In college I had to write a program to send emails. This was around 2012. Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from. There are obviously ways to sign the message and verify it and most email servers block messages that don’t have these because of how trivial it is to fake. It’s basically like putting a name tag on that says “Joe Biden” and everyone believing you’re the president.
I didn’t do anything malicious but I did mildly prank my girlfriend. I don’t remember what I did but I’m pretty sure I told her before I did it. I really didn’t want to end up getting expelled for “”“hacking”“” so I didn’t do anything remotely bad. The irony is the assignment wouldn’t have worked and been as interesting if my campus had the proper security measures to block the messages.
It could be that the web client for our email mentioned something about the sender being unverified and not to trust it but I don’t remember.
Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from.
I remember realizing this and thinking it was weird too when I was reading about SMTP. Specifically, the MAIL FROM command.
I almost got kicked out of school for this! I sent an email to my girlfriend from some girl that we didn’t like, saying something like “you’re a huge bitch, haha just kidding this is actually jballs not the chick we don’t like.”
Problem is that I wrote my girlfriend’s email address wrong, so it bounced back to the sender (the girl we didn’t like).
So I had to explain to a university dean exactly what I did and how I didn’t actually “hack into” the girl’s email account. That was fun.
Most orgs have an internal SMTP server that will accept and send mail to other internal addresses without any special authentication or validation. It’s almost essential for automatic monitoring software and that sort of thing.
Where the barriers go up is at the border to the Internet. And thank goodness, just a couple decades ago it was sheer chaos.
I tried to send a message to support for a company with a form on their website. I got an email back saying it didn’t pass SPF because they used my email address in the From: header.
I did manage to find the email address their PHP script tried sending it to. I emailed them about the problem with solutions to fix it. And of course they never got back to me.
When I was in schoola classmate set up an instance that is designed for hacking. But another classmate took it in another direction. Instead of following the clues to the answer (it’s a game) they instead hacked the instance and created a folder bomb but named the folders with the Mongolian space separator character. So removing them because a task. No body got upset because well… Hacking can be fun!
Second: hacking is the term used when you break into something to make it better.
Cracking is the term used when you break into things for malicious intent
Using your email address as username is a common problem for a lot of users.
Some of them are even completely shocked that they can use a different password and don’t understand, that their mail is just their login credentials for this specific site.
The feature “login with Apple/Google/Facebook” exists for a reason.
People did and DO complain about setting up email. ISP email is a great example of this. People forget their IMAP and SMTP address configuration stuff all the damn time. Always have.
I used to do home IT, and I had to help people through that crap constantly.
That said, these days people have gravitated to clients like gmail or outlook. Those push the user onto a certain domain, which makes setup dead simple. This is what mastodon.social is doing now. Making it so people don’t have to think about the instance at sign up.
Yeah I agree email kinda sucks. But everyone still uses it, and (as far as I’m aware) people aren’t writing articles about how confusing email is for people and why that makes it a failure. Mastodon and Lemmy are, in comparison, much better and way less confusing but you see that said all the time about them.
When email came out the alternative product was the post office or a fax machine. Even though configuring a client was difficult for some, instant digital messaging communication was new. It was a BIG motivator for people to either figure it out, or hire someone like me to figure it out for them.
People are comparing Mastodon to Twitter, a fairly similar core product. The gap between email and mail was much wider.
Yea I’m with you here. I’ve done a good amount of things with computers and setting up email with clients and setting up printers are probably the two “what the fuck why is this so hard!” things I’ve had to do with a computer.
I used my isp email address for a brief period and it was always super annoying in some way or another. Not to mention I lost it when I had to switch providers because I moved out of their area. It was a long time ago but they wanted to charge me to keep it when gmail/Hotmail etc already existed lmao bye
This is what mastodon.social is doing now. Making it so people don’t have to think about the instance at sign up.
TBH, I don’t find that all too bad. As long as users can easily move at any time, getting them set up on a popular one first where everything “just works”, they can learn the concepts and get used to the federation stuff. Then after some time, they may realize that a smaller server might fit them better and can then move there. Choosing a server without ever being registered somewhere (in the fediverse) was even hard for me.
For a small period of time I was a god that would bless people with gmail invites lol. That brings me back. I remember compuserve and Hotmail but I don’t remember them being especially complicated at all. Maybe that was before my time…? Which would be nice for once
Before that you’d get your email account provided by the ISP, and before that you’d have to find someone who ran an email server and ask nicely for them to make you an account.
And regarding ease of use: The reason why e.g. SMTP is human-readable is because in the early days SMTP wasn’t the protocol that your email client used to talk to the server. It was the email client.
You’d just telnet to your server and type in the SMTP commands manually.
If email were invented today people would complain about how complex and annoying it is to sign up.
OMG another account?! Why can’t I just use my discord smh
In college I had to write a program to send emails. This was around 2012. Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from. There are obviously ways to sign the message and verify it and most email servers block messages that don’t have these because of how trivial it is to fake. It’s basically like putting a name tag on that says “Joe Biden” and everyone believing you’re the president.
I didn’t do anything malicious but I did mildly prank my girlfriend. I don’t remember what I did but I’m pretty sure I told her before I did it. I really didn’t want to end up getting expelled for “”“hacking”“” so I didn’t do anything remotely bad. The irony is the assignment wouldn’t have worked and been as interesting if my campus had the proper security measures to block the messages.
It could be that the web client for our email mentioned something about the sender being unverified and not to trust it but I don’t remember.
I remember realizing this and thinking it was weird too when I was reading about SMTP. Specifically, the MAIL FROM command.
Also related.
Spoofing email is hilariously easy. GPG signing really needs to be made easier
I almost got kicked out of school for this! I sent an email to my girlfriend from some girl that we didn’t like, saying something like “you’re a huge bitch, haha just kidding this is actually jballs not the chick we don’t like.”
Problem is that I wrote my girlfriend’s email address wrong, so it bounced back to the sender (the girl we didn’t like).
So I had to explain to a university dean exactly what I did and how I didn’t actually “hack into” the girl’s email account. That was fun.
I sent my gmail address an email from obama@whitehouse.gov and it worked.
Most orgs have an internal SMTP server that will accept and send mail to other internal addresses without any special authentication or validation. It’s almost essential for automatic monitoring software and that sort of thing.
Where the barriers go up is at the border to the Internet. And thank goodness, just a couple decades ago it was sheer chaos.
I was on the school network, so maybe they accept ones from within and reject ones from outside.
I tried to send a message to support for a company with a form on their website. I got an email back saying it didn’t pass SPF because they used my email address in the
From:
header.I did manage to find the email address their PHP script tried sending it to. I emailed them about the problem with solutions to fix it. And of course they never got back to me.
They probably tried to get back to you but used an internal we form that filled the from header with their email address. 💀
When I was in schoola classmate set up an instance that is designed for hacking. But another classmate took it in another direction. Instead of following the clues to the answer (it’s a game) they instead hacked the instance and created a folder bomb but named the folders with the Mongolian space separator character. So removing them because a task. No body got upset because well… Hacking can be fun!
Second: hacking is the term used when you break into something to make it better.
Cracking is the term used when you break into things for malicious intent
GPG let’s you choose a email too. I always use fucktrump@whitehouse.gov as my email when generating GPG keys for dark net markets
Using your email address as username is a common problem for a lot of users.
Some of them are even completely shocked that they can use a different password and don’t understand, that their mail is just their login credentials for this specific site.
The feature “login with Apple/Google/Facebook” exists for a reason.
I don’t get the email analogy.
People did and DO complain about setting up email. ISP email is a great example of this. People forget their IMAP and SMTP address configuration stuff all the damn time. Always have.
I used to do home IT, and I had to help people through that crap constantly.
That said, these days people have gravitated to clients like gmail or outlook. Those push the user onto a certain domain, which makes setup dead simple. This is what mastodon.social is doing now. Making it so people don’t have to think about the instance at sign up.
Yeah I agree email kinda sucks. But everyone still uses it, and (as far as I’m aware) people aren’t writing articles about how confusing email is for people and why that makes it a failure. Mastodon and Lemmy are, in comparison, much better and way less confusing but you see that said all the time about them.
When email came out the alternative product was the post office or a fax machine. Even though configuring a client was difficult for some, instant digital messaging communication was new. It was a BIG motivator for people to either figure it out, or hire someone like me to figure it out for them.
People are comparing Mastodon to Twitter, a fairly similar core product. The gap between email and mail was much wider.
Yea I’m with you here. I’ve done a good amount of things with computers and setting up email with clients and setting up printers are probably the two “what the fuck why is this so hard!” things I’ve had to do with a computer.
I used my isp email address for a brief period and it was always super annoying in some way or another. Not to mention I lost it when I had to switch providers because I moved out of their area. It was a long time ago but they wanted to charge me to keep it when gmail/Hotmail etc already existed lmao bye
TBH, I don’t find that all too bad. As long as users can easily move at any time, getting them set up on a popular one first where everything “just works”, they can learn the concepts and get used to the federation stuff. Then after some time, they may realize that a smaller server might fit them better and can then move there. Choosing a server without ever being registered somewhere (in the fediverse) was even hard for me.
When it was invented, it was complex and annoying, even by today’s standards.
Still is if you’re not using a product like gmail or outlook that auto enters all of the incoming and outgoing servers.
How many of us have spent time on our ISP’s help page trying to find the damn STMP server domain?
For a small period of time I was a god that would bless people with gmail invites lol. That brings me back. I remember compuserve and Hotmail but I don’t remember them being especially complicated at all. Maybe that was before my time…? Which would be nice for once
Hotmail was already the easy-mode stuff.
Before that you’d get your email account provided by the ISP, and before that you’d have to find someone who ran an email server and ask nicely for them to make you an account.
And regarding ease of use: The reason why e.g. SMTP is human-readable is because in the early days SMTP wasn’t the protocol that your email client used to talk to the server. It was the email client.
You’d just
telnet
to your server and type in the SMTP commands manually.Yeah, email existed long before GMail/Hotmail.
Tell me more about the before times oh wise one
Back in my day, we had to deliver each packet by hand! In the snow, uphill both ways!
Saying that times have changed doesn’t negate the fact that times have changed.
Email has always been awful