There's a security problem with this and many other such services. Writing this here hoping that this increases knowledge about this:<p>I would be able to get a TLS certificate for this host. Why? Some TLS certificate providers allow verifying the domain via access to one of the privileged aliases like postmaster. So I could receive the verification token URL by looking at the postmaster inbox.<p>Every service offering any type of email inbox should block these aliases. They are ‘admin’, ‘administrator’, ‘webmaster’, ‘hostmaster’, ‘postmaster’. This is specified in the so-called Baseline Requirements, which is the standard for the operation of certificate authorities:
<a href="https://cabforum.org/baseline-requirements-documents/" rel="nofollow">https://cabforum.org/baseline-requirements-documents/</a>
I imagine this domain will quickly end up on lists like this one: <a href="https://knowledge.hubspot.com/forms/what-domains-are-blocked-when-using-the-forms-email-domains-to-block-feature" rel="nofollow">https://knowledge.hubspot.com/forms/what-domains-are-blocked...</a><p>The real value here is the opening of the source code. Set up a cheap domain, set up a cheap VPS, use Tailscale or similar to keep the web UI private, then you're good.
this is not "open source," it's source available as the repo is missing any licensing terms. I dunno what the legal standing is of these package management fields <<a href="https://github.com/psarna/edgemail/blob/master/Cargo.toml#L5">https://github.com/psarna/edgemail/blob/master/Cargo.toml#L5</a>> since I believe at least npm defaults to some very liberal license that almost no one looks at any further and puts a sibling license file in their repo with the actual terms<p>Also, bold move implementing your own smtpd: <a href="https://github.com/psarna/edgemail/blob/master/src/smtp.rs#L28">https://github.com/psarna/edgemail/blob/master/src/smtp.rs#L...</a>
For incoming mail this is easy to do yourself if you have a little root server with a decent subdomain (the domain does not even need to be owned by you)<p>But for outgoing mail that requires real work / knowledge / full control over your DNS records. Recently gmail has stopped to accept any email without SPF/DKIM.
Nice.<p>I wonder; if you used this with a "one-payment-only" disposable card, to buy stuff without being harassed by subsequent "newsletters" ... is there a way this could backfire spectacularly by virtue of it being a public address?<p>I'm assuming the answer is probably yes, but I can't think of an obvious reason why.<p>EDIT: Hm, on second thought, I guess at a minimum you'd have to give a valid address to buy stuff. Unless it's one of those "give us your email to register" at a physical point of sale. Or unless you have things delivered to a local shop you trust or something. dunno.
Just like the other disposable email providers, this one will eventually get blocked pretty quickly.<p>Instead, use a forwarding email from Gmail, Hey.com, Outlook or ProtonMail.