@DarkDeviL the vintage of much of the hosting industry's infrastructure is not to be overstated. We

@DarkDeviL the vintage of much of the hosting industry's infrastructure is not to be overstated. We would not have a business if we required hosting companies to modify sender email addresses. However, we do believe we can help providers improve their security in other ways. For example, we allow providers to receive immediate webhook pushes every time we detect unusual or spammy traffic coming from one of their users.

I know it's not apparent here, but we do a whole lot behind the scenes to detect and stop abuse - far more than most providers do. We sell anti-abuse technology to other transactional email providers, including in the top-five globally. The discussion here has been laser-focused on domain ownership verification, but that is just one tiny part of an enormous array of things you have to do to properly secure outgoing email and achieve decent delivery rates.

skoogeerOP•8/22/23, 12:01 AM

I have to run now. I would be pleased to answer any questions via PM if anyone here needs further clarification on what we are doing to ensure the security of our service and adherence to email standards.

James•8/22/23, 12:01 AM

Okay, I think I'm done with this discussion moving forward - we're honestly just going in circles. The lack of ownership of this issue and constant deflection and justification is just not a productive use of either of our time. So that's fine, I'll just be heavily discouraging people continue use your service.

Sskoogeer @DarkDeviL the vintage of much of the hosting industry's infrastructure is not t...

DarkDeviL•8/22/23, 12:16 AM

The modifying of sender addresses part would alone be done if there wasn't (enough) domain validation in place, to ensure the customer<->domain relation.

And as I believe I already added in #off-topic last week, from what I see, it does indeed look like you're doing very well regarding preventing outbound spam / junk from happening from your network, unlike many others out there.

Should I choose a provider based on e.g. spam / junk parameter alone, you / your network would definitely be a good candidate.

No doubt about that specfiic part!

It is however purely the domain validation part (or stuff similar to that), that I've trying to suggest you alternative ways "to limit the collateral damage (or even completely mitigate it)".

That said, if you got any questions or whatever, regarding any parts of those suggestions I've made, or otherwise want to discuss them further, feel free to poke me as well.

FF0rce in Zero Trust what would the best practice be to allow everyone that has gateawa...

Soham•8/22/23, 1:52 AM

you can make it a requirement in your access rule

Soham•8/22/23, 1:53 AM

SSoham you can make it a requirement in your access rule

Erisa•8/22/23, 2:05 AM

Keep in mind that one includes the consumer app as well (without logging in), I would strongly suggest selecting "Gateway" instead which will only accept ZT clients logged into your org

EErisa Keep in mind that one includes the consumer app as well (without logging in), I ...

Soham•8/22/23, 2:06 AM

yeah i tried gateway but it seems to only work with the proxy feature enabled which then messes with my local network stuff such as spotify connect etc so I had to disable it

Erisa•8/22/23, 2:07 AM

Sure of course yeah, as long as you're aware of the difference between the two

Soham•8/22/23, 2:07 AM

yep

Soham•8/22/23, 2:10 AM

Confused with the wording a bit but does enabling proxy mean traffic directed to resources connected via a Cloudflare Tunnel, GRE tunnel, and/or IPsec tunnel is included when enabling it but outbound traffic is anyways filtered regardless of proxy being enabled

jimango•8/22/23, 12:26 PM

Im currently not able to upload more than 1mb to my own server when using cloudflare. When I try upload without Cloudflare im able to upload 100mb. But thought Cloudflare DNS its reduced to 1mb. Can anyone please help me solve this?

Jjimango Im currently not able to upload more than 1mb to my own server when using cloudf...

Erisa•8/22/23, 12:27 PM

When you try to upload 100mb, what error do you get back?

EErisa When you try to upload 100mb, what error do you get back?

jimango•8/22/23, 12:29 PM

From the frontside of the page I get just a custom error for our site, I have not access to the logs to see those, its a NFT marketplace and it works with files below 1mb. It stops in the moment when the wallet is supposed to verify the minting. Instead of opening the already connected wallet it gives an error.

jimango•8/22/23, 12:30 PM

as said, it works with less than 1mb files using Cloudflare and with 100mb when not going through Cloudflare

Erisa•8/22/23, 12:30 PM

That sounds suspiciously like an issue with your origin server, however I understand you said it doesn't happen without Cloudflare. Do you have steps for anyone to be able to reproduce?

jimango•8/22/23, 12:30 PM

yes. it happens to anyone trying this

Erisa•8/22/23, 12:31 PM

Are you able to share a link?

jimango•8/22/23, 12:31 PM

yes, can I share here? or in DM?

jimango•8/22/23, 12:33 PM

I sent it in private message

Erisa•8/22/23, 12:44 PM

I dont believe it exists anymore

EErisa Are you able to share a link?

jimango•8/22/23, 12:47 PM

could it be some settings I need to tick in Cloudflare panel?

Original message was deleted

Erisa•8/22/23, 12:50 PM

on which pages?

chientrm.com•8/22/23, 1:50 PM

is cache limit 512MB apply to whole account or per domain?

Cchientrm.com is cache limit 512MB apply to whole account or per domain?

Hello, I’m Allie!•8/22/23, 1:50 PM

Per cached value.

Hello, I’m Allie!•8/22/23, 1:51 PM

So it is applied per

put

put

HHello, I’m Allie!Per cached value.

chientrm.com•8/22/23, 1:51 PM

also, is cache api and cache header same?

Cchientrm.com also, is cache api and cache header same?

Hello, I’m Allie!•8/22/23, 1:52 PM

Not sure what you mean?

HHello, I’m Allie!Not sure what you mean?

chientrm.com•8/22/23, 2:07 PM

I'm reading more docs on cache and 'll be back soon

HHello, I’m Allie!Not sure what you mean?

chientrm.com•8/22/23, 2:35 PM

If I return a png image with this header:

'cache-control': 'public,max-age=31536000,immutable'

'cache-control': 'public,max-age=31536000,immutable'

Within the max-age time, will it ever miss the cache?

Cchientrm.com If I return a png image with this header: `'cache-control': 'public,max-age=3153...

DarkDeviL•8/22/23, 2:47 PM

There are always a chance that things, such as e.g. images, will be evicted from the cache before the max-age has elapsed, such as for example due to inactivity.

I wouldn't personally be expecting to be able to keep an image in cache for a full year, with only one single request to the origin during (the start of) that full year, no matter if we're talking about Cloudflare or any other CDN providers out there.

DDarkDeviL There are always a chance that things, such as e.g. images, will be evicted from...

chientrm.com•8/22/23, 2:49 PM

so the cdn can remove the cache anytime they want?

Cchientrm.com so the cdn can remove the cache anytime they want?

Chaika•8/22/23, 2:52 PM

not only can it evict it at any time, but cache by default is colo (CF Datacenter) specific, and with so many locations you're bound to have a handful of miss's. You can enable Tiered Caching to try to reduce that (the free version selects a colo closest to your origin to check for cache if not in colo, before contacting origin), or Cache Reserve (paid, might be slower then your origin in some cases, it's backed by R2 in a single location)

CChaika not only can it evict it at any time, but cache by default is colo (CF Datacente...

chientrm.com•8/22/23, 2:53 PM

I have an original image in R2, an api endpoint return a processed version of the image, should I rely on cache for serving that processed image?

Chaika•8/22/23, 2:55 PM

You have a worker doing it, I assume?
If each image variant is reused a lot, it would make sense to push it back to R2 and serve it from there
If you do very dynamic resizing, the extra storage costs might not make sense

CChaika You have a worker doing it, I assume? If each image variant is reused a lot, it ...

chientrm.com•8/22/23, 2:56 PM

the variant is pre-determined and doesn't change over time much.

Chaika•8/22/23, 2:57 PM

Then depending on exactly what you're doing, it might make sense to do it even ahead of time and store the few different variants in R2, and serve the image direct. If you can do it via an R2 Custom Domain (not through a worker), you'd be saving on Worker Invocation costs as well, and benefit from cache still

CChaika Then depending on exactly what you're doing, it might make sense to do it even a...

chientrm.com•8/22/23, 2:58 PM

I have private rule for some images.

Chaika•8/22/23, 2:58 PM

Also worth noting neither the Cache API, or R2 Custom Domains, can use Tiered Caching or Cache Reserve, you're restricted to just normal cache for both

EErisa Are you able to share a link?

jimango•8/22/23, 3:49 PM

I was able to find the issue, but in the process I deleted the setup I had on Cloudflare with a subscription, how can I reinstate that subscription? I have the same setup as I had.

TTraffy If I run javascript fetch GET request in browser then page will get cached in CF...

Chaika•8/22/23, 6:20 PM

If it's a page on a site proxied by Cloudflare, it depends on default cache behavior: https://developers.cloudflare.com/cache/concepts/default-cache-behavior/ (or if you overrride it to cache everything with a cache/page rule). If it's some other site you're fetching frorm your proxied site, no

Original message was deleted

Chaika•8/22/23, 6:21 PM

They changed it back while they get feedback on what they should be called, within your zone overview there should be a link to a survey

TTraffy Its my own page. Right now server renders page on first visit then CF caches it....

Chaika•8/22/23, 7:35 PM

I don't understand how the browser fetching it comes into that, but regardless those are usually fruitless endeavors because cache is per colo (and there's some 300+), it'll just cache itself on next request. Unless your origin server is really slow, not worth it to try to force it to cache right away

DDeathmatix I have and issue with my bank, and tomorrow i am supposed to get a bill from clo...

Chaika•8/22/23, 7:35 PM

I would probably ticket billing to ask and make sure. The only page I found on the topic was this: https://developers.cloudflare.com/support/account-management-billing/billing-cloudflare-plans/troubleshooting-failed-payments/, but it's more aimed at zone plans

Original message was deleted

MattIPv4•8/22/23, 7:47 PM

They're dns zones nod

i40west•8/22/23, 7:49 PM

Yeah, "websites" is wrong and stupid. Even "domains" would be better.

@DarkDeviL the vintage of much of the hosting industry's infrastructure is not to be overstated. We

Similar Threads

Similar Threads

Similar Threads