Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
thomas_gauvin 6 hours ago

Blog author chiming in here:

We have reserved IPs for Email Service and will be protecting the reputation and fighting spam from originating on Email Service.

If we did not do so, our IPs would get flagged and then emails end up in spam or not delivered. That defeats the purpose of having a transactional Email Service. We're well aware of this.

embedding-shape 6 hours ago | parent | next [-]

Will you also do this for other spammers using Cloudflare infrastructure, or just specifically for this email product?

> For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS) [2].

> With 1201 unresolved Spamhaus Blocklist (SBL) listings [3], it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers

https://www.spamhaus.org/resource-hub/service-providers/too-...

Meekro 5 hours ago | parent [-]

I would note that Cloudflare has been doing better-- the SBL listings page mentioned in that article[1] shows only 47 active complaints, down from 1201 when the article was written 2 years ago. Many of those complaints are stale, too: I spot-checked a few (referencing the domains fireplacecoffee.com and expansionus.com) and the domains are expired and not being hosted by anyone.

[1] https://check.spamhaus.org/sbl/listings/cloudflare.com/

ttul 30 minutes ago | parent | prev | next [-]

If you take the approach of policing individual sender accounts with a strict anti-abuse policy, you have a chance of succeeding. I'm sure you have already discovered that the moment you allow anyone to sign up for an email sending account, the worst of the worst actors immediately take up the opportunity to do so! Cloudflare has a massive amount of data about web traffic and I would hope that this data can be recycled into effective threat detection and control. No doubt you already know this and have people working on it. Good luck!

Bender 5 hours ago | parent | prev | next [-]

As someone that has managed very large outbound transactional email environments, email campaign platforms and some corporate email I just wanted to wish Cloudflare the best of luck on this endeavor. This is an entirely different animal from anything related to a CDN. Stay vigilant and don't let the cute and fuzzy bunnies ruin it for everyone else. They are evil and mischievous and will do whatever they technically can do.

creatonez an hour ago | parent | prev | next [-]

Agent-produced emails are by definition spam. Everyone should be reacting to this news by immediately blocking your service.

ttul 28 minutes ago | parent [-]

Recent outreach after creating an AgentMail account:

"Thanks for being a user of AgentMail - a lot of people use AgentMail for outbound (spin up and warm up inboxes, send sequences, handle replies), ..."

Yes, that's right. The first use case mentioned is to send automated outbound emails. "Cold prospecting" workflows are likely going to be a big slice of usage on the new Cloudflare service, as it seems to be on AgentMail.

chinathrow 3 hours ago | parent | prev | next [-]

> We're well aware of this.

Then how about not market it as "for agents" when said agents are just LLM output?

themafia 2 hours ago | parent | prev | next [-]

So what are the thresholds?

For example with SES I will get automatically suspended if my bounce rate is more than 10% or if my complaint rate is more than 0.1%.

wang_li 5 hours ago | parent | prev [-]

I think you should put your money where your mouth is. For each spam message sent to a recipient server, you send $1000 to the recipient.