Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


mxroute.com vs mailcheap.co - Page 5
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

mxroute.com vs mailcheap.co

1235

Comments

  • MaouniqueMaounique Host Rep, Veteran
    edited March 2017

    I am actually agreeing with this guy, which is kinda unexpected.
    OK, let me put it in some points to you, @mailcheap:

    1. As long as you CAN read the emails, someone else can. Be it governments or other criminals. In some cases they may bring a (regular) court order, in others some gag order and just seize everything. Criminals wont bring any court order, nor the government people if they feel lazy that day. You wont even know you are breached in most cases.
    2. SSL did not stop yahoo from being breached and them pretend to not know for many years, nor heartbleed bug or the recent cloudflare bug which exposed some very sensitive data. Do I really need to continue to explain these things or you can give me an assurance you haven't lived under a rock for years and actually know about those things?
    3. If you do know about those things and some random guy named snowden, a random site named wikileaks and many other traitors and rapists in the news lately, then how can you actually say with a straight face you believe in the rule of law and honesty of mankind?
    4. If you still don't get it, I will explain you why you do NEED to have the data encrypted on your servers:

    a. Plausible deniability. This roughly means that, when the government comes to seize the servers you can tell them you have no idea what is there and they cant check for themselves, even if they don't believe you, nor can prove otherwise. The hypothetical crowbar wont work either.

    b. You cannot give them something you don't have (encryption keys) since only the end users have them, you can at most assist with the salt generation method, the encryption algorithms and some minimal accepted strength of the key. They might force you to put a backdoor some place, but, by that time, you will already know this game, assuming, by a remote chance you really lived on mars last 10 years and have no idea what I am talking about.

    c. If criminals or government ones do manage to break the ssl, whatever, they will still not get anything, except some encrypted blobs, because the data is encrypted end to end, not only in transit, as you may seem to think it is enough.

    d. A datacenter can and will cooperate even without your knowledge, your servers may have listening devices attached, but, if the data is encrypted end to end, will still be of no use, just probably collect some IPs so they will know someone is talking to your server, but not what they are actually doing, even those IPs could be fake if people access the email over Tor or something else.

    e, f, g, etc we can go on forever.

    TL;DR Encryption covers your ass too, it may be impractical in some cases, however, saying it is not needed or wrong in this day and age is irresponsible at least and criminally negligent at worst. The times of "you dont have to worry if you have nothing to hide" are long gone, even @Aldryic, @Francisco, @Kujoe and @ricardo may agree today.

  • mailcheapmailcheap Member, Host Rep

    @Maounique The breaches being referred to here is wrt. compromised database or some form of gaining authorization to an account via forged cookies, weak password hashes, etc. How will at-rest disk encryption help if an attacker actually manages to gain authorized access to your account? By this logic, we should next employ disk encryption as a measure to prevent social engg. attacks.

    Physical compromise of a secure DC like OVH, Equinix et al. is a really far fetched idea to support disk encryption tbh. Now we're getting into @impossiblystupid 's fantasy world where he has already "solved spam".

    End to end encryption and protection of metadata is simply not possible with email. SMTP protocol doesn't allow for encryption of headers.

    If you're really concerned about govts. seizing data and spies breaking into secure DCs to access your data, email is not the right solution to use. You could get away with using client-side encryption but it has its deficiencies like not encrypting headers and such. And while you're reinventing the SMTP protocol, why not ask impossiblystupid to come out of his bubble and actually solve spam.

    Pavin.

  • @mailcheap said:
    How will at-rest disk encryption help if an attacker actually manages to gain authorized access to your account?

    Are you really not able to put two and two together? If the encrypted data is truly "at-rest" (perhaps even on an unmounted filesystem), then being able to access just a local system account gains them nothing.

    Now we're getting into @impossiblystupid 's fantasy world where he has already "solved spam".

    And this becomes yet another area that reflects poorly on you when you are unable or unwilling to think about new methods to eliminate long standing problems.

    End to end encryption and protection of metadata is simply not possible with email. SMTP protocol doesn't allow for encryption of headers.

    More shortsighted thinking. It's definitely possible, it's really just a matter of whether or not people are willing to accept a modified way of using SMTP to enable that sort of encapsulation vs. simply using a different messaging protocol completely.

    why not ask impossiblystupid to come out of his bubble and actually solve spam.

    Already done. I've been using it with great success for over a decade. It remain pearls before swine, though.

  • jarjar Patron Provider, Top Host, Veteran
    edited March 2017

    impossiblystupid said: More shortsighted thinking. It's definitely possible, it's really just a matter of whether or not people are willing to accept a modified way of using SMTP to enable that sort of encapsulation vs. simply using a different messaging protocol completely.

    Sure, one could run a mail service that doesn't work with others. If one enjoys investing in purely conceptual things that no one can actually use. Nothing wrong with doing that, and someone has to do it before it can be a standard, but I don't think we're conversing with anyone that will be setting that standard here at LET (personally). I think most anyone here trying to go broke on creating new internet standards would just do that, go broke.

    impossiblystupid said: Are you really not able to put two and two together? If the encrypted data is truly "at-rest" (perhaps even on an unmounted filesystem), then being able to access just a local system account gains them nothing.

    Think webmail. If webmail login decrypts data and someone gains access to account, that's more of the scenario he's talking about I think.

    Thanked by 1mailcheap
  • MaouniqueMaounique Host Rep, Veteran

    jarland said: someone gains access to account

    If someone gains access to an account (i.e. user and password) it is game over, we need to focus on securing the data when someone gains access to the server's FS or actual email files. That does not involve changing SMTP or anything else in email system. Also, having each email account encrypted with another password does not allow for cookie forging (well, it does, but the attacker wont get anything out of it).
    A weak password hash, database access, etc, are also out of the picture once everyone's account is encrypted on disk, same, if the database is accessed, will only show some random email addresses (assuming we keep it in clear) and the time of their creation. Having the whole database of the addresses in a town with only aliases instead of names will never help a burglar hit the exact person he wants to.

    mailcheap said: Physical compromise of a secure DC like OVH, Equinix et al. is a really far fetched idea to support disk encryption tbh.

    You do not provide any reason why the governments cannot enter there, recruit some employee to put in some device or simply hack into the server using undisclosed exploits and vulnerabilities. Recruiting some employee or hacking into the server can be done by criminals too.

    mailcheap said: we should next employ disk encryption as a measure to prevent social engg. attacks.

    Of course, it will prevent people which social engineered linode employees to actually steal the bitcoins once they get access to the server. https://arstechnica.com/business/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/ How that would work in case of bitcoin is another matter, though.

    jarland said: Think webmail. If webmail login decrypts data and someone gains access to account, that's more of the scenario he's talking about I think.

    As i said, if someone has the account username and password, it is game over, we must defend against the cases when the attacker gains access to the infrastructure, not individual accounts. At this time, if someone hacks into your server or social engineers some employee at the datacenter, or comes with a warrant at the datacenter, aside from actually seizing the servers physically, will be able to read all emails stored there. It looks like you consider this is not possible, or too improbable to merit some effort to encrypt, which, in this day and age is irresponsible, in my opinion, but you can continue to believe the law will protect you and your systems are unbreachable. Important is to make sure you state these things in clear in your ToS/AUP as well as in the main page so people know their data is absolutely secure.

  • @jarland said:

    impossiblystupid said: More shortsighted thinking. It's definitely possible, it's really just a matter of whether or not people are willing to accept a modified way of using SMTP to enable that sort of encapsulation vs. simply using a different messaging protocol completely.

    Sure, one could run a mail service that doesn't work with others.

    Which is in no way what I proposed. Look, just because you cannot devise a method of tweaking SMTP to provide new features in a backward compatible way doesn't mean nobody else can. This has become a pattern in your responses, and it does not reflect well on you.

    I think most anyone here trying to go broke on creating new internet standards would just do that, go broke.

    So what? That says nothing about the utility of the proposed approach. The issue is not whether or not solving these problems makes you rich, it's whether or not they are scientifically tractable. They are, and you simply made the wrong career choice if you think your best contribution is to mock those who offer solutions to your problems.

    impossiblystupid said: Are you really not able to put two and two together? If the encrypted data is truly "at-rest" (perhaps even on an unmounted filesystem), then being able to access just a local system account gains them nothing.

    Think webmail. If webmail login decrypts data and someone gains access to account, that's more of the scenario he's talking about I think.

    Then you, too, are very confused about what it means for data to be "at-rest". Your argument generalizes to saying that all encryption is pointless, because the user has to decrypt it at some point. The rest of us are talking about securing everything that happens before that point.

  • jarjar Patron Provider, Top Host, Veteran

    I made no argument, just a clarification, you incessantly belligerent buffoon.

    Thanked by 3willie WSS Hxxx
  • HxxxHxxx Member

    Is getting hot in here.

  • @Hxxx said:
    Is getting hot in here.

    Don't start, @Francisco might just take off all his clothes.

    Thanked by 2Yura Amitz
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @austenite said:

    @Hxxx said:
    Is getting hot in here.

    Don't start, @Francisco might just take off all his clothes.

    Too late.

    Francisco

    Thanked by 4Yura austenite Hxxx Amitz
  • YuraYura Member

    @Francisco said:

    @austenite said:

    @Hxxx said:
    Is getting hot in here.

    Don't start, @Francisco might just take off all his clothes.

    Too late.

    Francisco

    Thanked by 2austenite Hxxx
  • nik said: Mailchimp is something completely different

    Yeah, i think i misunderstood it. And i mentioned i do not have idea about the others. Anyways, thank you for the updating me.
    Regrads

  • Hi,
    I have spoken to both providers about my requirements. Both have been exceptionally quick to respond. I don't know if it is a deal breaker for anyone, but currently MX Route aren't providing activesync (I read a previous review when they were) not a deal breaker for me, but it might be the difference for someone else. MX Route have also said it's on the roadmap, but isn't likely to be available any time soon.

    In summary though, both of them have outstanding communication (which I guess is good for an email company!).

    • Disclaimer: I have signed up for an account with MXRoute.
  • mailcheapmailcheap Member, Host Rep

    @michaels said:
    Hi,
    I have spoken to both providers about my requirements. Both have been exceptionally quick to respond. I don't know if it is a deal breaker for anyone, but currently MX Route aren't providing activesync (I read a previous review when they were) not a deal breaker for me, but it might be the difference for someone else. MX Route have also said it's on the roadmap, but isn't likely to be available any time soon.

    In summary though, both of them have outstanding communication (which I guess is good for an email company!).

    • Disclaimer: I have signed up for an account with MXRoute.

    Sorry we couldn't work out reselling on basic plans/Premium Mail; its just not viable at this time. Reselling is allowed (& supported with Resellers permission level) on private servers though!

    Pavin.

  • Sorry we couldn't work out reselling on basic plans/Premium Mail; its just not viable at this time. Reselling is allowed (& supported with Resellers permission level) on private servers though!

    Pavin.

    Hi Pavin,
    I totally understand. I think in terms of management the mailcheap platform is better geared for reselling at the moment (I believe the "limitations" of cPanel were discussed earlier in the thread). I look forward to growing my business to a point where I can use both!

    I think this is a sector that will grow massively over time. Hosting companies are "getting out of mail" (try finding information about OVH's MX plans now or rackspace rackmail) and a number of smaller businesses aren't ready / can't afford O365 / gApps etc.

    Thanks

    Michael

  • MaouniqueMaounique Host Rep, Veteran

    michaels said: Hosting companies are "getting out of mail" (try finding information about OVH's MX plans now or rackspace rackmail)

    The fact some big players are leaving the market cannot look well, they probably have some expensive studies which tell them there are not much money to be made there.

    Thanked by 1vimalware
  • @Maounique said:

    michaels said: Hosting companies are "getting out of mail" (try finding information about OVH's MX plans now or rackspace rackmail)

    The fact some big players are leaving the market cannot look well, they probably have some expensive studies which tell them there are not much money to be made there.

    Easier for them to resell "cloud apps" than run their own infrastructure, doesn't mean there isn't a market.

  • Jarland is helpful in discussions where he doesn't self-promote.

    Pavin at Mailcheap can't walk away from a discussion that has the potential for him to self-promote his services. It's almost like he has a "I can never admit wrong" mentality which is scary especially since trusting your email delivery with his company.

  • niknik Member, Host Rep
    edited March 2017

    @jarland said:
    I still may expand overseas btw, I mean I have my concerns about my ability to have a legal standing there, but if people want it and I'm up front about who I am and where I reside, that seems like a solid plan.

    Plus not totally trying to step on Pavin's market. So it'd be clearly secondary.

    You could just go with Switzerland, they are probably even stabler than the US as a country and are known for it. I think it would be the perfect country for email hosting because of the laws and its politics. The EU wouldn't be a problem as well, the only problem is the price.

    Thanked by 2jar WSS
  • mailcheapmailcheap Member, Host Rep
    edited March 2017

    @doughmanes said:
    Jarland is helpful in discussions where he doesn't self-promote.

    Pavin at Mailcheap can't walk away from a discussion that has the potential for him to self-promote his services. It's almost like he has a "I can never admit wrong" mentality which is scary especially since trusting your email delivery with his company.

    Much coming from someone whose contribution is a link to Mailcow installer and wrongly asserting false assumptions on deliverability.

    Pavin.

  • They can read the post for themselves, Pavin, and will come to their own conclusions.

    Hire that sales guy. You're not cut out for dealing with the general public when your company's reputation is at risk.

  • jarjar Patron Provider, Top Host, Veteran

    Ah give the guy a break. Pavin is a good guy and does great work. He's not like the shill I banned earlier for posting the same provider recommendation in every thread for nearly a year and flying under the radar.

    Thanked by 2mailcheap vimalware
  • @nik said:
    You could just go with Switzerland

    Swiss MXRoute would be awesome. I don't have any legitimate reason, it just sounds cool.

    Thanked by 2vimalware Maounique
  • WSSWSS Member

    @jarland said:
    Ah give the guy a break. Pavin is a good guy and does great work. He's not like the shill I banned earlier for posting the same provider recommendation in every thread for nearly a year and flying under the radar.

    HostGliders? Aren't they back?

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran

    @WSS said:

    @jarland said:
    Ah give the guy a break. Pavin is a good guy and does great work. He's not like the shill I banned earlier for posting the same provider recommendation in every thread for nearly a year and flying under the radar.

    HostGliders? Aren't they back?

    Some weird .uk domain I already forgot existed ;)

  • WSSWSS Member
    edited March 2017

    @jarland said:
    Some weird .uk domain I already forgot existed ;)

    I don't remember that one, either. But have you heard of WuSS mail? It's like gmail, only entirely different! It has an HTML 3.2 compliant interface, and supports POP3 and SMTP. If you want to take it offline, we can even add UUCP support so you can dial into the Portmaster and download all 15MB!

    Thanked by 1jar
  • @doughmanes said:
    Hire that sales guy. You're not cut out for dealing with the general public when your company's reputation is at risk.

    It clearly isn't the case for you, but for me Pavin's activity here makes me want to get his service more. If I hadn't missed one of the past deals I already would have it. I'm just forcing myself to be patient for now.

    I'll be doing MailCheap primary with MXRoute for imapsync backups and also incoming mail backup queue, or at least that's the plan.

    Thanked by 2Rhys mailcheap
  • YuraYura Member

    @WSS, hey, russian hackers, add node.js and angular 2. Be kewl.

    Thanked by 2vimalware WSS
  • HackedServer said: It clearly isn't the case for you

    I'm not selling a product or represent a service. I do however know that in a "help" category that you provide assistance not preach your service's advantages then knock down other suggestions while pointing to your service's features and accuse others of providing incorrect misinformation in a win at all cost mentality.

  • WSSWSS Member

    @Yura said:
    @WSS, hey, russian hackers, add node.js and angular 2. Be kewl.

    The millenial hackers are still trying to rally to change the passwd file format to allow for a gender to be added so they may change it at will.

    Thanked by 2Yura vimalware
Sign In or Register to comment.