In this case, it's based on a per-user secret key and AES-256, which with some careful key and IV-derivation, allows you to have a deterministic (and reversible) address for any given domain name. The basic principle (applied to ids, which extends to domain names) is in this blog post: https://apeleg.com/blog/posts/2023/03/30/enumeration-timing-...
If you're willing / able to sacrifice reversibility, a more orthodox approach can be hash (or *MAC) based. For example, SHA-256(secret + domain-name). However, a key point of this project is attribution, to avoid the need of storing a large set of pre-generated addresses, for portability and for easy reverse aliases.
In terms of the actual SMTP bits, I'm currently relying on Cloudflare workers for receiving and delivering (just a nice and gratis API); however, extensibility within reason is a goal (in scope: provider-agnostic API; very probably not in scope: an SMTP client / server).
I’ve been running CheapestEmailHosting.com - email hosting for custom domains without enterprise pricing.
SMTP/IMAP/POP3, webmail (Roundcube), CalDAV/CardDAV, unlimited mailboxes, catch-all. Starting at $5/year for 2GB.
No marketing spend, and I terminate spammers immediately. If you run a legitimate domain, you subsidize yourself.
This isn’t for bulk senders or SLAs. It’s for developers and side-project founders who can configure their own clients and don’t want to pay $60-120/year.
Working on a low cost email service. Ditched Gmail for my custom domains to avoid lock-in risks, and I believe devs really need stupid-cheap ($10/yr 5GB, unlimited mailboxes/domains/aliases/SMTP/IMAP/webmail) high-quality hosting that nails deliverability with zero spam tolerance. Bootstrapped this instead of pricier options like FastMail. Thoughts?
You may want to check out https://purelymail.com who are pretty close to your target pricing. I've been using them since forever and have no reasons to switch but it is always great to see more players in the niche!
Thanks for your interest. IMAPsync migrations are supported. No CardDAV/CalDAV. For wildcards, do you mean catch all? If so, that is supported as well.
Very cool project. I've wanted something like this for ages but never had the patience to glue it all together. Do you plan to support group chats too? That was a huge headache in my case. Excited to see how this evolves, even if setup's a bit fiddly.
This looks promising, especially for folks who can't tolerate CPAP. Wonder how it performs long-term and if it messes with REM cycles. Also curious about cost and insurance coverage—sleep treatments tend to get expensie fast. Hope follow-up studies confirm these results without major side effects.
Neat idea. I’ve definitely been burned by silent timeouts in production before. Curious how this handles more complex cases like nested async calls or third-party dependencies that don't expose good hooks. Would be cool if this could somehow integrate with logging tools directly for more visbility.
This feels like the culmination of a long trend. Google shifting from indexing the web to replacing it. The idea of an “AI answer mode” burying actual sources is worrying, especially for niche or emerging topics where LLMs hallucinate confidently. I’d love to see metrics on how often users click through to original sources under the new interface. At some point, if Google becomes too self-referential, it risks losing the very web it was built on. Curious whether this opens the door for competitors that prioritise raw links and transparency over synthesised summaries.
Interesting to see real-time AI copilots moving into the sales domain with this level of polish. The UI looks thoughtful, and the emphasis on SOC 2/GDPR compliance is smart. Sales orgs are often stuck between tooling that’s either too lightweight or too intrusive. I’m curious how well Nomi performs with accents or less structured conversations, which are common in outbound calls. Also wondering if reps actually trust or tune out live suggestions mid-call. Real-time assistance sounds great in theory, but in practice it can be distracting unless executed really well.
The TeleMessage dataset is massive and messy, and this tool lowers the barrier for journalists and researchers to extract meaningful insights. It’s also a reminder that “secure” enterprise tools often aren’t—especially when they’re built to satisfy compliance checkboxes rather than actual security principles. The fact that TM Signal was used by senior officials makes the plaintext logging and key exposure even more alarming. Kudos to Micah for not just reporting the breach but also enabling others to dig deeper.
reply