Imagine the Internet had begun its life as a proprietary network from a major software vendor rather than evolved as a distributed network shared by researchers. It’s a future that almost came to pass for consumers in the 1990s when walled gardens such as AOL or the original incarnation of MSN were all the rage, but thankfully the world took the Internet course.
Though there are many continuing threats to Internet freedom we can still mostly use the network our way, but with sadness we note that one piece of Internet freedom may have drawn to a close. [Carlos Fenollosa] has written a lament about how the outlook for anyone running their own mail server now looks bleak.
At its heart is spam, or indeed the heavy-handed measures taken by large email providers to combat it. Spotting and canning spam is computationally expensive, so the easiest way to stop a spammer is to recognize their activity and block it at the network level. Thus a large email provider will instantly block large IP ranges when it detects they hold a spammer, with the collateral damage of also blocking any legitimate email servers in the same range such that their mail just doesn’t get through. Since spam is such a widespread problem, as [Carlos] points out it’s less of a case of if your server has this problem, but when. This functions essentially as something of a racket, in which large email providers have the power to ensure that any email not generated from amongst themselves is unlikely to reach any of the millions of addresses under their care, and the only recourse an operator of a small email domain has is to use the services of one of them.
He has something of a manifesto as to how this problem can be addressed, and we think that it’s important enough that you should take a look. Maintaining email as something beyond the control of large providers is too important not to.
19 thoughts on ““The Era Of Distributed, Independent Email Servers Is Over””
My domain never once sent spam, but large ‘free’ email service providers rank it’s reputation as poor. There’s nothing I can do to prevent them flagging my outgoing mail as spam. I think that’s code for ‘we own your information, have monopolised access to it, and will mine it to our ends, and heart’s content’. Go read your Gmail TOS.
Are you implementing DKIM, SPF and DMARC correctly?
No, I’m not and I find that my quality of life is just all that much better for it.
That is your choice, hopefully it also means you won’t complain if others don’t accept your mail.
SPF is only an entry in your DNS, and can completely change the reputation.
Email is broken by design … it dates from a time (like so much about the internet) when neither spam nor the need for secure communications existed.
I wouldn’t say it’s broken, just that the design specifications for functional has changed.
Rebuild a standard with crypto by default (like Gemini), mixing, and whitelist/blacklist like for instant messaging apps.
GPG never took off.
Meanwhile the author complaining of closed systems (author of the article) is asking for comments in Twitter .. which first wants me to log in before even showing any content.
My ISP blocks port 25, so I can’t run an email-server on my devices without resorting to external services to forward SMTP to non-standard ports. I would like to run one, but…
I can foresee the same thing happening with cell phones if the robocall problem is not soon controlled.
To be fair, Big Email didn’t start this.
I ran an independent email server back around 2001. An automatically-applied upgrade mistakenly turned it into an open relay and it was quickly blacklisted by Spamhaus. I fixed the issue within 24 hours and then contacted the Spamhaus mailing list to ask if I could get my blacklisting removed. The answer was, simply, no. I should have been more careful about my email configuration. It wasn’t their fault I’d set up an open relay. Why should they trust what I had to say anyway? And so on.
Big Email’s current methods are simply a continuation of this pattern.
I wanted to comment this on the main post itself, but I’ll just extend yours by agreeing.
The article’s author really has a very narrow view of the email ecosystem and his experience really isn’t sufficient for such generalisations.
Email is older than the internet, some problems stem from that, but the rest is a result of natural evolution of the ecosystem. It’s not a racket, it’s that distributed trust is just incredibly difficult. Most proposals to “solve spam” unfortunately fall short. (There’s a fun short template for testing anyone’s proposal hosted by craphound named spamsolutions.txt)
Self-hosting email has never been easier, but also at the same time never required one to be this careful at establishing and maintaining trust. The big providers give you tools and information about what they check, it really is the small players that are the most finicky, unpredictable and opaque. There are many small, obsolete and low-quality blacklists (like UCEProtect or Backscatterer) that only small players use.
We shouldn’t ring the death knell without reason, like this now.
This has also been discussed in-depth on Hacker News 32720234, 32715437, 32722240
There are so many assumptions or straight up false claims in this article.
First he talks about having to change his MX records and can no longer receive email on his personal server. This has nothing to do with sending email. He can receive email wherever he wants without any intervention.
Then he talks about emails going directly to spam unless they are from some big provider. This is false. Anyone can send emails that won’t directly go to spam if the domain and originating IP address are properly setup with SPF, DKIM and DMARC records.
Then he says how big email providers permanently blacklist whole IP address blocks. Outside of residential/dynamic IPs and maybe IP blocks from certain countries, this just doesn’t happen. It makes no sense to do this since IPs change hands all the time.
I’ve never had a problem with a properly configured email server. By this I mean making sure the IP isn’t currently on any ban lists. If it is, fix that first by submitting removal requests. That is pretty simple to do. Ensure you have reverse DNS configured on the IP. Setup DKIM, SPF and DMARC on your domain. Done.
You’ll only encounter problems after this if you email server starts sending out spam or if your configuration become invalid from some change.
Lets say all the issues he is having are true. That doesn’t mean you can’t still run your own email server. You just need to relay outgoing email through a 3rd party. For any personal server, relaying outgoing email through something like AWS SES is essentially free. There are 10’s if not 100’s of other providers out there that also have free plans that would support 1000’s of outgoing emails a month.
“Anyone can send emails that won’t directly go to spam if the domain and originating IP address are properly setup with SPF, DKIM and DMARC records.”
This is a bold claim, it takes only one counterexample to prove it false. I know of several servers that were properly configured and “just stopped” delivering to gmail at some point.
“I’ve never had a problem with a properly configured email server. […]”
You’re a lucky guy then. I followed the same steps that you have described, to no effect.
“Then he says how big email providers permanently blacklist whole IP address blocks. Outside of residential/dynamic IPs and maybe IP blocks from certain countries, this just doesn’t happen. It makes no sense to do this since IPs change hands all the time.”
I have no information on how the blacklists work, but I wouldn’t be surprised if ranges assigned to cheap VPS hosting were permanently held on a blacklist. Google certainly has resources to follow the IP range reassignments and update the blacklist accordingly.
“Anyone can send emails that won’t directly go to spam if the domain and originating IP address are properly setup with SPF, DKIM and DMARC records.”
This is simply not true, as many small e-mail server admins will attest to. Ever heard of IP reputation? It’s a business, you know.
“Then he says how big email providers permanently blacklist whole IP address blocks. Outside of residential/dynamic IPs and maybe IP blocks from certain countries, this just doesn’t happen. It makes no sense to do this since IPs change hands all the time.”
So they *do* blacklist certain IP blocks? Do you realize you’re claiming that something is happening and is not happening in one sentence? Is this Schrödingers blacklist?
“I’ve never had a problem with a properly configured email server. By this I mean making sure the IP isn’t currently on any ban lists. If it is, fix that first by submitting removal requests. That is pretty simple to do. Ensure you have reverse DNS configured on the IP. Setup DKIM, SPF and DMARC on your domain. Done.”
No, you’re not done. Ever tried lodging removal requests with Microsoft? They’ll claim they aren’t blocking anything *even when you show them their own “550 … is on our block list (S3150)” reply*. Incidentally, there are a lot of people on outlook/hotmail addresses.
“Lets say all the issues he is having are true. That doesn’t mean you can’t still run your own email server. You just need to relay outgoing email through a 3rd party. For any personal server, relaying outgoing email through something like AWS SES is essentially free. There are 10’s if not 100’s of other providers out there that also have free plans that would support 1000’s of outgoing emails a month.”
This is, essentially, what he is saying. You’re forced to use Big Tech or some business to have your e-mail delivered.
Running a proper outbound e-mail server hasn’t been realistic for me for well over ten years. I route what little e-mail I send through my ISP’s outbound gateway. It got more difficult when my large ISP decided to fob all that off on Yahoo, and even more difficult now that it requires you to authorize via HTTPS to get a time-limited cookie of some sort. I still run OS X 10.13 for various reasons including compatibility with old apps, and I have to do a dance to re-authorize it every month or so.
Inbound e-mail is still fine as long as you have a static IP and your own domain. Spam is very much a problem, but became much less so a few years ago when most spammers started using alternative TLDs (have you even heard of .top or .stream?) in their mail configuration. No sane person should be using them for e-mail, so filtering them cuts most of the spam instantly. Beyond that I choose to filter most third-world country TLDs, and I even have .us blocked except for whitelisted domains of a few people I’ve met in person. I only add blocks when I encounter them in spam, so every one is a decision that nothing useful will ever come from that domain or IP range.
I used to use a remote FIOS Business IP address for sending but now I receive in my basement and smarthost out to mailgun for free. I haven’t had any problems AFAIK but it’s only me sending and receiving.
