641 comments

[ 3.9 ms ] story [ 312 ms ] thread
Ben Stokes is also a very popular English cricketer.
This is a fun hack, but there is no way I would get involved in providing any form of commercial email service for $1440 arr. I wouldn't do it for $1440 a _day_. Everything involved with email is pain. I wish you luck.
> Everything involved with email is pain.

Wish I'd seen this comment 4 years ago.

What would you have done differently?
Probably not run an email server. =[
Note that OP is actually generating loss at this point - 300 domains at $8 equals $2400, which is in itself bigger than the income.

Can you maybe share what problems OP might have? I have toyed with an idea of starting something similar and would love to know what I'm getting into.

But in one year he'll have almost doubled his investment unless subscriptions all cancel within the year (highly unlikely with things like domain names / email addresses / etc.)
That was before HN though! You have any idea how many eggplant emoji handles he’s sold since?
I've attempting something similar before so here's a non-exhaustive list of problems from the top of my head:

1. Getting to send email, at all: lots of hosting providers blacklist outgoing port 25 TCP specifically to prevent random people getting their IPs put on a spam blacklist

2. Getting your IPs de-blacklisted: unless you get really lucky whatever IP you _start_ with has a good chance of already being on several blacklists, and some make it stupidly hard to get your IP off the list even if the ban was from 5 years ago by whoever had the IP back then

3. To even have a chance of your emails being deliverable you have to understand and configure reverse DNS, SPF, DKIM, DMARC (and probably a few other I've forgotten or which have been invented since I tried this)

4. Even after you get this far, major providers like gmail are likely to send your email straight to /dev/null because you're a new provider with no reputation

5. If (or more accurately when) somebody manages to abuse your service to send a ton of spam you'll get re-blacklisted and have to fix that all over again and implement/fix spam filters to stop people like this (this will probably happen several times as you constantly attempt to battle spammers)

6. You're going to want some sort of incoming spam filter, because people don't really like spam in their inbox, and most existing open source and/or free solutions are mediocre at best

7. If you use a weird TLD (i.e. not .com/.org/.net/similar) random online business will not allow your email or not send to you properly, and your customers will blame you despite you being able to do almost nothing about it

8. Even if you use a "standard" TLD to get past 7 some particularly bad actors will use a email domain _whitelist_, so only gmail and friends are allowed, and again your users will blame you

Depends. If he is actually running only a forwarder , it is much easier than running an full fledged service with mailboxes and other support.
Running a 'forwarder' still means that you have manage the MTAs, and all the infrastructure around it. It's still a lot of work.
> Everything involved with email is pain

Agree. Even if you comply with most important technical standards/requirements you still need to spend a lot of time overseeing your system, and researching best practices and recommendations that directly affect domain and IP reputation, to avoid getting blacklisted.

Shameless plug: A while ago I decided to try build a home made SMPT Mail submission component for better understating what's going on under the hoods (and for "fun"), it was really though, and once I was able to send a DKIM verifyed e-mail to GMAIL servers I called it a day and moved on [1]

[1] https://thomasvilhena.com/2020/01/mail-submission-under-the-...

> Even if you comply with most important technical standards/requirements

...there's no guarantee anyone else will. Currently I am getting moaned at because the "Money Stuff" newsletter is not arriving - which appears to be because Bloomberg have flubbed their DKIM. What am I supposed to do about that, eh?

The other day I setup a postfix server in my VPS, which I intend to use with mailman3 to have some mailing lists.

It was a bit of a pain to set up, but nothing too difficult. The worst part was setting up DKIM and SPF.

The thing is, I constantly hear people saying that managing an email server is something extremely difficult and that requires constant attention.

Am I doing something foolish by attempting to do this by myself? Should I just pay for a big email provider? (They’re quite expensive for the resources my organization has)

I’ve tried to set everything up as securely as possible, but I’m not an expert in email either. I’m just afraid I might be creating big trouble for myself in the future.

I set up a personal mailserver a few years back, and have hit a lot of painpoints. The main ones were software complexity (setup) and dealing with blacklists (ongoing).

Setup for a normal mailserver requires Postfix (SMTP send/recieve), Dovecot (IMAP mailbox management), SpamAssassin, a webmail frontend (Roundcube), something for user management (MySQL + PHPMyAdmin for me) and a generous amount of glue. Things like DNS records, config files, spam rules and classifiers, etc).

Blacklists are far more annoying, especially w.r.t. GMail. I use a DigitalOcean node, and some of their IP ranges are blacklisted due to past spamminess. Depending on the provider, there may or may not be a bounce email, and may or may not be a whitelisting process. I've even seen mixed results within GMail. I can send from my custom domain to my GMail without trouble, but emails to a friend using a custom domain on GMail are dropped silently. (That's the worst of self-hosting, I think. Silently dropped messages are way harder to detect than a mailer-daemon block notification.)

Long story short, it's a mess :)

On the flipside, similar commercial plans (3 domains, 20GB shared storage) run $30/mo or so, which is way more than I'm willing to spend on a vanity email. Sounds like a similar story for mailing lists.

I'd give self-hosting a shot and see how it goes. Since mailing lists are opt-in, users will know if they aren't receiving what they signed up for, and are likely to reach out for support help. That's different than conventional email, where a silent drop and no reply are hard to tell apart for the recipient.

Hope that wasn't too much info/text, and good luck!

(comment deleted)
I think i might have realised I've become old, when the very idea of an emoji domain causes me anger. sigh
Don't think it's about age. I'm also considered old (in the technology sphere at least) and I don't really enjoy the "emoji" humor either, but I don't get mad about seeing them. Let others have their fun, no need to get angry about things you cannot control.
I think I'm old in that I was thinking how would I write this emoji email address on paper. Also I can just imagine the joys of form validation when you add an emoji into the email address. On the other hand I doubt most email harvesting bots crawling the web would be configured to recognize an emoji email.
You shouldn't use any vanity email address as your only address, unless you want your online life lost to inbound GMail and outbound corporate filters. So, if there's a situation where you need to write it down, use the 'serious' address.
I'm not old and I hate it. I don't even know how to insert an emoji on a computer.
Yeah thats what i meant. I should see the fun as the primary part of this. I guess we're just one step away from meme email addresses.
But it's reasonable. Domains are already surprisingly confusing to people. Emoji in a domain piles on top of that when people have no clue that's possible. Plus it makes it more difficult to communicate the address verbally and it can be hard or even impossible to enter the address in some systems.
> I setup an email forwarder to route all email sent to .ws to my regular email address. >Eagerly I typed ben@.ws into the "to" field of gmail and hit send. > The email never hit my inbox. It was lost forever in cyberspace.

I think this was just caused by Gmail now working when a message is sent and received at the same account. It just disappears. [0]

It’s really annoying, it’s not part of a spec, it’s just gmail.

I ran into this because I have some forwarders too and if I send an email from gmail that goes out, when my external mail server sends it back to gmail it never gets there. It’s not deleted, it’s not marked as spam, it just doesn’t exist and there’s no record.

I suspect if author had sent from another account it would work fine.

[0] https://support.dnsimple.com/articles/troubleshooting-email-...

Can confirm. This bit me recently until I thought to use another account for testing.
Exchange also does this, if you are part of a group, send an email to that group, you will never get it. We ran into it when one of our systems were sending an alert for a failed action to a group, but it was sending it on behalf of the person that tried to do that action and eventually failed. Everyone in the group was getting the email, except the original person.
That’s not so bad, but it’s not as bad as gmail.

Exchange will return a message that comes back to the mailbox via a forward. Also, I think, Exchange is doing this because the list is on server and it’s part of Exchange’s deduping. If I send to the list and foo and foo is in the list, foo gets one email, not two.

For example, I have foo@gmail.com, foo@outlook.com, foo@prepend.com.

I set up foo@prepend.com to forward to foo@gmail.com.

If I send a message from bar@gmail.com to foo@prepend.com, it comes through as expected.

If I send the same message from foo@gmail.com, I never get it. Prepend.com’s mail server has a record of sending it to gmail.com, but my gmail account has no evidence of it anywhere.

If I change foo@prepend.com to forward to foo@outlook.com, I don’t have this problem.

(comment deleted)
Is this some sort of abuse protection, where people use gmail as free storage?
Gmail already is free storage, AFAIK it shares you data quota with you Google drive account.

Most likely this is a 'mail-loop' prevention. If you setup two accounts that forward to each other, then emails will be stuck in an infinite loop. Inject a couple of multi-megabyte emails into that loop and you can take down the entire service. This is effectively a DOS attack.

It could also be an implementation detail.

Mail messages have a unique identifier. Gmail might just concatenate the mail identifier with your account identifier to use it as a primary key to store your email in the "mails" bigtable.

If you send email to yourself, when it comes to put the mail into the mails bigtable, the result will be "primary key already exists, cannot insert"

Maybe similar to this, but it works if my message stays in gmail when I send from my gmail straight to my gmail.
I don’t think so as email forwarding is pretty basic and it’s blocked even for tiny messages.

I suspect it was just some stupid developer pre-optimizing, thinking they were clever and not thinking through use cases. “Every email from me to me will skip external routing and just get flagged in storage; therefore, any email from and to me and not through that process must be fraud and we’ll just save the user from that and black hole it.”

IIRC, at one point in time, there was a way to evade spam filtering by setting the “from” and “to” to the recipient. Maybe this has something to do with that
Perhaps but this is where gmail is being stupid as they should be able to authenticate that the message actually was genuinely generated from a gmail account.
This is the most confuse part of gmail. I run an email forwarding service and I got this exact problem.

I ended up build a "Test button" where customer click, then we send an email from our own address and let them know why we did that and also link to your link.

Gmail is no doubt very useful but they have quite of few of quirks.

I'm confused, as I'm able to send and also forward messages from myself to myself just fine in gmail. How would I recreate this? Does it only come up for emails coming from outside of gmail?
You need a third party in between.

That’s what is crazy and took me a long time to debug. If I send from my gmail to myself it works fine.

But if I send to an external mail account that redirects back to me it’s gone.

You can test this with any mail server you run. You can theoretically run a mail server locally and test it if you have DNS resolution that gmail can see.

I use cpanel on one of those countless Linux shared hosts and they have a decent mail admin, I expect any other host will have the same or similar.

set up an account two@any.com.

Two@any.com forwards every incoming email to one@gmail.com

Send an email from one@gmail.com to two@any.com (which will automatically get forwarded back to one@gmail.com).

There will be no incoming email back in one@gmail.com. it will disappear at two@any.com

Should be in your sent folder right?
Yes, but it never gets to inbox. So it looks to the client exactly the same as a broken forward config, or some other bug where the recipient mail server doesn’t error back.
I don't know if it's related to this, but gmail deduplicates emails based on the Message-Id. This is entirely broken behaviour and causes trouble for us with mailing lists (eg. a mail is sent to the inbox and a mailing list, or sent to two mailing lists). Another in the list of reasons not to use gmail.
But if you send yourself an email, you will get it? How does deduplication work for that?
This is a “feature”. If an incoming message is “from” the recipient account, and somehow makes it past the spam filter, it puts it in sent.

In a perhaps apocryphal story, at least one person was fired when a malicious coworker used this to forge harassing emails from the victim.

(comment deleted)
Cool, but I also wish this wouldn't exist.
I'm confused by the post about if I can buy g@ or only g@.kz - the post seems to suggest the former but I don't understand how that would work
oh HN doesn't support emojis - that is

    g@<unicorn-emoji>.kz
or

    g@<unicorn-emoji>
I think you need the .kz, if you don't, I can officially say that I am out of the tech game and need to go grow potatoes.
You need a TLD but IIRC, the second level is not required. So you could have something like `http://google`, which I think, Google actually had at some point in the past. Cannot however find anything related to this anymore.
The .ai TLD has an A record, so http://ai/ works.
Yes, this I understand. But not the other way around.
I am also confused. I assume the email address would always be postfixed with .kz or the email would not arrive.
Yeah, the YouTube ad shows this (there's a quick screenshot of an email address with .kz after the emoji). But the ad also does the trick of eliminating the ccTLD after gmail and yahoo, it asks you "Still using an @gmail address?" ... well I use an @gmail.com address, but I see what you did there, you eliminated the .com so you could also hide the fact that your emoji address actually needs a .kz at the end.
g@<emoji>.kz
You need the TLD. He was just saying that he was looking for TLDs where it was currently possible to register a single emoji as the second-level domain. He found .kz and is now selling <whatever>@<emoji>.kz
Cool project! Like others noted mail can be such a pain though, you'll need a lot of customers to make it worth keeping it running after the first year.

Note: In the FAQ it says the price is $5/yr, but it seems to be $9.99 now.

I co-founded Nameplanet. Back in '99 we registered ca. 60,000 domains to provide vanity e-mail addresses (not at full price - we negotiated steep bulk discounts for several TLDs). In the end we moved on to create the dot-name TLD, and sold the e-mail service. It took the purchaser less than a year to recoup a multi-million purchase price by converting a tiny proportion of the userbase to paid accounts.

So, yes, you'll need a lot of users, but there's been a market for paid vanity e-mail addresses for a very long time, and this seems to be an untapped niche... I doubt he'll get rich off it, but there's a good chance he can grow it to a size that makes it very worthwhile.

This address will not work for obvious historic reasons in Germany.
Yeah, that product is pretty much dead on arrival in Germany

Such emails would look _very_ sketchy to most Germans

As a native German I have to admit that the problem with .kz only occurred to me after you mentioned it. I'm not sure if I should feel good or bad about this.
(comment deleted)
For anyone outside the german-speaking countres: https://en.wikipedia.org/wiki/Nazi_concentration_camps -- In german: Konzentrationslager, abbreviated with KZ. Similarly, never use abbrevations like SS, NS, AH, HH, HJ in Germany. Also, some of these are forbidden on our license plates.
Are Buddhists and Hinduists allowed to use Swastika in Germany?
Yes they are. The Swastika is a religious symbol, the Hakenkreuz is not.
For the same reason, I hope he doesn't support this emoji https://emojipedia.org/star-of-david/ - or else the service would attract customers he might not want to be associated with...
Take nazi's money and give them a broken email system in return? Sounds win-win to me.
Jews?

edit: nevermind, I get it now.

Eh, you don't want the service to attract Jews or what? Star of David is a symbol within the Jewish community. What you are referring to is probably the "Yellow badge" that was used by Nazis for identifying Jews. Two very different things.

Let's not make all Jewish symbols Nazi-related, we have enough of that already.

Also, some soldiers wore the Star of David as a symbol of defiance against antisemitism. So if you see someone wearing that symbol (or using a domain with that symbol), assume they are Jews/supportive of Jews, not that they are Nazis.

Associating the star of david with the .kz TLD (concentration camp) is not a good idea.
Unless you're a avid Jew living in Kazakhstan of course.
For us who don't have the historic context (nor understand the reference to past concentration camps), what do you mean it won't work?
KZ is the shorthand for Konzentrationslager, i.e. concentration camp.
Ok, and .kz is the ccTLD for Kazakhstan. You think people can't realize the difference?
There's a difference between "realising the difference" and "actively wanting it as my internet identity".
Yep. If you're a German living or working in Kazakhstan it's certainly fine to have a .kz email.

Using it as in a vanity domain like we do with .me or .io, on the other hand, will definitely look weird.

You think the average person would know what a ccTLD is or that kz refers to Kazakhstan?
I think the average internet user is familiar with country-specific TLDs.
I think the average Internet user is not familiar with country-specific TLDs except for their own country and a few others. Most people do not realise that .me, .tv, .cc, are country TLDs, they think they are country-independent TLDs similarly to .com, .net, .org, and in practice they may well be used more by organisations and people that have no relation to those countries than by those that do. In this case even users who are aware that they are strictly speaking country TLDs have reason to assume the same applies: .kz was not picked because of any relation between Mailoji and Kazakhstan. It was picked for technical reasons, but users would not know of those technical reasons, they would have no reason to think it was picked for anything other than .kz being seen as a good name.
I'm just giving the explanation of the historical context to GP, I'm neither German nor a lawmaker in Germany.
Germany is a bit over the top in this regard. When abbreviating a name to two letters (like as an avatar or as a short form for a newspaper author name) we usually specifically avoid KZ, HJ, NS, SA, SS. You also can't get those in a license plate.

There must be some demographic which cares. I've personally only seen people amused by it.

Could you please explain HJ, NS and SA?
HJ = Hitlerjugend (Hitler Youth)

SA = Sturmabteilung (NSDAP paramilitary org)

NS = idk, probably NatSoc / National Socialist

(comment deleted)
If you asked 100 people in Germany(!) what "KZ" stands for the result would be something like 95 say "Konzentrationslager", 5 say "I don't know" and 0 "ISO code for Kazakhstan".
Indeed. But if you ask the whole world (as we're on the internet), 1% might recognize it as "Konzentrationslager", 2% might recognize it as Kazakhstan and the rest have no idea.

So for general internet usage, I think it's fine. We're not modelling the internet after German customs after all.

No we're modelling the internet after US customs, which is why boobs are banned from mainstream Internet services and have to hide in the porn.

I'm not sure we're better off.

Maybe if you frequent websites based in the US, yeah. Otherwise no, there is plenty of boobs all across the web and some sites don't hide porn as not everyone is as prude as the americans.

But there are other webs out there, speaking many different languages and carrying many different customs. The beauty is that if you don't like US customs, you can usually find communities that are far away from US culture.

I just tried to explain why the .kz email-address would be problematic for germans. I didn't propose that this should be the general rule for all the internet. Personally I don't have a problem if someone from another country emails me from a .kz domain. But I wouldn't get one myself and if the person emailing me is german I would probably look twice to see what the reason behind that domain choice is.
I'm sure people can realize the difference, but I'd expect the thought process in Germany to go something like

1) hmm, they have .kz as the TLD

2) apparently thats kazakhstan? TIL

3) kinda weird that they, not being from kazakhstan, would choose to have that as their TLD. Maybe they're using it with another meaning in mind.

3.5) Let's give them the benefit of the doubt but remain wary of potential secret nazis, as one has to, here.

It's not whether they realize what it means as per the intent of the service provider, it's about what people think it means for other people. Since we're talking about an email service. I.e. I guess it's one thing to email someone in Germany from an <emoji>.kz email address and a completely different one to have customers (well, at least non-neonazi ones) signing up for such and address. Even if they do realize what kz stands for.
Ah, sorry, when I said "they" I meant a user of a .kz email address, not the service provider.
And .tv is Tuvalu, and .me is Montenegro, and .io is the British Indian Ocean Territory. But those domain names are popular largely because they have other meanings.
i.e. Nazi Death Camp
No, concentration camp. Extermination camps were a subset of concentration camps.

Doesn't mean that prisoners were expected to be well treated in a concentration camp (typically just well enough to be productive as a slave), but they were not directly sent to the gas chambers.

we don't make too much of a distinction in Germany or Austria in general usage of the word - while what you point out is technically correct, pretty much everybody here will understand "KZ" as "the whole of the nazi death machinery" and will definitely want to avoid to append it to their mail address in such a prominent way
Oh I'm all for simplifying the general language, the distinction doesn't really matter. However, I prefer to stick to the correct terms in writing :)
I think words here do matter. Concentration camp isn't taken as a euphemism, per se, but Nazi-specific jargon. This weakens its ability to invoke sympathy for other high-density, high-mortality regions
I really enjoyed the rabbit hole and sort of wished you made more money.

I think you need FOMO to get this to take off. My idea would be to join clubhouse app (I can invite you if you need) and tell people about your story as it’s entertaining, get some influencers there to have an emoji email on their bio as a contact - which is a perfect fit as most bios have a lot of emojis and clubhouse has no DM feature but people like to get I touch. The idea is a nice mix of utility and craze. Better than those NFTs in my opinion.

Plus I’m tempted to get one :) I’ll sleep on it though.

Good luck!

I bet since this hacker news post he's made much more money.
Really fun idea and interesting to see how it grew and grew :)
When we can’t even discuss current tech events here on HN because HN filters out the characters needed, maybe it’s time for HN to rethink its emoji filtering policy.
I think you may expect way too much from such a simple website
Supporting Unicode characters is too much?
Supporting Unicode characters comes with a set of complications that you may want to address, as, for instance the infamous HTML-parsing with regex rant shows.

As soon as you start trying to address those, the simple problem suddenly grows quite a lot in scope.

Notice that HN already does support unicode: α β γ é ö 本

It actively filters out a small part of it, mostly emojis (which I think that it is a good thing to do).

Is HN actually filtering these, or they use utf8 in mysql which is famously not full utf8mb4?
Hah, you think HN would use something mainstream like mysql?! I don't blame you.

But HN is 100% custom software, and built with it's own programming language as well, Arc (on Racket). AFAIK, HN still runs on files-as-a-db. You could check out the source here: http://arclanguage.org/install

Why "still" ? Is there anything wrong in using the filesystem as a database when it suits to do so ?
Nope, I'm not implying it's bad, just that they used to do that and they still do that to this day. I have nothing against storing data in files. In fact, I do that all the time myself too.
Don't databases also store data in files or am I missing the point?
Yes, ultimately they do (usually) and yes, you are missing the point.

"filesystem as a database" is not referring to database software that stores the data on disk but rather that the application is directly interacting with the filesystem. Imagine dumping a JSON document to disk, then reading it from disk, compared to storing a JSON string in a DB. Sure, they are both backed by the disk, but one is not "filesystem as a DB".

That release is quite outdated. They added a lot of stuff to filter spam, voting ring detectors, and other moderation stuff. Anyway, as far as I know, everything is still saved to the file system.
(comment deleted)
I find this trend of despising emojis quite pretentious and annoying. They are very useful in some circumstances. Acting like anyone using them is a dumb teenager, or they will automatically ruin a community, is completely absurd.
Its Gen X and you know it

They don’t know it, but the rest of us do

Its not a trend its out of touch old people that dont know they’re out of touch old people yet

What exactly are we afraid will happen if someone uses an emoji instead of typing :) ?
it's not really a big deal. Just like not allowing bold or colored text in the comments.
I am very thankful that it’s not supported
Lets just use punycode, it can be the new l33t xn--g28h
I think it would be acceptable to support emojis, but set the font to use the black/white ones rather than colour. That removes most of the distraction.

At present, this can be done by following any emoji character with the text variant selector, U+FE0E [1] (the example works perfectly on Firefox on KDE).

Later, it will be possible with CSS [2].

[1] https://mts.io/2015/04/21/unicode-symbol-render-text-emoji/

[2] https://drafts.csswg.org/css-fonts-4/#font-variant-emoji-pro...

These still work:

⬛ ⌛ ⏳ ⌚ ⏰ ⏱ ⏲ ♟⌨♨♠ ♥ ♦ ♣ 🃏 🀄⬆ ↗ ↘ ⬇ ↙ ⬅ ↖ ↕ ↔ ↩ ↪ ⤴ ⤵ ▶ ⏩ ⏭ ⏯ ◀ ⏪ ⏮ ⏫ ⏬ ⏸ ⏹ ⏺ ⏏‼ ⁉〰⭕〽© ® ™ #⃣ ⃣ 0⃣ 1⃣ 2⃣ 3⃣ 4⃣ 5⃣ 6⃣ 7⃣ 8⃣ 9⃣ 🅰 🆎 🅱 🆑 🆒 🆓 ℹ 🆔 Ⓜ 🆕 🆖 🅾 🆗 🅿 🆘 🆙 🆚 🈁 🈂 🈷 🈶 🈯 🉐 🈹 🈚 🈲 🉑 🈸 🈴 🈳 ㊗ ㊙ 🈺 🈵 ⬛ ⬜ ◼ ◻ ◾ ◽ ▪ ▫ # 0 1 2 3 4 5 6 7 8 9

The unfiltered ones include, incredibly, the private use area of Unicode. You know, the code points that might show up as any symbol at all depending of the font?

About a year ago, (https://news.ycombinator.com/item?id=22741817) someone here used what they thought was the Apple logo symbol, but some fonts (which follow the ConScript (unofficial) Unicode Registry for private use characters) might show a KLINGON MUMMIFICATION GLYPH instead!

Maybe the whole covid thing lowered my happiness-level standards, but I find this charming.

Also I would be scared to receive actual money from people for something as out of my control as email. I hope the author doesn't get hit by a wave of "my emoji emails are not being delivered to @commercial-behemoth or @government-branch and I've made my emoji adress my main one and it's all your fault" a few months down the line.

The emoji part is charming.

The name grabbing (netflix and facebook domains) - not so much!

On the mailoji website it says you cannot currently send emails using your mailoji address. It's just for forwarding mail to your main inbox at the moment
The clever part about this is they don't deal with deliverability at all. This is only for incoming email.
> and yes, most form validations hate them.

Big mistake of these forms. Sometimes people are enormously resistant to following the specifications.

I used to have an email address at university along the line of "f.d'a@university.edu". I couldn't make use of it, because no-one believed it was a valid address even though it is allowed by the goddam RFC. turns out you could put a lot of funky stuff in the local part of an email, spaces ? yep. https://tools.ietf.org/html/rfc3696#page-5
always relevant: "So you think you can validate email addresses": https://www.youtube.com/watch?v=xxX81WmXjPg

Which is also why proposals to put email certs (S/MIME, OpenPGP) in the DNS led to hashing the local part, as DNS only allows ASCII and is case insensitive.

Pretty stupid of your university to give you this address. Sure it's technically valid, but they know perfectly well it will be refused almost everywhere, and even when not explicitly refused, it will cause bugs. Being technically correct is useless if you're the only one doing it.
Yes, it was I guess that was a bug I'm the student name to email generator. They quickly provided me a convenient alias but I was still able to receive mail at the address with the apostrophe, and it was cool. Having an apostrophe in my name still triggers a surprising numbers of bugs to this day...
There's a big downside to using .kz in that the registry has a policy (as per https://nic.kz/rules/) that .kz hostnames must relate to "Internet resources" located on hardware and software located within the territory of Kazakhstan.

I think the OP is OK as it appears the IP addresses of both the A and MX records are located within Kazakhstan, but something to be aware of if you think registering a .kz is a fun idea(!) :-)

This is something to keep in mind with all TLDs really. They're not all created equal and can be subject to rules specific to their operators. Have to do your homework before you buy that cute domain.
Which OP didn't do multiple times and got his purchased annulled. But hopefully in the future, heh.
Like how many UK businesses and individuals had to give up their .eu domain name after leaving the EU.
I'm really surprised they didn't do the logical thing and grandfather all existing domains in when the UK left the EU.

It seems like the policy was simply designed to frustrate as many people as possible for no real gain for the EU.

It could be a fraud prevention and accidental legal misrepresentation defense mechanism to take away the .eu domains from the UK. If you go to a .eu domain and buy something you would expect not to be subject to import duties etc.
The EU continues to control .eu because it is available only to EU citizens. Nothing changed.

Your surprise exactly reflects the typical beliefs of a Brexit supporter, you thought the idea is you get to keep all the benefits you had before, and also you get rid of any downsides you didn't like, and somehow it's the EU's job to help you achieve this after you leave.

That didn't make any sense in 2016, and it still didn't make any sense in 2020, and so unsurprisingly here we are in 2021 and it isn't what happened. "We told you so" is boring but it's true. We told you so.

But this policy doesn't make sense for the EU either. They lose domain registration revenue. Thousands companies migrating to a new domain name will lead to confusion for EU citizens too, etc.

It just seems like a case of "we want it to be as painful as possible for you, even if we have to take a bit of additional pain for us too".

> They lose domain registration revenue.

But in the other scenario, they now have to deal with support queries ("why can they have a .eu when I can't?"), possibly legal action ("why can they have a .eu when I can't?"), etc.

A British business suing the EU in an EU court about a contract that explicitly says for EU members? Wouldn't go far.
> about a contract that explicitly says for EU members

...which would have some British businesses grandfathered in and therefore have a loophole that some enterprising lawyer can no doubt make a great deal of hay with.

> They lose domain registration revenue.

I think only micronations have a significant revenue coming from tlds (e.g. Tuvalu)

They maintain sovereignty though. That’s more important than domain registration revenue.

If I somehow owned tax.gov, and was running a tax prep service from it, I doubt the “I’m grandfathered” argument would fly.

It’s likely similar to lawyers.eu (I made that domain up), etc; people should be able to expect that to be an EU based service, not something overseas.

The idea is that (at least in theory) when someone has the .eu domain, then they are in EU.

There are many ways to skip it, but it blocks at least some.

That revenue is tiny compared to being able to say .eu domains for EU orgs and businesses.
And so it should be. The Brexit should be as painful as possible for the UK. The more the UK is reminded of what they gave up, and what they will be missing, the better, as it positions them better for reentry.

Who cares about domain registration revenue? The only reason it isn't free is because of the administrative hassle of distributing frivolous domain registrations.

If EU citizens are confused about UK companies disappearing, maybe they'll search and be exposed to EU competitors, how could that be a bad thing?

Fortunately most institutions of the EU are not as absurdly extremist as you are.
Preposterous isn't it?
Who hurt you?
The British?
Oh are you from .io originally? (TLD of British Indian Ocean Territory)
I mean, almost the whole point of the British is that they fucked over everybody. Americans, Chinese, Russians, Australians, Canadians, Indians, all have plenty to blame the British for.

Even a bunch of people who by rational assessment would count as British can reasonably say the British fucked them over because of a series of Tory policies, first destroying the paperwork which proves they came here by invitation (on the Empire Windrush and other ships), and then insisting that since they don't have that paperwork if they haven't already secured citizenship papers they were never authorised to be here and must be sent "home" - in some cases forcibly deported to countries they hadn't been to in more than half a century. See "Windrush scandal".

.EU has a functional purpose, and to grandfather in those names would lead to disruption of the functional meaning.

Think of it as a UX reason rather than financial.

Sure it does:

1. The .eu TLD is supposed to signify that a business using it is part of the EU. That means EU consumers will know that EU regulations such as GDPR apply, they're unlikely to pay import/export taxes, etc. Allowing non-EU businesses to use it dilutes the purpose and value of the TLD.

2. The EU wants to avoid making freeloading look like a viable strategy. If Britain is able to leave the EU and still reap all the benefits of being an EU member, then what's the point of other nations staying in the EU? Domain names are obviously only a minor benefit of being in the EU but there's a reason this policy is being applied mostly across the board.

I was unaware that such thing happened, and I'm kind of surprised as it sounds like somewhat un-EU-ish to me, but I obviously had the wrong sense of what is EU-ish. And I wholeheartedly support that. I mean, it makes sense. If the domain policy of *.eu says that it is for *.eu-based people and organizations, and you leave the EU, why the fuck should you keep it?

If EU wanted to make more money on it, it would have made it available for everyone from the start. If it doesn't... well, it just means domain-selling is not the core EU-business. So it's exactly one of the 2: either Russian and Japanese companies should be allowed to own *.eu domain, or British ones shouldn't. And I don't honestly care which one is it. But it cannot be both at the same time.

So, no, it's not about hurting you, it's simply about the fact that the world doesn't revolve around you. As surprising as it may sound.

@dang flamewar alert!
The EU domain is available to EU residents and citizens, not just citizens. I as a British citizen and EU resident am entitled to one (not that I have bothered - someone got the one I wanted first :O )

I guess an EU citizen living in the UK could also hold them on behalf of UK based UK citizens. Thinking about it this situation does seem a little convoluted...

It might make sense for certain Internet resources to be made available only to citizens of some political region. It might make sense to revoke access to such resources if an individual renounced their citizenship or loses it due to their own actions (like, say, treason). But it really doesn’t make much sense that I could lose access to an arbitrary Internet resource I legitimately possessed because of large-scale political changes unrelated to my actions as an individual.
Both forms of Internet naming semantics make sense to me. Unfortunately, we've never reached any consensus or understanding at all about which apply where, or how to tell. That leaves us in this kind of crummy middle ground where different TLDs do or don't assert things about their registrants, to a degree that can change over time, and there's not an easy way to check. (You could read the NIC web site, if it's up-to-date, if it's in a language you speak, and if its stated policies actually correspond to its practices...)

It's not surprising at all that people's intuitions about a particular TLD would diverge. But it's sad, because it means the Internet naming system isn't working well in terms of the function of letting users know what particular names mean.

It's not crazy to imagine either a TLD that says "despite any possible appearances to the contrary, this is a first-come-first-served namespace in which names have no extrinsic meaning at all" or a TLD that says "this TLD is owned by entity X, and subdomains, like subdomains of a corporate or governmental network, are only given to persons with an appropriate relationship with entity X, and only during the term of that relationship". (Maybe even a TLD that says "notionally this TLD is about topic or group Y, but our rules about what that means are kind of idiosyncratic".) (But if there are TLDs in all these categories in the same DNS, both registrants and Internet users are probably going to be unsure which is which, as well as exactly what the TLDs in the third group "really" mean.)

> "After large-scale political changes I want there be no changes that might affect me personally."

.eu domain has certain registration requirements: - A Union citizen, independently of their place of residence. - A natural person who is not a Union citizen and who is a resident of a Member State. - An undertaking that is established in the Union. - An organization that is established in the Union, without prejudice to the application of national law.

Its completely normal for entities to stop servicing other entities after they aren´t in accordance of laws or rules.

.eu domain usage isn't that high, I don't think. I only have anecdata from my time in the UK, but .co.uk appears to be "the" domain to have in the UK.

From what I've seen the same is true on the continent. .fr and .de for example are highly popular in France and Germany. You rarely see local business reaching for .eu domains.

According to wikipedia, the number of affected domains is 344,584. Also compared to wiki there are 11M .uk domains and 16.5M .de domains. According to EurID[0] there are 3.7M .eu domains

[0]: https://eurid.eu/en/welcome-to-eurid/statistics/

Just a matter of getting a TTP / Intermediary to hold the domain for you in the EU, same as for the local presence requirements in for example .no(rway) and many other TLD's.

It's just another $10-20/year and fixes your 'problem'

Many domain registrars will offer this service, as 90+% of their clients will need it for these ccTLD's.

The most fun TLD is .su Someone on IRC managed to register "kremvax.su" a few years ago and gave anyone in the channel who wanted them email addresses (so I briefly had swiley@kremvax.su for example.)

Unfortunately the were asked for some documentation they couldn't provide a few months later and it got shut down.

Notion is frequently blocked because notion.so is a Somalian domain. Not really sure what they were thinking there...
> There's a big downside to using .kz in that the registry has a policy (as per https://nic.kz/rules/) that .kz hostnames must relate to "Internet resources" located on hardware and software located within the territory of Kazakhstan.

Any country TLD is a potential risk that most western "entrepreneurs" blissfully ignore.

Just a month ago notion.so had troubles with it's domain because .so belongs to Somalia, and Somalia changed some rules around registration and ownership [1]

The same, really, goes for Tonga's http://dev.to, Libya's http://bit.ly or Greenland's http://goo.gl...

[1] https://twitter.com/EpsilonTheory/status/1360239738020634629

Aka why I mainly stick with .com
The issue it that a lot of .com are taken so for the sake of a personal email address it is not ideal.

The person that owns "belval.com" literally registered it before I was born so I settled for "belval.org", "belval.me", "belv.al" but only the first one is accepted by most company.

Exactly, I too had to use .net & .us, because.com was registered in 1995.
My last name ends in al but the domain is taken. The .com one is taken by a guy who’s using it to showcase his Holocaust family tree (oddly enough his son had a run in with my sis a while back). I tried reaching out to him to see if he was interested in taking like .org but he’s not :( so I got .me
I offered $1k (there's nothing on belval.com) and belval.org to the owner of belval.com, he just replied to say "never contact me again" as if I was with the mob or something. It was a weird experience.
So weird. Why would you hold something without any plan to sell it, nor a thought towards using it?
Although .gl isn't much of a risk, as Google has some presence in Denmark and relations to the country.

But you shouldn't use TLDs of countries with which you have no affiliation.

Some extensions require presence in the EU, eg .eu & .it [0]

IOW not available to citizens or companies in Europe, but not member of the EU eg. Bosnia and Herzegovina

[0] Who can register a .it domain? https://www.nic.it/en/find-your-it/faq

The registration of a domain name in the ccTLD .it is permitted only to persons who have citizenship, residence or a registered office in the countries of the European Economic Area (EEA), the Vatican, the Republic of San Marino, and Switzerland.

I learned some countries have things like this after an article last month where someone traced an IP range used by palor or another organization like that to a country with similar rules, and filed a complaint with the company that leased it, who revoked the range. (Going from memory here, sorry if I'm getting things wrong).

Especially given Ive heard some of these TLDs are cheaper to encourage their use, people who want to run services on these should be careful even if enforcement is often lax or nonexistent until a complaint is filed.

Uh oh. How do I find rules for other domains? I went a little batty with the .de domain years ago and have quite a few. But, I'm not in Germany. While there is a mild ethical cringe at doing this, am I running afoul of some rules that might actually bite me later?
In general, Wikipedia has some starting points for all ccTLDs, for example for .de here: https://en.wikipedia.org/wiki/.de

The information on Wikipedia itself is mostly descriptive, while the registry website or other external links should have the actual rules and restrictions.

I’m surprised it doesn’t support emoji in the name field. No <emoji>@<emoji>.kz
When email addresses were standardized, unicode wasn't around.

For domains and hostnames we have punycode which maps unicode characters onto the ASCII charset, which is why it works.

This does not apply to the user portion of the email address.

Emoji as part of the display name should work, i.e. "Emoji" <user@emoji.kz>

RFC 6531 adds support for internationalized local-parts. Support in actual software may be lacking though.
I sometimes run into sites that won't even allow a + in the name part of an email address.

And yes, I use gmail and the + functionality extensively.

In the early days I used "/" in local parts, which is syntactically valid. That turned out to be a bad idea, as some mail software was mapping local-parts to file names...
Fun idea! But It’s too bad that Kazakhstan’s decision to MITM all HTTPS traffic makes this a nonstarter for actual use

https://www.zdnet.com/article/kazakhstan-government-is-now-i...

That seems completely unrelated to an email service, especially if most of its users are outside of Kazakhstan.
.kz registrants, like many ccTLDs, are required to host core services within the borders of Kazakhstan.
They don't MITM anything. There were a few ridiculously incompetent failed attempts. There will undoubtedly be more, but HTTPS works fine at the moment.

Just wanted to clarify this.

With the state of unicode support in the legacy systems that make up of our e-mail infrastructure, I doubt any emoji domain will be ready for any actual use, where you rely on e-mails being actually delivered to you.
I have a domain that would be great for an e-mail forwarding service, but I have second throughts about starting it... Is there someone here with experience in this area? What should the OP be most scared of?
Abuse by spammers and criminals, DDoS and hacking attempts for starters.

Lots of spam complaints to handle manually. Also payments using stolen credit cards.

I run an email forwarding service call https://hanami.run

It's fun because you gotta learn alot about email. Especially when you play with DKIM, ARC chain you found yourself reading through RFC. Or when I discover weird issue like this: https://hanami.run/blog/posts/the-quirks-of-gmail-ui/

I think the OP mail one is for fun, people who registered an emoji email properly expect some fun aspect and OK with email being lost.

In practice, the most scared thing is having your IP on blacklist. Very quickly people will complain when they lost email or too many email goes to spam or just rejected completely.

Due to the nature of email forwarding, people usually own the domain, so they use random address for many random website(coupon, download free ebooks, shitty newsletter...) so it attract a large amount of spammer I have to constantly deal with now. When gmail return a 550 in their SMTP server(550 mean they block/rate limiting), I got a bit worry at first but I learnt to live with it nowsaday

Why so fixating on buying google.<tld>, netflix.<tld>, facebook.<tld> etc? The fact that one of those might be available does not make them valuable at all.
You can resell it to another speculator. Which I don't like, but isn't so different from a cryptocurrency that is never actually used for trade.
My hat off to tinyprojects. This is a very cool project and I'm so happy to see they wrote this at the end:

> But they're fun, and I think tech should be more fun.

Apparently I run https://hanami.run an email forwarding service and I also say that

https://hanami.run/blog/posts/welcome-to-hanami/#the-future

> At the same time, we like to make email more fun. We are commited to build tools that help you process email easily. Your banks don’t have an API to help you build a real-time activity tracker? Just use email.

Email can be really fun, especially with webhook. I build https://pix.fastloop.xyz where you simply email pix@fastloop.xyz a picture to have it show up on the site.

I'm thinking about comment for a static site. Simply send an email to a magic address to comment? Similar to news letter? Anyone like this idea

Do you have some protection filters on for https://pix.fastloop.xyz?

I cautiously opened the site and was basically prepared to be greeted with (child) pornography. How do you prevent that?

I rely on email spam filterting, which seems effectively filter out them. No sophisicated filtering yet. I didn't advertise it anywhere outside of Hacker News and not many people know about it yet.
It works. But what is it for? How do other people interact with it and the images?

I like the commenting idea.

This is a great fun project but a risky business idea. Only 13 registrars allow emoji now and one could also say only 13 still allow them. It is well possible that they will stop supporting emoji, like other registrars did in the past.

How do I know? Many years ago happen to own the single unicode character domain name that was coincidentally very similar to the logo of my website. At some point the registrar informed me that my domain will not be allowed by the NICs rules anymore and they had to cancel it. Made me a bit sad, but it ever was only a novelty anyways.