Page 1 of 1

multiple topics: mail compliance,redeployment,finance status

PostPosted: Wed Mar 01, 2023 5:36 am
by josiah
All,

I haven't been here much except to resolve hacked accounts, though many contributors have kept me looped into issues here via a signal group chat, particularly syskoll, who's worked with Josh for many years prior to my stewardship of spamgourmet. I am making more effort to carve out time for spamgourmet support. Just know that your calls for assistance are not falling on deaf ears, just busy hands (there's a third josiah in the family line now!). I'll try to be more responsive here, and I do monitor tickets on mikedlr's Spamgourmet github repo as well.

Account Recovery
My dad had created a table for logging changed forwarding e-mails, but it didn't seem to work how I thought it was intended. It should work well now and will aid in account recovery. Still reach out to us here if your account was hacked, but I won't need to grill you for as many details, and corroborating information on syslog is not time sensitive anymore. Just let me know what the previous forwarding e-mail is and I can revert it back and provide you a plaintext password to change immediately (the temporary plaintext password I provide is itself a md5sum of a finite block of /dev/urandom).
While you're at it, if you know you have a recycled or poor-entropy password, go ahead and change it now!

Secure Mail Compliance
Users' voicing concerns about protonmail receive shines a light on our lack of TLS compliance, which we had never articulated. Over the past decade probably we have fallen behind on mail security practices. Not that we're worse off than we were in a vacuum, but it looks like mail providers were more than happy to leave us behind and cut us off in the process. We are fairly confident now that this is related to the unresolved gmx.de silent failures from a few years ago. A week and a half ago, syskoll and I were making on-the-fly DNS, certificate, and mail server changes to follow guides for DANE (SMTP over TLS, with DNS and DNSSEC being major players in the security exchange). But we hit a roadblock with vendor support, ended our work for the night, and left the implementation half-baked. This resulted in a lot of not-so-obvious TLS-related errors over the last week, so tonight syskoll went and fixed the server side issues, and I deleted the new DNS records related to DANE. We're back where we started a few weeks ago. protonmail still doesn't work; it looks like gmx.de is in the same place. Namecheap DNS nominally does not support anything but the common record types, which has been great for old-school mail, but I am opening a ticket with them to see about getting more types of records added at least for us. Beyond that we will need to consider running our own DNS, which I believe would be prohibitively laborious with DNSSEC, or finding another registrar/DNS provider.

Redeployment
We the developers have been pushing to redeploy spamgourmet as a docker container. I do not have a timeline for this. It seems like the work of many on the project got us 90% of the way there, but we have well more than 10% to go before we can be confident about the feature parity of what's here now.

Donations
We will be shutting down the paypal account effective immediately in light of Paypal's new 1099 $600 reporting threshold for 2023, before we exceed $600 for the year, and I will sustain operations until we are on a new platform. My mom is the beneficiary of my dad's (Josh's) estate, and with her verbal approval I have been using his paypal account to fund spamgourmet through a separate checking account with my credit union, and reporting the paypal donations as personal income, and the registrar (names, bbs, certs, dns) and hosting provider as small business expenses. However, that can no longer happen since the paypal account is not tied to my SSN.

My plan is to migrate us over to Open Collective (suggested by mikedlr) starting 2Q 2023 if I like their terms, but that could be delayed by a couple months since I have not started the process yet. My personal housing situation is no longer so temporary that I feel i could start incorporating with business addresses where needed to make this happen.

I want to thank you all here, since I can't seem to reach out to donors through Paypal. Over the last three years, donors have funded roughly 90% of operations, and nobody has taken any income from your donations. The likely move to Open Collective (short of that, private incorporation, since 501(c) is too much work), and away from sole proprietorship will give you a lot more transparency on how you money is spent, and also take away the my-being-alive-and-well from impacting whether spamgourmet is funded, since this could allow more persons to keep it afloat with minimal transience. If we simply incorporate, as a donor you may not enjoy the automated third party reporting of expenses, but everything else will be a huge plus.

God Bless,
Josiah

edit: s/effectively/effective immediately

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Wed Mar 01, 2023 1:20 pm
by jmuscara
Congrats on the new Josiah, Josiah! Please give my best to your mom as well. I see her on FB sometimes.

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Wed Mar 01, 2023 6:01 pm
by lwc
Thanks!!!
Previous to that there was 0sg.net bouncing for bad reverse lookups? - may I ask what caused it?

BTW, may I ask why not using the What's New forum for such messages?

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Tue Mar 07, 2023 5:34 am
by planux
Great updates - much appreciated! And congrats on the +1 Josiah!

BTW, Zelle doesn't have the same $600/year reporting trigger that PayPal, etc. do. We use Zelle for our Cub Scout pack because of this.

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Mon Mar 20, 2023 3:33 am
by r2d2
Josiah, thanks for the update and congrats on the baby!

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Sun Apr 02, 2023 5:25 pm
by tousavelo
Congrats on the expanding family, and thank you for your efforts for the service.
I contributed through Paypal in the (distant) past. As announced, Paypal is indeed non functional at the moment. I will try to be back later to contribute through the channel you will have chosen.
Best regards
Olivier from Belgium

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Sun Jul 16, 2023 11:32 pm
by greatwolf
Regarding donations, have you considered cryptocurrencies for this? Hopefully it would mean less paperwork.

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Thu Nov 02, 2023 8:53 pm
by anon090526
Well, it's time for me to get to work on my regular annual donations, not all tax deductible, e.g.Spamgourmet. The first post in this thread suggested a new non-Paypal method was coming maybe 2Q23, but I don't see anything announced. The old Paypal popup is still there, but it seems like we've been warned off that.

I'm ready and willing to make a donation if I get clarity on how to do that.

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Tue Dec 12, 2023 7:21 am
by hausgeist
Can you please check the Donation Page / Links?

As you stated they do not work currently and your Amazon Wishlist is blank also.

If you not need any funding right now, i would still recommend to accept the same and give it especially at XMAS TIME to the people who need it.
If you really have no idea where to give the money, consider https://www.kiva.org/ -- there the money is even only given to help others and you can get it back later if needed.
Via KIVA people can also send Money as "Gift Cards". https://www.kiva.org/gifts/kiva-cards

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Wed Jan 10, 2024 2:09 am
by ibasguser
Regarding DNS & registrars, CloudFlare provides free DNS with 1-click DNSSEC activation when you use them as your registrar. And even better, they don't mark up domain registration costs any. You pay only what ICANN dictates. No need to pay for any of their other hosting services either. You could literally get free DNS hosting with DNSSEC if you simply transfer your domains to CloudFlare. Worth looking into if DNS is still an issue.

Re: multiple topics: mail compliance,redeployment,finance st

PostPosted: Fri Jan 12, 2024 7:49 pm
by FreeMan
Howdy!

I notice that the donation page still lists PayPal as the only option.

I will happily donate (and need to, I've been one of those leeches over the years, my apologies).

I am desperate for you to get all the compliance pieces in place to allow direct forwarding to ProtonMail! Gmail is continuing to screw with me by randomly sending perfectly legit emails to spam (the final straw in my decision to abandon gmail several years ago).

I have no idea what's involved in getting all the back end pieces up to snuff for this to work, but pleeeease..., I'm begging, do it as soon as possible!

Yes, I know you're all volunteers and that you don't have to do any of this. I really, really do appreciate all the effort that's gone into supporting this since my first SG address creating on 12/28/04 - yes, I've been here for 19 years! Holy Cow!!! I really do owe y'all some cash, please get the donation page up & running soon, too!