloudflare should take those down, when requested by legal means, but that doesn't matter. How sure are we that they'll act differently for email, instead of trying to get rid of the reputation system instead? > getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services It really isn't, you need a clean IP and a clean domain, send handful of emails and you're pretty much whitelisted on most services out there. Maybe you'd say I'm one of the handful, but I personally know more than a handful others who also run their own email services, just like me, and besides the usual hassle of running your own service, as long as you don't spam, your emails will arrive as usual. |
| |
| ▲ | ttul 6 hours ago | parent | next [-] | | I run an email sending service at scale (billions of messages per month, tens of millions of end users, thousands of customers). Most of our software development and operational effort revolves around abuse mitigation. That has been the case for 15 years. It's a cat-and-mouse game with two different mice: the senders, who are constantly trying to figure out how to get you to deliver their garbage; and the receivers, who are constantly trying to figure out how to block it. We're stuck in the middle. It's hard to appreciate how difficult this battle is when running at scale. | | |
| ▲ | embedding-shape 3 hours ago | parent | next [-] | | Right, I won't disagree with any of that, but I'm not sure how it's related to what I wrote either. Maybe I should have been more specific that I'm talking about hosting your own email, not hosting emails for others, which brings out a lot of other types of problems. | | |
| ▲ | ttul an hour ago | parent [-] | | Apologies. When you said "email services" I thought you were implying "email services for use by others". Yeah, you can definitely run your own mail server in 2026 and I think the internet community should always strongly endorse being able to do so. Unfortunately, large email receivers have to make do with imperfect signals when making filtering decisions, and your traffic from a lonely IP that happens to have a bad neighbour might get blocked as collateral damage. One long term hope: That domain name reputation eventually overtakes IP address reputation entirely. |
| |
| ▲ | pbronez 6 hours ago | parent | prev [-] | | What structural changes could we make to improve the situation? | | |
| ▲ | ttul 2 hours ago | parent | next [-] | | That is such a great question and there is no easy answer. There have been enormous efforts to do better for at least the last 20 years. An entire organization, M3AAWG, was founded for that reason and it meets three times a year, bringing together all the people that matter for making the situation better. It's a great organization and the people are all really smart and awesome. The IETF is no slouch either, coming up with excellent new standards and improving existing ones, such as the recent update to DKIM. That's about as good of an answer as I can provide: keep sending smart people to the conferences! | |
| ▲ | edoceo 6 hours ago | parent | prev | next [-] | | Signed senders? | |
| ▲ | b112 5 hours ago | parent | prev | next [-] | | It's simple, there's a standard, a new one, which takes into account SPF, DKIM, DMARC, ARC, and even DANE along with upcoming and purposed SPKF, DKIM+, DMARC2, and ARCv4. It should fix just about everything. | | | |
| ▲ | jgalt212 5 hours ago | parent | prev [-] | | Hashcash, or BTC. | | |
| ▲ | ttul 2 hours ago | parent [-] | | I always loved the hashcash concept and actually raised our original funding because of it (our Microsoft angels loved the idea of making spamming more expensive, and our Series A concept was tar-pitting to dissuade botnets). In the context of email sending services, we have a modern version of hashcash that we might at some point turn to. If someone can figure out how to tokenize sending at scale, then senders could pay recipients to open their emails by attaching a "tip" to each message. If even a small fraction of legitimate email recipients altered their mail client settings to route "tipped" messages to their inbox, that would probably suffice to get senders to participate in the scheme. Senders are starved for high quality engagement data. Meanwhile, anything we can do to make spam less likely - on a relative scale - to reach the inbox in comparison to "legitimate" traffic, is a win. |
|
|
| |
| ▲ | pocksuppet 6 hours ago | parent | prev [-] | | Cloudflare acts on lawful requests during LaLiga matches. The problem is that the Spanish government doesn't want to bother doing things the lawful way because that takes too long. They want piracy to magically disappear and they'll randomly shut down more parts of the internet until it does. Actual illegal sports streams are not impacted by Cloudflare being down, and Cloudflare is not the only impacted network. | | |
| ▲ | embedding-shape 3 hours ago | parent [-] | | > problem is that the Spanish government doesn't want to bother doing things the lawful way because that takes too long In Spain, what they are doing, is the "lawful way", it's literally happening via the courts and judges. Do you think ISPs are blocking Cloudflare specifically just for fun, out of their own accord? > Actual illegal sports streams are not impacted by Cloudflare being down, and Cloudflare is not the only impacted network. Some are, many aren't. Cloudflare is indeed the only impacted network, at least for me. Which other networks are being blocked for you during the La Liga matches? | | |
| ▲ | Dylan16807 3 hours ago | parent [-] | | The specific blocks don't go through courts and judges. | | |
| ▲ | embedding-shape 2 hours ago | parent [-] | | Yes, the specific block of blocking Cloudflare in Spain during La Liga matches literally has gone through a court and been ordered by a judge, I'm not sure how you could have missed this. Judges have also dismissed the requests from Cloudflare and others to remove the "dynamic block" as there is collateral damage. | | |
| ▲ | Dylan16807 an hour ago | parent [-] | | My understanding was that cloudflare was being blocked by the same IP blocking list as everything else. And while that system went through courts, the list didn't. There are also direct actions against cloudflare, but that's not what's taking everything down, is it? Did I misunderstand something? | | |
| ▲ | embedding-shape an hour ago | parent [-] | | The sites are directed to be blocked by IP and DNS, this is the list I suppose you're talking about, I'm not sure of any specific "system vs list" distinction. Since some of the sites are behind Cloudflare, some of the IPs are IPs used by Cloudflare for any customer, not just the streams, so then Cloudflare gets blocked wholesale, the collateral damage that we get to joyfully experience every game. Remains to be seen if the block will remain in place or not, you could argue it goes against some other laws, but it has to be argued legally, just like how the block initially happened because La Liga went through the courts. So far us developers or people who visit more American websites tend to be hit the worst, since they're talking about "protecting" other matches too, in other sports, I'm guessing it'll get worse before it gets better. |
|
|
|
|
|
|
