Topfi2 days ago
That seems very similar to Resend, which has been a joy to use for my part.
That's great - and maybe I'm cynical - but that's right where my mind went when I read that. Trading income for control isn't a bad game..
And always will be.
Are digital content creators lazy too? Why don't they just host their content on their own damn servers?
Do you talk to your customers with that mouth?
For those who are lazy to click, this guy's business is hosting and maintaining a sales platform for people.
(cloudflare customer, in both personal and professional capacities; i pay Fastmail to host family email; both can easily be switched if needed to prevent lock in, with DNS changes and in the case of hosted email, an export of mailboxes and tenant config)
And there is a spectrum to this. For example, using a small, independent email or hosting provider may cost a little more time, but makes you more independent from big tech, and maybe more importantly, contributes to reducing the power of big tech. We are all paying for it, down the line.
Paying Fastmail, along with others who do so, means Fastmail will remain as a non Big Tech option, for example (they also developed and championed, JMAP, for a more efficient user experience). Paying Kagi means Kagi will remain as a non Big Tech option. Donating to Let's Encrypt means Let's Encrypt will remain as a public good independent of Big Tech. I could go down the list of every service I pay for to de-Google and de-Big Tech, but that's likely unhelpful to further demonstrate the point.
> We are all paying for it, down the line.
Indeed, so establish and fund organizations that provide systems and services for benefit vs profit and control that cannot be captured. Self hosting your own box at home helps you (which is totally fine and reasonable, I run my own on prem infra across two continents at small business enterprise scale for use cases I cannot procure commercially at reasonable cost), but does nothing else, and doesn't scale.
(think in systems)
You get to respond to requests and your data cannot be handed over without your knowledge.
but I do mind my data being drag-netted, or hoovered up by scummy big tech and then sold on
(whether that's for slop training, ads, anything really)
Citation requested. Big tech considers your IP address dishonorable, and blackholes your emails. How independent are you now when you can't email any providers that use blacklists?
> contributes to reducing the power of big tech
Again, citation requested. Big tech will just blackhole your emails and you'll only find out when your users complain.
I also see a lot of comments from those who have admittedly never tried, telling me that I'll be blacklisted and not even know.
I don't know if this is some kind of confirmation bias, or if there's just a very vocal bubble of people without experience talking about how difficult it is.
That such a database has other uses would be a happy coincidence.
New but non-standard niche browsers are also problematic.
Website owners may understandably be appreciative of CF. But as as someone browsing the web, I think it's done a lot of irreversible* damage to the open internet.
* I say irreversible because I don't think they'll be looking to improve this anytime soon, but rather add more restrictions.
Cloudflare succeeded to do what Google tried and failed with AMP, and we are all the worse off for it. [Though at least it is not Google, that would be worse.]
I cannot afford to be DDOS'ed and there are bad actors that have already proven that they _will_ take me down if they could. So, I feel bad for the internet being walled up, and I feel bad for users that will lose access. And I fret that one day CF may just decide to take all my content and use it somehow to shut me down.
Meanwhile though, I hold my nose, cry inwardly, and continue to use Cloudflare.
Just be a good little consumer.
The ire should be reserved for if and when they establish some kind of monopoly or other anti-consumer practices, fall afoul of anti-trust law, and inevitably the US government gives them a free pass for criminality like it has been doing for years with dozens of other Big Tech mergers, rollups, exclusivity dealings, etc. and appears to have just done again with Google a few weeks ago.
It is fine for big companies to offer competing email sending services. It is not fine for them to break competition laws.
Also yes, please do set up SPF, DKIM and DMARC for me. I may very well end up using this down the road because they say they'll do that for me and I just don't want to think about them in some situations.
I'm going to take this opportunity, because hopefully Cloudflare will see it, to request they support SPF record flattening natively.
Google is in a perfect position to compete but they don’t, so it’s not like Cloudflare is a monopoly or something.
At least they’re not selling ads using your data.
1934 [1].
[1] https://tile.loc.gov/storage-services/service/ll/usrep/usrep295/usrep295602/usrep295602.pdf Humphrey's Executor vs. United States
At least you're referencing the United States in 1934, though. Things were very dysfunctional politically in the US at that time, but not nearly as bad as what was going on in some other parts of the world.
Seriously? You don't see the relevance of independent agencies to this discussion?
And the dynamics of inter-branch checks and balances within the US federal government aren't directly relevant to the question of whether the federal government as a whole is a reliable institution in the first place (nb: it isn't).
You don’t see a reliability difference between a self-moderating and unmoderated system?
Do you see any value in QC?
I mean the reconstitution of AT&T was one of the IMO the biggest middle fingers to the public I've seen. It was broken up because it was a bad actor and now its back again as a worse than ever bad actor. That was kind my wake up call. I'm sure there is worse though that I don't remember because it was not tech related.
I could be wrong I'm not a huge politics person. Either way I don't think any response to me invalidates my opinion that the current government would not do a better job than cloudflare currently is.
I trust a corporation more than I trust the nation you want it nationalized in (America?)
EU maybe. But yes I don't want cloudflare to be part of america after patriotic acts and all the dystopia.
Honestly, cloudflare is not so vital to the internet. Like, The only thing its gonna be a problem if they stop working without giving any way to migrate. Then yes, its gonna be a bit of problem to the internet.
Really? Try distrusting CF certs, and see how much of your internet activity breaks. CF certs should be distrusted, because it's MITM by definition. At the very least, I'd like an addon that makes the URL bar bright red, so I know my connection isn't secure.
Though arguably neither should be in a position to do so without being regulate as a public utility
Also, I know that there are sometimes where cloudflare sits in the middle between your servers and your users for DDOS protection, and so yes theoretically its a point of interception but given how their whole thing is security, I doubt that they would exploit it but yes its a point of concern.
On the other hand, if something like this does happen, migrating can be easier or on the same level if something like this happened on like AWS.
But cloudflare still feels safer than AWS y'know?
That being said, I am all in for some regulations as a public utility but not nationalizing it as the GP comment suggested. Just some regulations would be nice but honestly we are in a bit of tough spot and maybe it was the necessity of the internet to have something like cloudflare to prevent DDOS's.
I think that cloudflare is used by most as DDOS protection and so they still have the servers.
There are also cloudflare workers and pages but even migrating them is somewhat doable as I think that cf workers have a local preview option somewhat available in their node etc., so you could run it locally somehow.
Sure its gonna be a huge huge problem but something that the internet might look past of (I think).
Honestly, I kinda wish that there was a way to have something like how the tor onion links work in the sense that the link has the public key of the person running the server and so uh, no matter if its cloudflare serving the link or something else, its still something that can't be MITM'd for the most part.
Am I right in thinking so? Sure, its gonna make the links longer but maybe sacrifices/compromises must be made?
My opinion is simple, age verification won't work unless they block VPN (something which UK wants to do/ is doing) and that sets a really really bad precedent and I doubt if its entirely possible without breaking some aspects of internet or complete internet privacy.
EU in aggregate is net positive but it still has some things which are kinda flawed regulations that are a bad precedent, but germany kinda blocked the verification thing iirc so there is still a lot of hope and EU does look like its trying its best but I think that it can do just a bit better if they don't think of age verification or some other stuff but that's just my 2 cents.
This was why I added "maybe" tbh. They are one of the best options but even they aren't thaat good. Like its questionable I think and needs a much bigger debate
I'm not sure that sounds like a good idea, if that's what you're saying.
Maybe if Cloudflare had workplace democracy my concerns would be different, but they don't and wield too much power.
If it also helps I also think 99.99% of big tech should be broken up into separate, probably a few 100, different companies.
So yes, anything vital for the internet should be controlled by the people through democratic norms, institutions, and values rather than dictatorships by those with money over those with none.
Everything reduces to specific people acting on their a priori motivations in bounded contexts, and any system of centralized control is guaranteed to enable expressions of the worst motivations of the people involved. The distinctions you're making -- "private" vs. "public", "corporations" vs. "governments", etc. -- are fundamentally meaningless.
There are no "democratic norms", just norms adhered to by specific people and the factions they form, contesting against each other for power over others. Performative "democracy" is often just cover to allow the currently dominant factions to function as "dictatorships".
Decentralization and individual autonomy are the only solution to the problems you rightly care about, but what you're proposing is literally the opposite of that.
Amazons only advantage is it's massive selection, if you can find what you're looking for.
internet is made sooo much better by negating all encryption effort of the last 20 years
Yet. Since it's an american company with an ever-growing influence, I dread and expect that to change, among other things, down the road. I assume the three-letter agencies also already MITM the traffic.
However, I guess they have become the major player now and certainly try to optimize the world towards their business model.
IMHO it needs other enterprises entering the competition. Maybe it could be new more software defined mobile network providers offering edge compute. Maybe data from IoT could never enter the Internet and we could have some confidential computing power when we need it for our IoT stuff. Maybe we could get a more decentralized Internet again...
I don't think that's it, and I think the explanation is much more simple and straight-forward.
Cloudflare established a very successful business model around a straight-forward, very transparent, no-bullshit CDN. Now, they started offering other cloud services build around their CDN. Cloudflare Workers kind of extend their CDN pipeline to allow clients to run arbitrary code to customize caching logic, but it turns out their function-as-a-service model is exceptionally good, and higher-level services like email are a low-effort way to meet existing needs.
Please, educate me and tell me what's up.
Trying to unravel all that is an absolute nightmare.
I'm not discounting their innovations but had they not been VC funded and given away free service I suspect many would still never have heard of them.
What does this purity test accomplish? that's just how things work in this industry. Can you name a company that has innovated on their scale that hasn't taken VC?
Cloudflare built a business around b). This doesn't save on hosting costs, only lowers some operational and legal risks.
It is a legitimate business, from my perspective. I'd just wish we weren't in a situation where CloudFlare isn't exactly struggling to sell their services.
I'm perplexed by this sort of comment. Cloudflare doesn't even feature in the top 10 of cloud provider market share, and the number 8 spot already reports 2%. And here you are, complaining about Cloudflare and centralization.
Furthermore, AWS is by far the biggest cloud provider, reporting around 30% market share, and I don't see AWS being referred as a concern.
1) https://www.theregister.com/2024/12/13/cloudflare_2024_review/
Point being, it's a commercial subverting the Internet from inside, reshaping it to better serve the interests of commerce. It is indeed protection, but it's accomplished by reducing variance. 99% of legitimate commerce on the Internet follows the same patterns, use a small subset of possibilities offered by the technology - so why not just block the remaining 1% that doesn't fit and call it a day? It will stop most of the threats to running businesses on the Internet. The 1% of legitimate commerce that doesn't fit the pattern? It's not being ignored per se, just pressured to adapt and conform to the majority.
What is being ignored is that the Internet is not just a place of commerce, and non-commercial use cases, ideas such as empowering people to better their lives, are gradually becoming impossible, as fundamental Internet infrastructure becomes inhospitable for them.
Some of us still remember the Internet being more than just a virtual mall, and are unhappy about it gradually becoming one. And it's not like CloudFlare, et al. are hostile to non-commercial interests as a matter of principle - it's just out of scope for them.
Your second paragraph talks about other (non-commercial) sites. I think I'm missing the link here. Why would the admins of such sites resort to Cloudflare if 'fundamental Internet infrastructure becomes inhospitable for them' by making that choice? They could very well choose to implement their own or no measures at all.
I think the issue is that the general threat level has massively increased compared to the past - not in terms of sophistication but frequency/scale. But that's a consequence of widespread adoption, nothing Cloudflare in particular is responsible for.
Marketing and free tiers.
But my point is that Cloudflare is addressing threats that predominantly affect businesses, and does so well, but the way it does is effectively changing the whole Internet to be more hospitable for commerce, and less hospitable for any other kind of use.
Don't blame site owners and service that is trying to help them. Blame the fact that 90% of today's Internet traffic is bots
- site owners can have protection as long as it doesn't inconvenience me.
Replace "me" with "legitimate users" and replace "inconvenience" with "very aggressively inconvenience or entirely block".
Then yeah you have it.
They're also essentially a deanonymization reverse proxy that can track everyone's browsing history and decide whether you get to see websites based on social credit.
But I don't think they care if they block firefox users, or people who delete cookies, or VPN users, or Tor users, or people who resist fingerprinting, or people who block ads, etc.
I guess whatever revenue you lose you make up for in a lower hosting bill. I just go to your competitor that doesn’t have the horrible UX. Usually those websites also tend to have much more optimized web pages too so it is an all around better experience.
Many of my websites get 98% of their traffic from bots and bad actors, but it doesn’t really matter because the extra load of all these fake requests is absolutely negligible. I have a hard time understanding how someone would be bothered by an extra 50k requests a day. That’s less than a request per second. Most of the sites on even the weakest VM’s can easily do 10r/s these days.
if someone can foot the bill then I happily let them use it for free but its coming from own pocket
Sounds great, until a new CEO steps in. Any company is exactly one (or more often zero) CEO away from doing whatever they want (within legal constraints) with their business, in order to fulfill their fiduciary duty (and greed).
It looks like you have voting shares with 10x the power of institutional investors, but activist investors aren't dumb either.
My biggest fear of Cloudflare has always been that one day you'll get hit by a bus and someone will figure out that merging Cloudflare with an ad network would create so much more shareholder value. The road to hell is paved with free DDoS mitigation, so to speak.
Too bad you don’t hire senior folks in Germany currently, would probably join in a heartbeat for emotional reasons alone. Keep going, lightweight features on a tap and solid reliability over years is exactly what I need and want at least.
At least Brian Thompson wasn't complicit in helping the IC conduct bulk violation of the fourth amendment rights of the entire country, unlike you. He was just a greedy bastard. Your actions, on the other hand, render you a traitor and a threat to the democratic process of the country itself.
It was better. 'Wget' and 'links' worked with most of the sites.
I feel like people here are forgetting the fact just how hostile bad actors on the internet are / can be.
If it's the latter then it reflects the sad truth that we can't have nice things anymoret. I have lots of problems with the accessibility of that box, but either Cloudflare would be implementing it, somebody else would be implementing it, or a huge chunk of data would be unavailable to you anyway because of accidental DDoS attacks caused by irresponsibly deployed bots.
Maybe for you.
But I don't let random unvetted websites run code on my computer. Checking that box requires it.
--childhood bullies
That's like saying that you're blocking yourself when installing an adblocker.
No, it's for safety and hygiene.
> Seems really disingenuous to imply it's someone's fault
That's because it is. I didn't make the web and I don't work on websites. But I have to deal with it because some fucking dumbasses decided they wanted to save some server cycles by offloading all the hard work onto the client and ruining internet safety in the process, while also offloading the cost of power and performance onto users.
So if disabling javascript is what's needed to keep my safety? So be it. If it breaks some asshats' websites, then they're websites I don't want to use anyway.
(Check the box, and get redirected to check the box again.)
I'm using a fairly mainstream ISP in a fairly mainstream country.
I don't get why I seem to have such a hard time. I've kept the same IP for months.
But the worst thing overall is that it just doesn't acknowledge it.
Want to block me? OK. But tell me that! Don't just make me tick a box again and again and untick it. It's infuriating.
"Never happens to me means never happens to anyone"
Also it's quite amusing what if you had got hit with an infinite captcha here then you couldn't post your comment.
I see your point.
> Also it's quite amusing what if you had got hit with an infinite captcha here then you couldn't post your comment.
And you couldn't have hit me with that sick burn ;)
Seriously though I see where you're coming from in that I was implying that there must be something wrong with the original person's set-up that causes this, and that is not the case.
The thing is that while there's plenty of complaining about CF's approach nobody is offering a better alternative.
Not to comment on whether they're actually a monopoly or not (since idk much about CF's market share, except that it's big), but how does this prove they aren't a monopoly? If anything, it'd work as evidence to prove that they are.
It had much more freedom. Currently it's up to Cloudflare to decide whether you will read that article or not. Tomorrow some stupid law will mandate certain ideas to be hidden from children[1] and Cloudflare will happily comply.
Do I need to find another internet access now?
No VPN (unless your ISP is extremely shady, then do use a VPN or change ISP), no overly zealous adblock (ublock origin on default settings should be fine), no JS blocking / weird privacy extensions / whatever, nno PiHole, just what your average, relatively tech-savvy geek would use.
HN readerships's problems with Cloudflare are mostly their own fault. "normal" internet users don't have these problems[1].
[1] except for people in specific countries, and I do feel sorry for those.
> You need to become more like a "normal person."
Isn't in inherently problematic that there is even a definition of a "normal person"? Who gets to judge this? Why do I have to conform? This immediately creates in-groups and out-groups. We should all know better than to allow this to happen. Classification is fine. Probably even needed to help with inclusion. Restriction based on classification can very quickly become problematic.
> No VPN (unless your ISP is extremely shady, then do use a VPN or change ISP)
That's all ISPs by now. You should never just trust any authority logging what you do. What is fine today might not be fine with tomorrow's government and those logs (as much as some might pretend they are not) are permanent. VPN bans will start to pop up all over the place soon and everyone half-paying attention knows why
> no overly zealous adblock (ublock origin on default settings should be fine)
And what is the definition of overly zealous? Chrome has already dropped support for ublock, more or less. Adblocking is directly hostile to the data-hoovering machine. That should be enough reason to use very restrictive adblocking. I am using every filter list there is with Firefox on Linux. Cloudflare's checks are basically always fine. ReCaptcha, however, is a nightmare.
> no JS blocking / weird privacy extensions / whatever
Well, most of the web doesn't work when blocking JS outright. So I guess we've lost that battle. Though I'd argue that things like reader-mode and the ability to just get text content is pretty important to quite a lot of people still, especially those with disabilities. I don't understand the derogatory tone used when calling privacy extensions weird and the 'whatever' part is just a flippant dismissal of an entire ecosystem of extensions and applications that have a right to exist
> nno PiHole
PiHole is soon going to be the only way to protect yourself, considering what Google is pushing for with manifest v3. I don't yet use it, because it's a pain in the ass, but I'd rather have less internet and more control than vice versa
> just what your average, relatively tech-savvy geek would use.
Why do you think that you should be the one to define what or who that is? Furthermore, why should anyone be given that right? What are we really losing by allowing people to have custom setups vs. what are we losing when we don't?
> HN readerships's problems with Cloudflare are mostly their own fault. "normal" internet users don't have these problems
This reliance on the definition of "normal" is problematic, for the aforementioned reasons. You don't know what normal is and having a gate-keeper of this definition will lead to ever-smaller circles of people falling under that definition, until one day you are no longer normal and then what?
> [1] except for people in specific countries, and I do feel sorry for those.
Get ready to feel sorry for yourself in the near future :)
Could you please suggest me some ways in which I can become more like a normal person? Thanks.
Normal people also travel, and ended in those said countries sometimes. Which is the time when you need these things to work from any kind of connection.
Legitimate sites get blocked too, but most governments probably won't care.
That didn't really have to do with the law. You could segue it was a free market action. Though there were definitely legal threats as well. (There's even people here in this thread making similar claims of Cloudflare supporting specific groups/content)
https://blog.cloudflare.com/why-we-terminated-daily-stormer/
And no this is not an attempt to in anyway belittle what Nazi German did during WWII. Assuming the employee you are referring to has never been engaged in such acts, though, that feels like a very slippery slope.
Thats not a political view. Its one of racism and finding genocide acceptable. I would sincerely hope that any sensible person would refuse to hire someone like this.
A person in a workplace can have whatever views they want. Holding a view in no way prevents them from being able to do the work well. Its a different story if they cause a problem at work, but that is viewpoint agnostic - anyone starting political fights or worse at work is a problem.
"How many people in the office do you view as vile subhumans who should be purged from the world because of how they were born?"
Being a Nazi is not a protected status (yet) and you should expect to be fired immediately if you espoused those views anywhere, at all.
By no means am I defending Nazism here, I would take huge personal issue with any holding those views. That's entirely separate from the topic here though, and I don't agree with discriminating hiring processes based on political views regardless of what they are. If someone can go to work, get the job done, and be a net-positive member of the team I have no reason to act against them.
The problem isn't that any sensible person supports genocide, it is that insensible people can get to power and trick normal people into thinking genocide is necessary or not happening at all. They do the former by saying "if we don't commit genocide then they will commit genocide against us".
The problem is who gets to pick who is right and not? The problem is that if you limit the right to limit speech then good rulers won't abuse that power but evil ones will. It's because they are the ones who pick and choose. It's why you have to protect the rights of those you abhor. Because if you don't you build the powder keg of Turnkey Tyranny. Doesn't matter how many signs you put up, eventually someone will light a match. My accident or because they want to watch it burn.
So yes, to protect those groups being persecuted (trans, minorities, and Jews alike) you need to protect the speech of abhorrent groups like Nazis. You don't have to like it. And you don't have to, and shouldn't, protect the actions of Nazis, but you do have to protect the speech. It's exactly why the ACLU has done this in the past because every authoritarian loves to use abhorrent characters to justify overreaching laws.
We're on Hacker News for fuck's sake! How often have we seen the same play but replace "speech" with "encryption" and replace "Nazis" with "pedos and terrorists". It's the same stupid game!
we all do, collectively, as a society
> So yes, to protect those groups being persecuted (trans, minorities, and Jews alike) you need to protect the speech of abhorrent groups like Nazis.
there is actually a categorical difference between advocating the persecution of minorities, and advocating the persecution of nazis. and furthermore it is actually possible and good for a society to say one of these things is bad and should not be allowed, while the other one is good and should be allowed.
> we all do, collectively, as a society
> there is actually a categorical difference between advocating the persecution of minorities, and advocating the persecution of nazis.
Have you ever listened to the right wing talking points these days? I'm not saying you need to believe them, but "know your enemy". They are justifying their hate of minorities by making claims that those people are attacking them. They frame it as self-defense, not offense. It is absolutely critical to understand this, because that's how they have brought people to their side. It is the same way the Nazis did. But again, think carefully, were no one to actually act on said beliefs then how do you know? If you make a "preemptive strike" then you only empower their claims of acting in self-defense. Even if you can justify your "preemptive strike" as a self-defense measure too!
I think you are oversimplifying the problem because you are relying far too much on the obviousness of Nazis being evil. But if you make that mistake you'll have missed the important lesson of how the Nazis gained power and got support from so many people. If you truly believe that evil is trivial to identify then you'll have to conclude that the entire country of Germany one day decided that they wanted to be evil and then the next day they didn't. The ability to flip such a switch would be gravely concerning in of itself, and if unique to Germany then should you not conclude that they should not exist because they have such capacity for evil?
OR you can believe that things are more complicated. That evil creeps and infests. It disguises itself as good, tells you half lies so you have truth to found yourself on (even if that truth is distorted). That the road to Hell is paved by good intentions and that evil can be created by good men trying to do good things.
This is an underlying philosophy to those that acknowledge Turnkey Tyranny. And I say acknowledge, not believe, because look around you. Do you not see these leaders abusing their authoritarian powers? Look at the origins of many of those powers, especially with Trump. They don't all come from right wingers who were playing some long game. He's exploited powers brought in by Biden, Obama, and Clinton, just as he's exploiting powers brought in by Bush, Bush, and Regan.
Evil loves to convince people that everything is simple and evil is clearly identifiable. Why would it not? Do you really believe the snake isn't going to be a snake?
As private entities, we have freedom of association - including freedom to shun certain groups. Use it!
We should aim to reduce discrimination not encourage it for select causes.
Here's the thing, authoritarians use abhorrent groups to justify authoritarian laws. It creates a power creep. Even well meaning rulers will push for more autocratic power with the justification that they can do more good with it. But unless you can place strong guarantees that no malicious ruler can come to power, you should evaluate powers as if they are the ones wielding it.
It's the entire concept of Turnkey Tyranny. A thing we are actively watching being exploited in America and across Europe. Because you can't prevent a malicious ruler from gaining power in a free society, but you can greatly limit their ability to do harm. But this can't be done with myopia.
> ie adult decisions, not built-in traits
And how can you so clearly differentiate between what is and is not an adult decision vs a built-in trait?
You want to introduce additional discrimination at every workplace in order to get rid of viewpoints you don't agree with?! This is honestly closer to Nazi ideology than the actual Nazi would probably be that you want to discriminate against.
How would you ever prevent policies like this from being leveraged against minorities? How could you ever make sure that you are never gonna be a "Catholic church against Galilei" equivalent?
You do realize that such a policy would've been used like 30 years ago to exclude every pro-LGBT person from hiring, after being used against anti-racial-segregation advocates in the decades before and everyone in favor of womans voting rights well into the 20th century?
If you want some totalitarian society that enforces state-sanctioned viewpoints I would kindly ask you to build your own, preferably as far away as possible, because that stands diametrally opposed to the principles the US was founded on.
Would you put a Nazi and a Jewish person in a room every day (or on a Zoom call or whatever) and expect something productive to happen? Well, no. It's a ticking timebomb. If you have an organization with multiple employees, they'll have to be people who can work together. So as a workplace, you need to either rid your employees of their discriminating views or rid yourself of employees who cause problems.
There's a reason I say "ticking time bomb" in my comment. Hypothetical Jewish person keeps kosher for instance. Is that "acting on" being Jewish at work? What about wearing a yarmulke? If that is, how do you rectify it? If you allow yarmulke, is a swastika armband okay? Both are clothing choices depicting "views".
Honestly its pretty insulting to both of the people involved for you to assume so strongly that they couldn't be professional that (a) you never give them the chance and (b) you chose to hire only the one who you agree with (or disagree with the least).
the appropriate level of capital gains tax at the 80th percentile is a political belief that you can tweet about in your personal time and allowing there to be a civil relationship with your colleagues in a professional environment. this is a political belief that reasonable people can disagree with.
asserting the supremacy of the white race is not a political belief that you can tweet about in your personal time while still allowing a civil relationship with your colleagues in a professional environment. this is not something that reasonable people can disagree with.
Today's Nazis have more diversified targets for discrimination. Concentrated antisemitism was a side effect of the personal issues of the most famous Nazi exponent in history, but they're more about racial supremacy. Today they might be Islamophobic more then antisemitic.
To answer to your question, their thoughts and views don't matter in the office, their behavior does. You can deeply dislike a colleague for various other reasons too but the effect is the same. I don't want to be fired because I unilaterally hate, or even love, my colleague. As long as I don't act on it, that is.
I know people working together in the same office where one's grandfather was in the Nazi military guarding one camp, the other's was a civilian killed in that camp. Whatever their deep feelings, they mind their job as expected.
Yes? Such a system already exists and is currently in place in virtually every country in the world.
If I go online and trash talk anyone, that might prevent me from getting hired.
Similarly, if I work someplace, and I call my boss a jackass, I might get fired!
You're trying to invoke "political" as a sort of shield here. No, it's not just politics.
Its called being an asshole. Assholes might be unemployable because that's how human socialization works. Have you met a Nazi that isn't an asshole? Because I haven't. So, there you go.
> Similarly, if I work someplace, and I call my boss a jackass, I might get fired!
Those examples have nothing to do with your specific political views. Both issues there are about how you engages with others and are a reasonable example of why you might cause problems on a team. The specific views you would have shared rudely have nothing to do with the actual problem at hand.
Yes they do - as I've said, you can't invoke politics as a shield.
You can be fired for your beliefs. Politics are a belief. So you can be fired for politics.
If you're trying to say that you can just be an asshole in private - sure. If you share your political beliefs, it's no longer private.
Most companies don't want to hire people they think are assholes.
Ultimately, it's very simple human behavior. I don't want to work with people who suck. You don't either. Okay, so we must discriminate based on politics or other beliefs.
Hiring, in it of itself, is just discriminating. We're discriminating based on skills, personality, beliefs, and fit. That's what hiring is.
There's only a select couple of things we can't, or shouldn't, discriminate on. Politics isn't one of them. If you think black people need to be exterminated or whatever, there's no gun to my head making me hire you. No, I'm not gonna hire you.
> Yes they do - as I've said, you can't invoke politics as a shield.
That isn't the issue at hand. You are describing using ones political views against them simply for them holding those views, not someone being an asshole and attempting to justify it as a political act.
> Most companies don't want to hire people they think are assholes.
Sure, though they would base that on behavioral tendencies rather than a political survey.
> Ultimately, it's very simple human behavior. I don't want to work with people who suck. You don't either. Okay, so we must discriminate based on politics or other beliefs.
Ultimately you're the one worse off for viewing people this ways. Views and beliefs don't make a person suck, actions do.
Or by behavior do you mean that public support of terrorism isn't grounds for an employer to avoid hiring or termination? That the standard for that would be actual terrorist acts?
Freedom of speech is not about protecting speech you find agreeable.
The government can't stop you from requesting a permit and saying it on public lands, though... And back when telecoms were common carriers, you could have done such from your home Internet, now you can only do it from your voice line.
Now of course if they want to provide you the user with tools to filter or hide things you disagree with out, by all means.
Plus, bring proactive saves everyone a whole lot of time and money. So many things would be better if people (and every entity) was just trying to do their best and no one was trying to fuck each other over. You may call it a dream and that's fine, but also remember that the vast majority of people already operate that way. A small number of people do the most harm
https://www.amazon.nl/Black-Earth-Holocaust-History-Warning/dp/1101903457
Several countries have stupid laws around online child protection, that are universally ignored and universally not enforced simply because there is no reasonable way to comply. Others might be tempted to introduce new stupid laws once they become feasible.
That doesn't make it Cloudflare's fault, but the centralization is still a problem.
...right up until you got DDoS'd off the internet by some script kiddie "for the lolz".
How is Cloudflare gatekeeping things? I believe you but don't understand the mechanism.
I also agree that Cloudflare should get all the blame here, since none of their customers voluntarily chose to use them, and Cloudflare doesn't give their customers a huge variety of options for bot detection sensitivity.
Matt Prince personally kidnaps CTOs and waterboards them until they agree to use Cloudflare, and the thousands of configuration options and rule combinations on the WAF are just for show - customers can't actually use them.
What an evil, evil company.
The potential future worry would be if cloudflare decide they don't like the article or you for some other reason, they can refuse to connect you.
These do both rely on your traffic being routed through Cloudflare's servers, but a LOT of traffic is
Those companies that don't comply will be shut down or targeted in some way if the legal order had any political teeth behind it.
There's no way around that unfortunately, short of limiting government power in the first place so such an order would never be lawful.
A company is (usually) operating within the law, and if they wish to stay operating, have to follow the laws of the nations they operate in.
If you're a news site registered in the US or a porn site registered in Canada, with relatively few ties in other countries, you have far much less pressure to comply with unreasonable demands from India or Bahrain. They just don't have that much leverage. If you use Cloudflare, they can put the pressure on Cloudflare instead.
To make matters worse, some governments will demand worldwide removal / blocking of certain content they don't like.
This is what makes the internet so weird and pre-internet intuitions about how governments work so treacherous.
And then it's Cloudflare who's gonna decide whether I can read your article or not.
Already happening, Well its more more "think about the big corps" than think of the children, for now....
And, anything that stops them from doing it, well, you are kind of erased from the Internet. The freedom we had, slowly becoming non-existent now.
Corporates have one and only one target. It is to make money. And this mentality, enables them.
That is how it works LOL, just because someone only has the capacity to compete with a monopoly doesn't mean that the monopoly has competition.
Cloudflare not only blocking IA but asking for money on behalf of the website operator, as a "service"
https://blog.cloudflare.com/introducing-pay-per-crawl/
Looks like The Verge either set up an excessively tight pay-per-crawl policy or doesn't want IA scraping their stuff.
They have detailed stats about the behavior of all visitors, including how bot-like they are and how likely they are to scrape your (their users’) content.
Is it that bad that Cloudflare offers people these choices?
Thats a very bold statement, would you mind elaborating it?
It’s only been downhill from there.
The internet was a lot better place before American mega corporations took total control.
It was mostly neighborhood bulletin boards, fan zines and the occasional shop.
Today there is only bots, bots, bots, political lunatics and influencers dumbing down future generations.
Cloudflare acts as a proxy for dynamic content, thereby slowing down the internet.
Their existence (and success) suggests a lack of infrastructure or solutions (ie. DDOS, CDN) from data centers on their own and by default, what is... sad, as if the data centers were falling asleep without adapting to the times.
Soon we may have this picture: User > ISP > VPN (or proxy) > Cloudflare (proxy) > Server.
Intermediaries are slowness... and in the case of Cloudflare sniffing if they want (if they manage the TLS certs).
It sits between user and origin, often many hops closer, and serves content cached according to rules set by customer.
When you're a CF customer they send you reports on how much bandwidth origin is saving and for me, historically, it's been most of it.
And they do all of it for free most of the time! There's not a lot of cloud providers that I will endorse highly, but I have only love for Cloudflare.
It also keeps hackers from knowing origin's ip which is nice.
At moment you serve dynamic content, you are literally redirecting the request through an intermediary server (from Cloudflare/Homologous to the original server and come back, they are acting as a proxy).
This results in a slowdown of the internet. In fact, it's easy to tell when a regularly visited site has changed and put Cloudflare in between, because it takes longer to load.
> It also keeps hackers from knowing origin's ip which is nice.
Only if you put extra care trying to hide tracks. But certainly it keeps script kiddies from knowing origin's ip, what it is the only one nice feature.
Datacenters should deal with this, but their passivity over the years seems to know no bounds.
Edgecomputing can also help accelerating dynamic content.
Who here remembers exactly the same being said by large swaths of the "technologist" community about Google starting the development of Chrome and Chromium?
It's usually good until it isn't. It's still a company that has to make profits, so when the moment comes when they have to chose between "making money" and "provide good service", we all know what choice companies tend to lean towards.
> To be honest, the internet was worse without Cloudflare, so as long as they provide a good service for their customers, I’m fine with it.
So far.
The problem with Cloudflare is that institutions change over time. It's a slow process, doesn't happen overnight, but it does happen to almost all of them sooner or later. Building institutions that stay good is one of the big unsolved problems for humanity.
The problem with Cloudflare is what happens the day this good guy MITM:ing half of the web is no longer a good guy. We need to at least have a plan for dealing with this scenario, because otherwise this could get very ugly.
Also likely part of why ECH is taking such incredibly long time to see widespread adoption and why it's still quite a shit solution to SNI. As it stands, anyone with network level access can see which websites you are visiting, despite HTTPS.
The guy behind Crimeflare, when it was still available, tried to accumulate a dataset by running his own resolver, which filtered out domains in the zones of cloudflare's known ASNs.
This was actually also part of a lawsuit against lieferando (takeaway) because they're registering domains of restaurant owners and blackmail them into using their delivery service, after they already registered the Google business entry with that cloudflare domain to a call center of Takeaway, so the actual owner of that restaurant has no chance in terms of SEO and google searches that people would find them again.
Anyways, the dataset is pretty fascinating:
[1] https://web.archive.org/web/20210826102143/http://www.crimeflare.org:82/
[2] https://web.archive.org/web/20210826103036/http://www.crimeflare.org:82/cfs.html
Compete on what? I think I saw captchas on sites with google trust services certificates. It's not a google service?
I don't think Cloudflare did anything major wrong, most of what they offer have plenty of alternatives, but Cloudflare is able to do a lot for free which really isn't their fault.
There are complain about its cache's captcha, I get it, ideally it should not discriminate any human user, but IMO it's an economical problem unless we collectively decide what they do is public utilities.
Personal email servers will communicate with each other happily but you need a middleman one for important recipients if you want to be sure it gets into an inbox.
Gmail has specific bulk (!) sender requirements, which to my knowledge don’t include a blanket downranking of residential and „VPS“ IPs (the latter are just datacenter IPs anyways). You need TLS, SPF, DKIM, DNS and reverse DNS entries that align, ideally DMARC and that’s pretty much it.
At one point I misconfigured a relay as unauthenticated and we got abused by spammers for a day. We got put on all sorts of blacklists within hours and got our IPs cleared self-service immediately after fixing the issue.
If you just send emails completely unauthenticated, yes they will be blocked.
Also not sure why you would choose OpenBSD and OpenSMTPD unless OpenBSD is your style. For example I run maddy on linux, which is pretty easy to configure.
https://blog.cloudflare.com/sending-email-from-workers-with-mailchannels/
Today's announcement is a feature offered directly by Cloudflare.
But now they took the excuse of security to act as a MiTM for everything else, when conveniently, it makes for a great business model to just be slapped in the middle of every connection.
The thing where they let DDoSers use them to protect their public sites from rival DDoSers is sketchy as hell, but doesn’t rely on having your data.
Contracts can be and regularly are changed. Ebay, PayPal, Etsy, Google, Microsoft, ad nauseum all have done this many times.
Contract-based protections mean very little if those clauses are non-perpetual and revokable.
Crypto AG's ToS also presumably said "we pinky promise not to backdoor our devices" when selling it to foreign governments, and look how they ended up.
It is possibly the biggest MITM operation in the history of computing. An unbelievable intelligence asset.
Sendgrid recently killed their free tier (100 emails per day) and their lowest plan is now $20/month for 50,000 emails. It's totally overkill for low traffic projects.
With a pricing structure like that it appears they became too tired of verifying/validating users to not send spam. Unfortunately I don't blame them.
The part where sendgrid has to keep figuring out how to make new and improved validation is expensive.
Barrier to entry for (12 * $20) is much higher than $10/year and they figure that was worth the tradeoff of losing small fish customers.
The lowest plan $40/year for 1k emails/month isn’t on the Pricing page, but you can select it when signing up.
Has been a 10/10 experience -- rock solid and extremely good deliverability.
Wish the pricing increased non-linearly though at higher volumes.
The volume of spam (for me) doesn't seem to be decreasing from them, so there's a lot of moles to whack.
[1] Just a guess from looking at the last weeks [2] I know it's automated, but often there's 2 that come with the 2nd one stating it's acted upon, so i'm hopeful.
You can very reasonably and reliably expect spam amount to correlate with the cost of sending said spam or expected return. At any service. There used to be a time where you HAD to check your mailbox several times a week or it would (literally) overflow with spam.
They had it a few years ago, but the company offering the free integration essentially stopped offering the free part. I'm currently grandfathered in to mail channels.
This is neat but be careful using an LLM to parse email content. The demo is a BERT model which is a good but I can see how someone might swap this without realising the implications
Also really nice to see emails from workers, its something I have wanted for a while!
The kind of hoops I've had to jump through to achieve DIY idempotency with Postmark would make you cringe, a shared lock to avoid race conditions, and then using the API to check if an email with the unique id (manually added to the metadata when sending) has not already been sent before sending an email.
Being safe in the knowledge that an email with some unique key will only be delivered once regardless of bugs, processes dying mid task, network issues etc. just makes life so much simpler. The risk of sending duplicate emails or at worst spamming your users due to some more nefarious bug is something that you really want to guard against at as low a level as possible. Sure this might not be quite as consequential as duplicate charges through the Stripe API for example (Stripe have always seemed to lead the way with good API design in this regard).. doThing(data) is _not_ good enough for executing tasks over a network that are effectful, have a cost, and potentially risk your reputation if things go wrong. Idempotency keys should far more widely supported!
This is what I have...
Domain Name Registrar: Dynadot
DNS: Cloudlare
Hosting: Dreamhost
Email: Fastmail
Should everything be under Cloudflare? I think they also do domain name registration and now, soon email. Not sure off the top of my head if they do hosting.
Plus, Dynadot uses Cloudflare for their site, so you couldn't even change your nameservers if CF is down.
A random scatter won't protect you from a service like CF / AWS / GCP being down, and most users won't benefit from protecting from that sort of unlikely and major scenario anyway...
Ideally there would be a setup to avoid having the domain name registrar use a different DNS than me.
I'm more concerned if an over-zealous algorithm or employee shutting down an account and being able to just switch that one service to another company rather than losing everything.
What other "root" email services are there out there? Even Google Cloud doesn't provide one...
Sparkpost to my knowledge is built on SES.
Fwiw, not a knock against CF. I like their products, mostly simple, fair pricing, etc. Just a bit unfortunate commentary on the state of email infra on the internet.
when was the last time you got a reply to an email you sent?
But most people who can run a server should be able to setup OpenSMTPd with the DKIM filter and Dovecot. It's much easier than configuring postfix like we had to do in the past.
To answer a sibling comment, the last time I received an answer is a few minutes ago. The correspondent's email infra is hosted by Google.
I used to run all the components and maintain it (even that wasn't bad), but I changed to mailu[1] about a year ago
[1] https://mailu.io
I don't know why. At the same time they don't want to get rid of the bbdd servers, or the app servers.
Maintaining a email service must not be as easy for them.
The days of people running their own servers are gone because of the shortsightedness and laziness of IT managers. They though the "cloud" would be easier and cheaper, and they are now trapped.
I entertained the idea of running my own mail servers for a while. After researching the topic it turned out that the internet now runs on an IP reputation system. Major email services like gmail assume that anything sent from unknown IPs is malicious.
So it looks like we've gotta be well connected to federate with the other email servers now. A nobody like me can't just start up his own mail server at home and expect to deliver email to his family members who use gmail or outlook. So I became a Proton Mail customer instead.
Where sendgrid=any major player, could be Mimecast, proofpoint or anyone else who will forward outgoing email.
Sending reputation is just as applicable if you're using a third party as if you're hosting it yourself, but much less under your control.
The best way to ensure a good reputation is to obtain your own address space from a RIR. Barring that, you need to choose a provider with a decent reputation to delegate the space to you.
There is the slight problem that RIRs ran out of (v4) addresses almost a decade ago.
How does one do that? And what are the costs involved?
Following the links on that page (or performing a simple Google search) leads one to: https://registro.br/tecnologia/numeracao/como-solicitar/
Before I even start this bureaucratic process, I need to create an actual organization. Then I need to be assigned an ASN. Only then I'll be allowed to beg them for IPs. Once all that's taken care of, I need to tell them things like what the IPs will be used for and what my infrastructure is. If they like my answer, then they'll approve my request and finally tell me what the prices are.
I've been through the process about 10 times now at various companies, and the paperwork (at least for ARIN) is no more difficult than what would be expected to justify IP space from your typical ISP. If anything, the ARIN folks are more responsive and technically competent than your average ISP support agent, which makes the process easier.
You have to buy/rent a dedicated IP address (that you'll be able to keep long term), and it warm it up by gradually increasing mail volume over a few months to weeks. But once you have, deliverability shoudl be fine.
I think the bigger issue is needing to keep on top of mainenance of the server.
I have arrived at the opinion that what I would do if I moved to selfhost would just be to pay some trivial amount for outbound email via a provider like sendgrid as someone else in these comments has also mentioned. Since I send out maybe a half dozen emails a month I don't think this would be a big deal.
But when I relied on selfhosted email several years ago, I was always inundated with spam, which SpamAssassin was wildly undermatched to handle -- that was one of the main reasons I moved to gmail. So I'm curious what people who are happy self-hosting today are using.
I also run SpamAssassin on my server, but I don't believe it ever had to do anything.
Are they? I'd bet 90% of the email in your archive went through Google or Microsoft or Yahoo's servers, and most likely a copy still resides there.
If you're sending to or getting a message from a Gmail account, Google still has a copy.
This is very much a myth. There's a lot of FUD around how mail is "hard", but it's much less complicated than, say, running and maintaining a k8s cluster (professionally, I'm responsible for both at my org, so I can make this comparison with some authority).
Honestly `apt install postfix dovecot` gets you 90% of the way there. Getting spambinned isn't a problem in my experience, as long as you're doing SPF and DKIM and not using an often-abused IP range (yes, this means you can't use AWS). The MTA/MDA software is rock-solid and will happily run for years on end without human intervention. There really isn't anything to maintain on a regular basis apart from patches/updates every few months.
> > The days of people running and maintaining their own are pretty much long gone
Is less about the pieces you've mentioned, and more about reliable delivery without fighting blacklists, ip/domain reputation blackholes, etc.
But in practice, you can find any number of VPS providers, running in local datacenters, with modern self-service interfaces, with at least some IPs that aren't already spam flagged (and you can usually file a ticket to get a new IP if you need it), that are often cheaper per month than AWS, and give full root and everything. Find a service that will help you warm the IPs before you send to customers, and you're good to go!
The main difference is that you're fully in control of the k8s cluster, but no matter what you do, you don't have control over the email infrastructure, because deliverability depends on the receiver. On every receiver you send to.
People say "I don't have deliverability problems!" but how do you know? Most places don't tell you they rejected your email.
> People say "I don't have deliverability problems!" but how do you know?
Because people reply to my emails.. because I email documents to family/friends/landlord/etc and they receive it as expected..
> Most places don't tell you they rejected your email.
Of course they do, this is what DMARC is for.
Except that a managed service doesn't solve that for you. They are no better at that than you are. Email services are better at deliverability than you are, because they spend lots of time building their IP reputations and more importantly negotiating with mail providers to guarantee their emails show up.
> Because people reply to my emails.. because I email documents to family/friends/landlord/etc and they receive it as expected..
I'm guessing you don't confirm every email you send with every person though.
> Of course they do, this is what DMARC is for.
I was involved in the creation of DMARC (and SPF and DKIM) so I know how it's supposed to work, but in the real world, most providers do not honor the "reject" flag and actually send the bounces. Last time I dealt with it was a few years ago, maybe it's better now.
For context, I started my career at Sendmail, and I worked on the SPF and DKIM specs, so I've dealt with deliverability for 25+ years. I also ran my own mail server until around 2009. But I switched to Gmail as my primary around 2008, when deliverability just got too hard. But I still worked on commercial deliverability for years after that.
Granted, SPF and DKIM wasn't widely adopted at that point (and DMARK didn't exist), so maybe it's easier now. But at the same time, most of AWS/Azure/GCP are marked as bad automatically, as well as most home internet blocks.
So if you want to run your own mail server, you can't do it on your home router anymore, you have to rent a server in a rack and get a clean IP that's just for you. That costs $$$.
Well, one time I was unable to send mail to a guy with an ancient @att.com email address from his ISP. I got a nice bounce message back with instructions to contact their sysadmins to get unblocked.
To my surprise, they unblocked the IP of my mail server in a matter of hours.
Where people will absolutely have problems is trying to run a marketing campaign through their own IP. You absolutely will (and should) get blocked. This is why these mixer companies exist and why you pay for an intermediary to delivery your mail.
I do, too. What I don't like is that they became too large and now are effectively in position to gatekeep the whole internet.
The problem is that Gmail will bounce any emails from DigitalOcean IP, even if you sit on this IP for years (so no recent spam), even if replying to someone, even if you registered as 'Postmaster' on Google.
So if you want to selfhost, you'll first need to find an IP that's not blocked to begin with.
So it's hard (to do well)
>The problem is that Gmail will bounce any emails from DigitalOcean IP, even if you sit on this IP for years (so no recent spam), even if replying to someone, even if you registered as 'Postmaster' on Google.
>So if you want to selfhost, you'll first need to find an IP that's not blocked to begin with.
I'd say this is just the thing antitrust was made for. Hopefully some incumbent can get them to court.
Examples being Git/Github, Crypto/Centralized Exchanges, and as per the topic, email.
But I think that it's an important distinction that the base infrastructure is open, and that technically an incumbent could join the fray, albeit with a lot of catching up to do, and mix it up.
Its really not. Everyone can do that (doesn't mean everyone should). I'm running it for millions of emails daily and don't see why I would crappy proprietary service instead.
We are currently running beta tests (really appreciate it if you can join).
All the email service that I could find has monthly subscription, no pay as you go offer. Hopefully, cloudflare will offer pay as you go.
Is there a way to get priority in waitlist? I don't mind bugs.
And eventually it'll be so popular other mailservers will stop accepting mail from any except cloudflare/ms/apple/etc.
I get that most people never feel the discimination and exclusion mediated by cloudflare because most people are just using chrome or whatever standard browser on their phones. But just because one doesn't have the lived experience of discrimination doesn't mean it isn't actively happening to lots of people.
The internet doesn't work if Matthew Prince gets to act as global gatekeeper, or if CloudFlare gets conscripted as the new PRISM or NSA censorship and surveillance apparatus whether they want it or not. Given the profit incentives and intense pursuit of control, it's apparent (to me, at least) they're positioning themselves to profit off of the next big horsemen of the infocalypse opportunity.
Centralized control and gatekeeping of the internet, private or otherwise, should be shunned. Sacrificing that for walled garden features is despicable.
Don't shit in the village well, even if the guy selling bottled water says he'll get you a great deal. There are better ways of doing things.
AI right now can do all of that for you; pay for the best initially, have it do deep searches that meet what you need, and find appropriate contractors and services. Drop down to the plus tier after you get what you need initially, if the $200+ versions are too steep, but you can absolutely afford one month to plan an overhaul that doesn't empty your wallet.
Mandate open standards and bake in flexibility to your organization; pivot frequently and aggressively away from companies and services that don't meet your principles or standards.
Wherever possible use self hosting, decentralized protocols, open standards, FOSS software, and pay for expertise over the massive overkill "but wait, there's more!" the conglomerators offer. Their economies of scale serve to consolidate unearned and unaccountable power, often in cooperation with very shady players.
Yeah, tragedy of the commons, this is why we can't have nice things, because it's hard, and complex, and actual evil people exist who will absolutely ddos sites and exploit every and any opportunity to grift people out of their money. Cloudflare is a well marketed bundle of solutions for real problems, but it's definitely not the only solution.
It's up to you to what extent you compromise on principles - with AI it's becoming much easier to find acceptable alternatives without having extensive domain expertise. Normal search engines are almost completely captured by SEO and big market players, and we have a window of opportunity to use new AI search to find things that defy the status quo. The window will probably close sometime in the near future, but until then, take full advantage and position yourself to not be subject to companies or industries that shouldn't be taking it upon themselves to gatekeep the internet.
Also, yell at your representatives about getting a digital bill of rights, protecting the open internet, breaking apart monopolies, and cultivating what's best for the internet, and the world.
We have to stop pissing away the good for the convenience of the cheap.
/soapbox
We have sensible laws on the books, treaties, and all sorts of agreements with entities ranging from big corporations to ISPs to countries, but they aren't enforced. Just look at how long spam call centers have been an issue - if we start playing hardball and simply shutting off entire regions until providers and governments comply with basic enforcement, we can have a civilized internet.
These botnets are not magic. They're not subtle. They're not ultra-secure beyond the reach of mere mortals to do anything about.
They're allowed to persist for all sorts of reasons, ranging from utility to nation state level threat actors to local ISP corruption and bribery to simple laziness and incompetence.
From the top down, governments merely need to enforce the rules that are already in play. I guarantee if you disconnect large regions of India where many of these sorts of problems originate, the people there will convince their local officials to take appropriate action - and if that doesn't work, we don't need them on the internet anyway.
Same goes for any regional ISPs in the US, or Canada, or anywhere else in the world.
We have rules, let's try following them before we decide on mechanisms like CloudFlare or other centralized controls.
I don't need a solution tomorrow; I need a solution today. And Cloudflare is the "today" solution.
One thing I've grown concerned about, after watching the Twitter migration fizzle out, is we can imitate the old internet on a small scale, but on a large scale it just doesn't work. For Twitter specifically, the outcome was even worse, many users just migrated to other more centralized services or existing monopolies (like Instagram.)
Users are too used to being able to instantly stream 4k HDR 60fps. They are too used to limited amounts of spam. They are too used to having most non-agreeable content filtered. All of this stuff that big tech delivered now is replicate-able at the cost of tens of billions of dollars. The only business model that can pay for that is owning a giant ad platform.
Thinking about all of the issues the EU has had enforcing things like GDPR, which big tech companies largely haven't followed for years or straight up lied to their customers about, along with a possible failure of the DMA now due to tariffs.. and yet on the other side of the Atlantic, the US utterly failed to ban or control Tiktok. Endless announcements of upcoming deals that were either lies (Oracle protecting American's data) or postponements.
Meanwhile, all of the spam, hacking, bots, and DDoS attacks persist and grow, along with layer upon layer of (probably intentionally) poorly written and often conflicting legislation across multiple jurisdictions have truly made it impossible for the internet as it was designed and meant to exist to continue. (Sure you can just set up a basic web forum like you could do 20 years ago, not use Cloudflare, not host it at a major datacenter, and ignore all of the GDPR and age verification laws, but good luck. Hell, it doesn't even sound like it's really legal to run a Mastodon server anymore.)
One small hope is that if internet companies follow any pattern we've seen in other industries, when the growth ends, the managers will switch to tearing the conglomerates apart in to pieces and selling them off. One day CloudFlare might be split in to 30 pieces, along with Alphabet, Meta, and Amazon. But it could be a while.
To quote Raytheon “Morals are cool but 90k/year sounds a lot cooler”.
PRISM and the NSA are not involved in censorship but they do like to ingest a lot of data, the more the merrier. Only certain members of CF would know if they are already looped in and would have signed scary things preventing disclosure if that were the case. I just assume everything going through a CDN is monitored since it is a MitM by design. A long while back Akamai got in a lot of trouble for some of their people selling data to a country in the middle east, I forgot which one.
The way the censorious game works in the Ministry of Truth a sub-committee in the DHS sends private messages to former federal employees that work in high positions at tech platforms and advises them what to censor giving the company a way to say they did not officially comply with censorship demands. I will let the Queen of the internet explain [1]. Letting federal employees message people outside of logged government chat platforms is problematic.
[1] - https://www.youtube.com/watch?v=zdjQWuJeVqE [video][13 mins]
The new email product is built and operated by Cloudflare itself.
If they launch an email service and are as successful, they could become the master of the email (25/465)
So soon, they'll be the master of the entire Internet
To be clear: I don't share this view, in part because Google and Microsoft already are the masters of the email
Cloudflare feels like separate silos, each individually complete and usable. And the “minimum viable path to make-this-work” is usually 1-2 button presses, rather than filling in pages and pages of configs.
I also love that Cloudflare is scoped under each domain, it helps keep my projects separate.
https://www.ai.moda/en/blog/ses-emails-from-workers
Hopefully it’s helpful next time for you!
I am really excited to follow how their Containers platform matures as it is still too early.
That is also an important part of AWS’s retention strategy: for most AWS customers the easiest solution to rising costs is to simply sign a long-term contract, dramatically decreasing their prices (again, Amazon has the margin to spare) while ensuring they stay on AWS that much longer, accumulating that much more data and relying on that many more AWS-specific services. Hotel Seattle, as it were.
Sign up to the waitlist here. https://forms.gle/BX6ECfkar3oVLQxs7
Edit: I see its an email sending service not client.
It shouldn't.
They are not launching a complete emailing service, this is just a service that you use to send emails from an app.
"Moving" to their service is as easy as updating your DNS records so they can be seen as an authorized sender.
> We’re also making sure Email Service seamlessly fits into your existing applications. If you need to send emails from external services, you can do so using either REST APIs or SMTP.
Computers used to be expensive and people had less money back then, so most of the country essentially just directly upgraded to smartphones. Many don't and never used to own a PC outside of work.
But it also just so happens that in both of those countries, you must have your identity attached to any SIM you purchase. So, anything that makes you register with your phone number will indirectly link your real identity to that registration. It must be very convenient for their governments!
Oh i didn't get that email.
Oh spam filter.
Oh so backlogged on email.
I went from hosting my own pop/imap/smtp email to ignoring it almost completely at work and personal for a variety of reasons.
Text messages and chat or X/message boards are all I use now. I have the same ability to deliver messages, content, forward, save, export, and migrate between platforms. The spam in SMS is tolerable at this point.
I hope it's easier to setup then the current mess of needing to use Wrangler to setup the send_mail binding the CF worker console can't even show in its binding list.
Searching their community threads turned up several other folks who had encountered similar silent failures that were never reported on the dashboards or any status page, leading them to question the company's interest in supporting this feature. I tabled that idea at that point as it was not critical.
A few months later, I randomly tried sending a test email again and it just worked. However, the initial experience left a bad taste in my mouth. Could I trust it to start routing critical emails?
Wondering what other folks here have experienced...
I just don’t trust them now. That was a huge misstep.
This is/was already possible. You can just reply to an email from an email worker.
Does the Cloudflare email routing product provide this same capability?
That said, I’m hosted on AWS so maybe I should look into SES as well if I’m going to replace my email sending service.
My statement of "they keep bumping the monthly price" was incorrect, they only did it the one time it appears. However my plan is no longer available and the lowest plan they offer is now $15/mo which makes me concerned they will raise my prices again within a year or so.
Again, I know we are talking about a very small amount of money but I'm not super interested in staying with a provider that will just keep raising my prices while I have such low usage. I'd much rather switch to a pay-per-use-type service.
I think the biggest issues would come down to server-side search functionality though. For very basic services, and even most of common IMAP/JMAP, it could be pretty great. Working on an a major email platform is something I've really wanted to do for a while now. (cloudflare, call me)
Or is this going after Gmail/M365 (personal inboxes)?
So many comments here assumed from the title they're offering a hosted email service, they aren't, they are announcing their own Sendgrid.
Or do you mean if I get access to the beta? I probably won't :(
Yes.
I just shared this with the team:
Today, Cloudflare entered the email sending market.
While I didn't expect this to happen today, it didn't come as a surprise either. It was never a question of if Cloudflare would add an email sending API, but when. Back in 2022, they introduced Email Routing, and it was only a matter of time until they added the sending part.
Some people will see this and will want to migrate off Resend, others will say we're dead. The reality is that they are after our target audience, otherwise they wouldn't create an example showing how to use React Email on their announcement post.
Still, I truly believe this is good news. Here's why:
When Cloudflare introduces millions of users to their email API, they're creating our next users. Developers will run into limitations and will want more from an email service. They will need bulk sending, advanced templates, no-code editors, and a lot more. That's where we step in.
Email is not a winner-takes-all kind of market, and that's why we've been able to enter such a competitive space and still thrive. Competition is good because it forces the best product to win.
We cannot let our guards down, and lose our sense of urgency. The bar is higher for us right now, but if there's a team that knows how to increase the bar, that team is this.
Open source and available here: https://xmox.nl/
If really concerned about deliverability of transactional or marketing email messages, then relay through one of the many bulk senders.
adding yet another cf product as a single point of failure is not good.
So far I have used Resend, Sendgrid, Loops (for a person throw away project so don't have good exposure) but I found Resend the most easiest, convenient and straightforward. Especially their React Email library made it so easier to compose emails using React components. I really love that. Back then we had to manually craft HTML emails, worry about inline styles, and constantly test across different clients, which was a pretty painful process compared to how smooth it is now with React Emails.
One key part of my workflow is validating emails before sending so I'm not blowing up my bills or getting labelled as spam. And since Resend doesn’t support that natively, I'm currently having to use Emailable’s API to check if addresses are actually deliverable. Having that built-in would be a huge plus. And I know it's not usually something that email providers should care about but it would be so much better if Cloudflare makes this a native offering.
Something like:
- Blacklists/whitelists and wildcards
- Phishing detection
- Spam digest/rollup spam into single email every day with buttons to release
- Virus scanning of attachments
- Replace inbound links with hosted link previews/malware scans
Strategically looking to get off the MS email stack, but this is a big part of it.
One thing to note: while the website mainly talks about multi-channel notifications, MailTrigger is actually more like IFTTT or Zapier, but specialized for email — when a message arrives, it can trigger smart, programmable actions. You can turn your existing email system into an IFTTT-style automation engine. It supports JS and WASM for preprocessing and routing, so you could, for example, auto-reply with an LLM-generated joke or handle customer support queries dynamically. The website might not fully reflect this yet, but the docs are more complete and show what’s possible.
But I'm more interested in seeing how they'll maintain clean sending IPs.
I have a feeling they grossly underestimate how difficult this will be.
I will not touch this with a 10 foot pole for a few years while they iron out all the kinks.
Can't wait for them to get involved in email... looks like I don't have to!