undefined | Better HN

story

0 pointsgwittel6y ago0 comments

Sending at scale is the problem. A provider like Mailgun (aka an ESP), is a huge target for abuse. Free and low priced tiers are tricky since they need to draw in customers, but then get heavily abused.

tl;dr: Abuse ruins it for everyone.

I work on the filtering side of the world so I see a lot of the challenges that even purportedly good actors face. Each provider does better or worse at controlling abuse. These things all have a cost:

* IPs -- You need to send from a variety of IPs. They have warmup time before they can be safely used. One bad guy can burn that IP and everyone who shares. Most ESPs aren't going to have dedicated IPs for each (or those are for high tiers).

* Dmarc/dkim/spf -- Passing validation can be hard since it requires your client to work with you.

* Abuse reports -- Likely huge volume

* Bounces -- They can count against the customer. How much is OK (e.g. AWS SES will cut you off if your bounce rate gets too high)?

* Throwaway account abuse -- Huge issue, this threshold is a simple hammer (so now bad guys need ~10x more throwaway accounts).

* Account takeover -- That good guy is now sending out crap. Now what?

* Post-abuse cleanup -- Good luck going around and working with major providers to get yourself unblocked. Its a huge time sink.

By using Mailgun, etc all of the above becomes their problem. On top of it they'll offer analytics, help crafting content that works in varying mail clients, etc.

A small business type sender doesn't need much of this (other than maybe the technical help). But at some point, the scales tip.

0 comments

webbie9176y ago

^ Couldn't agree more, especially "Abuse ruins it for everyone."

quicksilver036y ago

> IPs -- You need to send from a variety of IPs. They have warmup time before they can be safely used. One bad guy can burn that IP and everyone who shares. Most ESPs aren't going to have dedicated IPs for each (or those are for high tiers).

I'm curious, is that specific to IPv4 or you see the same phenomenon with IPv6 where providers allocate /64 or /48 to customers? Or there simply isn't enough sending volume from IPv6 at the moment to warrant specific filtering?

gwittelOP6y ago

It’s mostly IPv4. The volume over v6 isn’t there.

Blocking via IP on V6 is tricky since it’s not clear what a safe/useful block range would be.

cx42net6y ago

You are right, most VPS provider for instance, don't give just one IPv6, but a full range. One might be able to implement a spamming server with rotating IPv6.

Spamhaus has released a "blocking strategy" for IPv6 to exactly address this issue: https://www.spamhaus.org/news/article/668/spamhaus-releases-...

j / k navigate · click thread line to collapse