Advertisement
Advertisement
⚡ Community Insights
Discussion Sentiment
54% Positive
Analyzed from 3875 words in the discussion.
Trending Topics
#email#cloudflare#service#spam#aws#emails#more#agent#ses#sure
Discussion Sentiment
Analyzed from 3875 words in the discussion.
Trending Topics
Discussion (112 Comments)Read Original on HackerNews
It's an email sender that you can access through an API, or directly through Workers. For those who haven't been keeping up over the years, Workers is their product for running code on Cloudflare's platform directly (an AWS Lambda competitor, more or less) and they've been trying to make it the centerpiece of an ecosystem where you deploy your code to their platform and get access to a variety of tools: databases, storage, streaming, AI, and now email sending. All of this is stuff that AWS has had for years, but some people like Cloudflare more (I certainly do).
One thing that surprised me is the price-- Cloudflare's cloud offerings are usually much cheaper, and I've saved plenty of money by migrating from AWS S3 to Cloudflare's R2. This new offering is 3x the AWS price, though. Weird. Anyway, most small companies don't send enough email for it to matter.
But getting back to the consensus in the comments here: I'm not sure why people think that they'll be worse about policing spam than AWS SES, Azure Email, etc.
I guess they got that reputation years ago when the founders (?) got into public spats about what they would and wouldn't host. AWS is more lawyers and committees and seems more anonymous, so people don't necessarily like it more but they do trust it to be what it looks like more.
Probably just a function of time and size.
Cloudflare is (in)famous for not acting against spammers, fraud, piracy and other less savory groups that are hosting their stuff at/behind Cloudflare, so reasonably, people who've been affected by that are now afraid the same thing will happen with email.
In theory, Cloudflare should take those down, when requested by legal means, but that doesn't matter. How sure are we that they'll act differently for email, instead of trying to get rid of the reputation system instead?
> getting that email to not be rejected totally IS rocket science and it's simultaneously an art form known only to a handful of email nerds working at the core of the big email sending services
It really isn't, you need a clean IP and a clean domain, send handful of emails and you're pretty much whitelisted on most services out there. Maybe you'd say I'm one of the handful, but I personally know more than a handful others who also run their own email services, just like me, and besides the usual hassle of running your own service, as long as you don't spam, your emails will arrive as usual.
We have reserved IPs for Email Service and will be protecting the reputation and fighting spam from originating on Email Service.
If we did not do so, our IPs would get flagged and then emails end up in spam or not delivered. That defeats the purpose of having a transactional Email Service. We're well aware of this.
> For years, Spamhaus has observed abusive activity facilitated by Cloudflare’s various services. Cybercriminals have been exploiting these legitimate services to mask activities and enhance their malicious operations, a tactic referred to as living off trusted services (LOTS) [2].
> With 1201 unresolved Spamhaus Blocklist (SBL) listings [3], it is clear that the state of affairs at Cloudflare’s Connectivity Cloud looks less than optimal from an abuse-handling perspective. 10.05% of all domains listed on Spamhaus’s Domain Blocklist (DBL), which indicates signs of spam or malicious activity, are on Cloudflare nameservers
https://www.spamhaus.org/resource-hub/service-providers/too-...
For certain types of marketing and transactional emails, it's cheaper I think. AWS SES pricing doesn't include attachments. If you assume a maxed out 25MB email attachment body, I think the price comes out to be mostly similar, amortized at least.
But if you are sending basic text/mostly text transactional emails for stuff like password resets, then SES comes out ahead for sure.
Man-in-the-middle and gatekeeper of (large parts of) the web.
It's getting harder and harder to participate online without being subject to their surveillance and/or approval.
Our initial blog covered most of Email Service's API and what you can expect from it in terms of deliverability, DNS records setup, etc. https://blog.cloudflare.com/email-service/
Email Service can definitely be used as a transactional email API, and it has everything you would expect like SDKs, binding, observability and more coming on the way
The agent angle in this post reflects what we're actually seeing from developers during our private beta. And the idea that an agent can have an inbox to communicate is a new piece in the developer toolbelt.
Most cloud IP blocks already have very poor reputations, and or already on Spamhaus blacklists.
People have a right to choose to be upset. =3
[1] https://www.spamhaus.org/resource-hub/service-providers/how-...
Again, using legitimate traffic to shim network spam is a common counterargument against black listing.
Of the approximate 274000 banned hosts I stare at... many nuisances are from Amazon, Azure, digital ocean, and Hetzner. I am sure Maildrill or Mailchimp does have legitimate use cases, but generally the majority of the traffic suggests otherwise. I am certainly biased in this opinion. =3
That’s a huge assumption unless you exclude several countries where people have a phone number but not really an email address (or even if they do, they may not know what an email address is) and exclude many very old (say, 70+) people who wouldn’t know what email is or what their email address is.
Moving on, I assumed the title meant the launch of a new consumer email service or platform. Reading the announcement, it’s not. That was disappointing to me.
When the cost of spamming is near 0.00, all open platforms will be abused to the tilt. We have seen the email channel get less and less reliable with our own clients (password recovery, notifications and etc).
This might evolve into a couple of oligopolies (Microsoft 365 Outlook, Google Gmail, may be some legacy email providers like Yahoo) and if you want delivery you'd need to pay them, because they'd be the verifiers that you're not a spammer.
And these platforms will have a hell of time to fight the spammers that will create millions of email addresses and spam trough them.
I think the answer is somewhat the same as where we've gone with many HTTP servers: proof of work. Just like Captcha and more recently Cloudflare turnstile required you complete a task before you'd be able to access as website, senders should be required to complete a task before you'll accept their email.
It can even be a sliding scale: the higher you want the chances of the recipient seeing it to be, the more work you need to do.
However this also break emails considered "legitimate" by businesses, like marketing newsletters and other nonsense, which is why it'll likely never happen.
Even with those, the amount of farmed accounts from a reputable platforms is still high, and it will go higher with the cheap AI targeting that will make the texts much more well crafted and spam filters much more aggressive.
My other conjecture is that the big mail providers would have enough data to catch the spammers based on a number of signals.
...you know the one, where you have email preferences, and you only have "new messages" and "commercial offers" in the settings, and you uncheck the "commercial offers" and think you're sae. Then you get a spam email from them... check the preferences again, and there's a "new product notification" preference, checked by default, and you uncheck that too. Bam! another spam! "personalized offers" option appeared, check by default. "limited time offers". "value deals", etc.
The problem is that once you're on the paid plan, you're exposed to unlimited risk if your worker goes crazy due to a stupid code bug or if you're hacked. As a solo dev, it's a risk I simply cannot take; I could wake to a bankruptcy bill from Cloudflare. Even as a company, an employee could sign you up and your accounts team would have no idea of the risk.
I am using Supabase at the moment, and see they have a hard cap now. and so does Vercel after they had some nightmare stories of large bills in the past.
I am not sure why / what CloudFlare think about this - or simply dont care.
Source : post on x from an employee
Side note: the bills from cloudflare are much lower than the ones from AWS/Vercel when there's a mistake. The most I saw passing by was 150€, with Vercel and AWS > 10 k.
They could price per use, but it would have to start with a base fee that is about the same at 10,000 emails.
This is simply the framing device that all marketing needs to present these days.
"Please stop talking about the thing we can't stop talking about"
I’ve been developing last three months by emailing Claude, with email threads mapping to an isolated workspace and claude -p. Works super well, especially when trying to get some coding done between everything else.
With right CLAUDE.md and a bit of workflow tooling this extends itself to building other kinds of agents as well. For example, I do my bookkeeping by emailing Claude my statements and receipts, which it then imports into a plain-text accounting system. And we’ve proven this in corporate environment as well, creating agent that can troubleshoot more complex issues by correlating diagnostic logs against product source code.
Once the basic “email agent” infrastructure is there, creating new agents becomes super simple.
https://www.virtualpostmail.com/
Haha, great visual. Really illustrative of what these AI startups and bootstrapped indie developers are dealing with (and, if I had to guess, why most of them don't go anywhere).
Well that part was impressive. It looks like they focused on receiving emails, that is probably even worse, as I expect OpenAI/Anthropic to add such ability directly to agents, if it really is useful.
However, I still think AWS SES is the gold standard of deliverability because of their constant monitoring of your reputation (bounces etc). I always combine it with SendOps (https://sendops.dev/) for easy setup and deep analytics to avoid those issues.
Things developers believe about email
Seems like you can only send email via the worker or REST API for now?
Can I send via SMTP? I'm using Supabase and it needs the SMTP credentials.
I can't find anything on the dashboard or on the docs, even though last year they said it supports SMTP [0]
[0] https://blog.cloudflare.com/email-service/
$0.35 per 1,000 emails
Here are the limits:
"Your account may have daily sending limits based on Cloudflare's assessment of your account standing. "
Source: https://developers.cloudflare.com/email-service/platform/pri... https://developers.cloudflare.com/email-service/platform/lim...
Cloudflare is very transparent about their prefixes and reverse DNS, which is generally a good thing for the ecosystem! But it makes it trivial for operators who want to block the entire service, and extremely bad for Cloudflare's deliverability.
And while there are many open blacklists which I have no doubt Cloudflare monitors, there are many (including soft spam-classification signals) that are proprietary and difficult/impossible to monitor other than by watching rates of actual customer/prospect replies and engagement.
Amazon SQS has similar dynamics, and its reputation is far from stellar.
(If the Cloudflare team is reading this, and I'm missing an on-ramp to a company purchasing dedicated IPs with distinct PTR records, I do apologize! I'm not seeing documentation about this, though.)
If they establish a solid email solution I will likely use that for some of the projects I'm hosting there.
[1] https://github.com/mlhpdx/email-origin [2] https://github.com/mlhpdx/email-delivery
Sending and receiving is in my mind the easy part. The hardest part is to make this work with actual AI agents. This is the same problem as with sub-agent communication because you need to implement all kinds of additional fictionality to ensure the agent is not just responding for no good reason, go into loops, etc.
My $0.02 from experience.
How's that compare?
please no.
>Sending email that actually reaches inboxes usually means wrestling with SPF, DKIM, and DMARC records. When you add your domain to Email Service, we configure all of it automatically. Your emails are authenticated and delivered, not flagged as spam.
this is going to be an absolute nightmare for spam. i cant exactly block all of cloudflare...
it would be nice if anyone at cloudflare could write about how they plan to proactively reduce abuse of this feature, how they will respond to spam reports, what the punishment for abuse will be, etc.
Looks better than fixed $20 for Resend.
I like Resend, a lot, but this is probably something I can't pass up, especially if it does what it says on the tin
Edit: didn't realize people were paying resend $20. AWS already exists at a low price and people pick them anyway, i'm sure they're fine.
Don't get me wrong, sending (and delivering) emails is genuinely hard. But we'll only know how good Cloudflare is at it after a couple years of real-world experience.
It would be interesting to send GDPR requests and have Cloudflare figure out all of the parties who got or use your mail.