Today's Deep-Dive: OpenTrashmail

[SPEAKER_00] You know that feeling, right?

[SPEAKER_00] That very specific kind of anxiety.

[SPEAKER_01] Oh, I know the one.

[SPEAKER_00] You're staring at a sign up form on some website.

[SPEAKER_00] You just want to read one article or maybe get that 10% off coupon.

[SPEAKER_01] And there it is.

[SPEAKER_00] And there it is.

[SPEAKER_00] That one field just staring back at you.

[SPEAKER_00] Enter your email address.

[SPEAKER_01] The gatekeeper.

[SPEAKER_00] Exactly.

[SPEAKER_00] It's the gatekeeper.

[SPEAKER_00] And you pause.

[SPEAKER_00] Because the second you hit submit, you're not just getting a coupon.

[SPEAKER_00] You're signing a pact.

[SPEAKER_00] You're inviting this deluge of newsletters and special offers and spam that's going to haunt your inbox forever.

[SPEAKER_01] It's the modern digital tax, isn't it?

[SPEAKER_01] We trade our attention and our privacy for just a little bit of access.

[SPEAKER_00] And we do it.

[SPEAKER_00] We just sigh and type it in because, you know, what's the alternative?

[SPEAKER_01] The friction is just too high to find a workaround.

[SPEAKER_00] Right.

[SPEAKER_00] We've all wished for a burner phone, but for our email.

[SPEAKER_00] A way to get the goods without handing over the keys to our digital castle.

[SPEAKER_01] And most people turn to those temporary email sites you find on Google.

[SPEAKER_00] Which are a total minefield.

[SPEAKER_00] Ads, trackers, zero privacy.

[SPEAKER_00] A nightmare.

[SPEAKER_00] Precisely.

[SPEAKER_00] But today, we're looking at something that flips that whole script.

[SPEAKER_00] We're doing a deep dive into open trash mail.

[SPEAKER_01] Right, from Hasek Solutions.

[SPEAKER_00] Yeah, and it basically says, stop renting a trash can on a public street and just build your own recycling plant in your backyard.

[SPEAKER_01] That's a very vivid way to put it.

[SPEAKER_01] But yeah, we are talking about self-hosting your own disposable email server.

[SPEAKER_00] Which sounds intimidating, I'll admit.

[SPEAKER_01] It does, I know.

[SPEAKER_01] But as we look through the code and the docs, it's, well, it's shockingly accessible.

[SPEAKER_00] It really is.

[SPEAKER_00] And that's our mission today, to break down how even a beginner can get this running.

[SPEAKER_00] But first, a quick message from our supporter.

[SPEAKER_00] Okay, so let's strip this down.

[SPEAKER_00] The core concept here is trash mail.

[SPEAKER_00] Which honestly sounds a little harsh for something I'm realizing is a privacy essential.

[SPEAKER_00] It does imply garbage, doesn't it?

[SPEAKER_00] But think of it like this.

[SPEAKER_01] Your primary email, the one for your bank, your boss, your family, that's your front door.

[SPEAKER_00] Right.

[SPEAKER_00] Heavy lock.

[SPEAKER_00] I vet everyone.

[SPEAKER_01] Exactly.

[SPEAKER_01] You paint it nice colors.

[SPEAKER_01] Now, imagine you put a plastic bucket at the very end of your driveway.

[SPEAKER_01] OK. And you just write flyers and coupons on the side with a Sharpie.

[SPEAKER_01] That's a trash mail.

[SPEAKER_00] Oh, I see where you're going.

[SPEAKER_00] I check it when I want to.

[SPEAKER_00] But if someone dumps sludge in it, I don't really care.

[SPEAKER_00] It never touches the house.

[SPEAKER_01] You just hose it out.

[SPEAKER_01] That's the idea.

[SPEAKER_00] OK.

[SPEAKER_00] I love that analogy.

[SPEAKER_00] But here's the thing that really stood out to me from the source material, the thing that sets open trash mail apart.

[SPEAKER_00] Most people know services like Mailinator, right?

[SPEAKER_01] Yep, or 10-minute mail.

[SPEAKER_01] Those are buckets, too.

[SPEAKER_00] But they're public buckets.

[SPEAKER_01] That's the critical flaw, yes.

[SPEAKER_00] So if I use, say, Bob123 at public-trash.com, anyone who guesses Bob123 can look inside my bucket.

[SPEAKER_01] They can see your verification link, your password reset, everything.

[SPEAKER_00] So I could theoretically hijack an account that way.

[SPEAKER_01] Absolutely.

[SPEAKER_01] You're trying to protect your privacy, and you end up just destroying your security.

[SPEAKER_00] So how is this different?

[SPEAKER_01] Open trash mail is self-hosted.

[SPEAKER_01] That means the bucket is on your private property behind a fence.

[SPEAKER_01] You own the server.

[SPEAKER_01] You own the data.

[SPEAKER_00] And I control who gets to look inside.

[SPEAKER_00] Assisely.

[SPEAKER_00] Now, I have to be honest.

[SPEAKER_00] Hosting an email server, those four words usually make my palms sweat.

[SPEAKER_00] I've always heard that's the final boss of system administration.

[SPEAKER_01] Historically, yes, absolute nightmares.

[SPEAKER_01] You're dealing with postfix, Dovecot, complex configs.

[SPEAKER_01] It's a career, not a hobby.

[SPEAKER_00] So what's different here?

[SPEAKER_01] This is why this tool is so cool.

[SPEAKER_01] It's designed to be anti-complexity.

[SPEAKER_01] It's for the person who has maybe never run a server before.

[SPEAKER_00] How does it do that?

[SPEAKER_00] How does it strip that complexity away?

[SPEAKER_01] For starters, it's a Python script, a very clever one.

[SPEAKER_01] It acts as an SMTP server.

[SPEAKER_01] That's the language of email delivery.

[SPEAKER_01] But it just ignores all the heavy stuff.

[SPEAKER_01] Like what?

[SPEAKER_01] For example, there's no database.

[SPEAKER_00] Wait, no database.

[SPEAKER_00] I'm looking at the notes.

[SPEAKER_00] Where do the emails even go?

[SPEAKER_01] Files.

[SPEAKER_01] It's 100% file-based.

[SPEAKER_01] An email comes in, open trash mail says, thanks, and just saves it as a JSON file in a folder.

[SPEAKER_00] That seems almost too simple, but also

[SPEAKER_00] kind of genius.

[SPEAKER_01] It's so efficient.

[SPEAKER_01] I mean, think about it from a beginner's perspective.

[SPEAKER_01] No setting up SQL, no managing tables, no worrying about migrations.

[SPEAKER_00] If I want to back it up, I just copy the folder.

[SPEAKER_01] You copy the folder.

[SPEAKER_01] If you want to wipe it, you delete the files.

[SPEAKER_01] The technical debt is basically zero.

[SPEAKER_00] OK, so if I'm listening to this and I've got a Raspberry Pi or a cheap server somewhere, how hard is the actual launch?

[SPEAKER_01] Not hard at all.

[SPEAKER_01] And this is the method they highlight in the source, Docker.

[SPEAKER_00] Ah, Docker.

[SPEAKER_00] The magic word.

[SPEAKER_01] It's the cheat code for modern computing, really.

[SPEAKER_01] If you have Docker installed, getting this running is literally a one-liner.

[SPEAKER_00] One command.

[SPEAKER_01] Docker run.

[SPEAKER_01] You map two ports, port 80 for the website, port 25 to receive mail.

[SPEAKER_01] You hit enter.

[SPEAKER_01] It runs.

[SPEAKER_01] That's it.

[SPEAKER_00] That is deceptively simple.

[SPEAKER_00] But there is one piece of, let's say, internet plumbing you have to deal with, the MX record.

[SPEAKER_01] Right.

[SPEAKER_01] You can't avoid that.

[SPEAKER_01] That's just how the internet works.

[SPEAKER_00] Can you break that down?

[SPEAKER_00] Because MX Record sounds like something I need a certification to touch.

[SPEAKER_01] It's actually really straightforward.

[SPEAKER_01] Think of the internet like the postal service.

[SPEAKER_01] You own a domain, right?

[SPEAKER_01] Say, my-private-castle.com.

[SPEAKER_01] OK. You just have to tell the internet's post office where to deliver the mail for that domain.

[SPEAKER_01] And MX Record is just a sign post.

[SPEAKER_01] It says, if you have a letter for anyone at my-private-castle.com, please drop it off at this specific IP address.

[SPEAKER_00] So I just point the signpost to my new open crash mail server?

[SPEAKER_01] Correct.

[SPEAKER_01] And once you do that, the real magic happens.

[SPEAKER_01] Because open trash mail is built on a wild card philosophy.

[SPEAKER_00] This is the part I think is a game changer.

[SPEAKER_00] Yeah.

[SPEAKER_00] The wild card.

[SPEAKER_01] Yes.

[SPEAKER_01] Normally, with an email server, you have to create an account for Bob and account for Alice.

[SPEAKER_00] And if mail comes for Steve's and Steve doesn't exist, it gets rejected.

[SPEAKER_01] It bounces.

[SPEAKER_01] OpenTrashMail is different.

[SPEAKER_01] It accepts everything.

[SPEAKER_00] Everything.

[SPEAKER_01] Everything sent to your domain.

[SPEAKER_01] You don't have to configure a single address.

[SPEAKER_01] You don't have to log in and click create new user.

[SPEAKER_01] Nothing.

[SPEAKER_00] OK, let's play this out.

[SPEAKER_00] I'm at a store checkout.

[SPEAKER_00] They asked for my email.

[SPEAKER_00] I haven't prepared anything.

[SPEAKER_01] You just make it up right there on the spot.

[SPEAKER_01] Cashier number five at my-private-castle.com.

[SPEAKER_00] And the server just catches it.

[SPEAKER_01] It catches it, creates a little file for cashier number five, and you're done.

[SPEAKER_01] You have an infinite number of identities.

[SPEAKER_00] That's brilliant for tracking who sells your data.

[SPEAKER_01] Exactly.

[SPEAKER_01] If I give one email to a shoe store and suddenly that address gets spam about car insurance.

[SPEAKER_00] You know exactly who leaked it.

[SPEAKER_00] You caught them.

[SPEAKER_01] Red-handed.

[SPEAKER_01] And you just abandon that address.

[SPEAKER_01] No harm done.

[SPEAKER_00] Okay, so the mail is on my server as a file.

[SPEAKER_00] How do I actually read it?

[SPEAKER_00] Do I need to be a programmer?

[SPEAKER_01] Thankfully, no.

[SPEAKER_01] This is a tool for humans.

[SPEAKER_01] It comes with a built-in web UI.

[SPEAKER_01] You just open your browser, type in your server's address, and you see this clean, modern interface.

[SPEAKER_00] And I did notice in the feature list, it has something you always appreciate.

[SPEAKER_01] Please tell me it's dark mode.

[SPEAKER_00] Automatic dark-light mode switcher?

[SPEAKER_01] Yes.

[SPEAKER_01] It's the little things.

[SPEAKER_01] It shows the developer actually uses their own tool.

[SPEAKER_00] So you just type in the address you made up, cashier number five.

[SPEAKER_01] And boom, there is the inbox for that specific alias.

[SPEAKER_01] You can read the emails, download attachments safely, all of it.

[SPEAKER_00] But there was one feature in there that really made me go, whoa, the RSS feed.

[SPEAKER_01] Oh, absolutely.

[SPEAKER_01] This is the hidden gem, for sure.

[SPEAKER_00] Explain this, because I associate RSS with podcasts or blogs.

[SPEAKER_00] Why would my email need an RSS feed?

[SPEAKER_01] Think about newsletters.

[SPEAKER_01] They're technically emails, but they're not really communication.

[SPEAKER_01] They're content.

[SPEAKER_01] They're articles.

[SPEAKER_00] Right.

[SPEAKER_00] They're meant to be read, not replied to.

[SPEAKER_00] But they clog up my inbox next to an urgent email from my boss and stresses me out.

[SPEAKER_01] Exactly.

[SPEAKER_01] Open Crash Mail generates a unique RSS feed for every single inbox.

[SPEAKER_01] So you can take the RSS link for, say, newsletters at my-private-castle.com and plug it into your favorite RSS reader.

[SPEAKER_00] So instead of getting a notification every time a newsletter arrives, it just quietly shows up in your newsfeed.

[SPEAKER_01] You read it on your own time in a nice clean layout, just like a blog.

[SPEAKER_01] It separates the consumption stream from the communication stream.

[SPEAKER_00] That's profound.

[SPEAKER_00] It makes inbox zero the default state, because the junk never even makes it to the inbox.

[SPEAKER_01] Precisely.

[SPEAKER_01] It's a much healthier way to consume that kind of information.

[SPEAKER_00] OK, I'm setting that up this weekend.

[SPEAKER_00] Now, we've been talking about this from a user's perspective.

[SPEAKER_00] But looking at the source, this tool has a secret identity.

[SPEAKER_01] It does.

[SPEAKER_01] It's not just a trash can.

[SPEAKER_01] It's a developer platform.

[SPEAKER_00] Let's pivot to that power user side.

[SPEAKER_00] Why would a developer care about this?

[SPEAKER_01] It's all about the API, the JSON API.

[SPEAKER_00] So it's the use case.

[SPEAKER_01] OK.

[SPEAKER_01] Imagine you're building a new app.

[SPEAKER_01] You have a sign up flow where you send a verify your account link.

[SPEAKER_00] Standard stuff.

[SPEAKER_00] But testing it is a total pain.

[SPEAKER_01] It's so slow and manual.

[SPEAKER_01] With OpenTrashMail, you can automate that entire loop.

[SPEAKER_01] Your test script tells your app to register testbot1 at my-trashmail.com.

[SPEAKER_01] Then the script immediately calls the OpenTrashMail API and asks, hey, did you get an email for testbot1?

[SPEAKER_00] And the API just sends back the data.

[SPEAKER_01] The whole email, as a JSON object, your script can then parse the text, find the verification URL, and click it programmatically.

[SPEAKER_01] You can test your sign-up flow 1,000 times a minute.

[SPEAKER_00] The source also mentioned programmatically solving 2FA.

[SPEAKER_00] Same idea.

[SPEAKER_01] Same exact mechanism.

[SPEAKER_01] If a service emails you a six-digit code, your script just grabs it from the API and pastes it into the login field.

[SPEAKER_01] It turns email from a human bottleneck into a machine-readable data stream.

[SPEAKER_00] That's incredibly powerful.

[SPEAKER_00] And then there's this other term I saw, webhooks.

[SPEAKER_00] How is it different from the API?

[SPEAKER_01] So the API is pull.

[SPEAKER_01] You have to keep asking the server, do you have mail yet?

[SPEAKER_01] Do you have mail yet?

[SPEAKER_00] And webhooks are push.

[SPEAKER_01] Exactly.

[SPEAKER_01] Don't call us, we'll call you.

[SPEAKER_01] You tell open trash mail.

[SPEAKER_01] The millisecond an email arrives for this address, fire a notification to this URL I control.

[SPEAKER_00] So you could say, if an email comes to alerts at my-server.com,

[SPEAKER_01] take the subject line and post it directly to my Slack channel.

[SPEAKER_01] Or if a receipt comes in, push the body text into my accounting software.

[SPEAKER_00] It basically turns email into a trigger.

[SPEAKER_01] It creates a bridge from the old world of SMTP to the modern world of web apps.

[SPEAKER_01] And I appreciate that they mention the security.

[SPEAKER_01] It uses an HMAC SHA256 signature.

[SPEAKER_00] Which in plain English is.

[SPEAKER_01] A digital wax seal.

[SPEAKER_01] Your app can check the seal to make sure the notification actually came from your server and not some hacker trying to trick your system.

[SPEAKER_00] So is robust enough for real work?

[SPEAKER_00] Absolutely.

[SPEAKER_00] Speaking of robust, I want to circle back to security.

[SPEAKER_00] We're calling this trash mail.

[SPEAKER_00] But is the connection itself garbage?

[SPEAKER_00] I mean, I don't want a password reset link flying across the internet and playing text.

[SPEAKER_01] That's a great question.

[SPEAKER_01] And no, the connection is solid.

[SPEAKER_01] OpenTrashMail supports both TLS and StartTLS.

[SPEAKER_00] Can you break those down?

[SPEAKER_01] Sure, start TLS is like, you start talking normally, then you agree to whisper.

[SPEAKER_01] You start on the standard port 25, and then upgrade the connection to be encrypted.

[SPEAKER_00] And TLS?

[SPEAKER_01] TLS on Kinect, which is usually port 465, is like meeting in a soundproof room from the start.

[SPEAKER_01] The whole conversation is encrypted from the very first word.

[SPEAKER_00] And you can use free Let's Encrypt certificates for that?

[SPEAKER_01] Yep.

[SPEAKER_01] So the transport is just as secure as Gmail or any other major provider.

[SPEAKER_00] OK, one more setting I found fascinating.

[SPEAKER_00] The ADMIN catch-all.

[SPEAKER_01] The honey pot.

[SPEAKER_00] Why would I want to see every email hitting my server?

[SPEAKER_00] Isn't the point to filter things?

[SPEAKER_01] Well, it has a few uses.

[SPEAKER_01] If you leave a server on the internet, the bots will find you.

[SPEAKER_01] They'll start trying to send mail to admin at at clit info at killing bowing at that.

[SPEAKER_00] They're just guessing common addresses.

[SPEAKER_01] Relentlessly.

[SPEAKER_01] And the admin view lets you watch all of this traffic.

[SPEAKER_01] You can see spam trends and phishing campaigns in real time.

[SPEAKER_01] It's like having a window into the internet's background radiation.

[SPEAKER_00] And I suppose if you made a typo at the register, you could find the email that way too.

[SPEAKER_01] Exactly.

[SPEAKER_01] You never lose mail because of a simple typo.

[SPEAKER_00] But the big question, if this web interface is on the internet, can't anyone just go to my URL and read my email?

[SPEAKER_01] That's the default risk, but there's a setting for that.

[SPEAKER_01] It's called allow dips.

[SPEAKER_00] which locks the door.

[SPEAKER_01] It bolts it shut.

[SPEAKER_01] You can set it so that port 25, the mail slot, is open to the world, but port 80, the reading room, only responds to your IP address.

[SPEAKER_00] So I can get in from home, but a stranger can't.

[SPEAKER_01] That's a massive privacy win over public sites where the only security is hoping no one guesses your address.

[SPEAKER_00] Okay, so to recap, we have a tool that a beginner can launch with one Docker command.

[SPEAKER_00] It saves us from spam.

[SPEAKER_00] It turns newsletters into RSS feeds.

[SPEAKER_00] And for the pros, it's a powerful automation engine.

[SPEAKER_01] It's a tool that really grows with you.

[SPEAKER_01] You might start just to sign up for a forum, but six months later, you're using it to test a huge coding project.

[SPEAKER_01] It just lowers the barrier to understanding how email actually works.

[SPEAKER_00] And honestly, the feeling of owning your own data is worth the price of entry, which, by the way, is free.

[SPEAKER_01] The beauty of open source.

[SPEAKER_00] It really is.

[SPEAKER_00] So what's the bigger picture here, the provocative thought?

[SPEAKER_01] I want you to consider this.

[SPEAKER_01] The entire modern-day economy is built on your email address being a unique identifier.

[SPEAKER_01] It's the glue.

[SPEAKER_01] It connects your Amazon habits to your Google searches to your Facebook profile.

[SPEAKER_00] It's the one constant variable.

[SPEAKER_01] Right.

[SPEAKER_01] But what if everyone started using their own private trash mail servers, generating a unique disposable identity for every single interaction?

[SPEAKER_01] That glue dissolves.

[SPEAKER_01] We'd fracture our digital identity into a thousand little pieces that can't be reassembled.

[SPEAKER_01] We reclaim our anonymity not by hiding, but by becoming impossible to track.

[SPEAKER_00] That's a powerful idea.

[SPEAKER_00] A little bit of digital chaos to preserve our liberty.

[SPEAKER_01] And it all starts with a simple plastic bucket at the end of your digital driveway.

[SPEAKER_00] Before we sign off, a final thank you to our sponsor.

[SPEAKER_01] Verweise im Abspann erneut auf den Sponsor der Sendung hin.

[SPEAKER_01] SafeServer kümmert sich über das Hosting dieser Software und unterstützt dich bei deiner digitalen Transformation.

[SPEAKER_01] Mehr Infos unter www.safeserver.de

[SPEAKER_00] So here's your challenge for the week.

[SPEAKER_00] If you have a computer that can run Docker, try that Docker run command.

[SPEAKER_00] Spin it up.

[SPEAKER_00] Even if you only use it once, just seeing those logs scroll by and realizing, I own this, is a pretty cool feeling.

[SPEAKER_01] And you might just find your main inbox becomes a much happier, quieter place.

[SPEAKER_00] Couldn't have said it better myself.

[SPEAKER_00] Thanks for listening to this deep dive.

[SPEAKER_01] See you next time.