1. 17

28 years of SMB support for Win/Mac/*nix so I can do things. Should I just call up my Spectrum/TW rep and ask for a line to my home to start with a static IP? Should I buy from a hosting service? I really want to control payment—is that possible or must I go the stripe/paypal route?


  2. 9

    I really want to control payment

    You really, really don’t.

    Like, are you doing something so exotic that you need something more complicated than recurring payments or one-time things?

    It’s not worth the hassle.


    Additionally, the email stuff can be surprisingly annoying to setup and not get blacklisted or marked as spam.

    Like, this whole thing sounds suspiciously like “I want to start a business”…and if that is your actual goal, don’t waste time solving technical problems for which there are well-tested SaaS things.

    If you’re just goofing off on your own time as a learning project or protest, sure why not.

    1. 2

      Additionally, the email stuff can be surprisingly annoying to setup and not get blacklisted or marked as spam.

      That’s actually really true: DNSBLs that were all the rage back in the ‘oughts seem to have made way for proprietary IP and sender trustworthiness metrics that vary widely across providers.

      Fastmail solves all this for like $3 a month so…

      1. [Comment removed by author]

        1. 2

          Stripe or Braintree, probably. :)

      2. 7

        Web is easy - a static IP (may) be the cheapest, but it depends on your ISP. It might be better to colo a box.

        Email isn’t much harder; you’ll need your ISP to do rDNS and open up :25. you’ll likely need business internet here because getting that done probably means talking to support, and the home internet support won’t know wtf to do with you when you ask them that.

        Payment means shopping for and opening up a merchant account with a payment processor. That’s the only way to accept cards.

        The biggest drawback is with payment - email and web have the standard worries about DDoS, blacklisting, etc - but if you’re a merchant you are in scope for PCI. Depending how many transactions you process annually, which card companies you want to accept, and how you handle card data, you could end up anywhere on the scale from “self-certify and pay for quarterly scans from your processor” up to “external audits” so many people use Stripe to stay out of PCI scope entirely.

        In the end it’s all a matter of time/money - these solutions let you stay in control, but is it worth spending time doing email administration rather than making/selling your widgets? Up to you. Good luck :)

        1. 3

          You still must comply with PCI if you use Stripe: https://stripe.com/docs/security#pci-dss-guidelines.

          1. 4

            This is true, but with an important distinction: if you chose to integrate with providers like Stripe via iframe/links, you’re under SAQ A or at worst A-EP; if you get a merchant account and roll everything yourself, you’re firmly in SAQ D territory.

            If you go with a Stripe-like provider, they automatically fill this out for you and retain it as the provider.

            If you go your own way, have fun! Be sure to get it to your processor on time and schedule your quarterly scans religiously, and avoid screwing up so you don’t get a letter saying that your breach of PCI regulations means you’ve been bumped to a level one merchant now.

            1. 3

              I wouldn’t describe filling out the SAQ A or A-EP as “out of PCI scope entirely.”

              1. 2

                <insert Futurama ‘technically correct’ GIF here> ;-)

                But yeah, definitely correct, and I wouldn’t presume to argue the nuances of PCI compliance with you!

          2. 1

            if you’re a merchant you are in scope for PCI

            Not just that, but KYC and AML laws as well…

          3. 5

            Other people are talking about payments, so I’ll chime in on email.

            Running an SMTP endpoint in 2017 is as easy as it was in 1997! It’s just convincing every other email provider that you’re not a spammer that’s the issue. Expect to spend hours getting set up just so. Also expect 30% of your mail not to arrive at its destination inbox anyway, because large-volume email providers are constantly moving the goalposts for what constitutes a non-spammy domain, so what was good enough a month ago might not be good enough now. Eventually you will just sign up for Fastmail or Pobox or something and move on.

            I did exactly this last year, after having run my own email for about 15 years. It makes me feel a bit yucky inside, but my email works.

            1. 6

              My exact experience and I was going to reply the same thing.

              Unfortunately email servers are a cartel nowadays. It is impossible to guarantee delivery for a small server. I’ve done everything, my configuration is perfect, my IP reputation is pristine and I don’t even send commercial mail, just personal stuff. Doesn’t matter. Some emails are sent to the spam folder, others (especially to Microsoft servers) never get delivered.

              If you want to run of a residential IP, forget it. Most of them are directly blacklisted.

              It is a real shame. I’ve been a sysadmin since 2001, when I started college. Postfixes are my bread and butter and it hurts me to throw the towel and pay to the Email Cartel. I’m currently looking at professional (own-domain) alternatives with 100% delivery which are not Gmail, Yahoo! or Microsoft, the main offenders. Maybe Fastmail, maybe Protonmail.

              1. 3

                Same experience here. Had a postfix server running on an AWS instance. SPF and DKIM set up correctly. No sign of it on blocking lists. Still ended up in junk folders or blackholed completely.

                Now another happy Fastmail customer … one less thing to worry about.

                1. 4

                  I think the AWS instance might’ve been your problem there. The AWS, OVH, Digital Ocean, etc. IP ranges are the source of a ton of spam, so have negative default reputation scores in many systems.

                  On a “clean” IP with rDNS, SPF, and DKIM set up, I haven’t had deliverability problems running my own server. In my case it’s still a VPS, but one from a smaller provider. A business DSL line or a reputable colo facility would probably be even better from an IP reputation perspective.

                  I should mention that I do only a low volume of manually written email though. Deliverability for high-volume stuff like newsletters or transactional mails is its own black art.

                  1. 3

                    Very likely correct!

                    But you never get an explicit warning about this, so if whatever destination reclassifies you as “consumer DSL” or “disreputable colo” you’ll never know about it until the “hey I never heard back from you” emails start appearing. So personally I’ve given it up as not worth my time …

                    1. 3

                      Like @mjn I’ve not had any problems with my own mail set up (also with rDNS, SPF, DKIM, TLS, etc) but I’ve had the same primary MX IP since around 2005 so have built up a reasonable reputation I believe.

                      Unfortunately building up a “good mail reputation” for an IP is very much a black art and I wouldn’t want to be doing it from scratch today. For high volume mails I wouldn’t even bother - I’d go with something like Amazon SES.

                    2. 1

                      Any of you checked out https://kolabnow.com/ (Aaron Seigo works there)?

                2. 4

                  I really want to control payment

                  Not sure where you and your customers live, but unless you have a lot of payments per day, you could just opt for e.g. IBAN bank transfers, works great. No need to automate anything and free within Europe (EU). It will not be instant, but for your purposes may work :)

                  1. 2

                    It’s possible, but why would you do that?

                    1. [Comment removed by author]

                      1. 1

                        So when a stray cosmic ray flips a bit in your storage device’s firmware, rendering it inoperable, at 3am, do you want to fix that yourself, or would you rather have an on-call Amazon tech calmly replace the drive while your data has already been replicated to another drive?

                        Sometimes, it’s better to just throw money at the problem instead of time. Here’s another example: do you draft your company’s own articles of incorporation? Or did you use a service? Or did you hire a lawyer? What if you need to sue someone… are you gonna go to law school before bringing suit?

                        1. 1

                          How about just calmly replacing it yourself the next day? Surely no one sets things up so a single drive failure is an emergency. Or a single entire machine, for that matter.

                    2. 2

                      You can control payment, if you use Bitcoins (or Ethereum or Litecoin or …)