On Thu, Jan 19, 2012 at 09:16:34PM -0800, Ori Bani wrote: > I am evaluating a potential move of a mail server from a dedicated > server to a cloud-based server instance. I am trying to research > the cons (I am comfortable with the pros) of doing so. > > From what I can tell, we have to consider possible performance > issues (e.g., I/O contention), although if you find a provider with > a good infrastructure/design or can afford to buy enough resources, > this can be minimized. > > However, the issue that strikes me as the most serious (being > somewhat out of our control and dependent on people and factors > that aren't all that transparent) is that one might find the server > in a Bad Neighborhood.
Deliverability is mostly about IP reputation. One aspect that is in your control is to choose a provider which is active in fighting spammers from within their network. That will tend to avoid the "bad neighborhood" escalation issue, and mean that only individual spamming IP addresses in your cloud would be listed. Of course, more aggressive DNSBLs are going to escalate anyway. A good provider should also be vetting new customers who want to send mail from the cloud, because clouds fit in so perfectly with the spammer's goal. > This was covered almost a year and a half ago on this list > already: > > http://marc.info/?t=128115967300001&r=1&w=2 > > But I am starting a new thread because a year and a half is a > long time and because I think there have been some developments > in regard to this issue of RBLs and cloud providers-- Things change, but the basics remain: IP reputation is important, DNSBLs are independent and unaffiliated with one another, receiver sites even more so (and unlike major DNSBLs, even less likely to maintain communication with other receivers.) Shameless plug: http://new-spam-l.com/ , the spammers.dontlike.us (SDLU) mailing list, exists for ongoing discussion of spam fighting and related matters. > Amazon is the well-known example of a cloud provider that wound > up on at least one prominent RBL which caused a lot of grief. > I'm under the impression that they have taken measures to deal > with this problem, although I haven't seen the details of this > except in the form of some forum posts that suggest that they > have separated their dynamically allocated netblocks from a > pool of IP addresses that are tied to customer accounts in a > static manner. > > This seems like a reasonable solution to that problem, but I'm > not 100% sure that that's what they've done OR that it has > proved to be a good fix. Obviously it is difficult to establish IP reputation when the IP might change. Additionally, while dynamic reverse DNS is simple enough to do, forward confirmation of those PTR names in DNS zones which might not be under the control of the cloud provider can be very difficult to do. > We aren't considering Amazon and would like to use a different > cloud hosting provider, but it's very difficult to tell what > providers have dealt with this problem (or if it is a problem at > all -- some people (see below) contend that it isn't an issue, > but I don't think they understand how Bad Neighborhoods affect > MTAs around them). Indeed, email concepts are widely misunderstood, even by many practitioners, unfortunately. For accurate, solid deliverability advice, consider hiring a deliverability consultant. > I have been participating in a forum thread in a cloud hosting- > specific subforum where I thought I could get some good feedback, > but instead I've ended up having to explain and re-explain why > ranges of addresses that are somewhat frequently reassigned can be > bad news for anyone attempting to run a mail server. (I'd be > thrilled to have one of the experts from here come and do a better > job of explaining it than I have!!) I suggest going to a better forum such as SDLU, where real receivers and ESP/deliverability people are available. snip > So is there anyone out there who runs a mail server from a > cloud-based server? (non-Amazon as well as Amazon) > > Can anyone here shed any light on the current state of cloud > providers and RBLs and/or dynamic netblock lists (and what has > been done to help remedy such issues)? You seem to have a basic grasp of the real issues. You can use that in consultation with prospective cloud providers. If they let you talk to the abuse desk, and you find that THEY are doing the explaining to YOU, consider that a Good Sign. A cloud provider without a good, email-fluent abuse desk is likely to have trouble. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
