Desperately Seeking Secure and Reliable Email?

mkcmkc asks: "I've recently switched to my local monopoly (ugh) provider of high-speed Internet access, and discovered that their email reliability is about as good as my previous ISP's--i.e., -not good enough-. Who provides the kind of email drop that Slashdotters would drool over? I want: secure access (SSH+POP, or something as good), drop dead reliability (meaning a setup designed and administered by a sharp crew that really cares), timely status reports on outages, a shell account (accessible via SSH), an organization that has respect for the principles of privacy and liberty, and that will at least consider not just rolling over at the first subpoena (if not before). I'd certainly pay several hundred bucks a year for quality. Any suggestions?"

DIY

[Greg W.]

Do it yourself. Get a static IP, a reliable Unix installation and a UPS. Host your own mail. You'll have your own mail, domain name, ssh access, shell account, you name it.

Speakeasy?

[dbretton]

I think speakeasy.net might provide this...
DSL provider. They come highly regarded on dslreports.com

-Dennis

Hotmail.com

[Anonymous Coward]

I hear hotmail.com is very secure and also extremely reliable.

Speakeasy

[lennon]

I think dsl from speakeasy.net is exactly what you want. You can get ssh, they will not allow Carnivore, they warn about outages.

Re:DIY

[Chiasmus_]

And if you don't know anything about security, you'll become a prime target for skript-kiddies who want to use your box to send mail bombs to other skript-kiddies!!

Best server: 127.0.0.1

[cjsnell]

Your best bet is to run your own mail server. Register a domain and get some friends to run nameservice for you. Get a static IP and point a MX record for your domain at your machine. Run a decent MTA like Exim [exim.org], Qmail, or Sendmail, and you're set. The price is right, too.

Chris

quality email service

[@i2d]

I've been happy with XMission [xmission.com]

Re:DIY

[vsync64]

This is what I do, and I'm planning to give free shells to friends I know. You might consider doing something similar: get together with some friends of yours, hook a box up with DSL or possibly stick it in co-lo, and you now have your very own mail provider.

HUSHMAIL

[198348726583297634]

For secure (and free) email that seems pretty reliable to me, you can't beat Hushmail [hushmail.com].

Good stuff - strong encryption all the way baby!

Now where's my tempest-foiling encrypted X display? ;)

get your own server...

[HadronPie]

Buy rackspace from someone who has bandwidth/ip's to spare and administer your own domain. That's the only way... An ISP's margin of profit is so small that they don't usually "waste time" on such things.

Or go to a large university with a generous network setup.

Email

[tweek]

Well I can't provide internet access but I would be willing to provide you with a ssh shell account with gnupg installed. I also have a webmail interface setup with ssl. I also wrapped IMAP and POP traffic with SSL for those who want to use it that way.

As far as the outages, I recently had a few but the issue turned out to be a fried DSL router which has since been resolved.

Reliability == redundancy

[Anonymous Coward]

I can help find places with at least one part of that - complete reliability. There are a few very simple commands I type to find out how reliable an organization's mail system is:

• whois domain.tld
  Specifically, I look for the nameservers. They should have three. One or two is unacceptable. Some have up to six. And the nameservers should be isolated from each other (see traceroute below)
• nslookup -query=mx domain.tld
  This will show you every mail exchange of the domain. One is unacceptable. Two is average. Three or more is great. As with nameservers, they should be somewhat isolated.
• traceroute machine.domain.tld
  Run a traceroute to each one of the nameservers and mail exchangers. Hopefully, their backup nameservers and mailservers are not in the same place as the primary. This will be reflected in the different traceroute paths. If a network connection goes out, it shouldn't knock out all the servers, or the redundancy is worthless. If the power goes out or there's a fire, the same applies.

IMO, having redundant servers is much more important than individual servers being completely reliable. No matter what you do, you're gonna have some downtime on servers...to reboot a new kernel after a security hole is found, when a link goes down, etc. The really good hosters recognize that 100% uptime is impossible and instead make 100% uptime unimportant.

Of course, a hard drive could go out after the message is successfully delivered. And this doesn't answer your other questions about privacy, etc. But it's an important part of the equation.

Mailvault?

[Arker]

MailVault [mailvault.com]

a Laissez Faire City [lfcity.com] service, sounds like what you are looking for. Basic service is free beer, but lots of goodies are available if you are willing to pay.

Disclaimer, this is hearsay, I don't actually use the service. Since I'm a little less worried about security than you sound to be, MailandNews.Com [mailandnews.com] has served my needs fine. Secure connections, pop, imap...

Re:DIY

[Bob McCown]

As a follow-up to this, what would I need as far as software to do this myself? Where can I get the info, actually (teach me to fish, dont give me a flounder)

-=Bob

Contact your ISP

[Andrew Dvorak]

I would be interested in hearing what steps you have taken to communicate the problem with your ISP and the steps they have taken to fix the problem.

Anyways, to answer your question, I have no problems with Yahoo! Mail [yahoo.com] and HoTMaiL [hotmail.com] but then again, the later violates your "secure" requirement as hotmail is notorious for accomodating even the simplest of security flaws.

If you haven't yet done so, It might be a good idea to talk to your ISP or pay them a visit to their offices or something. I wish you luck.

FBI starts up CarnivoreMail.com

[Lostman]

In a surprise move by the FBI, they have started CarnivoreMail.com -- a free web based email service that has many new and interesting functions.

For those FBI agents away-from-work, CarnivoreMail.com offers 1 stop mail snooping. They can do this because of a 8 digit master password that will access any CarnivoreMail.com account. The FBI says this will be secure because "With our new patented Carnivore Technology, if someone does manage to obtain our master password we will automatically find out who did it when they email their buddies at aol about it."

When asked about the privacy policy at CarnivoreMail.com, the FBI spokesperson laughed.

Zixmail

[grovertime]

Zixmail, now affiliated with Yahoo!, provides encrypted mailing and seems to be picking up steam. They're a public company from Texas I think and I have yet to hear anything bad about their services.

1. 
   My Vote's On This Doofus [mikegallay.com]
   

DHP.COM

[AgentX]

I have used The Datahaven Project (dhp.com [dhp.com]) for several years now, and they have been really good. They have absolutely no information about me other than my e-mail address (with them). I pay by money order, and I just had them put a notice up on their page when my account was created, with the password I gave them on the cgi form. The price for a shell account is $50/ 6 months and I haven't regreted it at all. They run Linux and provide ssh access as well as POP, news, and all the standard stuff. They seem competent technically, and they are dedicated to privacy.

Hope that helps.

DIY DNS advice - if you really want to DIY

[arete]

Public DNS [granitecanyon.com] is a good head start to rolling your own.

No guarantees about anything... Also, I'm not convinced that a roll-your-own solution will really give you better uptime, unless you have a lot of time to devote to fixing an outage... it certainly lets you know as much as anyone about WHY it's down...

Re:DIY

[slickwillie]

Then use OpenBSD.

MyRealBox - SSL on POP3 IMAP and SMTP and its FREE

[angel]

I know most of you aren't going to like this solution because it runs on Netware and not Linux, but I figure its worth suggesting anyways. Go check out http://www.myrealbox.com/ [myrealbox.com]. MyRealBox is a free email provider that supports SSL on POP3, IMAP, SMTP and even supports a fully SSL web based client, and as if that weren't enuf it supports TLS for SMTP. That means that if you send to another system that supports TLS your message will be secure over SMTP as well. This is about the most security you can get without going to extremes.

Re:DIY

[VValdo]

turn off relaying.
-------------------

Expansion on the DIY approach

[Tiny Ego]

If you're going to take the DIY approach, you should either be an experienced UNIX admin, or get yourself up to speed as fast as you can. The Aileen Frisch book Essential UNIX Administration (or Esential System Administration) is a good place to start. For running a mail server, also check out sendmail.org [sendmail.org] and Claus Assman's [sendmail.org] useful site on configuring sendmail.

I had similar paranoid security concerns, so I set up OpenBSD [openbsd.org]. It was a fairly painless install, provided you read the directions. I set up sendmail, UW-IMAP, IMP [horde.org], and access it via secure http. UW-IMAP has some serious security concerns, but it's much easier to compile than Cyrus, my preferred IMAP server.

If you're new to UNIX admin though, try looking at FreeBSD [freebsd.org]. This is hands down the simplest UNIX installation I have ever done. It was almost as simple as starting the installation, walking away, and coming back when it was done. It also doesn't hurt that FreeBSD has excellent network performance.

TinyEgo

Don't get me started

[slickwillie]

Ooooh, too late.

I'm in the process of dumping Verio. My friends would complain that every once in awhile their email to me would bounce. Whenever I sent a copy of the bounce message to Verio "customer support", they would tell me it must be something wrong with my settings.

Re:DIY

[michellem]

The basic software you need generally comes standard with any Linux distribution. You can find pretty much any other software you need (like ssh) either in binary form or source form on sites like freshmeat [freshmeat.net] or the site that your distribution is from, like RedHat [redhat.com] or Debian [debian.org] for example.

Documentation for this stuff is all over the net - try the Linux Documentation Project [linuxdoc.org] for a start. A good site for Linux newbies is LinuxNewbie.org [linuxnewbie.org]

I think it would be far easier to implement this using a linux (or unix) solution than with WindowsNT/2000. All the basic funstionality for an internet server (e-mail, web, basic network stuff, firewall) is standard in most distros.

In Austin, Tx and surrounding areas

[sporktoast]

In Austin Tx and surrounding areas, try io.com [io.com].

Steve Jackson Games [sjgames.com] got a court settlement from the Secret Service over their unlawful asset seisure and parlayed it into an ISP business. More about that here [sjgames.com].

They've had their rights wrongly abridged by the government before, so they've been extra vigilant ever since.

I use them for shell-only access from a different part of the US. I get my dial-up (not springing for better bandwidth until it gets cheaper) from someone local. But they have services to suit most any need.

Re:DIY

[casret]

My set up: postfix [postfix.org] as the MTA. Courier IMAP [inter7.com] to provide IMAP. I actually tunnel my IMAP connection over an href="http://www.openssh.com">OpenSSH connection, but courier IMAP supports SSL as well. The guy that writes Courier, also writes SqWebMail [inter7.com],(webmail) and maildrop [flounder.net](pleasent alternative to procmail) which I have found to be useful. FWIW I use mutt [mutt.org] as my mail client.

Shellyeah

[SonofRage]

I got a shell from www.shellyeah.org and it has been reliable the year I've had it. It's free but there is also a pay version that gives you more than just email, news and BitchX.

Good remote ISP

[Anonymous Coward]

I really like Illuminati Online. www.io.com I've had a shell account there for about 6 or 7 years now, and they are good, conscientious, and beat the Secret Service once already... :)

Get a University account

[wbraunoh]

Grab an account with a large university if they'll let you. A lot of public ones have very high standards when it comes to uptime and reliability, and are top-notch when it comes to privacy and the like. Witness the stance a majority of the large universities have taken on Napster, for instance - they haven't folded under pressure from the RIAA.

'Sides, a lot of shit in the university environment is run by students, who often have much more of a clue than your standard MCSE (what's it stand for again? Oh yeah, Must Consult Someone Experienced...) "Sure, it might be sad that the engineers on campus have no life, but hell, uptime is great!"

I know when I graduate from Michigan I'm going to maintain my e-mail account. All I have to do is shell out some $$$ each year to keep it active (switching from "student" to "alumni.")

Of course, I guess you could at look at it like I'm paying a bit of $$$ right now to have great internet access, with a free education as a bonus... hmmm...

Re:FBI starts up CarnivoreMail.com

[British]

Esclelon Mail: "We're listening."

Check out The World

[jctribble]

The World [std.com] gives me a unix shell which I can dial up in the Northeastern US or ssh in from anywhere.

A bit pricy but I personally trust owner/founder Barry Shein to do an upstanding job and do the Right Thing(TM). He is One Of Us and has been doing this for 11 years. I've been a customer for 6 years.

Like they say: The First and the Best.

Security not to be found in a provider or in DIY.

[bziman]

<paranoia>

It doesn't matter how secure your provider is or whether you host your own server. The messages are only ever as secure as the recipient keeps them.

I don't care, use every security trick in the book... but if the recipient reads the mail in plain text off hotmail.com, it isn't secure.

To do secure email:

1. Make sure your box is secure enough for your purposes -- i.e. lock the screen when not sitting at the console. No security is ever perfect, but make it as good as required to protect your secrets.
2. Make sure your recipient is as smart as you -- namely, don't email your plan to nuke Boston to someone who you aren't absolutely sure understands basic security principles.
3. Use public key encryption like PGP or GnuPG with rediculously long keys.
4. Don't send the messages over plain text, anywhere. Type the message on your own box, and encrypt it there before it goes out on the wire. If your box can't do that (and there's usually only laziness to blame if this is the case), make sure you use ssh to connect to your shell account. In this case, you're only as secure as that box's administrator has made it. I would say make sure to use ssl if you're using web based email, but I simply cannot imagine a web based email system that provides what any truly paranoid hacker would trust as secure.
5. Double check step 2.

</paranoia>

--brian

We do it

[Anonymous Coward]

&lt plug &gt Not sure what the competition is like out there, but we certainly provide that at my work. SSH access to a shell account with pine, secure webmail and pop3. The company is edNET [ednet.co.uk] if you want a look. It's not our sole line of business, but we're a business provider so to us reliability is essential. &lt plug &gt Kev

Danger, Will Robinson!

[John Jorsett]

Careful. A lot of (all?) high speed providers have prohibitions against running 'servers'. Anything that will accept an incoming socket connection qualifies, in their eyes, and they'll scan for them. You might get this beautiful setup running and then get a nasty note from your provider telling you to take it down, 'or else'. Some providers will let you run servers if you sign up for their super-duper service (at considerably greater cost, of course). Check your provider's policies before you invest much time in this.

IMAP

[Pierre Phaneuf]

I personally think that IMAP access is highly desireable (especially over SSL). The ability to read my mail with all of my folders and stuff identical and syncronized on all my machines (home, work, laptop) is extremely cool.

A web interface alternative is nice too, but be sure it's over SSL.

--
Pierre Phaneuf

Re:In Austin, Tx and surrounding areas

[Lotek]

I have been using io for a long time. Of course, I joined io because they have a really short domain name, and I am lazy. That and they are cheap and easy to use.

And I think that Steve Jackson would shut IO down before letting Carnivore in.

Re:Security not to be found in a provider or in DI

[Luminous]

I say if you don't want someone to read it, then don't write it. If you don't want someone to hear it, then don't say it.

Three people can keep a secret if two of them are dead.

Panix.com

[Royster]

$100 per year prepaid [panix.com]. Netcom just turned off it's last shell accounts. Quite a few former Netcommies have switched to Panix.

Consider a secondary ISP

[Gus]

As the ISP market has changed, many larger providers don't want to offer shell or other niceities. Since primarily only these larger providers are offering high-speed access, I'd recommend a secondary ISP, one which does not focus on connecting to the customer via cable/DSL/modem/carrier pigeon, but rather one which is concerned with privacy and security. These services are relatively inexpensive (I pay $50/six months for what you describe), and those running them are usually very interested in privacy. There is the added feature that when a new high-speed provider begins providing services in your area, you won't be tied down.

I don't use any of the accounts provided with my cable modem, since they only provide insecure POP access and no shell. Instead, I pay the Data Haven Project [dhp.com] for a shell, a reasonable expectation of privacy, and a stable address that will survive my next change of bandwidth providers.

Pipe dream.

[rjh]

First, secure Email--without the use of PGP or PGP-like services such as Hushmail--is a crock. Even with the use of PGP or PGP-like services, secure email is secure only within narrow parameters.

If I want to get access to your email, no matter how secure your ISP is, I'm just going to find the people you regularly communicate with and get access on that end. Or I'll just plant packet sniffers on a network and grab your email as MTAs pass it off from here to there.

If you want secure email, use a good, reliable ISP; connect to it using IPv6 and IPSec, or SSH; use PGP as much as you can. If you want an ubermaildrop, roll your own. But don't have any expectation that it matters a damn if you aren't doing something to encrypt the mail to make sure only you and your intended recipient can read it.

PGP is the most obvious way to accomplish this, but there may well be other ways.

Re:Speakeasy

[jaa]

You're missing the main point of Carnivore: it's not (at least publicly) about who's saying what, it's about who's talking to whom.

SSH, telnet, whatever. They just want to know what IP you're talking to. If that IP is a bad person, you might be a bad person too. Then traditional investigative techniques (wiretaps, surveillance, pulling bank records, etc.) will follow.

CubeSoft

[Erskin]

They primarily do web hosting, but the features you are looking for are all still there.

csoft.net [csoft.net]

--

Re:DIY

[Anonymous Coward]

Doing it yourself sounds like a good idea - at first. It helps some of the human concerns: the privacy policy, your amount of access to the machine, etc. But running a single machine isn't a good idea at all in this situation, for the following reasons:

• It won't get you the reliability you want. You just can't get absolute reliability from one machine, no matter how well it's administered. Read my other post [slashdot.org] for my idea of good reliability.
• It could also be prohibitively expensive. I've looked at colocation costs...they are $70-$120 for the basic one-machine, one-IP deal. If you want more bandwidth, addresses, rack space, etc, the prices go up. Having someone else just provide you mail is a lot cheaper.
• It requires a lot of knowledge and work. You have to be on the security mailing lists to see if there are any new exploits out, etc. It's not easy to maintain a server with the kind of security he wants.

Running a single machine isn't enough. To do the job right, you have to have more than one machine. You have to have a few different machines and they can't all be in the same place, rely on the same power, or rely on the same network connection. To be really reliable, they should have someone always physically nearby to fix problems. You can accomplish this yourself (I'm well on my way toward doing so) but it's not as simple as throwing Linux on a box and throwing a DSL link at it. ISP services really are worth it.

Get your own domain and to be the administrative & billing contacts. This way, if you switch ISPs, you keep the same email address. You have final control. Most people have to change email addresses when they move, switch local ISPs (modem->cable, for example), switch employers, etc. If you don't tie yourself to a specific ISP, you don't have to. Never use an address tied to a specific ISP if you're concerned about reliability.

Re:DIY

[Fist Prost]

That's what I use, I have a DHCP address, and that, combined with a yi.org account, and a script that updates my IP every once in a while...I haven't had any problems at all. Hell, if you're only doing email a 486 or low pentium would probably be sufficient.

Fist Prost

"We're talking about a planet of helpdesks."

Re:Shellyeah

[GypC]

Except they stopped accepting new accounts months ago...

"Free your mind and your ass will follow"

Re:DIY

[srichman]

Ug!!! Did you folks read the original question? "Drop dead reliability" was requested.

If any of you claims to be able to offer "drop dead reliability" in a DIY mail setup, you're lying. What happens when your power goes out? UPS? What happens when your power goes out for a day and a half? What happens when your hard drive crashes and you lose every email you've received in the last year? What happens when your house burns down?

Highly reliable data centers, like those that handle email for large national ISPs, often cost millions of dollars, are redundantly connected to multiple backbone providers, are protected against fire, are redundantly connected to multiple independent power grids, etc.

I would never choose my home computer to be the single point of failure/destruction for all my email. Give me MSN Hotmail over that any day.

Solutions for the broadband user

[Tassach]

I would strongly suggest that you check out Tzo [tzo.com] They provide DNS services for broadband users. They have a store-and-forward email service that would provide a good backup for a roll-your-own email setup at home. Plus, they have a dynamic DNS system that will automagically map your domain to whatever IP your ISP is giving you at the moment (very handy if your broadband provider dosn't do static ip's).

No one answers the question

[rossz]

I see too many "do it yourself" answers. This doesn't answer the question and falsely assumes the person wants to host his own email.

Question: Can someone suggest a good mechanic for my Chrysler Sebring JX? One who does good work and won't rip me off?.

Slashdot Answer: Spend a bunch of money on tools and buy a good book on autorepair. Next, spend hours every day tickering under the hood. Be careful that you don't completely screw up the pwer brake system and end up driving your family over a cliff.

This is a bullshit answer. What if I don't want to spend the time and resources to host my own email (or fix my car). I might have better things to do with my time.

Re:Check out The World

[swm]

I was going to recommend world.std.com, but someone else beat me to it.

$25/month gets

• 250 hours connect time
• 15MB storage
• 56K modem pools scattered all over eastern MA
• telnet from anywhere
• ssh
• a shell account
• email
• a full news feed
• a web page

World is basically never down

world:~>uptime

6:32pm up 58 days, 7:16, 150 customers, load average: 14.07, 15.96, 17.38

Re:Why is this so hard?

[sphealey]

"With so many people clamoring for this type of thing in the IT field, why isn't someone doing this? Wait a minute, why aren't I doing this?"

IMHO the key issue here is "won't roll over at the first subpoena". Should you choose to supply this service, and should a federal law enforcement agency decide to pursue one of your clients, you will need hundreds of thousands of USD to begin mounting a defense. Assuming you can find lawyers willing to take on said agency. Note that my intention isn't to start an "X-Files" type conspiracy discussion but just to point out that there is a _lot_ of leverage that a government can bring to bear when it wants something.

sPh

Re:DHCP

[Fist Prost]

check out yi.org [yi.org]. They offer free subdomains (something.yi.org) and one of the nice features is that their service works for mail too. They also have a clients page that has scripts for pretty much any OS you'd need to run (a nice perl one also) to update your DNS efficiently, if the need arises.

Fist Prost

"We're talking about a planet of helpdesks."

DIY is not reliable

[garver]

I'm amazed by the number of people that are suggesting that your roll your own mail server. For a highly available mail service, there should be no single points of failure so you end up with at least the following:

• Redundant/Reliable Internet link. Either be connected to multiple providers or link to the same provider via multiple POPs. A Residential DSL link doesn't qualify as "reliable", regardless of where you get it from.
• Redundant servers. No one server failure takes out your mail service. If you are small, you can do everything on one box, but you must have at least one other in hot-standby mode.
• Redundant disk. Its called RAID and you don't run a mail service without it.
• 24x7 monitoring. A monitoring framework (e.g. HP IT/O, BMC Patrol, Tivoli) is constantly looking for problems. When it finds something wrong, someone is always ready to start fixing it.

Sorry guys, but I would not be willing to do any of the above just so I can get reliable email. I'm more than willing to pay someone though.

BSD choices

[jabbo]

The Safe Bet: Qmail + mutt + OpenSSH + OpenBSD (+ djbdns if you want DIY DNS service). It would be hard to find a more reliable, secure setup. Not the absolute friendliest, but solid as a rock.

Relevant URLs:
Dan Bernstein's page [cr.yp.to]. Home of Qmail and djbdns.
The OpenBSD [openbsd.org] and OpenSSH [openssh.com] home pages are full of useful information.
PuTTY, a free Windows SSH client [greenend.org.uk] Great for on road trips, internet cafe's, consulting, etc.
Mutt, the One True mail client [mutt.org]. Takes some getting used to, a good .muttrc doesn't hurt either.

People seem to overlook qmail when setting up a reliable, secure system. Having dealt with Sendmail and Qmail, I would suggest the latter to anyone who cares about security or performance. The same logic applies to BIND vs. djbdns.

Re:DIY

[dattaway]

I have used yi.org for several months when I started using cable modem in this area found the yi.org domain hosting service to be most reliable. Unfortunately, the cable modem service was'nt an any respect.

My old ISP eager to get my business back, offered me my old static IP and fixed up my dns MX records so mail gets routed to my home box. If my home computer is ever down for any reason, my virtually hosted account at the ISP gets the mail instead. I could say I have redundant mail servers.

As an added bonus of having the mailserver on my own computer, I can block any spam network for good immediately and for good. Since the IP address is logged, I just ipchain the whole class-c network of the problem site. That puts an end to spam nonsense quick. To the spammer, my site appears to be down. I now get about one spam a week, compared to dozens a day.

Forget sendmail- use qmail

[RebornData]

I recently switched by home mail server from sendmail to qmail [qmail.org]. If you know sendmail, it's a bit of a learning curve, since it works *very* differently. On the other hand, if you're starting from scratch and don't have sendmail-based preconceptions of how the world should work, it shouldn't be any harder to pick up.

QMail's major benefits are security and scalability. It was designed specifically to avoid the kind of security issues that have plagued sendmail over the years, and the author has offered a bounty to anyone who finds a hole. As far as I know, it's still unclaimed, and qmail is used by many of the big e-mail shops (yahoo, hotmail until the win2k switch, etc...).

I run it with OpenBSD, the primary reason being that I don't have much time to maintain it, ie, make lots of security patches. Not that OpenBSD is perfect by any means, but it does let me sleep a little more soundly at night. Not that I've stopped reading CERT advisories...

The key is to have your own domain

[Silmaril]

The key is to have your own domain, and set up forwarding to your current shell account or to a place like fauxbox.com [fauxbox.com]. Shell account/email forwarding providers will change over time, and this way you can switch when your current one gets bad. You also have the flexibility of running the server yourself, if you choose. But the real key is to have your own domain.

Re:DIY DNS advice - if you really want to DIY

[pkgw]

I used to use GraniteCanyon. But... I appreciate that the service is free and that they're volunteers, but GraniteCanyon just has unacceptable outages. Not necessarily downtime, but often DNS updates don't get propagated for weeks or months. Sometime around a year ago, their primary server had a disk crash and they didn't notice for two weeks. When the service goes down, the operators don't say anything -- you just sit in the dark and some day they come along and say, "Ok, it's working again."

I changed to centralinfo.net [centralinfo.net]. They use some weird Win2000 DNS server (custom, not Microsoft's), and their forms easily let you produce a mangled RR file, but the service has been infinitely more reliable.

Phreedom.Net

[davidu]

http://www.phreedom.net [phreedom.net]
They give out free accounts to people who have a valid reason.


-Davidu

How to Get 0\/\//\/3D Fast

[Greyfox]

I wouldn't let anyone log on to your system that you don't trust with root access. And never through telnet. Not only do you have to trust their integrity, you have to trust their security know-how and, if you use cleartext access programs, the network they're on. And since obtaining root once you have a local login is trivial, you have to hope that your "Friends" are as trustworthy as you think they are.

Re:DIY

[Anonymous Coward]

I just ipchain the whole class-c network of the problem site. That puts an end to spam nonsense quick. To the spammer, my site appears to be down.

Yeah, none of this REJECT stuff. DENY them and just quietly discard their packets. Be sure to send lots of "unsusbscribe me" emails back to them first, and then firewall them. If they remove you fine. If they treat your mail as proof the address exists and spam you more, then unsent mail piles up in their mail queues. And it's their own fault. Woo hoo!

Re:Applied Theory

[geekpress]

I'm sure that Applied Theory ruined them. Or -- at least -- it wasn't a good marriage.

print << EndRant

Here's my gripe: My husband had a shell+POP account with CRL for over six years. (Six years!) It was excellent service.

A few months ago, his brother (also a CRL account-holder) send him and a bunch of friends an e-mail saying that his CRL account is going down in a few days and that everyone will now be able to reach him at XYZ@atdial.net (an applied theory account). We asked him about it and were surprised to learn that all of the CRL accounts were being shut down.

My husband was *never notified* that his account was to be closed. Even his brother was only given 30 days notice; they weren't even planning to forward his e-mail to the new address after that 30 day period!

My husband called CRL. They told him there was nothing they could do. His e-mail address of 6 years was to be totally shut down in 5 days.

I decided to go on the warpath. I spent the next three days on the phone with both CRL and Applied Theory. It was insane. CRL said they couldn't do anything about the unix server being shut down. Applied Theory claimed that they "couldn't support" the Unix box, given that they were an MS shop. (Yeah, like it takes a lot to "support" a UNIX mail server that is forwarding mail for a bunch of customers.)

Anyway, apparently, my husband wasn't the only that no one notified about the change. They ended up getting so many angry calls that they did keep the machine up for a few more weeks and then forwarding mail for a while after that.

It was a total flog.

EndRant

My husband's account is now on my server. (I might have taken his last name, but he took my domain name!)

-- Diana Hsieh

Re:My Setup using FreeBSD

[mindstrm]

Who's the colo provider in Toronto?

Re:I wonder...

[mindstrm]

HavenCo is a colo facility... not a service provider.

Why not consider starting one at HavenCo? now there is an idea.

Totally recommend io.com

[WillSeattle]

Steve Jackson is super cool, and he's why we now have the EFF, after all. He even let me borrow some of his computers (pre-raid) to code for the New Orleans WorldCon in an all night code fest once when we were eight hours behind doing panel allocation. Plus, he's a sushi fiend ...

Highly recommend this - when you know how to fight the data nazis from past experience and what your real legal rights are, you're a much safer bet as a mail host.

always on high speed connection?

[SCHecklerX]

Run your own mail server and use dyndns. That's what I did. It's great having full control of everything I do with the 'net (except, of course, the connection itself).

--Greg, postmaster@freefall.homeip.net

Re:Reliability == redundancy

[griffjon]

This cannot be stressed enough.

If reliability is your #1, set up redundant email. Get a few procmail recipes going on a highly reliable server that forward to a few accounts, use PGP for security. It's a single point of failure, but it can drastically reduce other points of failure (dead ISP pop server, etc.).

hotmail is slow, insecure, but high on the reliability (until their domain name expires...again), as are yahoo and angelfire (lycos).

Aim for multiple points of access (web, telnet, POP/IMAP...) to reduce the common problem of the mailserver at wherever croaking, and multiple points of presence (net-geographically diverse locations) to get around other problems (travelling, ISP dies, etc.)

Anonymizer.com

[Ska-Baby]

Try Anonymizer.com, for 10$ a month you can have an email address that supports ssh, anoymous web surfing, anymous newsgroup access, and 2MB of space for an anonymous www page.All of these can be accessed from either a windows or linux box. Providing a secure, anonynmous connection to internet services is what these guys are all about!

UPS does it

[gallir]

According to the ads in Spain, UPS provides all services you want. Even they have olimpics in their staff, so I think its a good crew.

Altough I am not sure the provide remote shell, their tracking system is unbeatable by any SMTP system, nevertheless you could get something similar with traceroute.

Also, I like very much their black cabs, their are cool, much more than a TCP packet and pine in a text console.

Problems are round-trip times and QoS pricing.

I and a friend of mine tested their round trip time few weeks ago. I've sent a 24 hs. letter to California and he returned it to me inmediately. It took 72.34 hours, which much more than a 145 ms via TCP, and more expensive (and slower) than the similar content in a e-mail message. But at least I am sure no sysadmin read my letter...

--ricardo

you moron

[semis]

you want a safe system, and a shell account? Let me tell you this.. NO system is safe if users have shell accounts. Would you trust your mail server if you knew the local kiddies had a shell on it?

We love you, but not THAT much...

[human bean]

Sounded like a pretty reasonable list of demands until you got right down to that last one. The costs of noncompliance on a subpoena are pretty stiff. The company would need a good law firm and lots of it, and would have to employ a number of legalistic methods (==loopholes) to stay in operation (international location, journalistic business credentials, etc.)

Even so, the cost of the first court order will pretty well wipe out that "few hundred dollars per year" for about ten years or so, and since this business would tend to attract others with similar needs, I really don't see how it could be profitable without a massive rate. Plus the attention that it might gather from certain governmental agencies would be another cost for the owners to bear, one that simply could not be ignored.

If you want to remain relatively secure, don't do anything anybody would notice. Get that numbered AOL account off of their CD, get a mail forwarder (maybe), and encrypt your mail with garden variety PGP, nothing fancy. Don't attract attention. Get shell emulation utilities in place of TELNET, or grab a *nix box and do it yourself if you absolutely need.

Impossible.

[rjh]

"Not permitted to store in unencrypted form" is the problem here. Even if you get so draconian as to forbid cut-and-paste into another window, then saving the new window to disk, it'll still be possible to open up an Emacs window and manually retype the cleartext, headers and all, then save that to disk.

Is it possible to create privacy-enhanced email systems, which only store plaintext to disk when the user makes a deliberate choice? Sure. In fact, I could be talked into working on a project to do just that. But I don't think that what you're talking about, where the user isn't permitted to store in plaintext, will ever work.

CubeSoft: No IMAP

[fm6]

Except CubeSoft only offers POP, not IMAP. I'm a little suprised how few providers support IMAP, a feature I'd willingly pay extra for. Perhaps its a pain to administer?

__________

Re:DIY

[micahjd]

Never use an address tied to a specific ISP if you're concerned about reliability.

Definitely. For the longest time I had my e-mail on my own DNS, (homesoftware.com) but since I'm trying to get rid of that domain name and the expensive hosting, I turned to a more flexible alternative.

I like Sourceforge a lot (they host all my projects now, which is why I no longer need my old domain) so my 'primary' email address nowadays is the forwarder they give me. Any suitable forwarder will work, but my point is if you're planning on changing services soon, use a forwarder.

Right now the "back end" to my email is just a free webmail service that supports POP3. Whenever I get DSL though, it will be even better.

I don't see the point of getting rack space when there are so many things you can host with an old 486 or pentium and a broadband connection. Heck, I host webmail (not the delivery, just the frontend) http, https, and SSH though my 56K modem and a dynamic DNS from yi.org!
Equipment, software, and DNS: Free
Internet connection: $20 / month

Re:DIY

[Osty]

(Note: Emphases added by me)

- get cable/dsl and set it up so that you have a static IP (even though cable/dsl uses dhcp you can generally hardcode your IP).

Using a cable connection for running a server is generally a Bad Idea (tm), considering

1. you typically must use DHCP, which means you won't have a static IP (no matter how satic that IP appears, it can go away quite easily at any time), and thus makes it hard to handle DNS for your domain and point it to an IP, and
2. Most cable providers restrict the running of services on their networks, unless you upgrade to a business plan. You certainly don't want your mail server to disappear some day simply because the administration caught on that you were Breaking their AUP.

- register a domain. Beg borrow or steal a dns server to use as the primary (gandi.net offers free dns hosting I think when you reg a domain).

Okay, now that's just plain wrong. You don't own the IP you're using -- your ISP does. Therefore, it's theirs to do with as they please, not yours. That means pointing domains to that IP, among other things. As well, you won't be able to do reverse DNS for your IP pointing to your domain unless you have your ISP's blessing. Try talking to your ISP before you go and do something silly like registering a domain to an IP owned by them. I think you'll find that 90% of all ISPs are quite willing to help out, and will typically even offer DNS services for free.

Please, people, try thinking before you follow advice like this.

The poster doesn't UNDERSTAND the question.

[rjh]

The reason why so many people are saying "DIY" is because the original poster is asking the impossible.

"How can I get to the Moon cheaply?"

"Do it yourself. Maybe mine ore in your back yard, run a smelter to make the metals, cast them into the proper shapes..."

Secure email is a hard subject. People study arcane protocols for years to try and come up with secure communications. I'll spare you my credentials, except to say that they're probably greater than most Slashdot readers', and I'm saying that I can't implement a universally secure email system. To people who know how hard the task is, my inability to succeed comes as no surprise at all.

SSH+POP (or other authenticated mail mechanisms), IPv6, IPSec, shell accounts, PGP... they're all great. But this poster asked for a universally secure email system, and no such beast exists yet.

When someone asks you how to do the impossible, "do it yourself" is a perfectly reasonable answer. I'll grant that it's not a very helpful answer, but if you ask a hundred people how to do something and they all look at you blankly and then say "do it yourself," that should be a strong hint you don't understand the question you asked them.

Change your POP

[NetJunkie]

Have them move you from the Seattle POP to the New York City POP. Latency will go way down. They are also in process of setting up an Atlanta POP.

Netcom went away - most of us went to Panix

[jbridges]

Netcom, the largest commercial Shell account provider disappeared the end of last month.

I considered using a DSL line for incoming mail. What happens if the line goes down or my machine crashes? I wanted stability!

Most of us found Panix as the best national shell provider (larget, most stable, been in business the longest, least likely to be bought out or transformed into a portal/AOL clone, most technical staff, reputation for keeping it all going).

It's $10 a month, or $100 a year.

You can read all about our experiences moving to Panix (and other providers) in alt.netcom.emeritus

(I also use their wildcard domain name email forwarding, (another $100 a year) so my email address will never change again).

Re:No one answers the question

[Mike Buddha]

This is a bullshit answer. What if I don't want to spend the time and resources to host my own email (or fix my car). I might have better things to do with my time.

This is a Bullshit retort. If you had gone to Cardot, news for gearheads and asked how to have your car hopped up, you should expect to get answers telling you how to do it yourself.

Coming to Slashdot NEWS FOR NERDS he should expect at least this much technical advice as to how to do it himself. This isn't an AOL chatroom, for chrissakes.

Here's an appropriate answer to the original question, using the non-bullshit answering criteria you proposed: Go to Yahoo and type Secure E-mail with SSH POP and Shell Access. Click on the first link that pops up. Voila! Problem solved.

Do it yourself with sendmail/sslwrap

[mental666]

You know you can do this yourself right? Setup a box that has an SSL/TLS enabled version of sendmail. Its supported in sendmail 8.11. It'll alow several methods of authenticating for mail relaying. From passwords to certificates. Once you have that setup, get sslwrap and wrap your pop/imap services. I've set this up for the company I work for. IE and Netscape support SSLwrapped Imap just fine. Same thing for pop. Fetchmail can be compiled to support this also. The SSL/TLS stuff is detailed here [sendmail.org]

Info on sslwrap can be found on freshmeat. Or you can apt-get it :)
Of course this all depends on your defintion of secure. It covers the authentication part in a layer of crypto, but it doesnt cover the SMTP relaying part. It can, but both servers need to support it. However in conjunction with gpg/pgp, it may be acceptable. Hope this helps.

Farewell Netcom

[fm6]

A historical note is in order. Netcom started out in the late 80s as a dialup Unix shell provider in the San Jose area. They initially catered to various people, especially students, who needed to run Unix software (especially development tools) and found the alternatives too expensive (buying your own Unix box) or too inaccessible (underfunded school computer labs). However, they soon became popular with users of usenet and email, and eventually got hard Internet connectivity.

Their first operating center was somebody's living room. Their first machine was a 386 running Xenix -- an nasty example of what happened when the Redmond Bit-Twiddlers [microsoft.com] tried to do Unix. They eventually moved to Sun hardware.

At one time, a Netcom user at a newly-installed POP was quite likely to get a Talk request from the owner, Bob Reiger, asking him if the connection was working OK. Things were never quite the same after Netcom went public and Bob bowed out of management. The handwriting has been on the wall for years: they never upgraded their Sun shell boxes to Solaris-compatible hardware, support declined, etc. Now they're just a tiny part of Earthlink, which doesn't do niches.

__________

Public flogging

[Graymalkin]

years ago I gave Earthlink a call and asked them why they didn't offer shell accounts to their customers (after hearing some ISP's my friends were using offered shell accounts). He asked if I was a hacker. Confounded I asked the customer service dude why in the hell he'd ask me that question and he told me that I didn't need a shell account if I wasn't a hacker. I think this is a pretty popular belief amoung large ISP's though. They see shell accounts and REALLY secure email as a big sign on their backs that says kick me. For every one of us that only uses said shell to check email or something basic there is one guy who's going to think he's l33t and abuse the privilage. That one guy is the one the large ISP's are worried about because they become liable since their machine is the offender.

Re:How to Get 0\/\//\/3D Fast

[micahjd]

Yeah, I give a few people I know (and mostly-trust) shell accounts (via a 56k modem!). Used to be with Telnet, but once I fount out how evil it is I switched to SSH.

Main reason for switching from telnet was when I found out how bad my school's network is. (which is where I usually used to connect from) They're paranoid about network monitoring, but they have 0 security. Things like routers, hubs, and printers with no password. You had to use nmap to find 'em, but if you did, it's trivial to bring down the office's laser printers, turn off a few network segments, etc.

Of course, an account on a reasonably-pseudo-secured system like mine can still manage to annoy. This has only happened once or twice, but a friend decided it would be fun to run a few hundred processes on my workstation ;-)

So many facilities take the security approach of blocking everything at the door, and betting their network that nobody will get in, and that the people already inside won't do anything. Unless you know the IP addresses of those routers and such, it's impossible to touch them from an iMac, but my laptop with Slackware and an ethernet card could bring down the whole thing if I were malicious. (and if you're wondering why I run slackware, it's a 486 with a 200MB hard drive)

Re:Danger, Will Robinson!

[micahjd]

I've been shopping for DSL with the intent of running a server too. I found Telocity [telocity.com]. It's not installed yet, so no personal experience, but from the web site it looks good. They say they're linux frienly and they actually encourage running servers or hosting domain names. (static IP)

Anybody have more info, or a list, of free (libre) DSL providers like this?

Re:DIY

[nsushkin]

A useful advice:

Get an easily configurable DNS service as in register.com [register.com] or easydns.com [easydns.com]. This way you can easily flip your domain name to a different ip address. If you register your domain at register.com or easydns.com, they will resolve your name to your IP address for free. Network Solutions will force you to use your DSL ISP for DNS. It could be hard to convince your ISP to resolve your DNS name if you're on a cheap service plan.

Also, easydns provides a backup MX, and they will even store your mail for something like 5 days if your primary MX is down. It's a very good idea if you're your own MX and your DSL connection tends to go down once in a while. Easydns also provides dynamic dns services, but I don't know if it works well if you're your own MX. Concentric web hosting cnchost.com [xo.com] and others usually provide good uptime and a few or unlimited number of POP boxes and even shell access. However, they rarely provide IMAP or SSH. Nick.

Re:DIY

[matman]

Sorry, but openBSD doesnt magically fix all security holes in all software. If you install an MTA or something that openBSD team hasnt audited, then you're in the same boat as everyone else. Even if they have audited it, there's no proof that it doesnt contain ANY undiscovered holes. Then there's ip spoofing and trust based attacks, civil engineering, insider attacks, privacy based attacks, etc etc. Remember that nothing fixes everything - and there's no such thing as a totally secure system (ie anything that you can be sure that only you control TOTALLY).

Try eskimo.com

[baronmog]

They've been around in various forms since the mid 80's. I've had a unix shell account with them since 1993. Although I no longer live near any of their dialup numbers, I still use them for email, via ssh. They won't feed you any bull, give you a free two week trial run, and are prompt about reporting outages (and the reason why). Outages related to shell service and email are relatively rare. Certainly better than SWBell (who I get DSL from, at the moment).

www.eskimo.com [eskimo.com]

Re:Best server: 127.0.0.1

[Bryan Andersen]

Not a good idea if you are using a cable modem, DSL, dialup, or other unreliable connection. If your DNS is up but your mail exchanger is down, the remote (sending) host will queue your mail but if you nameserver is down, it will most likely be bounced immediately.

It actually can work quite fine. I have a DSL line, my own DNS server and a few other services running. My ISP VISI [visi.com] provides secondary name services for me.

Re:How to Get 0\/\//\/3D Fast

[erotus]

micahjd said "Used to be with Telnet, but once I fount out how evil it is I switched to SSH. " Good for you! I'm glad more people are switching to ssh. I had a friend who seriously got screwed by crackers and script kiddies because he used telnet and let his friends have access to his box. Someone probably was running a sniffer and caught a plain text login/pass combo and that was it. They used his box to send all kinds of spam and they used his box to hack multitudes of other boxes. Needless to say, @home got in touch with him and threatened to cancel his account if it happened again. Now he runs ssh and is much more security concious. The moral of the story: you can't be too secure!

Re:DIY

[stab]

Or use just use qmail [qmail.org], and let the world know you are using a secure MTA [cr.yp.to] :-)

Look closer...

[yerricde]

Requirements aren't met: SSH access

YM SSL. SSH accounts are shell accounts; only SourceForge [sourceforge.net] gives those out anymore.

and I assume POP that you don't have to pay for

The article said "POP over SSL or better." AFAIK, Hotmail [hotmail.com] can be configured as HTTP over SSL.

Re:DIY

[Bryan Andersen]

OpenBSD may not magically fix all holes, but it does provide a very nice secure starting point. Even though OpenBSD is very secure right out of the box I still wouldn't drop it directly on the net. I'd have a firewall between it and the net. Both my OpenBSD boxes that are on the net live behind a firewall. I wouldn't do it any other way.

Seagull Networks www.seagull.net SSH+SCP

[goingware]

I strongly recommend Seagull Networks [seagull.net] at http://www.seagull.net/ [seagull.net]

Whenever anyone asks me for a hosting recommendation, I always recommend Seagull.

No, Seagull is not an ISP. While it would be nice to have a secure ISP, you're better off using any random joker for your ISP, owning your own domain name so you can relocate it in the event your service tanks (I discuss this in Market Yourself - Tips for High-Tech Consultants [goingware.com]) and accessing the hosting service via SSH and SCP (secure copy). Note that it does no good to only use SSH - you have to use SCP as well.

Here's a sample SCP command line, in case you can't figure it out, it's very simple but I had a hard time from the man page:

scp foo.bar crawford@www.goingware.com:.

The above places file foo.bar in the home directory of user crawford on www.goingware.com.

scp crawford@www.goingware.com:web/index.html stash

This copies index.html from directory "web" on www.goingware.com and places it in directory "stash" on the local machine.

Please read my web page on Why You Should Use Encryption [goingware.com]

Besides being a good service, it's a small enough company to offer personal service. I've sent support email to the webmaster at 2am his time and had the problem fixed and the mail answered within the hour.

But even though it's a small service, it's not a low-quality service. They have high-performance machines, they are in a good colo facility with a high-speed connection to the backbone, they upgrade their service regularly and the webmaster, Paul Celestin, is just a damn nice guy.

I'm not sure if he still publishes it but Celestin used to produce a CDROM full of useful free source code for the Macintosh. Some of my own Mac open-source programs were on it.

These are the sites I personally have located there:

• http://www.goingware.com/ [goingware.com] - My consulting company, GoingWare Inc. My livelihood depends on the reliability of this site.
• http://www.wordservices.org/ [wordservices.org] - Seagull hosts this public-service site for free in exchange for me placing a small banner ad on some of the pages
• http://www.geometricvisions.com/ [geometricvisions.com]

In addition, my wife has a couple sites on Seagull through my account, and my friend Andy Hasse used to host http://www.williebrown.com [willbrown.com] there (yes, if you live in San Francisco you might remember that Hasse was a consultant to mayoral candidate Clint Reilly when the Brown campaign discovered Andy owned the williebrown domain.)

I have a couple tips for you on checking email. I use PGP when I'm trying to be secure, but it's really not that much that I really care for complete security. But I just don't like people snooping on me, mostly I think it's none of their damn business what's in my mailbox even if it's spam.

So mostly I read my email at seagull using elm while logged in via SSH, and when my mailbox gets big, I move it to my home directory and copy it to my home machine via SCP:

goingware$ cp /usr/spool/mail/crawford ~

goingware$ echo "" /usr/spool/mail/crawford

back on my home machine:

C> pscp crawford@www.goingware.com:crawford .

It is also possible to download your email via POP with SSH via port forwarding. I describe this on the BeOS Tip Server. [betips.net] It doesn't seem to be responding right now but if you go to its search and enter "ssh" you'll find the tip I submitted called something like "Secure email download via ssh". The instructions have some BeOS [be.com] specific items but most of what's there will work on any systems.

Don't have SSH? Try one of these:

• Nifty Telnet/SSH [lysator.liu.se] for Macintosh - includes a graphical SCP client!
• putty [greenend.org.uk] for Windows (also supports NT/Alpha) and pscp for secure copy
• CygWin [redhat.com] - a GNU environment for Win32 - use bash, compile with GCC, a lot of linux code builds right out of the box in Cygwin
• The Secure Shell Community Site [ssh.org]
• SSH Communications Security [ssh.com] (commercial)

CGI's at Seagull, williebrown URL, BeTips SSH page

[goingware]

I mistyped the URL to http://www.williebrown.com [williebrown.com] in the above, give this link a try especially if you live in San Francisco.

The BeOS Tip Server [betips.net] page on doing POP with SSH is at Secure Email Download with SSH [betips.net]. Note that POP exposes your password unless you use port forwarding with SSH as I describe (or some more advanced download method). Don't think you're super-cool if you SSH to do your shell access but then download your mail with plaintext POP!

Finally, seagull allows you to install your own CGI's that you can get wherever you want or you can write them yourself with the full set of Linux developer tools they have on the servers - so you can write CGI's in C++ rather than Perl, if you'd like.

Also, I just have their "Lieutenant" hosting for $20/month, they have other options for higher prices such as root FTP server and SSL web page service as well as paying for high traffic so you can run a commercial site there.

Geographic Independence - access vs. email

[billstewart]

In this situation, your email account can be anywhere on the net, so you've got a lot of choices. Most of them are small ISPs, because that's who offers shell accounts and security flexibility with SSH, but you're trading off smallness vs. redundancy a bit. I've been quite pleased with idiom.com , and other people have mentioned Illuminati Online. Another place to look is Anonymizer.com, if they offer shell accounts. Or you could check out XS4ALL.NL, in the Netherlands, if they do shell.

Finding a provider who won't roll over on subpoenas is tough - just about anybody big enough to be incorporated (you wanted reliability) will respond, though some will go out of their way to help anybody official-sounding who asks, while others will insist on seeing court orders on paper first. Non-US / Non-UK providers may have some advantages, since most people don't want to bother getting a Finnish court order just to yell at you about something you posted on Usenet that they didn't like.

It's important to own your own domain name

[goingware]

I mentioned this earlier in my recommendation of Seagull Networks [seagull.net] (note - SSH, SCP and CGI's you can write and install yourself, even in C or C++) - but I'll say it again.

If you want reliable email, it is important that you own your own domain name. If you want email to get to you easily and reliably, then it's important that the domain name be easy for people to remember and to spell, even when you've just spoken it to them over the phone. (Note that while my business name is GoingWare, Inc. [goingware.com] I've also registered goingwhere.com [goingwhere.com] and had Seagull alias it to make sure people can find me.)

You think your Yahoo or Hotmail account is reliable? Guess again. How many big companies have tanked in the last few decades? What if yahoo decides it's not worth their while anymore to provide email service, even if you want to pay for continuing to have the privilege of having the same email address for the rest of your life.

I was proud to be one of the first customers for Scruz-Net [scruznet.com] - until they went down for a week just after I started my consulting business!

And they've been bought out more times than I can count. I keep my old ISP account there mainly because I haven't moved all my web pages yet, but periodically I download all my email from there and pick the real mail out from the spam and send them a message asking them to use my new permanent emails, either crawford@goingware.com [mailto] or michael@geometricvisions.com [mailto].

I've also got a few pages on scruznet that I feel are important for people to be able to find in the distant future, so I'm slowly going through my old site there, moving the pages to one of my own domains, and putting a page in the original's place with a META REFRESH tag and a note. But the problem is that some sites have permanent links to my scruznet pages embedded in their databases that I've been unable to get them to correct.

In the long run, I'll close my account at Scruznet and they say they will redirect accesses to my old site to a single, fixed URL but people may not be able to find what they're looking for.

As I emphasize in Market Yourself - Tips for High-Tech Consultants [goingware.com], it's important to own your own domain name not just to maintain a professional appearance and so your customers can find you, but everyone should own their own domain name so they can have a permanent address.

If you own your own domain name and your service should go bad, you can relocate it to another provider and be up in a few days. Mainly you just have to wait for the new DNS to take effect.

(For other helpful programmer's tips (mostly technical) see GoingWare's Bag of Programming Tricks [goingware.com].)

An added benefit of owning your own domain name is that you often get what are incorrectly termed "postmaster" email addresses. With these, any mail sent to anyuser@yourdomain.com will be delivered to your mailbox. You can combine this with filtering email clients to suppress spam. You still have to download the stuff but what you do is sort all of your legitimate mailing list mail into separate mailboxes, and mail addressed to your real name into the main mailbox you read, and leave everything else in your inbox.

Then if you need to give a website a valid email address, say to allow them to send you a password, you give them the email theirdomain@yourdomain.com.

If they sell your name to a mailing list at least you know who's done it. For example, this is the way that I know that Citibank is using the email I used to log into my cardholder webpage to access my account - I've only used that particular email for that one page. But Citibank is now sending spam to this address asking me to sign up for their card! How dumb can they get!

If you really don't care whether an email address should last, as when signing up for a web page, this is when you really do want to get yourself a Yahoo or Hotmail account. That way their servers can handle all the spam and not yours.

HushPOP

[XNormal]

Hushmail has a feature that allows reading your email with standard POP clients isntead of their web-based applet interface. Unfortunately, it is for Windows machines only at this stage. Any chance they might release a pure java version? (it's implemented mostly in Java)

----

Re:Netcom went away - most of us went to Panix

[jbridges]

If the DSL goes down, or your machine crashes, your ISP's SMTP server should take care of your inbound mail. Absolutely no problem, as long as both MTAs and your domain's DNS are set up properly.

And that mail stays in limbo until you get your server or DSL line back up, or have your ISP redirect the mail. I had my DSL line down for 4 weeks!

And I wonder how long the ISP's SMTP server will hold/forward that mail before sending back tons of bounce messages.

And if the problem was that ISP's connectivity in the first place, you are still screwed.

The whole point of going with someone like Panix is: Cheap stability. They are one of the oldest ISPs still in business, and the largest one with shell as the center of their business (as opposed to a sideline so a few techies can maintain their CGI scripts).

And DON'T use a meaningful Subject title

[Delirium Tremens]

Keep in mind that the header of an encrypted email is not encrypted. So if you send an encrypted email to one of your fellow terrorist friends, don't be surprise if the Feds show up at your secret rendez-vous because the Subject of your email was "Bombing preparation notes for Oct 28th, Union Square, SFO".

Hurricane Electric

[robocord]

I can't speak to their political views or their propensity to comply with c&d letters or the DOJ, but Hurricane Electric [he.net] meets all of your other criteria.

For $9.95/month, you get full shell access with SSH, up to 11 POP3 mailboxes, and a bit of web space and traffic. The URL for http can be your own private domain, and I don't think they charge extra for that.

I've been using he.net for about five years now and only one time have I ever failed to reach the server because *it* was down. Since it was 11pm on a Sunday night, I was stunned when an actual human answered the phone after one ring. He had already been alerted to the problem and was connecting to the console server as I called. Five minutes later, all was well.

I *highly* recommend Hurricane Electric, but only if you're a self-starter. They're not into holding the hands of newbies.