Consolidation of Email Platforms Bad for Email?

Rob McEwen rob at
Tue Sep 8 15:25:45 UTC 2020

On 9/8/2020 10:59 AM, Matt Harris via NANOG wrote:
> Once you get into that small club, it's just as hard to get kicked 
> out, and unfortunately that means that if abuse, UCE, etc is coming 
> from those hosts, they've got an even higher chance of hitting your 
> inbox. So while in theory it might work the way you're thinking, in 
> practice it hasn't because once you are in that club, a lot of the 
> financial motivation to prevent abuse of your service - that is, inbox 
> deliverability for your client base - goes away.


Likewise, we're at a point now where if a criminal phish or virus comes 
from the largest few email hosters, and you provide them emails with 
full headers - the accounts do NOT get shut down. They literally don't 
think this is their problem. And likewise, data storage sites 
(GoogleDrive, OneDrive, etc) from the largest providers often will host 
malware for weeks or months without being shut down - or the malware at 
least persists for many days after being reported. The same is often 
true for their redirectors.

Wwhat is frustrating is that the long-standing industry standard of 
"you're responsible both for what you both send and host - even if the 
malware wasn't intended" - seems to be lost.

Likewise, back in the spring months of 2018, google's "goo[.]gl" 
shortner went crazy for a few months, and was being MASSIVELY abused by 
spammers, and was being used as an "end run around" URI DNSBLs (SURBL, 
URIBL, ivmURI, DBL). I collected 15K examples of abused shortners that 
were "live", and sent those to Google. At the time I sent those, only 
about 500 of that 15K had been shut down. What was infuriating was that 
80% of these 15K shortners were pointing to only 12 spammer's domains. 
These should have been trivial to prevent!

The OTHER infuriating thing was that my INITIAL response from my 
contacts at Google was - (I paraphrase) "other spam filters should just 
follow the redirect, and block these spams based on the URI it redirects 
to" - WOW! I sent them a very stern email about that. (and for 
comparison, abused Bitly shortners were mostly getting shut down within 
2 hours - so "everyone does it" was NOT a decent excuse!)

Like I said - the long-standing industry standard of "you're response 
both for what you both send and host - even if the malware wasn't 
intended" - seems to be lost on some of these large providers.

Thankfully, this had a happy ending. After some "tough love" - Google 
replied back and said (I paraphrase), "we were planning on shutting that 
down - or at least shutting down the ability to add new ones - and due 
to your feedback - we're going to push that up a few months" - and so 
soon afterwards, they finally did terminate those 15K shortners - and 
stopped allowing new ones. So this is to Google's credit - but the 
problem had persisted for months - and it seemed like a lot of 
cultural/industry standards in the Internet Security industry seemed 
lost on them.

Sadly, while this situation had a good ending - similar problems with 
the largest providers persist. At the same time, they sure can be 
draconian in how they block smaller providers who had a rare and 
short-lived security incident. The hypocrisy is incredible. For example, 
Microsoft will sometimes *permanently* block a small email hoster for a 
short one or two hour compromised email account situation that caused 
spam to be sent from that small hosters - but that was quickly fixed - 
even if that hoster sends MUCH legit email. It almost FEELS like 
extortion - since many of the IT people running those small-ish servers 
sometimes get frustrating - and move their email to the cloud - and then 
guess who OFTEN gets their email hosting business?

-- Rob McEwen, invaluement

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list