Eventually all Internet protocols will be MITMed by cloudflare. Your single point of interception!
stingraycharles5 hours ago
To be honest, the internet was worse without Cloudflare, so as long as they provide a good service for their customers, I’m fine with it. This is one of those.
Google is in a perfect position to compete but they don’t, so it’s not like Cloudflare is a monopoly or something.
At least they’re not selling ads using your data.
egorfine3 hours ago
> the internet was worse without Cloudflare
It had much more freedom. Currently it's up to Cloudflare to decide whether you will read that article or not. Tomorrow some stupid law will mandate certain ideas to be hidden from children[1] and Cloudflare will happily comply.
How is this not a problem with the law rather than a problem with Cloudflare?
Spivak1 hour ago
Because human nature is what it is. The best way to eat better isn't to be a better person, it's to not keep junk food at the house. It's not Cloudflare's fault that they're successful, but it's now everyone's problem that they're an easy throat for governments to choke.
tavavex1 hour ago
It's both. In allowing Cloudflare to grow so big, we now have one huge universal button for governments to push. If instead all of these customers were dispersed over hundreds of different services from different countries, good luck with trying to keep them all in line with your specific country's whims.
zenmac2 hours ago
For example, recently certain big corp ask me to verify something. I clicked on the link in the E-Mail and it was suck on Cloudflare the click button over and over again. No matter how many times I clicked.
Do I need to find another internet access now?
paulgb1 hour ago
I would bet in the direction of this being a bug on big corp's side rather than Cloudflare's.
stickfigure7 minutes ago
> It had much more freedom
...right up until you got DDoS'd off the internet by some script kiddie "for the lolz".
ies73 minutes ago
These sentences are what I would used to describe Google 10 years ago.
jasonvorhe3 hours ago
I don't know what kind of internet you used but mine didn't randomly decide to block my access to a website because some quasi monopolist decided I wasn't allowed to use a certain website for intransparent reasons.
troyvit2 hours ago
Being blocked from a web site and having to hit a little box are two different things. Are you talking about the former or the latter? If it's the former ... that has literally never happened to me unless I'm on a VPN and even then it's rarely (if ever) CF that's doing the blocking.
If it's the latter then it reflects the sad truth that we can't have nice things anymoret. I have lots of problems with the accessibility of that box, but either Cloudflare would be implementing it, somebody else would be implementing it, or a huge chunk of data would be unavailable to you anyway because of accidental DDoS attacks caused by irresponsibly deployed bots.
hsbauauvhabzb7 minutes ago
Infinity captchas are the most toxic thing ever. I have trouble completing many of the challenges.
forgotmypw171 hour ago
This has happened for me on regular residential Internet access.
(Check the box, and get redirected to check the box again.)
inetknght2 hours ago
> Being blocked from a web site and having to hit a little box are two different things.
Maybe for you.
But I don't let random unvetted websites run code on my computer. Checking that box requires it.
tick_tock_tick2 hours ago
So you're blocking yourself? Seems really disingenuous to imply it's someone's fault when you know it's your own.
oasisaimlessly2 hours ago
Why do you keep hitting yourself? Hahah
--childhood bullies
segmondy4 hours ago
The internet is worse for me with Cloudflare. I'm using a cellphone router for my internet. My guess is I don't get a dedicated IP and probably behind a NAT with other users. 85% of my request needs me to solve a cloudflare captcha. on bad days I have to do this easily 100+ times.
r00f3 hours ago
It is not Cloudflare's fault. It means the website operators were so fed up with bots and bad actors that they just applied a carpet ban and called it a day.
Thanks to Cloudflare I was able to reduce my website load threefold and downscale my VMs and my monthly cloud bill, and seeing how 50k daily requests were shown CAPTCHA and not even tried to solve it makes me terrified of running anything without Cloudflare.
Don't blame site owners and service that is trying to help them. Blame the fact that 90% of today's Internet traffic is bots
Dylan168071 hour ago
It's cloudlare's fault that it's so common to have very overzealous blocking. Site owners need access to bot protection but that doesn't mean highly flawed protection gets to be blameless.
monkeywork58 minutes ago
That reads more like:
- site owners can have protection as long as it doesn't inconvenience me.
Dylan1680754 minutes ago
Close.
Replace "me" with "legitimate users" and replace "inconvenience" with "very aggressively inconvenience or entirely block".
Then yeah you have it.
ants_everywhere45 minutes ago
Of course it's cloudflare's fault. They monetized and scaled a service that blocks humans from interacting with websites.
They're also essentially a deanonymization reverse proxy that can track everyone's browsing history and decide whether you get to see websites based on social credit.
gruez4 hours ago
But what's the counterfactual? People use cloudflare because they want protection from ddos attacks and bots. If cloudflare didn't exist there would probably be similar measures.
TeMPOraL2 hours ago
Businesses want to protect the continuity of their business operations, and to that end they buy such protection as a service, from a business that managed to MitM half the Internet in order to provide such service.
Point being, it's a commercial subverting the Internet from inside, reshaping it to better serve the interests of commerce. It is indeed protection, but it's accomplished by reducing variance. 99% of legitimate commerce on the Internet follows the same patterns, use a small subset of possibilities offered by the technology - so why not just block the remaining 1% that doesn't fit and call it a day? It will stop most of the threats to running businesses on the Internet. The 1% of legitimate commerce that doesn't fit the pattern? It's not being ignored per se, just pressured to adapt and conform to the majority.
What is being ignored is that the Internet is not just a place of commerce, and non-commercial use cases, ideas such as empowering people to better their lives, are gradually becoming impossible, as fundamental Internet infrastructure becomes inhospitable for them.
Some of us still remember the Internet being more than just a virtual mall, and are unhappy about it gradually becoming one. And it's not like CloudFlare, et al. are hostile to non-commercial interests as a matter of principle - it's just out of scope for them.
sally_glance1 hour ago
Your first paragraph summarize why businesses want to use Cloudflare and how it helps them maintain their business.
Your second paragraph talks about other (non-commercial) sites. I think I'm missing the link here. Why would the admins of such sites resort to Cloudflare if 'fundamental Internet infrastructure becomes inhospitable for them' by making that choice? They could very well choose to implement their own or no measures at all.
I think the issue is that the general threat level has massively increased compared to the past - not in terms of sophistication but frequency/scale. But that's a consequence of widespread adoption, nothing Cloudflare in particular is responsible for.
bkettle1 hour ago
I actually think that Cloudflare has made publishing on the internet _more_ accessible for many individuals. I’ve helped a few people get personal websites running on Cloudflare pages and run my own there—it’s free and extremely easy. They could obviously pull the plug at any point, but with static sites it’s easy to avoid lock-in. If it weren’t for Cloudflare and other services that give free, easy hosting, I suspect there would be even fewer of the non-commercial small-internet sites that you value.
hnav4 hours ago
Have you played with IPv6 vs IPv4? Wonder what's worse there, CGNAT-ed IPv4 or an inherently low-reputation IPv6.
riedel5 hours ago
CDNs always existed IMHO. The world before cloudflare was just much more hidden. In general I find their take at the typical cloud business from a network perspective mostly refreshing.
However, I guess they have become the major player now and certainly try to optimize the world towards their business model.
IMHO it needs other enterprises entering the competition. Maybe it could be new more software defined mobile network providers offering edge compute. Maybe data from IoT could never enter the Internet and we could have some confidential computing power when we need it for our IoT stuff. Maybe we could get a more decentralized Internet again...
motorest4 hours ago
> However, I guess they have become the major player now and certainly try to optimize the world towards their business model.
I don't think that's it, and I think the explanation is much more simple and straight-forward.
Cloudflare established a very successful business model around a straight-forward, very transparent, no-bullshit CDN. Now, they started offering other cloud services build around their CDN. Cloudflare Workers kind of extend their CDN pipeline to allow clients to run arbitrary code to customize caching logic, but it turns out their function-as-a-service model is exceptionally good, and higher-level services like email are a low-effort way to meet existing needs.
everfrustrated3 hours ago
Much of their model and success was by giving away a lot of service for free.
I'm not discounting their innovations but had they not been VC funded and given away free service I suspect many would still never have heard of them.
gpi4 hours ago
Cloudflare is far from a no bullshit CDN. The vendor lock in is real with an aggressive unethcial sales model.
tick_tock_tick2 hours ago
Like what? Give an example. I'm struggling to think of something they offer that is particularly unique and not offered by the other public clouds or several SASS companies.
vel0city3 hours ago
I'm not entirely aware of all their products, but just thinking about a CDN, isn't that in many ways kind of fungible? Is it really that hard to migrate to your big cloud co's CDN (CloudFront, Google Cloud CDN) or the several other large competitors without an immense amount of work?
Please, educate me and tell me what's up.
gpi3 hours ago
Many of Cloudflare's products are bundled together for reasons.
Trying to unravel all that is an absolute nightmare.
agrippanux3 hours ago
Oh I remember a time before CDNs and a big part of your startup fundraise was to build out your own setup inside a data center.
TeMPOraL2 hours ago
It's not the specialization around hosting that's the problem, but that entities running CDNs realized they're in a privileged position in the network, and decided to capitalize on it.
mrweasel4 hours ago
I still believe that CloudFlare means well, but that doesn't mean that I agree with the increased centralization. This isn't the fault of CloudFlare, they are just exploiting a business opportunity and as you say: At least they're not selling ads.
It is a legitimate business, from my perspective. I'd just wish we weren't in a situation where CloudFlare isn't exactly struggling to sell their services.
motorest4 hours ago
> I still believe that CloudFlare means well, but that doesn't mean that I agree with the increased centralization.
I'm perplexed by this sort of comment. Cloudflare doesn't even feature in the top 10 of cloud provider market share, and the number 8 spot already reports 2%. And here you are, complaining about Cloudflare and centralization.
Furthermore, AWS is by far the biggest cloud provider, reporting around 30% market share, and I don't see AWS being referred as a concern.
mrweasel4 hours ago
20% of websites uses CloudFlare(1, 2), even companies that use AWS, GCP and Azure have their services behind CloudFlare.
> To be honest, the internet was worse without Cloudflare
It was better. 'Wget' and 'links' worked with most of the sites.
kalaksi5 hours ago
> At least they’re not selling ads using your data.
Yet. Since it's an american company with an ever-growing influence, I dread and expect that to change, among other things, down the road. I assume the three-letter agencies also already MITM the traffic.
nenenejej5 hours ago
Assume your beloved tech company can be bought by Oracle and proceed on that basis.
galphanet1 hour ago
You forgot about Broadcom !
mrbluecoat5 hours ago
Arguably, ecommerce was worse without Amazon but are we really better off?
busymom05 hours ago
Shipping times are definitely better off industry wide because of Amazon.
mrweasel4 hours ago
Same day shipping was always the norm here. Order something before 14:00 - 16:00, depending on where the company was on the route for package pickups, and you'd have your package the next day. Amazon has normalized multi-day / weeks shipping, so they've made it worse.
gruez3 hours ago
Where is this?
mrweasel3 hours ago
Denmark, there is no close Amazon warehouse, so shipping always suck. Not only is shipping times frequently a week or more, it's also overpriced and items are frequently less expensive from local online stores.
Amazons only advantage is it's massive selection, if you can find what you're looking for.
0x45734 minutes ago
In the US, it's the opposite. If you order directly from the brand, you get multi-day or more often multi-week delivery times. Unless they are using amazon logistic and which case it's the same as buying off amazon - 0/1/2-day delivery times.
t_mahmood2 hours ago
We said the same thing with Google, "Don't be evil", "They are better than MS", now here we are, Google, became something that doing everything to squeeze every data off us, so that they can sell them to their partners.
And, anything that stops them from doing it, well, you are kind of erased from the Internet. The freedom we had, slowly becoming non-existent now.
Corporates have one and only one target. It is to make money. And this mentality, enables them.
sssilver4 hours ago
> At least they’re not selling ads using your data
Sounds great, until a new CEO steps in. Any company is exactly one (or more often zero) CEO away from doing whatever they want (within legal constraints) with their business, in order to fulfill their fiduciary duty (and greed).
eastdakota3 hours ago
I’m not going anywhere anytime soon.
anonyfox1 hour ago
Huge fan of Cloudflare here actually. It’s always such a breath of fresh air compared to the heavyweight configuration hells like AWS. And for doing super convenient stuff like make node:http work on cloud functions recently, but guess only certain DevOps guys realize how cool that is compared to other FaaS wrapping ceremonies.
Too bad you don’t hire senior folks in Germany currently, would probably join in a heartbeat for emotional reasons alone. Keep going, lightweight features on a tap and solid reliability over years is exactly what I need and want at least.
mike_d3 hours ago
I am genuinely curious what protections are in place to ensure that? What is the plan after you are gone?
It looks like you have voting shares with 10x the power of institutional investors, but activist investors aren't dumb either.
My biggest fear of Cloudflare has always been that one day you'll get hit by a bus and someone will figure out that merging Cloudflare with an ad network would create so much more shareholder value. The road to hell is paved with free DDoS mitigation, so to speak.
rcakebread3 hours ago
How do you know?
bogwog3 hours ago
> Google is in a perfect position to compete but they don’t, so it’s not like Cloudflare is a monopoly or something.
Not to comment on whether they're actually a monopoly or not (since idk much about CF's market share, except that it's big), but how does this prove they aren't a monopoly? If anything, it'd work as evidence to prove that they are.
makeitdouble5 hours ago
I think the point is to keep them in that mindset, and that requires competition and some counterbalance that won't be there is everyone just moves to Cloudflare.
stevenfoster1 hour ago
Yet…
immibis5 hours ago
If CF limited their clients to big businesses (just like Akamai and who else?) it might be less bad, but as it is, they're trying to get the whole internet including small sites on board.
NooneAtAll35 hours ago
you're right
internet is made sooo much better by negating all encryption effort of the last 20 years
azemetre5 hours ago
If Cloudflare is so vital to the internet, it should be nationalized for the public benefit as having a private entity with so much control over the internet is not a good thing. Corporatized control of the internet should not be encouraged.
Imustaskforhelp5 hours ago
Can't believe if you are joking or not.
I trust a corporation more than I trust the nation you want it nationalized in (America?)
EU maybe. But yes I don't want cloudflare to be part of america after patriotic acts and all the dystopia.
Honestly, cloudflare is not so vital to the internet. Like, The only thing its gonna be a problem if they stop working without giving any way to migrate. Then yes, its gonna be a bit of problem to the internet.
encom5 hours ago
>cloudflare is not so vital to the internet
Really? Try distrusting CF certs, and see how much of your internet activity breaks. CF certs should be distrusted, because it's MITM by definition. At the very least, I'd like an addon that makes the URL bar bright red, so I know my connection isn't secure.
swiftcoder5 hours ago
It's not more vital, than, say, AWS. Blocking AWS certs/endpoints will break your internet too.
Though arguably neither should be in a position to do so without being regulate as a public utility
Imustaskforhelp5 hours ago
Yup, I also meant the same when I was writing my comment and although I agree about regulation, the thing is, that I don't even trust that aspect...
Also, I know that there are sometimes where cloudflare sits in the middle between your servers and your users for DDOS protection, and so yes theoretically its a point of interception but given how their whole thing is security, I doubt that they would exploit it but yes its a point of concern.
On the other hand, if something like this does happen, migrating can be easier or on the same level if something like this happened on like AWS.
But cloudflare still feels safer than AWS y'know?
That being said, I am all in for some regulations as a public utility but not nationalizing it as the GP comment suggested. Just some regulations would be nice but honestly we are in a bit of tough spot and maybe it was the necessity of the internet to have something like cloudflare to prevent DDOS's.
Imustaskforhelp4 hours ago
Hm, you raise good points but I just thought when I was writing that comment, that if there was even a single case of somebody using that MITM then that would just make everyone leave cloudflare and find either other mechanism or something else that's safer for sure.
I think that cloudflare is used by most as DDOS protection and so they still have the servers.
There are also cloudflare workers and pages but even migrating them is somewhat doable as I think that cf workers have a local preview option somewhat available in their node etc., so you could run it locally somehow.
Sure its gonna be a huge huge problem but something that the internet might look past of (I think).
Honestly, I kinda wish that there was a way to have something like how the tor onion links work in the sense that the link has the public key of the person running the server and so uh, no matter if its cloudflare serving the link or something else, its still something that can't be MITM'd for the most part.
Am I right in thinking so? Sure, its gonna make the links longer but maybe sacrifices/compromises must be made?
drnick15 hours ago
The EU is quickly becoming a dystopian nightmare with age verification, mandated encryption backdoors, and generally an extremely invasive form of government. So no thanks.
wwweston5 hours ago
No thanks to this level of evaluation which doesn’t even rise to “analysis”, it’s just a word salad association that picks two hobby horses and pretends they represent the apocalypse while ignoring all the measures on which many EU participating countries are producing quality of life and personal freedom at outlier levels.
Imustaskforhelp5 hours ago
Lets just hope that EU doesn't add that age verification thing or those Cert based things which is controlled by the govt.
My opinion is simple, age verification won't work unless they block VPN (something which UK wants to do/ is doing) and that sets a really really bad precedent and I doubt if its entirely possible without breaking some aspects of internet or complete internet privacy.
EU in aggregate is net positive but it still has some things which are kinda flawed regulations that are a bad precedent, but germany kinda blocked the verification thing iirc so there is still a lot of hope and EU does look like its trying its best but I think that it can do just a bit better if they don't think of age verification or some other stuff but that's just my 2 cents.
This was why I added "maybe" tbh. They are one of the best options but even they aren't thaat good. Like its questionable I think and needs a much bigger debate
drnick12 hours ago
What quality of life improvements? I seriously hope major tech companies pull out of the EU market altogether instead of complying when client-side scanning is mandated. Then you can come back here and brag about how great life is in the EU.
Gormo1 hour ago
To make sure I understand, your position is that anything vitally important to the internet should not be under the control of a plurality of institutions subject to heterogenous incentive structures, but instead should be under the centralized, monopolistic control of a single institution that is perpetually compromised by perverse incentives and ulterior motives, whose mechanisms of accountability are mostly performative and demonstrably broken?
I'm not sure that sounds like a good idea, if that's what you're saying.
azemetre46 minutes ago
My position is that if something becomes critical it should be under democratic constraints in a democratic society and not private enterprises that have no forms of control by the populace.
Maybe if Cloudflare had workplace democracy my concerns would be different, but they don't and wield too much power.
If it also helps I also think 99.99% of big tech should be broken up into separate, probably a few 100, different companies.
So yes, anything vital for the internet should be controlled by the people through democratic norms, institutions, and values rather than dictatorships by those with money over those with none.
Gormo38 minutes ago
No such thing as "democratic constraints" or "democratic society" at the level you're discussing. Democracy is an imperfect safeguard against certain types of extreme dysfunction of the political system -- a necessary one for sure, but not nearly sufficient to make the institutions it applies to trustworthy with monopolistic control over other aspects of society.
Everything reduces to specific people acting on their a priori motivations in bounded contexts, and any system of centralized control is guaranteed to enable expressions of the worst motivations of the people involved. The distinctions you're making -- "private" vs. "public", "corporations" vs. "governments", etc. -- are fundamentally meaningless.
There are no "democratic norms", just norms adhered to by specific people and the factions they form, contesting against each other for power over others. Performative "democracy" institutions is just cover for the currently dominant factions to function as "dictatorships".
Decentralization and individual autonomy are the only solution to the problems you rightly care about, but what you're proposing is literally the opposite of that.
citizenpaul5 hours ago
I would say if the political environment pre 1980s was still in existence that might be true. Today that would just mean the entire thing would unravel as it ate its own tail in the race to the bottom environment we are currently in.
Gormo1 hour ago
Which political environment pre-1980s do you want to go back to? 1930s? 1850s? 1760s?
JumpCrisscross55 minutes ago
> Which political environment pre-1980s do you want to go back to?
I can't imagine what a court case about whether the US president has the power to unilaterally dismiss officials in executive-branch agencies could possibly have to do with this.
At least you're referencing the United States in 1934, though. Things were very dysfunctional politically in the US at that time, but not nearly as bad as what was going on in some other parts of the world.
JumpCrisscross39 minutes ago
> can't imagine what a court case about whether the US president has the power to unilaterally dismiss officials in executive-branch agencies could possibly have to do with this
Seriously? You don't see the relevance of independent agencies to this discussion?
azemetre4 hours ago
You can create democratic policies to thwart this. Even something as basic as nationalizing Cloudflare then forcing workplace democracy provisions on it would probably do more good for, not just the Cloudflare workers, but society writ large.
safety1st6 hours ago
I dunno, I am basically a dick to Big Tech all the time, give me an opening and I will go after them with gusto, but I can't really find fault in Cloudflare offering email sending infrastructure.
The ire should be reserved for if and when they establish some kind of monopoly or other anti-consumer practices, fall afoul of anti-trust law, and inevitably the US government gives them a free pass for criminality like it has been doing for years with dozens of other Big Tech mergers, rollups, exclusivity dealings, etc. and appears to have just done again with Google a few weeks ago.
It is fine for big companies to offer competing email sending services. It is not fine for them to break competition laws.
Also yes, please do set up SPF, DKIM and DMARC for me. I may very well end up using this down the road because they say they'll do that for me and I just don't want to think about them in some situations.
toomuchtodo5 hours ago
> Also yes, please do set up SPF, DKIM and DMARC for me.
I'm going to take this opportunity, because hopefully Cloudflare will see it, to request they support SPF record flattening natively.
neximo646 hours ago
And then they'll offer to 'protect' you from AI scrapers for a fee and then bulk negotiate against Google, etc for another fee.
nextos6 hours ago
If you use an old web browser, lots of sites are already not usable because Cloudfare's CAPTCHA will deny you entry.
New but non-standard niche browsers are also problematic.
pmdr5 hours ago
I usually have the same (residential) IP for weeks on end and there's absolutely no malware or scraping or whatever the heck it is that Cloudflare thinks it's protecting against going on in my house. Yet I still get blocked or captcha'd.
Website owners may understandably be appreciative of CF. But as as someone browsing the web, I think it's done a lot of irreversible* damage to the open internet.
* I say irreversible because I don't think they'll be looking to improve this anytime soon, but rather add more restrictions.
sam_goody4 hours ago
As a website owner who uses Cloudflare after having being DDOS'd, I agree whole heartedly.
Cloudflare succeeded to do what Google tried and failed with AMP, and we are all the worse off for it. [Though at least it is not Google, that would be worse.]
I cannot afford to be DDOS'ed and there are bad actors that have already proven that they _will_ take me down if they could. So, I feel bad for the internet being walled up, and I feel bad for users that will lose access. And I fret that one day CF may just decide to take all my content and use it somehow to shut me down.
Meanwhile though, I hold my nose, cry inwardly, and continue to use Cloudflare.
hnav4 hours ago
What was your infrastructure like? Were the DDoSes affecting you at the application or network layer? I wonder if there's the case to be made for something like CF but integrated into your L4 and L7 LB infrastructure.
mosura6 hours ago
I am certain this is the intended endgame. LinkedIn/X style verification to prove you are not a bot once the hold is in enough places.
That such a database has other uses would be a happy coincidence.
blibble5 hours ago
and then capture the data on the sly and sell it to the AI scrapers anyway
matthewaveryusa4 hours ago
Yes, but also you can't send an email in any meaningful way on the internet without going through a middleman anyways so while philosophically you're correct, in reality it's already the case.
op00to8 minutes ago
It's not really a big deal to MITM email anyway.
bilekas6 hours ago
Yeah it's already a known point of failure. The annual chaos is always when they have some downtime. They do offer an incredible service though. Would like to see some competition but it's not easy.
That's great - and maybe I'm cynical - but that's right where my mind went when I read that. Trading income for control isn't a bad game..
olivermuty5 hours ago
I have been logging in via ssso on business non enterprise plan for a year. Am I a part of an a/b test or what?
jimmydoe4 hours ago
Good point, but I guess we are stuck here.
I don't think Cloudflare did anything major wrong, most of what they offer have plenty of alternatives, but Cloudflare is able to do a lot for free which really isn't their fault.
There are complain about its cache's captcha, I get it, ideally it should not discriminate any human user, but IMO it's an economical problem unless we collectively decide what they do is public utilities.
gethly6 hours ago
Was about to comment on this but you got right to the point. All of this is because people are lazy to build, let alone maintain, their own damn programs and servers.
toomuchtodo5 hours ago
I have more money than time. Take my money to do things I do not have time for. What you call lazy, I call time and capital/cashflow efficient.
(cloudflare customer, in both personal and professional capacities; i pay Fastmail to host family email; both can easily be switched if needed to prevent lock in, with DNS changes and in the case of hosted email, an export of mailboxes and tenant config)
layer85 hours ago
What GP is effectively saying is that you don’t value independence enough to invest the necessary money and (for personal use) time into self-hosting.
And there is a spectrum to this. For example, using a small, independent email or hosting provider may cost a little more time, but makes you more independent from big tech, and maybe more importantly, contributes to reducing the power of big tech. We are all paying for it, down the line.
op00to7 minutes ago
> makes you more independent from big tech
Citation requested. Big tech considers your IP address dishonorable, and blackholes your emails. How independent are you now when you can't email any providers that use blacklists?
> contributes to reducing the power of big tech
Again, citation requested. Big tech will just blackhole your emails and you'll only find out when your users complain.
toomuchtodo5 hours ago
This is a fallacy, as self hosting means you remain at the whims of receiving or interfacing systems. Does you hosting your own email change the concentration of email accounts hosted at Yahoo, Microsoft, and Gmail? It doesn't. Does hosting your own domain or website change Cloudflare's concentration and centralization of internet traffic? It doesn't. You vote with your dollars by picking providers who won't lock you in, you vote with your dollars by picking protocols over platforms that cannot lock you in.
Paying Fastmail, along with others who do so, means Fastmail will remain as a non Big Tech option, for example (they also developed and championed, JMAP, for a more efficient user experience). Paying Kagi means Kagi will remain as a non Big Tech option. Donating to Let's Encrypt means Let's Encrypt will remain as a public good independent of Big Tech. I could go down the list of every service I pay for to de-Google and de-Big Tech, but that's likely unhelpful to further demonstrate the point.
> We are all paying for it, down the line.
Indeed, so establish and fund organizations that provide systems and services for benefit vs profit and control that cannot be captured. Self hosting your own box at home helps you (which is totally fine and reasonable, I run my own on prem infra across two continents at small business enterprise scale for use cases I cannot procure commercially at reasonable cost), but does nothing else, and doesn't scale.
(think in systems)
rsync4 hours ago
Hosting your own email means the subpoena (or warrant) is delivered to you.
You get to respond to requests and your data cannot be handed over without your knowledge.
toomuchtodo4 hours ago
You will still be required to hand it over, or sit in jail while your confiscated, inventoried equipment is processed by forensics. If I want to be subpoena proof, I’d host the subject system outside the jurisdiction with an org having no connection or nexus in the adversary jurisdiction. Admittedly, this is up to your threat model. Do you want to know, but still be legally required to provide access? Or do you want to be out of reach entirely? The answer to that will guide your implementation and operating model in this context.
blibble2 hours ago
I don't mind being warranted, if they come to the door with warrant I will give them my boring, pedestrian inbox
but I do mind my data being drag-netted, or hoovered up by scummy big tech and then sold on
(whether that's for slop training, ads, anything really)
hamdingers6 hours ago
A lot more people and organizations would self-host email if it wasn't a minefield. It's not laziness that Google and Microsoft have effectively decided nobody's allowed to do that.
op00to5 minutes ago
I was part of a team ran EMail services for a ~15,000 person campus of a ~80,000 person university in the late 90s and early 00s. It was a full-time job for a team of people to keep things running, up to date, control spam, etc. It was a minefield 25 years ago! Literal years before GMail was a thing.
mbesto6 hours ago
Your website provides "paywalled hosting and sales platform for digital content creators"
Are digital content creators lazy too? Why don't they just host their content on their own damn servers?
bakies5 hours ago
running email servers is a huge and terrible time sink
gjsman-10006 hours ago
Always has been; remember AOL basically reinventing DNS?
And always will be.
2OEH8eoCRo06 hours ago
It's not laziness, it's greed. People want to build and host their own things but that costs money.
fibers6 hours ago
Is this even true for such a sensitive subject like email where there are insane blacklists/whitelists everywhere in which you are forced to use a middleman either way so your emails enter someone's inbox?
sophacles6 hours ago
And this sentiment of "every company should have to run their own servers and pay 'me' to do that at a higher cost" isn't greed?
NetOpWibby5 hours ago
OOF
Do you talk to your customers with that mouth?
For those who are lazy to click, this guy's business is hosting and maintaining a sales platform for people.
overfeed5 hours ago
What's the problem? GP is addressing a market need consistent with their comment above. I wouldn't be surprised by a auto mechanic stating that (too) many people are too lazy to change their oil - they might be the best person to manke that observation, given their PoV.
Faaak2 hours ago
The new Room 641A
Onavo4 hours ago
Well, this is their second try at this. They shut down their first attempt after a year (and left a ton of developers stranded).
MailChannels was a different company that offered an integration with Workers, and then later decided to stop offering that integration.
Today's announcement is a feature offered directly by Cloudflare.
kordlessagain5 hours ago
I approve of this message.
pingoo-io4 hours ago
[dead]
mips_avatar3 hours ago
Email is already MITMed by gmail. 90% of my time managing transactional/marketing emails is just keeping gmail from moving my legit customer communications to spam.
6thbit2 hours ago
> Today, we're excited to announce just that: the private beta of Email Sending, a new capability that allows you to send transactional emails directly from Cloudflare Workers.
So many comments here assumed from the title they're offering a hosted email service, they aren't, they are announcing their own Sendgrid.
stavros1 hour ago
That's exactly why I'm excited. I could really use this.
toomuchtodo32 minutes ago
Please blog about it if you do!
stavros29 minutes ago
I can, but wouldn't that be a boring post? "I set my SMTP servers to this other thing and they still work"? :P
Or do you mean if I get access to the beta? I probably won't :(
maz1b6 hours ago
It's unfortunate that email hosting and email infrastructure can really be done only well by major players. The days of people running and maintaining their own are pretty much long gone.
Fwiw, not a knock against CF. I like their products, mostly simple, fair pricing, etc. Just a bit unfortunate commentary on the state of email infra on the internet.
drnick15 hours ago
I run my own email server and you couldn't pay me to use a commercial provider like Google instead. The privacy benefits are huge and there is no one to restrict my storage or change my "terms and conditions" overnight.
The days of people running their own servers are gone because of the shortsightedness and laziness of IT managers. They though the "cloud" would be easier and cheaper, and they are now trapped.
matheusmoreira5 hours ago
You don't have deliverability issues?
I entertained the idea of running my own mail servers for a while. After researching the topic it turned out that the internet now runs on an IP reputation system. Major email services like gmail assume that anything sent from unknown IPs is malicious.
So it looks like we've gotta be well connected to federate with the other email servers now. A nobody like me can't just start up his own mail server at home and expect to deliver email to his family members who use gmail or outlook. So I became a Proton Mail customer instead.
dpifke3 hours ago
I've run my own mail servers for many decades and have never had any deliverability issues. I've also never used bargain basement cloud VPS services with horrible reputations.
The best way to ensure a good reputation is to obtain your own address space from a RIR. Barring that, you need to choose a provider with a decent reputation to delegate the space to you.
zokier2 hours ago
> The best way to ensure a good reputation is to obtain your own address space from a RIR.
There is the slight problem that RIRs ran out of (v4) addresses almost a decade ago.
dpifke1 hour ago
Not true, at least for ARIN. If you have an IPv6 allocation, you can obtain one or more IPv4 /24 allocations, so long as their stated purpose is to provide IPv4/IPv6 compatibility (e.g. for dual-stack services or NAT): https://www.arin.net/participate/policy/nrpm/#4-10-dedicated...
matheusmoreira56 minutes ago
> obtain your own address space from a RIR
How does one do that? And what are the costs involved?
nicoburns3 hours ago
> After researching the topic it turned out that the internet now runs on an IP reputation system. Major email services like gmail assume that anything sent from unknown IPs is malicious.
You have to buy/rent a dedicated IP address (that you'll be able to keep long term), and it warm it up by gradually increasing mail volume over a few months to weeks. But once you have, deliverability shoudl be fine.
I think the bigger issue is needing to keep on top of mainenance of the server.
zenmac2 hours ago
Like the parent have ran Email servers for many years now. If you get a bad IP, as long as you get the DKIM records right, over time it will 'warm' up the IP. And the more you use the email on that IP and NOT spam people. The IP will warm up. Make sure you actually own that IP!!! It will become valuable.
op00to2 minutes ago
This does you no good for the months or years it takes to "warm up" your email while your messages are getting thrown into the trash.
jamesreadsnews1 hour ago
[dead]
truekonrads4 hours ago
Deliver via sendgrid*, receive directly is probably the only viable path for self hosted systems.
Where sendgrid=any major player, could be Mimecast, proofpoint or anyone else who will forward outgoing email.
dpifke3 hours ago
FWIW, a huge percentage of the spam I get is via Sendgrid, and at some point in the past year or two their abuse reporting mechanisms all turned into black holes, so mail sent via Sendgrid is heavily penalized in my spam rules.
Sending reputation is just as applicable if you're using a third party as if you're hosting it yourself, but much less under your control.
drnick13 hours ago
I don't have deliverability issues to the big providers, but that comes down to the age of my domain and my IP in a clean non-residential block. But you won't have reputation issues if your friends and family also run their own server and don't enforce such arbitrary requirements. Running your own servers, not only for email, is the only way to regain control over your computing.
xp843 hours ago
Can you share what your antispam strategy is?
I have arrived at the opinion that what I would do if I moved to selfhost would just be to pay some trivial amount for outbound email via a provider like sendgrid as someone else in these comments has also mentioned. Since I send out maybe a half dozen emails a month I don't think this would be a big deal.
But when I relied on selfhosted email several years ago, I was always inundated with spam, which SpamAssassin was wildly undermatched to handle -- that was one of the main reasons I moved to gmail. So I'm curious what people who are happy self-hosting today are using.
drnick13 hours ago
My suggestion would be to use a unique alias for each website/company. This way, if you start receiving spam at that address, you know who leaked it, and can simply delete the alias. You should also then publicly name and shame the source of spam.
I also run SpamAssassin on my server, but I don't believe it ever had to do anything.
stackskipton3 hours ago
I’m the reverse, I can Microsoft 8 bucks not to mess with this? Sign me up!
The problem is that Gmail will bounce any emails from DigitalOcean IP, even if you sit on this IP for years (so no recent spam), even if replying to someone, even if you registered as 'Postmaster' on Google.
So if you want to selfhost, you'll first need to find an IP that's not blocked to begin with.
cullumsmith4 hours ago
I've run my own mail for 10 years (postfix/dovecot/rspamd), no issues. Reverse DNS, SPF, and DKIM records need to be in place, but that's a small lift.
Well, one time I was unable to send mail to a guy with an ancient @att.com email address from his ISP. I got a nice bounce message back with instructions to contact their sysadmins to get unblocked.
To my surprise, they unblocked the IP of my mail server in a matter of hours.
everfrustrated3 hours ago
Private email will have no problems. I also ran my own mail server for personal use and had almost zero problem (and this was on an AWS IP!).
Where people will absolutely have problems is trying to run a marketing campaign through their own IP. You absolutely will (and should) get blocked. This is why these mixer companies exist and why you pay for an intermediary to delivery your mail.
sgt6 hours ago
This is a myth though (with some truth to it in certain cases). I've run my own mail infrastructure since 1999, no issues.
cj6 hours ago
I suspect if you shared more info about your mail infrastructure, it might reveal that what is working for you is too complicated for 99.9% of people to set up and maintain themselves.
seszett5 hours ago
I don't think the goal is that every non technical person can host their own mail infra.
But most people who can run a server should be able to setup OpenSMTPd with the DKIM filter and Dovecot. It's much easier than configuring postfix like we had to do in the past.
To answer a sibling comment, the last time I received an answer is a few minutes ago. The correspondent's email infra is hosted by Google.
sgt3 hours ago
You're right, it used to be a bit complicated. Now you just need to have a reputable and clean IP address, and knowledge of running some services in docker and of course understanding DNS and its crucial role for running a mail server.
I used to run all the components and maintain it (even that wasn't bad), but I changed to mailu[1] about a year ago
Your argument might have worked 5 years ago. Now, with AI, it's very dated.
zokier2 hours ago
It is probably because you have run it so long that you have good reputation and less issues. Too bad we don't have time machine to go back to ninties to start building up reputation.
lomase5 hours ago
Every single IT team I know wanted to get rid of the mails servers.
I don't know why. At the same time they don't want to get rid of the bbdd servers, or the app servers.
Maintaining a email service must not be as easy for them.
nicce5 hours ago
Have you had static IP since then? A problem is that most new mail servers will have IP address with history.
sgt3 hours ago
The current static IP (it changed over the years) I got in 2016 or so.
SoKamil5 hours ago
Well, it’s hard to beat 26 years of expertise.
logicallee6 hours ago
>This is a myth though (with some truth to it in certain cases). I've run my own mail infrastructure since 1999, no issues.
when was the last time you got a reply to an email you sent?
sgt3 hours ago
All the time. I use it in production and I have many users.
egorfine3 hours ago
> I like their products
I do, too. What I don't like is that they became too large and now are effectively in position to gatekeep the whole internet.
jasondigitized47 minutes ago
Resend was a breath of fresh air for me recently.
mbeex3 hours ago
There is a sweet spot between Gmail and self-hosting. I use Runbox and generally separate contexts, with CF being an exception as I use CF pages for static blog websites, some of their core services, AND as a registrar. For the latter, the default setting is porkbun. The reason for this is not CF's mandatory in-house DNS servers, but the simple fact that they do not register .de domains.
parliament324 hours ago
> The days of people running and maintaining their own are pretty much long gone
This is very much a myth. There's a lot of FUD around how mail is "hard", but it's much less complicated than, say, running and maintaining a k8s cluster (professionally, I'm responsible for both at my org, so I can make this comparison with some authority).
Honestly `apt install postfix dovecot` gets you 90% of the way there. Getting spambinned isn't a problem in my experience, as long as you're doing SPF and DKIM and not using an often-abused IP range (yes, this means you can't use AWS). The MTA/MDA software is rock-solid and will happily run for years on end without human intervention. There really isn't anything to maintain on a regular basis apart from patches/updates every few months.
drnick12 hours ago
This is 100% my experience too. Self-hosting email isn't any harder than self-hosting something else and there is no maintenance beyond apt update and apt upgrade. Even if you choose to do this in hard mode using postfix/dovecot instead of a dockerized stack, you can get a working config in a few minutes from an LLM these days.
pier256 hours ago
Great move. Will probably switch to it immediately from Sendgrid as soon as it goes GA.
Sendgrid recently killed their free tier (100 emails per day) and their lowest plan is now $20/month for 50,000 emails. It's totally overkill for low traffic projects.
Yes, honestly been much more reliable than my previous provider (mailgun). Their IPs were constantly getting on spam blocklists with yahoo and hotmail. No issues with zepto so far, been using about 9 months.
stavros1 hour ago
Thank you! I hope they verify me soon.
rcleveng6 hours ago
Even with those pricing structures, 95%[1] of the spam I get comes from sendgrid. To their credit, their abuse@ address is good at handling the reports and they reply with a followup that the report was received and able to be acted upon[2].
The volume of spam (for me) doesn't seem to be decreasing from them, so there's a lot of moles to whack.
[1] Just a guess from looking at the last weeks
[2] I know it's automated, but often there's 2 that come with the 2nd one stating it's acted upon, so i'm hopeful.
friendzis6 hours ago
These services are just spam-circumvention as a service. It's cheaper and easier to pay 20 bucks to sendgrid and let them fight the fight with google/microsoft/yahoo than to circumvent spam protections of the big providers.
You can very reasonably and reliably expect spam amount to correlate with the cost of sending said spam or expected return. At any service. There used to be a time where you HAD to check your mailbox several times a week or it would (literally) overflow with spam.
tmiku4 hours ago
Re: Sendgrid killing their free tier - I used them for the contact form on my personal website, and after they ended the free tier I was able to move to Resend (who has a similar free tier) without too much work. Pretty happy with it so far.
The lowest plan $40/year for 1k emails/month isn’t on the Pricing page, but you can select it when signing up.
iamcalledrob2 hours ago
Been using Mailpace for a few years.
Has been a 10/10 experience -- rock solid and extremely good deliverability.
Wish the pricing increased non-linearly though at higher volumes.
johtso5 hours ago
Thanks for recommending mailpace, £7.50/month for 10,000 emails is very reasonable, _and_ they support idempotency! Definitely makes me consider switching to them..
pier256 hours ago
Thanks. It's not very smart to not list that plan in the pricing page IMO.
jasonfrost6 hours ago
Or migadu for 19/yr
sodality23 hours ago
Migadu is more for personal emails - they aren't meant for transactional emails at all.
sltkr6 hours ago
[dead]
alpn6 hours ago
smtp2go.com offers a free tier with 1,000 emails/month. I’ve been using it for a few small services I run and haven’t had any issues so far.
jabroni_salad4 hours ago
smtp2go will let you have 200 a day or 1000 a month for free.
bangaladore4 hours ago
Switched to this from Sendgrid for my low email volume apps.
richwater6 hours ago
> Sendgrid recently killed their free tier (100 emails per day) and their lowest plan is now $20/month for 50,000 emails. It's totally overkill for low traffic projects.
With a pricing structure like that it appears they became too tired of verifying/validating users to not send spam. Unfortunately I don't blame them.
bachmeier6 hours ago
$10/year for 10,000 messages/year is 10 cents per message. (Or some other volume at 10 cents/message.) Surely too high for spammers but cheap enough for an app with a low message volume.
athorax5 hours ago
$10/year for 10,000 messages is a tenth of a penny per message
richwater5 hours ago
It's not about optimizing for low volume side projects.
Barrier to entry for (12 * $20) is much higher than $10/year and they figure that was worth the tradeoff of losing small fish customers.
bachmeier5 hours ago
Well, I was responding to your claim that "it appears they became too tired of verifying/validating users to not send spam" is the reason for killing their low-volume free tier. It's a different story if they dropped the free tier to focus on large-volume customers.
pier256 hours ago
isn't this done automatically?
sophacles6 hours ago
Sure, and then the spammers figure out how to fool the checks. And sendgrid has to figure out how to detect the new and improved spammers. Then the spammers figure out how to fool the new and improved checks... and so on.
The part where sendgrid has to keep figuring out how to make new and improved validation is expensive.
NoahZuniga3 hours ago
> Imagine a user emails your support address. A Worker can receive the email, parse its content, call a third-party API to create a ticket, and then use the Email Sending binding to send an immediate confirmation back to the user with their ticket number. That’s the power of a unified Email Service.
This is/was already possible. You can just reply to an email from an email worker.
joshcartme2 hours ago
I had the exact same thought. I guess now you could put something in a queue if you have to do non-trivial processing before replying, but that’s not what they wrote
tracker12 hours ago
I keep thinking that Email would be a pretty natural extension process with the workers model in general... if they offered workers that could handle a tcp connection as stdin/out from the application perspective. Especially in concert with D1, R2 and other services.
I think the biggest issues would come down to server-side search functionality though. For very basic services, and even most of common IMAP/JMAP, it could be pretty great. Working on an a major email platform is something I've really wanted to do for a while now. (cloudflare, call me)
freetonik5 hours ago
Finally. My two production projects are built entirely on Cloudflare workers platform, and I dread every time I have to login into AWS to manage SES. I even wrote a note for myself with instructions which buttons to press and where to navigate, like you'd write for your elderly relative who's "not good with technology".
aprilnya17 minutes ago
Honestly this is why I like what Cloudflare is building nowadays. They aren’t just a CDN but rather they’re becoming a full on cloud, like AWS and Azure are - except their developer experience is just so incredibly better than any other cloud
mtrovo5 hours ago
Kind of off-topic, but it's such a pity that we arrived at email as the local minimum for the best communication protocol for transactional messages. Having to set up an email service just to be able to enable authentication flows on a new website is such a hindrance that I keep wondering if it would be different if sending push notifications to a cell phone was made an open protocol..
parliament324 hours ago
It's because every communication protocol since has been a walled-garden with a rent-seeker attached. This is why open, federated protocols are so critically important.
citizenpaul5 hours ago
I hear your pain. However I think if you really look at it email is a good thing. Its brokenness is a highly desired feature. It is the last generally accepted tech bastion that keeps us from becoming some sort of always on the job star trek borg style creatures that cannot have plausible deniability that the computer failed.
Oh i didn't get that email.
Oh spam filter.
Oh so backlogged on email.
ectospheno5 hours ago
Spam push messages don’t need to be a thing. Ever.
charcircuit5 hours ago
This is the fate of most open protocols. It becomes too hard to migrate to a new spec due to the increasing difficulty of coordination and then the protocol gets stuck in time.
pphysch5 hours ago
China was able to pull that one off, pretty much no one uses email there.
mtrovo5 hours ago
What exactly are they using? Wechat messages?
parliament324 hours ago
For registering/authenticating to service, SMS mostly. Same deal in Russia in my experience, basically every website/service signup asks for your mobile number and just texts verification codes.
eikenberry1 hour ago
So smart-phone is required for everything there? No computer flows for website access?
"We" definitely don't want that... but many others do as it takes control away from people.
gabelschlager1 hour ago
Smartphone is required for everything there, yes. Signing up for services, authenticating yourself (e.g. when entering a train station), payment, social media, etc.
Computers used to be expensive and people had less money back then, so most of the country essentially just directly upgraded to smartphones. Many don't and never used to own a PC outside of work.
tavavex1 hour ago
For just SMS authentication, you just need a phone. Any kind of phone.
But it also just so happens that in both of those countries, you must have your identity attached to any SIM you purchase. So, anything that makes you register with your phone number will indirectly link your real identity to that registration. It must be very convenient for their governments!
xp843 hours ago
Question for the Cloudflare people: We use sendgrid today, and create subaccounts through it (entirely with API calls) to allow our customers to add and verify their own domains (with a couple of DNS entries the customer can create). Then we can send out email on their behalf "from" their domains -- with DKIM, SPF, and all that still being happy.
Does the Cloudflare email routing product provide this same capability?
Oras6 hours ago
Been waiting for this for a long time! CloudFlare developer platform is underrated. The ability to use queues, cache (KV), Hyperdrive, and R2 (an S3 equivalent) with one line of code is just brilliant.
mtrovo5 hours ago
Same here. Cloudflare products are a really good balance for small projects that could eventually need to scale up. Durable objects is such a cool concept in itself that I don't know why it didn't catchup the same way in other providers.
I really like CF focus on developers but their R2 is not quite configurable yet as S3. I am looking forward to move away from S3 if R2 can get their bucket policies and permissions as advanced as S3.
kylehotchkiss3 hours ago
Could you accomplish your needs in R2 just using more buckets?
codegeek1 hour ago
potentially yes. but that will not be a clean solution. One bucket per customer is our rule.
keeda4 hours ago
What are people's experiences using their current Email Routing service? Mine wasn't great -- right after I set it up I could not get a single test email through to my recipient account despite multiple attempts. No delivery failure emails or any responses at all. Nothing on their dashboards either.
Searching their community threads turned up several other folks who had encountered similar silent failures that were never reported on the dashboards or any status page, leading them to question the company's interest in supporting this feature. I tabled that idea at that point as it was not critical.
A few months later, I randomly tried sending a test email again and it just worked. However, the initial experience left a bad taste in my mouth. Could I trust it to start routing critical emails?
Wondering what other folks here have experienced...
cr3ative3 hours ago
They enforced ARC without any notice which failed deliverability by about 50% for my catch-all address. I only noticed when someone told me they had emailed and it didn’t come through.
I just don’t trust them now. That was a huge misstep.
pier253 hours ago
I use it with a couple of addresses. No issues so far.
Velocifyer20 minutes ago
I thoght this was a service like migadu or proton mail
Topfi6 hours ago
That seems very similar to Resend, which has been a joy to use for my part.
gen36 hours ago
>// Classify incoming emails using Workers AI
const { score, label } = env.AI.run("@cf/huggingface/distilbert-sst-2-int8", { text: message.raw" })
This is neat but be careful using an LLM to parse email content. The demo is a BERT model which is a good but I can see how someone might swap this without realising the implications
Also really nice to see emails from workers, its something I have wanted for a while!
amonroe805-26 hours ago
This is great. I’ve had many side projects with Cloudflare where I’ve wanted a way to send emails as a part of it, and it’s slightly annoying having to go find another service to use to get that done. Having this baked-in will he sweet!
RandomBacon6 hours ago
My understanding is that "Best Practice" is to use different companies for different services (not to have all of your "eggs in one basket") in case something goes wrong with one company and they take everything down.
This is what I have...
Domain Name Registrar: Dynadot
DNS: Cloudlare
Hosting: Dreamhost
Email: Fastmail
Should everything be under Cloudflare? I think they also do domain name registration and now, soon email. Not sure off the top of my head if they do hosting.
ry1676 hours ago
You can't connect to your email or hosting if your DNS with Cloudflare is down.
Plus, Dynadot uses Cloudflare for their site, so you couldn't even change your nameservers if CF is down.
A random scatter won't protect you from a service like CF / AWS / GCP being down, and most users won't benefit from protecting from that sort of unlikely and major scenario anyway...
RandomBacon5 hours ago
That's a good catch about Dynadot using Cloudflare.
Ideally there would be a setup to avoid having the domain name registrar use a different DNS than me.
I'm more concerned if an over-zealous algorithm or employee shutting down an account and being able to just switch that one service to another company rather than losing everything.
hamdingers6 hours ago
I'm not sure what best practice actually is, but each different company you depend on is a different failure point. If CloudFlare goes down half the internet does (which is a problem of course, but not my problem), so from a purely utilitarian perspective depending on them feels like a safe bet.
bachmeier5 hours ago
Does Fastmail have an easy API for sending messages from an app? I've tried it before but found it much more complex than an API call.
nojs6 hours ago
They do, it’s call “pages”
BinaryIgor5 hours ago
Cloudflare have great products and engineering expertise, but it starts to get into a concerning territory; what kind of influence over various protocols of the Internet they (might) have.
cube005 hours ago
Especially when they decide you've used too much and shake you down for a higher business or enterprise plan.
citizenpaul5 hours ago
WTF Cloudflare you are using a google form for the beta sign up?
Edit: I see its an email sending service not client.
divbzero5 hours ago
To be clear, Cloudflare Email Service is not a full-blown email provider like Fastmail, nor is it even comparable to email services like AWS SES or SendGrid. Cloudflare already offered email routing and Cloudflare Email Service just adds the ability to send email via Cloudflare Workers, so there’s a long way to go before Cloudflare could be an option for replacing Fastmail.
XCSme4 hours ago
What would be the difference if we are talking about transactional emails? Why not comparable to SES?
divbzero3 hours ago
You know, it might be closer to AWS SES and SendGrid than I thought initially. My first reading of blog post gave me the impression that Cloudflare Email Service was designed for Cloudflare Workers only because that’s what they emphasized upfront. But I missed this piece:
> We’re also making sure Email Service seamlessly fits into your existing applications. If you need to send emails from external services, you can do so using either REST APIs or SMTP.
wiether5 hours ago
> This really irks me.
It shouldn't.
They are not launching a complete emailing service, this is just a service that you use to send emails from an app.
"Moving" to their service is as easy as updating your DNS records so they can be seen as an authorized sender.
TiredOfLife5 hours ago
That's nothing. One of the recent CloudFlare outages was because they hosted some essential stuff at Google cloud and that had an outage
jlundberg1 hour ago
For people looking to self host email, the mox software is surprisingly refreshing.
Email for developers will always trickle down to a commodity, wrappers will get left behind, acquired, or relegated to a small niche.
joshstrange3 hours ago
I’m interested to see pricing and what the backend dashboards look like for this. I’m currently using PostmarkApp for my transactional emails and they keep bumping the monthly price and my usage is tiny. If I could just pay per email that would be better.
That said, I’m hosted on AWS so maybe I should look into SES as well if I’m going to replace my email sending service.
dajonker36 minutes ago
I haven't experienced any price increase on the cheapest Postmark tier over the past 3 years or so? In any case they deliver excellent service and as a business earning money and sending emails per transaction it's almost free.
codegeek5 hours ago
Cloudflare at some point will basically compete with AWS as the entire infra platform for developers. They are slowly building tools one after another.
I am really excited to follow how their Containers platform matures as it is still too early.
everfrustrated3 hours ago
Yup and why their share price has rocketed. Nobody in the CDN industry is making money - a large player went bankrupt recently. You don't want to look at Fastlys financials and share price
Cloud is where the money is.
I hope they enforce the use of plain text versions of html email :)
baggachipz3 hours ago
I wonder what the pricing will be. I would love to have it be where X number are free, then each one additionally will be a small price. I hate having to change tiers based on usage. I would have no problem funding an account and using that to pay for the overage.
pizzafeelsright5 hours ago
This is good and I am fairly certain email is dead with AI, hopefully soon.
I went from hosting my own pop/imap/smtp email to ignoring it almost completely at work and personal for a variety of reasons.
Text messages and chat or X/message boards are all I use now. I have the same ability to deliver messages, content, forward, save, export, and migrate between platforms. The spam in SMS is tolerable at this point.
alberth2 hours ago
So will this compete against SendGrid (transactional emails)?
Or is this going after Gmail/M365 (personal inboxes)?
mrshu46 minutes ago
This is a SendGrid alternative (transactional emails, potentially with a nice API).
jasonjmcghee6 hours ago
I feel like I'm missing something based on some of the comments here. How is this different than from SES? (Why is this controversial?)
ZeroCool2u5 hours ago
A lot of folks find SES or even just the broader AWS experience unpleasant.
jasonjmcghee5 hours ago
Oh sure, a nice emailing experience (compared with SES) seems positive. But there are negative comments like Cloudflare shipping this is net negative, so just trying to understand the context.
wiether5 hours ago
The negatives are probably around the fact that Cloudflare is soon to be the master of the web (80/443)
If they launch an email service and are as successful, they could become the master of the email (25/465)
So soon, they'll be the master of the entire Internet
To be clear: I don't share this view, in part because Google and Microsoft already are the masters of the email
jasonjmcghee5 hours ago
Thank you for the context
mercurialsolo6 hours ago
Cloudflare is the new AWS
NetOpWibby5 hours ago
I like this version of AWS
cube005 hours ago
Give it time, we always like them in the beginning.
cloudflare7286 hours ago
This is exactly the service I was looking for. I am using cloudflare email forwarding but couldn't find anything about how to send form data from webpage to email.
All the email service that I could find has monthly subscription, no pay as you go offer. Hopefully, cloudflare will offer pay as you go.
Is there a way to get priority in waitlist? I don't mind bugs.
xaxaxa1231 hour ago
Cloudflare is NSA/CIA.
maghfoor5 hours ago
I would actually use an email service from Cloudflare. That literally means I don't have to rely on anything else to host my apps. Currently I use email forwarding to send emails to a different email address from my custom domain. This would help a lot
danielspace234 hours ago
How is that a good thing? Are we, as a society, forgetting the value of diversification, or just ignoring it because convenience is good? Do you really want to be just one wrongful ban away from being completely offline?
pikdum5 hours ago
As someone not currently using Cloudflare Workers, I'm not sure I want to build a worker and figure out how to interface with it though my existing application just to send email. What happened to SMTP?
thomgo5 hours ago
REST APIs and SMTP will also be available
pikdum3 hours ago
Oh cool, somehow missed that. :)
smacker5 hours ago
That is exactly a service I was hoping Cloudflare would provide.
Simple binding using wrangler is really a life quality upgrade when starting new projects.
ChrisArchitect1 hour ago
From Zeno Rocha, CEO, Resend -
I just shared this with the team:
Today, Cloudflare entered the email sending market.
While I didn't expect this to happen today, it didn't come as a surprise either. It was never a question of if Cloudflare would add an email sending API, but when. Back in 2022, they introduced Email Routing, and it was only a matter of time until they added the sending part.
Some people will see this and will want to migrate off Resend, others will say we're dead. The reality is that they are after our target audience, otherwise they wouldn't create an example showing how to use React Email on their announcement post.
Still, I truly believe this is good news. Here's why:
When Cloudflare introduces millions of users to their email API, they're creating our next users. Developers will run into limitations and will want more from an email service. They will need bulk sending, advanced templates, no-code editors, and a lot more. That's where we step in.
Email is not a winner-takes-all kind of market, and that's why we've been able to enter such a competitive space and still thrive. Competition is good because it forces the best product to win.
We cannot let our guards down, and lose our sense of urgency. The bar is higher for us right now, but if there's a team that knows how to increase the bar, that team is this.
Email sending providers have become a bit of a cartel, with prices usually rising overtime. I am expecting much lower prices from cloudflare.
observationist6 hours ago
It's always shocking to me how many people blindly sacrifice the principles that make the things their lives depend on actually worthwhile. The internet isn't just a thing that happened, it was developed and rolled out under specific principles and vision, and violating those principles destroys the system.
The internet doesn't work if Matthew Prince gets to act as global gatekeeper, or if CloudFlare gets conscripted as the new PRISM or NSA censorship and surveillance apparatus whether they want it or not. Given the profit incentives and intense pursuit of control, it's apparent (to me, at least) they're positioning themselves to profit off of the next big horsemen of the infocalypse opportunity.
Centralized control and gatekeeping of the internet, private or otherwise, should be shunned. Sacrificing that for walled garden features is despicable.
Don't shit in the village well, even if the guy selling bottled water says he'll get you a great deal. There are better ways of doing things.
SirHumphrey5 hours ago
Sure, I wouldn’t want the Linux foundation or other pieces of critical FOSS infrastructure to be routed via Cloudflair. But if I am setting up a web shop for somebody they usually care much more about someone at least pretending to be doing something about a ddos they got hit with that the decentralised internet.
To quote Raytheon “Morals are cool but 90k/year sounds a lot cooler”.
BinaryIgor5 hours ago
In principle I agree, but in practice - what the better ways of doing things, as of now?
observationist5 hours ago
Use other services where necessary, and sparingly. Use only what's functionally necessary, and diversify. Encourage your employer or organization to avoid vendor lock. Don't ever meet with salespeople, stay in charge of your websites and infrastructure. Find a highly disagreeable technical engineer to tell you what you can get away with; you probably don't need the scale of the things CloudFlare, AWS, et al impose by default.
AI right now can do all of that for you; pay for the best initially, have it do deep searches that meet what you need, and find appropriate contractors and services. Drop down to the plus tier after you get what you need initially, if the $200+ versions are too steep, but you can absolutely afford one month to plan an overhaul that doesn't empty your wallet.
Mandate open standards and bake in flexibility to your organization; pivot frequently and aggressively away from companies and services that don't meet your principles or standards.
Wherever possible use self hosting, decentralized protocols, open standards, FOSS software, and pay for expertise over the massive overkill "but wait, there's more!" the conglomerators offer. Their economies of scale serve to consolidate unearned and unaccountable power, often in cooperation with very shady players.
Yeah, tragedy of the commons, this is why we can't have nice things, because it's hard, and complex, and actual evil people exist who will absolutely ddos sites and exploit every and any opportunity to grift people out of their money. Cloudflare is a well marketed bundle of solutions for real problems, but it's definitely not the only solution.
It's up to you to what extent you compromise on principles - with AI it's becoming much easier to find acceptable alternatives without having extensive domain expertise. Normal search engines are almost completely captured by SEO and big market players, and we have a window of opportunity to use new AI search to find things that defy the status quo. The window will probably close sometime in the near future, but until then, take full advantage and position yourself to not be subject to companies or industries that shouldn't be taking it upon themselves to gatekeep the internet.
Also, yell at your representatives about getting a digital bill of rights, protecting the open internet, breaking apart monopolies, and cultivating what's best for the internet, and the world.
We have to stop pissing away the good for the convenience of the cheap.
/soapbox
BinaryIgor1 hour ago
Good points - thank you for a thoughtful answer!
AJ0075 hours ago
Agreed.
One thing I've grown concerned about, after watching the Twitter migration fizzle out, is we can imitate the old internet on a small scale, but on a large scale it just doesn't work. For Twitter specifically, the outcome was even worse, many users just migrated to other more centralized services or existing monopolies (like Instagram.)
Users are too used to being able to instantly stream 4k HDR 60fps. They are too used to limited amounts of spam. They are too used to having most non-agreeable content filtered. All of this stuff that big tech delivered now is replicate-able at the cost of tens of billions of dollars. The only business model that can pay for that is owning a giant ad platform.
Thinking about all of the issues the EU has had enforcing things like GDPR, which big tech companies largely haven't followed for years or straight up lied to their customers about, along with a possible failure of the DMA now due to tariffs.. and yet on the other side of the Atlantic, the US utterly failed to ban or control Tiktok. Endless announcements of upcoming deals that were either lies (Oracle protecting American's data) or postponements.
Meanwhile, all of the spam, hacking, bots, and DDoS attacks persist and grow, along with layer upon layer of (probably intentionally) poorly written and often conflicting legislation across multiple jurisdictions have truly made it impossible for the internet as it was designed and meant to exist to continue. (Sure you can just set up a basic web forum like you could do 20 years ago, not use Cloudflare, not host it at a major datacenter, and ignore all of the GDPR and age verification laws, but good luck. Hell, it doesn't even sound like it's really legal to run a Mastodon server anymore.)
One small hope is that if internet companies follow any pattern we've seen in other industries, when the growth ends, the managers will switch to tearing the conglomerates apart in to pieces and selling them off. One day CloudFlare might be split in to 30 pieces, along with Alphabet, Meta, and Amazon. But it could be a while.
willsmith725 hours ago
Ahhhh I've been waiting so long for this. SES is the last thing I have to keep logging into the clumsy AWS UI for
lxe5 hours ago
I hope it doesn't throw you in a mental health crisis when attempting to set it up like AWS SES does.
ahmedfromtunis6 hours ago
I've been using email workers for years now. Adding the ability to send emails directly from workers will be amazing!
They had it a few years ago, but the company offering the free integration essentially stopped offering the free part. I'm currently grandfathered in to mail channels.
thomgo5 hours ago
Fun fact, you can actually use the current send_email binding to send emails to verified emails in your account (but this announcement will make it possible to send emails to everyone)
boarush5 hours ago
You can also reply to incoming emails from what I know, you just cannot initiate any email directly to prevent the obvious abuse. I wonder how they plan to mitigate that apart from keeping the pricing sane.
tambre2 hours ago
Anybody know if it supports IPv6?
mips_avatar3 hours ago
I didn't see any pricing, but it would be amazing if they could get close to SES pricing with like Resend levels of usability.
segmondy4 hours ago
Only a matter of time till Palantir acquires them.
johtso6 hours ago
Please tell me this supports some kind of idempotency.. I fear it wont.
The kind of hoops I've had to jump through to achieve DIY idempotency with Postmark would make you cringe, a shared lock to avoid race conditions, and then using the API to check if an email with the unique id (manually added to the metadata when sending) has not already been sent before sending an email.
Being safe in the knowledge that an email with some unique key will only be delivered once regardless of bugs, processes dying mid task, network issues etc. just makes life so much simpler. The risk of sending duplicate emails or at worst spamming your users due to some more nefarious bug is something that you really want to guard against at as low a level as possible. Sure this might not be quite as consequential as duplicate charges through the Stripe API for example (Stripe have always seemed to lead the way with good API design in this regard).. doThing(data) is _not_ good enough for executing tasks over a network that are effectful, have a cost, and potentially risk your reputation if things go wrong. Idempotency keys should far more widely supported!
cube005 hours ago
> Now, sending an email is as easy as adding a binding to a Worker and calling send
I hope it's easier to setup then the current mess of needing to use Wrangler to setup the send_mail binding the CF worker console can't even show in its binding list.
iamacyborg6 hours ago
Will be interesting to see how good of a reputation they can keep (IP/sender reputation, specifically) given their historically very libertarian attitude to compliance.
Interesting development. Not really sure I trust Cloudflare on this one, the last time they tried this with "MailChannels" they got a bunch of people to use it and then killed it off a few months later. Still, their blog post was never updated to say the feature was removed: https://blog.cloudflare.com/sending-email-from-workers-with-...
kentonv1 hour ago
MailChannels is a separate company from Cloudflare. At one point they offered a Workers integration, and Cloudflare blogged about it because we like to encourage such things. Unfortunately MailChannels later decided to discontinue their integration.
The new email product is built and operated by Cloudflare itself.
_blk6 hours ago
This is indeed great. I've been using emailjs dot com for low volume sending so far but they connect to your account and send it through there which is obviously problematic.. Will be interesting to see how pricing for low volumes is there. So far, I've found CF to be more than fair, esp. given their potential for abusive pricing.
Romanulus6 hours ago
"Centralizing the decentralized." --(probably) Cloudflare
scrollaway6 hours ago
This sounds amazing… basically everyone in the space is either reselling Sendgrid or AWS SES.
What other "root" email services are there out there? Even Google Cloud doesn't provide one...
BinaryIgor5 hours ago
Postmark is pretty good as well :)
iamacyborg6 hours ago
Mailjet, mailgun, sparkpost and a bunch of others.
scrollaway6 hours ago
Mailjet / Mailgun are one and the same service and since the acquisition, I haven't heard of anyone still happy with them. But yes good point, Mailjet is another one.
Sparkpost to my knowledge is built on SES.
iamacyborg5 hours ago
Sparkpost roll their own MTA’s on AWS, they’re not sending via SES.
jeffbee5 hours ago
Google's Mail API for App Engine seems to still be available. I think they don't really want you to use it, but there it is.
turnsout6 hours ago
I'm currently implementing SES for a new app, but I like the idea of having another option. I wonder what the pricing will be.
Handy-Man6 hours ago
Cloudflare's email routing has been abused by malicious users for so long that I can no longer reliably use it with my domain, most times Outlook just blocks Cloudflare IP ranges and emails never get routed to my Outlook mail box.
htrp5 hours ago
shut up and take my money!
lagniappe6 hours ago
For fuck sake is nothing sacred anymore
superkuh6 hours ago
No doubt cloudflare will refuse to receive emails from any mailservers except those that run special cloudflare extensions or whatever. It'll be a whitelist that's mostly corps only. For "security" of course.
And eventually it'll be so popular other mailservers will stop accepting mail from any except cloudflare/ms/apple/etc.
NetOpWibby5 hours ago
Where are you getting this from?
superkuh5 hours ago
How cloudflare treats web browsers and their proposals for acting as gatekeeping for allowing websites to be spidered re: AI motivated corporations. Also cloudflare's near weekly proposals of unilateral protocol features that should be IETF'd but instead they just do and make others do because they're gatekeepers and they can. I expect them to keep behaving as they have and so posited likely 'cloudflare'-like actions for their announced attack on email.
I get that most people never feel the discimination and exclusion mediated by cloudflare because most people are just using chrome or whatever standard browser on their phones. But just because one doesn't have the lived experience of discrimination doesn't mean it isn't actively happening to lots of people.
Is Fastmail in any way similar to what is being described here? Fastmail looks like a replacement for Gmail or maybe Gsuite.
FuriouslyAdrift4 hours ago
Sorry... I though Cloudflare was offering full service email (SMTP/MTA). If it is just SMTP outbound email, then SMTP2Go would be a better alternative.
dewey4 hours ago
Fastmail is mentioned on every email provider suggestion thread on HN (Because they are great, happy user!), but they are not a transactional email provider which is what this product is about.
FuriouslyAdrift4 hours ago
By transactional, do you mean a bulk sender? For that, I recommend SMTP2Go.
Eventually all Internet protocols will be MITMed by cloudflare. Your single point of interception!
To be honest, the internet was worse without Cloudflare, so as long as they provide a good service for their customers, I’m fine with it. This is one of those.
Google is in a perfect position to compete but they don’t, so it’s not like Cloudflare is a monopoly or something.
At least they’re not selling ads using your data.
> the internet was worse without Cloudflare
It had much more freedom. Currently it's up to Cloudflare to decide whether you will read that article or not. Tomorrow some stupid law will mandate certain ideas to be hidden from children[1] and Cloudflare will happily comply.
1. https://en.wikipedia.org/wiki/Think_of_the_children
How is this not a problem with the law rather than a problem with Cloudflare?
Because human nature is what it is. The best way to eat better isn't to be a better person, it's to not keep junk food at the house. It's not Cloudflare's fault that they're successful, but it's now everyone's problem that they're an easy throat for governments to choke.
It's both. In allowing Cloudflare to grow so big, we now have one huge universal button for governments to push. If instead all of these customers were dispersed over hundreds of different services from different countries, good luck with trying to keep them all in line with your specific country's whims.
For example, recently certain big corp ask me to verify something. I clicked on the link in the E-Mail and it was suck on Cloudflare the click button over and over again. No matter how many times I clicked.
Do I need to find another internet access now?
I would bet in the direction of this being a bug on big corp's side rather than Cloudflare's.
> It had much more freedom
...right up until you got DDoS'd off the internet by some script kiddie "for the lolz".
These sentences are what I would used to describe Google 10 years ago.
I don't know what kind of internet you used but mine didn't randomly decide to block my access to a website because some quasi monopolist decided I wasn't allowed to use a certain website for intransparent reasons.
Being blocked from a web site and having to hit a little box are two different things. Are you talking about the former or the latter? If it's the former ... that has literally never happened to me unless I'm on a VPN and even then it's rarely (if ever) CF that's doing the blocking.
If it's the latter then it reflects the sad truth that we can't have nice things anymoret. I have lots of problems with the accessibility of that box, but either Cloudflare would be implementing it, somebody else would be implementing it, or a huge chunk of data would be unavailable to you anyway because of accidental DDoS attacks caused by irresponsibly deployed bots.
Infinity captchas are the most toxic thing ever. I have trouble completing many of the challenges.
This has happened for me on regular residential Internet access.
(Check the box, and get redirected to check the box again.)
> Being blocked from a web site and having to hit a little box are two different things.
Maybe for you.
But I don't let random unvetted websites run code on my computer. Checking that box requires it.
So you're blocking yourself? Seems really disingenuous to imply it's someone's fault when you know it's your own.
Why do you keep hitting yourself? Hahah
--childhood bullies
The internet is worse for me with Cloudflare. I'm using a cellphone router for my internet. My guess is I don't get a dedicated IP and probably behind a NAT with other users. 85% of my request needs me to solve a cloudflare captcha. on bad days I have to do this easily 100+ times.
It is not Cloudflare's fault. It means the website operators were so fed up with bots and bad actors that they just applied a carpet ban and called it a day. Thanks to Cloudflare I was able to reduce my website load threefold and downscale my VMs and my monthly cloud bill, and seeing how 50k daily requests were shown CAPTCHA and not even tried to solve it makes me terrified of running anything without Cloudflare.
Don't blame site owners and service that is trying to help them. Blame the fact that 90% of today's Internet traffic is bots
It's cloudlare's fault that it's so common to have very overzealous blocking. Site owners need access to bot protection but that doesn't mean highly flawed protection gets to be blameless.
That reads more like:
- site owners can have protection as long as it doesn't inconvenience me.
Close.
Replace "me" with "legitimate users" and replace "inconvenience" with "very aggressively inconvenience or entirely block".
Then yeah you have it.
Of course it's cloudflare's fault. They monetized and scaled a service that blocks humans from interacting with websites.
They're also essentially a deanonymization reverse proxy that can track everyone's browsing history and decide whether you get to see websites based on social credit.
But what's the counterfactual? People use cloudflare because they want protection from ddos attacks and bots. If cloudflare didn't exist there would probably be similar measures.
Businesses want to protect the continuity of their business operations, and to that end they buy such protection as a service, from a business that managed to MitM half the Internet in order to provide such service.
Point being, it's a commercial subverting the Internet from inside, reshaping it to better serve the interests of commerce. It is indeed protection, but it's accomplished by reducing variance. 99% of legitimate commerce on the Internet follows the same patterns, use a small subset of possibilities offered by the technology - so why not just block the remaining 1% that doesn't fit and call it a day? It will stop most of the threats to running businesses on the Internet. The 1% of legitimate commerce that doesn't fit the pattern? It's not being ignored per se, just pressured to adapt and conform to the majority.
What is being ignored is that the Internet is not just a place of commerce, and non-commercial use cases, ideas such as empowering people to better their lives, are gradually becoming impossible, as fundamental Internet infrastructure becomes inhospitable for them.
Some of us still remember the Internet being more than just a virtual mall, and are unhappy about it gradually becoming one. And it's not like CloudFlare, et al. are hostile to non-commercial interests as a matter of principle - it's just out of scope for them.
Your first paragraph summarize why businesses want to use Cloudflare and how it helps them maintain their business.
Your second paragraph talks about other (non-commercial) sites. I think I'm missing the link here. Why would the admins of such sites resort to Cloudflare if 'fundamental Internet infrastructure becomes inhospitable for them' by making that choice? They could very well choose to implement their own or no measures at all.
I think the issue is that the general threat level has massively increased compared to the past - not in terms of sophistication but frequency/scale. But that's a consequence of widespread adoption, nothing Cloudflare in particular is responsible for.
I actually think that Cloudflare has made publishing on the internet _more_ accessible for many individuals. I’ve helped a few people get personal websites running on Cloudflare pages and run my own there—it’s free and extremely easy. They could obviously pull the plug at any point, but with static sites it’s easy to avoid lock-in. If it weren’t for Cloudflare and other services that give free, easy hosting, I suspect there would be even fewer of the non-commercial small-internet sites that you value.
Have you played with IPv6 vs IPv4? Wonder what's worse there, CGNAT-ed IPv4 or an inherently low-reputation IPv6.
CDNs always existed IMHO. The world before cloudflare was just much more hidden. In general I find their take at the typical cloud business from a network perspective mostly refreshing.
However, I guess they have become the major player now and certainly try to optimize the world towards their business model.
IMHO it needs other enterprises entering the competition. Maybe it could be new more software defined mobile network providers offering edge compute. Maybe data from IoT could never enter the Internet and we could have some confidential computing power when we need it for our IoT stuff. Maybe we could get a more decentralized Internet again...
> However, I guess they have become the major player now and certainly try to optimize the world towards their business model.
I don't think that's it, and I think the explanation is much more simple and straight-forward.
Cloudflare established a very successful business model around a straight-forward, very transparent, no-bullshit CDN. Now, they started offering other cloud services build around their CDN. Cloudflare Workers kind of extend their CDN pipeline to allow clients to run arbitrary code to customize caching logic, but it turns out their function-as-a-service model is exceptionally good, and higher-level services like email are a low-effort way to meet existing needs.
Much of their model and success was by giving away a lot of service for free.
I'm not discounting their innovations but had they not been VC funded and given away free service I suspect many would still never have heard of them.
Cloudflare is far from a no bullshit CDN. The vendor lock in is real with an aggressive unethcial sales model.
Like what? Give an example. I'm struggling to think of something they offer that is particularly unique and not offered by the other public clouds or several SASS companies.
I'm not entirely aware of all their products, but just thinking about a CDN, isn't that in many ways kind of fungible? Is it really that hard to migrate to your big cloud co's CDN (CloudFront, Google Cloud CDN) or the several other large competitors without an immense amount of work?
Please, educate me and tell me what's up.
Many of Cloudflare's products are bundled together for reasons.
Trying to unravel all that is an absolute nightmare.
Oh I remember a time before CDNs and a big part of your startup fundraise was to build out your own setup inside a data center.
It's not the specialization around hosting that's the problem, but that entities running CDNs realized they're in a privileged position in the network, and decided to capitalize on it.
I still believe that CloudFlare means well, but that doesn't mean that I agree with the increased centralization. This isn't the fault of CloudFlare, they are just exploiting a business opportunity and as you say: At least they're not selling ads.
It is a legitimate business, from my perspective. I'd just wish we weren't in a situation where CloudFlare isn't exactly struggling to sell their services.
> I still believe that CloudFlare means well, but that doesn't mean that I agree with the increased centralization.
I'm perplexed by this sort of comment. Cloudflare doesn't even feature in the top 10 of cloud provider market share, and the number 8 spot already reports 2%. And here you are, complaining about Cloudflare and centralization.
Furthermore, AWS is by far the biggest cloud provider, reporting around 30% market share, and I don't see AWS being referred as a concern.
20% of websites uses CloudFlare(1, 2), even companies that use AWS, GCP and Azure have their services behind CloudFlare.
1) https://www.theregister.com/2024/12/13/cloudflare_2024_revie...
2) https://en.wikipedia.org/wiki/Cloudflare
> To be honest, the internet was worse without Cloudflare
It was better. 'Wget' and 'links' worked with most of the sites.
> At least they’re not selling ads using your data.
Yet. Since it's an american company with an ever-growing influence, I dread and expect that to change, among other things, down the road. I assume the three-letter agencies also already MITM the traffic.
Assume your beloved tech company can be bought by Oracle and proceed on that basis.
You forgot about Broadcom !
Arguably, ecommerce was worse without Amazon but are we really better off?
Shipping times are definitely better off industry wide because of Amazon.
Same day shipping was always the norm here. Order something before 14:00 - 16:00, depending on where the company was on the route for package pickups, and you'd have your package the next day. Amazon has normalized multi-day / weeks shipping, so they've made it worse.
Where is this?
Denmark, there is no close Amazon warehouse, so shipping always suck. Not only is shipping times frequently a week or more, it's also overpriced and items are frequently less expensive from local online stores.
Amazons only advantage is it's massive selection, if you can find what you're looking for.
In the US, it's the opposite. If you order directly from the brand, you get multi-day or more often multi-week delivery times. Unless they are using amazon logistic and which case it's the same as buying off amazon - 0/1/2-day delivery times.
We said the same thing with Google, "Don't be evil", "They are better than MS", now here we are, Google, became something that doing everything to squeeze every data off us, so that they can sell them to their partners.
And, anything that stops them from doing it, well, you are kind of erased from the Internet. The freedom we had, slowly becoming non-existent now.
Corporates have one and only one target. It is to make money. And this mentality, enables them.
> At least they’re not selling ads using your data
Sounds great, until a new CEO steps in. Any company is exactly one (or more often zero) CEO away from doing whatever they want (within legal constraints) with their business, in order to fulfill their fiduciary duty (and greed).
I’m not going anywhere anytime soon.
Huge fan of Cloudflare here actually. It’s always such a breath of fresh air compared to the heavyweight configuration hells like AWS. And for doing super convenient stuff like make node:http work on cloud functions recently, but guess only certain DevOps guys realize how cool that is compared to other FaaS wrapping ceremonies.
Too bad you don’t hire senior folks in Germany currently, would probably join in a heartbeat for emotional reasons alone. Keep going, lightweight features on a tap and solid reliability over years is exactly what I need and want at least.
I am genuinely curious what protections are in place to ensure that? What is the plan after you are gone?
It looks like you have voting shares with 10x the power of institutional investors, but activist investors aren't dumb either.
My biggest fear of Cloudflare has always been that one day you'll get hit by a bus and someone will figure out that merging Cloudflare with an ad network would create so much more shareholder value. The road to hell is paved with free DDoS mitigation, so to speak.
How do you know?
> Google is in a perfect position to compete but they don’t, so it’s not like Cloudflare is a monopoly or something.
Not to comment on whether they're actually a monopoly or not (since idk much about CF's market share, except that it's big), but how does this prove they aren't a monopoly? If anything, it'd work as evidence to prove that they are.
I think the point is to keep them in that mindset, and that requires competition and some counterbalance that won't be there is everyone just moves to Cloudflare.
Yet…
If CF limited their clients to big businesses (just like Akamai and who else?) it might be less bad, but as it is, they're trying to get the whole internet including small sites on board.
you're right
internet is made sooo much better by negating all encryption effort of the last 20 years
If Cloudflare is so vital to the internet, it should be nationalized for the public benefit as having a private entity with so much control over the internet is not a good thing. Corporatized control of the internet should not be encouraged.
Can't believe if you are joking or not.
I trust a corporation more than I trust the nation you want it nationalized in (America?)
EU maybe. But yes I don't want cloudflare to be part of america after patriotic acts and all the dystopia.
Honestly, cloudflare is not so vital to the internet. Like, The only thing its gonna be a problem if they stop working without giving any way to migrate. Then yes, its gonna be a bit of problem to the internet.
>cloudflare is not so vital to the internet
Really? Try distrusting CF certs, and see how much of your internet activity breaks. CF certs should be distrusted, because it's MITM by definition. At the very least, I'd like an addon that makes the URL bar bright red, so I know my connection isn't secure.
It's not more vital, than, say, AWS. Blocking AWS certs/endpoints will break your internet too.
Though arguably neither should be in a position to do so without being regulate as a public utility
Yup, I also meant the same when I was writing my comment and although I agree about regulation, the thing is, that I don't even trust that aspect...
Also, I know that there are sometimes where cloudflare sits in the middle between your servers and your users for DDOS protection, and so yes theoretically its a point of interception but given how their whole thing is security, I doubt that they would exploit it but yes its a point of concern.
On the other hand, if something like this does happen, migrating can be easier or on the same level if something like this happened on like AWS.
But cloudflare still feels safer than AWS y'know?
That being said, I am all in for some regulations as a public utility but not nationalizing it as the GP comment suggested. Just some regulations would be nice but honestly we are in a bit of tough spot and maybe it was the necessity of the internet to have something like cloudflare to prevent DDOS's.
Hm, you raise good points but I just thought when I was writing that comment, that if there was even a single case of somebody using that MITM then that would just make everyone leave cloudflare and find either other mechanism or something else that's safer for sure.
I think that cloudflare is used by most as DDOS protection and so they still have the servers.
There are also cloudflare workers and pages but even migrating them is somewhat doable as I think that cf workers have a local preview option somewhat available in their node etc., so you could run it locally somehow.
Sure its gonna be a huge huge problem but something that the internet might look past of (I think).
Honestly, I kinda wish that there was a way to have something like how the tor onion links work in the sense that the link has the public key of the person running the server and so uh, no matter if its cloudflare serving the link or something else, its still something that can't be MITM'd for the most part.
Am I right in thinking so? Sure, its gonna make the links longer but maybe sacrifices/compromises must be made?
The EU is quickly becoming a dystopian nightmare with age verification, mandated encryption backdoors, and generally an extremely invasive form of government. So no thanks.
No thanks to this level of evaluation which doesn’t even rise to “analysis”, it’s just a word salad association that picks two hobby horses and pretends they represent the apocalypse while ignoring all the measures on which many EU participating countries are producing quality of life and personal freedom at outlier levels.
Lets just hope that EU doesn't add that age verification thing or those Cert based things which is controlled by the govt.
My opinion is simple, age verification won't work unless they block VPN (something which UK wants to do/ is doing) and that sets a really really bad precedent and I doubt if its entirely possible without breaking some aspects of internet or complete internet privacy.
EU in aggregate is net positive but it still has some things which are kinda flawed regulations that are a bad precedent, but germany kinda blocked the verification thing iirc so there is still a lot of hope and EU does look like its trying its best but I think that it can do just a bit better if they don't think of age verification or some other stuff but that's just my 2 cents.
This was why I added "maybe" tbh. They are one of the best options but even they aren't thaat good. Like its questionable I think and needs a much bigger debate
What quality of life improvements? I seriously hope major tech companies pull out of the EU market altogether instead of complying when client-side scanning is mandated. Then you can come back here and brag about how great life is in the EU.
To make sure I understand, your position is that anything vitally important to the internet should not be under the control of a plurality of institutions subject to heterogenous incentive structures, but instead should be under the centralized, monopolistic control of a single institution that is perpetually compromised by perverse incentives and ulterior motives, whose mechanisms of accountability are mostly performative and demonstrably broken?
I'm not sure that sounds like a good idea, if that's what you're saying.
My position is that if something becomes critical it should be under democratic constraints in a democratic society and not private enterprises that have no forms of control by the populace.
Maybe if Cloudflare had workplace democracy my concerns would be different, but they don't and wield too much power.
If it also helps I also think 99.99% of big tech should be broken up into separate, probably a few 100, different companies.
So yes, anything vital for the internet should be controlled by the people through democratic norms, institutions, and values rather than dictatorships by those with money over those with none.
No such thing as "democratic constraints" or "democratic society" at the level you're discussing. Democracy is an imperfect safeguard against certain types of extreme dysfunction of the political system -- a necessary one for sure, but not nearly sufficient to make the institutions it applies to trustworthy with monopolistic control over other aspects of society.
Everything reduces to specific people acting on their a priori motivations in bounded contexts, and any system of centralized control is guaranteed to enable expressions of the worst motivations of the people involved. The distinctions you're making -- "private" vs. "public", "corporations" vs. "governments", etc. -- are fundamentally meaningless.
There are no "democratic norms", just norms adhered to by specific people and the factions they form, contesting against each other for power over others. Performative "democracy" institutions is just cover for the currently dominant factions to function as "dictatorships".
Decentralization and individual autonomy are the only solution to the problems you rightly care about, but what you're proposing is literally the opposite of that.
I would say if the political environment pre 1980s was still in existence that might be true. Today that would just mean the entire thing would unravel as it ate its own tail in the race to the bottom environment we are currently in.
Which political environment pre-1980s do you want to go back to? 1930s? 1850s? 1760s?
> Which political environment pre-1980s do you want to go back to?
1934 [1].
[1] https://tile.loc.gov/storage-services/service/ll/usrep/usrep... Humphrey's Executor vs. United States
I can't imagine what a court case about whether the US president has the power to unilaterally dismiss officials in executive-branch agencies could possibly have to do with this.
At least you're referencing the United States in 1934, though. Things were very dysfunctional politically in the US at that time, but not nearly as bad as what was going on in some other parts of the world.
> can't imagine what a court case about whether the US president has the power to unilaterally dismiss officials in executive-branch agencies could possibly have to do with this
Seriously? You don't see the relevance of independent agencies to this discussion?
You can create democratic policies to thwart this. Even something as basic as nationalizing Cloudflare then forcing workplace democracy provisions on it would probably do more good for, not just the Cloudflare workers, but society writ large.
I dunno, I am basically a dick to Big Tech all the time, give me an opening and I will go after them with gusto, but I can't really find fault in Cloudflare offering email sending infrastructure.
The ire should be reserved for if and when they establish some kind of monopoly or other anti-consumer practices, fall afoul of anti-trust law, and inevitably the US government gives them a free pass for criminality like it has been doing for years with dozens of other Big Tech mergers, rollups, exclusivity dealings, etc. and appears to have just done again with Google a few weeks ago.
It is fine for big companies to offer competing email sending services. It is not fine for them to break competition laws.
Also yes, please do set up SPF, DKIM and DMARC for me. I may very well end up using this down the road because they say they'll do that for me and I just don't want to think about them in some situations.
> Also yes, please do set up SPF, DKIM and DMARC for me.
I'm going to take this opportunity, because hopefully Cloudflare will see it, to request they support SPF record flattening natively.
And then they'll offer to 'protect' you from AI scrapers for a fee and then bulk negotiate against Google, etc for another fee.
If you use an old web browser, lots of sites are already not usable because Cloudfare's CAPTCHA will deny you entry.
New but non-standard niche browsers are also problematic.
I usually have the same (residential) IP for weeks on end and there's absolutely no malware or scraping or whatever the heck it is that Cloudflare thinks it's protecting against going on in my house. Yet I still get blocked or captcha'd.
Website owners may understandably be appreciative of CF. But as as someone browsing the web, I think it's done a lot of irreversible* damage to the open internet.
* I say irreversible because I don't think they'll be looking to improve this anytime soon, but rather add more restrictions.
As a website owner who uses Cloudflare after having being DDOS'd, I agree whole heartedly.
Cloudflare succeeded to do what Google tried and failed with AMP, and we are all the worse off for it. [Though at least it is not Google, that would be worse.]
I cannot afford to be DDOS'ed and there are bad actors that have already proven that they _will_ take me down if they could. So, I feel bad for the internet being walled up, and I feel bad for users that will lose access. And I fret that one day CF may just decide to take all my content and use it somehow to shut me down.
Meanwhile though, I hold my nose, cry inwardly, and continue to use Cloudflare.
What was your infrastructure like? Were the DDoSes affecting you at the application or network layer? I wonder if there's the case to be made for something like CF but integrated into your L4 and L7 LB infrastructure.
I am certain this is the intended endgame. LinkedIn/X style verification to prove you are not a bot once the hold is in enough places.
That such a database has other uses would be a happy coincidence.
and then capture the data on the sly and sell it to the AI scrapers anyway
Yes, but also you can't send an email in any meaningful way on the internet without going through a middleman anyways so while philosophically you're correct, in reality it's already the case.
It's not really a big deal to MITM email anyway.
Yeah it's already a known point of failure. The annual chaos is always when they have some downtime. They do offer an incredible service though. Would like to see some competition but it's not easy.
https://blog.cloudflare.com/enterprise-grade-features-for-al...
That's great - and maybe I'm cynical - but that's right where my mind went when I read that. Trading income for control isn't a bad game..
I have been logging in via ssso on business non enterprise plan for a year. Am I a part of an a/b test or what?
Good point, but I guess we are stuck here.
I don't think Cloudflare did anything major wrong, most of what they offer have plenty of alternatives, but Cloudflare is able to do a lot for free which really isn't their fault.
There are complain about its cache's captcha, I get it, ideally it should not discriminate any human user, but IMO it's an economical problem unless we collectively decide what they do is public utilities.
Was about to comment on this but you got right to the point. All of this is because people are lazy to build, let alone maintain, their own damn programs and servers.
I have more money than time. Take my money to do things I do not have time for. What you call lazy, I call time and capital/cashflow efficient.
(cloudflare customer, in both personal and professional capacities; i pay Fastmail to host family email; both can easily be switched if needed to prevent lock in, with DNS changes and in the case of hosted email, an export of mailboxes and tenant config)
What GP is effectively saying is that you don’t value independence enough to invest the necessary money and (for personal use) time into self-hosting.
And there is a spectrum to this. For example, using a small, independent email or hosting provider may cost a little more time, but makes you more independent from big tech, and maybe more importantly, contributes to reducing the power of big tech. We are all paying for it, down the line.
> makes you more independent from big tech
Citation requested. Big tech considers your IP address dishonorable, and blackholes your emails. How independent are you now when you can't email any providers that use blacklists?
> contributes to reducing the power of big tech
Again, citation requested. Big tech will just blackhole your emails and you'll only find out when your users complain.
This is a fallacy, as self hosting means you remain at the whims of receiving or interfacing systems. Does you hosting your own email change the concentration of email accounts hosted at Yahoo, Microsoft, and Gmail? It doesn't. Does hosting your own domain or website change Cloudflare's concentration and centralization of internet traffic? It doesn't. You vote with your dollars by picking providers who won't lock you in, you vote with your dollars by picking protocols over platforms that cannot lock you in.
Paying Fastmail, along with others who do so, means Fastmail will remain as a non Big Tech option, for example (they also developed and championed, JMAP, for a more efficient user experience). Paying Kagi means Kagi will remain as a non Big Tech option. Donating to Let's Encrypt means Let's Encrypt will remain as a public good independent of Big Tech. I could go down the list of every service I pay for to de-Google and de-Big Tech, but that's likely unhelpful to further demonstrate the point.
> We are all paying for it, down the line.
Indeed, so establish and fund organizations that provide systems and services for benefit vs profit and control that cannot be captured. Self hosting your own box at home helps you (which is totally fine and reasonable, I run my own on prem infra across two continents at small business enterprise scale for use cases I cannot procure commercially at reasonable cost), but does nothing else, and doesn't scale.
(think in systems)
Hosting your own email means the subpoena (or warrant) is delivered to you.
You get to respond to requests and your data cannot be handed over without your knowledge.
You will still be required to hand it over, or sit in jail while your confiscated, inventoried equipment is processed by forensics. If I want to be subpoena proof, I’d host the subject system outside the jurisdiction with an org having no connection or nexus in the adversary jurisdiction. Admittedly, this is up to your threat model. Do you want to know, but still be legally required to provide access? Or do you want to be out of reach entirely? The answer to that will guide your implementation and operating model in this context.
I don't mind being warranted, if they come to the door with warrant I will give them my boring, pedestrian inbox
but I do mind my data being drag-netted, or hoovered up by scummy big tech and then sold on
(whether that's for slop training, ads, anything really)
A lot more people and organizations would self-host email if it wasn't a minefield. It's not laziness that Google and Microsoft have effectively decided nobody's allowed to do that.
I was part of a team ran EMail services for a ~15,000 person campus of a ~80,000 person university in the late 90s and early 00s. It was a full-time job for a team of people to keep things running, up to date, control spam, etc. It was a minefield 25 years ago! Literal years before GMail was a thing.
Your website provides "paywalled hosting and sales platform for digital content creators"
Are digital content creators lazy too? Why don't they just host their content on their own damn servers?
running email servers is a huge and terrible time sink
Always has been; remember AOL basically reinventing DNS?
And always will be.
It's not laziness, it's greed. People want to build and host their own things but that costs money.
Is this even true for such a sensitive subject like email where there are insane blacklists/whitelists everywhere in which you are forced to use a middleman either way so your emails enter someone's inbox?
And this sentiment of "every company should have to run their own servers and pay 'me' to do that at a higher cost" isn't greed?
OOF
Do you talk to your customers with that mouth?
For those who are lazy to click, this guy's business is hosting and maintaining a sales platform for people.
What's the problem? GP is addressing a market need consistent with their comment above. I wouldn't be surprised by a auto mechanic stating that (too) many people are too lazy to change their oil - they might be the best person to manke that observation, given their PoV.
The new Room 641A
Well, this is their second try at this. They shut down their first attempt after a year (and left a ton of developers stranded).
https://blog.cloudflare.com/sending-email-from-workers-with-...
MailChannels was a different company that offered an integration with Workers, and then later decided to stop offering that integration.
Today's announcement is a feature offered directly by Cloudflare.
I approve of this message.
[dead]
Email is already MITMed by gmail. 90% of my time managing transactional/marketing emails is just keeping gmail from moving my legit customer communications to spam.
> Today, we're excited to announce just that: the private beta of Email Sending, a new capability that allows you to send transactional emails directly from Cloudflare Workers.
So many comments here assumed from the title they're offering a hosted email service, they aren't, they are announcing their own Sendgrid.
That's exactly why I'm excited. I could really use this.
Please blog about it if you do!
I can, but wouldn't that be a boring post? "I set my SMTP servers to this other thing and they still work"? :P
Or do you mean if I get access to the beta? I probably won't :(
It's unfortunate that email hosting and email infrastructure can really be done only well by major players. The days of people running and maintaining their own are pretty much long gone.
Fwiw, not a knock against CF. I like their products, mostly simple, fair pricing, etc. Just a bit unfortunate commentary on the state of email infra on the internet.
I run my own email server and you couldn't pay me to use a commercial provider like Google instead. The privacy benefits are huge and there is no one to restrict my storage or change my "terms and conditions" overnight.
The days of people running their own servers are gone because of the shortsightedness and laziness of IT managers. They though the "cloud" would be easier and cheaper, and they are now trapped.
You don't have deliverability issues?
I entertained the idea of running my own mail servers for a while. After researching the topic it turned out that the internet now runs on an IP reputation system. Major email services like gmail assume that anything sent from unknown IPs is malicious.
So it looks like we've gotta be well connected to federate with the other email servers now. A nobody like me can't just start up his own mail server at home and expect to deliver email to his family members who use gmail or outlook. So I became a Proton Mail customer instead.
I've run my own mail servers for many decades and have never had any deliverability issues. I've also never used bargain basement cloud VPS services with horrible reputations.
The best way to ensure a good reputation is to obtain your own address space from a RIR. Barring that, you need to choose a provider with a decent reputation to delegate the space to you.
> The best way to ensure a good reputation is to obtain your own address space from a RIR.
There is the slight problem that RIRs ran out of (v4) addresses almost a decade ago.
Not true, at least for ARIN. If you have an IPv6 allocation, you can obtain one or more IPv4 /24 allocations, so long as their stated purpose is to provide IPv4/IPv6 compatibility (e.g. for dual-stack services or NAT): https://www.arin.net/participate/policy/nrpm/#4-10-dedicated...
> obtain your own address space from a RIR
How does one do that? And what are the costs involved?
> After researching the topic it turned out that the internet now runs on an IP reputation system. Major email services like gmail assume that anything sent from unknown IPs is malicious.
You have to buy/rent a dedicated IP address (that you'll be able to keep long term), and it warm it up by gradually increasing mail volume over a few months to weeks. But once you have, deliverability shoudl be fine.
I think the bigger issue is needing to keep on top of mainenance of the server.
Like the parent have ran Email servers for many years now. If you get a bad IP, as long as you get the DKIM records right, over time it will 'warm' up the IP. And the more you use the email on that IP and NOT spam people. The IP will warm up. Make sure you actually own that IP!!! It will become valuable.
This does you no good for the months or years it takes to "warm up" your email while your messages are getting thrown into the trash.
[dead]
Deliver via sendgrid*, receive directly is probably the only viable path for self hosted systems.
Where sendgrid=any major player, could be Mimecast, proofpoint or anyone else who will forward outgoing email.
FWIW, a huge percentage of the spam I get is via Sendgrid, and at some point in the past year or two their abuse reporting mechanisms all turned into black holes, so mail sent via Sendgrid is heavily penalized in my spam rules.
Sending reputation is just as applicable if you're using a third party as if you're hosting it yourself, but much less under your control.
I don't have deliverability issues to the big providers, but that comes down to the age of my domain and my IP in a clean non-residential block. But you won't have reputation issues if your friends and family also run their own server and don't enforce such arbitrary requirements. Running your own servers, not only for email, is the only way to regain control over your computing.
Can you share what your antispam strategy is?
I have arrived at the opinion that what I would do if I moved to selfhost would just be to pay some trivial amount for outbound email via a provider like sendgrid as someone else in these comments has also mentioned. Since I send out maybe a half dozen emails a month I don't think this would be a big deal.
But when I relied on selfhosted email several years ago, I was always inundated with spam, which SpamAssassin was wildly undermatched to handle -- that was one of the main reasons I moved to gmail. So I'm curious what people who are happy self-hosting today are using.
My suggestion would be to use a unique alias for each website/company. This way, if you start receiving spam at that address, you know who leaked it, and can simply delete the alias. You should also then publicly name and shame the source of spam.
I also run SpamAssassin on my server, but I don't believe it ever had to do anything.
I’m the reverse, I can Microsoft 8 bucks not to mess with this? Sign me up!
It's really not that hard to run a mailserver with https://github.com/docker-mailserver/docker-mailserver
The problem is that Gmail will bounce any emails from DigitalOcean IP, even if you sit on this IP for years (so no recent spam), even if replying to someone, even if you registered as 'Postmaster' on Google.
So if you want to selfhost, you'll first need to find an IP that's not blocked to begin with.
I've run my own mail for 10 years (postfix/dovecot/rspamd), no issues. Reverse DNS, SPF, and DKIM records need to be in place, but that's a small lift.
Well, one time I was unable to send mail to a guy with an ancient @att.com email address from his ISP. I got a nice bounce message back with instructions to contact their sysadmins to get unblocked.
To my surprise, they unblocked the IP of my mail server in a matter of hours.
Private email will have no problems. I also ran my own mail server for personal use and had almost zero problem (and this was on an AWS IP!).
Where people will absolutely have problems is trying to run a marketing campaign through their own IP. You absolutely will (and should) get blocked. This is why these mixer companies exist and why you pay for an intermediary to delivery your mail.
This is a myth though (with some truth to it in certain cases). I've run my own mail infrastructure since 1999, no issues.
I suspect if you shared more info about your mail infrastructure, it might reveal that what is working for you is too complicated for 99.9% of people to set up and maintain themselves.
I don't think the goal is that every non technical person can host their own mail infra.
But most people who can run a server should be able to setup OpenSMTPd with the DKIM filter and Dovecot. It's much easier than configuring postfix like we had to do in the past.
To answer a sibling comment, the last time I received an answer is a few minutes ago. The correspondent's email infra is hosted by Google.
You're right, it used to be a bit complicated. Now you just need to have a reputable and clean IP address, and knowledge of running some services in docker and of course understanding DNS and its crucial role for running a mail server.
I used to run all the components and maintain it (even that wasn't bad), but I changed to mailu[1] about a year ago
[1] https://mailu.io
Your argument might have worked 5 years ago. Now, with AI, it's very dated.
It is probably because you have run it so long that you have good reputation and less issues. Too bad we don't have time machine to go back to ninties to start building up reputation.
Every single IT team I know wanted to get rid of the mails servers.
I don't know why. At the same time they don't want to get rid of the bbdd servers, or the app servers.
Maintaining a email service must not be as easy for them.
Have you had static IP since then? A problem is that most new mail servers will have IP address with history.
The current static IP (it changed over the years) I got in 2016 or so.
Well, it’s hard to beat 26 years of expertise.
>This is a myth though (with some truth to it in certain cases). I've run my own mail infrastructure since 1999, no issues.
when was the last time you got a reply to an email you sent?
All the time. I use it in production and I have many users.
> I like their products
I do, too. What I don't like is that they became too large and now are effectively in position to gatekeep the whole internet.
Resend was a breath of fresh air for me recently.
There is a sweet spot between Gmail and self-hosting. I use Runbox and generally separate contexts, with CF being an exception as I use CF pages for static blog websites, some of their core services, AND as a registrar. For the latter, the default setting is porkbun. The reason for this is not CF's mandatory in-house DNS servers, but the simple fact that they do not register .de domains.
> The days of people running and maintaining their own are pretty much long gone
This is very much a myth. There's a lot of FUD around how mail is "hard", but it's much less complicated than, say, running and maintaining a k8s cluster (professionally, I'm responsible for both at my org, so I can make this comparison with some authority).
Honestly `apt install postfix dovecot` gets you 90% of the way there. Getting spambinned isn't a problem in my experience, as long as you're doing SPF and DKIM and not using an often-abused IP range (yes, this means you can't use AWS). The MTA/MDA software is rock-solid and will happily run for years on end without human intervention. There really isn't anything to maintain on a regular basis apart from patches/updates every few months.
This is 100% my experience too. Self-hosting email isn't any harder than self-hosting something else and there is no maintenance beyond apt update and apt upgrade. Even if you choose to do this in hard mode using postfix/dovecot instead of a dockerized stack, you can get a working config in a few minutes from an LLM these days.
Great move. Will probably switch to it immediately from Sendgrid as soon as it goes GA.
Sendgrid recently killed their free tier (100 emails per day) and their lowest plan is now $20/month for 50,000 emails. It's totally overkill for low traffic projects.
Zeptomail by zoho has been reliable for me and extremely reasonably priced: https://www.zoho.com/zeptomail/
This looks great. Thanks for sharing!
This is really cheap, is the deliverability good?
Yes, honestly been much more reliable than my previous provider (mailgun). Their IPs were constantly getting on spam blocklists with yahoo and hotmail. No issues with zepto so far, been using about 9 months.
Thank you! I hope they verify me soon.
Even with those pricing structures, 95%[1] of the spam I get comes from sendgrid. To their credit, their abuse@ address is good at handling the reports and they reply with a followup that the report was received and able to be acted upon[2].
The volume of spam (for me) doesn't seem to be decreasing from them, so there's a lot of moles to whack.
[1] Just a guess from looking at the last weeks [2] I know it's automated, but often there's 2 that come with the 2nd one stating it's acted upon, so i'm hopeful.
These services are just spam-circumvention as a service. It's cheaper and easier to pay 20 bucks to sendgrid and let them fight the fight with google/microsoft/yahoo than to circumvent spam protections of the big providers.
You can very reasonably and reliably expect spam amount to correlate with the cost of sending said spam or expected return. At any service. There used to be a time where you HAD to check your mailbox several times a week or it would (literally) overflow with spam.
Re: Sendgrid killing their free tier - I used them for the contact form on my personal website, and after they ended the free tier I was able to move to Resend (who has a similar free tier) without too much work. Pretty happy with it so far.
Try https://mailpace.com
The lowest plan $40/year for 1k emails/month isn’t on the Pricing page, but you can select it when signing up.
Been using Mailpace for a few years.
Has been a 10/10 experience -- rock solid and extremely good deliverability.
Wish the pricing increased non-linearly though at higher volumes.
Thanks for recommending mailpace, £7.50/month for 10,000 emails is very reasonable, _and_ they support idempotency! Definitely makes me consider switching to them..
Thanks. It's not very smart to not list that plan in the pricing page IMO.
Or migadu for 19/yr
Migadu is more for personal emails - they aren't meant for transactional emails at all.
[dead]
smtp2go.com offers a free tier with 1,000 emails/month. I’ve been using it for a few small services I run and haven’t had any issues so far.
smtp2go will let you have 200 a day or 1000 a month for free.
Switched to this from Sendgrid for my low email volume apps.
> Sendgrid recently killed their free tier (100 emails per day) and their lowest plan is now $20/month for 50,000 emails. It's totally overkill for low traffic projects.
With a pricing structure like that it appears they became too tired of verifying/validating users to not send spam. Unfortunately I don't blame them.
$10/year for 10,000 messages/year is 10 cents per message. (Or some other volume at 10 cents/message.) Surely too high for spammers but cheap enough for an app with a low message volume.
$10/year for 10,000 messages is a tenth of a penny per message
It's not about optimizing for low volume side projects.
Barrier to entry for (12 * $20) is much higher than $10/year and they figure that was worth the tradeoff of losing small fish customers.
Well, I was responding to your claim that "it appears they became too tired of verifying/validating users to not send spam" is the reason for killing their low-volume free tier. It's a different story if they dropped the free tier to focus on large-volume customers.
isn't this done automatically?
Sure, and then the spammers figure out how to fool the checks. And sendgrid has to figure out how to detect the new and improved spammers. Then the spammers figure out how to fool the new and improved checks... and so on.
The part where sendgrid has to keep figuring out how to make new and improved validation is expensive.
> Imagine a user emails your support address. A Worker can receive the email, parse its content, call a third-party API to create a ticket, and then use the Email Sending binding to send an immediate confirmation back to the user with their ticket number. That’s the power of a unified Email Service.
This is/was already possible. You can just reply to an email from an email worker.
I had the exact same thought. I guess now you could put something in a queue if you have to do non-trivial processing before replying, but that’s not what they wrote
I keep thinking that Email would be a pretty natural extension process with the workers model in general... if they offered workers that could handle a tcp connection as stdin/out from the application perspective. Especially in concert with D1, R2 and other services.
I think the biggest issues would come down to server-side search functionality though. For very basic services, and even most of common IMAP/JMAP, it could be pretty great. Working on an a major email platform is something I've really wanted to do for a while now. (cloudflare, call me)
Finally. My two production projects are built entirely on Cloudflare workers platform, and I dread every time I have to login into AWS to manage SES. I even wrote a note for myself with instructions which buttons to press and where to navigate, like you'd write for your elderly relative who's "not good with technology".
Honestly this is why I like what Cloudflare is building nowadays. They aren’t just a CDN but rather they’re becoming a full on cloud, like AWS and Azure are - except their developer experience is just so incredibly better than any other cloud
Kind of off-topic, but it's such a pity that we arrived at email as the local minimum for the best communication protocol for transactional messages. Having to set up an email service just to be able to enable authentication flows on a new website is such a hindrance that I keep wondering if it would be different if sending push notifications to a cell phone was made an open protocol..
It's because every communication protocol since has been a walled-garden with a rent-seeker attached. This is why open, federated protocols are so critically important.
I hear your pain. However I think if you really look at it email is a good thing. Its brokenness is a highly desired feature. It is the last generally accepted tech bastion that keeps us from becoming some sort of always on the job star trek borg style creatures that cannot have plausible deniability that the computer failed.
Oh i didn't get that email.
Oh spam filter.
Oh so backlogged on email.
Spam push messages don’t need to be a thing. Ever.
This is the fate of most open protocols. It becomes too hard to migrate to a new spec due to the increasing difficulty of coordination and then the protocol gets stuck in time.
China was able to pull that one off, pretty much no one uses email there.
What exactly are they using? Wechat messages?
For registering/authenticating to service, SMS mostly. Same deal in Russia in my experience, basically every website/service signup asks for your mobile number and just texts verification codes.
So smart-phone is required for everything there? No computer flows for website access? "We" definitely don't want that... but many others do as it takes control away from people.
Smartphone is required for everything there, yes. Signing up for services, authenticating yourself (e.g. when entering a train station), payment, social media, etc.
Computers used to be expensive and people had less money back then, so most of the country essentially just directly upgraded to smartphones. Many don't and never used to own a PC outside of work.
For just SMS authentication, you just need a phone. Any kind of phone.
But it also just so happens that in both of those countries, you must have your identity attached to any SIM you purchase. So, anything that makes you register with your phone number will indirectly link your real identity to that registration. It must be very convenient for their governments!
Question for the Cloudflare people: We use sendgrid today, and create subaccounts through it (entirely with API calls) to allow our customers to add and verify their own domains (with a couple of DNS entries the customer can create). Then we can send out email on their behalf "from" their domains -- with DKIM, SPF, and all that still being happy.
Does the Cloudflare email routing product provide this same capability?
Been waiting for this for a long time! CloudFlare developer platform is underrated. The ability to use queues, cache (KV), Hyperdrive, and R2 (an S3 equivalent) with one line of code is just brilliant.
Same here. Cloudflare products are a really good balance for small projects that could eventually need to scale up. Durable objects is such a cool concept in itself that I don't know why it didn't catchup the same way in other providers.
About their developer platform: https://blog.cloudflare.com/cloudflare-developer-platform-ke...
I really like CF focus on developers but their R2 is not quite configurable yet as S3. I am looking forward to move away from S3 if R2 can get their bucket policies and permissions as advanced as S3.
Could you accomplish your needs in R2 just using more buckets?
potentially yes. but that will not be a clean solution. One bucket per customer is our rule.
What are people's experiences using their current Email Routing service? Mine wasn't great -- right after I set it up I could not get a single test email through to my recipient account despite multiple attempts. No delivery failure emails or any responses at all. Nothing on their dashboards either.
Searching their community threads turned up several other folks who had encountered similar silent failures that were never reported on the dashboards or any status page, leading them to question the company's interest in supporting this feature. I tabled that idea at that point as it was not critical.
A few months later, I randomly tried sending a test email again and it just worked. However, the initial experience left a bad taste in my mouth. Could I trust it to start routing critical emails?
Wondering what other folks here have experienced...
They enforced ARC without any notice which failed deliverability by about 50% for my catch-all address. I only noticed when someone told me they had emailed and it didn’t come through.
I just don’t trust them now. That was a huge misstep.
I use it with a couple of addresses. No issues so far.
I thoght this was a service like migadu or proton mail
That seems very similar to Resend, which has been a joy to use for my part.
>// Classify incoming emails using Workers AI const { score, label } = env.AI.run("@cf/huggingface/distilbert-sst-2-int8", { text: message.raw" })
This is neat but be careful using an LLM to parse email content. The demo is a BERT model which is a good but I can see how someone might swap this without realising the implications
Also really nice to see emails from workers, its something I have wanted for a while!
This is great. I’ve had many side projects with Cloudflare where I’ve wanted a way to send emails as a part of it, and it’s slightly annoying having to go find another service to use to get that done. Having this baked-in will he sweet!
My understanding is that "Best Practice" is to use different companies for different services (not to have all of your "eggs in one basket") in case something goes wrong with one company and they take everything down.
This is what I have...
Domain Name Registrar: Dynadot
DNS: Cloudlare
Hosting: Dreamhost
Email: Fastmail
Should everything be under Cloudflare? I think they also do domain name registration and now, soon email. Not sure off the top of my head if they do hosting.
You can't connect to your email or hosting if your DNS with Cloudflare is down.
Plus, Dynadot uses Cloudflare for their site, so you couldn't even change your nameservers if CF is down.
A random scatter won't protect you from a service like CF / AWS / GCP being down, and most users won't benefit from protecting from that sort of unlikely and major scenario anyway...
That's a good catch about Dynadot using Cloudflare.
Ideally there would be a setup to avoid having the domain name registrar use a different DNS than me.
I'm more concerned if an over-zealous algorithm or employee shutting down an account and being able to just switch that one service to another company rather than losing everything.
I'm not sure what best practice actually is, but each different company you depend on is a different failure point. If CloudFlare goes down half the internet does (which is a problem of course, but not my problem), so from a purely utilitarian perspective depending on them feels like a safe bet.
Does Fastmail have an easy API for sending messages from an app? I've tried it before but found it much more complex than an API call.
They do, it’s call “pages”
Cloudflare have great products and engineering expertise, but it starts to get into a concerning territory; what kind of influence over various protocols of the Internet they (might) have.
Especially when they decide you've used too much and shake you down for a higher business or enterprise plan.
WTF Cloudflare you are using a google form for the beta sign up?
Sign up to the waitlist here. https://forms.gle/BX6ECfkar3oVLQxs7
Edit: I see its an email sending service not client.
To be clear, Cloudflare Email Service is not a full-blown email provider like Fastmail, nor is it even comparable to email services like AWS SES or SendGrid. Cloudflare already offered email routing and Cloudflare Email Service just adds the ability to send email via Cloudflare Workers, so there’s a long way to go before Cloudflare could be an option for replacing Fastmail.
What would be the difference if we are talking about transactional emails? Why not comparable to SES?
You know, it might be closer to AWS SES and SendGrid than I thought initially. My first reading of blog post gave me the impression that Cloudflare Email Service was designed for Cloudflare Workers only because that’s what they emphasized upfront. But I missed this piece:
> We’re also making sure Email Service seamlessly fits into your existing applications. If you need to send emails from external services, you can do so using either REST APIs or SMTP.
> This really irks me.
It shouldn't.
They are not launching a complete emailing service, this is just a service that you use to send emails from an app.
"Moving" to their service is as easy as updating your DNS records so they can be seen as an authorized sender.
That's nothing. One of the recent CloudFlare outages was because they hosted some essential stuff at Google cloud and that had an outage
For people looking to self host email, the mox software is surprisingly refreshing.
Open source and available here: https://xmox.nl/
Email for developers will always trickle down to a commodity, wrappers will get left behind, acquired, or relegated to a small niche.
I’m interested to see pricing and what the backend dashboards look like for this. I’m currently using PostmarkApp for my transactional emails and they keep bumping the monthly price and my usage is tiny. If I could just pay per email that would be better.
That said, I’m hosted on AWS so maybe I should look into SES as well if I’m going to replace my email sending service.
I haven't experienced any price increase on the cheapest Postmark tier over the past 3 years or so? In any case they deliver excellent service and as a business earning money and sending emails per transaction it's almost free.
Cloudflare at some point will basically compete with AWS as the entire infra platform for developers. They are slowly building tools one after another.
I am really excited to follow how their Containers platform matures as it is still too early.
Yup and why their share price has rocketed. Nobody in the CDN industry is making money - a large player went bankrupt recently. You don't want to look at Fastlys financials and share price Cloud is where the money is.
Yup
https://stratechery.com/2021/cloudflares-disruption/
I hope they enforce the use of plain text versions of html email :)
I wonder what the pricing will be. I would love to have it be where X number are free, then each one additionally will be a small price. I hate having to change tiers based on usage. I would have no problem funding an account and using that to pay for the overage.
This is good and I am fairly certain email is dead with AI, hopefully soon.
I went from hosting my own pop/imap/smtp email to ignoring it almost completely at work and personal for a variety of reasons.
Text messages and chat or X/message boards are all I use now. I have the same ability to deliver messages, content, forward, save, export, and migrate between platforms. The spam in SMS is tolerable at this point.
So will this compete against SendGrid (transactional emails)?
Or is this going after Gmail/M365 (personal inboxes)?
This is a SendGrid alternative (transactional emails, potentially with a nice API).
I feel like I'm missing something based on some of the comments here. How is this different than from SES? (Why is this controversial?)
A lot of folks find SES or even just the broader AWS experience unpleasant.
Oh sure, a nice emailing experience (compared with SES) seems positive. But there are negative comments like Cloudflare shipping this is net negative, so just trying to understand the context.
The negatives are probably around the fact that Cloudflare is soon to be the master of the web (80/443)
If they launch an email service and are as successful, they could become the master of the email (25/465)
So soon, they'll be the master of the entire Internet
To be clear: I don't share this view, in part because Google and Microsoft already are the masters of the email
Thank you for the context
Cloudflare is the new AWS
I like this version of AWS
Give it time, we always like them in the beginning.
This is exactly the service I was looking for. I am using cloudflare email forwarding but couldn't find anything about how to send form data from webpage to email.
All the email service that I could find has monthly subscription, no pay as you go offer. Hopefully, cloudflare will offer pay as you go.
Is there a way to get priority in waitlist? I don't mind bugs.
Cloudflare is NSA/CIA.
I would actually use an email service from Cloudflare. That literally means I don't have to rely on anything else to host my apps. Currently I use email forwarding to send emails to a different email address from my custom domain. This would help a lot
How is that a good thing? Are we, as a society, forgetting the value of diversification, or just ignoring it because convenience is good? Do you really want to be just one wrongful ban away from being completely offline?
As someone not currently using Cloudflare Workers, I'm not sure I want to build a worker and figure out how to interface with it though my existing application just to send email. What happened to SMTP?
REST APIs and SMTP will also be available
Oh cool, somehow missed that. :)
That is exactly a service I was hoping Cloudflare would provide. Simple binding using wrangler is really a life quality upgrade when starting new projects.
From Zeno Rocha, CEO, Resend -
(https://x.com/zenorocha/status/1971260006654742780)Email sending providers have become a bit of a cartel, with prices usually rising overtime. I am expecting much lower prices from cloudflare.
It's always shocking to me how many people blindly sacrifice the principles that make the things their lives depend on actually worthwhile. The internet isn't just a thing that happened, it was developed and rolled out under specific principles and vision, and violating those principles destroys the system.
The internet doesn't work if Matthew Prince gets to act as global gatekeeper, or if CloudFlare gets conscripted as the new PRISM or NSA censorship and surveillance apparatus whether they want it or not. Given the profit incentives and intense pursuit of control, it's apparent (to me, at least) they're positioning themselves to profit off of the next big horsemen of the infocalypse opportunity.
Centralized control and gatekeeping of the internet, private or otherwise, should be shunned. Sacrificing that for walled garden features is despicable.
Don't shit in the village well, even if the guy selling bottled water says he'll get you a great deal. There are better ways of doing things.
Sure, I wouldn’t want the Linux foundation or other pieces of critical FOSS infrastructure to be routed via Cloudflair. But if I am setting up a web shop for somebody they usually care much more about someone at least pretending to be doing something about a ddos they got hit with that the decentralised internet.
To quote Raytheon “Morals are cool but 90k/year sounds a lot cooler”.
In principle I agree, but in practice - what the better ways of doing things, as of now?
Use other services where necessary, and sparingly. Use only what's functionally necessary, and diversify. Encourage your employer or organization to avoid vendor lock. Don't ever meet with salespeople, stay in charge of your websites and infrastructure. Find a highly disagreeable technical engineer to tell you what you can get away with; you probably don't need the scale of the things CloudFlare, AWS, et al impose by default.
AI right now can do all of that for you; pay for the best initially, have it do deep searches that meet what you need, and find appropriate contractors and services. Drop down to the plus tier after you get what you need initially, if the $200+ versions are too steep, but you can absolutely afford one month to plan an overhaul that doesn't empty your wallet.
Mandate open standards and bake in flexibility to your organization; pivot frequently and aggressively away from companies and services that don't meet your principles or standards.
Wherever possible use self hosting, decentralized protocols, open standards, FOSS software, and pay for expertise over the massive overkill "but wait, there's more!" the conglomerators offer. Their economies of scale serve to consolidate unearned and unaccountable power, often in cooperation with very shady players.
Yeah, tragedy of the commons, this is why we can't have nice things, because it's hard, and complex, and actual evil people exist who will absolutely ddos sites and exploit every and any opportunity to grift people out of their money. Cloudflare is a well marketed bundle of solutions for real problems, but it's definitely not the only solution.
It's up to you to what extent you compromise on principles - with AI it's becoming much easier to find acceptable alternatives without having extensive domain expertise. Normal search engines are almost completely captured by SEO and big market players, and we have a window of opportunity to use new AI search to find things that defy the status quo. The window will probably close sometime in the near future, but until then, take full advantage and position yourself to not be subject to companies or industries that shouldn't be taking it upon themselves to gatekeep the internet.
Also, yell at your representatives about getting a digital bill of rights, protecting the open internet, breaking apart monopolies, and cultivating what's best for the internet, and the world.
We have to stop pissing away the good for the convenience of the cheap.
/soapbox
Good points - thank you for a thoughtful answer!
Agreed.
One thing I've grown concerned about, after watching the Twitter migration fizzle out, is we can imitate the old internet on a small scale, but on a large scale it just doesn't work. For Twitter specifically, the outcome was even worse, many users just migrated to other more centralized services or existing monopolies (like Instagram.)
Users are too used to being able to instantly stream 4k HDR 60fps. They are too used to limited amounts of spam. They are too used to having most non-agreeable content filtered. All of this stuff that big tech delivered now is replicate-able at the cost of tens of billions of dollars. The only business model that can pay for that is owning a giant ad platform.
Thinking about all of the issues the EU has had enforcing things like GDPR, which big tech companies largely haven't followed for years or straight up lied to their customers about, along with a possible failure of the DMA now due to tariffs.. and yet on the other side of the Atlantic, the US utterly failed to ban or control Tiktok. Endless announcements of upcoming deals that were either lies (Oracle protecting American's data) or postponements.
Meanwhile, all of the spam, hacking, bots, and DDoS attacks persist and grow, along with layer upon layer of (probably intentionally) poorly written and often conflicting legislation across multiple jurisdictions have truly made it impossible for the internet as it was designed and meant to exist to continue. (Sure you can just set up a basic web forum like you could do 20 years ago, not use Cloudflare, not host it at a major datacenter, and ignore all of the GDPR and age verification laws, but good luck. Hell, it doesn't even sound like it's really legal to run a Mastodon server anymore.)
One small hope is that if internet companies follow any pattern we've seen in other industries, when the growth ends, the managers will switch to tearing the conglomerates apart in to pieces and selling them off. One day CloudFlare might be split in to 30 pieces, along with Alphabet, Meta, and Amazon. But it could be a while.
Ahhhh I've been waiting so long for this. SES is the last thing I have to keep logging into the clumsy AWS UI for
I hope it doesn't throw you in a mental health crisis when attempting to set it up like AWS SES does.
I've been using email workers for years now. Adding the ability to send emails directly from workers will be amazing!
https://blog.cloudflare.com/sending-email-from-workers-with-...
They had it a few years ago, but the company offering the free integration essentially stopped offering the free part. I'm currently grandfathered in to mail channels.
Fun fact, you can actually use the current send_email binding to send emails to verified emails in your account (but this announcement will make it possible to send emails to everyone)
You can also reply to incoming emails from what I know, you just cannot initiate any email directly to prevent the obvious abuse. I wonder how they plan to mitigate that apart from keeping the pricing sane.
Anybody know if it supports IPv6?
I didn't see any pricing, but it would be amazing if they could get close to SES pricing with like Resend levels of usability.
Only a matter of time till Palantir acquires them.
Please tell me this supports some kind of idempotency.. I fear it wont.
The kind of hoops I've had to jump through to achieve DIY idempotency with Postmark would make you cringe, a shared lock to avoid race conditions, and then using the API to check if an email with the unique id (manually added to the metadata when sending) has not already been sent before sending an email.
Being safe in the knowledge that an email with some unique key will only be delivered once regardless of bugs, processes dying mid task, network issues etc. just makes life so much simpler. The risk of sending duplicate emails or at worst spamming your users due to some more nefarious bug is something that you really want to guard against at as low a level as possible. Sure this might not be quite as consequential as duplicate charges through the Stripe API for example (Stripe have always seemed to lead the way with good API design in this regard).. doThing(data) is _not_ good enough for executing tasks over a network that are effectful, have a cost, and potentially risk your reputation if things go wrong. Idempotency keys should far more widely supported!
> Now, sending an email is as easy as adding a binding to a Worker and calling send
I hope it's easier to setup then the current mess of needing to use Wrangler to setup the send_mail binding the CF worker console can't even show in its binding list.
Will be interesting to see how good of a reputation they can keep (IP/sender reputation, specifically) given their historically very libertarian attitude to compliance.
I need to send upto 50k-80k emails per month
JSX email is an improved fork of the (very slow to be updated) react-email code https://jsx.email/docs/quick-start
Finally!
Interesting development. Not really sure I trust Cloudflare on this one, the last time they tried this with "MailChannels" they got a bunch of people to use it and then killed it off a few months later. Still, their blog post was never updated to say the feature was removed: https://blog.cloudflare.com/sending-email-from-workers-with-...
MailChannels is a separate company from Cloudflare. At one point they offered a Workers integration, and Cloudflare blogged about it because we like to encourage such things. Unfortunately MailChannels later decided to discontinue their integration.
The new email product is built and operated by Cloudflare itself.
This is indeed great. I've been using emailjs dot com for low volume sending so far but they connect to your account and send it through there which is obviously problematic.. Will be interesting to see how pricing for low volumes is there. So far, I've found CF to be more than fair, esp. given their potential for abusive pricing.
"Centralizing the decentralized." --(probably) Cloudflare
This sounds amazing… basically everyone in the space is either reselling Sendgrid or AWS SES.
What other "root" email services are there out there? Even Google Cloud doesn't provide one...
Postmark is pretty good as well :)
Mailjet, mailgun, sparkpost and a bunch of others.
Mailjet / Mailgun are one and the same service and since the acquisition, I haven't heard of anyone still happy with them. But yes good point, Mailjet is another one.
Sparkpost to my knowledge is built on SES.
Sparkpost roll their own MTA’s on AWS, they’re not sending via SES.
Google's Mail API for App Engine seems to still be available. I think they don't really want you to use it, but there it is.
I'm currently implementing SES for a new app, but I like the idea of having another option. I wonder what the pricing will be.
Cloudflare's email routing has been abused by malicious users for so long that I can no longer reliably use it with my domain, most times Outlook just blocks Cloudflare IP ranges and emails never get routed to my Outlook mail box.
shut up and take my money!
For fuck sake is nothing sacred anymore
No doubt cloudflare will refuse to receive emails from any mailservers except those that run special cloudflare extensions or whatever. It'll be a whitelist that's mostly corps only. For "security" of course.
And eventually it'll be so popular other mailservers will stop accepting mail from any except cloudflare/ms/apple/etc.
Where are you getting this from?
How cloudflare treats web browsers and their proposals for acting as gatekeeping for allowing websites to be spidered re: AI motivated corporations. Also cloudflare's near weekly proposals of unilateral protocol features that should be IETF'd but instead they just do and make others do because they're gatekeepers and they can. I expect them to keep behaving as they have and so posited likely 'cloudflare'-like actions for their announced attack on email.
I get that most people never feel the discimination and exclusion mediated by cloudflare because most people are just using chrome or whatever standard browser on their phones. But just because one doesn't have the lived experience of discrimination doesn't mean it isn't actively happening to lots of people.
Everyone just forgetting Fastmail exits.
https://www.fastmail.com/
Is Fastmail in any way similar to what is being described here? Fastmail looks like a replacement for Gmail or maybe Gsuite.
Sorry... I though Cloudflare was offering full service email (SMTP/MTA). If it is just SMTP outbound email, then SMTP2Go would be a better alternative.
Fastmail is mentioned on every email provider suggestion thread on HN (Because they are great, happy user!), but they are not a transactional email provider which is what this product is about.
By transactional, do you mean a bulk sender? For that, I recommend SMTP2Go.