Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

> That said, (before things like SPF) it was easy enough to deliver email to anyone you wanted even if you didn't have your own real email account and SMTP server

Yup, this was also a fun exercise. Use nslookup, find the MX records, then telnet to them and deliver some mail destined for domains that email server handled. At that point you're just a slower version of a mail daemon.

In 2006 when FIOS first rolled out they assigned ARIN IP blocks to anyone who requested a static IP and I hosted my own webserver and email server on the web. So for a long time I had my own netblock and my email server had been around for so very long it was in everyone's legacy trusted list. Even gmail never bounced emails from me, despite not having SPF or DKIM and whatever else. Though I did eventually set those up. Only authed users could send email and that was a limited list so my netblock never actually delivered a spam message.

Funny enough I also setup default routing so all non-registered addresses went into a separate mailbox for me and I used the "companyname@mydomain.net" for everything. For many years I knew about every single data breech before anyone else. Often months or years ahead as spam would arrive out of nowhere to that address.

When I finally moved to the bay area to work in tech for real the entire world had changed. You couldn't just get a netblock assignment anymore. And lord knows even if your ISP wasn't deliberately sabotaging your ability to run a server every other system on the internet would assume you're a scamming spammer. I had to give up self-hosting on-prem.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: