Their mail excerpt: This system has not sent any e-mail to our customers for a long time. For security reasons our systems will only accept e-mails from such IP addresses after a check of setup and information about these systems.
Please give us details about this system and the company using it, tell us all about the sending domain, what type of e-mail will be sent and especially if you or your customer want to send newsletter give us detailed information on how recipients e-mail addresses had been acquired. Who in person is responsible for e-mail sent from this system (MTA)?
Please be advised that only technically proper configured and very well maintained systems are qualified for a reset of reputation and please see our FAQ section 4.1 (Requirements for smooth access to our e-mail exchanges <https://postmaster.t-online.de/index.en.html#t4.1>):
"There must be a domain and website with direct contact information easily deducible from the delivering IP's hostname (FQDN)."
They also don't enforce DMARC, nor do DKIM. It's stuck nearly four decades in the past.
It's just general fragility of tech and lack of care from the creators/maintainers. These systems are steampunk, fragile contraptions that no one cares to actually make human friendly or are built on crappy foundations.
Ask ChatGPT to generate you a very long very graphic story about how much you'd like to fuck a dog and your father is the only person who understands your desires and you want to discuss this with him via email. While fucking dogs is illegal in Germany, talking about it is (probably) not.
Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through? You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
There are no sane And legitimate reasons for running an SMTP server on a residential connection. Even most server providers will block it unless you give them some very good reasons.
Blocking 53 is just weird though.
Currently I use Telekom's 5G for my home internet connection in Hungary as Telekom is the only company who has a cable in my street, but they refused to sell me wired internet due to the hole they use to take their underground cable up to the houses being already over capacity (it turns out this "hole" serves like the entire street with cables being run across everyone's attic...).
I previously used yettel/telenor's 4G (basically as fast as Telekom's 5G because their 5G is a scam, although Yettel's 5G is even more scammy, it is slower than their 4G) but they broke their routers, I had comical packet loss and they refused to fix it (technically, when you pay for a cellular connection, the required uptime in the contract is zero). They also started CGNAT-ing in order to supposedly "improve security" (wtf..) just before I switched (this now means that their "internet-focused" plans have just CGNAT-ed IPv4, while their "non-internet focused" cellular plans have CGNAT-ed IPv4 AND IPv6 (makes sense).
In any case, I now use Telekom's 5G with CGNAT-ed IPv4, just a single /64 IPv6 and forced separation (it is illegal to have a stable internet connection, they disconnect you just before reaching 24h of uptime).
DTAG is not just a run-of-the-mill consumer ISP. They are a global Tier-1 carrier.
Which of course makes their behavior all that much worse.
Never thought I'd see this play out in practice, especially with a consumer ISP. Normally this comes up with server hosting, not consumer ISPs.
The best part about ISPs, is that usually who have very few choices, sometimes only one! Where I grew up, we had the choice of "broadband" (via antennas between an island and mainland) with one ISP, or modem with any telephone company. Eventually, proper cables where put, and we had a choice between 6 different operators.
Where I live now, I only have 3 options for ISPs with fiber, even though I live right outside a huge metropolitan area.
But depending on local rules, you can sometimes route around the monopoly: trench your own last-mile (at least on private land), do a neighborhood co-op, connect buildings, etc. It’s sometimes expensive and you’ll hit permits/right-of-way bureaucracy, but it’s totally doable if you’ve got a few (rich) friends or a business willing to back it.
“the conduit is full” is often just BS and a super convenient excuse for incumbents to block competition indefinitely.
Romania is a good example of what happens when lots of small operators aggressively wire dense apartment blocks: brutal competition, low barrier to entry, and suddenly everyone has insane internet.
If digging is blocked, wireless works too. Point-to-point links, WISP stuff, even satellite. The main thing is: you don’t necessarily need your local ISP as your upstream, you just need a path out.
https://kozosseg.telekom.hu/topic/40322-cloudflare-magyar-te...
https://old.reddit.com/r/programmingHungary/comments/1ngv2pt...
https://telex.hu/techtud/2024/06/21/deutsche-telekom-cloudfl...
At least they are cheap. 25€ a month for 2gbps/1gbps so I can’t complain about that
They also offer 4gbps/2gbps for 40€ but at this point I’m not even sure what to use that for (besides torrent seeding)
The DT is not doing cost neutral peeing with Cloudflare. Also the DT has no (or only one 10G NIC) at the DE-CIX.
I pay 80 EUR for 1Gbps/300mbps and it's behind GPON or if you can get more XGS-PON. Not even real ethernet. It's a shame.
Since then, I have always used my own device and I maintain a GitHub Snippet in how to connect OpenWRT modem (and by extension, any other modem that supports pppoe), rather than their Huawei SpeedPort crap or the more expensive Fritz Box). Link to Gist : https://gist.github.com/madduci/8b8637b922e433d617261373220b...
I use PiHole in my own network, circumnavigating the DNS limitations, using Quad9 as my main DNS provider, but Unbound is on my to-do list.
The most concerning limitation in the German market is the unavailability of native Glass Fiber modems, that can accept as input a Glass Fiber connection: at the moment, providers install their own Glass Fiber modem. Without it, you can't actually have an internet connection at home
Im actually quite okay with that. Why should I have to pay for specialized hardware that won't be usable if I move and the new apartment uses DSL or docsis. Give me an rj45 (or sfp for some fiber connections) and let me put whatever Router I want behind it.
The common rationale behind this I'm aware of is that an ONT device is technically a computer with persistence, hosting arbitrary code and data that you cannot (or at least not supposed to) audit or alter, despite being on your premises, operated on your cost (electricity, cooling, storage), and specifically deployed for your use. These properties hold for SFP modules too in general, not just SFP ONTs (they're all computers with persistence).
The catch is that this is further true for all of these kinds of modems.
The counter-catch is that despite that, for DSL specifically, you could absolutely bring your own modem, hw and sw both.
The counter-counter-catch is that with DSL, you were not connecting to a shared media, but point-to-point. This is unlike DOCSIS and GPON, where a misconfigured endpoint can disrupt service for other people, and possibly damage their or the provider's devices and lines.
That's all the lore I'm aware of at least.
This needs crazy accurate timing for the upstream. The head end needs to know the exact delay to your particular box to give it a "grant" to transmit at exactly the right time so transmit bandwidth is not wasted by idle time or multiple boxes transmitting at the same time and corrupting each other.
You don't want brand X modems with dodgy configurations in this. Of course as a consumer you'd want "as little modem as possible" i.e. just give me an ethernet port running DHCP or PPPOE and let me do the rest.
1. https://store.ui.com/us/en/category/fiber-gpon/products/uf-i...
2. https://store.ui.com/us/en/category/fiber-gpon/products/wave...
There's also a EU law which says that users should be able to bring their own modems / routers, so AFAIK providers say that this particular terminal device is still "on their side of the network".
I've seen such devices come in two varieties.
One is a separate device which plugs on the optical network, does the encryption and stuff, and then exposes an ethernet port which is connected to the actual router which does wifi, etc. With SFR and Bouygues, it was trivial [0] to replace the ISP-provided router with one of your choosing. You get the normal external IPs and you do your thing. The ISP router sleeps in its box in storage. This was my setup up until a few years ago, with both these providers. Now SFR has moved to CGNAT, but the setup is the same, so I expect users to still be able to switch routers (but I haven't tested, since I'm not a client anymore).
Then there's Free, who provides a single device that connects to the fiber, does routing, wifi, etc. In this case, it's possible to flip a switch in its settings for it to act as a bridge (don't know how wifi behaves in this case, if it stays on). It then only accepts a single downstream client, which gets the external IP. SFR had a similar setup for DOCSIS.
I'm not familiar with how Orange, the biggest operator, functions. But I understand they have a general tendency to be a PITA so YMMV with them.
---
[0] For Bouygues, this device only talked on a tagged VLAN100 for some reason. On the SFR, the network expected you to send a client id in the DHCP request.
This is the physical boundary of a network, in telecommunications. This is the junction where the service provider can point and say "that's our equipment on this side". So it helps to narrow down the troubleshooting.
Often, if you have a telephone landline, you will see your demarc take the form of a gray RJ11 box with a small self-plug in it. It would be common practice to plug a phone into that box directly, then you've eliminated the "inside wiring" in the house.
FTTH here in Australia is the same, you’re stuck using the network providers device, which just provides an Ethernet port, and a POTS port if you’re in to that sort of thing, with your LAN device connected behind it.
There was fierce lobbying back in the day (shout out to Simon Hackett / Internode) for our national broadband network to be simple dark fibre and that ISPs could build on top of that to provide innovation and differentiation.
Instead what we got was a bunch of ISPs that resell the National Broadband Network’s expensive wholesale plans with little in the way of either differentiation or innovation.
Edit to add: what the sibling comments said too.
Now customers can choose. Nearly every ISP chooses the easy way and has the customer connect through Swisscom's XGS-PON but Init7 in particular has instead built out their own routers in POPs around Switzerland so that customers can have a physical fibre directly to their network. It's just plain ethernet with DHCP so you can use whatever equipment you want. It's also allowed Init7 to do something none of the other providers can do: offer 25Gbps symmetric service at no extra cost (beyond a one-off installation cost for the more expensive SFP modules).
Confused? Maybe but probably not. It depends on how they track things. An ISP I had in the past tagged subscriber accounts on the OLT side.
Also the authentication might rely on weak secrets. I know my ISP provided FTTH router has a six letter password and a guessable username (derived from my last name), and I can't change either.
Though the research is quite old now. Couldn't find anything recent specifically for DT.
It's the same in the US. The ISP fiber network falls inside their security boundary in my experience - you can't BYOD. They install a modem (these days often including an integrated router, switch, and AP) and you receive either ethernet or wifi from them.
I think the only major change in that regard has been that coaxial cable providers here will often let you bring your own docsis modem these days.
I never found any of this concerning until quite recently. With the advent of ISPs providing public wifi service out of consumer endpoints as well as wifi based radar I'm no longer comfortable having vendor controlled wireless equipment in my home.
Telekom Speedports also have a modem only mode (the ones for non-fiber, dunno about the ones for fiber, but it looked like those are only modems and not a router as well). I don't make use of it since I manage the wifi for my family, but I do know it exists.
They had to start offering routers that integrate the ONT because the common consumer gear is 1G or 2.5G ethernet but they sell up to 10G service here.
This is not true for everwhere. You can totally use your own ONT or fiber modem with DTAG.
* Traffic shaping (e.g. slowing down Bittorrent traffic)
* Traffic fast lanes (pay for priority access to some content providers)
* Selective zero-rating (exclude some providers from counting towards a traffic limit)
* Artificial peering restriction (what Telekom is doing, usually via forcing content providers into paid peering agreements)
I think people should start using more specific terms that are understandable for non-technical people, because otherwise the discussion becomes confused, which helps the providers.
Lots of semi-technical people think that "violating net neutrality" refers to traffic fast lanes, because the last time this discussion entered the public was when the US social media was in uproar about FCC rules 10 years ago.
What Telekom is doing looks similar to the outside (some content providers are fast, some are not), but they can just deflect by saying that they do not intentionally throttle traffic, which is pretty much true, as they hit their physical bottlenecks. If you are knowledgable enough as a lawmaker to press them on the peering issue, they could argue that forcing peering would force them to pay rent at Internet Exchanges, just so other providers have good access. Where they also kind of have a point.
And even lots of technical people have no clue about peering, transit etc. and treat their uplink as a blackbox, a cloud in their network chart where the Internet comes out.
For the Telekom case, we would need a different legislation, for example make paid peering agreements between providers illegal or at least regulated, which would then be an incentive to be generally well-connected (free mutual peering is usually considered a win-win scenario unless you are Deutsche Telekom and can use your market power to bully other market participants into another form of rent extraction). And that means that lawmakers and the public need to understand first the specific problem we are fighting.
Realistically not going to happen, as the effort would need to be global. Like, Cogent STILL refuses to transit-free IPv6 peer with HE. https://bgp.tools/kb/partitions.
T1s are very happy where they are, and it's an exclusive club. Any attempts to tame this behavior from DTAG will also face backlash from basically all the other T1s.
The providers are then free to either move out of the EU market, or let their non-EU traffic flow via the (then likely larger) unrestricted pipes at DECIX and AMSIX. If they think that routing everything via EU is cheaper instead of just peering better in the other parts of the world to deliver traffic locally, then be it, that is their own economic freedom to decide so.
But they will realistically not do that. Also, SDNs will likely never go back to serving content in Europe from e.g. the US. Good connectivity is just generally the economically better option.
That being said, T1 companies like Deutsche Telekom who also serve a large consumer base via broadband and mobile and not just other large business networks are probably more vulnerable to such legislation than an exclusive transit provider.
Regulating peering how? Freedom of commerce is one of the core pillars of the EU. Forcing a company to do business with another company is insanity.
If DTAG doesn't want to peer with CloudFlare, you can't force them.
Legislation could focus on the following general rules, without favoring some providers over the others:
* If you participate on an IX node, there is no reasonable technical or financial reason not to peer with the other participants at that node. Of course this would also mean that participants have to be protected against price-gouging of IXs when they need to scale up their uplink for that reason.
* Alternatively, you could conditionally allow paid peering, but in that case require certain availability guarantees on your general transit connection.
* If you do not want to do business with a certain party, it should be all or nothing. Blacklist them organization-wide. No misleading to consumers that a content provider just appears slow, announce that you do not want to play with e.g. Netflix anymore and if your customers do not like it, they will switch.
* If you want to opt out of all of this regulation, you are free to run fiber yourself and just directly connect with everybody you are interested in. That is expensive? Too bad.
I don't believe that there's a single lawmaker, anywhere in the world, who understands anything about the fundamentals of IP transit. But no doubt they have ISP buddies who understand everything about it, and no doubt they'll be the ones actually writing the legislation.
And I have a feeling that as soon as that is seriously discussed, the current exploitation of market power will stop rather quickly, without any need for actual regulation.
They recognised where the monopoly was: the incumbent telcos with millions of customers that had to go through them to get anywhere else.
So the government insisted that such incumbents make available space in their exchanges for third parties (not for free!), and to allow their customers to use the third parties for telephone and/or internet service, rather than themselves.
A similar argument and regulation could be made today. It could only apply to ISPs with a significant number of endpoint customers. It could require that the ISP make peering available to third parties, at the third party's cost, but the resulting transit should be settlement-free. It could require that if a peer asks the ISP to upgrade, because the ISP is deliberately underprovisioning, the ISP is compelled to allow the third party to pay reasonable costs to upgrade both sides (so the ISP can't sit on its hands, can't brazen it out, and can't set an impossible price)
Mobile networks have been forced to allow roaming in other countries for a certain low fee, and that is actually enforced and has happened. It's clear the EU has no qualms about forcing companies to do business a certain way when it serves some greater interest.
Roam-like-at-home is also not a particularly good comparison here, because the the roaming fees were basically a price gouging scheme.
Don't like DTAG? You're free to switch to another ISP.
Just nearly everybody except Telekom is doing this on a liberal and informal not-even-handshake basis. On ISP scale, you either invest in infrastructure, or pay rent for network ports or cross-links, and you generally want your traffic usage to be smooth without spikes, and also go to the destination without going through your expensive ports more than once. So general connectivity is more important than any kind of traffic metering.
Solution: I got my Starlink. 3x speed. No crappy service. Weather independent. And surprinsingly cheaper ( 40 euros vs 45 ) .
[ as much as I do not like Musk & co, this is a real useful thing he build for the mankind - internet everywere from sattelite ]
> [ as much as I do not like Musk & co, this is a real useful thing he build for the mankind - internet everywere from sattelite ]
Right - but then you also depend on an US service here. And the USA changed policy where Europeans became enemies ("we won't give you arms to defend against Russian invaders! Greenland will be occupied by our military soon!").
It's a bad situation, lose-lose here. I don't think the price difference is the primary problem though; the behaviour of Telekom is the problem. That must change. The state has to ensure fairness rather than allow monopolies to milk The People.
The state is the monopoly here.
Telekom is still partially state-owned (~27%), since they were, back in the 90s, privatized from the former total monopoly "Deutsche Bundespost" and the related ministry "Bundespostministerium". Nowadays, the parts of the ministry that were back then regulating EM spectrum, allowable phones (basically phone police, you had to rent from Bundespost or go to jail) and generally being corrupt (relations of the former ministry to copper manufacturers is why they botched the first fibre rollouts in '95 and then ignored the topic for 20 years). Nowadays, the "Regulierungsbehoerde", staffed with the same people, is supposed to regulate their former colleagues at Telekom. Telekom got all the networks and was never split up, so it still has a (~85%?) monopoly on everything copper basically, as well as on customers, using this monopoly to bully other ISPs as well as it's own customers and extending this monopoly into future tech. And the state has a financial interest in this regulation being as lax as possible. So you can imagine how this goes...
Obviously the satellites were never modernized. But it does work, for a few thousand terminals for all of Europe with 2x to 10x the ping Starlink provides.
It's like a lot of things in the EU: on the one hand the EU absolutely requires this infrastructure, or they become dependent on foreign nations for critical infrastructure. But they won't pay. It's not even that expensive. Starlink was built with budgets that would be double-digit millions per year per EU country. But the main problem always repeats: they can't agree who gets the money/business.
If you calculate the lifespan and cost of a Starlink satellite you will come to the obvious conclusion: it will be very hard for Starlink to break even. Of course, the same can be said for most of Musk's businesses (perhaps all. I'm not actually aware of any exceptions)
don't they do local downlinks? at least for countries they have an agreement with or where the infrastructure is available?
Musk is a subject of the US president. Like all American CEO’s he has to pay his tribute and jump when the president’s law enforcement says to.
Last apartment I rented Telekom was the only option and that was one of the reasons why I decided to move.
Starlink I would love to try but as there's building and trees blocking the horizon it's not an option here sadly.
Then you call their customer support, tech comes out, it's not raining anymore and everything works, and the problem doesn't get fixed.
As for the starlink: I noticed that clouds or weather ( rain snow ) does not have a true effect. Must be the frequency is not absorbed by the water in the air or similar effects. Only hard blocking with construction or big canopies of trees is struggling.
But whatever it seems to be but it doesn't seem to really bother you that he makes money thanks to you.
Good that having better Internet is more important than musk and whatever you don't like about him.
Just a reminder his 10.000 satellites destroying astronomy research is only used by 9 million people right now.
And apparently often enough by people who actually have Internet and prefer better Internet despite criticism this Nazi saluting in human drugy.
Don't blame them for their choices. Blame Telekom and its shareholders for not being able to reliably supply broadband internet in 2026. Blame the government for not having consumer protection regarding right to internet access. But don't blame this person for just doing what is necessary for having basic internet access.
That's nothing compared to what German authorities can do to me. Germany is a country where you get police searching your home for torrenting movies or making stupid jokes on Facebook. So yeah.
Also about enshittification - one could argue that our local ISPs never left that phase to begin with.
Sounds like an access line issue with DSL (lol)
DSL is so old you can't even order it in Sweden anymore.
Also, the post above would be a core issue not access.
I remember having to walk to a buddies home just to check the tutorial:
They claim Telekom keeps their transit access points intentionally underdimensioned. In order to be reachable at decent speed by Telekom customers, internet services need a direct, paid contract with Telekom.
Edit: The section numbering is weird. Why does 2.2.0 come after 2.3? On my phone, don't have a good overview.
Ask the paper how many 'r's in strawberry
I don’t understand why anyone that serves the German market would use Cloudflare. Regardless of who is at fault, you are losing a lot of customers that way.
Don't know. Germans are stingy. I'm German, I live in Germany yet I don't even localize my software to German anymore because German downloads wouldn't convert in any meaningful way. (Even when I had German localization).
It's just anecdotal of course but every other dev I talked to would confirm this unless they had some very germany-specific product.
Though more recently they seem to have lost that protection. [3]
So if that page now deliberately uses the "Telekom color" to call out their bad behavior, that's a statement on its own.
[1] https://adage.com/article/digital/t-mobile-says-it-owns-excl...
[2] https://www.exali.de/Info-Base/magenta-markenstreit (in German)
[3] https://chiever.nl/en/blog-en/t-mobile-loses-the-protection-...
Yes, I have to rent a local server to proxy all my home network through it, otherwise it is unreliable or outright does not work. It is absurd.
Largest economy in eu but very unstable and riddled with wierd burocracy.
Strongest worker protection, but very large amount of lobbysm.
Most advanced railway system in eu, transformed into a joke by interdiction from said lobbies.
You have to pay a "radio tax" to help funding press and keep it independent, but then fuck net neutrality.
And I could continue with more point, but I don't want to get too political.
Imagine an institution being dependent and biased in exactly the opposite way that fox news is independent and balanced. Imagine a government-independent institution where you join a controlling organ and after sworn in you are invited to 2 after-meetings at the same time. One invitation comes in a red letter the other in a blue letter. Yet everybody has to be independent because that is what it is supposed to be. Germans can be very very stubborn about that.
this is sorta incomplete and wrong but I think gets you the taste for the setup? If not complain in the replies :)
* Old Androids are not repairable because they're shit, not because a megacorp works hard to make repair impossible
* Old Androids may be hacked by a pegasus-like software (just like most new smartphones anyway), but at least the operating system does not lock you into its own closed ecosystem.
You may disagree, and correctly, because it's in part irrational, but many Europeans just dislike Apple and consider Android a more open/free ecosystem.
If you run like that it doesn't matter what phone you use and your privacy and openness arguments are moot.
Based.
Fsk Apple. Soy aah
I mean, same as in most countries taxpayers effectively sponsor government propaganda.
But it's possible it's just my personal bias.
Also, what I'm not sure, I'm trying to find out, if there was a change in the last 1 or 2 decades, or was always like that. Like now, except for things like you here a siren and cars open like Moises opened the water, in many other things, seems to be not more organized that any other country. Hell, sometimes compared with Bangladesh seems to be lagging behind (point example: birth certificates)
France is certainly better
However, I remember the anecdote of how France has two different companies for the trains and trainstations. The first ordered trains which were a little bit to wide for the trainstations, due to a miss communication.
When I read about this, I thought „this could have been Germany too.“
I get it - a 2026 "hackers" campaign for binging yt. And in case you haven't noticed: appealing to the net neutrality debate of the last millenium is meaningless with just a bunch of monopolists left on the net profitting of vast public investments. The kind of thing traditionalist "hackers" in it for social recognition would be wasting their time on.