multiple topics: mail compliance,redeployment,finance status

General discussion re sg.

multiple topics: mail compliance,redeployment,finance status

Postby josiah » Wed Mar 01, 2023 5:36 am

All,

I haven't been here much except to resolve hacked accounts, though many contributors have kept me looped into issues here via a signal group chat, particularly syskoll, who's worked with Josh for many years prior to my stewardship of spamgourmet. I am making more effort to carve out time for spamgourmet support. Just know that your calls for assistance are not falling on deaf ears, just busy hands (there's a third josiah in the family line now!). I'll try to be more responsive here, and I do monitor tickets on mikedlr's Spamgourmet github repo as well.

Account Recovery
My dad had created a table for logging changed forwarding e-mails, but it didn't seem to work how I thought it was intended. It should work well now and will aid in account recovery. Still reach out to us here if your account was hacked, but I won't need to grill you for as many details, and corroborating information on syslog is not time sensitive anymore. Just let me know what the previous forwarding e-mail is and I can revert it back and provide you a plaintext password to change immediately (the temporary plaintext password I provide is itself a md5sum of a finite block of /dev/urandom).
While you're at it, if you know you have a recycled or poor-entropy password, go ahead and change it now!

Secure Mail Compliance
Users' voicing concerns about protonmail receive shines a light on our lack of TLS compliance, which we had never articulated. Over the past decade probably we have fallen behind on mail security practices. Not that we're worse off than we were in a vacuum, but it looks like mail providers were more than happy to leave us behind and cut us off in the process. We are fairly confident now that this is related to the unresolved gmx.de silent failures from a few years ago. A week and a half ago, syskoll and I were making on-the-fly DNS, certificate, and mail server changes to follow guides for DANE (SMTP over TLS, with DNS and DNSSEC being major players in the security exchange). But we hit a roadblock with vendor support, ended our work for the night, and left the implementation half-baked. This resulted in a lot of not-so-obvious TLS-related errors over the last week, so tonight syskoll went and fixed the server side issues, and I deleted the new DNS records related to DANE. We're back where we started a few weeks ago. protonmail still doesn't work; it looks like gmx.de is in the same place. Namecheap DNS nominally does not support anything but the common record types, which has been great for old-school mail, but I am opening a ticket with them to see about getting more types of records added at least for us. Beyond that we will need to consider running our own DNS, which I believe would be prohibitively laborious with DNSSEC, or finding another registrar/DNS provider.

Redeployment
We the developers have been pushing to redeploy spamgourmet as a docker container. I do not have a timeline for this. It seems like the work of many on the project got us 90% of the way there, but we have well more than 10% to go before we can be confident about the feature parity of what's here now.

Donations
We will be shutting down the paypal account effective immediately in light of Paypal's new 1099 $600 reporting threshold for 2023, before we exceed $600 for the year, and I will sustain operations until we are on a new platform. My mom is the beneficiary of my dad's (Josh's) estate, and with her verbal approval I have been using his paypal account to fund spamgourmet through a separate checking account with my credit union, and reporting the paypal donations as personal income, and the registrar (names, bbs, certs, dns) and hosting provider as small business expenses. However, that can no longer happen since the paypal account is not tied to my SSN.

My plan is to migrate us over to Open Collective (suggested by mikedlr) starting 2Q 2023 if I like their terms, but that could be delayed by a couple months since I have not started the process yet. My personal housing situation is no longer so temporary that I feel i could start incorporating with business addresses where needed to make this happen.

I want to thank you all here, since I can't seem to reach out to donors through Paypal. Over the last three years, donors have funded roughly 90% of operations, and nobody has taken any income from your donations. The likely move to Open Collective (short of that, private incorporation, since 501(c) is too much work), and away from sole proprietorship will give you a lot more transparency on how you money is spent, and also take away the my-being-alive-and-well from impacting whether spamgourmet is funded, since this could allow more persons to keep it afloat with minimal transience. If we simply incorporate, as a donor you may not enjoy the automated third party reporting of expenses, but everything else will be a huge plus.

God Bless,
Josiah

edit: s/effectively/effective immediately
josiah
 
Posts: 28
Joined: Sat Aug 31, 2019 9:32 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby jmuscara » Wed Mar 01, 2023 1:20 pm

Congrats on the new Josiah, Josiah! Please give my best to your mom as well. I see her on FB sometimes.
jmuscara
 
Posts: 4
Joined: Thu May 21, 2020 3:35 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby lwc » Wed Mar 01, 2023 6:01 pm

Thanks!!!
Previous to that there was 0sg.net bouncing for bad reverse lookups? - may I ask what caused it?

BTW, may I ask why not using the What's New forum for such messages?
lwc
 
Posts: 455
Joined: Sat Aug 28, 2004 9:09 am

Re: multiple topics: mail compliance,redeployment,finance st

Postby planux » Tue Mar 07, 2023 5:34 am

Great updates - much appreciated! And congrats on the +1 Josiah!

BTW, Zelle doesn't have the same $600/year reporting trigger that PayPal, etc. do. We use Zelle for our Cub Scout pack because of this.
planux
 
Posts: 7
Joined: Mon Apr 15, 2013 8:49 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby r2d2 » Mon Mar 20, 2023 3:33 am

Josiah, thanks for the update and congrats on the baby!
r2d2
 
Posts: 46
Joined: Sat Apr 13, 2019 6:57 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby tousavelo » Sun Apr 02, 2023 5:25 pm

Congrats on the expanding family, and thank you for your efforts for the service.
I contributed through Paypal in the (distant) past. As announced, Paypal is indeed non functional at the moment. I will try to be back later to contribute through the channel you will have chosen.
Best regards
Olivier from Belgium
tousavelo
 
Posts: 24
Joined: Mon Oct 08, 2007 7:11 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby greatwolf » Sun Jul 16, 2023 11:32 pm

Regarding donations, have you considered cryptocurrencies for this? Hopefully it would mean less paperwork.
greatwolf
 
Posts: 18
Joined: Mon Apr 23, 2012 8:11 pm
Location: California

Re: multiple topics: mail compliance,redeployment,finance st

Postby anon090526 » Thu Nov 02, 2023 8:53 pm

Well, it's time for me to get to work on my regular annual donations, not all tax deductible, e.g.Spamgourmet. The first post in this thread suggested a new non-Paypal method was coming maybe 2Q23, but I don't see anything announced. The old Paypal popup is still there, but it seems like we've been warned off that.

I'm ready and willing to make a donation if I get clarity on how to do that.
anon090526
 
Posts: 18
Joined: Tue May 26, 2009 11:35 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby hausgeist » Tue Dec 12, 2023 7:21 am

Can you please check the Donation Page / Links?

As you stated they do not work currently and your Amazon Wishlist is blank also.

If you not need any funding right now, i would still recommend to accept the same and give it especially at XMAS TIME to the people who need it.
If you really have no idea where to give the money, consider https://www.kiva.org/ -- there the money is even only given to help others and you can get it back later if needed.
Via KIVA people can also send Money as "Gift Cards". https://www.kiva.org/gifts/kiva-cards
hausgeist
 
Posts: 10
Joined: Tue Jan 21, 2020 11:43 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby ibasguser » Wed Jan 10, 2024 2:09 am

Regarding DNS & registrars, CloudFlare provides free DNS with 1-click DNSSEC activation when you use them as your registrar. And even better, they don't mark up domain registration costs any. You pay only what ICANN dictates. No need to pay for any of their other hosting services either. You could literally get free DNS hosting with DNSSEC if you simply transfer your domains to CloudFlare. Worth looking into if DNS is still an issue.
ibasguser
 
Posts: 2
Joined: Fri Aug 17, 2012 12:47 am

Re: multiple topics: mail compliance,redeployment,finance st

Postby FreeMan » Fri Jan 12, 2024 7:49 pm

Howdy!

I notice that the donation page still lists PayPal as the only option.

I will happily donate (and need to, I've been one of those leeches over the years, my apologies).

I am desperate for you to get all the compliance pieces in place to allow direct forwarding to ProtonMail! Gmail is continuing to screw with me by randomly sending perfectly legit emails to spam (the final straw in my decision to abandon gmail several years ago).

I have no idea what's involved in getting all the back end pieces up to snuff for this to work, but pleeeease..., I'm begging, do it as soon as possible!

Yes, I know you're all volunteers and that you don't have to do any of this. I really, really do appreciate all the effort that's gone into supporting this since my first SG address creating on 12/28/04 - yes, I've been here for 19 years! Holy Cow!!! I really do owe y'all some cash, please get the donation page up & running soon, too!
The most important point in a man's life is knowing his time when it comes.
FreeMan
 
Posts: 7
Joined: Fri Sep 23, 2005 4:24 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 24 guests