[patio11]

Right.

Email has essentially converged on a patchwork ad-hoc net-wide implementation of a few of the proposals lampooned in the famous Slashdot copy/paste thing. Small businesses who are serious about getting their mail delivered pay what amounts to a delivery tax. The difference is it is not actually a tax, it is just a per-piece rate paid to a mailing service that keeps up with all the SPF records, feedback loops, blacklist monitoring, etc for us. However, considered from the perspective of the firm, it is essentially a tax, and it means that people paying a penny or two per email end up trustworthy. Everyone else is left in the email wild west, where they either have massive amounts of physical and reputational capital (Amazon et al) and get their mail accepted for free, or they're almost certainly trying to spam you (statistically speaking).

This is strongly related to strong centralization of email. I just had my 20,000th email submitted yesterday. Of those 20k, over 12k belong to just 10 domains. Even that overstates the diversity of spam squashing strategies, since most of the domains eventually use the same RBLs, etc.

[viraptor]

> "Everyone else is left in the email wild west"

In my experience some anti-spam organisations seem to want to keep that area wild. Or they just don't see the standard problems from their high horses. I get most of my servers listed as dynamic at least twice a year just because the ISP happens to provide residential dynamic DSL in the same netblock. And I can't change the rDNS of course, because the ISP doesn't allow it for people with ranges smaller than /28. Good luck explaining the situation to sorbs or people who block based on sorbs' dynamic list unconditionally.

[sailormoon]

Yeah that sucks. But you have to admit their reasoning is pretty sound.

The minimum "credible" IP suitable for duty as an email server is probably a cheap VPS somewhere.

[mschy]

I've had /23s and /22s listed as dynamic incorrectly, and anti-spam organizations wouldn't take them off even when they were either SWIPd through to my company, or were in my ASN.

Getting off the lists is an enormous pain in the ass. They make absurd demands, like changing the rDNS on every single IP in the block to contain the word static.... as though breaking rDNS is a good idea.

[sailormoon]

Argh. Well that's pretty indefensible. There must be some reason, though - you probably had the bad luck to take over a block that had previously been blacklisted.

That "static" thing is just stupid. God I wish ISPs would just standardise on putting "dyn" into the rDNS of their dynamic IPs though. That would solve so many problems.

[mschy]

you probably had the bad luck to take over a block that had previously been blacklisted.

That's exactly what happened. It was apparently dial-up space many years ago.

I say many, because the space in question has been under my control since 2005, and it's STILL on the dynamic ip list, despite a roughly annual attempt to get de-listed.

[sailormoon]

Everyone else is left in the email wild west, where they either have massive amounts of physical and reputational capital (Amazon et al) and get their mail accepted for free, or they're almost certainly trying to spam you (statistically speaking).

Hm. I've been involved with the mail servers of a few small businesses and I don't think it's as bad as you're implying. SPF isn't hard to set up, the RBL systems seem to work pretty well, and if you're sending from a stable IP/domain with a few years on the clock and no history of abuse, your mail will usually get through.

I view those for-pay mailing companies as being necessary only if you're sending out something a little spam-like but not spam, like opt-in mailing lists or marketing material or something that might otherwise look a lot like spam. But for regular mail I don't think it's at all necessary.

[wooster]

"your mail will usually get through"

Not in my experience. I have been on both sides: sending mail, and implementing IP based filtering. It's a clusterfuck.