On 08.09.20 16:59, Matt Harris wrote:

The positive is that it a small club can establish ground rules for how they will handle various forms of attacks, including BGP hijacking, DKIM, SPF, and other forms of validation to identify fraudulent mail, etc.  [...] They can also very quickly spot new attack trends.

In theory, but the current state of what's coming out of sendgrid implies otherwise.

It's not theory but history.  They have spotted those sorts of trends quickly in the past (see below).  They may not tell you they have spotted the trends.

Once you get into that small club, it's just as hard to get kicked out, and unfortunately that means that if abuse, UCE, etc is coming from those hosts, they've got an even higher chance of hitting your inbox.

This depends on the nature of the incident, but if their evil bit gets set and if their size is Size XL, then it is indeed hard to give them the boot.

So while in theory it might work the way you're thinking, in practice it hasn't because once you are in that club, a lot of the financial motivation to prevent abuse of your service - that is, inbox deliverability for your client base - goes away.

I disagree, but we aren't going to debate incentive models here.  Suffice it to say that the big guys spending money on this, as they do, belies your point.  A good example was one such very large provider tracking hijacked BGP announcements and then releasing that information to shut down a huge swathe of sources all at once.

However...

That deliverability isn't likely to change for the negative on any scale that you care about once you're "in". But to be "in" you have to be at a huge scale. The small players are the ones who get hurt, and spam still gets through just fine only now via different means.

Yes.  That was why I said that there is good and bad.  Were we to take this to extremes, we see why FB can curate their messages and keep spam to a bear minimum, as they really do control the horizontal and the vertical (two sided market).


Also oligopolies in general are bad for everyone except the owners thereof and should be discouraged on principle. 

Not that I disagree (this comes to you by way of my dinky little VM), but that's not the topic at hand.

Eliot