I genuinely fear the future of email. Email is still the only piece of communication you can own, from top to bottom, from running the service to owning the domain[^1] it runs on. You were able to send anyone email, regardless of rank, location, social status.
Google (and recently, Outlook) is taking all of it away. It's putting mail from people not on your contact list in spam[^3]; it's by default blaclisting IPs within certain range[^2]; now it's bringing it's own format as well.
Is this embrace, extend, extinguish, Google style?
[^1]: let's not get into the problem of DNS never really being owned, only rented, for now
I run my own mail server and Google - for once - seems to play reasonably nice, it is Microsoft and Apple that are the harder cases, in part because they outsourced some of their vetting to third parties.
I've been mulling switching to Google or some other email provider for a long time and I still feel that this is the last bit of corporate independence that I'm willing to give up. Our mail is ours. I don't care of the counterparty is using gmail or whatever other flavor of cloud services they care for but running your own mail server should be a first test of whether or not you are an IT business or not.
It borders on the ridiculous to have to outsource something as essential and confidential to a commercial provider in another country who only entered the scene about a decade after us, especially because I see those commercial providers as the biggest part of the problem to begin with and this feels like rewarding them for their abusive behavior.
A snail mail analogy escapes me but it would involve sending your post all the way around the planet first before dropping it in the mailbox in the next town over, with some random elements for delivery or non-delivery thrown in for added amusement.
All this gives rise to some frustration on occasion, it is no fun to have your legitimate email classed as spam for reasons not under your control but so be it, I'll take that over giving up autonomy.
Google 'AMP' for email is yet another step in the wrong direction and I'm sure that it will get a lot worse before it will get better but at some point I'd hope that people will wake up to the fact that all this consolidation of power is a negative thing.
The core problem jacquesm is that we have n-to-n communication with email, no fiscal burden to fire up an email address, and the asynchronous nature of the platform means that its just the perfect target for spam and social engineering.
If you want to fix email you can, but it would be better to fix the internet first. Communication should be over an encrypted web of trust. Once you have that then email easily bolts right on. The only thing holding back this change is that the business model of the internet is rooted in surveillance because the web is largely monetized via advertising.
In the mean time semi-bridged walled gardens are going to be the answer to the growing hostilities on the internet.
I seriously don't understand why you are using such a fear-laden apocalyptic language to describe minor technical issues. Email really works for me pretty fine. And internet too, btw.
Google/Microsoft didn't kill email, spam did. Google/Microsoft then salvaged from the abyss something largely similar to email, but with some limbs all but severed.
Spam put centralised commercial e-mail ( ISPs and web-mail ) into critical condition until the web-mail hosts reacted to save themselves.
But as for the little folk who are less of a target: I have run my own mail server for 18 years and can't imagine I've received more than 100 spams in total. And that is without any defences other than SPF.
ISP e-mail, well that is certainly spammed to death but probably for the best as it was only ever a hook to keep people trapped in sub-par services.
I also run my own email server, and I've received 400+ spam emails this year alone, just from the eBay leak of 2014 :) Thankfully I use a different address for each service, so I blackholed that to the spam folder and created a new one.
I have a personal domain on Gmail, and my spam folder currently has 105 messages in it from the past month. Two are mis-filed mass mailings and one is from a mailing list that I think I was once legitimately on, but which has refused to unsubscribe me. The rest are from russian women who thinks I'm sexy and a few from the Nigerian central bank (that's apparently still a thing, who'd have thought).
These are the emails that are not related to me being on a centralised commercial host, and they all made it past Googles ample defences.
That tells nor about the state of alleged defenders than state of email. 2009 vintage spam filter (CRM114, OSBF, extra weight on headers) is easily much more accurate in all senses than GMail alleged spam filter. The problem with GMail is it uses some generic idea of unwanted mail that never correctly applied to the mail you receive in the first place - to save space on personalised filters and speed up processing. Oh, and to extract global statistics.
Email is already fucked. In my experience Gmail often failed to receive emails from services like Yandex and Zoho. Plenty of people here that setup their own servers, and know what they are doing, getting randomly blacklisted.
Maybe it's fine if email is not central to your life or business but if there's even a, let's say, 10% chance of my emails not getting delivered to Mr Google I have no other option than to bend the knee.
It's a tragedy. The people who designed SMTP went to insane lengths to make sure mail was delivered. The people who initially implemented it did the same. Then the "free" mailbox providers fucked it all up. I host my own email, and I now have no clue as to whether it will be delivered.
I have everything properly set up, and wasn’t blacklisted once in any service since 2002.... until 3 months ago, when Google decided to blacklist my domain, but only randomly (e.g. mails sent to same person on same day get delivered to inbox or spam seemingly based on a coin toss).
The only clue I have so far is that in some discussion, it was mentioned that google penalizes a domain of a lot of different emails from it get forwarded to google - and I do have my catchall forwarded to a gmail box.
We now live in a world where google can make you and your communication channels disappear, and they don’t really answer to anyone.
That requires hundreds or thousands of emails from your domain per day to show anything - which is useful if you run a major service, but for the use case of "every person hosts their own email", it’s not exactly useful.
The only reason they can do this is because of the abuse of email. Getting email from everyone means getting email from every spammer every day. Anyone could stand up their own email server, or grab a new address from their ISP or Yahoo or a zillion other free/cheap email hosts. But Google dominates because they reduce the amount of crap their users have to put up with. Blacklists are a feature that users seek out.
We've crowdsourced our adblocking lists without much of a trouble, so I don't think that we would have some problems with doing the same for spam accounts (or domains).
On the other hand, you can't easily import an email blacklist as you can an adblock list, so there's a problem that will never get solved in popular email hosting providers.
Whitelisting certain IP ranges/domains/whatever will never get us to our goal. Making sure the spam filters are 100% accurate is too much of a task for one company (heck, just this week, I missed an email from the embassy because the Zoho filter thought it was spam).
We've proven that crowdsourcing works already, but there are some nitpicks to be solved (what if an email account gets hijacked and later on returned to their original owners?), the biggest one of which is for Gmail, Outlook and others to support the import of such lists instead of mining data (something they're unwilling to do).
And yet I still use email because I am no longer inundated with spam thanks to the likes of Google and Microsoft. Without them I'd have given up on email altogether.
I run a mailserver with bogofilter, which, with a few months of training, is surprisingly effective. Before that, dspam was also very effective. Spamhaus makes a decent effort on providing blacklists.
I don't see what google and M$ is bringing to the table, apart from pain for indie (still validly configured with DMARC, DKIM, SPF) mailservers.
> I don't see what google and M$ is bringing to the table
It depends on which perspective you're using. A company paying staff to host private mail infrastructure? Individuals who aren't in a position to take on that workload and/or those who choose just not to?
Google and Microsoft are providing fairly effective spam and malware filtering to the masses with options to classify emails using at most a couple clicks. That's pretty much out of the box experience and doesn't involve setting up and training Bayesian filters for months.
For the longest time Gmail offered email threads that were more intuitive than implementations found in other email clients with sent messages presented in related correspondence. Although other clients and webmail services seem to do that now as well.
Using free services is a trade-off but individuals who choose to partake clearly benefit in some ways.
I don't use gmail but I have an email address from Microsoft (which is not m'y main one) : outlook.live.com does a good job filtering newsletters or promotionnal emails, or other terrible marketing practices, from individual ones, but it's not espacially performant when it comes to dealing with spam or scams. On this address I have a «please log in to your PayPal account for safety reasons blah blah blah» or «come buy our absolutely legal drugs to boost your performances» every three or four legit emails.
Google and Microsoft certainly did not help, but let's not forget that many of these features were made to combat spam which got more sophisticated over time. Having all mail delivered all the time, trusting everybody on the web and so on was fine when internet was for enthusiasts. In today's environment, however, plain old e-mail has insufficient protection and overly optimistic design.
Bayesian filtering is surprisingly decent, if it has a feedback loop. Trust by default, and let users train spam filtering, based on a generic, prepopulated filter database.
Did not help keeping the e-mail decentralized. They did help against the spam. Well, at least google did. Microsoft hotmail was doing spam filtering almost exactly the opposite way it should work for so long that I have completely given up on it.
Google didn't "solve" spam at all, they are just playing rough. The jail sentences for spam network operators, the the shift to ddos/mining/etc of botnets, and user awareness, bitten by spam helped, but not solved. You probably used a crappy provider, with no feedback loop for spam before.
I experienced [^3] as well, but every time I dug into it, it was due to misconfigured mail servers like missing SPF records.
Unless somebody has proof for it, I guess attributing it to a poorly explained AI black box instead of malicious intent is more sensible, similar to the "Facebook is listening to conversations and showing ads accordingly".
Why is it the only form? You can certainly run your own IRC or Jabber server or something. I don't understand why you think only email can be run top to bottom.
Unfortunately email became stupid a long time ago. Partly thanks to braindead clients like Outhouse and partly thanks to Gmail. Remember when Gmail came out and they advertised "threads" as a feature? Yeah... we had threads before Outhouse et al. proliferated enough to make them useless.
And don't forget the way those clients make you "quote" previous messages.
Free software mailing lists still make email nice to use. Simple, plain text and intelligent.
Threads that don't play nice with any other e-mail client, where Thudnerbird drafts would just fill up your thread history to the point it wouldn't make sense.
And terribly broken IMAP support that wouldn't use IMAP labels, but instead transfer a separate copy of an e-mail to multiple folders if it had multiple labels.
I thought Gmail was amazing when I first got it, and by 2012 I started running my own e-mail server when I realize it was a usability nightmare.
As long as the majority of people are relying on emails (regardless of the use case), it ain't dead.
Even if you don't use it to communicate to other people, you're still relying on it (for example, you forgot some random password), making it impossible to get rid of.
Nothing replaced it, and nothing will replace it for the next decade. Not all people on the Internet have a Facebook account where they let anyone in their friends list, and not all people on the Internet have a phone number that they are willing to give publically (for WhatsApp/Signal/any-mobile-first-IM-solution).
If you try reaching me online, you won't find my Facebook account on a search engine (nor on Facebook, unless we have some friends in common), and you won't find my phone number easily (unless you already have me on Facebook as a friend). You'll find my email address easily though, and that's why it'll remain relevant.
Same could be said for pretty much every GitHub user (that's why email addresses are right on your profile by default), every academic that has his own website, most of HN users (just take a peak at random profiles) etc.
Little communication software out there can be made as secure and resilient as email.
Two people out there can run their mail servers on a laptop or a raspberry pi. Email is easily encrypted with TLS and GPG on top.
The initial setup for this could take less than 2 hours.
Bonus points: everything could be run from a *sh shell, 1 CPU core and 128 RAM is quite enough.
> bad tooling and software
Postfix (and HAProxy for that matter) are some of the best pieces of software I have the pleasure to work with. Very good docs, I personally haven't seen them crash and have a way to never take you by surprise.
If email is so insecure, how come almost every service uses email as a recovery tool?
There must be hundreds of thousands of very valuable accounts that could be accessed if you had access to someone's emails, so why doesn't that seem to happen?
You two are totally missing to use the threat model approach to security.
Email is "secure enough" for common people, whose threat model isn't high. We have Google and Microsoft to thank for that primarily, since they're the ones that pushed 2-factor auth, encryption in transit (HTTPS) and other features (that later on got implemented by all the email providers). Those features themselves would mean nothing if they weren't incorporated in the biggest free email hosting solutions.
Email is "completely insecure" to those who can't trust a third party (like Gmail). It has GPG on top of it, which is nasty to use from a user's perspective. Meanwhile, even if you do all the things perfectly and never screw up, you're still not getting the same level of protection you would get from using Signal (as a solution that doesn't retain any metadata), whose user experience is out of this world compared to GPG.
Email by itself (as a protocol) is far from perfect, but you can have other mechanisms to improve on top of it where it falls short (while some other things, like metadata retention, are deal breakers). You can still host your own email with almost all the bells and whistles offered by Google/Microsoft, so you have that going for you.
On the other hand, even if you have the greatest and most secure emailing server imaginable, you would still be communicating with others who don't use it, and you're relying on them having some strong security mechanisms as well. Therefore, it's important for Google/Microsoft to make these improvements on top of emails as well.
So, if we're talking about email as a protocol, not secure enough for 21st century.
If we're talking about email as an end product, then yes, it's secure enough (under the assumption that you're using some well known email hosting service).
Can you just mine my data unobtrousively instead of screwing with every service I stupidly provide my lifes details? Already migrating, not because of the obvious privacy issues, but useability. How can a company that profits by knowing what people think and talk about, see so little of the house collapsing around them? Even free isn't cheap enough, it has to work.
I think I speak for a fair number of HN readers when I say, Literally everything google offered 10-15 years ago was better. Talk, gmail, voice, search (with booleans!). Its all a wasteland now, begotten and forgotten for sweet advertising and big data deals.
> I think I speak for a fair number of HN readers when I say, Literally everything google offered 10-15 years ago was better. Talk, gmail, voice, search (with booleans!). Its all a wasteland now, begotten and forgotten for sweet advertising and big data deals.
Eh... I think you should speak for yourself and convince with arguments instead.
How are these products worse? Search gives much more relevant users, pretty much killed SEO as a thing, now using page size and performance as metrics to push mobile-friendly websites higher when you're on your mobile.
Gmail is just significantly better in every way.. including privacy: They stopped using emails for ads. [0]
Of course, RIP Google Talk, but Voice is much better now, with a VoIP option coming soon.[1]
Well, since Google Voice blocked at least one of the US tribal community colleges to save Google some money, I cannot say I was ever a fan. It pointed to me a lack of any sense of empathy. I know we talk about Oracle being a lawnmower, but Google has a lot of parts that trend that way.
With AMP for Email, Google is keeping users within Gmail when when they’re interacting with your website or service.
The strategy of Google / AMP is clear: using its monopoly to convert the open web into properties of Google.
AMP is as “open” as Adobe Flash (Flex, etc) is open. Sure, it may he open source, but it is encumbered by license keys (see: AMP Cache), special privileges (again see: Google search cache), and development totally in control by Google.
I wonder what this will do to third party conversion tracking. Email is a primary marketing channel for many businesses with Gmail as a primary email client of their audiences.
Which is an absolutely massive advantage for them from an auction pricing standpoint (knowing more of what people are willing to pay), and competitive standpoint against the likes of Adobe and others.
For those who are frustrated by this, if you can, please show others that there are other options (just like you have done with DuckDuckGo) and switch to any of these (listing only those that are cheap enough to have multiple mailboxes without spending several hundred dollars a year):
1. Posteo.de
2. Mailbox.org
3. Tutanota.com
4. Protonmail.ch
I know some people can run their own setup. The above are for people who cannot or do not want to do it.
I've heard many people say good things about Fastmail, and I'm sure its worth the praise it gets. But I personally don't recommend it because it gets very expensive if you need more than a couple of mailboxes. The services I listed, at least Posteo and Mailbox, are significantly cheaper for those who need separate mailboxes (not aliases on a single account). I moved from Gmail/Yahoo more than a year ago for just two of my primary mailboxes (one personal and one shared) and it costs me a fraction of what a single mailbox on Fastmail would.
Why the negativity? If google doesn't innovate in open web technologies, then closed systems will win, in this case Slack. Sure, bummer that they used the much-maligned "AMP" name and double-bummer that they didn't build a coalition among email client-writers first, incl Outlook.
My assumption us that AMP4email will get replaced by a truly-open standard (aka multi-vendor support), following the same path as Google's early R&D efforts in browser local storage and improved networking.
Google: what I'd really like to see is a way to authenticate between email sender-receiver (perhaps a one-time, OAuth-like dance with a website?). In addition to nuking certain forms of phishing attacks, users could [reasonably safely] conduct e-commerce inside the email client (much faster, more consistent etc)... kinda like wechat, etc.
> If google doesn't innovate in open web technologies, then closed systems will win
Besides the question of relevance (why do we care about web technologies in email, when studies have shown that most people prefer plain text, anyway?), this sounds like a straight up Appeal to Consequences.
I read the post and I have still no idea what is this about.
They say that the spec is available. But where? They link to https://github.com/ampproject , which is just a list of projects, none of which seem relevant.
I noticed that AMP has recently started adding 'apps' to my launcher in Android. I visited Vimeo.com in mobile Chrome and then suddenly a Vimeo app icon with a little AMP symbol showed up in my launcher without any opt-in.
I think that's Android instant apps, not amp. It's a new Android feature that let's you use supported websites in their native app without having to download the app.
I'm not sure why it showed up on your home screen; it's not supposed to do that. What phone/launcher/Android version are you using?
My guess is owning the user time, e.g if you read article via AMP you don't even visit the original website anymore. Same with providing answers directly in the search results.
The long term benefits are that they stem the bleeding of everything moving inside mobile apps. They need content on the web to remain useful and developers have shown they're unable to make good mobile experiences themselves.
I think this particular move is more tactical than strategic. I think it provides a better experience for users and keeps Pinterest, one of the main AMP users, happy with Google.
Get 'em hooked on something 'free', then monetize it. Rinse and repeat. Just like they are building a browser that only blocks the 'annoying ads', now they are designing their email to let advertising through. So much for 'don't be evil'.
Things can be both monetized and 'free' and I don't think it necessarily has to be evil simply therefore. What I'm curious about is how they intend/could monetize it?
AMP is afaik an open web format, what's the "get 'em hooked" part here? Is it just a defensive play against Facebook's Instant Articles?
It's amazing how the world's largest internet company cannot build a good blog. I don't know why Google is so insecure it thinks it needs to resort to the same tactics used by third-rate blogspam sites to keep users reading their blog posts.
This is what the site looks like with both sticky bars open on my 900px high screen. This is atrocious. https://i.imgur.com/o5hcENG.png
I use e-mail just as much today as I did 10-15 years ago. Some communication takes place in real-time messaging services, but e-mail is still useful for long-form communication, and less timely messages. IMing can't replace e-mail for me for all purposes.
My experience has been similar. IM is nice for quick questions when the other user is at their desk, but for anything important it has to be done over email/paper.
The Google post mentions a report in which they claim that 270 billion emails are sent per day by 3.1B users, and usage is still increasing.
Slack, with 6M daily users, is not even close.
I'm not limited by characters. Sending an image doesn't cost a fortune. It's much easier to attach files like zips, and to extract them on the other end.
What's the advantage of SMS? It just seems like a poorly stripped down email service, with more control from carriers.
I am very down on AMP. I did indeed think they would try to embrace and extend the web to be inside their own walled garden. If I was a publisher who didn't control my content or even Pinterest I would be genuinely terrified.
> AMP for Email will also make it possible for information to easily kept up-to-date, so emails never get stale and the content is accurate when a user looks at it.
So it seems like a regular webpage but within Gmail.
So this is just blantantly breaking email for non Gmail clients is sounds like. I was actually already thinking or trying anther email provider out of curiosity anyways. The problem is gmail is already so locked into my phone and everything. I can't even completely remove gmail from there either.
Meta: My top two stories on HN right now are Google press releases. Just rename HN to Google News are be done with it.
FWIW, Google stories are almost always newsworthy, and hence, belong highly positioned on HN. Though from the comments, at least on this one: Most of the comments are negative/critical.
And based on Google's prioritization of AMP results in search, I wonder if they'll offer some sort of benefit to emails supporting AMP? If so, spammers will be the first ones on board.
Want to see some examples of the most fully configured SPF, DKIM, etc records? Look at spam. The big boys take advantage of it all.
Would I be able to unsubscribe directly from whatever marketing email I received instead of marking it as spam and have Gmail AI suggesting me to unsubscribe or me having to go to the unsubscribe web-page of the marketing campaign?
I wonder if there is some part of the tech stack Google is not willing to mess with, imposing solutions because of the user base and not necessarily by technical merits and sane complexity/gain balance.
Does somebody know what is happening with Inbox by Gmail? Every new feature seems to be done with Gmail and Inbox seems like out of development or dormant.
The spec for at least one MS-Word format is open, too, but that does not mean I would like for every email sent to me through gmail to be in that format.
I interpret this announcement from Google as a sign that the default format for emails sent from gmail, which is now basically plain text (and HTML via MIME's multipart/alternative) will some day, when Google is ready, change to some complicated thing that requires the user to consent to Javascript's running on his machine before he can view his message, same as it is now for web pages.
It would be prohibitively tedious for me to persuade everyone who send me email through gmail to go into gmail's settings and switch the format back to plain text. And even if I succeed, Google has at its disposal various dark patterns, e.g., resetting the setting back to AMP every now and then (which please note would not be noticeable by the sender unless I tell him).
I guess not everyone is having tens on gigabytes for 5€ like me, but hell, even if the megabyte is more expensive than gold in some fucked up economy does that mean everyone should sell their soul to google and the likes?
1.Everyone need not sell their soul to Google but the majority did it
2. The same argument stands for Facebook. I wish there was a neutral platform but...
3. I wish someone like apple will take on AMP or search or cloud storage or cross-platform email but apple is interested in keeping people locked. Heck, I can't reliably find a client for pics, calendar except iOS or macos device...
And just yesterday I was searching for a way to get further away from AMP.
For now, the only way is to always ask for the Desktop Site when I search. Unfortunately, iOS Safari doesn't allow me to set this per site and I have to do it manually every single time I search.
Google (and recently, Outlook) is taking all of it away. It's putting mail from people not on your contact list in spam[^3]; it's by default blaclisting IPs within certain range[^2]; now it's bringing it's own format as well.
Is this embrace, extend, extinguish, Google style?
[^1]: let's not get into the problem of DNS never really being owned, only rented, for now
[^2]: https://wiki.hetzner.de/index.php/Microsoft_Blacklist/en
[^3]: only experienced it, friends did as well, but I don't have proof.