Re: Consolidation of Email Platforms Bad for Email?

[Caesar Kabalan via NANOG <nanog () nanog org>]

In many ways I see this similarly to the consolidation of browsers, but less consolidated. I think about the advantages 
and disadvantages of the prominence of Chrome (65%), Safari (20%), Firefox/Samsung/Edge/Opera/etc (15%). With Chrome 
we’ve seen Google move the browser and related standards forward through sheer marketshare. CSS/HTML/JS standards live 
and die by Chrome support and that’s both good and bad. They have made great and opinionated strides when it comes to 
SSL/TLS. For example, Google effectively killed Symantec’s certificate business because it was mismanaged. They also 
effectively got rid of EV certs and pushed secure-by-default web server design where HTTPS appeared normal, but 
warnings all over the place for non-encrypted connections. On the other hand, Google is fairly disliked in the privacy 
community and those communities prefer independent Firefox.

For email, I can see similar issues, mostly around security. If Microsoft were to decide security mechanism X is not 
worth the effort they can effectively decide to not implement it. What will internet users do, block all Microsoft 
email services? Conversely they could come up with their own security mechanisms and effectively force the rest of the 
world to adopt it. I do think centralization of email providers provides little potential for negative impact aside 
from operational issues. For example, outages probably have a wider impact due to number of users, but I can’t 
realistically see a scenario where Microsoft/Google does something “bad” with their email platform that affects the 
rest of the ecosystem.

Caesar Kabalan

From: NANOG <nanog-bounces+ckabalan=wlgore.com () nanog org>
Date: Tuesday, September 8, 2020 at 4:47 AM
To: Mike Hammett <nanog () ics-il net>, NANOG <nanog () nanog org>
Subject: Re: Consolidation of Email Platforms Bad for Email?

I'm sure Dave Crocker has thoughts about this, but it has come up elsewhere.  There are both positives and negatives 
about having such a consolidation.  The positive is that it a small club can establish ground rules for how they will 
handle various forms of attacks, including BGP hijacking, DKIM, SPF, and other forms of validation to identify 
fraudulent mail, etc.  Also, if you have a whole lot of postfixes and sendmails running around, that's a whole lot of 
code to patch when things go wrong.  A small number of MSPs can devote a lot of time and paid eyes on code.  They can 
also very quickly spot new attack trends.



On the other hand, that means that it becomes difficult to become a new entrant, because one doesn't easily get one's 
mail accepted.  Lots of grey/blacklisting (forgive the use of the term).  Also, when one of those systems fails, it 
takes down a vast number of customers.  Furthermore, it represents a massive concentration of private information that 
can be monetized.



Eliot


On 08.09.20 00:27, Mike Hammett via NANOG wrote:
I originally asked on mailops, but here is a much wider net and I suspect there's a lot of overlap in interest.


I had read an article one time, somewhere about the ongoing consolidation of e-mail into a handful of providers was bad 
for the Internet as a whole. It was some time ago and thus, the details have escaped me, so I was looking to refresh my 
recollection.

Have any of you read a similar article before? If so, can you link me to it?



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

[https://www.gore.com/sites/g/files/ypyipe116/files/2017-03/Gore_logo_0.png]

This email may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have 
received this email in error, you are hereby notified that any review, copying or distribution of it is strictly 
prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.