As the article claims, it doesn’t get delivered. Not even in the spam folder.
Other email between the same addresses goes through without problems.
EDIT: the Exchange admin center has the email quarantined with reason “malware”, discovered through “URL detonation reputation”.
This wasn't the only reason why I switched to Fastmail after 17 years of selfhosting, but it was among them.
I understand the logic, but most of us don’t have control of the IP allocations in which our email servers sit.
Proofpoint was the one that got me to move to Fastmail. They had filtered the entire IP allocation in which my mail server sat at a major cloud provider. Their stance was I could either use whatever email service that provider had, demonstrate control over the entire IP range (just to de-list one IP), or move my server to another IP that wasn’t filtered.
I understand the logic to an extent, but those of us who have enjoyed running our own email services are sort of left in no-man’s-land.
O365 Hosted, but non-governmental.
I do understand the ideer of letting a large IT organisation handle you email. Working email is a high priority, if not Microsoft or Google can make it work, who can?
But as soon as there are any problems a little out of the ordinary, its clear that choosing something like Microsoft or Google is a really bad idear. It's not possible communicate with anyone who know anything.
As more and more are moving their solutions to Microsoft and Google, they will be in a position to strangle any smaller providers.
They are a thread to the free internet!
"Update your drivers"
"Have you tried a clean install?"
Apparently also a british thing I just found out: https://english.stackexchange.com/a/32630
Being able to call out a single giant entity on HN is much easier than trying to get the world to agree on fixing something. Source: we still use SMTP and we still have no common way to authenticate a sender without a centralized email system. (Yes, I know about SPF, DKIM, etc.)
I think the real risk is relying on email at all anymore. The underlaying protocol dates back to the era of "let's see if we can get bits to move at all" which predates any kind of "how do we know what we are getting is authentic" style of design. There are plenty of other avenues for communication that don't succumb to the many inherent pitfalls of email.
The pitfall in this very article is the fact that communication was centralized on a giant near-monopoly which imposes it's arbitrary rules on users by filtering whatever they want.
So in that context, can you tell what these other avenues of communication are that don't suffer from this exact same problem? I'm guessing you're thinking of various 100% proprietary channels, all of which suffer from the problem of being centralized and users and content can get arbitrarily banned or blocked for no reason.
At least with email you can simply stop using microsoft-hosted email and move elsewhere and your problems go away while still remaining email accessible to everyone.
You are looking for an open+federated protocol. Those definitely exist.
For example, an older one that I'm well aware has probably long-ago-peaked is XMPP. One can host their own XMPP domain and talk to other XMPP domains just like email can. It also has the ability to send content, presence, pub-sub notifications, offline messages (much like an email message) ... you name it. Storing contact lists and associations combined with the fact that messages come from authenticated sources by default means that spam is a lot harder to accomplish (or at least a lot easier to squash). All of this and XMPP is a 25 year-old protocol; This protocol can legally drink in the US. Just imagine what else exists today! :)
However, the problem is not what technically exists. The problem is what is popular. Email is still extremely popular and ingrained in so many places. It's easy to extend and put up a quick webpage that submits an email from some user-input. It's easy to send notifications/advertisements to. Attachment protocols have largely been sussed out. It's even used quite commonly as a second form of authentication. You can expect most people to have an email address while a much smaller percentage of people expect to have any other single-form of electronic communication.
For context, I have been running a Debian mailserver (postfix + spamassassin + dovecot) with autoupdates - and occasional major version updates - for family and friends since 2007. Barring the occasional period of being preferentially delivered to the spam folder, I have not experienced any problems. My major benefit: I am sure that if a mail is sent to me, I will receive it.
The system is running on one of the cheapest root servers from Hetzners used server market, and it also runs an odd set of other websites and VMs, so the IT investment is limited. I also consider the administration and update tasks as a form of continuing education in my profession.
When you have 30,000 users worldwide is it daunting.
I wonder if those who say they're "honestly confused" why someone would let someone else do undifferentiated heavy lifting for them are not really confused.
But few, if any, that have the many advantages of email. Different tools for different needs and all that.
I sent a second message from my personal account to my O365 account, with just my company's URL in the body. This one was delivered right to the Inbox.
Maybe they are? Not saying intentionally, but perhaps they have been compromised?
In my experience with Microsoft's URL detonation, it could go either way and be a false positive or be real. In one case where I had a definite false positive, opening a ticket with Microsoft resolved the issue within a few hours. Both myself and the entity with the false positive are government cloud customers, maybe our experience would be different in the commercial cloud. Interestingly, this issue seems to affect anyone using Microsoft hosted email without regard to which cloud you are using. Different data centers, separate implementation, but some shared data apparently.
That seems on its face like an impossible contradiction to me.
Interesting to me that this also blocks sending the IPCC report even as an attachment.
This certainly seems oddly targeted, but I doubt that Microsoft is intentionally to blame. More likely their infrastructure is compromised and someone is selling blacklisting as as service lol.
I could see some sort of whitelist that overrides some sort of machine learning based blocking.
Not to say it's super reasonable but that's the only reasonable thing I could think of, with perhaps not applying it wholesale being that it would allow spammers to just include a link in background color to bypass spam protection or something
Anyone emailing something that contains their URL.
This includes the IPCC report, which is fairly significant if you're a climate researcher:
> No organisation using Microsoft email services can currently send the IPCC Sixth Assessment Report of Working Group 3 as an attachment to anyone else (newclimate dot org URL appears 11 times in the report). The same applies to hundreds of other relevant scientific papers and reports from any organisations, where NewClimate URLs appear on the reference lists.
Hell, even MIT has succumbed to this pressure - they are in the process of migrating the entire campus from an onsite hosted Microsoft exchange server system to cloud hosted microsoft 365 email system. To the laments of the users and the IT staff who have to support it.
From a system that has served a massive user group like MIT successfully with little downtime for over a decade to a system that has already caused multiple issues - even when they are still migrating people after 6 months...
Have you tried to set up MFA for an on prem Exchange system? Well, it is simply impossible. MFA on activesync ? Impossible.
When you have to support such a legacy environment you are better off moving to Microsoft 360 (I think this is their new name), or gmail or others similar players.
Seems unlikely that will actually be the case if even plain emails are being silently dropped without notice just by have a certain url in them.
Much better to have it on premises, and actually get notified when emails are mysteriously dropped.
The small providers can get caught in the gears of large providers or even smaller providers using idiotic RBLs (sometimes a single one that causes a permanent reject). Nobody dares block Gmail or O365 however.
But you won't have an undiagnosable spam filter. Depends on your risks.
O365 just handles all of this out of the box.
To emphasize, I think New Climate's blog post does correctly highlight the fact that when "the algorithms" go haywire, it feels like it takes multiple acts of God to get a human to actually fix the issue. But I'm just tired of the lazy appeal to "What The ELiTes DoN't WanT You TO KnOw!!!" whenever a bug pops up (and, ironically, who the "elites" are solely depends on what tribe you identify with - in this case, if you're pro-CO2 reduction, the elites are evil corporate masters seeking more use of fossil fuels for their profits, and if you're on the other side the elites want to use climate change as an excuse to stifle the economy and keep the peons in their place).
But it also illustrates what could happen. Microsoft or Google could decide to silence email on certain topics, or they could conceivably be ordered to do so. Would they refuse? Doubtful. And they are so big and handle such a large percentage of email that it would have a real impact.
Information control is becoming mainstreamed and it’s hilarious that people are so willing to assign to incompetence or error what has been clearly demonstrated to be systems of control and squelching of difficult opinions, especially from big tech.
You see “big tech” (Microsoft, Google, etc.) has been responsible for so much crushing of “misinformation” lately I think it’s comical that people give the benefit of the doubt when these things happen.
Shouldn’t we at least be mocking them for their hilariously dangerous errors and sometimes failures? Isn’t it honestly time to stop calling it a “conspiracy” like it’s not happening.
I’ve run large scale DC operations. I know these things happen. But I seriously think it’s time we started questioning information control practices when they pop up like this — it’s not conspiracy when you have dozens of blatant examples.
I had intended it as just a random thought because it struck me as funny. But seeing the backlash is anything but heartwarming and I really think people should seriously consider what could happen and is likely going to happen and defend against it happening.
There is so much hostility to the idea that big tech would do this, when in fact they have been regularly doing it. Why in the world would you think this isn’t possible and how could anyone honestly assign “accidental” blackouts of organizations to conspiracy in 2023?
https://www.cnn.com/2023/10/20/media/jon-stewart-apple/index...
Some of the other reports about this only mention two of those three. Make of that what you will.
https://www.businessinsider.com/jon-stewart-show-apple-tv-en...
