| ▲ | ttul 5 hours ago |
| I run an email sending service at scale (billions of messages per month, tens of millions of end users, thousands of customers). Most of our software development and operational effort revolves around abuse mitigation. That has been the case for 15 years. It's a cat-and-mouse game with two different mice: the senders, who are constantly trying to figure out how to get you to deliver their garbage; and the receivers, who are constantly trying to figure out how to block it. We're stuck in the middle. It's hard to appreciate how difficult this battle is when running at scale. |
|
| ▲ | embedding-shape 2 hours ago | parent | next [-] |
| Right, I won't disagree with any of that, but I'm not sure how it's related to what I wrote either. Maybe I should have been more specific that I'm talking about hosting your own email, not hosting emails for others, which brings out a lot of other types of problems. |
| |
| ▲ | ttul 2 minutes ago | parent [-] | | Apologies. When you said "email services" I thought you were implying "email services for use by others". Yeah, you can definitely run your own mail server in 2026 and I think the internet community should always strongly endorse being able to do so. Unfortunately, large email receivers have to make do with imperfect signals when making filtering decisions, and your traffic from a lonely IP that happens to have a bad neighbour might get blocked as collateral damage. One long term hope: That domain name reputation eventually overtakes IP address reputation entirely. |
|
|
| ▲ | pbronez 5 hours ago | parent | prev [-] |
| What structural changes could we make to improve the situation? |
| |
| ▲ | ttul an hour ago | parent | next [-] | | That is such a great question and there is no easy answer. There have been enormous efforts to do better for at least the last 20 years. An entire organization, M3AAWG, was founded for that reason and it meets three times a year, bringing together all the people that matter for making the situation better. It's a great organization and the people are all really smart and awesome. The IETF is no slouch either, coming up with excellent new standards and improving existing ones, such as the recent update to DKIM. That's about as good of an answer as I can provide: keep sending smart people to the conferences! | |
| ▲ | edoceo 4 hours ago | parent | prev | next [-] | | Signed senders? | |
| ▲ | b112 4 hours ago | parent | prev | next [-] | | It's simple, there's a standard, a new one, which takes into account SPF, DKIM, DMARC, ARC, and even DANE along with upcoming and purposed SPKF, DKIM+, DMARC2, and ARCv4. It should fix just about everything. | | | |
| ▲ | jgalt212 4 hours ago | parent | prev [-] | | Hashcash, or BTC. | | |
| ▲ | ttul 33 minutes ago | parent [-] | | I always loved the hashcash concept and actually raised our original funding because of it (our Microsoft angels loved the idea of making spamming more expensive, and our Series A concept was tar-pitting to dissuade botnets). In the context of email sending services, we have a modern version of hashcash that we might at some point turn to. If someone can figure out how to tokenize sending at scale, then senders could pay recipients to open their emails by attaching a "tip" to each message. If even a small fraction of legitimate email recipients altered their mail client settings to route "tipped" messages to their inbox, that would probably suffice to get senders to participate in the scheme. Senders are starved for high quality engagement data. Meanwhile, anything we can do to make spam less likely - on a relative scale - to reach the inbox in comparison to "legitimate" traffic, is a win. |
|
|
