 |
Initially tonight I was planning to write a bit about the need to improve email services in terms of scalability, redundancy, and performance given today's demanding environment and increasing email volume. As I was thinking about how to approach such a topic, it became clear to me after a moment of cat inspired meditation, that this was a pretty broad topic to try to cover in one post. (In case you were wondering, cat inspired meditation can happen when the cat has wandered across one's power strip button. At this time, one may find herself on her hands and knees, under the desk, thinking about life and small fur hats.) So I started thinking about email volume. After returning from under the desk, I ran across many websites predicting that email volume will only be increasing more in the next few years. Every day more and more businesses depend on email communication. More and more people receive electronic billing statements, use email based support, get email confirmations for online purchases, and so on. However, what really struck me was how many websites are predicting that beyond this, a big problem in the future of email will have to do with increasing attachment sizes. More and more people and businesses want to use email to send each other videos, large presentations, PDF manuals, software demos, and so on. Some websites predict that soon people may well expect to be able to send 200MB attachments, or possibly larger, via email. I have started to see this more and more lately myself. At @Mail, we regularly have requests from customers for ways to tune the system so that they can send larger attachments than the default of 16MB. Also, many of the companies that I have consulted for have requested large attachment support. This is a huge nightmare from an administrative point of view for many reasons. Here are just a few, but the list goes on and on (really, I could rant about this for hours.) - Email is really not designed to be effective as a large file transportation system. It was not built for this, and no one who writes SMTP servers is interested in changing this, for many good reasons.
- Sending a large attachment, especially to a lot of people, generates a huge amount of load on an internal network.
- Often, a mail server will time-out before an attachment of a very large size can be sent, either at the sending, or at the receiving end.
- Most mail servers out there have limits to attachment sizes for incoming messages, so even if you allow and tune your systems so that users can send large attachments, the mail may be rejected.
- The sender may inconvenience a receiving party who is on a limited speed connection trying to download their email, especially if that person is paying on a per bandwidth basis.
- If the mail server accepts really large attachments, it becomes massively vulnerable to DOS attacks.
Despite all of this, many businesses still really want to have some way to email around large files, and do not want to bother with setting up an FTP site, or some other sort of secure file sharing tool. You can explain to people why this is a bad idea until you are blue in the face, but it does not change the fact that from a user-friendly point of view, people would really like the process of sending a file to be as simple as putting it in an email message. A few companies are now starting to provide appliance solutions that sound like a nice way to strike a compromise that will keep end users happy, and avoid all of the problems of sending huge email attachments. These appliances essentially grab large attachments from emails after the user has sent them, and replace them with a secure download link, so that the email going out is just a link that the receiver can click on to download the attachment. All this happens transparently to the sending users, and makes it really easy for everyone involved. Accellion and Intradyn are examples of companies selling such appliances, but I am sure there are others. I did some more searching, but so far have not found any open source software solutions that someone could put to use to accomplish this task yet. It would not be that difficult of a thing to do with a SMTP proxy and some exciting plugins, or possibly even with a simple script that messages get sent to when they are over the attachment limit set in the MTA. Hopefully I will have the time to look into this further myself, as I think this would be a great solution for many of my clients. And if anyone reading has already done this, it would be great to hear from you. My cat and I would be very grateful. Leah
Leah, here, reporting from the Great White North (which is currently somewhat rainy and less white that usual.) Today I would like to say a few words about email systems and small business. As a consultant, I have worked with a number of small businesses who are still running servers, often sitting behind DSL or cable Internet connections, to host their own email. Usually this happens for one of the following two reasons: - Legacy : Often small businesses have their own email systems, well, because they have always had their own email systems.
- Control : There is a feeling of control over the email traffic coming into and out of the site.
I realize that I am mostly speaking to a hosting community here, so you may well be wondering where I am going with this. To put it in a nutshell, it is my opinion that most small businesses should run, not walk, to a hosting provider and get their email hosted by a responsible third party. I hope that my perspective as a consultant may provide hosting providers some useful ideas to market email hosting services to the small business. Also I hope to provide insight into what the small business may be looking for, to provide inspiration to email hosts. Over the years, I have helped many small businesses set up their own email servers, manage spam, and customize them to fit their environments. Eventually, I have helped nearly every customer I have dealt with to move to a larger email hosting provider. Here are the reasons why: - Cost : The reality is, that it is a good deal cheaper to pay someone else to deal with spam, security, hardware, and other issues these days, then it is for a small business to have to hire a consultant to come in and deal with every singled small support issue, every hardware failure, every upgrade, etc.
- Reliability : A larger host is able to provide redundant servers, off-site backup, and fail-over paths that would simply not be possible for a small business to emulate. The average small business' email recovery plan involves everyone using a Gmail account until the system is back online.
- Spam Control : A small business is generally not in a position to keep up with the constant updates and tweaks needed to keep ahead of the latest spamming and virus pushers.
In order to maintain a decent quality of service level, the average small business is well advised to move to a managed email solution, provided by a third party. This is pretty obvious. But the reality is, there are still a huge number of small businesses out there that are not willing to make this leap, despite it's obvious benefits. The previously mentioned arguments should take care of most of the small businesses that are still running their own email for legacy reasons. But what about the other companies? Now we come to the issue of control. The email hosting company that can give the client a good feeling of control over what is happening is going to really be able to win in this market. People want to be able to add, disable, delete, and otherwise manage email accounts within their company themselves. People want to be able to say that their employees can not use email during certain hours, or possibly that they cannot send email to certain domains. People want to be able to have an archive account where all email in and out of their domain is logged, so that it can be reviewed. To many of us, this level of control may seem strange, or even illegal, but these are features that would really make the difference for the average small business owner when he considers making the jump to hosted email.
Alternate title : Making Sure your Email Services are up to Date with RFC Standards Greetings from the Great White North! This is Leah Kubik, hailing from Canada. Welcome to our first blog posting! I say "our" not (as you may suppose) because I am suffering from the belief that there is actually more than one of me. This blog will be shared by Jason Brown, a fellow co-worker of mine, and myself. Jason and I will be posting alternately, in attempt to bring mind blowing Email hosting thoughts to you on a regular basis. If you would like to read more about who we are and what we do, please do check out our profile on this site. So, without further ado, let's move on to the main topic for today. These days, it seems like every week, large and small Email hosts are having to tighten the screws on their email servers just a little bit more in order to battle against spam and viruses. Generally speaking, having more servers out there tightening their security and policies is a good thing, but if you do not follow some basic precautions on your own mail server(s), valid email from your hosted email domains may start to be flagged as spam, returned, or you may even become blacklisted if your servers are not RFC compliant. Essentially, if your servers do not comply to the various standards surrounding how an SMTP server is supposed to function and be configured, an angry mob of clients awaits you (assuming they are not already beating down your door.) Why must we be RFC compliant, you may ask? You must comply (insert robot voice here) because most spammers do not. Spammers function by using quick and dirty setups, and by taking advantage of scripts, trojan horses, and any other number of nasty tricks. Because of this, spammers will send email from servers that are often very outdated, or from scripts that simulate SMTP sessions. The spam and virus sources of the world are, for the most part, much more concerned about quantity than they are about quality. Thus, you can distinguish yourself and appear less and less likely to be a spam host to others, by focusing on quality. The easiest way others can identify spam is by determining that the sending end is doing something that a modern SMTP service is not supposed to do. Thus, by being standards compliant, you will be less likely to be mistaken for a spammer. Here is my list of seven things that you can, and should, do: DNS : Check http://dnsreport.com for domains that you host. Having your DNS correctly configured for each domain is vitally important! Many email servers will reject mail from your server entirely if your DNS is incorrectly configured. This tool will also check the mail server for the domain with a few basic tests for obvious issues. SPF : Publish an SPF record in DNS. Many major mail services will automatically flag emails from domains that do not have an SPF record as spam or potential spam. You can find out more about how to do this at http://en.wikipedia.org/wiki/Sender_Policy_Framework and http://openspf.org . If at first you don't succeed, try, try again : Make sure that your mail server will try to send again if it gets a failure the first time. Many mail servers use greylisting (http://en.wikipedia.org/wiki/Greylisting), and will not ever let a message through on the first try. If you configure your mail server to fail after one try (possibly to reduce server load) or your SMTP service does not properly handle retries, it is not RFC compliant. http://tools.ietf.org/html/rfc2821#section-4.5.4 Update : Ensure that your mail servers have updated and patched operating systems, as well as that the actual SMTP service or daemon that you use is updated or patched as well. Not only will this protect you from security holes, but older mail software is often not standards compliant and will cause problems. Do not trust your users : Scan outgoing messages from your server for spam and virus issues. Block messages going outbound that score too high. Limit sending to huge recipient lists. Many people implicitly trust all of their users and do not check their outgoing messages. Unfortunately, accounts are easily compromised due to weak user passwords and viruses. It is all too easy for a mail user to unwittingly send spam and viruses. If you allow to much spam out from your own servers, no matter how valid they are, you will find yourself turning up on blacklists. Usually these blocks are temporary, unless you never do anything about the problem. If the blocks do not go away after making your changes, you will have to spend countless hours trying to contact the blacklist sites that have you listed and working with them to resolve these blocks. They will probably refuse to unblock you if you are continuing to allow spam out from your mail server. Abuse and Postmaster email : Make sure that for each email domain you host, you have both an abuse@example.com address defined and a postmaster@example.com. These addresses must actually go somewhere useful (such as to your support system or IT staff) so that other administrators can contact you if they find a problem that has to do with your domain. Open Source : Use an open source SMTP server. Often proprietary software is not RFC compliant, because no one can easily fix small problems. Also, with proprietary software, people often do not upgrade to newer versions as often as they should, because there is a cost associated with each service pack (in many cases.) In general, open source mail servers tend to be more secure, up to date, and standards compliant. If you must go with a proprietary solution, find out from the sales representative what testing the product has gone under to prove it's RFC compliance, and if they have a guide for configuring the server service so that it is compliant.
There are many more things that you can do, but these steps should help point you in the right direction. If you don't know what the proper setting is for something, you can always check and see if the RFC has a recommendation for it: http://tools.ietf.org/html/rfc2821 Happy improving! System administrators around the world thank you.
| |
|
|
