2011-10-05
Understanding the motivations of mail service vendors
From a comment on my entry about how modern mailing services should work:
Like any paid service, if they are not providing good service, like letting spam through, people will move to another one who does block spam better. This is their incentive to deal with spam.
This is a common misunderstanding of the incentive structure in operation.
This is not an incentive to deal with spam, this is an incentive to not get blocked. The two are very much not the same thing. Very few people who use a mailing service care very much about whether or not it sends spam; instead, they care about whether it can deliver their email mailouts (and do so without having them scored as spam by the recipients). No one is actually paying the mail service to not deliver spam, so it has no direct incentive to do so; if anything the straightforward incentives go the other way, towards giving spammers the benefit of the doubt so that they keep paying.
(There is some indirect incentive, in that people sort of care about your overall reputation and your overall reputation is affected if websites have lots of stories about how you are a big spam source and have a spam problem.)
For many mail service providers, trying to block spam is one of the most cost effective ways of keeping your mail delivery rates up. However, if you are big enough you become like GMail, Hotmail, and Google Groups; you are too big and popular for anti-spam systems to block unless you become a truly epic emitter of spam. At this point providers lose much of their business incentive to block and reduce spam.
(Note, however, that every mail service provider does less than they could to block spam through their service because every MSP knows that if they adopted full best practices, they would go out of business because customers would find them unattractive. This should not be surprising.)
Nor do mail service providers have a real incentive to refuse to do business with all spammers. Some spammers make unattractive customers (they are unsavory, a big support burden, may attract legal attention, and are high risks to cheat you on payment). However, some spammers make very attractive customers; they pay on time and well, they don't cause you support headaches, they're reputable businesses, and so on. They just send UBE and want you to send it for them. See many examples (and also).
You may appeal to moral qualities as part of the 'incentive' that providers have to deal with spam, ie that they really intrinsically care about not sending spam and are not merely doing it because of business needs. However, mailing service providers (and their employees) have consciously chosen to enter a line of business that draws spammers to it and intrinsically enables spam. It's hard to avoid the conclusion that they consider some degree of spam a necessary evil in order to make money; from there, to misuse an alleged Winston Churchill witticism, it's only a question of how much spam.
2011-10-03
My idea of how a modern mailing service should work
From one perspective, I can totally understand why small companies want to outsource handling outgoing mail to a dedicated mail provider. The days when you could just install a MTA, plug in some settings, and be done are long over; these days doing a decent job of sending mail and getting it delivered to as many places as possible requires a significant amount of specialized expertise, and the expertise goes up if you want to use HTML mail. You could learn all of this, but why? It's better to outsource and let full-time specialists handle it for you.
On the other hand, as a sysadmin on the receiving end of these mail services I have some issues. Specifically, they get abused by spammers and they have a strong incentive to spend as little money as they can get away with on preventing this (money spent preventing spam is pure expense). On average, the only contact I have with a mailing service is being sent some form of spam (there are many mailing services and I don't sign up with very many places that use them).
Thus I have formed a theory about how such a modern mailing service should work: normally and by default it should proxy outgoing email through your server, using a dedicated proxy agent (not an MTA that you set up). All of the hard work would still be done by the mailing service on their machines and you would continue interacting with them as normal; it's just that the final delivery would emerge from your machine, on your IP address, instead of directly from one of their IP addresses.
The advantage for everyone is that this would make your mail unambiguously your mail, and avoid any contamination with other people who are also using the mailing service provider. The mailing service provider would effectively become less of a provider of mail and somewhat more a provider of mail handling software (and expertise), software that just happened to run on their servers as a service.
This clearly doesn't work for everyone in all situations, so the mailing service would still have an option to send out the mail for you. But I think that 'the mail comes out your IP address' should be the default starting case.
(Since this is the era of running companies out of AWS, it's possible that I'm drastically underestimating how many people would need the mailing service to send out email for them; maybe you simply can no longer assume that people have dedicated IP addresses in address space that hasn't been badly abused and contaminated.)