New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You'd think I advertised somewhere "clone of whatever email service you prefer." No one was forced to buy it, I've sold it with 100% clarity on what it is.
I'm not trying to be on your dick about it. You posted there was new development going on, and I said this was still an issue that it would be great if you addressed while you're changing things. Then we got into a discussion of the good and bad points of it. If you had said something like "yeah that's something I'd like to fix one of these days, but don't have the resources at the moment" then that's great, I understand that. Instead you said "that's not a bug, it's a feature" and we went back and forth on the issue.
It doesn't matter. Even if you literally rebuilt gmail overnight, you'd get shit for it.
I don't think you advertised a clone. I just think you're not following usual industry practices and it may become more of an issue as you get bigger. Call it a missing checklist item, if you want.
Its cool, thank you. I like mxroute alot, very simple to use, affordable and stable!
You're pretty technical, you know that can't simply be disabled. At most within reason it could be cosmetically removed, and outside of reason it could be removed in code and then added back on every update.
I don't know what your dev plans are. I also don't know anything about cpanel from the admin side, so don't know what's feasible to remove or not. In the long run once you can afford to do so, I hope you'll switch away from cpanel, which as you say in your FAQ was a quick and easy way to get started, but it's far from ideal for this application.
That's exactly what I promised all along. A model closer to shared web hosting without web part, with a cost structure that broke away from the standard email pricing structure, and high quality delivery. To pull it off, as one person bootstrapping a company out of pocket, I delegated out development I could neither do nor pay for.
I've been pretty transparent the whole time. Now you're asking me why I'm not running a fully custom service that matches that of others, as though that's even remotely what I've offered to sale at any point :P
At no point have I ever suggested you not use your preferred service
Developing a custom solution, from scratch, does have its costs. And we're not talking of a few thousands.
We'll eventually get there, it just takes time to.
We're currently limited in what we can do with cPanel, so we'll focus on using the API to integrate things better. However, if you check Gsuite, the admin can still change passwords and access the emails after changing passwords.
Want it to be secure? Signup for Gmail/Gsuite, don't share your account with your wife, and use a single account there.
We can't do magic here.
This very same scenario applies in Zoho, Fastmail and all others. The admin can reset the password and access all emails.
I don't get all the fuss regarding how it works. This is basically how it works everywhere. If you think of it, multiple organizations = Addon domains.
Subaccount permissions don't exist in cPanel -> As it doesn't in Zoho/Fastmail admin panel.
You're advocating security which we completely agree with, in terms of, security is a priority, thing is, you're focusing in the account with subaccounts/different permissions where the account holder can't update subaccount passwords. That doesn't exist anywhere IIRC, that would make no sense.
@MikePT Please don't engage @willie. It won't help any of the three parties (LLC included).
I'm going full cPanel template for customization. The webmail link for each address may not be there in the future, but archiving and backups will, meaning if at any time in the foreseeable future one of my customers tells their customer they can't access their data, they will have to be dishonest to do so.
Archiving and backups were huge requests, and they're totally within the scope of what is reasonable for an account admin to have.
Now discussing what's ideal or not, let's keep this in mind, please:
cPanel is a well developed product. Their team is constantly releasing new features, software is updated / patched really fast, and they focus in security and in the UI experience, even for the non savvy.
They provide API access, even clients have API access.
IMHO it's a product you can actually rely on. No need for custom MTA's with a custom panel. You can achieve the same using their pretty extense API and actually develop it faster, while you can focus in implementing their new API functions instead of keeping your software updated and integrated. Yeah that's another thing, when things break, it's a clusterfuck, while with cPanel, it rarely happens.
And that's how you get the savings too. If I had went for VC funding and hired a dev team, I wouldn't even have the same customer base. They came to MXroute because they wanted what was offered, cost cut on development and patching, savings passed on to customers.
Most people don't even understand what SMTP stands for, you realize..
It works for 99% of our customers.
Many never heard of cPanel before signing up with their services, and they finally learned it, finally were able to migrate their sites to better webhosting companies.
We're changing the world!
Is that an enterprise product, or something that random people use? Is there a way to turn off that access? It's an interesting data point. As said earlier though, I haven't personally encountered it in other email services such as as Fastmail. I used Gmail at work but that was really a company-owned account, so I'd expect the company had access.
Fastmail also has a business email package that might give the company access to all the mailboxes for similar reasons, but the personal package that I use doesn't do that. So I'm interested to know whether Gmail/Gsuite (not sure what's what) has something like Fastmail's personal package (i.e. a paid account which you can use under your own domain, but everyone has sole access to their mailbox).
Anyway this has gotten overblown. I'm a happy mxroute.com customer. The product has limitations like anything else does and I take those into account when I use it, so everything is fine. I made what I intended as an improvement suggestion and got into a surprisingly complex discussion as a result. I think you're aware of the issue now so I'll leave it to you to someday get around to fixing it, or not, as the case may be.
I own a business Gsuite account, and do assure you: Yes, the account owner/admin, can reset the password for everyone else, even disable 2FA and login using the password set.
I am pretty sure Fastmail works the same way.
Note that I don't mean they have a button that says "Login to webmail", but, resetting a password, isn't that hard. For malicious stuff, it just works the same way. Reset then login. Disable 2FA, do whatever you want.
2FA is also a joke @ email level, there's no support for 2FA in the IMAP/POP3/SMTP Protocols, so you'd need to do it using an App. As long as you provide IMAP/POP3/SMTP, you can just bypass 2FA.
Email in general, isn't that safe.
E.g: Messages are not encrypted, it's all plaintext, unless you encrypt those, eg with pgp keys, etc.
I do appreciate your recommendations, and I assure you that we're working in adding new features / modifying the current setup.
Cheers!
I checked the docs and it is an admin option. Per https://www.fastmail.com/help/account/users.html :
So the admin can mark the mailbox private and then no longer be able to access it.
I think this is different than how their now-discontinued "family plan" worked. My impression was that the admin just plain didn't have access.
Well DMARC is the final piece of the puzzle. For example Google won't give two sh*ts about your SPF and DKIM records if you don't have a restrictive DMARC. With a restrictive DMARC it will reject spoof'd addresses that don't fit the SPF records.
Eh that maybe the case but I like that it's an option still.
Agreed, especially when you can also force rDNS lookup (even though providers hate it as it's an extra load). Of course as you noted it can be limited when on shared infrastructure. It's really a shame DKIM isn't doing more in this regard.
You're literally missing the point of this service. It's an email host with a strong SMTP backbone, arguably one of the best SMTP backbones in the industry. Additionally it's marketed as a email service for small businesses and personal use. I like that I can archive the emails and wipe them out if I desire. I like that Cpanel allows me to create SSL certs for my private DNS solution. I like that Cpanel is familiar. I like that I can access all inboxes easily from one panel if need be. But I knew going into this what Cpanel is, and that this is what I wanted. If MXRoute didn't use CPanel I would literally like it less.
You're "issue" is easily solved by purchasing multiple mxroute accounts for each individual or business.
You need this for a client and want to assure them that you can't access it? Have them change the MXRoute login password.
At current rates the cost isn't prohibitive, it's still below the cost of a single inbox from most providers. You could literally purchase a separate mxroute account, set it up, then let the end user change the password. Done. But instead you're trying to get it all for as little money as possible under one account. Well this isn't going to work that way, and many of it's users don't expect or need it to. You have a solution, your just too cheap to implement it.
Although I can understand what @willie is saying, Fastmail may really be the exception in this respect (although as @willie has just pointed out above, it's not the default there either).
cPanel here or there, at the end of the day, if one can imagine trust of this kind to be a potential issue, it would no doubt be best for partners/spouses/family members to simply get their own email accounts independently of each other -- forget "family accounts" altogether. Fortunately, email accounts aren't such a scarce commodity nowadays.
This is the thing, right?
If you really don’t trust anyone, and you require absolute security over your own mail, then you need to run your own mail server, end of.
Is that even possible? To get the email for [email protected] and [email protected] to go to separate mxroute accounts? What if I wanted to add more mailboxes? Which mxroute account (or both somehow?) controls the mailboxes for the domain?
I get a number of free mailboxes from my home ISP and from some domain registrars. But if I wanted to supply mailboxes to something like a cooking club, separate mxroute accounts per member would get expensive, plus they'd each have to deal with cpanel, yucch.. All migadu.com plans have unlimited mailboxes (pricing is based on total outgoing mail volume) and I don't see any way to access user mailboxes from an admin account there, except through password reset. But since there's no way to restore the old password after the reset, the user is locked out of their mailbox and knows something is up.
Indeed, but I was alluding to a practical scenario evoked by @willie where a spouse X purchases a single mxroute account and then creates email subaccounts for his/her spouse Y and family members Z. If there's any potential issue of trust of this kind that Y & Z can imagine towards X, it would simply be best for Y & Z to each get their own email accounts independently, either at mxroute or somewhere else. If email accounts were a rare commodity, this might pose a practical problem, but since this isn't the case, it's easy enough to simply avoid any potential issue of trust of this kind (if deemed necessary).
However, there are also practical scenarios in which Y & Z would have no potential issues of trust towards X, in which case a single mxroute account would make perfect sense (economically, as well).
Your again talking about situations where you shouldn't have a trust issue. No one should expect work emails to be 100% private. If you're setting up inboxes for a cooking club I assume they'll be discussing cooking club matters in that inbox. If they aren't then they are being foolish.
If your setting up accounts for Alice and for Bob at the same domain then one would assume those are employees or members of the same organization. In which case again they should be using these accounts pertaining to that or understand it won't be 100% confidential. If your setting up email inboxes for yourself then one could say it's private.
Your solution just requires people that want privacy to open up a free email account with any number of providers or to get their own domain. However as stated administrators always have more power than most and there is a trust dynamic with this.
This is the basic fact of being an administrator or having an IT administrator over you. Don't like it? Learn it and be your own administrator. Or how about you just use POP3 and download your emails off the server and don't retain a copy there That's a simple solution. Otherwise admins will always have more power than you will be comfortable with, or this just isn't a service for you. You don't purchase a motorcycle then complain it doesn't have doors therefore it's missing critical features.
Really almost nobody is willing to pay for email, which means they use gmail, yahoo, or other surveillance conglomerates. With mxroute I can pay for the main account and then give out mailboxes that the recipients don't have to pay for, and in that way escape from the Borg.
Separate mxroute accounts won't work for members of the cooking club as far as I can tell, because the addresses should all be [email protected], [email protected] etc. Maybe I'm wrong but I think each domain can only be controlled by one cpanel account. Admin access to the member mailboxes isn't good either, e.g. because of the real-life incident I mentioned further up (email snooping over internal politics in the organization). It wasn't a cooking club, but same idea. It really happened.
Again I'm not really personally affected by this at the moment. I just don't use mxroute for multi-user situations like that. It's still good in all the other ways.
Was it assumed that email accounts managed by the organisation wouldn’t be be monitored?
You're literally describing Zh Mail, the core feature of GSuite, Fstmil, MXRoute, etc. (edited them out of respect since this thread is regarding a specific and very active host here on LET) And they are all thriving. I think what you mean to say is that almost nobody is willing to pay for PERSONAL email. Many, many will pay (gladly) for business email.
As I said above, I understand what you're saying, it's a reasonable point/concern, but where we may differ is to what extent the point/concern is merely theoretical as opposed to practical in this day of all-too-easy-to-obtain free email addresses. I'm sure that there are cooking clubs with mailing lists, but what typically happens is that people sign up to mailing lists using whatever email address they want. A person might even get a new "throw-away" address for this special purpose, e.g., [email protected]. This, then, avoids the issue of trust towards a single individual altogether.
If it's somehow deemed important that everyone in the cooking club have an @cookingclub.org address, one could set up "virtual" accounts that forward the mail to the members' real addresses. (Though mail forwarding has become a bit trickier in this day of heavy spam.)
Alternatively, the members could simply decide to trust the person who manages the email accounts for the purpose of talking about matters relating to the cooking club.
Yes, thanks, correction appreciated. Thing is I'm not too concerned with administering anyone's business email so yes I was mostly thinking of personal email.
In the case of the cooking club, or even in most normal companies, I don't think it's right for everyone's email to being monitored. My work email as an underling is probably monitored, but it's not great if the IT department can see the CEO's email, the legal department's, or other very sensitive mailboxes.
The cooking club is just recreational, it's not work, so why shouldn't they expect the inboxes to be confidential? I'm a tech guy, maybe I think it would be cool to offer mailboxes to club members, so I volunteer to get an mxroute account and set it up. But then it turns out I can access everyone's email, so no thanks, I don't want that responsibility. My mom locked herself out of her apartment a few times after which she asked the security gate staff if she could leave a key with them, and they refused. Same idea.
Why do you keep spewing stuff like this? There are many providers (I've named several) that have the setup I think is right for this. I pasted the excerpt of Fastmail documentation saying how to turn admin access off. That option exists because there was a business case for implementing it, i.e. customers wanted it. Mxroute doesn't currently have it, maybe they will some day, maybe not. I don't think you have particular credibility in telling people what they should or shouldn't want or expect.
Here you're suggesting workarounds for a technical problem, certainly a worthwhile thing to do if there's no direct technical solution. But in the cooking club case, there's a perfectly good direct solution--call it a feature supported by some but not all email providers--that does exactly what the cooking club wants with no compromises or extra effort. So they don't need workarounds, they just have to choose a provider that supplies the feature.
I think that I give up at this point. :-)
In the meantime, let's work on soliciting donations from the members of our cooking club so that we can afford such an email provider! :-)