Thanks to overzealous filtering by mail relays, the small mail server is becoming an endangered species
With some sadness, I have to acknowledge that self-maintained email
services may be destined for the rubbish heap, tossed aside in a
whirlwind of hand-wringing spam and virus concerns, as well as a general
movement to managed email services. The fat lady may not have sung yet,
but she appears to be drawing that fateful breath.
Heck, even mail services running on fiber and leased-line circuits
are problematic. This is due in large part to a vast array of
increasingly strict filtering measures for curtailing spam, phishing,
viruses, and malware by maintaining lists of IP subnets that "shouldn't"
be sending email. The idea is to block mail from consumer broadband
ranges, which you could reasonably argue for. However, large numbers of
business-class subnets inadvertently get included as well, and as we all
know, subnets can move around fairly easily, especially with larger
ISPs.
Besides, using huge lists of IP addresses to block data
transmission is not a great idea anyway. It's the sledgehammer in
surgery approach.
Many
businesses have no need or desire to manage their own mail server, so
they use Google, Yahoo, or even their ISP to handle their messages.
There's nothing wrong with that, aside from the fact that as more and
more businesses use these services, we may eventually come to a point
when a majority of the legitimate email traffic on the Internet will be
sourced from a relatively small number of providers. Even if those
services are measured in the tens of thousands, it's conceivable that
email could become a closed system with only major players allowed. All
others would have to sign up with one of those vendors or risk having
their email discarded out of hand.
As someone who has run his own
mail server for about two decades, I can attest that times are rough for
small servers. I've been seeing perfectly legitimate email -- coming
from a well-configured relay, using SPF (Sender Policy Framework), is
not on any RBL (Real-time Blackhole List), has no spam history or
indications, and is running on a business-class data circuit -- get
silently discarded by destination relays run by large email services.
I've seen other destination services automatically shunt those messages
into spam folders without prejudice, even in the face of users who flag
the messages as nonspam and instruct the system to deliver the messages
unsullied.
I have had more sent email fail to reach the intended
recipients in the past several months than in perhaps the past five
years combined. Multiple senders, multiple disparate recipients, and
even InfoWorld -- I thought my editor was mad at me for a month or so.
All the while, other mail reached other recipients with no problems
whatsoever. It's fickle, impossible to predict or diagnose from the
outside, but it's increasingly causing questions about the suitability
of email in general -- a reality that should make us all uncomfortable.
There
are steps we can take, of course. I could (and will probably have to)
route all outbound mail through my ISP's relay. I'd feel better about
that if everything was encrypted, but that's not the case, even today.
Also, I might need the ISP to relay inbound mail as well, meaning
that all inbound email would need to be processed through its relays
before arriving at my server. That would require configuration on the
ISP's end, possibly a recurring cost, and it would constitute another
point of failure -- one that is completely opaque when troubleshooting.
There
are also no guarantees that the ISP would not implement heavy-handed
filters of its own. It might silently discard legitimate inbound email
to my server, and I would have no way of knowing I was missing email.
All of these possibilities chip away at the already fragile foundation
of email as a valid form of communication.
The fact is the volume
of spam and other unwanted communication via email has dropped
substantially (at least for my server) over the past decade. It's
certainly a problem, but it's not nearly as bad as it was when I collected stats back in 2006.
I'd
like to think that we have much better ways to detect and block
illegitimate email these days than we did back then -- and we do. Maybe
it's time to dispense with the heavy-handed relay rejection and
classification methods so many ISPs and email services still seem to
rely on. Instead, we must remember that SMTP is a field everyone can
play on, no matter the size of their mail spool.
Source: http://www.infoworld.com
No comments:
Post a Comment