from Hacker News

Fastmail.com suffering DDOS attack

by moonlighter on 6/30/16, 4:12 PM with 42 comments

  • by reptation on 6/30/16, 5:54 PM

    Is this part of a more general attack on Internet infrastructure today in the U.S.? http://downdetector.com/ has been showing many sites with issues (Google, Outlook, etc.)

  • by tracker1 on 6/30/16, 7:27 PM

    Given the timeframe, I commend them for keeping the notices open and public. It's nice to see. When I went through the A(zure)pocolypse a few years back, didn't see anything for about 15-20 minutes... though admittedly if I weren't in the middle of testing something may have not noticed for a while either.

    All said, you can't mitigate all DDoS easily, and it's nice to see that they were pretty responsive and open... Also, while email can be very important, it shouldn't be eminently critical.

  • by peterwwillis on 6/30/16, 5:38 PM

    Something i'm realizing more and more... What the hell do I really need remotely hosted mail for?

    We all know mail is insecure. Unless you look really really hard, you aren't sure if the mail you received was spoofed or modified, a child can spoof mail and any MitM can modify it. So in general you can't trust your mail anyway, even if it's received by a reputable company. Sending mail is almost just as subjective... a random ISP's mail smarthost is just as good for getting your mail delivered as a hosted mail provider.

    All I really need is a way to get my mails, once. Once you have the mail, you can back it up to an infinite number of places (Git repository, anyone?) if in the future you need to search it.

    So really, the only thing I need is 1) to receive mail, 2) to filter the spam, and 3) to keep a backup of my mail somewhere.

    Considering this, why do we even need domain-specific mail? Like, myusername at Gmail dotcom, for example. I don't need it sent to GMail... I need it sent to me. I don't care what server receives it. I don't even need to store my mail there once i've read it - I can keep it offline, and back it up to remote repositories to search. With a format + protocol like Git, this would be fast, efficient, reliable, secure, and compatible.

    So really, if we just had a distributed decentralized peer-to-peer mail network, a unique address system, and a retrofitted mail storage protocol (IMAP5?), we could send mail anywhere, receive it anywhere, store it anywhere, and spam could be filtered by whatever product or company was hosting your Git backup. With the new address system we could even build in personal crypto keys and teach people how to send real, honest-to-god, secure mails, potentially even anonymously.

    Now somebody tell me how someone already thought of this and how it won't work :-)

  • by gnopgnip on 6/30/16, 6:50 PM

    There is a significant outage for Office 365 mail today also.

  • by abpavel on 6/30/16, 7:06 PM

    As an avid fastmail user I did notice slight loading delays, but I attributed them to my wifi/iphone. I mean... It's mail, not live SCADA telemetry...

  • by PaulHoule on 6/30/16, 6:56 PM

    That's why it wasn't so fast today.

  • by 616c on 6/30/16, 5:58 PM

    I guess this had to be recent. I had not noticed all day, but it seems to be the last few hours?

  • by tshtf on 6/30/16, 4:48 PM

    Not many alternatives:

    1.) Run your own SMTP infrastructure. Setup SPF/DKIM/DMARC. Realize your outbound emails still don't always reach their destination. Also you have to fight inbound SPAM.

    2.) Use gmail or Google Apps. Things just work. Cede control to Google.