Setting up is easy, maintaining and responding to all the blocks you may get is ongoing and simply cumbersome. That is what people are referring to when they say its tricky.

You may wake up one morning, and find your host is blocked through association (if you are lucky - some hosts will simply silently swallow your mail - i.e. it never arrives and you dont know about it). You can apply for removal in some cases (and wait for it to update before you resend), and in other cases find your hosts entire subnet is blocked, resulting in you having to set up another server on a different subnet in order to relay your email.

There are ways around a lot of this, but hosting on AWS/DO/Etc not having your own assigned subnet, etc, will most definitely result in the above when you least want it to happen.

Of course SPF and DKIM were supposed to alleviate the need for these IP based blocks, but the reality is that they haven't changed a thing when it comes to sending email to large hosts.

Thats why we say its tricky.