Institutionalized attack(s) on domain names and self-hosting freedom?

Version française ici.


Yahoo reject emails from * (and probably also frem et because those « sub » domains don’t have an SOA record.

There is one for the « parent » domain.

dig soa +short 1045098 10800 3600 604800 10

But not for « sub »domains (like mine, but I tried some others).

dig soa +short

Yahoo®’s error message:

host[] said:
    554 Message permanently deferred due to unresolvable RFC.5321 from domain;
    see (in reply to end of DATA

Yahoo®’s documentation:

Unresolvable RFC.5321 from domain
These errors indicate that the domain used to the right of the @ in the MAIL FROM does not appear to be a real domain.
We determine if the domain name exists by using an SOA query; therefore, if multiple subdomains are used in MAIL FROM commands, then besides setting up a DNS A or MX record (perhaps using a wildcard), then SOA records must be set up as well.
This error can be returned as either a timeout/servfail (451) or a permfail (554)

Proposal (about SOA / Yahoo®)

  • Set up SOA recorde on dyndns domain (if possible?).
  • Else, tell in the doc and during the post-install that for those « free » domains, the mails wont work properly (at least to Yahoo®).

More discussions about it ?

In a close time frame, there are other things happening related to « make it more difficult » to self-host your mails.

Let’s discuss about it…

1 Like

what the fuck, who decided that -_- I can imagine plenty of example where the sub-domain doesn’t have an SOA, such that having a mastodon.domain.tld instance and sending mail foobar@mastodon.domain.tld and this should be perfectly legit, I’ve never heard of any requirement to have an SOA, and I don’t understand what would be whatever security benefit in doing so …


I consider this as an attack angainst self-hosting even if it’s close to madness −which is realy sad− to self-host an e-mail server in 2023 in comparison with mutualized services or Gafam clouds. And even more sad when using « free / libre » (sub)domains as those generously proposed by Yunohost because it, in someways, push us to register a domain if we still hope to self-host our own emails.

Whatever the assumed reality to finish in the spam folder when using an Internet Cube with fixed ipv4 and v6 as proposed by different members of the FFDN members, being just rejected with a falacious « argument » as Yahoo® does, is one step further to exclusion.

Faced with an abuse of a dominant position of this kind, do we have any room for manoeuvre?

It’s not the only attack on Domain Names.

In extension to the mail delivery « problem » encountered with Yahoo® and it’s SOA demands, there is this ugly proposal of ICANN and Verisign about the seizure of domain names.


Another kind of annoyances :

And another:

I ask my question again (see french topic):

Is it possible to add yunohost support soa with, and sub-domain?
or is it the end of email self-hosting with this kind of email address?

Should i migrate to my own domain? Yunohost is my main email address (and it is the same for all my family). Or is it a sweet dream to think that i can continue even with my own domain?

If you refer to Yahoo’s new “SOA” requirement, you can find a thread on Mastodon with experts on DNS / Email complaining about how batshit stupid this is, so clearly, this is not a bug on our side, it’s Yahoo being absolutely dumb and randomly imposing crazy shit on half of the internet.

Additionally, for technical reason it’s apparently not allowed by bind9 (the software we use) to define SOA records on non-root domains. (Which may in fact be why Yahoo decided to implement this stupid rule as an implicit check that the domain is or not a root domain…)

So TL;DR : even if we wanted to, it would be hella complicated to so without changing our entire software stack, and at some point we should just stop complaining to random crazy batshit policies from GAFAM. YunoHost is supposed to be about a free internet, not submitting to arbitrary policies decided by monopolies which is the opposite of free internet.

1 Like

If bind9 don’t permit to create SOA records anywhere in the DNS tree (and it seems to be coded like it since a long time) and if Yahoo® use it to consider unwelcome emails sent by a domain without SOA records, I suppose we won’t be able to change Yahoo’s mind nor Bind9.

Good. We don’t have to change our entire software stack :relieved:
Not good. We also have to tell that the free domains won’t work to send emails. :sob:

And now, I have to reconsider the threshold of self-hosting if I still hope to host my own mail server.

  1. buy a domain name
  2. find some not so badly reputed ipv4 and v6
  3. rely on the good work of Yunohost about the mails and DNS configuration suggestions
  4. keep telling the rest of the world to stop using those f*** bastards who breaks Internet but whatever, they will continue.
1 Like

Tutanota have published a blog post about Is Gmail killing independent email?

As we should already know, we are not the only ones having issues with those corporations.