this post was submitted on 21 Apr 2024
61 points (94.2% liked)

Selfhosted

40458 readers
327 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I self host pretty much everything, but one of the services I find makes more sense to not self host is an email server.

I’ve got a few domains I’d like to have emails for, and usually I’d go for Tutanota or protonmail. But in this instance I’m looking for something dirt cheap. These domains are for a hobby club so I’m much less concerned with privacy like I usually would be. Anybody got any recommendations?

So far namecheap seems like my best option for under $8/month. They would bundle with my domain registration and I’m assuming having both on the same service would make things pretty seamless to set up.

Not crazy concerned with privacy for these particular accounts. Namecheap or similar is reputable enough.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

If you’re using Google Workspace, Google will give you the appropriate DMARC, DKIM and SPF records to add to your DNS. The NS themselves should resolve the records and provide the recipient server with the values you’ve entered, thereby ensuring delivery.

Sure. But why would that matter when you're dealing with hostile 3rd party email providers that intentionally want to blackhole all email domains at Namecheap? But yes, just to clarify I do configure DMARC/DKIM/SPF and that works great for most cases.

I'm just describing what worked for me though in truth I don't know exactly how these hostile email providers actually determine the domain is hosted at Namecheap. My hunch is that they are using a lookup & finding the nameserver for the domain & have already blacklisted Namecheap's default free nameserver IP addresses. For whatever reason those same hostile email providers don't seem to be blacklisting Namecheap's paid nameserver but I think that sort of makes sense...

The larger issue is that Namecheap is known for cheap domains that scammers/spammers tend to buy in bulk & then use to spam with. Those same scammers/spammers aren't trying to spend extra money so they only ever use the default free Namecheap nameservers.

[–] [email protected] 4 points 7 months ago (1 children)

No it does not make any sense. There are literally thousands of domain registrars out there; almost every single last one of them will offer free DNS service with registration. Also, more specifically speaking, DNS provider host provider look up is not even part of email delivery flow.

The most well known spam registrar is GoDaddy as they spam ads everywhere, and everyone and their third cousin’s dogs know about them. NameCheap is a large registrar but isn’t that big of a fish comparatively speaking. But, regardless, blocking any registrars that size the way you’re describing would break way more businesses and hurt the recipient provider’s own reputation. This honestly starting to sound more and more like a smear campaign as opposed to anything grounded in actual technology.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

But, regardless, blocking any registrars that size the way you’re describing would break way more businesses and hurt the recipient provider’s own reputation.

Yeah I thought that too but when speaking with the email admin that was blocking Namecheap while figuring this out they had already decided it wasn't worth trying to allow the 1% of valid emails vs the 99% spam emails they felt they received via Namecheap domains.

This honestly starting to sound more and more like a smear campaign

Smear against whom? I'm a Namecheap customer, just relaying my own experiences using them. Besides that quirk I like them fine as a registrar.. I know it sounds dumb but I even renewed my domains there even after those email issues.

It's fine, you don't need to believe me as I said it's just my own experience using Namecheap domains for emails. But you could just google around, you'll see plenty of people discussing Namecheap & looking for solutions to block them (or solutions to successfully send emails with hem).. it's not something I randomly made up if that's what you're implying.

e.g.

https://community.spiceworks.com/t/blocking-emails-based-on-registrar/816565

https://tacit.livejournal.com/608386.html

https://shkspr.mobi/blog/2021/05/why-do-scammers-love-namecheap/

https://www.reddit.com/r/NameCheap/comments/13t6fvm/namecheaps_private_email_is_blacklisted_by/

https://www.reddit.com/r/NameCheap/comments/wlb6vp/namecheap_making_it_too_easy_to_register_domains/

https://www.reddit.com/r/NameCheap/comments/tz4mkb/my_emails_are_always_going_in_the_spam_folder_of/

https://www.reddit.com/r/NameCheap/comments/ye358x/i_am_getting_a_ton_of_spam_scams_from_namecheap/

etc.

[–] [email protected] 3 points 7 months ago

The name servers themselves is not part of the equation. The commonality in all those linked are sending emails from Namecheap’s shared hosted email/website, not name servers. Sending email from shared hosted email/website is asking for trouble, doesn’t matter who you’re hosting with, because those IP range are always abused, especially with the larger providers, simply due to a larger exposure. The detection mechanism here is really simple and observable via raw mail headers by checking the Received: line. Filtering emails from this information here is a typical part of the anti-spam model. A typical implementation would be via DNSBL providers such as Spamhaus, Sorbs and alike. The solution is always to use trusted transaction email services to deliver email from the website instead.

That, however, is a very different problem than the dedicated email services like Google Workspace Gmail, because you’d not be sending from your web server’s IP address, but rather via Google’s dedicated range. As such, the Recevied: line is much less likely to yield a match in DNSBLs. Validation for these are then done via the SPF/DKIM/DMARC records on your domain, checking if your configuration permits delivery from server at the Recevied: line (look for Received-SPF) and whether or not you have the appropriate signing (look for Authentication-Results: and bits about the various stages of DKIM and DMARC).