<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div dir="ltr">On 08.09.20 16:59, Matt Harris wrote:
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>The positive is that it a small club can establish ground
rules for how they will handle various forms of attacks,
including BGP hijacking, DKIM, SPF, and other forms of
validation to identify fraudulent mail, etc. [...] They
can also very quickly spot new attack trends.</p>
</div>
</blockquote>
<div>
<blockquote type="cite">In theory, but the current state of
what's coming out of sendgrid implies otherwise. </blockquote>
<br>
</div>
<div>It's not theory but history. They have spotted those sorts
of trends quickly in the past (see below). They may not tell
you they have spotted the trends.<br>
</div>
<div><br>
</div>
<blockquote type="cite">
<div>Once you get into that small club, it's just as hard to
get kicked out, and unfortunately that means that if abuse,
UCE, etc is coming from those hosts, they've got an even
higher chance of hitting your inbox. </div>
</blockquote>
</div>
<div class="gmail_quote"><br>
</div>
<div class="gmail_quote">This depends on the nature of the
incident, but if their evil bit gets set and if their size is
Size XL, then it is indeed hard to give them the boot.<br>
</div>
<div class="gmail_quote"><br>
<blockquote type="cite">
<div>So while in theory it might work the way you're thinking,
in practice it hasn't because once you are in that club, a
lot of the financial motivation to prevent abuse of your
service - that is, inbox deliverability for your client base
- goes away. </div>
</blockquote>
</div>
</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">I disagree, but we aren't going to debate incentive
models here. Suffice it to say that the big guys spending money
on this, as they do, belies your point. A good example was one
such very large provider tracking hijacked BGP announcements and
then releasing that information to shut down a huge swathe of
sources all at once.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">However...<br>
</div>
<div dir="ltr"><br>
<div class="gmail_quote">
<blockquote type="cite">
<div>That deliverability isn't likely to change for the
negative on any scale that you care about once you're "in".
But to be "in" you have to be at a huge scale. The small
players are the ones who get hurt, and spam still gets
through just fine only now via different means.</div>
</blockquote>
</div>
<div class="gmail_quote"><br>
</div>
<div class="gmail_quote">Yes. That was why I said that there is
good and bad. Were we to take this to extremes, we see why FB
can curate their messages and keep spam to a bear minimum, as
they really do control the horizontal and the vertical (two
sided market).<br>
</div>
<div class="gmail_quote"><br>
<blockquote type="cite">
<div><br>
</div>
<div>Also oligopolies in general are bad for everyone except
the owners thereof and should be discouraged on principle. </div>
</blockquote>
</div>
<div class="gmail_quote"><br>
</div>
<div class="gmail_quote">Not that I disagree (this comes to you by
way of my dinky little VM), but that's not the topic at hand.</div>
<div class="gmail_quote"><br>
</div>
<div class="gmail_quote">Eliot</div>
<div class="gmail_quote"><br>
<div><br>
</div>
</div>
</div>
<blockquote type="cite"
cite="mid:CAHdm834gM5su5yHNLeJUOOdNnbw-nufaRCkHchn8EQF8cvcr1w@mail.gmail.com"></blockquote>
</body>
</html>