Seattle Startup Vets Takes on Google with Helm, a New $499 Personal Email Server

A Seattle-area startup is aiming to take on giants such as Google and change the way we do email with a new physical personal email server. From a report: Helm today unveiled its $499 device that lets consumers send and receive email from their own domain, in addition to saving contacts and calendar events. It's a bold bet that aims to provide comfort at a time when privacy and security issues related to personal data hosted by big tech companies in the cloud are top of mind. The idea comes from Giri Sreenivas and Dirk Sigurdson, two entrepreneurs who already sold a security startup and raised a $4 million seed round from top venture capital firms last year.

The device is about the size of a router and looks like an upside-down book placed on a table. It connects to a home network and pairs with a mobile app that lets users create their own domain name, passwords, and recovery keys. Helm support standard protocols and works with regular email clients such as Outlook or the Mail app, with encryption protecting connection between the device and the apps.

lolwut?

[HarrySquatter]

Helm today unveiled its $499 device that lets consumers send and receive email from their own domain,

Is this an April Fools joke that was posted too early? What dumbass would pay that much money for this?

Re:lolwut?

[ole_timer]

yeah, it should cost more like $49 and annually something like $19. Gmail, for all it's privacy issues, is free and uses a browser, hard to beat that. I predict sales of about 1000 and no more.

Re:lolwut?

[ilsaloving]

Are you kidding? Have you ever tried maintaining your own email server? $500 is dirt cheap compared to maintaining your own.

Maybe it was fine in the old days where all you did was install linux and make sure sendmail/postfix was running, but in todays environment maintaining an email server is a bloody nightmare. DMARC records, SPF records, reverse IP mapping... SSL certificates and security rules... And lets not get into arbitrary nonsense rules that some companies set in a misguided attempt at combating spam.

Even when you know what you're doing, it's a PITA. If you're not fully versed in all the intricacies of the various RFPs and SMTP servers in general, then you're going to have a particularly nasty time.

Based on what I know, I can't help thinking that they might be biting off more than they can chew. But if they actually do pull it off, then they are going to make a completely justified mint.

Re:lolwut?

[Anonymice]

There's a huge difference in maintaining a personal mail server, and one used by hundreds or thousands of staff.

A big part of the headache of maintaining email infrastructure is trying to control what goes out, without getting in the way of day-to-day operations - much like the challenge of finding the balance in maintaining a secure network without being a hinderance

When I've had problems with email, it's usually because some clueless dev has tried to spam 100k contacts with poorly formed emails with dodgy headers. In this case, rather than try to find a technical solution for stupid(R), I've found it's far easier to just try & train people & enforce some basic rules.

Lot's of home IPS block ports that make this not

[Joe_Dragon]

Lot's of home IPS block ports that make this not work.

We called these qmail-toasters back in the day

[Etcetera]

Guess I should bust out my qmail/vpopmail scripts from 2003. Everything old is new again.

Upkeep.

[Ostracus]

Problem with E-mail isn't in the "getting one running". It's the constant maintenance that's needed.

Re:Upkeep.

[jittles]

Problem with E-mail isn't in the "getting one running". It's the constant maintenance that's needed.

The real problem here (assuming that they provide all that upkeep for you in a reliable way) is that no one will accept your mail if you do not have a reverse DNS entry for your IP. Not to mention the fact that ISPs block the necessary ports to run this on a home network. You’d have to have a business service plan to get this to work and you had better have a static IP address also.

Re:Upkeep.

[Solandri]

About 15 years ago, I set up a private email server for our company. I'd been running a private email server for personal use since the 1990s so didn't think it would be that different. Was I ever wrong.

I was called numerous times after I'd gone home from work by employees working a later shift saying email wasn't working. For my personal email I'd just go to sleep and fix it the next morning But these people needed email to do their work, so I had to come back in and fix it ASAP. Then there were the numerous mail servers I had to petition to remove our server from their spam blacklists every month. Other people on our ISP sometimes had their computers compromised and used to send spam, and these servers were blocking the entire IP address range of our ISP. For my personal email, I would never need to send email to a lot of these servers so being blacklisted by them was inconsequential. But multiply it by all the mail servers 50 employees send email to, and suddenly you need to resolve all these blocks.

After a few months of this I threw in the towel, and signed us up for an outside email hosting service. They're staffed 24/7, so when email goes down someone there gets it fixed, usually within a few minutes. And clearing up spam blacklists is their problem - we just have to report the block. If your company is big enough to have IT staff on duty or on call 24/7 then I can see a private email server working out. But if your company is that big you're not going to run your email server on a $500 appliance.

Re:Upkeep.

[Aighearach]

small business is probably the targeted market.

Re:Upkeep.

When I set up an email server for my company, the biggest problem was getting the large email providers to not block all email from us as "spam" (we never sent ANY spam, were not on any spam lists or any server/domain/IP blacklists). We did everything right (DKIM, SPF, reverse DNS, etc., etc.) but because we weren't sending tens of thousands of messages on a regular basis, we couldn't get recognized as a safe sender. The resolution process to get off the "block" and "spam" filters for most ISPs is apparently routed to /dev/null and had absolutely no effect. Eventually we gave up and paid google to host our email. I suspect "encouraging" you to pay for email hosting is at least as much the reason the large companies block messages from small senders as preventing spam is the reason.

Re:Upkeep.

[gweihir]

Get a vserver with a static IP. They usually come with the reverse DNS entry. Starts at $10 or so for a Linux VM.

Re:Upkeep.

[shaitand]

All this is true and it all comes down to the spam wars and a concerted effort to hinder end-to-end encryption of email. But for certain types of business it might be worth investing in, it can still be managed reasonably easily by one dedicated "tech guy" in a company of 100 or so employees. Especially since most businesses aren't 24/7 operations.

Sure he'd be on call all the time but calls in an org that size would be infrequent if he is doing his job well. In fact that is the beauty of that type of gig. If your dedicated admin is running around crazy all the time he really sucks. What you want is someone you never see or hear from and are never quite sure what he does. Is he fucking of on your dime? Absolutely. But he can only get away with it because he is good enough at making the tech in your business run so smoothly that is possible. Of course the other possibility is your admin is busy because you interfere with his technology purchases and decisions.

Re:Upkeep.

It is not sufficient to have a correct reverse DNS entry. For example, you cannot send email to one of the big freemailers in Germany, GMX, if
- The PTR-RR states that the IP address was dynamically allocated, or
- The PTR-RR is a generic standard entry of your provider. Please allocate an independent and fully qualified domain name (Fully Qualified Domain Name - FQDN) to your email server and enter the corresponding valid PTR-RR.

Email is a mess. The spammers have almost killed it and the antispammers are finishing the job.

Re:Upkeep.

[greenwow]

And have a source address that isn't blackholed since most cable and DSL IP addresses are blacklisted.

Re:Upkeep.

[MachineShedFred]

Until you plug it into a large ISP that registered their residential IP blocks with the various anti-spam lists just to make sure that you're buying their "business-class" (read: more expensive for exactly the same) service.

Unless this company is acting as a VPN endpoint or a mail relay with this thing, there are very large numbers of (residential) customers where this thing just won't work. And if they are acting as a VPN endpoint or a mail relay, this company has the option to read all your shit, as well as have you dependent on their survival for this thing to not be a $500 paperweight.

No thanks.

Re: Lot's of home IPS block ports that make this n

[yokem_55]

Looks like the device sets up a VPN back to them that they can send mail out from with a static IP and reverse dns.

Let me guess:

[Qbertino]

It needs some obscure cloud service to hook up to do you can configure it. That's attached to a subscription.

How about just building a piece of useful groupware with easy domain configuration and easy ssl cert integration and letting the hardware as a option?

Somehow I feel this will fail just as hard as Protonet.

Re:Lot's of home IPS block ports that make this no

[davidwr]

The port problem is easy to solve by offering optional port-forwarding subscriptions to forward "incoming mail to your domain" ports to a user-selected non-blocked port.

Also, most home users can buy business-contract internet in their homes, which typically allow all incoming ports.

The same people who would pay $500 for this box are the same people who would buy either of the above services.

Not a word about spam filtering capabilities

Spam filtering is what makes e-mail usable nowadays and yet on the official site they choose to ignore it completely.

Re:Yep, so wouldn't you just leave all that

[shaitand]

So that your hosting provider doesn't have your data.

Re:And $99 per year after that

[ole_timer]

yeah, the same morons that pay for credit protection to lifelock...

This is a niche product

[davidwr]

There is a market for this kind of thing, but it's a small one.

If I am a very small company or an individual who needs "in house" email where no third party can be subpoenaed and where I control the encryption keys, AND where it's easy to run with minimal management, that is worth paying for.

But for most companies small enough where this would be worth considering, a completely outsourced email solution is better. For almost all individuals, outsourced email is better.

In the unlikely event that something like this gets more than "niche market" traction, expect the major players to either buy these guys out or come out with competing products. There's not much in this product that is innovative enough that the proprietary features, if any, can't be worked around and/or that customers won't care about them enough to deter competition.

Will people care enough?

[ruddk]

It seems that (some) people are beginning to realize the cost of “free” services, but I wonder if they care enough to do anything about it.
Getting smtp to your home connection could be an issue for many as that port is usually blocked to prevent malware spamming. Sometimes you can request it opened.
When I ran my own email server, there was a bit of maintenance with spam filters as well as problems with some destinations not accepting emails from servers on xDSL lines.

Re: Lot's of home IPS block ports that make this n

[ShanghaiBill]

Looks like the device sets up a VPN back to them that they can send mail out from with a static IP and reverse dns.

Then you still have to trust a 3rd party. So how is this different from trusting any other provider (other than being really expensive)?

Ummm.... There's a problem here

Preface: https://www.spamhaus.org/pbl/

Substance: I am not normally a betting guy, but I would wager that 95% plus of the US population would not have the ability to get beyond 50% delvierability for "legitimate" emails using such a device. I am ASSUMIng that the outbound connections from the "device" to the recipients MX server would originate from the user's local IP address (unless they also include some kind of outbound relay service, which would seem to be self-defeating in this context). Many (perhaps even a "large majority") email server operators use services which are designed to reduce spam, and one of the most common ways this is done is by blocking incoming connections, either at the MTA or network level, based on a range of "known dynamic IP addresses", i.e. the IP address ranges assigned by an ISP to customers who have not chosen (or do not have the option to chose) a static IP address for their connection. Organizations like Spamhaus publish / provide access to lists of such ranges which email server administrators can use to automatically block or flag messages coming from "standard"/"dynamic"/"non-static"/"consumer and small business" IP address ranges.

While I like the concept, I think any customer of this product is likely going to be disappointed in their message deliverability unless the either A) have the money and the inclination to get a static IP address for their connection (if their ISP even offers that as an option - MANY do not, either at all or for non-business accounts) and deal with the side effects that come along with it, or B) use a third party external relay service to send their messages, thereby eliminating (or at least reducing) the utility of such a device in the first place.

Re: Yep, so wouldn't you just leave all that

[shaitand]

I'm not saying your wrong. It is very difficult to setup and maintain a secure email server, 15yrs ago setting up linux mail servers for small businesses who wanted private mail was a big part of my job. These are all almost certainly going to be spam zombies within a couple years.

All I'm saying is that the reasons to want to do it haven't changed. Putting all your data, even confidential business data, in the hands of a third party is one of the greatest crimes of spammers.

Re:Yep, so wouldn't you just leave all that

[Holi]

Except you are relaying through them so they get all your data as well as $99 a year.

Who uses E-Mail Anymore?

[Voyager529]

I think this company's bigger issue is their demographic: People who care enough about their e-mail privacy to desire to not-use Gmail, Outlook.com/Hotmail, AOL, or Yahoo, want their own server, and are neither tech savvy enough to set up Zimbra / Mail-in-a-Box / the Synology mail server, nor big enough to use Exchange...and still use e-mail.

This trail was blazed by Microsoft back around 2008-2011 with Windows Home Server - enough server to help manage backups and malware scans (using Live OneCare) and centralize media storage/sharing, enough not-server to prevent it being used for Active Directory or similar. The problem was that it was still "too much server", and they couldn't market it well enough to get average consumers to really want it.

Circling back to the subject line, e-mail is primarily a business form of communication. When was the last time you got a legit, personally-written e-mail from anyone? It's probably been a while, and even if you still correspond with $SOME_PERSON regularly that way, it's far from the de facto form of digital communication it used to be. E-mail is basically for account setup and password resets, bulk mailers, and the occasional business correspondence. Most human-to-human communication tends to take place with Facebook Messenger or WhatsApp or garden variety texting. Though people do still send and receive e-mails, it's been largely supplanted by semi-synchronous messages.

So, to review...an e-server tied to a single provider for the VPN / outbound relay, one or more annual fees to handle spam filtering, runs off Wi-Fi, doesn't fit in a server rack, isn't installable on custom hardware, and is intended to simplify a communications protocol from which home users have largely moved on?

I could be wrong...but it definitely doesn't sound like a winner to me.

Re:Who uses E-Mail Anymore?

[DigiShaman]

WTF is that crap? Dude, 99% of my communications are through e-mail. It's for record keeping of correspondence and ease of searching for sorted content later. It's also provides a chain of contact.

Has the world gone that too fucking ADHD to only chat in IM? I'm sorry, but as a Managed Service Provider (B2B based industry), Anything that requires over a paragraph in communication with the occasional file attachments will **ALWAYS** be e-mail.

E-mail will be around for the next 100+ years. The protocols i'm sure will change as will the underlying technology. But delivered messages that involves an address, subject, body, and signature will be the primary philosophical form of communications within a business. IM is great for short Q and A, but it will never replace the need for multi-paragraph construction.

Re: Yep, so wouldn't you just leave all that

[shaitand]

On your own mail server you don't have to make assumptions like that.