Seattle Startup Vets Takes on Google with Helm, a New $499 Personal Email Server (geekwire.com) 170
A Seattle-area startup is aiming to take on giants such as Google and change the way we do email with a new physical personal email server. From a report: Helm today unveiled its $499 device that lets consumers send and receive email from their own domain, in addition to saving contacts and calendar events. It's a bold bet that aims to provide comfort at a time when privacy and security issues related to personal data hosted by big tech companies in the cloud are top of mind. The idea comes from Giri Sreenivas and Dirk Sigurdson, two entrepreneurs who already sold a security startup and raised a $4 million seed round from top venture capital firms last year.
The device is about the size of a router and looks like an upside-down book placed on a table. It connects to a home network and pairs with a mobile app that lets users create their own domain name, passwords, and recovery keys. Helm support standard protocols and works with regular email clients such as Outlook or the Mail app, with encryption protecting connection between the device and the apps.
The device is about the size of a router and looks like an upside-down book placed on a table. It connects to a home network and pairs with a mobile app that lets users create their own domain name, passwords, and recovery keys. Helm support standard protocols and works with regular email clients such as Outlook or the Mail app, with encryption protecting connection between the device and the apps.
lolwut? (Score:4, Funny)
Helm today unveiled its $499 device that lets consumers send and receive email from their own domain,
Is this an April Fools joke that was posted too early? What dumbass would pay that much money for this?
Upkeep. (Score:5, Interesting)
Problem with E-mail isn't in the "getting one running". It's the constant maintenance that's needed.
Yep, so wouldn't you just leave all that (Score:2)
Re:Yep, so wouldn't you just leave all that (Score:4, Interesting)
Re: (Score:2)
So that your hosting provider doesn't have your data.
How do you know that these guys don't have it?
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
All I'm saying is that the reasons to want to do it haven't changed. Putting all your data, even confidential business data, in the hands of a third party is one of the greatest crimes of spammers.
Re: (Score:2)
The mail server needs to be built into a firewall router and you simply and an external USB hard disk for data storage. Mail doesn't need to be as secure if it is kept outside of your internal network before delivering a copy of filtered mail. The next thing you ad of course is ........
Re: (Score:3)
Re:Upkeep. (Score:5, Informative)
Problem with E-mail isn't in the "getting one running". It's the constant maintenance that's needed.
The real problem here (assuming that they provide all that upkeep for you in a reliable way) is that no one will accept your mail if you do not have a reverse DNS entry for your IP. Not to mention the fact that ISPs block the necessary ports to run this on a home network. You’d have to have a business service plan to get this to work and you had better have a static IP address also.
Re: (Score:3)
small business is probably the targeted market.
Re: (Score:3)
Get a vserver with a static IP. They usually come with the reverse DNS entry. Starts at $10 or so for a Linux VM.
Re: (Score:3)
And have a source address that isn't blackholed since most cable and DSL IP addresses are blacklisted.
Re: (Score:2)
Indeed.
Re: (Score:1)
Not to mention the fact that ISPs block the necessary ports to run this on a home network.
It can get pretty unbelievable. I went to a different bandwidth tier causing the ISP to revert to its default port 25 blocking. After literally 12+ total hours on the phone trying every variation I could think of, including "please escalate me if you don't know what port 25 is," I was getting nowhere.
I wrote "PORT 25 HELP?" on a piece of cardboard with a Sharpie and stood outside the ISP's offices at morning shift ch
Re: (Score:2, Informative)
It is not sufficient to have a correct reverse DNS entry. For example, you cannot send email to one of the big freemailers in Germany, GMX, if
- The PTR-RR states that the IP address was dynamically allocated, or
- The PTR-RR is a generic standard entry of your provider. Please allocate an independent and fully qualified domain name (Fully Qualified Domain Name - FQDN) to your email server and enter the corresponding valid PTR-RR.
Email is a mess. The spammers have almost killed it and the antispammers are fin
Re: (Score:2)
This is exactly how it operates, and also means that whoever works at Helm has access to your email in transit. I for one don't trust a startup to have vetted their employees well, nor to have the security measures in place to protect the systems from compromise.
Re:Upkeep. (Score:5, Informative)
I was called numerous times after I'd gone home from work by employees working a later shift saying email wasn't working. For my personal email I'd just go to sleep and fix it the next morning But these people needed email to do their work, so I had to come back in and fix it ASAP. Then there were the numerous mail servers I had to petition to remove our server from their spam blacklists every month. Other people on our ISP sometimes had their computers compromised and used to send spam, and these servers were blocking the entire IP address range of our ISP. For my personal email, I would never need to send email to a lot of these servers so being blacklisted by them was inconsequential. But multiply it by all the mail servers 50 employees send email to, and suddenly you need to resolve all these blocks.
After a few months of this I threw in the towel, and signed us up for an outside email hosting service. They're staffed 24/7, so when email goes down someone there gets it fixed, usually within a few minutes. And clearing up spam blacklists is their problem - we just have to report the block. If your company is big enough to have IT staff on duty or on call 24/7 then I can see a private email server working out. But if your company is that big you're not going to run your email server on a $500 appliance.
Re: (Score:3)
Sure he'd be on call all the time but calls in an org that size would be infrequent if he is doing his job well. In fact that is the beauty of that type of gig. I
Re: (Score:2)
I've been running various versions of ms exchange for 15 years now for 50 people. I now use an external spam filtering service (spamhero). I would average about 2 days a year on it and can't even remember the last time it went down.
Re: (Score:3, Interesting)
When I set up an email server for my company, the biggest problem was getting the large email providers to not block all email from us as "spam" (we never sent ANY spam, were not on any spam lists or any server/domain/IP blacklists). We did everything right (DKIM, SPF, reverse DNS, etc., etc.) but because we weren't sending tens of thousands of messages on a regular basis, we couldn't get recognized as a safe sender. The resolution process to get off the "block" and "spam" filters for most ISPs is apparentl
Re: (Score:2)
It's also that massive blocks of IPs that are handed out by residential ISPs are blacklisted by lots of SMTP servers to cut down on botnet spam. Unless they are also including a VPN service that it uses to get around that, this thing is a $500 email server that will have most of your email rejected by the intended recipient.
Or pay $5/mo to just host it somewhere and not have that problem. It's unlikely this device would have a 100 month warranty on it, and that this company would still be around 100 month
Re: (Score:2)
Re: (Score:2)
Problem with E-mail isn't in the "getting one running".
Said like someone whose never had to read the sendmail manual. I still sometimes wake up randomly with cold sweats.
Re: (Score:3)
Until you plug it into a large ISP that registered their residential IP blocks with the various anti-spam lists just to make sure that you're buying their "business-class" (read: more expensive for exactly the same) service.
Unless this company is acting as a VPN endpoint or a mail relay with this thing, there are very large numbers of (residential) customers where this thing just won't work. And if they are acting as a VPN endpoint or a mail relay, this company has the option to read all your shit, as well
Re: (Score:2)
Unless this company is acting as a VPN endpoint or a mail relay with this thing, there are very large numbers of (residential) customers where this thing just won't work. And if they are acting as a VPN endpoint or a mail relay, this company has the option to read all your shit, as well as have you dependent on their survival for this thing to not be a $500 paperweight.
Using a VPN tunnel is a common way to avoid ISP and SMTP restrictions. It is no more insecure than using email alone because security has to be provided by the connections to the email server anyway so ideally, the VPN only carries encrypted encrypted connections anyway.
Re: (Score:3)
Re: lolwut? (Score:2)
Not the free gmail. You wont be taken seriously as a business if your email is @gmail.com. You have to get the paid gmail which allows you to have email @yourdomain.
Re: (Score:2)
Re: (Score:2)
Yeah, and that $10/month for custom domain hosting from Google will really break the bank if you are a small business. That pegs the ROI on this device at 50 months if everything goes perfectly, and never needs to be upgraded, never has a support agreement, and never has any other costs whatsoever.
Not very good.
Re: (Score:2)
Me too
Re:lolwut? (Score:5, Insightful)
Are you kidding? Have you ever tried maintaining your own email server? $500 is dirt cheap compared to maintaining your own.
Maybe it was fine in the old days where all you did was install linux and make sure sendmail/postfix was running, but in todays environment maintaining an email server is a bloody nightmare. DMARC records, SPF records, reverse IP mapping... SSL certificates and security rules... And lets not get into arbitrary nonsense rules that some companies set in a misguided attempt at combating spam.
Even when you know what you're doing, it's a PITA. If you're not fully versed in all the intricacies of the various RFPs and SMTP servers in general, then you're going to have a particularly nasty time.
Based on what I know, I can't help thinking that they might be biting off more than they can chew. But if they actually do pull it off, then they are going to make a completely justified mint.
Re: (Score:2)
Are you kidding? Have you ever tried maintaining your own email server? $500 is dirt cheap compared to maintaining your own.
Yeah, but you still have to maintain this one.
So what makes it better than a much cheaper micro-server with a fully configurable SMTP server? You're basically just paying for pointy-clicky and ropes that are shortened so you have less options.
Re: (Score:2)
It's a microserver that does the majority of the grunt-work for you. Software updates, backups, etc. You don't need to manage the updates yourself. You don't need source your own offsite backup accounts.
Basically you get a well-configured groupware server without the grind.
Re: (Score:1)
I have been maintaining my own email server for about 4 years now, easy as pie, mostly hands-off automated updates. I only log in to the machine about once every couple of months. I'm using https://mailinabox.email/, it makes email as easy as it gets. Granted, there isn't much customization, but it has everything I, and most people, need. All it costs is a VPS, mine is 5€ a month from Vultr. There are cheaper ones but for email I wanted something reliable.
Re: (Score:2)
That looks pretty good, but it's too basic for my needs.
I want a full groupware suite where I can also sync my calendar and contacts as well.
Currently the only packages I've been able to find that fit the bill are fremium systems like Axigen or Zimbra, and you have to pay substantial money for 'advanced' features like proper backups, etc.
So I end up just rolling my own process instead... which is now yet another thing I have to maintain.
Re: (Score:2)
It's really not as hard as you're making it out to be. I've run my own personal email server (on a VPS) for several years now. Yeah it can be a PITA to first setup (but not really, I've dealt with much worse) but once you get everything configured properly, maintenance is as simple as making sure all your software is up-to-date and staying on the lookout for vulnerabilities.
Of course, I do this sort of shit for a living so...grain of salt.
Re: (Score:3)
There's a huge difference in maintaining a personal mail server, and one used by hundreds or thousands of staff.
A big part of the headache of maintaining email infrastructure is trying to control what goes out, without getting in the way of day-to-day operations - much like the challenge of finding the balance in maintaining a secure network without being a hinderance
When I've had problems with email, it's usually because some clueless dev has tried to spam 100k contacts with poorly formed emails with dodgy
Re: (Score:2)
There's a huge difference in maintaining a personal mail server, and one used by hundreds or thousands of staff.
100% agree on this :) In the context of the article and GP's comment though (i.e., personal email server), I stand by 'ease of use' comment, heh.
As far as maintaining an enterprise server with 100s to 1000s of staff...yeahhh, that's a whole other beast, and honestly I'd probably peddle that off to a company that spcializes in that, just for sake of my time and agony maintaining the damn thing, lol.
Re: (Score:2)
That's the problem. I already do this for my day job. I don't like having to deal with it during my off hours too.
I also currently have a mail server running as well, and yes, day to day it's not THAT bad.
Until something completely unexpected happens and I have to drop everything in order to fix an unexpected calamity.
Or when you discover than your emails are getting turfed because a recipient is doing a reverse ip lookup and trying to get your ISP to configure that is a nightmare.
Or one of the billion ot
Re: (Score:2)
I hear your gripes and the do have merit. In the 5+ years I've run my own sever, I'd say there were 3-4x that I had to sit down and figure out wtf happened and fix some bullshit that came up, in the meantime not have a working email address. I do run on a VPS so I never had to deal with reverse IP lookups or anything, I could imagine how much of a PITA that'd be trying to work with the imbecile front-line techs at your ISP, wouldn't want to deal with it. _But_ I don't think it's bad at all, especially af
Re: (Score:2)
I have this on a $10 vserver and a secondary MTA on another one, including DNS and webserver.
Re: (Score:2)
Well, if your IT guy needs 100-200 man hours to set up a simple mail server, then you have another problem...
Re: (Score:2)
Helm today unveiled its $499 device that lets consumers send and receive email from their own domain,
Is this an April Fools joke that was posted too early? What dumbass would pay that much money for this?
Oh, trust me- there are plenty of dumbasses out there with $499 to burn. Audiophiles come to mind, but the fact is that it's a target-rich environment. No shortage of people who have more money than sense.
Re: (Score:2)
Helm (Score:2)
Lot's of home IPS block ports that make this not (Score:3)
Lot's of home IPS block ports that make this not work.
Re: Lot's of home IPS block ports that make this n (Score:3, Informative)
Looks like the device sets up a VPN back to them that they can send mail out from with a static IP and reverse dns.
Re: (Score:3)
Looks like the device sets up a VPN back to them that they can send mail out from with a static IP and reverse dns.
Then you still have to trust a 3rd party. So how is this different from trusting any other provider (other than being really expensive)?
Re: (Score:1)
Looks like the device sets up a VPN back to them that they can send mail out from with a static IP and reverse dns.
Then you still have to trust a 3rd party. So how is this different from trusting any other provider (other than being really expensive)?
1. Having physical access to your data at all times?
2. Freedom to switch to a different VPN/reverse IP service provider if the current one makes you unhappy or goes out of business?
3. ???
4. Profit
Re: (Score:2)
It's so precious that you assume they give you the option to change the upstream VPN provider.
Re: (Score:2)
I have physical access to all my emails and I use Gmail. Every one has physical access to their email. What was your point?
The point might have been that by operating your own SMTP server, your email is physically secure from others at least in the sense that you will know if it is seized.
Re: (Score:2)
Awesome. So this $500 device depends on this company to exist to have any value at all.
Where do I sign up?
Re: (Score:2)
The port problem is easy to solve by offering optional port-forwarding subscriptions to forward "incoming mail to your domain" ports to a user-selected non-blocked port.
Also, most home users can buy business-contract internet in their homes, which typically allow all incoming ports.
The same people who would pay $500 for this box are the same people who would buy either of the above services.
Just buy their "Business" class (Score:2)
Re: (Score:2)
We called these qmail-toasters back in the day (Score:4, Interesting)
Guess I should bust out my qmail/vpopmail scripts from 2003. Everything old is new again.
Let me guess: (Score:3)
It needs some obscure cloud service to hook up to do you can configure it. That's attached to a subscription.
How about just building a piece of useful groupware with easy domain configuration and easy ssl cert integration and letting the hardware as a option?
Somehow I feel this will fail just as hard as Protonet.
Let me guess: capabilty. (Score:2)
Possibly. What is different from now and then is that consumer hardware has matured. From NASes being more prevalent, to more capable routers, that do more than route. A lot more tasks, formally cloud, can be moved back towards the consumer end, with some help from the other end. e.g. expertise, management, etc.
Not a word about spam filtering capabilities (Score:4, Insightful)
Spam filtering is what makes e-mail usable nowadays and yet on the official site they choose to ignore it completely.
Re: (Score:2)
RasPi (Score:1)
For the amount of email most people do, a few dozens of dollars into a Raspberry Pi would work just fine as an email server. $500 seems like huge overkill.
Re: (Score:2)
For the amount of email most people do, a few dozens of dollars into a Raspberry Pi would work just fine as an email server. $500 seems like huge overkill.
From the sound of things, they're concealing operating expenses in the price of the hardware, the exact opposite model for inkjet printers. No box "the size of a router" has $400 worth of hardware in it, let alone $(500*0.97) worth (typical 3% margin Asian manufacturers operate on). Not when a cell phone with a capacitive touchscreen and a battery in addition to all the required resources to run a low volume mailserver is $30.
Now if it's 100% redundant hardware, including two independent wall warts for po
Re: (Score:2)
You're still well below the cost of this thing, without the very real risk that this company goes titsup and you're left with a $500 brick due to them routing all your shit through them.
And $99 per year after that (Score:2)
Re: (Score:3)
Re: (Score:2)
This is a niche product (Score:4, Insightful)
There is a market for this kind of thing, but it's a small one.
If I am a very small company or an individual who needs "in house" email where no third party can be subpoenaed and where I control the encryption keys, AND where it's easy to run with minimal management, that is worth paying for.
But for most companies small enough where this would be worth considering, a completely outsourced email solution is better. For almost all individuals, outsourced email is better.
In the unlikely event that something like this gets more than "niche market" traction, expect the major players to either buy these guys out or come out with competing products. There's not much in this product that is innovative enough that the proprietary features, if any, can't be worked around and/or that customers won't care about them enough to deter competition.
Re: (Score:2)
If the tunnel service subscription were a standalone product, it might be worth it for small business, However I'd certainly want more redundancy in the hardware or be able to leverage a VM on an existing machine that already has redundancy and backups running.
Re: (Score:2)
Re: (Score:2)
That case itself is easily a $50 case, the NVME SSD $80, and the rest of the board is $175 wholesale. (it has ECC ram, and likely a SATA and PCI-E bus, and good wifi). It's still a good margin, but it's far from a 1000% markup.
Re: (Score:2)
I wonder (Score:2)
Anyone else trying to figure out how that looks significantly different from a right-way-up one?
Apart from the line drawing of an obscure animal, of course.
Re: (Score:2)
So it's like a house? Why didn't they say that?
Will people care enough? (Score:3)
It seems that (some) people are beginning to realize the cost of “free” services, but I wonder if they care enough to do anything about it.
Getting smtp to your home connection could be an issue for many as that port is usually blocked to prevent malware spamming. Sometimes you can request it opened.
When I ran my own email server, there was a bit of maintenance with spam filters as well as problems with some destinations not accepting emails from servers on xDSL lines.
I don't forsee success. (Score:2)
They hide the knobs that would endear them with the tech community, source is not prominent/shared, and you can't subscribe to the serice using existing hardware.
For the average tech user concerned about privacy this may be a good deal, but to actually get SSL securely you need to manage your own domain and control your own certificates, otherwise the domain or certificate manager can be coerced by three-letter agencies to MITM your email. Additionally I see no allowance for hardware failure, if grandma a
Re: (Score:2)
They hide the knobs that would endear them with the tech community, source is not prominent/shared, and you can't subscribe to the serice using existing hardware.
If you are that kind of user, there are existing solutions. They aren't the target market. It's "plug and play", like IoT, for people who aren't tech savvy enough to set up their own.
It appears to be, as someone else commented, just a different third party through whom your email passes and info is harvested.
Re: (Score:2)
Not quite pure third party. If you manage the certificate, you should get TLS from the sending server to your mailbox. Looks like the heavy lifting and logic is all in the user device, (weather you can trust and examine what it's doing is another issue), while they provide an externally accessible gateway and handle the config needed to talk to the mainstream network of mail servers.
Another issue is the email as a personal correspondence media is dying, chat is displacing the personal and email is more for
Insert Your Own Hillary Clinton Joke Here (Score:2, Funny)
But the market for people who need to set up their own email server to hide their graft from FOIA requests would appear to be fairly limited...
Re: (Score:2, Interesting)
Legacy Communication System (Score:1)
Using systems like Tox, Signal on your phone, or something that you have control of needs to be a priority in your life -- and as part of that, you will have
Ummm.... There's a problem here (Score:2, Insightful)
Preface: https://www.spamhaus.org/pbl/
Substance: I am not normally a betting guy, but I would wager that 95% plus of the US population would not have the ability to get beyond 50% delvierability for "legitimate" emails using such a device. I am ASSUMIng that the outbound connections from the "device" to the recipients MX server would originate from the user's local IP address (unless they also include some kind of outbound relay service, which would seem to be self-defeating in this context). Many (perhaps
Re: (Score:2)
Welcome to the Millennial Bro business plan! (Score:2)
2) Throw it on a commodity piece of hardware (optional)
3) Tie it to a proprietary cloud service that requires a subscription
4) Price it so it looks like it has more value to it then it does
5) Profit!!
Trust (Score:2)
The problem when looking for gmail alternative is that you start asking yourself why you should trust anyone else either.
Your ISP? A hosting company? Some startup that sells a box? Some guys in Switzerland?
Who uses E-Mail Anymore? (Score:4, Interesting)
I think this company's bigger issue is their demographic: People who care enough about their e-mail privacy to desire to not-use Gmail, Outlook.com/Hotmail, AOL, or Yahoo, want their own server, and are neither tech savvy enough to set up Zimbra / Mail-in-a-Box / the Synology mail server, nor big enough to use Exchange...and still use e-mail.
This trail was blazed by Microsoft back around 2008-2011 with Windows Home Server - enough server to help manage backups and malware scans (using Live OneCare) and centralize media storage/sharing, enough not-server to prevent it being used for Active Directory or similar. The problem was that it was still "too much server", and they couldn't market it well enough to get average consumers to really want it.
Circling back to the subject line, e-mail is primarily a business form of communication. When was the last time you got a legit, personally-written e-mail from anyone? It's probably been a while, and even if you still correspond with $SOME_PERSON regularly that way, it's far from the de facto form of digital communication it used to be. E-mail is basically for account setup and password resets, bulk mailers, and the occasional business correspondence. Most human-to-human communication tends to take place with Facebook Messenger or WhatsApp or garden variety texting. Though people do still send and receive e-mails, it's been largely supplanted by semi-synchronous messages.
So, to review...an e-server tied to a single provider for the VPN / outbound relay, one or more annual fees to handle spam filtering, runs off Wi-Fi, doesn't fit in a server rack, isn't installable on custom hardware, and is intended to simplify a communications protocol from which home users have largely moved on?
I could be wrong...but it definitely doesn't sound like a winner to me.
Re: (Score:3)
Re: (Score:2)
WTF is that crap? Dude, 99% of my communications are through e-mail. It's for record keeping of correspondence and ease of searching for sorted content later. It's also provides a chain of contact.
Oh, I completely agree. It's why E-mail isn't going anywhere in business...On-prem Exchange and O365/G-Suite will have a place in business correspondence for the foreseeable future. This device, however, with no Activesync, the requirement of a VPN tunnel to the upstream provider, a seemingly minimal amount of retention policies or failover capabilities and so forth...is not going to be making inroads in businesses that already have incumbent e-mail solutions in place.
Has the world gone that too fucking ADHD to only chat in IM?
I restate my original question: when wa
Screw That (Score:2)
Will echo the other doubts with my own concerns - for anything that handles important emails like my domain, I need something that is in multiple spatially redundant data centers, not just one device in my home where I'm screwed if the house loses connectivity, or there's a fire or theft... no fun to be out on vacation and have the email box go down with no way to fix it.
So, what’s special? (Score:2)
Re: (Score:1)
So what is their secret sauce?
It runs Ubuntu?
Good luck (Score:2)
Being at the whim of Google and Microsoft, regarding which of your outgoing mails they are going accept and which ones they wonâ(TM)t. THAT is not a fun experience at all.
So different (Score:1)
We hear that you don't trust Google to receive and store your email, but
1) You don't want to learn how email servers, domains or the internet works,
2) You don't want to learn how to do the maintenance or worry about security,
3) Your home ISP blocks outgoing email on port 25 or worse anyway
For the sum of $500 we will
1) Funnel all your email through our domain and server (in Amazon's cloud) instead of Google's domain and server
2) Assemble and program a server for you, that we promise does what you want
3) Reta
Good email appliance? (Score:2)
While this (Helm) does not sound like the kind of device I would ever buy (too little control, despite all their hype), I would be interested in a piece of hardware that was dedicated to email and nothing else. Easy to use interface (deal-breaker, if it's complicated), supports multiple domains, well-made, supports all the normal protocols and is very stable.
How is this "taking on Google"? (Score:2)
Google isn't in the on-site email server business, at all. Sure, they have GMail for Business, which one might argue is targeted to the same group of customers. But not really. GMail for Business is targeted at those who don't WANT to have their own on-site server.
I predict that no one will use Help for long, because they will be swamped by spam, and unable to send email because they find themselves on RBLs or because they aren't a trusted domain.
This smells like a slashvertisement.
Alternative (Score:2)
For that kind of money spend get something like a Synology NAS which will do your email plus a whole lot more such as backups, cloud, web server, media server, and even WordPress. It'll cost a bit more because you will have to buy the hard drives or SSDs.
Of course as soon as you open up the server to the outside world you become a target. I know that Synology is good at getting the updates out but will the people apply them?
It's a tent (Score:2)
Re: (Score:2)
LADP?