I host my mail server on a VPS.

I suggest making sure you get DMARC / DKIM / SPF working, and having an anti-spam strategy (greylisting helps, but there are a few ASNs that just exist to send spam). Also make sure your IP is not on any public spam list.

The next problem you might face is that Microsoft and especially Google like to make it hard for anyone not using their services. With Microsoft, you fill in a form and jump through some hoops and they’ll start accepting your email enough to land it in spam. Unless you are regularly sending to Microsoft, it is hard to keep them accepting mail, but just sending to a free Hotmail address (owned and occasionally marked as read and deleted by you!) on cron is enough to keep occasional mail deliverable as long as none of your mail ever gets marked as spam. Google can be more of a pain to small email servers in terms of not landing in spam, but I think occasional reports of not spam will help you.

In terms of keeping down spam:

• postgrey or similar for greylisting keeps out the least serious spammers.
• The notorious spammers / bulletproof hosting is best blocked by ASN since they regularly shift IP addresses. Try a script like this on daily cron (assuming you jump to the custom BAD_AS table from your INPUT iptables rule) - please don’t run it too often since routeviews is a free public service and you should be respectful of them:

#!/bin/bash -e

TEMPDIR=$(mktemp -d)
trap 'rm -r "$TEMPDIR"' EXIT

curl https://archive.routeviews.org/oix-route-views/oix-full-snapshot-latest.dat.bz2 -Lo "$TEMPDIR/snapshot.bz2"
bzgrep -e " (15828|213035|400377|399471|210654|46573|211252|62904|135542|132372|36352|209641|7552|36352|12876|53667|138608|150393|60781|138607) i" $TEMPDIR/snapshot.bz2 | cut -d" " -f 3 | sort | uniq > $TEMPDIR/badranges

iptables -N BAD_AS || true
iptables -D INPUT -j BAD_AS || true
iptables -A INPUT -j BAD_AS
iptables -F BAD_AS

for ROUTE in $(cat "$TEMPDIR/badranges"); do
    iptables -A BAD_AS -s $ROUTE -j DROP;
done

• Despite Google being so hostile to very infrequent emails from IPs that have years of never sending spam, just because they are small, Gmail and Firebase are one of the most significant spam sources. I find client-side filtering works best for things like that which get through your other defences.
• Another spam source is Docusign. These types of companies tend to shut down individual scammer / spammer accounts, but then allow them back in for the same scam with another account.

Note that of the spam that gets through if you have the basic defences, it’s probably a similar level to big corporate hosted mail, so don’t let this deter you (I just hate spammers).

Unfortunately, scams are incredibly common with both fake recruiters (often using the name of a legitimate well known company, obviously without permission from said company) and fake candidates (sometimes using someone’s real identity).

No or very few legitimate recruiters will ask you to install something or run code they provide on your hardware with root privileges, but practically every scammer will. Once installed, they often act as rootkits or other malware, and monitor for credentials, crypto private keys, Internet banking passwords, confidential data belonging to other employers, VPN access that will allow them to install ransomware, and so on.

If we apply Bayesian statistics here with some made up by credible numbers - let’s call S the event that you were actually talking to a scam interviewer, and R the event that they ask you to install something which requires root equivalent access to your device. Call ¬S the event they are a legitimate interviewer, and ¬R the event they don’t ask you to install such a thing.

Let’s start with a prior: Pr(S) = 0.1 - maybe 10% of all outreach is from scam interviewers (if anything, that might be low). Pr(¬S) = 1 - Pr(S) = 0.9.

Maybe estimate Pr(R | S) = 0.99 - almost all real scam interviewers will ask you to run something as root. Pr(R | ¬S) = 0.01 - it would be incredibly rare for a non-scam interviewer to ask this.

Now by Bayes’ law, Pr(S | R) = Pr(R | S) * Pr(S) / Pr(R) = Pr(R | S) * Pr(S) / (Pr(R | S) * Pr(S) + Pr(R | ¬S) * Pr(¬S)) = 0.99 * 0.1 / (0.99 * 0.1 + 0.01 * 0.9) = 0.917

So even if we assume there was a 10% chance they were a scammer before they asked this, there is a 92% chance they are given they ask for you to run the thing.

I’m not sure why people choose Youtube as their platform to criticise big tech like Google.

Australia doesn’t have that plant, but it has Dendrocnide sp. (Stinging Nettle Trees), which could arguably be worse when it comes to being venomous plants (i.e. plants that have an active mechanism for venom delivery, instead of just being poisonous). Also in the don’t touch category unless you want pain that can last up to a year.

Cloudflare are notorious for shielding cybercrime sites. You can’t even complain about abuse of Cloudflare about them, they’ll just forward on your abuse complaint to the likely dodgy host of the cybercrime site. They don’t even have a channel to complain to them about network abuse of their DNS services.

So they certainly are an enabler of the cybercriminals they purport to protect people from.

I am not sure why anyone would use an AI code editor if they aren’t planning on vibe coding.

Vibe coding means only looking at the results of running a program generated by an agentic LLM tool, not the program itself - and it often doesn’t work well even with current state-of-the-art models (because once the program no longer fits in the context size of the LLM, the tools often struggle).

But the more common way to use these tools is to solve smaller tasks than building the whole program, and having a human in the loop to review that the code makes sense (and fix any problems with the AI generated code).

I’d say it is probably far more likely they are using it in that more common way.

That said, I certainly agree with you that some of Proton’s practices are not privacy friendly. For example, I know that for their mail product, if you sign up with them, they scan all emails to see if they look like email verification emails, and block your account unless you link it to another non throw-away email. The CEO and company social media accounts also heaped praise on Trump (although they tried to walk that back and say it was a ‘misunderstanding’ later).

The resulting waste from a thorium reactor is radioactive for dozens or hundreds of years not tens of thousands of years so you don’t need a giant Yucca Mountain style disposal site

That is assuming they don’t make significant amounts of Fe-60 (2.6 My half-life) by exposing steel pipes to neutron flux. While the fuel itself might have a shorter half-life, other waste still needs to be dealt with.

Maybe technically in Florida and Texas, given that they passed a law to try to stop sites deplatforming Trump.

https://www.scstatehouse.gov/sess125_2023-2024/bills/3102.htm

“The owner or operator of a social media website who contracts with a social media website user in this State is subject to a private right of action by a user if the social media website purposely: … (2) uses an algorithm to disfavor, shadowban, or censure the user’s religious speech or political speech”.

In May 2022, the US Court of Appeals for the 11th Circuit ruled to strike the law (and similarly there was a 5th Circuit judgement), but just this month the US Supreme Court vacated the Court of Appeals judgement (i.e. reinstated the law) and remanded it back to the respective Court of Appeals. That said, the grounds for doing that were the court had not done the proper analysis, and after they do that it might be struck down again. But for now, the laws are technically not struck down.

It would be ironic if after conservatives passed this law, and stacked the supreme court and got the challenge to it vacated, the first major use of it was used against Xitter for censoring Harris!