322 comments

[ 0.78 ms ] story [ 170 ms ] thread
It depends on whom you send to. Like ironically I sent an abuse complaint to Verizon for a spammer and got rejected because they blocked all of Digital Ocean's IP space. Yahoo was particularly difficult too sending me a response saying they won't take my mail immediately on a single email to my brother. I had to go through a lot to get that fixed. Again this was due to being on cloud provider IP space.

GMail is more reasonable with perhaps being spam filtered but never blocked outright. I have also been blocked by government labs and academic institutions. I also have complied with RDNS, DKIM, SPF and got a top score on mx toolbox. Now that I have been up for a while I have had less issues besides with the ones that block cloud provider spaces.

Microsoft is the toughest one. Fortunately, I don't have friends that use outlook.com or w/e
Does your email get blocked if it is sent to a business on O365?
haven't tried in a while. It can, they dont' follow all the rules and do a little more blocking in the interest of their users or based off a ML spam detection or something.

Some things that should be delivered are not. I'd have to dig back into this to see what the exact issue is.

unfortunately DO does not seem to be as active as Amazon in maintaining the reputation of their IPs.
I would like to see the option for backups to be held on you own own cloud account of choice. I am in Canada and I use a Canadian cloud company called sync.com for my secured data storage knowing it will not be stored in the US.

The price point is also a bit high for a Canadian Customer, so I like the idea but a bit too pricey for North of the boarder after currency exchange.

Thanks for the feedback - we will take this into consideration.
Read your terms of service. The same section is definitely present for all Canadian ISPs as well.
"The residential Shaw Services are designed for personal Internet use. You may not use the residential Shaw Services for commercial purposes. You may not run a server in connection with the Shaw Services nor may you provide network services to others via the Shaw Services. Examples of prohibited servers and services include but are not limited to mail, http, ftp, irc, dhcp servers, and multi-user interactive forums. Some business services may be exempt from these limitations."

https://www.shaw.ca/uploadedFiles/Terms_of_Use/Acceptable_Us...

Until the device fails and you need to replace.
Because it bothers me when someone sells a "secure" product where the security measures are unrelated to the threat model. The Helm server is connected to the open Internet, which means that physical possession of the Helm server is not the only or even main thing necessary to secure it from compromise. Because of how it works, the server still has a dependency on cloud providers -- you need cloud backups and the public endpoint for the ssh tunnel to get around ISP packet sniffing. Since I still need to trust other people's servers for this to work, why the focus on owning your own server?
How would you realistically completely remove the need for the relay server while still allowing the customer to run the server on a typical home internet connection?
Flip it around: don't run the server on a typical home internet connection but instead run it in a data center.
This could be especially valuable as a way to build email apps for enterprise. Especially if there were a good API that returned email data in JMAP format.

I know Nylas tries to do this, but their model doesn't really work for me.

Why JMAP over something universal like JSON?
JMAP returns data in JSON, but with a standardized schema. It's better than the current status quo, where each email provider returns API data in JSON but using their own schema, meaning you need to build different endpoints and methods to work with each email provider. The spec is about to be finalized, so there is no reason why email providers who haven't yet released an API shouldn't be using it.
The table does not include the "green" domains by default, you have to select it.
So they use a registered ip proxy to your own email server. I've been doing that for a super long time, and it's a great solution, at least until about 5 years ago.

Most providers will blacklist anyone who isn't one of them. So I front my home email server with a big account to relay in and out of. It kinda sucks, but all my stuff just works.

So I can happily fire up my Macintosh II, load up Outlook 98 and read email.

I use Office 365 to front my domain, I think it's like $12 a month for the corporate version so I can have it front domain emails. And that means I get office for all my devices so I'm not the one having to deal with having old versions of stuff.

I think this is the biggest problem. If there are a lot of bad actors, you drag down the whole system, but if you try to prevent bad actors you run into a lot of issues.

A hard problem, and I don't envy anyone trying to solve it.

No offense, but given that you are making a product that has a much higher potential to enable bad actors than usual, isn't it kind of you/your company's job to try to solve it?

EDIT: Just realized I responded to the wrong person :(

No, it's not. In fact it's your job to try and police yourself. But you probably on someone else to control you don't you?
I mean, my thought is that if a high volume of spam causes other email servers to block Helm, then it makes it unusable to the good actors in the system. I didn't see the CEO address this.

Or, maybe I just misunderstand smtp idk

Yeah, that's how I understand the issue too. I don't think there's an easy way to do things, either you end up blocking some people with a legitimate use case or you end up becoming a spam farm.
The person you are replying too isn't the CEO. Just another new user (that's why the username is in green).
You learn something new every day, I always assumed the green meant OP, like how reddit uses blue. I didn't even notice the change in username Thanks!
Spammers can already get mail servers without a problem. This doesn’t make that easier, because it’s already as easy as it can be.
Hi graybolt, I'm Dirk, co-founder and CTO at Helm. Each Helm Personal Server is assigned their own IP address. We make sure to only use IP addresses that haven't been put on blacklists. If people abuse the service by sending spam it will only affect the reputation of their assigned IP and won't cause harm to the reputation of other Helms.
How do you plan to protect users from themselves? I.e. 2 charater passwords.
If you're spending $500 on something to help keep your stuff private and secure, you're probably not a 2 character password kind of guy.
Oh boy, I know people with a fiber drop, 25tb raids with baby server farms and single character password. I think you highly underestimate the lazyness and/or stupidity of people. That doesn't even cover fishing.

Secondly, I think you underestimate the time intensive work that goes into clearing up an IP. I've run mail servers with users in the thousands. It's basically a full time job to keep a single ip clean. And that's with a half or less percentage of clueless users. I'm unsure how this will scale to hundreds of IPs let alone the thousands(x100) that would probably be needed to make creating your own hardware profitable.

Third, you're going to need to reach incompetent customers to make this profitable.

Yeah that isn't sufficient. Most people are going to get their email rejected or spam filtered from many sources. Having an IP that is not blacklisted is not sufficient to have it have enough reputation to be accepted by large providers.
I think it's the former; you can't host any site that is supposed to be accessed by the general public, only something like a control panel for your NAS or security system or such.

This serves to protect them technically (residential systems are not designed to withstand a large number of inbound requests), legally (you can't sue them for failing to serve your site) and of course to promote their more expensive business lines.

Honestly, I would rather see it as a paid add-on to something like a synology or qnap..
To be fair - building a business like Helm while needing to deal with other people's hardware and their software updates which you wouldn't find out broke your product until your customers start screaming about their email not working - wouldn't be fun. I could easily see how someone could want to do that and seriously consider it, then discard it as an option (or at least as part of their MVP launch options).
So make a supported hardware list,docker container, etc. The hardware is interesting, but the types of people who would buy this either already have racks in their houses and just want someone else to manage their stuff, or want to manage their own hardware because they want to make sure they have their own hardware components locked down. It's a neat project to be sure, and it's not terribly expensive for the hardware, but the real money maker is the ongoing support and security for the service, which is functionally really similar to a cloud service without a lot of the benefits.
wouldn't that be postfix and a caldav server?
Agreed. I don't see how this is any different from a regular email server, with a local client that pulls emails over IMAP and deletes them remotely.
It's easier to convince someone that it's securely 'theirs' with hardware than if it seems like just another cloud email service?
But then they spend a lot of time being a hardware company, no?
So? It's a necessity of establishing trust with the customers.
How about a VM that I can host at a location of my choice? On prem, ec2, or a dedi somewhere?
You can send email using EC2 instances, including mass commercial campaigns (aka "legal spam"...).

However, there are a few things to do, more specifically, you must contact AWS to get "clean" IP ranges (fresh IPs, never allocated to instances), sign some agreements and pay additional fees.

It's not exactly as simple as an API call to create an ec2 instance, but it's doable.

With random IPs, there is a good chance indeed that it is already burnt by a previous allocation.

That's weird, I honestly wouldn't have expected that. They gave me a little resistance with one terminating at a home but ultimately they did it. They probably start to weigh the pros/cons (ie the money) of business level service to large residential buildings and decide it isn't worth it. Maybe too many variables once the line enters the building?
Maybe the building part. But I've never had any issue - at three homes - with Comcast Business being run into my home garage.
Because Silly Valley.
> I funded this team because they're high integrity software engineers first, and we built this out of need

I looked for the founders bio, a company contact info. There is nothing on their site. All I saw was a letter in the "About" section by the founder.

You might have gotten to know these guys after various meetings and due diligence process. There is nothing on their website that sells me on trusting them or the company.

I had to go the "Careers" section to see the location of the company.

When you're in the business of selling trust, you really need to focus on selling trust first and not technology (maybe they're connected ultimately) but I just don't feel I can trust this company based on the materials provided on their website.

Hope this feedback is meaningful.

How would material on a website provide trust, without a means to verify that information?
What other way is there? Have a button to “let the CEO call me and pinky promise me that the website info is truthful, complete and correct”? Would you believe it then?
That's obviously not what he's suggesting? He's just saying (and correct me if I'm wrong) that, for a company whose business is based in no small part on trust, it's a bit weird to not have any information about any of the people involved in the project.
While names, locations etc doesn't necessarily make something trustworthy - the absence of them do feel way more sketchy.
Assuming you control both sides, which sounds like you do, just run it on a different port in addition to 25.
If your were real men you'd give it away for free and find a way to monetize your audience through a a value proposition that exceeds what it seems you've done. Cute marketing site but that's kinda lame yo.
The stackable expansion is a really nice idea.
Mh, not much convinced. I'm a fan of the idea of personal home server and I have built myself one having find a ISP that offer static IPv4 and v6 addresses with a reasonable price; for end-users I also understand the opportunity and need of pre-built appliance since they may understand actual sorry state of tech evolution but may not have enough knowledge to act autonomously but... Well your appliance seems to be too ridden by "modern design" I personally call it catastrophic.
It almost looks like there's a port in the top that expansions attach to. However, in the specifications, there is no expansion port listed. This makes me think that stacking is simply stacking, then we use a usb cable to attach the pieces.
There is no cable for stacking. The expansion units expose a USB-C male connector and plug into the base unit's USB-C female connector.