multiple topics: mail compliance,redeployment,finance status

General discussion re sg.

multiple topics: mail compliance,redeployment,finance status

Postby josiah » Wed Mar 01, 2023 5:36 am


I haven't been here much except to resolve hacked accounts, though many contributors have kept me looped into issues here via a signal group chat, particularly syskoll, who's worked with Josh for many years prior to my stewardship of spamgourmet. I am making more effort to carve out time for spamgourmet support. Just know that your calls for assistance are not falling on deaf ears, just busy hands (there's a third josiah in the family line now!). I'll try to be more responsive here, and I do monitor tickets on mikedlr's Spamgourmet github repo as well.

Account Recovery
My dad had created a table for logging changed forwarding e-mails, but it didn't seem to work how I thought it was intended. It should work well now and will aid in account recovery. Still reach out to us here if your account was hacked, but I won't need to grill you for as many details, and corroborating information on syslog is not time sensitive anymore. Just let me know what the previous forwarding e-mail is and I can revert it back and provide you a plaintext password to change immediately (the temporary plaintext password I provide is itself a md5sum of a finite block of /dev/urandom).
While you're at it, if you know you have a recycled or poor-entropy password, go ahead and change it now!

Secure Mail Compliance
Users' voicing concerns about protonmail receive shines a light on our lack of TLS compliance, which we had never articulated. Over the past decade probably we have fallen behind on mail security practices. Not that we're worse off than we were in a vacuum, but it looks like mail providers were more than happy to leave us behind and cut us off in the process. We are fairly confident now that this is related to the unresolved silent failures from a few years ago. A week and a half ago, syskoll and I were making on-the-fly DNS, certificate, and mail server changes to follow guides for DANE (SMTP over TLS, with DNS and DNSSEC being major players in the security exchange). But we hit a roadblock with vendor support, ended our work for the night, and left the implementation half-baked. This resulted in a lot of not-so-obvious TLS-related errors over the last week, so tonight syskoll went and fixed the server side issues, and I deleted the new DNS records related to DANE. We're back where we started a few weeks ago. protonmail still doesn't work; it looks like is in the same place. Namecheap DNS nominally does not support anything but the common record types, which has been great for old-school mail, but I am opening a ticket with them to see about getting more types of records added at least for us. Beyond that we will need to consider running our own DNS, which I believe would be prohibitively laborious with DNSSEC, or finding another registrar/DNS provider.

We the developers have been pushing to redeploy spamgourmet as a docker container. I do not have a timeline for this. It seems like the work of many on the project got us 90% of the way there, but we have well more than 10% to go before we can be confident about the feature parity of what's here now.

We will be shutting down the paypal account effective immediately in light of Paypal's new 1099 $600 reporting threshold for 2023, before we exceed $600 for the year, and I will sustain operations until we are on a new platform. My mom is the beneficiary of my dad's (Josh's) estate, and with her verbal approval I have been using his paypal account to fund spamgourmet through a separate checking account with my credit union, and reporting the paypal donations as personal income, and the registrar (names, bbs, certs, dns) and hosting provider as small business expenses. However, that can no longer happen since the paypal account is not tied to my SSN.

My plan is to migrate us over to Open Collective (suggested by mikedlr) starting 2Q 2023 if I like their terms, but that could be delayed by a couple months since I have not started the process yet. My personal housing situation is no longer so temporary that I feel i could start incorporating with business addresses where needed to make this happen.

I want to thank you all here, since I can't seem to reach out to donors through Paypal. Over the last three years, donors have funded roughly 90% of operations, and nobody has taken any income from your donations. The likely move to Open Collective (short of that, private incorporation, since 501(c) is too much work), and away from sole proprietorship will give you a lot more transparency on how you money is spent, and also take away the my-being-alive-and-well from impacting whether spamgourmet is funded, since this could allow more persons to keep it afloat with minimal transience. If we simply incorporate, as a donor you may not enjoy the automated third party reporting of expenses, but everything else will be a huge plus.

God Bless,

edit: s/effectively/effective immediately
Posts: 28
Joined: Sat Aug 31, 2019 9:32 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby jmuscara » Wed Mar 01, 2023 1:20 pm

Congrats on the new Josiah, Josiah! Please give my best to your mom as well. I see her on FB sometimes.
Posts: 4
Joined: Thu May 21, 2020 3:35 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby lwc » Wed Mar 01, 2023 6:01 pm

Previous to that there was bouncing for bad reverse lookups? - may I ask what caused it?

BTW, may I ask why not using the What's New forum for such messages?
Posts: 453
Joined: Sat Aug 28, 2004 9:09 am

Re: multiple topics: mail compliance,redeployment,finance st

Postby planux » Tue Mar 07, 2023 5:34 am

Great updates - much appreciated! And congrats on the +1 Josiah!

BTW, Zelle doesn't have the same $600/year reporting trigger that PayPal, etc. do. We use Zelle for our Cub Scout pack because of this.
Posts: 7
Joined: Mon Apr 15, 2013 8:49 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby r2d2 » Mon Mar 20, 2023 3:33 am

Josiah, thanks for the update and congrats on the baby!
Posts: 45
Joined: Sat Apr 13, 2019 6:57 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby tousavelo » Sun Apr 02, 2023 5:25 pm

Congrats on the expanding family, and thank you for your efforts for the service.
I contributed through Paypal in the (distant) past. As announced, Paypal is indeed non functional at the moment. I will try to be back later to contribute through the channel you will have chosen.
Best regards
Olivier from Belgium
Posts: 24
Joined: Mon Oct 08, 2007 7:11 pm

Re: multiple topics: mail compliance,redeployment,finance st

Postby greatwolf » Sun Jul 16, 2023 11:32 pm

Regarding donations, have you considered cryptocurrencies for this? Hopefully it would mean less paperwork.
Posts: 18
Joined: Mon Apr 23, 2012 8:11 pm
Location: California

Re: multiple topics: mail compliance,redeployment,finance st

Postby anon090526 » Thu Nov 02, 2023 8:53 pm

Well, it's time for me to get to work on my regular annual donations, not all tax deductible, e.g.Spamgourmet. The first post in this thread suggested a new non-Paypal method was coming maybe 2Q23, but I don't see anything announced. The old Paypal popup is still there, but it seems like we've been warned off that.

I'm ready and willing to make a donation if I get clarity on how to do that.
Posts: 18
Joined: Tue May 26, 2009 11:35 pm

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests