While I find Eastlink's behavior in this situation reprehensible, I have to note that the final statement in the article is quite true:
"your email address may not be your own"
If you entrust your email to a third party, you are taking a risk. IMO that risk is a lot bigger if the third party is your ISP, because they know they are in a very strong negotiating position with respect to you. That's why I have never relied on my ISP for my email service (even though they offer it, I don't use it). It's very cheap nowadays to get ownership of your own domain and full control of the email addresses under that domain. Yes, you still have to depend on your hosting company for those services, but you are in a much stronger position with them than with your ISP, because hosting is so much more competitive.
You own your domain name in the same sense that you own any property in a society where governments have overwhelming force at their disposal. Yes, if the government really, really wants to take your ownership away, they can. But it's still a lot harder and a lot rarer than having ISPs screw over their customers.
I mentioned in another reply the problem with DNS is that multiple entities can mess up with you and government is only one among many.
Correct me if I am wrong, but is a registry even obliged to offer a renewal of your domain when your current lease expires? Without jumping through the whole loop of "owning and defending a trademark", what legal recourse do individuals have when faced with malicious takeovers?
> You might as well say "...in any society." If a government doesn't claim a monopoly on violence, someone else will.
Whichever entity (even if nominally a collection of entities considered together) has (whether or not it claims) a monopoly on the legitimate use of force is the government, whatever it calls itself.
> A society without a government that monopolizes force can't really exist, or at least not for long.
This is falsified by many historical examples. I gave one upthread (some of the American colonies, such as Pennsylvania in the early 1700s). Another would be saga period Iceland, which existed for several centuries with no government that monopolized force.
I think history does show that societies without a government that monopolizes force are vulnerable to a failure mode which basically consists of an outside entity being willing to invest enough resources to overwhelm the force available within the society, and thus establishing a government by takeover. This is what happened in both of the examples I gave above (Iceland was taken over by the King of Norway, and Pennsylvania ended up caught up in the general tightening of everything when the British decided to get tough on the colonies after the French and Indian War).
In other words, any time a group of people try to set up for themselves a place where they can live the way they want to, interfering with no one else and with no one else interfering with them, it doesn't last; someone else always ends up coming in and taking over and trying to tell them what to do. I view this as a bug, not a feature.
I think you've just crushed a lot of libertarian dreams. But you're right. If there is no official and relatively accountable government, it would be just some war lord of some other type of bully taking over and demanding their own "tax" to let you be in any given area.
I didn't say "monopoly on violence". I said "overwhelming force". It is perfectly possible for governments to have a monopoly on violence but still not have overwhelming force at their disposal: in fact that was the case when the US Constitution was written (for example, "keep and bear arms" in the 2nd Amendment was intended to include private ownership of warships). It is also perfectly possible for no entity to have a monopoly on violence and for no entity to have overwhelming force at its disposal compared to others (for example, in a number of American colonies, such as Pennsylvania in the early 1700s, while there was technically a "government", it did not have a monopoly on violence and private enforcement of laws was common, with all citizens being in roughly the same position as far as the force at their disposal).
I was merely recognizing the fact that, in today's world, governments, at least of developed countries like the US, do have overwhelming force at their disposal compared to private citizens. Whether that is because they have a monopoly on violence or for some other reason is irrelevant to the point I was making, which is simply that private citizens have to recognize and deal with the reality and limitations of what "ownership" means in today's world.
Found a company, register a trademark in the same name in all relevant jurisdictions, hire a legal team that are trawling the internet and the world in general for trademark abuse so the trademark is defended. Hope that some registrar or internet body do not change a policy of some sort or another. Did I miss something?
There is no guarantee you'd win in court, especially if your domain is seized by a state level actor.
This is why I think private keys combined with some kind of immutable log (cough...blockchain...cough) are far better as identity tokens than anything based on DNS.
Identity tokens only implement the underlying address space. Friendly identifiers either have to be immutable (read:nearly worthless), or handled by some form of registry.
First come, first served registey with some form of expiry implemented via smart contracts might be possible, but it seems unlikely any one registry would ever become 'the canonical registry', as that just puts is back in the same situation as DNS.
This is a hard problem to solve without asking folks with big sticks/guns to enforce policy decisions.
I am not sure if there has to be a "canonical" registry. For example, most western countries have multiple competing credit rating agencies reporting on individual identities and the system seems to work okay on that aspect.
I will give my ideas more thought down the road. We have already tried this with PGP but it had too many issues to be practical. In any case, whatever we end up building is going to be better than DNS which is one entity with too many pairs of hands controlling it, all the way from ICANN to the registries to malicious social engineers.
Running your own domain and email server also adds new attack vectors for somebody wishing to gain access to your email. In addition to the obvious security issues related to running your own server the attacker may also use social engineering for the registrar, hosting provider provider or DNS provider support people.
If more people would realize the importance of email address as the key to their online identity, this might open up a business opportunity for banks. My bank knows me, they have the proper ways for offline identification (if I loose my online access and I have quite good confidence on them. I would not expect the bank to run full email service for me, but they could provide forwarding service. Should I run to trouble with the actual mail provider, let's say Google blocking my account, I could just work with the bank to setup forwarding to other location.
You don't have to run anything yourself, just "hold the key to the domain" so to speak. Relying on a mail provider to host the email server is fine, and if they try to take it from you, you can be up and running with a different provider in less than 10 minutes, with it fully probagated 24 hours time. You are still in complete control over the future of all email on that domain.
(D) Use Hotmail (1996) or Yahoo mail (1997) or one of several other similar services
(E) Use university or organization e-mail account [1]
(F) Buy your own domain and set up mail forwarding to another account or service [2]
[1] Okay, not really much better than your ISP account, but it's a different dynamic and still slightly better, though not everyone would have this option.
[2] I can't actually find a positive reference to mail forwarding being an option around the exact time-frame, but I know I had done this for some people around the early 2000's at least. Though it's a variant of (A) it's still distinct because it's a domain, not just an account.
(D) Pay a hosting company to host your own domain and its email. This is kind of like running your own server, but without having to run the machine yourself, have an Internet connection that supports that (most ISPs forbid hosting services on your publicly visible IP address in their terms of service), etc.
(E) Pay your registrar to forward your e-mail to another account.
I used to run my own server, but I got tired of constantly dealing with spam filtering, RBLs, etc. I just forward several accounts across a handful of domains to my gmail account, and I have gmail setup to send 'from' my own domain (with validation).
I could switch to another service (or my own server) and other than me, no one would notice a thing.
Running your own server is a lot harder today. You need to set up SPF and DKIM, at minimum. You also need to hope that you don't get erroneously blackholed by Google (GMail), Yahoo, or Microsoft (Hotmail/Outlook.com).
I would consider Gmail to fall underneath option A rather than option B. If Outlook Web is Microsoft's GSuite competition then it is not running your own server either.
Yahoo may have had free email and this time. I'm not sure the exact timing but after I got real internet instead of just dial up email I switched to Yahoo from Juno right around that time.
This happened to me. I had a Knology email for twelve years (when I worked for them and long after). I created it when I had that authority, then out of the blue after 12 years, I got an email saying that the mailbox was being removed due to being against TOS for being offensive. I guess someone got irritated. I never fought it or cared because I didn't want to raise the stink, because 12 years it was fun being God@Knology.net
In 1998, I managed to register the root@ email address with a new Dutch ISP that ran its email on a Windows infrastructure ( so on day 1 only Administrator@ was taken). I even became friends with the guy who registered info@
It took them almost a year to realize that they should have blacklisted some accounts for registration. They took it from me in the same way: a one month notice. The hardest part was that I couldn't convince them that I wasn't trolling them when I registered it. But ah well.. I was :)
Can we address a different problem, aren't "noreply" addresses used by companies just a blatant admission that they don't want to talk to you about any issues you have? Aren't companies at least slightly ashamed of using these sorts of methods?
If I hit reply on an automated email I would expect it to get an automated response with clear links to helplines/addresses/etc at the very least, and ideally to go through to the actual customer support system. Is that unexpected? I'd imagine that less technically aware users would expect a similar thing.
Here is one reason companies might use a "noreply@" email address: autoresponders.
If you set up a real email address as the "from" field, then when you send out an email to a list of any significant size, you can expect to get a bunch of autoresponses like vacation notices, out of office, so-and-so does not work here anymore, etc. Then someone has to go through and clear all those out, looking for real replies.
If you use a "noreply" email address, then you can avoid that. But then you should put the real support email address in the body of the email, so that people can get service. I agree it is annoying when companies seemingly have no way to get support.
This is pretty much a solved problem. If your ticketting system can’t handle this, take your vendor to task over it.
We send automated notifications from an address that’s manned by humans. Approximately 14000 a day. Rules for out-of-office in a large number of languages have been in place for years.
(And ‘does not work here anymore’ - we want those replies. If they’re getting mail notifications, they’re also getting sms and phonecalls. That’s an email worth handling before we phone the wrong person at 3am.)
> blatant admission that they don't want to talk to you about any issues you have
I think that's a little hyperbolic. Companies use noreply because replying to that email is not the correct path for support. If you want support, go through the real support system (which likely has additional features around sorting support requests, paid support, antispam etc).
> I would expect it to get an automated response with clear links to helplines/addresses/etc
It would be a minor pain for me to set up and keep up-to-date email based auto-reply systems for everything. Most users don't expect such a thing to exist, and it's far easier just go to the website and use the FAQ/Contact us pages there. I do occasionally check the noreply inbox for some services, and I've never once seen anything other than spam or out-of-office notifications in them. It's wouldn't take a ton of effort, but for nearly no reward.
> If you want support, go through the real support system (which likely has additional features around sorting support requests, paid support, antispam etc).
In other words: Make it as comfortable as possible for yourelf, fuck your customer. I have one point where I manage my electronic communication that is very well set up for the job, and that is my email client. If you expect me to use your user interface in order to communicate with you, I won't be your customer.
If it’s not the right place for support then I think an autoresponder with helpful directions is far more respectful of the customer. However I still think most companies should be able to link it directly to their public customer support address.
For many companies, it feels like the correct path for support is 1) go away 2) really, please, just go away 3) fine, your blog post got a lot of visibility, I guess we'll take a look.
I once signed up for a new service and got a welcome email from the CEO wanting to make sure I was having a good experience. Guess what the reply to address was?
Yeah, this is a very common growth hacking sort of thing that early stage companies do I think. We used to do it. But any email that looks like it comes from a human has got to have a human on the reply-to in some way, otherwise user just feel lost.
Customer support of costly. Why do you think that many companies raise artificial barriers to getting in contact with support (e.g. burying their support line deep within their site in a non-obvious location). Even then the support that you get is many times designed to blame everyone but the company for issues in an effort to frustrate you into just getting off the phone and falling into acceptance of your situation (rather than actively trying to improve it).
I think a fair alternative would have been to make his email address read-only. It still would've been inconvenient for him, but he would have been able to control his internet legacy on his own terms, and it would've solved their concern about his emails appearing to be "official."
I'm not sure if the fact that they refuse to migrate his emails to a new account is a matter of terrible customer support, technical debt, or incompetence.
This kind of thing is why it's foolish to use an email server that doesn't offer IMAP access. IMAP is what allows you to get your own data to do with what you will.
Eastlink is a popular ISP, not just a webmail provider. They almost certainly do offer IMAP access to their email accounts. and this help page[1] seems to support that.
Hm, I think the article also alludes to that near the end. So it's not clear why Morshead "is facing the daunting task of going through almost two decades of email messages" to decide what to keep. It sounds like he doesn't understand (nor the journalist) that he can retrieve his emails en masse.
I use POP3 for some services. I have one mailbox that I share with my wife as a joint household e-mail address (we both also have personal addresses). Having syncing between devices would be a nightmare as things would get marked read by the other person. Yes, I could set it up to forward to our personal mailboxes, but it's been working fine for 20 years, so why change.
More importantly with POP - you mail gets downloaded to your device and then that's it. It's yours, secure, for you to manage. With IMAP there's always the possibility of the ISPs server hiccuping and deleting mail off your machine that you thought you had safely downloaded.
Even with IMAP, you can secure messages by moving them to local folders. And with multiple devices, you can move a different set of messages to each device. You can also move messages back to the inbox, in order to share with another device.
I used to be a POP fanatic, mostly because I didn't like the idea of leaving copies on the server. But then, the NSA probably logs everything, so hey.
You can run POP3 without deleting mail from the server. The POP3 commands for "download message" and "delete message" are completely independent; I typically have my mail client set to delete messages from the server 14 days after downloading them, so that I'll always have recent email in two places.
I know people that use it because they think it is better from a privacy standpoint.
It might not be correct now but at one point the Electronic Communications Privacy Act stipulated that data left on a server for more than 180 days is considered to be abandoned and the government can easily and legally access it.
Yes, there is that. But in reality, the NSA arguably has copies of everything. Or at least, metadata. And it almost certainly retains copies of all encrypted messages.
I'm more worried about the situation where somebody reveals some corruption in a small town police department and the police decide to investigate that individual by looking at that person's "abandoned" data.
> I'm not sure if the fact that they refuse to migrate his emails to a new account is a matter of terrible customer support, technical debt, or incompetence.
Likely explanation: bounced emails landed in his mailbox, and his access to them is problematic. Migration would mean they have to "clean the data", which as we know can never be done to 100%, plus it is time consuming / expensive.
I'm not protecting the company, just pointing out the forces.
They gave him a month, he already has access to any of those emails, and will continue to - nothing to clean, in that sense.
In any case, it's not their stated reason. If they're sending emails using noreply already (which are bouncing), that's a completely different issue, and I wonder if he wouldn't have a case for them impersonating him :)
I find it unlikely that anyone cold emails "noreply".
I don't know, to me this sounds like a perfect scenario to let them know he's getting a good lawyer and justifiably suing them for damages if they intend to go through with it and delete his account. Sadly, in most cases abusers of power only stop when there's a steep price tag on it.
I'm certain the terms of service he agreed to allow the service provider to discontinue service with some amount of notice (30 days seems likely since that's what they gave him here). I've never signed up for any service that I can recall that didn't explicitly allow either party to discontinue it.
While I'm pretty on board with the notion of some kind of internet access as a modern human right, I can't really see an argument for a right to a specific email address with a specific email provider. It's shitty that they've only given him 30 days. And, it's shitty that they didn't do something about it much, much sooner (noreply has been around for a long time as a common address for customer service emails, though maybe not 20 years), before his life became so entangled in this specific email address.
But, I don't think the law is on his side. I doubt he'd find a lawyer to take the case without paying a lot for the service. And, I really doubt he'd win such a lawsuit.
he should also sue then for impersonating and harassing.
he trusted then to handle his private personal email. instead they sent out millions of messages faking that it was from his account, when they could have used, literally, any other combination of words to tell the recipients that they should not reply to the message. change no to dont, and it is even more functional to the intended purpose.
it's so trivial to use another bogus email on the from field that his lawyer should have no problem claiming it might have been a malicious employer harassing him. because, really, that's the only explanation that is actually plausible.
Back in the very early 2000's I owned a domain and a month after renewing it, the registrar refunded me the registration fee and took ownership of it - the new WHOIS entry was for the owner of that registrar.
> Back in the very early 2000's I owned a domain and a month after renewing it, the registrar refunded me the registration fee and took ownership of it - the new WHOIS entry was for the owner of that registrar.
Are you comfortable with sharing their reason (if they gave one) for doing that to you? That seems like a situation that would quickly cause a mass exodus of customers to a competitor.
Years ago when I first started helping people build a web presence, I used 1&1 Inc. as both a registrar and hosting provider. When one of my clients wanted to move to a cheaper host, I was happy to help her make the move, however 1&1 did everything short of taking ownership of the domain to stop her from doing so. They would delay the transfer, lock the domain after I'd unlocked it, and wouldn't respond to support requests. I finally had to threaten legal action to make them release the domain to the new registrar. I immediately pulled all of my own domains to a new registrar and moved my sites to a new host. They tried to delay my move as well, and again I had to say "lawyer" a few times before they let go.
I run a registrar, and while we can mess with people's domains we would get in serious trouble with the registry and you would get the domain back if we did so. Many registries have rules which protect the domain owners from the whims of registrars, but if you are worried you can look it upf or your specific registry.
Whether the registrar has much power depends on the registry, usually not really (you usually can just move to a different registrar and the old registrar can not legally prevent you from doing so).
The hosting/email provider is obviously not a problem at all, as you can switch to a different provider at any time (just make sure to keep the domain registration and the service provider separate) if your current provider is an asshole--or you can just host your own server if you want to avoid any providers messing with your emails.
I strongly recommend people keep their domain registrar and hosting provider as separate entities. It makes it much less likely you'll suffer a catastrophic loss.
I want to do this, but I don't want the hassle of running my own email server. Can someone recommend a good email hosting service for custom domains? Personal email, so needs to be fairly cheap.
They are hands down the best email provider I've used. I moved from Gmail to them and the speed, support, and reliability is head and shoulders above even the paid Google service.
They don't really need a TLS cert for your domain - they don't host your website; the MX record in your domain just points at a host in one of their domains (for which they have the TLS certificate); and the 'mail.yourdomain' address just redirects to https://www.fastmail.com.
I have gmail handling my email for a custom domain for free.
You sign up with Google and follow a process they have, which involves setting some MX records and CNAME records on your custom domain to point to google's hosts.
This was free within some limits... I guess I assume it still is? (I set this up years ago. Google's never asked me for money for it.) I don't remember what the limits are. I and my family never hit them. I guess there are limits on the number of accounts and storage space.
I suppose since it's free it's a matter of time before they stop doing this, but so far so good.
Yep - I somehow managed to move my account from free to paid (~$5.50AUD/month). I'd love to cancel it, but Google offer no migration for Play Store apps - so I'd have to re-buy everything.
Setup your custom domain email to work with Zoho Mail for free. Then use a free Gmail inbox to add that email via Pop3. Then you can use a free custom domain email for sending/receiving with Gmail as your email client. Bam.
Yep. I changed over years ago and haven't looked back. Also reup the registration whenever possible (fun fact, NameCheap won't let you renew a domain more than 10 years into the future).
Imagine there is no e-mail, no telephone, only postal mail. You've lived at the same house for 20 years. Now you're moving out of state, and your postal service doesn't forward mail. You have 30 days to send everyone you've ever met or business you've done business with a letter and confirm you really are moving to the new address.
The speed of downloading the archive is no big issue; it should take a day and a half. And you can sort through it by importing into Gmail and using their preconfigured filters. But the biggest problem is resetting all your old online accounts to use a new e-mail address.
To change the address, you may have to confirm an e-mail to your old address, so migrating all your accounts has to be done within the 30 day window.
Alternately, signing up for new accounts isn't always easy. Financial and government services may require special codes be sent by postal mail, and a confirmation possibly mailed back (along with waiting for it to be processed) before you can reset or create a new account. Creating new accounts also loses you any time or money you may have invested into an online account. And each recipient still needs to update their address books with the new address, probably by hand.
He certainly never owned the domain, the servers, the connection, or the name, so the isp is legally justified. But it's a much bigger pain in the ass than people realize, and giving him more time and assistance would be a big help, especially since he's in the middle of a big life change already (closing on a house).
This is like the story when Google shut off GMail for people who purchased (or sold?) a Pixel phone through eBay.
At least criminals who encrypt your files let you pay a ransom. Wonder if Google should do that too, "We shut off your account for reasons we won't explain. But if you pay us $1200 you can get it back"
Agreed. And this further reinforces the idea that running my own personal email server is worth it. I get that the vast majority of people aren't going to do this and that most people on HN advise against it. I'll tell you though, there's some satisfaction now that I have everything up and running smoothly, with well-trained spamassassin and 10/10 server scores on mail-tester.com.
Google isn't an ISP, and you don't pay them for access to GMail. So I would say you're in an even worse position with regard to Google than you are with respect to your ISP, as far as expectation of support is concerned.
Institutional identity providers (from government passports to FB) are getting more abusive. They want more from you in exchange for being allowed to use their platform.
Hard to know what the causes are here: could be anything from the dominance of free services (i.e. you can't 'take your money elsewhere') to laws that make it harder to do business anonymously.
Institutional collusion. I don't mean explicit, agreed-upon conspiring; I mean the sort of industry signaling you see everywhere, like cellphone provider and airline pricing.
FB, say, ups the intrusiveness in one way, and the other surveillance firms watch carefully. If the blowback is manageable, yay, new normal has been achieved.
Are there any decentralized identity systems? If my government refuses to give me a passport, drivers license and copy of my birth certificate, how do I prove I am who I claim?
Ironically the UK identity "system" bootstraps in the other direction; you need a photo signed by somebody suitably middle-class ( https://www.gov.uk/countersigning-passport-applications/acce... ) to get a passport, and lots of places use utility bills and bank statements as proof of address.
There are other ways of proving identity but generally any one way isn’t enough on its own but needs to be combined. For example you might combine documentary evidence (e.g. passport) with some knowledge evidence (e.g. which company you took a loan with in year x) and potentially some biometrics. If you don’t have identity documents then knowledge based verification combined might be enough in its own for some uses? There are other sources as well, for example access to multi-year usage ‘real name’ social media profiles could be a contributing factor towards identity.
"In an email to CBC News, Eastlink spokesperson Jill Laing said "noreply@xxxxx.ca" business response email addresses have become commonplace across businesses and industries.
The company believes that email may lead some to "believe that information coming from this address is from Eastlink."
Sounds like this Eastlink person doesn't know most mail servers receive mail quite happily from anything@any.domain, as anyone who's ever received spam knows.
>> The company believes that email may lead some to "believe that information coming from this address is from Eastlink."
The problem with their argument is that any email ending in @eastlink.ca will lead some to believe that information is from Eastlink.
If you're giving customers an eastlink.ca email adddress, how can anyone tell if an email from emailname@eastlink.ca is from an Eastlink employee or not?
It's not easy for the average consumer. Comcast offers free consumer Comcast.net email addresses, but their corporate emails are something like @corp.comcast.com.
It's less about the average consumer than the individual ISP's approach to giving out email addresses.
Given that Eastlink wanted to take back noreply@eastlink.ca (sans subdomain) and that they're a smaller, regional Canadian ISP, I would guess their process for handing out email addresses is less sophisticated than Comcast's.
It is a security issue. If he were to lose his credentials then others could use his account to send genuine looking phishing e-mails. If you were defrauded and had checked the email address as genuinely being from that address you might be minded to sue them. He could be targeted explicitly for this purpose now. Furthermore, he admitted to having read mail not intended for him and took no action to address the issue indicating that he understood that his address coincided with a namespace commonly intended for provider usage. It is unfortunate that the usage of 'noreply' has become so commonplace as to render his account a security issue. Perhaps they should give him some more time but he cannot keep it.
I think that at least gmail usually flags these kind of spoofed addresses. But in this case, being sent by valid servers, gmail or others would just acknowledge it as the valid email address that it is. Thus leading to a possible misunderstanding for the receiver.
I'm not sure what you mean, but the problem would be that noreply@ZZZ is often used by the company that runs ZZZ; using "noreply" for a personal address presents the same problems as registering other commonly-reserved addresses like postmaster@ZZZ or admin@ZZZ. It doesn't have anything to do with the ability to actually receive mail on an account named "noreply".
Eastlink publishes an SPF record, so such emails would be classified as spam by any decent mail system. This guy, sending through Eastlink's hardware, would get tagged as legitimate (because it was).
If there is something people need to understand about online services it's that:
(1) when you pay for an online service, a firm owes you a service.
(2) when you use an online service, a firm owes you nothing. Be OK with the idea that the service may disappear tomorrow.
Email is an increasingly important form of communication, and you should always have a service contract with the firm hosting your emails, with the consumer protections that come with the exchange of money for services.
I recommend fastmail.com or mailbox.org to all my family members when the topic comes up.
My response to this kind of problem/concern is to have your own domain. For example, Fastmail is my provider, but I have my own domain, which email is currently served through fastmail. But even that, unless you're Nissan or similar, is uncertain; no one owns a domain, they only have use-rights while they pay their registrar bills.
Purchasing a service is no guarantee that it will still exist in the future. It seems to me that a brand-name free provider like, say, gmail.com will probably far outlast the for-pay services that you mentioned.
mailbox.org has been around since 1992 and fastmail since 2001. Both of those companies are profitable.
Compare that with gmail that came out of beta in 2009, belongs to a company that is known for serially shutting down much-used and much-loved services, and whose profitability (that of gmail not google) is not entirely clear.
Sorry, but that does nothing to persuade me. Gmail has over a billion active users. Any disruption in service would be felt worldwide. Fastmail and mailbox.org could disappear without even making the news.
It's most disappointing that when this comes up in the news they don't mention these facts. A lot of people don't know they can pay for a domain and email service and not have to worry about this kind of crap.
It's not particularly hard to explain to lay people and a story like this is the perfect opportunity.
I have to admit that I have used noreply@mydomain.com for years in cases where I have to give an E-Mail but don't really care about replies. I think I got the idea from GitHub. Before they had the current system with @github.com
email addresses I think they recommended to just put a noreply@somedomain.tld in your commits.
When I started I had the intention to just kill the address when I ever will get too much SPAM, but surprisingly this never happened.
I think most SPAM bots just filter out all noreply@... addresses.
Obviously not news to anyone here, but in case he's reading these comments - there's no need to go through and manually decide which of your emails you want to keep. Just download a copy of Thunderbird, or another free email client, then download all your email using POP or IMAP. Once you get a new email address set up, you can even upload all the old emails to it to make them searchable with your new ones if you want, using IMAP.
As I see it, Eastlink has of course the right to change/close that mail address, but - as often happens - it is the way the "closing of the account" happens that is most inconvenient.
I doubt that technically it is in any way "difficult" or "complex" to set the account to "receive only" for - say - three months and then set it to "read only" (i.e. only an accessible snapshot of the e-mail account to a given date) for another - say - three months.
I had recently something simlar happening, with another provider of free web-mail, where I have had an account for - if maybe not 20 - at least 17-18 years, I beleive I was among one of the first users at the time.
They decided to close the service (which is as said OK to me, after all it was a free service with just a few ads when logging in) but they did so rather abruptly and more than that I continue getting on another account of mine notifications about mails arrived to that address that is now inaccessible, which should mean that the e-mail account is still "on" and that it was simply prevented accessing it, even in read only mode.
As often happens, no way to contact (or no response from) the support.
It was a reasonable decision by Eastlink. There is convention that email addresses of the form 'noreply@xxxxx.yyy' are company notifications and there is possibility of confusion. Bad luck for the customer.
I think it's reasonable to take it back, but it's unreasonable how they are doing it.
They should give him a year and help him transfer to a new account (copy emails over, etc). 30 days isn't much time to find every site you've signed up for in the last 20 years.
> There is convention that email addresses of the form 'noreply@xxxxx.yyy' are company notifications
There might be such a convention now. There absolutely was not such a convention 20 years ago when he registered it.
On top of that, the refusal to move the mail to a new address is abusive. It's not that difficult to do. So he's in the sad situation of having decades of mail deleted. Because "fuck you, Eastlink screwed up, and you're going to pay for it"
>There might be such a convention now. There absolutely was not such a convention 20 years ago when he registered it.
That's why I said it was bad luck.
>How any can defend such actions is beyond me.
Just to be clear, I'm not defending the manner with which they took his account. He is (was?) their customer for 20 years and they should give him ample time to make arrangements. I'm simply stating that I understand why they would want to regain control of that email.
I appreciate the clarification, but I'm sure you understand how I understood "It was a reasonable decision by Eastlink." as supporting all of their actions.
there's nothing standard or reasonable about noreply.
1. I get credit card bills from no-reply@alertsp.chase.com. Does payment constitute a reply?
2. Why should I want to do business with a company that doesn't want to hear from me?
3. Standardization re: email address is hard to find. Plenty of sites won't accept a '+' in a gmail address, but gmail advertised that for years as a feature.
Well the standard and reasonable definition that has existed for longer than a decade is that no-reply implies that there is no one actually reading the emails you send. Its an indicator that its an automated system, and replying or sending emails to this address will get you no where but a black hole.
The unreasonable action is giving someone 30-days to change their email, considering how integral email's are to security these days (password resets etc...) Eastlink made the mistake of allowing this, now they are forcing someone else to pay.
There's nothing reasonable about expecting others to read your email when you don't read theirs. All these orgs should be blackholed as abusers of the commons, little better than spammers.
Invoices, shipping notifications, automated newsletters, automated notifications, All very reasonable uses for a no-reply email addresses, and the typical use case.
Spam is a completely different story, and rarely uses no-reply emails.
If you want to blackhole any information you request from companies than scratch your head why you can't find your tracking information or flight status/itinerary that's completely up to you. Ignoring the valid, reasonable and typical use cases is just absurd
Sub-addressing with '+' is a common (but not universal) email hosting feature that predates Gmail. What's more particular to Gmail is zero or more periods '.' being ignored so awinter-py, a.winter-py, and a.wint.er.py are all equivalent and valid on Gmail.
but its like he said: he doesn't own that email address though he thought he did. I went through this a few years ago, and I got a domain instead, which I do own.
Why don't they just use 'donotreply@eastlink.com"?
It's only their marketing emails that need a "noreply" address and there is no reason that address has to be exactly "noreply". There is no confusion with any other user or company, because their no reply addresses are noreply@theirdomain.com.
They can use 'donotreply@eastlink.com' but they cannot stop other customer who receive email from 'noreply@eastlink.com' to not believe that the email is official Eastlink email.
You may not fully understand just how much work they're asking him to do, some of which may not even be possible, because of their own fault; and on top of this their refusal to help him fix their mistake at all.
This is not "bad luck".
This is "extreme cruelty".
Also, since you like conventions, grandfathering in decisions made before a convention became reality is also a convention.
RFC 2142 gives a nice snapshot of "standard" email address conventions as of almost exactly 20 years ago.
There's no real need for a "noreply" address to be standardized or conventional, though. Nobody except someone at that particular domain should be introducing noreply@ addresses into the email system (and hopefully only as reply-to addresses).
Probably not, or if it did, it was to a lesser extent. That's why I said it was bad luck for the customer that the vanity email he has chosen, happened to become associated with service notifications.
Two thoughts come to mind: first, choosing an email address is a lot like naming your child, or getting a tattoo -- this is something that you're potentially going to have to live with for the rest of your life. Picking a joke address and using it for your primary online ID might be a bad choice.
Second, this is why I have been a customer of pobox.com for over a decade. They don't host mail, they just provide forwarding and spam filtering, directing my mail at whatever endpoint I pick (and with most clients, including gmail, I can use them as my outgoing mail agent too). Changing mail services is as simple as a couple of clicks in their UI. Since their overhead is low and they get paid for their services, I expect them to be around for a long, long time.
Iam wondering if some one registers, say example, mark.gatiss@gmail.com. several years a later another real mark gatiss becomes CEO of google? What would happen? Will they do the same?
My guess is nothing would happen because they use @google.com internally. Besides, first.last@... format cannot be perceived as trolling, especially if it's really your name.
Well, he's not quite a complete idiot; he didn't pick "postmaster".
Not much sympathy here; if you want your personal address to be noreply, get your own mail domain.
Although it's not listed by RFC 2142 as a special alias, it de facto is.
For instance, in my SMTP setup, I reject messages that are from noreply@<any-domain>. (A small white-list of exceptions applies.)
A noreply address is a rude indication meaning "I want to talk to you, but I don't want to hear from you". Yeah, well, likewise here then: while I have your TCP connection, which does accept datagrams from me, let me tell you what I think with my RST segment.
While it may be a de facto special alias today, that status was much less certain when he got it. The time for his email provider to reject the address was when he requested it.
Didn't he receive even one single e-mail from "noreply" addresses in the last 20 years to recognize that, hey, people are using this thing, which is the same as mine!
> The time for his email provider to reject the address was when he requested it.
Do any of the same people even work there any more, you know?
Maybe at that time, you could have gotten "abuse" or "postmaster" if you had asked for those from the same provider. Sometimes such things slip through the cracks.
>Do any of the same people even work there any more, you know?
I do not know. What point are you making here? Regardless of the answer to that question, the provider is still using a specious justification to cancel an account they have provided for twenty years.
Anyway, I don't agree with them on the grounds that there shouldn't be "noreply" accounts.
They want to seize it from him so that they can spam people with "noreply@theirdomain.com", which they shouldn't be doing. E-mails should be sent with valid return addresses that someone picks up, or not sent at all.
I.e. since if this fellow contacts you by e-mail with his "noreply" account and you write back, he then actually replies, his use of it is more legitimate then what they are likely planning.
Company is innovating and following the evolution of the internet while also giving the guy ample time - 20 days to retrieve his emails over imap/pop3.
Its funny given that usually hacker news users are always so progressive demanding every company become innovate at warp speed and yet theres actually replies defending this guy. boggle
What everybody should do is register their own domain and create their own email addresses. Then an ISP is merely a forwarding service to some ISP email address you keep private.
While in my mind, I think you're probably right, it shocked me to see this written down... and upon reflection, I wonder if it isn't even lower than that. 0.1% is 1 in every 1000...
Or require those parties to comply with sensible and uniform user-centric standards of behaviours.
You're relying on a directory service ... somewhere, somehow. Your postal-service address is only as solid as the property and/or tenancy registry that's associated with that address.
(There may be some way of coming up with a p2p system based on UUIDs and PKI plus a web-of-trust reputational vouching, but that is not an alternative I can switch to tomorrow for general use.)
"your email address may not be your own"
If you entrust your email to a third party, you are taking a risk. IMO that risk is a lot bigger if the third party is your ISP, because they know they are in a very strong negotiating position with respect to you. That's why I have never relied on my ISP for my email service (even though they offer it, I don't use it). It's very cheap nowadays to get ownership of your own domain and full control of the email addresses under that domain. Yes, you still have to depend on your hosting company for those services, but you are in a much stronger position with them than with your ISP, because hosting is so much more competitive.