1. Visit https://olcsupport.office.com/ and submit the complaint.
2. Wait for the auto-reply, followed by the "Nothing was detected" email.
3. Reply to the latter with "Escalate" in the body.
Within a day, they hammer shit in place and the block is removed.
We have implemented mitigation for your IP (51.15.2.26) and this process may take 24 - 48 hours to replicate completely throughout our system.
The IP's different tho :)
The thing is though that that notion is absolutly right. The law is like fucking magic.
what else could explain the fact that misspeaking even one word of the incantation will cause the magical shield of +5 "rights against self incrimination" to fizzle (or perhaps missfire and summon a canine companion) when being attacked by pigs?
the joke, if folks dont get the reference to an oldish story, is that you do actually in real life need to be be very specific and clear to cops in order to "invoke" your fifth amendment rights. https://www.washingtonpost.com/news/true-crime/wp/2017/11/02...
Which is incredibly stupid, but is just one example of the many ways in which law is so weird and unintuitive that its super easy for the uneducated to assume there are tons of weird eldrich legal phrases that if only spoken in the right place and time will conjure legal protection. Of course we who know better know that those eldrich legal phrases need to be spoken by a trained wizard (lawyer) with enough mana (money, time) at their disposal.
Sadly a "shibboleet" does not yet exist:
* https://www.explainxkcd.com/wiki/index.php/806:_Tech_Support
So thanks to the federated/decentralized design of email, is totally possible to be part of the network without any special privileges.
We are sending millions of emails every day though, which is quite different to sending a couple hundred personal emails a week. If you’re running this on a cloud host, expect to be blocked by default. However if you can find a small vps provider you’ll have better luck on sending yourself.
But it was really not that much work again. Just unfortunate, because one big Mail provider just discarded instead of rejecting my mails. After this was settled, everything works quite nice again. Important to me is keeping spf, dkim, dmarc and now also mts up to date. See mail-checker.com e.g.
I still wonder though, why some big mail providers do not do dkim/dmarc? I happen to realize this when I started to fight spam and gave incoming mails without dkim/dmarc a high spam score.
One time, mail-tester.com found that my paid personal email hoster had moved my SMTP server to a new IP address without updating the anti-spam sender mechanisms. (You had one job, people.) When email is how you keep in touch with a lot of friends, and occasionally make new consulting contacts, that's relatively costly.
A product like this is exactly what I've been looking for with pretty great pricing.
The one thing that this (and most providers) are missing is making email easy to test. I'm about to launch a product where email is critical, and there's no way to send an example email (with a non-test email address) to your service and see that you receive it, without it being sent to the To address.
Better yet, the few providers that do support it charge as if it were a real email, when none of the delivery costs exist on their end (there are infrastructure costs, sure, but there is none of the reputation risk nor need for clean IPs, the reason people use transactional services like these in the first place).
Eventually, most people realize that their Outlook/Hotmail email service is defective because they're not receiving emails, and they migrate to another email service.
Or people realise that DO's current anti-abuse is very insufficient and will move to something else.
DigitalOcean on the other hand started blocking SMTP by default for new customers since June/2022 [1], and thus significantly reduced the amount of spam coming out of their network. That said, they're still not doing enough to stop spam from their network, and they're still a source of spam [2].
I can cryptographically prove the identity of the server (and thus its reputation), and there's no justified reason to block mails based only on the network's IP address, while ignoring all the other factors.
1. https://www.digitalocean.com/blog/smtp-restricted-by-default
My customers can't afford to add a datacenter every time DO customers decide to steal our shit.
They generate a lot of phishing emails (rather than conventional spam). I used to diligently report it to their abuse contact, but they don't seem to care or do anything about it in the slightest.
This is exactly what I've begun telling people and warning friends and family members about. I run my own email... well I run my own ISP at this point and we have our own dedicated block of IPv6 addresses but still rely on IPv4 addresses from our cloud providers and I've started to grow frustrated by the lack of movement by the incumbent email providers that I've started just straight up telling people don't expect any email delivery from me if you're using any provider that still lacks proper IPv6 on their SMTP servers.
It's no longer my problem and I will happily tell people that their email provider is defective and that they need to find a new host. If that is too much for them, to bad so sad not my problem. I did everything I could do. At some point you have to stop trying to work around "Big Cloud" and their nonsense.
Microsoft blocking a mail server and DO being blocked aren't necessarily the same thing.
I service a number of MS accounts (hosted domain and O/H/live.com) and they block mail from small servers I manage - and from (non-major) online services I work with. There are forums frequent that send verification mails to MS addys that never arrive.
Past that: My last time blocking mail server attacks from DO IPs is today. It's always today and has been years and years. Not just DO. OVH, Psychz and a at least doz more attack with that consistency.
[edit: Post below mentions DO SMTP changes in 2022. DO is still attacky but less attacky is possible. Not sure.]
And not that far behind, Amazon. Amazon is a lot harder because unlike the above, I regularly get legit traffic from them.
This is from DO's own site based on a quick search:
"I am being BOMBARDED, and I mean BOMBARDED with spam from Digital Ocean over 5 spams a day all from the same bunch of domains, all hosted on DigitalOcean and coming from your IPs.
In the last 2 weeks I’ve emailed your abuse mailbox 20+ times and filled in the contact abuse form 10+ times.
NOTHING is being done about it. My next plan of action is to keep posting here until Digital Ocean takes action.
Do you even have an abuse team? are they doing any work at all? I can provide 30 more samples if needed."
Absolutely pathetic - all major providers should blackhole email from DO.
Note that this contrasts to AWS. I was on AWS from flat network days (where folks were running scans internally etc. AWS respond with a ticket usually to abuse reports and then usually a bit later a note that things have been taken care of.
How does AWS which is FAR larger in IP address space than DO have so much LESS spam coming from their IP address space? Perhaps because they pay a tiny bit of attention to the issue.
* Latency: Hetzner's ping latency is more than double for me
* Switching costs: migrating hosting providers can be time consuming
That said, I agree that DigitalOcean isn't good value for money anymore.
I solved the problem by paying for a next hop SMTPS server as an upstream smarthost for non-local mails. That means my mails come from a subnet that fronts TONS of other servers/domains. That makes it a bigger headache for MS to block.
Sad but there you go. I do not use the external service for inbound. Inbound mails come direct to my server per the MX.
Mailgun has been very good to me, highly recommended.
It depends whether you think of "the user" as the sender or the re cover -- as a (human) sender I'd rather get a bounce than be silently ignored in a spam folder, but as a receiver I prefer the grey-area emails to be accept-but-spamfolder, not bounced...
Besides, for something truly important, the people or organisations who need to reach me know how to do so other than via email (phone, chat, postal mail...).
As it happens, I noticed my mails have gone through just fine in the last months, at least to companies using Microsoft services without me doing anything specific, after I threw the towel with Outlook. I did switch VPS providers almost a year ago, though to a provider that I expect to be more filtered (ovh).
Several times per year—I can practically guarantee it’ll happen sometime in December, and indeed had to deal with this just five days ago—I end up with a bunch of users whose email notifications stop working because Microsoft have started blocking the entire netrange where my server lives. I don’t have control over other Linode customers, guys! I even wrote extra code to stop sending mail to addresses that start bouncing specifically to avoid blacklisting, so after MS finally processes a blacklist mitigation request, someone also has to go in and re-enable those accounts.
SPF, DKIM, DMARC are all configured; I’ve sent from the same IP address for about a decade; I’ve not once received an email abuse report; mail volume is low (most days, volume does not reach the minimum threshold for SNDS to report data[0]). I’ve never had any other mail provider blacklist my server. SNDS always says everything is OK as I am S3150s. What is even the purpose of SNDS at this point when it lies about what is going on?
[0] P.S. The janky SNDS calendar widget resets the month to the current month every time you click on a date, even if the date being viewed is in a previous month. I don’t have any hope that anyone will ever touch SNDS code again since it was clearly designed in the early 2000s and the copyright on the site is now ten years old, but this is a pretty silly bug.
About the calendar widget thing… man am I glad I our team doesn’t own that. No one ever touches legacy stuff cause they’re afraid it’ll break or no one will update but the trick is to file it as an accessibility bug since that gets someone to actually prioritize it since it shows up in reports that the execs read. But dude good luck getting that off the backlog, the one engineer we have who is good at UX stuff (i.e, can code with both quality and velocity instead of just one) has her hands full as is.
Thanks and good luck!
[0] https://www.linode.com/community/questions/22287/550-57511-a...
Got a link or cite for that paper? It sounds interesting.
You do have control over being a Linode customer though. If Linode isn't doing enough to prevent abuse, they deserve to be blocked.
a) if a mail sever looks like it’s gonna send spam, then you gotta block it. I personally have philosophical hang ups about this, like it’d be wrong to sentence someone to prison for crimes they didn’t commit just because a system added up some points and made a prediction with high confidence, but in real life, you absolutely need to be proactive. b) there is literally no way to do this that wont immediately get abused. Trust me we’ve tried. We make it nearly impossible to get unlocked on purpose because if it was easy, then it’d be like 1 innocent person using it and 99 attackers due to the adversarial incentive structures.
Now ofc there’s more nuance here, we really do want to get it wrong less often, and you do pay us so it’s not fair to blame it all on the bad guys, so I’m grateful for the feedback but I think you should give me even more detailed feedback since there’s not much I can do except give a vague high level explanation unless you help me by being specific.
> made a prediction with high confidence
Do you somehow track the amount of false positives these predictions generate? How do you tune the prediction to not generate too many false positives?
> but in real life, you absolutely need to be proactive
Why is Microsoft the only provider who needs to do such proactive blocking? Why don't you need to do that for email addresses associated with Office 365?
> I think you should give me even more detailed feedback since there’s not much I can do except give a vague high level explanation unless you help me by being specific.
My story is very much the same as for everybody else having the same trouble, including the person whose blog post sparked this discussion: A root server for personal use located in the data center of a mid-sized hoster, running a mail server as part of its duties. In my case the whole mail setup runs on IP-addresses separate from everything else. Mail volume to Microsoft would probably be on average 1-2 emails per month. No issues whatsoever getting emails delivered to other mail providers, only to Microsoft. This whole setup is in place since several years.
I get it, you're afraid that some VPS from a cheap cloud provider suddenly floods the inboxes of thousands of Outlook.com customers. I realize that a fresh IP that sends dozens of emails out of the blue has to be blacklisted.
But why don't you allow my VPS to send, say, 16 emails a day to Outlook.com inboxes? And if ⅛ of the recipients report junk, I get blacklisted. But if all 16 recipients are happy, my IP can now send 16+16=32 emails/day for the next few months (as long as the non-ISP hostname matches; otherwise, it might be a new VPS customer), and so on.
This way, your customers are happy (I don't think spammers rent/hack a fresh VPS in order to send 16 emails, and I don't think they are very good at building up IP reputation), and I'm happy (my personal VPS can send a few emails to my Outlook.com contacts every few weeks/months, and my project VPS can gradually build up and maintain the reputation it needs).
I'm obviously being naive about that approach, but I don't remember having trouble reaching Gmail inboxes or those of local providers, and at least for Gmail, I know that they have pretty effective spam filtering too, so I reckon that they use some approach like the one I described.
For a side project, I have just given up contacting olcsupport and instruct Postfix to send through our @outlook.com address instead, but that is a wobbly workaround at best. For personal email, I now relay through SMTP2GO because GDPR doesn't matter that much, but it makes me sad to have that gaping hole (called Outlook.com) in my decentralized email fantasy, after having spent so much time researching, configuring, diagnosing.
Why? Why can Microsoft not learn that an IP has been healthy and spam-free for 10+ years and only bother me when there is actual spam is being sent?
…I think this is just a systemic issue beyond my ability to comprehend, let alone solve, and— I hope I’m wrong about this but honestly when I look ahead it seems the future is only going to get worse for people like you. Which I wish I could phrase in a way that was more kind and respectful, it’s not what anyone wants, these unthinking scars inflicted on email as a medium.
But what I can do is make sure that it’s not worse for you, specifically. If I was perfect I’d attack this rot at its core, but I’m not, so I’ll just solve the problem in front of me even though I know it doesn’t scale and hope God forgives me. Get in touch with me directly and I’ll figure out how to make sure you don’t have to jump through those hurdles again.
Outgoing email volume is a handful a week, zero automation ever, and I must have spent dozens if not in the low hundreds of hours over the years on e-mail deliverability to Microsoft alone until finally giving up. Not comparable to anywhere/anyone else.
Just to say, behind every single false-positive is a story like mine and TonyTrapp. Missing out on a group tour with the local club. An old lost friend or family member not being able to get back in touch. Missed recruitment opportunities. A lawyer not receiving a time-sensitive follow-up.
What's the rationale there?
Eg. Known bad domains, known bad IP addresses, incorrectly setup DKIM / SPF, no reverse DNS, non-matching reverse DNS, and that's before even looking at content to determine whether spam.
My hot take is that this prolly won’t last because every org descends to doing a creepy level of data collection eventually so I have a textbook on privacy preserving ML downloaded for when we join the “surveillance but we found a way to make it technically legal” squad. We haven’t done that yet though.
What do you mean by tiers, exactly?
By tiers (which may be the wrong word, maybe just 'layers'), only relating to my setup, I mean things like:
- Tier 1: Spamhaus DROP and eDROP lists are outright blocked
- Tier 2: IP addresses that have illegitimately connected to my mail server ports are outright blocked (port scans, invalid login attempts, etc. - I manually check some of these against abuseipdb.com to determine their validity)
- Tier 3: IP addresses that have scanned non-open ports on my systems are outright blocked from connecting to my mail server ports
Just running these rules for a couple of months has dropped unwanted connections to my mail server ports a heavy percentage. One theory being that if you can block known-bad and highly-likely-bad connections, then actual spam detection (through email content review) is minimised to a certain degree.
I actually want to implement additional anti-spam IP address block lists and just haven't gotten around to it yet, but the above does a good enough job for my essentially unknown domains (as I said, a universe of difference to what Microsoft has to deal with)
- Tier 4: Black-box spam detection built-in to the all-in-one mail server solution I use (I don't know how it works, I don't know how to edit the 'rules' or even if I can).
'Tiers' I would expect Microsoft to have would be:
- Their own lists of known-bad IP addresses / ranges / ASNs
- Reverse DNS lookup validation
- DKIM checks
- SPF checks
- More protocol level 'things' beyond the understanding of a simple network admin such as myself.
- Weighting the results of all of the above to determine some kind of 'spam likelihood' score.
All of this is before reviewing the content of the actual message.
Does MS ignore IP reputation in cases where the domain has a good reputation?
How would you go about getting a new domain and an IP address from a public cloud provider working consistently?
I've had issues with outlook when it comes to new domains and IPs, but after some time it works. I do however usually have more email than a personal server so what's the best way - if such a thing exists - for a personal server that has much lower volume of mail to be trusted?
There isn’t a quick way, by design. You need to wait a minimum period and meet some predicates, and the organized scammers already know what the period is via empirical testing but I’m not comfortable disclosing details of those predicates for disorganized scammers to use. More so because I’d definitely get into trouble for it than due to any belief in security via obscurity. Cushy job makes you risk averse.
Since I can’t share any of the tricks, some general advice— the main thing that matters is a long track record of good behavior. You can end up in a vicious cycle where you fight the system when it punishes you and then it doubles down on the beatings— this is bizarre and kafkaesque and happens all the time. What you want is for there to be two-way communication, if it’s unbalanced with traffic being broadcast but no one engaging with it, that’s going to be cracked down on sooner than if recipients reply.
> Delivery to xxx@outlook.com failed with error: outlook-com.olc.protection.outlook.com. said:...
He got error messages? I get mail silently dropped.
MS drops mail from my reputable mail servers - and from rep svs that send mail to MS accts I manage.
I've been using the same /29 network for over 15 years now. There's no nearby adjacent networks that are on any blacklists.
I monitor blacklists on a regular basis.
No marketing. The domains I run are strictly personal and projects. I monitor volume and all kinds of stuff. I know there's nothing like spam or any kind of marketing going outbound.
It's astonishing how honest Microsoft is when I send them an email telling them to unblock. They literally just admit that they never had reason to block the domain/IP and they unlist it for a few years and then it goes back on their list.
It's become apparent that they blacklist by default.
Fortunately I only run into the occasional idiot who uses Hotmail or live.com.
How can we as ESPs respond to them appropriately with removal of these people who don't want our emails anymore, if we don't know who the user is?
If there are any GMAIL service team members here, I would LOVE to know why a feedback loop was never implemented like the other providers.
Yes, it "works" for most people, but it also has the effect of entrenching the incumbent large email providers and preventing more independent providers from cropping up.
The current method is very lazy and collectively punishes a lot of innocent email providers for the crimes of the abusers.
It destroys competition.
1. Don't send spam
2. ???
3. Profit!
Literally _all_ email that I've blocked has been from companies where I uncheck the box "send spam to me" and the company sends it anyway, or where the company thinks "oh this guy bought stuff from us, we can now send our daily/weekly/fuckly marketing spam!" or "we got your email from whatever shady place, and now we're sending you our information because you're in our industry" or stupid shit like that.
Gmail does not have a "block everything from this domain feature". I would love to block whole domains from my gmail account. Alas, I run my own email server to achieve it.
In my opinion, the internet would be much better if none of the big players ever entered it, including Google, Facebook, Yahoo, etc, and it would allow for many more decentralized and valuable commons like email.
When I last helped manage a mail server for a small business (late 2000's) SPAM was an absolute mess. You can really see why Azure etc has consumed on-premise Exchange.
The massive downside is they are the deciders of who gets through their gates, and if you're on their shitlist, goodluck.
We've been spammed and scammed into thinking this is true. Sadly, Gmail is actually worse than competitors and especially worse than running your own email server.
We basically handed over how we communicate to make it easier (Emails, Team Communication such as Slack/Teams, etc), essential internet infrastructure (Cloudflare, Amazon etc), banking, etc because it was easier..
My worst nightmare is somehow being locked out of my accounts, the only means is either emailing the CEO directly, posting on HN until it's hopefully solved or just moving to the country, and eat a lot of peaches.
Spam was a massive problem long before big tech existed.
- The old USENET network which was/is a federated ecosystem of servers run by universities etc was overrun with unwanted spam.
- Compuserve dialup network was blocking spam and they were also involved in a 1997 court case (1997 is a year before big tech like Google Inc existed in 1998.): https://en.wikipedia.org/wiki/CompuServe_Inc._v._Cyber_Promo....
- the infamous "spam solutions" webpage that was a snarky attempt at "educating" people about fixing spam was created around February 2004 which was 2 months before Gmail service was introduced: https://craphound.com/spamsolutions.txt
Other "small" areas of the internet are also universally hit with spam abuse:
- blogs that allowed "readers' comments and feedback" got inundated with spam and the blog owners added CAPTCHAS or disabled comments completely.
- small web forums like vBulletin and phpBB forums got hit with spam and admins put in "email signup and valid email verification link" workflows.
- even the newer modern decentralized communication networks like Nostr attract spam: https://old.reddit.com/r/nostr/comments/121ytwf/cutting_thro...
The existence of a big player like Gmail that was introduced in 2004 is not the reason for "so much spam".
Spam volume is always a problem on any communication network where the cost to create new identities is $0 and the cost to send messages is near $0.00. An extreme example of the opposite situation is Bloomberg Terminals chat system not having a spam problem. Why? Because it costs $25000 a year subscription to use. Bloomberg did recently "unbundle" their chat system for a lower price but the point is that the friction for new accounts is still high enough to deter spam abuse.
This means we need organizations to host e-mail for people. In a capitalist system, that means companies, and it leads to consolidation and monopolization. So far, governments have been seemingly uninterested in going after the large e-mail providers for anticompetitive practices; maybe that should change. But as long as those anticompetitive practices only really affect individual hobbyists who wanna host their own e-mail, while business interests are unaffected, I don't see this changing.
I think the government SHOULD go after consolidation such as Google, and that traditional anti-trust law is insufficient to combat the dangers of large tech companies.
This is precisely because traditional anti-trust laws only look after large PROPORTIONS. In today's modern economy, due to its size, we have a danger that we've never seen before: large ABSOLUTE size, which was never a problem in history as it is today.
Therefore, we need new laws that go after absolute size, as well as large proportions (traditional anti-trust).
No, a "capitalist system" does not lead to consolidation and monopolization.
I am a big fan of free markets, but the trend towards consolidation, at least in activities that profit from efficiencies of scale, is unmistakable, to the degree that it often kills the market unless prevented.
You probably cannot "consolidate" a market of book authors and musical bands, because quality of artistic expression does not scale with money. But the market of publishers and recording companies is quite consolidated, because money buys more efficiency there.
What? Spam existed long before the big tech was around (admittedly the first Spam was probably from DEC, but before 'big internet tech' existed anyway) - it grew because of the amount of people/consumers on the internet. And credit where credits due: getting rid of spam was very time consuming until Google came out with one of the first effective filters.
How this could have been possible? Like there must have been some outside regulations in the late 90s/early 2000s. Maybe as an effect of the dotcom bubble?
Also it’s a good theory but doesn’t fit the capitalist picture at all.
If there had been significant populations with sufficient upload capacity, and ipv6, then there could have been a market for network devices that operated out of people’s homes under their own control.
Not that this would have ensured that big players would not exist, but it could have technically allowed a solution to be innovated.
The other option I can think of is a federal government provided email utility using post offices for identity verification and stiff penalties for spam/malware, to create a “trusted“ network, as opposed to using opaque processes from Google/Apple/Microsoft/Meta to create a “trusted” network.
20 years ago, and of course before then in the dialup age, your ISP operated your mail, so there was plenty of competition. Free at the point of use mail which meant you weren’t locked to a single ISP so there were benefits, but the big benefit was the unlimited space that the funding of companies like google allowed for, they could muscle in and knock out competition.
Eventually isps stopped providing as demand was tiny and the cost outweighed it. Same with things like nntp servers.
I pay a couple of quid a month to Zoho to provide my mail, off my own domain. Obviously I have static ip4 and 6 addresses from my ISP, but I’m happy to outsource as long as the cost is transparent and I’m not locked in, so I do. Part of that is to fund companies which are better armed to fight against monopolistic email practices than I am on my own.
There are other suppliers I can shift to by moving my MX records and updating a couple of TXTs, but there’s no need to at the moment.
I now use AWS SES to handle mail delivery. It's free for up to 200 daily messages which is fine for me.
It is also not uncommon for companies to either have a local Exchange Server or use the mail service at their hosting provider. If everything is configured correctly, delivery works fine.
Experiences obviously differ, but it’s unclear where the differences stem from, apart from long-term IP reputation.
It is potentially more of those with problems are more likely to speak up than everyone else just posting "works fine for me" a thousand times over.
I haven't had much deliverability problems with self-hosted things. I set it up right, and I get the emails I expected to get. So there's now two of us saying "works fine for me."
> have one at a smaller mail provider
a) [hosted] Mail provider
b) Server (colo/dedicated/VPS/whatever) provider
> not uncommon for companies to either have a local Exchange Server
Yes and it's PITA to pull it out of the lists of some shitheads, like SpamHaus.
Source: guess it
There are actually horrid lists like BackScatterer and UCEProtect that you can't even properly contact. So in comparison SH is super pleasant.
(Bell Canada used them for a while, until I and others demonstrated this fact)
So don't worry about them.
Ah, yes, blocking entire /18 and demanding money for the delisting.
I guess 'Guilty by association' is a 'good reason'.
- Self hosting is a bit elitist - not for the masses.
- A paid-for option (proton, tutta,…) would be cataloged as elitist. People perceive email as free.
- A free option provided by a Corporate player will gravitate towards monopolies and lack of privacy.
- A free for life government issued, easy to recover digital point of contact where all your government interactions are pointed towards would be a great step. You could still have a separate one if you don’t trust big brother, but at least your “recovery” address would be secure for life.
You could create a public alias of the form firstname.lastname.n@eesti.ee, but creation of those was ended in 2018 and they were shutdown in November 2023. [1]
[0] https://www.eesti.ee/en/using-the-state-portal/terms-of-noti... [1] https://www.eesti.ee/en/closing-alias/closing-alias
When your marital status changes, isn't that a notification that goes from you to the government, and not the other way around?
I don't know how you can make something like this "easy to recover" without introducing giant security problems.
The problem is that the SSN is treated as a password when it should be treated as username.
Knowing first.last at gmail.com gives you nothing much, security-wise. Knowing I'm 123456789 at ssn.usps.com wouldn't be that much different, though given the limited search space, it would be an easy target for spammers. (Perhaps expanding from nine digits to something bigger (16+, see perhaps ISO/IEC 7812) would be useful, though there'd have to be a lot of work to update systems, even though they're not short of numbers.)
In a similar way for instance that you would recover a lost, stolen, or accidentally destroyed US passport (but presumably cheaper).
Many countries offer digital IDs to interact with them. And a (cumbersome vs digital but fast Vs traditional government processes) way of unlocking it. It would be just offering a email inbox linked to it.
In Spain we have an Inbox from the DMV for fines, one with the Tax authority, one with local government… these are messaging boards inboxes. The move to a single digital inbox could help streamline many government processes.
Whatever mess you think SSNs have caused by their unintended use outweighs the previous system. The simple test for that is, why do people use SSNs as it's not legally required for anything but USG interactions.
Because if I want to open a bank account, rent an apartment, or get a mortgage, the other party requires me to give them my SSN, on the assumption that it is a valid unique key for tracking debt payment reliability.
It doesn’t matter that the SSN is only legally required for interactions with the US government. When housing is a human necessity, and all sources of housing require a SSN, then using a SSN is not a choice from which one can infer preferences.
You’ll have a lot of distrustful Americans commenting how terrible this idea is and the government can’t be trusted. They’d rather get it from a corporation and be subjected to unlimited surveillance capitalism and manipulation.
Still, I'd prefer to try and fix it (for various levels of "fixing") than throw the baby with the bathwater. It's an imperfect system but trusting a corporation is no better.
Trust in government is more common than not throughout the world, because the government is us. Americans in particular struggle with this concept.
The idea was to put guarantees like identity, delivery receipts and stuff into an email system, so it can be used for legally binding communication.
However it failed for various reasons (privacy concerns as it purposely had no e2e, usability restrictions, cost, ...)
[1]: https://techcrunch.com/2016/08/24/encryption-under-fire-in-e...
At least in my country I know for a fact that data which should be legally private is used by political party plans and by the police.
But I do freak out about loosing my domain name where my email is hosted, or access to an iCloud / gmail account that a lot of services are anchored about.
Two months ago LinkedIn did not like me changing my 2FA client, and locked me out for a month. I have over 5.000 contacts and was chasing a few leads to change jobs. I can tell you is cold outside. Nobody provides support. I had to leverage a friend who knew someone at LinkedIn to sort it out. I hear being locked out of Google, MS and Meta is also bad.
I have an .ac account for life that is my “last resort” recovery, but having a government provided email for secure recovery purposes would feel reassuring.
That's fine. But they NEED to ban people using their service from spam else they would dominate. That is what people don't understand.
> but having a government provided email for secure recovery purposes would feel reassuring.
It depends on the country and the region, but I have faced issues multiple times with not able to make any progress with the government. It happened in much more important cases like passport, for which if something fails on their system, you are screwed.
Nobody provides support in government services as well unless it is required by law, and I have been locked out of government services. In countries like China, you could be locked out of government service if your credit score is low. In Sweden you could be locked out of it if you don't allow unions.
The era of Pii as a commodity is coming to a close. The writing is on the wall for this.
Once that happens, free email will vanish. Poof. Gone. So will many other "free" online things.
This period of most people getting free email is really quite short historically. A decade.
(Many people used to get email addresses from their ISP, which were part of their paid plan)
I wonder what will happen when gmail goes paid. It's going to happen, and I expect so regionally (eg, not the EU zone or some such) within 5 years.
A lot of people depend upon said free email, and as much as I dislike Google, they have absolutely zero obligation to give anything away.
They've spent the last few years moving classes of accounts to paid. They've been closing down accounts which seem dormant.
Soon... a year maybe?, I think we'll see some sort of precursor change. A reduction of storage for free accounts, or number of emails you can send, or something.
I do agree from a long perspective free email has been somewhat short. But I'm not sure about scoping it to just a decade. It was easy to get a Gmail account in 2004, that's close to 20 years ago. And Gmail wasn't even the first free email host, loads of people used other free email services like Yahoo (1997), Hotmail (1996), Lycos (1997), and others. 1996-2024 is 28 years, close to three decades.
If someone told you that checking the weather app is .50 usd per query, you probably would try to find a different alternative, as you expect it to be free.
Is it? Most people, including nomads & unhoused, seem to have smartphones these days (at risk of theft, but arguably easily replaceable). And 4/5G/PublicWifi connectivity in urban areas is so saturated.
I wonder, is it reasonable for me to want government investment and legislation (but no other state interference) into some open source server project that we can run on our phones for this? (heck, give us mesh network functionality too while you're at it).
And am I reasonable in my (left-leaning thought) that, like sexual health consumables, mobile phones should be subsidised by tax revenue, along with other necessities/'empowering tools'?
What you have described is normal behavior for a modern wireless device.
Temporary interruptions occur regularly, a reason for which store and forward designs feature in email servers to this day.
The problem to overcome is not temporary disruption but addressing.
Also nomadic, also in tech - And I would happily run a mail server on my phone, sacrifice thickness of phone for the extra necessary battery life, and keep a spare phone somewhere for quick restore/swap (I have a spare old android I keep in case I break my current one, which I can keep at a friend's place, an Airbnb or a subscription locker / safe.
What's the alternative being proposed though, Google et al? Or a home server (I have no home)? Or still free market, but providers are smaller businesses that are more heavily legislated and are watched over by the state to ensure our data is safe? I'm just not sure 'where' my data+computing should be, other than right next to me in my pocket (but then where do my backups go?).
Sorry for the appalling and directionless writing, it's just that everything just seems to circle back to the solution being: *'two small portable battery operated wireless devices that we have control of and the big providers do not have access to; keep one of them on our person and one in another safe place for DR purposes.'*
1) Permanent allocation of names and numbers
2) Interoperability standards and rights allowing us to link names and numbers to service contracts.
Once these issues are regulated in a consumer/citizen friendly way (like they did with phone numbers in the UK), governments could provide some sort of default service on top of it, but in my view this is not the most important part.
Just like a "free" government option?
This way you can sign up to a third party email service and use your permanent and guaranteed government one as a recovery address
Can you provide a link?
Now, of course, you shouldn't be organizing a criminal conspiracy or in general much anti-government protests over the mail or government-downed email. But the majority of communication is quite benign, and so having a government email for the 80% use case (bills, party invites, holiday wishes, etc) would be great. You can use a separate service for your more sensitive communication.
The reality is that it is about as exciting as getting your paper postal mail delivered in your physical mailbox.
https://epic.org/postal-service-surveillance-program-targete...
You can complain on the forums about how unfair life is, how incompetent companies are, fight every provider to prove your reputation until cows come home,… Or you can pay someone to handle that for you. It’s a no-brainer. The whole discussion is moot.
You pay your plumber to plumb, your builder to build, and email delivery company to deliver your emails. Trying to DYI everything is a waste of everyone’s time.