Moving off self hosted email - 2022-02-26

talk-w-bubble
Since March 4th, 2021, I have hosted my own email for this domain. Since May 8th 2021, I have hosted my own email for this domain. I could definitely receive and I could send
reading
Then May 8th, 2021, I wanted to do something neat I read about online for fun:

CheckTLS

checkmark
And I was successful! Green checks across the board on CheckTLS. I managed to use each standard effectively, I was in complete control of my server with reverse PTR records and everything! I didn't know these record types existed until I went through all this.
excited
Next I automated checks for my DANE TLS records, this helped me stay on top of my ACME TLS integration with Let's Encrypt. Its put together with a cron job and a shell script which uses curl, jq, and openssl to update and verify DNS records in Cloudflare.
math
I was proud that I could technically achieve something cool (to me) and have it externally verified, while being so low resource (literally bash scripts and utility calls) it could run on a server with less than 64 MB of free memory. I literally pay $1 a month for it so it does not have much memory.
big-a
Then I tried to test my email setup with a few friends. For one of them I got back a rejection response, it mentioned:
host mx.zoho.com[204.141.43.44] said: 541 5.7.1 Mail rejected due to antispam policy
After digging into it among the many seemingly free email validation services, I see a few problems.

Problems Detected

frustrated2
Oh right DMARC RFC7468. I've dealt with this at work a few times, as well as SPF RFC7208. Not too hard... So I fix those and wait a few days.
frustration
But the problem persists. It comes and goes too! I do literally everything right to the spec on inbound and outbound. One problem mentioned that my IP addressed was blocked by UCEPROTECTL3. So I look at this UCEPROTECT thing, and it's some website that's not even secured with HTTPS!

UCEPROTECT Website

laptop
What is this thing? They do some sort of black hole listing that lasts for 7 days per violation. I look through it and there's something about paying for removal? It is about $100. But that's only for Level 1, I was on the level 3, what's up with that?

UCEPROTECT Extortion

f-off
UCEPROTECT Level 3 blocks ASNs which you can think of as a group of IP ranges operated by an ISP. They want the ISP to take down misbehaving / spamming actors on their network. One could theoretically pay them to remove an ASN block for.. $485. But once a single IP address spams again, they'll add it back to their block list and keep the money.

UCEPROTECT Extortion

table-flip
I have zero spam history attributed to my server. And yet I can't send reply to someone who I paid for a custom pattern of my character?
hotmail-com.olc.protection.outlook.com[104.47.74.33] said: 550 5.7.1 Unfortunately, messages from [...] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3140).
This sucks.
UCEPROTECT is a scam
Archived Tweet

UCEPROTECT is an extortion racket

dread
The price has increased three fold since I first looked at their prices last year. The pandemic hits spam grifters hard too, huh?

guess-i-will-die
I have to depend on yet another service because of spammers and Scammy Real Time Black Holes.

CheckTLS with fastmail

crossmark
My email is now serviced with fastmail. But it wasn't smooth either.

Google checks MTA-STS

disappointed
Fastmail did not detect that I had to migrate my MTA-STS settings. Which of course lead to Google refusing to send outbound from google to fastmail. I had the TTL set to 1 day, so switching that was a bother.

Facebook can send and receive

gendo
Everything seems settled now with Fastmail. I can communicate with people at orgs that should have competent email filtering without issue. So I'll leave it at that.