In many ways I see this similarly to the consolidation of browsers, but less 
consolidated. I think about the advantages and disadvantages of the prominence 
of Chrome (65%), Safari (20%), Firefox/Samsung/Edge/Opera/etc (15%). With 
Chrome we’ve seen Google move the browser and related standards forward through 
sheer marketshare. CSS/HTML/JS standards live and die by Chrome support and 
that’s both good and bad. They have made great and opinionated strides when it 
comes to SSL/TLS. For example, Google effectively killed Symantec’s certificate 
business because it was mismanaged. They also effectively got rid of EV certs 
and pushed secure-by-default web server design where HTTPS appeared normal, but 
warnings all over the place for non-encrypted connections. On the other hand, 
Google is fairly disliked in the privacy community and those communities prefer 
independent Firefox.

For email, I can see similar issues, mostly around security. If Microsoft were 
to decide security mechanism X is not worth the effort they can effectively 
decide to not implement it. What will internet users do, block all Microsoft 
email services? Conversely they could come up with their own security 
mechanisms and effectively force the rest of the world to adopt it. I do think 
centralization of email providers provides little potential for negative impact 
aside from operational issues. For example, outages probably have a wider 
impact due to number of users, but I can’t realistically see a scenario where 
Microsoft/Google does something “bad” with their email platform that affects 
the rest of the ecosystem.

Caesar Kabalan

From: NANOG <nanog-bounces+ckabalan=wlgore....@nanog.org>
Date: Tuesday, September 8, 2020 at 4:47 AM
To: Mike Hammett <na...@ics-il.net>, NANOG <nanog@nanog.org>
Subject: Re: Consolidation of Email Platforms Bad for Email?

I'm sure Dave Crocker has thoughts about this, but it has come up elsewhere.  
There are both positives and negatives about having such a consolidation.  The 
positive is that it a small club can establish ground rules for how they will 
handle various forms of attacks, including BGP hijacking, DKIM, SPF, and other 
forms of validation to identify fraudulent mail, etc.  Also, if you have a 
whole lot of postfixes and sendmails running around, that's a whole lot of code 
to patch when things go wrong.  A small number of MSPs can devote a lot of time 
and paid eyes on code.  They can also very quickly spot new attack trends.



On the other hand, that means that it becomes difficult to become a new 
entrant, because one doesn't easily get one's mail accepted.  Lots of 
grey/blacklisting (forgive the use of the term).  Also, when one of those 
systems fails, it takes down a vast number of customers.  Furthermore, it 
represents a massive concentration of private information that can be monetized.



Eliot


On 08.09.20 00:27, Mike Hammett via NANOG wrote:
I originally asked on mailops, but here is a much wider net and I suspect 
there's a lot of overlap in interest.


I had read an article one time, somewhere about the ongoing consolidation of 
e-mail into a handful of providers was bad for the Internet as a whole. It was 
some time ago and thus, the details have escaped me, so I was looking to 
refresh my recollection.

Have any of you read a similar article before? If so, can you link me to it?



-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

[https://www.gore.com/sites/g/files/ypyipe116/files/2017-03/Gore_logo_0.png]

This email may contain trade secrets or privileged, undisclosed or otherwise 
confidential information. If you have received this email in error, you are 
hereby notified that any review, copying or distribution of it is strictly 
prohibited. Please inform us immediately and destroy the original transmittal. 
Thank you for your cooperation.

Reply via email to