Cloudflare's Mail Servers?

Hi all πŸ‘‹, So I was reading the Cloudflare website here: https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/ and it said that SPF records should follow this format:
v=spf1 ip4:192.0.2.0 ip4:192.0.2.1 include:examplesender.email -all
v=spf1 ip4:192.0.2.0 ip4:192.0.2.1 include:examplesender.email -all
How can I include Cloudflare's mail servers though? What should I write for that? I couldn't find any documentation specifying what should be typed. ChatGPT said: include:spf.cloudflare.com but I'm not sure if that's correct?
111 Replies
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Additional info:
X-FEAS-SPF-Spam: spf-result=fail, ip=35.89.44.37, helo=omta38.uswest2.a.cloudfilter.net, [email protected]
X-FEAS-DKIM: Valid
Authentication-results: afimail1.e.n.a; spf=fail (e.n.a: 35.89.44.37 is not permitted sender for domain of [email protected]) [email protected]; dkim=pass [email protected]
X-BM-Spam-test-Result: TRUE
X-SPF-Spam-Reason: SPF Failure
X-FEAS-SPF-Spam: spf-result=fail, ip=35.89.44.37, helo=omta38.uswest2.a.cloudfilter.net, [email protected]
X-FEAS-DKIM: Valid
Authentication-results: afimail1.e.n.a; spf=fail (e.n.a: 35.89.44.37 is not permitted sender for domain of [email protected]) [email protected]; dkim=pass [email protected]
X-BM-Spam-test-Result: TRUE
X-SPF-Spam-Reason: SPF Failure
The reason I believe Cloudflare's mail servers has something to do with this is due to the above whenever I send mail ^
Chaika
Chaikaβ€’9mo ago
Cloudflare's mail servers would only be involved if you were using Cloudflare's Email Routing What email service are you using? You should have them in your spf record
/bin/son-arg
/bin/son-argOPβ€’9mo ago
It seems like 35.89.44.37 is one of Cloudflare's mail servers. I actually whitelisted that IP address by adding it to my SPF record, however, new IP addresses kept showing up thereafter, and I can't keep whitelisting IP addresses Hmm, I see I'm using HostGator
Chaika
Chaikaβ€’9mo ago
no 35.89.44.37 is an AWS IP, looks like for proofpoint?
Chaika
Chaikaβ€’9mo ago
Proofpoint
Messaging security for evolving threats | Cloudmark EN
Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.
Chaika
Chaikaβ€’9mo ago
they should tell you what SPF and DKIM records to add then
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh, I see. How could you tell which IP address is associated with which company? Here is another one:
X-FEAS-SPF-Spam: spf-result=fail, ip=44.202.169.37, helo=omta038.useast.a.cloudfilter.net, [email protected]
X-FEAS-DKIM: Valid
Authentication-results: afimail1.e.n.a; spf=fail (e.n.a: 44.202.169.37 is not permitted sender for domain of [email protected]) [email protected]; dkim=pass [email protected]
X-BM-Spam-test-Result: TRUE
X-SPF-Spam-Reason: SPF Failure
X-FEAS-SPF-Spam: spf-result=fail, ip=44.202.169.37, helo=omta038.useast.a.cloudfilter.net, [email protected]
X-FEAS-DKIM: Valid
Authentication-results: afimail1.e.n.a; spf=fail (e.n.a: 44.202.169.37 is not permitted sender for domain of [email protected]) [email protected]; dkim=pass [email protected]
X-BM-Spam-test-Result: TRUE
X-SPF-Spam-Reason: SPF Failure
The IP address is 44.202.169.37 this time. What is proofpoint btw?
Chaika
Chaikaβ€’9mo ago
there's various IP lookup tools and such: https://www.ip-tracker.org/lookup.php?ip=44.202.169.37
44.202.169.37 IP, Location: Ashburn, United States US
IP: 44.202.169.37 / AS14618, Type: IPv4, Hostname: omta038.useast.a.cloudfilter.net, IP Location Information: Ashburn, Virginia, United States US
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Yeah, the message shows: cloudfilter.net and when I go to that site, it redirects me to this page you linked here
Chaika
Chaikaβ€’9mo ago
on linux you can just do whois <ip> and get a more authoritive answer to who the ip block was assigned to but regardless you should look in or ask Hostgator what SPF and DKIM records you need for their email service, would be the fastest way there is going to be some simple list you can just include
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I see
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Yeah, I got it:
No description
Chaika
Chaikaβ€’9mo ago
it's not going to be Cloudflare's spf list CF doesn't do email proxying or anything, at most email forwarding and that's largely receive only, if you're sending out mail manually it's via some other avenue
/bin/son-arg
/bin/son-argOPβ€’9mo ago
But when I added include:spf.cloudflare.com, mail started going to my inbox instead of spam. It doesn't go to spam anymore. How come this worked?
X-FEAS-SPF: spf-result=perm-error, ip=44.202.169.39, helo=omta040.useast.a.cloudfilter.net, [email protected]
X-FEAS-DKIM: Valid
Authentication-results: afimail1.e.n.a; spf=permerror (e.n.a: 44.202.169.39 is neither permitted nor denied by domain of [email protected]) [email protected]; dkim=pass [email protected]
X-FEAS-SPF: spf-result=perm-error, ip=44.202.169.39, helo=omta040.useast.a.cloudfilter.net, [email protected]
X-FEAS-DKIM: Valid
Authentication-results: afimail1.e.n.a; spf=permerror (e.n.a: 44.202.169.39 is neither permitted nor denied by domain of [email protected]) [email protected]; dkim=pass [email protected]
This time it says: neither permitted nor denied Before it said it's not permitted period?
Chaika
Chaikaβ€’9mo ago
spf is only a factor in rejecting email. If you have both dkim/spf it only needs to pass one (And whatever arbitrary spam stuff the provider uses) sounds like you might have broken your spf record
permerror (Permanent error): Inability to correctly interpret the domain’s published records.
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Yeah, I do indeed have DKIM set up Oh damn Dang, so did my SPF record actually have a better configuration before? πŸ˜…
Chaika
Chaikaβ€’9mo ago
well it was actually parsable before and knew that ip wasn't in the list it looks like the actual spf record for cf email routing is _spf.mx.cloudflare.net , there's nothing on spf.cloudflare.com, probably why the permerror
/bin/son-arg
/bin/son-argOPβ€’9mo ago
dkim=pass
SPF Failure
Btw, you said it only needs to pass one, how come here it passed 1 but still went to spam?
Chaika
Chaikaβ€’9mo ago
well I did also say
(And whatever arbitrary spam stuff the provider uses)
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh, I see
Chaika
Chaikaβ€’9mo ago
for dmarc to pass you just need dkim/spf but there's no hard rules on what exactly each provider does iirc just recently google and outlook said they were going to hard require dkim email is a messy game
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I do have DMARC set up too, yes. Is that DKIM and SPF or DKIM or SPF btw?
Chaika
Chaikaβ€’9mo ago
or
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Right, true πŸ˜… I see.. is there a way to check the rules the email provider specifies? Probably on their website?
Chaika
Chaikaβ€’9mo ago
I don't think any of that is public and I believe for a lot of them spf/etc failures are just scores that get calculated your problem is the same though, still need to find the right spf list for your email provider
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Right
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Right, yep
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Crazy thing is, it says valid: πŸ’€
No description
Chaika
Chaikaβ€’9mo ago
can you click manage and get it to spit out the spf anyway? or maybe I should ask, how exactly are you sending emails, directly from hostgator's provided stuff?
/bin/son-arg
/bin/son-argOPβ€’9mo ago
No, using Thunderbird/Outlook And yeah, I'll try that
Chaika
Chaikaβ€’9mo ago
hooked up via imap/pop3 with their email offering?
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Yeah, using IMAP/POP3 Thunderbird detected the config automatically
/bin/son-arg
/bin/son-argOPβ€’9mo ago
This is the next page it shows, same thing:
No description
Chaika
Chaikaβ€’9mo ago
yea it looks like the single ip they provide is where all mail coming out of their service should originate
/bin/son-arg
/bin/son-argOPβ€’9mo ago
And when I click customize on the SPF value, this is the next page that shows up:
No description
Chaika
Chaikaβ€’9mo ago
I would question what your thunderbird/outlook config is like. imap/pop3 is only a protocol to get mail, not send it
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Where's the single IP they provide? I see, 1 sec
Chaika
Chaikaβ€’9mo ago
the one you blurred 192.254.25 something
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Here is the config:
No description
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Is that important to blur btw? Or not really?
Chaika
Chaikaβ€’9mo ago
not really since its the outgoing mailserver anyone you email would get it
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Ah, mb then
Chaika
Chaikaβ€’9mo ago
yea that looks fine and as per their setup guide it's just curious then if you send an email out, it comes from a different IP then they say it will
/bin/son-arg
/bin/son-argOPβ€’9mo ago
It seems breaking the SPF record actually fixed it πŸ˜„ Oh yeah Well.. put a bandage on it perhaps we could say.. Interesting..
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh, I forgot to mention I'm using Cloudflare, here are my email stuff in case that's helpful?
No description
/bin/son-arg
/bin/son-argOPβ€’9mo ago
And yeah, you're totally right Amazon is sending email on my behalf I would have expected HostGater to do the work (of sending the email) right?
Chaika
Chaikaβ€’9mo ago
well it's perfectly reasonable for them to use some third party for the email sending IP reputation is hard but you'd expect that to be properly whitelisted and included in the provided spf record
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Right, yes So I'm thinking.. is it worth it to manually add all of Amazon's IP addresses? πŸ˜„ Or is that not gonna work? Is there a way to add all of Amazon's mail server IP addresses in 1 command? (like a wildcard or something like that) Wdym by this btw? How are IP addresses hard? I think this might be a feasible solution?
Chaika
Chaikaβ€’9mo ago
it's not AWS, it's proofpoints or specifically that service aws has 47 million ip addresses that wouldn't work IP Addresses aren't, IP Reputation is. You get one bad neighbor in your block /24 (i.e from 192.255.125.0 - 192.255.125.255) and all other IPs in that range are effected. Additionally if you send out too much spam, your /24 or specific IP will get a bad reputation. So for shared services you have a battle that a single user could poison it all and you need to build up good IP Reputation/sending speeds over time I would just ask hostgator about it tbh, or try sending it from their web ui and see what IP it comes out of, and then ask them "how come.."
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I see.. interesting I see, fair enough, I'll be contacting them for sure, thanks Oh one last thing if I may ask, what's a proofpoint? And "or specifically that service"? I didn't fully understand those 2 points I searched proofpoint up, it's a company? Ah I see. So it's Proofpoint's (the company) mail servers
Chaika
Chaikaβ€’9mo ago
company which offers specific email services yea
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Why does it say Amazon though? Instead of Proofpoint
Chaika
Chaikaβ€’9mo ago
it's an AWS block assigned to proofpoint idk how dmarc management gets the name
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I see. And when you say "block", that would mean: "a range of IP addresses"?
Chaika
Chaikaβ€’9mo ago
yea it's 44.202.169.32/27
Chaika
Chaikaβ€’9mo ago
No description
Chaika
Chaikaβ€’9mo ago
AWS owns the wider block of 44.192.0.0/11 and assigned 44.202.169.32/27 to Proofpoint
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Ahh, I see Interesting.. Well, I've got to say, thanks a lot for the valuable info! I woulda thought the issue was fixed (and not broken) otherwise. I'll be sure to contact them and ask them about it in a bit. Hey, @Chaika! Sorry for the ping, but I just wanted to give an update that I did indeed contact HostGator and a representative from their support team gave me this snippet:
v=spf1 +a +mx +ip4:192.254.250.162 +ip4:192.185.224.78 +include:websitewelcome.com ~all
v=spf1 +a +mx +ip4:192.254.250.162 +ip4:192.185.224.78 +include:websitewelcome.com ~all
And it works now. SPF is showing up as PASS now. So I just came back here to ask what was wrong with my old record though? This was my old one:
v=spf1 +ip4:192.254.250.162 ~all
v=spf1 +ip4:192.254.250.162 ~all
How did the +a +mx and +ip4:192.185.224.78 +include:websitewelcome.com additions help resolve the issue if you don't mind me asking? Just trying to understand it here, that's all Oh also, literally nowhere in their documentation didn't they mention anything remotely close to websitewelcome.com lol, so I would've never guessed if I didn't contact them
Chaika
Chaikaβ€’9mo ago
they're including IPs and other lists +a says the A record of this site (on the root) should be allowed to send. +mx says the IP the MX record pointing at should be allowed, and websitewelcome.com says include everything from their list if you look up websitewelcome, you'll find what it's now another list
dig websitewelcome.com txt +short "MS=ms38583564" "v=spf1 ip4:209.17.115.0/24 ip4:64.69.218.0/24 include:eig.spf.a.cloudfilter.net include:spf.websitewelcome.com include:spf1.websitewelcome.com include:spfgwp.websitewelcome.com include:_spf.google.com include:spf.protection.outlook.com -all"
and that list includes one of particular interest:
dig eig.spf.a.cloudfilter.net txt +short "v=spf1 ip4:35.89.44.32/29 ip4:44.202.169.32/29 ~all"
which contain the IPs you mentioned originally like "35.89.44.37"
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Woahh, that is effectively a huge number of IP's allowed to send on my behalf isn't it?
Chaika
Chaikaβ€’9mo ago
I wouldn't be worried about the number of IPs, but the number of parties involved which is including outlook, gmail, and a few others
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Ohh interesting...
Chaika
Chaikaβ€’9mo ago
that is really not typical though, usually you just have one list per email service and they just have a few IP Blocks, their setup is def not the most secure/non-typical
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh wow, is this bad? Oh wow, I see
Chaika
Chaikaβ€’9mo ago
ehh I mean in order to even use those services they do validate you have control over the domain first
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I'm definitely open to move. Is there another hosting service you'd recommend? Can I move to Cloudflare or no?
Chaika
Chaikaβ€’9mo ago
Do you have issues with their hosting, or just with their email service?
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Ngl, their site seems a bit scammy in general They're always throwing offers in my face before right when I login
Chaika
Chaikaβ€’9mo ago
Cloudflare doesn't have an email service (for sending/storing), I use and love Fastmail personally, it's paid though and separate. There are other options such as ProtonMail, Google Workspace (or whatever they call it now,)
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh, hosting and email are 2 separate things?
Chaika
Chaikaβ€’9mo ago
yep completely
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I see
Chaika
Chaikaβ€’9mo ago
Your MX Record is where your mail goes to. Your spf/dkim/dmarc configure outbound sending. Web Traffic goes A/AAAA record ex. I use fastmail on all of my domains, and mostly Cloudflare/Cloudflare Pages/etc for hosting
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Perfect setup. I'm defo gonna read up on their docs when I get back home. Thanks a bunch! Oh and 1 last thing, does Cloudflare support hosting a backend? Since IIRC, Pages is for frontends only right
Chaika
Chaikaβ€’9mo ago
Strictly speaking yes. But it's restricted/not exactly normal. No php or anything like that, they have Workers for serverless code, which are primarily in Javascript in a web worker/web like environment. Pages can use Functions which are essentially Workers are well
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh so no C# or Rust backends permitted?
Chaika
Chaikaβ€’9mo ago
They don't offer typical hosting or vps's or containers, just Workers. It's for a reason - because they force a specific environment onto you they run on every single Cloudflare edge (some 250 cities) and every datacenter (some 500), right there, on the machine your request first hits. Nothing inbetween, no need to worry about scaling, etc Right. There is #πŸ¦€rust-on-workers but it's all non-typical, Workers don't run a web server or anything, they just get handed the request and have to return a response. Thus rust on workers is a lot of JS interop to get it all to flow Maybe it helps to explain: Workers run using the V8 Javascript Engine, same as Chrome, and they run as Isolates, a lightweight isolation, much lighter then something like a container. Rust on Workers thus is just Web Assembly like you would run in a browser
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh wow, okay, I see. I'll defo be reading up on those docs too then. When you say "non-typical", I assume you mean Cloudflare handles hosting backends differently than how other hosting services host them? Are there any other solid hosting services you recommend which hosts in a more "typical" way in case the Rust on Cloudflare doesn't work out? Ah, okay, I see So I wonder if a WASM backend would be more performant than a normal backend? Or what metrics should we be looking at here?
Chaika
Chaikaβ€’9mo ago
When you say "non-typical", I assume you mean Cloudflare handles hosting backends differently than what other hosting services host them?
Well usually when you use something, let's say Azure App Services which you can just upload a c# asp.net core api to, it's just a container under the hood, and connections go pretty directly to it. You might put a CDN/Front door in front of it, but if you don't you're pretty much just hitting your web server. Workers are part of CF's stack. To reach a worker, you have to go through the normal CF Proxy (nginx with a bunch of customization). You'll always have the full cdn/waf/etc in front of your Worker. Then on that exact same machine that received the request/would normally proxy it, it runs your worker code. Every machine in every CF data center can run your worker, and there's no particular affinity to one besides keepalive. They call it their homogeneous deployment because of it, there's no LBs routing requests to specific Workers, nothing in the middle. But you pay for it in size (must be very small, paid workers can only be 10 MB), needing fast startups, and such WASM/Rust would be less performant then normal JS on a simple test. If you were doing a ton of allocations and extensive stuff then maybe not, but the key bit is it's still all Javascript at the start and finish, it's just doing a lot of interop to give Rust the request and provide all the normal methods, etc
Are there any other solid hosting services you recommend which hosts in a more "typical" way in case the Rust on Cloudflare doesn't work out?
Hetzner Cloud is great for VPS's/simple hosting. If you wanted something more managed, maybe fly.io? I don't have that much experience with fly, but can say I've heard nothing but good things about Hetzner's reliability and have a few VPS's with them, never any issues. Super cheap too, espec their ARM instances in Germany if the location works and the architecture works for your app.
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Ah, understood Awesome, thanks a bunch! Your info has been invaluable
Chaika
Chaikaβ€’9mo ago
Pretty much my preferred stack is C# ASP.Net Core on Hetzner Cloud & Postgres, throw Cloudflare in front of it, and then use CF Pages for the front end/glue things together with Workers. Works well
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I'll be sure to check Hetzner too
Chaika
Chaikaβ€’9mo ago
Some people go all in with backend logic in workers/functions, and you totally can, CF has products like D1/KV/R2 for storage/database/etc, but I like to have more control and familiar stuff lol
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Just searched Hetzner up, defo the first time I might be using a non-American company, that's cool too though lol
Chaika
Chaikaβ€’9mo ago
They have Cloud locations in the US, not ARM though
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh you mean backend could be on Hetzner and database on CF? I guess at that point, everything's gonna get kinda "separated" though? Or na, it's still cool?
Chaika
Chaikaβ€’9mo ago
I wouldn't do that, latency would be an issue. I was saying you could go with your backend in Workers and using D1 as a Database. I do that for a few projects
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Ah right right That makes sense Wdym by "ARM" here btw?
Chaika
Chaikaβ€’9mo ago
D1 is CF's SQLite offering, I like it and use it for some things but it's a single-threaded isolate at the end of the day, it'll melt with a few hundred requests/second, which you may never meet but still eh. I just like the more traditional approach of postgres and an api on the same vps, really low latency, postgres can scale like crazy and hetzner cloud always lets you rescale your instance ARM Architecture Traditionally all servers/PCs are x64
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh okay, gotchu gotchu
Chaika
Chaikaβ€’9mo ago
However there's some really efficient and cheap ARM processors like Ampere coming out lately, lots of memory capacity too. Allows hosts like Hetzner to offer good discounts on resources. Just need to be able to run/compile your app in that architecture
Chaika
Chaikaβ€’9mo ago
for example ARM Hetzner
No description
Chaika
Chaikaβ€’9mo ago
vs x64
No description
Chaika
Chaikaβ€’9mo ago
pretty much twice the resources across the board. ARM (and their Ampere processors/cores) can be a bit slower at some things but not slow enough to make up that difference For some apps like stuff in c# it's super simple to compile/make for ARM. For some things it's more difficult, depends. If you can take advantage of it though, worth it
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Wait isn't this cheaper though? I thought it was said that ARM was cheaper? Ah I see
Chaika
Chaikaβ€’9mo ago
look at the resources. 8 euros with Ampere/ARM gets you 4 vcores/8gb ram/80gb disk, you pay nearly 9 euros for 3 AMD vcores/4gb of ram/80gb disk ehh that's closer to the same, if you look at the cheapest option though it's double
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh~ my bad Jeez, conversing on phone sucks and is so slow to type πŸ˜…
Chaika
Chaikaβ€’9mo ago
those are prices with VAT on as well, a bit cheaper without
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Oh btw, I read an article on Cloudflare regarding serverless. Are those cool or do you prefer traditional servers?
Chaika
Chaikaβ€’9mo ago
They're cool regardless and can be super useful for gluing things together/simple applications and such
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Yeah, Hetzner honestly looks absolutely solid
Chaika
Chaikaβ€’9mo ago
for bigger applications (a lot more logic/requests processed/etc) I prefer traditional servers, just my preference, I like more control/visibility, and it tends to be cheaper if you have any meaningful volume of requests Workers themselves are super cheap though, and can scale from 0 to a million requests/instantly That's just for my personal stuff at least. For work stuff, I work at a small company and I serverless everything, like Azure App Services/Functions/Managhed SQL and such, because I do not want to be responsible for maintaining infrastructure for them/outages/etc. Worth paying the extra cost for piece of mind and ability to blame someone else. Always another side to it.
/bin/son-arg
/bin/son-argOPβ€’9mo ago
I see, really great points being made here.. I appreciate you taking the time, I'll be learning more and reading docs on these in a bit. I'll be sticking around this Discord for sure Hehe, that's a really good point there πŸ˜„, I would defo do the same
Chaika
Chaikaβ€’9mo ago
yea and at some point to a company it's just worth it Azure SQL S3 tier is like $150/month for specs/performance I could get out of maybe a $10/month Hetzner vps but for a company (at least in my view) absolutely not worth it to switch anyway, Azure handles backups, scaling, outages, performance/configs, etc, so much piece of mind (should still do backups elsewhere too) the good old "no one ever got fired for picking aws"
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Woahhh, that's incredible
Chaika
Chaikaβ€’9mo ago
well Azure SQL is maybe a bad pick for pricing comparsion, their sql db has really limited iops need to really go up there in tier to get decent disk performance
/bin/son-arg
/bin/son-argOPβ€’9mo ago
So it seems like a tradeoff, if we could manage the things that Azure/AWS/GCP does manually, then going with Hetzner would be much cheaper
Chaika
Chaikaβ€’9mo ago
lol pretty much describes serverless all around sometimes you just can't though, or it's just not worth it. Imagine an ad agency who only gets a few really popular commercials a year
/bin/son-arg
/bin/son-argOPβ€’9mo ago
Right yes, budget constraints That's understandable
Chaika
Chaikaβ€’9mo ago
well my point in that example was that businesses with spikey traffic can really benefit from serverless rather then deploying a bunch of machines to sit idle or having to manually scale up/down pretty typical serverless benefit
Want results from more Discord servers?
Add your server