I apologise if there has been some sort of misunderstanding. When I first launched the site I publicised the fact that it was in open beta whilst I was ironing out any obvious bugs and testing things out. I also had a banner message in the settings page stating this.

The message stated: "You are currently on a Free Pro Subscription as a thank you for being a beta tester. This free subscription will come to an end on 5th December 2019. You can still start a subscription now if you wish to support AnonAddy."

When the site's open beta came to an end I sent an email to all those who had signed up. As a thank you, this email let all users know that they would have an additional 3 months to continue using all the Pro features of the site for free.

I then sent 2 more emails shortly before this free subscription came to an end which is shown in your screenshot, giving users the choice to update their emails if they didn't wish to subscribe.

I have also offered all beta users a discount on both Lite and Pro plans.

Let me know if you have any other questions.

Best, Will

Thanks for your reply and your service. Done.

I actually use the database to store all the different aliases, then Postfix does a database lookup to see if they exist or not.

Fair point, I'll try to emphasise the ease of alias creation instead going forward.

I haven't used it myself but I think Privacy.com[1] does this.

[1] https://privacy.com/

Great stuff! Let me know if you have any questions.

I'll have to do some further reading on this. Do you vaguely remember where you read this and why it was not allowed?

I feel like it was either here on HN, or on some article linked here, a few weeks/months ago. But I could be wrong... vague recollection at the moment. I don't think the reason was mentioned explicitly but to me it's pretty obvious that it would be a question of accountability.

Thanks, I do have a small number of instructions for self hosting[1] they're still a work in progress and you'll need to know how to manage a server from the command line etc.

A few users have asked for me to create a Docker image that can easily be deployed, however I'm not familar with Docker so I'll have to learn how to do this first.

[1] https://github.com/anonaddy/anonaddy#self-hosting

I agree there may well be some challenges along the way but I'll do my best to prepare and prevent them. I'm always reading and learning more about the best measures to have in place for the server.

Thank you, hopefully I'll be able to stay sane!

My mail server got blacklisted because of backscatter. That is where the sender sends spam to an address that doesn't exist on your server, but they also forge the "from" address, so the "this message could not be delivered" response, complete with the spam message, is sent "back" to the forged address (the spammers real target)

It took several months or a large payment to the people maintaining the blacklist for my server to get unblocked (it wasnt critical so I didnt pay). Seemed like extortion to me, but Google and others respected this particular blacklist.

Im not sure if this list still exists. It was on the blacklist checking websites at the time

Which blacklist was it and how much did they charge? I have always wondered which are more mafia-esque and which less, as they all act so innocent but are also so adamant about hiding their pricing.

It was backscatterer.org. I seem to recall it was in the low hundreds, but it was quite a while ago now.

I'm guessing backscatterer.org

The fix is to configure your MTA so that it doesn't send backscatter

It was backscatterer.org. I don't recall how simple the fix was, but I couldn't find much information on it at the time. The list appeared last in the blacklist tools so I figured it was a fairly new thing.

How can you know when you're about to send a bounce to a backscatter? I'd love to know this!

Sorry for the extremely late reply, but you can test using http://its-netzwerk.com/bscatter/

Alternatively attempt to send a message to a nonexistent address on your MTA using telnet which should throw an error after "RCPT TO" if the server is configured correctly Steps to test SMTP via telnet: https://my.esecuredata.com/index.php?/knowledgebase/article/...

Thank you for your reply. From my understanding, what you suggest is that a backscatter uses a return path email that does not exists?

My understanding was that a backscatter uses an email that is not his, in order to deliver a message without sending it directly (and making the bounce server act like a spammer).

Am I missing something?

Here is a good blog post [1] that explains backscatter and some ways to help prevent it.

[1] https://willem.com/blog/2019-09-10_fighting-backscatter-spam...

Thanks!

It really doesn't take much at all to get blacklisted by Gmail or others. Companies like MailChimp have agreements in place with Google.

Unfortunately, mail delivery is far, far harder than it should be.

> Unfortunately, mail delivery is far, far harder than it should be.

However, we still receive spam e-mails to our inboxes.

According to a friend at a large ISP who engineers their anti-SPAM, 93% of all email they receive is SPAM and dropped before routing to your junk folder. So for each 1 you receive, several dozen were sent to the bit bucket.

I work for a company that sales anti-spam and this is absolutely true. It is an unending battle between spammers and the people building the filters. We are also constantly getting RBL'ed by groups including Google and Symantec who know who we are as we have had business agreements with them in the past.

Anecdotal but I never receive spam in Gmail, neither in my GSuite inbox nor Gmail.

Also anecdotal, but I get maybe 1 spam/month in my GMail inbox and the same amount in my fastmail inbox.

But how many important real mails have you lost because you didn't check the spam folder?

I use SendGrid and STILL have to ask major companies to fix their spam filters.

I trust that you've planned for the inevitable demands from criminal investigators. And perhaps seizures.

Example: https://cock.li/transparency/

Could you please stop posting links to your company? You've been overdoing it, which is why your comments are getting downvoted and flagged.

Or maybe do not contact him at all. I am not sure he'd appreciate the spam.

Thanks a lot.

The other pages e.g. the blog, FAQ, posts etc. are just very simple layouts along with the nav bar and footer.

I'm using Jigsaw[1] which is a static site generator that allows you to use Laravel's blade templating engine, it's awesome.

The admin interface I made myself using a few Vue components, it is a reasonably simple layout to be honest.

Yes the account site where you login (everything at app.anonaddy.com) is completely separate from the landing page (anonaddy.com).

The first is a Laravel app, the second is a static site. They both have different repositories on GitHub. Feel free to browse through all the source code to get a better understanding of how it works. Just let me know if you have any more questions about it.

If you are looking for some help or inspiration with UI design I highly recommend the Refactoring UI book[2] by Adam Wathan and Steve Schoger.

[1] https://jigsaw.tighten.co/ [2] https://refactoringui.com/

Yes a few other users have mentioned integration with password managers. I agree that would be extremely convenient, but this would obviously be up to the password manager to integrate it using the API.