In many ways I see this similarly to the consolidation of browsers, but less consolidated. I think about the advantages and disadvantages of the prominence of Chrome (65%), Safari (20%), Firefox/Samsung/Edge/Opera/etc (15%). With Chrome we’ve seen Google move the browser and related standards forward through sheer marketshare. CSS/HTML/JS standards live and die by Chrome support and that’s both good and bad. They have made great and opinionated strides when it comes to SSL/TLS. For example, Google effectively killed Symantec’s certificate business because it was mismanaged. They also effectively got rid of EV certs and pushed secure-by-default web server design where HTTPS appeared normal, but warnings all over the place for non-encrypted connections. On the other hand, Google is fairly disliked in the privacy community and those communities prefer independent Firefox.

 

For email, I can see similar issues, mostly around security. If Microsoft were to decide security mechanism X is not worth the effort they can effectively decide to not implement it. What will internet users do, block all Microsoft email services? Conversely they could come up with their own security mechanisms and effectively force the rest of the world to adopt it. I do think centralization of email providers provides little potential for negative impact aside from operational issues. For example, outages probably have a wider impact due to number of users, but I can’t realistically see a scenario where Microsoft/Google does something “bad” with their email platform that affects the rest of the ecosystem.

 

Caesar Kabalan

 

From: NANOG <nanog-bounces+ckabalan=wlgore.com@nanog.org>
Date: Tuesday, September 8, 2020 at 4:47 AM
To: Mike Hammett <nanog@ics-il.net>, NANOG <nanog@nanog.org>
Subject: Re: Consolidation of Email Platforms Bad for Email?

I'm sure Dave Crocker has thoughts about this, but it has come up elsewhere.  There are both positives and negatives about having such a consolidation.  The positive is that it a small club can establish ground rules for how they will handle various forms of attacks, including BGP hijacking, DKIM, SPF, and other forms of validation to identify fraudulent mail, etc.  Also, if you have a whole lot of postfixes and sendmails running around, that's a whole lot of code to patch when things go wrong.  A small number of MSPs can devote a lot of time and paid eyes on code.  They can also very quickly spot new attack trends.

 

On the other hand, that means that it becomes difficult to become a new entrant, because one doesn't easily get one's mail accepted.  Lots of grey/blacklisting (forgive the use of the term).  Also, when one of those systems fails, it takes down a vast number of customers.  Furthermore, it represents a massive concentration of private information that can be monetized.

 

Eliot

 

On 08.09.20 00:27, Mike Hammett via NANOG wrote:

I originally asked on mailops, but here is a much wider net and I suspect there's a lot of overlap in interest.

 

 

I had read an article one time, somewhere about the ongoing consolidation of e-mail into a handful of providers was bad for the Internet as a whole. It was some time ago and thus, the details have escaped me, so I was looking to refresh my recollection.

 

Have any of you read a similar article before? If so, can you link me to it?

 



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

 

This email may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this email in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.