Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:17:03 JST Jan Schaumann

Who reads your email? Ok, ok, nobody does. Even you don't want to, I know. But... who _could_?
A 🧵 about centralization of MX records across gTLDs:

In conversation Saturday, 11-Mar-2023 01:17:03 JST from mstdn.social permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:42 JST Jan Schaumann
  in reply to
  
  Google and Microsoft together handle over 60% of the Top 1M domains' mails!
  Many other domains use service provides such as Proofpoint, Barracuda Networks, or Cisco / IronPort, but those may of course only sit in front of Google and Microsoft's mail servers as well.
  In conversation Saturday, 11-Mar-2023 01:16:42 JST permalink
  Attachments
  1. A pie chart showing Google: 41.1% Microsoft: 19.6% Yandex: 4.1% Proofpoint: 3.3% Mimecast: 2.7% Tencent QQ: 2.0% Namecheap: 1.9% GoDaddy: 1.6% Barracuda Networks: 1.2% Zoho: 1.1% Amazon AWS: 1.0% Rackspace: 0.9% Cisco IronPort Hosted MX: 0.8% VK / Mail.ru Group: 0.7% OVH: 0.7% SiteGround: 0.7% Beget LLC: 0.6%
    https://media.mstdn.social/media_attachments/files/109/996/968/899/543/012/original/092fd6f6274b528a.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:44 JST Jan Schaumann
  in reply to
  
  For those 1 million domains, we find around 433K distinct MX servers in 230K domains. The top 20 mail server domains there are:
  In conversation Saturday, 11-Mar-2023 01:16:44 JST permalink
  Attachments
  1. 01. 138 K google.com. Google 02. 94 K outlook.com. Microsoft 03. 59 K googlemail.com. Google2 04. 15.8 K yandex.net. Yandex LLC 05. 13 K mimecast.com. Mimecast Limited 06. 12.8 K pphosted.com. Proofpoint, Inc. 07. 9.5 K qq.com. Tencent QQ 08. 9.2 K registrar-servers.com. Namecheap 09. 8 K secureserver.net. GoDaddy Hosted Mail 10. 5.7 K barracudanetworks.com. Barracuda Networks 11. 5.5K K zoho.com. Zoho Corporation 12. 4.7 K amazonaws.com. Amazon Web Services, Inc. 13. 4.4 K emailsrvr.com. Rackspace Technology 14. 4.1 K yandex.ru. Yandex LLC 15. 3.7 K iphmx.com. Cisco IronPort Hosted MX 16. 3.5 K mail.ru. VK / Mail.ru Group 17. 3.5 K ovh.net. OVH / OVH Groupe SAS 18. 3.4 K mailspamprotection.com. SiteGround 19. 3 K ppe-hosted.com. Proofpoint, Inc. 20. 3 K beget.com. Beget LLC
    https://media.mstdn.social/media_attachments/files/109/996/962/917/443/281/original/3e9399e4bea66107.png
  Adrian Cochrane repeated this.
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:45 JST Jan Schaumann
  in reply to
  
  But all that is for _all_ gTLD domains, which includes millions of parked domains, typo-squatting and spam domains, etc.
  What if we look at the Top 1M domains?
  Let's pull the list from https://tranco-list.eu/...
  In conversation Saturday, 11-Mar-2023 01:16:45 JST permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    A research-oriented top sites ranking hardened against manipulation - Tranco
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:46 JST Jan Schaumann
  in reply to
  
  We can combine some of the domains by company or parent organization to find that Google takes the lion's share of domains with about 34%, GoDaddy around 14%, Namecheap 13.5%, and Microsoft trailing behind with about 4.7%
  In conversation Saturday, 11-Mar-2023 01:16:46 JST permalink
  Attachments
  1. A pie chart showing Google (34%), GoDaddy (14%), Namecheap (13.5%), Microsoft (4.7%) and misc other domains
    https://media.mstdn.social/media_attachments/files/109/996/951/301/718/842/original/e1549a0b51505da7.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:47 JST Jan Schaumann
  in reply to
  
  Now many domains that include alt1.aspmx.l.google.com. as an MX will likely also include alt2.aspmx.l.google.com., so let's flatten these numbers by MX domain frequency, which breaks down our data set to 21 million unique domains.
  The top 20 are:
  In conversation Saturday, 11-Mar-2023 01:16:47 JST permalink
  Attachments
  1. 01. 46.7 M google.com. Google 02. 22.5 M secureserver.net. GoDaddy Hosted Mail 03. 19.7 M registrar-servers.com. Namecheap 04. 7.4 M outlook.com. Microsoft 05. 6.9 M googlemail.com. Google2 06. 3.4 M ovh.net. OVH / OVH Groupe SAS 07. 2.4 M mailspamprotection.com. SiteGround 08. 1.8 M hostedemail.com. Tucows / OpenSRS 09. 1.7 M 1and1.com. IONOS / United Internet AG 10. 1.6 M zoho.com. Zoho Corporation 11. 1.6 M jellyfish.systems. Namecheap 12. 1.3 M one.com. One.com 13. 1.3 M qq.com. Tencent QQ 14. 1.2 M ionos.com. IONOS / United Internet AG 15. 1 M gandi.net. Gandi SAS / Your.Online 16. 1 M rzone.de. Strato AG / United Internet AG 17. 992 K kundenserver.de. IONOS / United Internet AG 18. 973 K 123-reg.co.uk. 123 Reg 19. 835 K h-email.net Unknown / parked domains?3 20. 765 K oxcs.net EuroDNS / Datacenter Group
    https://media.mstdn.social/media_attachments/files/109/996/945/216/033/172/original/3281df895920b0f1.png
  Adrian Cochrane repeated this.
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:48 JST Jan Schaumann
  in reply to
  
  The top 20 most frequently used mail servers I found are:
  In conversation Saturday, 11-Mar-2023 01:16:48 JST permalink
  Attachments
  1. 01. 10.3 M mailstore1.secureserver.net. GoDaddy Hosted Mail 02. 10.3 M smtp.secureserver.net. 03. 9.6 M aspmx.l.google.com. Google 04. 9.5 M alt1.aspmx.l.google.com. 05. 9.5 M alt2.aspmx.l.google.com. 06. 6.7 M alt3.aspmx.l.google.com. 07. 6.7 M alt4.aspmx.l.google.com. 08. 3.9 M eforward1.registrar-servers.com. Namecheap 09. 3.9 M eforward5.registrar-servers.com. 10. 3.9 M eforward4.registrar-servers.com. 11. 3.9 M eforward2.registrar-servers.com. 12. 3.9 M eforward3.registrar-servers.com. 13. 2.7 M aspmx2.googlemail.com. Google2 14. 2.7 M aspmx3.googlemail.com. 15. 1.1 M mx3.mail.ovh.net. OVH / OVH Groupe SAS 16. 804 K mx01.1and1.com. IONOS / United Internet AG 17. 802 K mx00.1and1.com. 18. 793 K mx4.mail.ovh.net. OVH / OVH Groupe SAS 19. 784 K mail.h-email.net. Unknown / parked domains?3 20. 784 K smtpin.rzone.de. Strato AG / United Internet AG
    https://media.mstdn.social/media_attachments/files/109/996/936/451/588/262/original/67053967e4b407bd.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:49 JST Jan Schaumann
  in reply to
  
  But ok, let's look at the domains with reasonable MX records: of the 30 million unique servers found, almost 98% are globally unique.
  Of the other 380K mail servers, around 2K appear more than 1,000 times.
  
  In conversation Saturday, 11-Mar-2023 01:16:49 JST permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:50 JST Jan Schaumann
  in reply to
  
  ...and then there's my favorite, where somebody just went "go give my mail to Cisco, and if that doesn't work out, try Microsoft, Intel, Google, Yahoo... whatever":
  In conversation Saturday, 11-Mar-2023 01:16:50 JST permalink
  Attachments
  1. Terminal screenshot showing output of $ host -t mx moshelasky.net moshelasky.net mail is handled by 100 mail.digicert.com. moshelasky.net mail is handled by 40 mail.moshelasky.net. moshelasky.net mail is handled by 100 mail.thunderbird.com. moshelasky.net mail is handled by 100 mail.windows.com. moshelasky.net mail is handled by 90 mail.pirisoft.com. moshelasky.net mail is handled by 80 mail.grc.com. moshelasky.net mail is handled by 30 mail.moshelasky.com. moshelasky.net mail is handled by 100 mail.yahoo.com. moshelasky.net mail is handled by 20 mail.outlook.com. moshelasky.net mail is handled by 60 mail.microsoft.com. moshelasky.net mail is handled by 50 mail.intel.com. moshelasky.net mail is handled by 100 mail.walla.co.il. moshelasky.net mail is handled by 70 mail.facebook.com. moshelasky.net mail is handled by 100 mail.mailchimp.com. moshelasky.net mail is handled by 100 mail.google.com. moshelasky.net mail is handled by 100 mail.noip.com. moshelasky.net mail is handled by 10 mail.cisco.com. $
    https://media.mstdn.social/media_attachments/files/109/996/925/603/034/698/original/c7c9f43591e35fa8.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:51 JST Jan Schaumann
  in reply to
  
  There are a number of misconfigured records, including non-fqdn RRs that presumably were accidentally added with a trailing dot...
  In conversation Saturday, 11-Mar-2023 01:16:51 JST permalink
  Attachments
  1. Terminal screenshot showing output of $ host -t mx dabafunk.xyz dabafunk.xyz mail is handled by 10 mail.dabafunk.xyz. dabafunk.xyz mail is handled by 0 smtp.dabafunk.xyz. dabafunk.xyz mail is handled by 1 smtp.wesak. dabafunk.xyz mail is handled by 1 smtp.bhargo. dabafunk.xyz mail is handled by 2 mail.bhargo. dabafunk.xyz mail is handled by 1 smtp.maitreya. dabafunk.xyz mail is handled by 2 mail.wesak. dabafunk.xyz mail is handled by 1 smtp.shamballa. dabafunk.xyz mail is handled by 2 mail.maitreya. $ host smtp.bhargo.dabafunk.xyz smtp.bhargo.dabafunk.xyz has address 113.30.149.72 $ host -t mx trustedomain.com trustedomain.com mail is handled by 10 imtatest2. trustedomain.com mail is handled by 5 imta23. trustedomain.com mail is handled by 10 imtat2. trustedomain.com mail is handled by 5 imta14. trustedomain.com mail is handled by 5 imta1. trustedomain.com mail is handled by 5 imta10. trustedomain.com mail is handled by 0 mx.zoho.com. trustedomain.com mail is handled by 5 imta13. trustedomain.com mail is handled by 5 imta7. trustedomain.com mail is handled by 5 imta3. trustedomain.com mail is handled by 5 imta2. trustedomain.com mail is handled by 5 imta16. trustedomain.com mail is handled by 5 imta4. trustedomain.com mail is handled by 5 imta19. trustedomain.com mail is handled by 5 imta6. trustedomain.com mail is handled by 5 imta12. trustedomain.com mail is handled by 5 imta27. trustedomain.com mail is handled by 5 imta28. trustedomain.com mail is handled by 5 imta9.
    https://media.mstdn.social/media_attachments/files/109/996/919/526/495/771/original/2ec01ff2f4ae2904.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:52 JST Jan Schaumann
  in reply to
  
  gaodong.com is another outlier: 123 MX records with 117 distinct priorities!
  In conversation Saturday, 11-Mar-2023 01:16:52 JST permalink
  Attachments
  1. Terminal screenshot showing output of $ host -t mx gaodong.com | more gaodong.com mail is handled by 116 test18.gaodong.com. gaodong.com mail is handled by 50 akola.gaodong.com. gaodong.com mail is handled by 120 test188.gaodong.com. gaodong.com mail is handled by 34 bingo.gaodong.com. gaodong.com mail is handled by 110 vivian18.gaodong.com. gaodong.com mail is handled by 44 way60420.gaodong.com. gaodong.com mail is handled by 200 931214.gaodong.com. gaodong.com mail is handled by 161 happymei.gaodong.com. gaodong.com mail is handled by 281 joanlin.gaodong.com. gaodong.com mail is handled by 122 test80.gaodong.com. gaodong.com mail is handled by 218 shanelee.gaodong.com. gaodong.com mail is handled by 169 torls.gaodong.com. gaodong.com mail is handled by 295 try106.gaodong.com. gaodong.com mail is handled by 96 alee.gaodong.com. gaodong.com mail is handled by 222 vivian72.gaodong.com. gaodong.com mail is handled by 40 utsvr188.gaodong.com. gaodong.com mail is handled by 303 try103.gaodong.com. gaodong.com mail is handled by 278 ivip.gaodong.com. gaodong.com mail is handled by 66 tysh.gaodong.com. gaodong.com mail is handled by 60 ut189.gaodong.com. gaodong.com mail is handled by 224 twss.gaodong.com. gaodong.com mail is handled by 32 chenyan.gaodong.com. gaodong.com mail is handled by 152 pillar.gaodong.com. gaodong.com mail is handled by 56 joe.gaodong.com. gaodong.com mail is handled by 232 phpbb.gaodong.com. gaodong.com mail is handled by 224 vivian188.gaodong.com.
    https://media.mstdn.social/media_attachments/files/109/996/912/838/282/677/original/7eaa8350a7bb3ad0.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:53 JST Jan Schaumann
  in reply to
  
  The ever so aptly named everymailbox.com domain has 398 MX records, whiteinbox.net has 253, and rm02.net has 235.
  All of these MX records have the same priority, suggesting they are trying to aim for some DNS round-robin load balancing here.
  In conversation Saturday, 11-Mar-2023 01:16:53 JST permalink
  Attachments
  1. Terminal screenshot showing $ host -t mx everymailbox.com | wc -l 398 $ host -t mx everymailbox.com | more everymailbox.com mail is handled by 10 mx305.everymailbox.com. everymailbox.com mail is handled by 10 mx56.everymailbox.com. everymailbox.com mail is handled by 10 mx93.everymailbox.com. everymailbox.com mail is handled by 10 mx348.everymailbox.com. everymailbox.com mail is handled by 10 mx259.everymailbox.com. everymailbox.com mail is handled by 10 mx213.everymailbox.com. everymailbox.com mail is handled by 10 mx105.everymailbox.com. everymailbox.com mail is handled by 10 mx427.everymailbox.com. everymailbox.com mail is handled by 10 mx141.everymailbox.com. everymailbox.com mail is handled by 10 mx140.everymailbox.com. everymailbox.com mail is handled by 10 mx381.everymailbox.com. everymailbox.com mail is handled by 10 mx334.everymailbox.com. everymailbox.com mail is handled by 10 mx405.everymailbox.com. everymailbox.com mail is handled by 10 mx126.everymailbox.com. everymailbox.com mail is handled by 10 mx397.everymailbox.com. everymailbox.com mail is handled by 10 mx270.everymailbox.com. everymailbox.com mail is handled by 10 mx111.everymailbox.com. everymailbox.com mail is handled by 10 mx442.everymailbox.com. everymailbox.com mail is handled by 10 mx333.everymailbox.com. everymailbox.com mail is handled by 10 mx200.everymailbox.com. everymailbox.com mail is handled by 10 mx21.everymailbox.com.
    https://media.mstdn.social/media_attachments/files/109/996/903/703/744/551/original/bc592d1480763e22.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:54 JST Jan Schaumann
  in reply to
  
  Now let's take a look at the ~40% (approximately 81 million) of domains _with_ MX records.
  Most domains have between one and five mail exchange records, but of course there are outliers: a few hundred domains have >10 MX records, and some domains even have over 100!
  
  In conversation Saturday, 11-Mar-2023 01:16:54 JST permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:55 JST Jan Schaumann
  in reply to
  
  Some (1.5 million) domains set their MX to "localhost", but there's a much better way to signal that you don't want any mail: you set the "Null MX" record ("0 ."), specified in RFC7505.
  This approach is used by roughly 2 million domains.
  
  In conversation Saturday, 11-Mar-2023 01:16:55 JST permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:56 JST Jan Schaumann
  in reply to
  
  Reversing those bare domain IPs again, we can guess what services handle default domain parking:
  28.8 million are under amazonaws.com., awsglobalaccelerator.com., and cloudfront.net.; 18 million under Google's 1e100.net. and googleusercontent.com.
  
  In conversation Saturday, 11-Mar-2023 01:16:56 JST permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:57 JST Jan Schaumann
  in reply to
  
  In that case, SMTP assumes an "implicit MX" and attempts to deliver the mail to the IP address (if any) of the bare domain name.
  Of the 119 million domains without an MX record, 76 million (64%) do have an IP address, meaning they could at least theoretically receive mail.
  
  In conversation Saturday, 11-Mar-2023 01:16:57 JST permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:58 JST Jan Schaumann
  in reply to
  
  Looking up MX records for 203 million domains yielded around 30 million unique MX servers in around 21 million second-level domains.
  But not every domain has an MX record. In fact, 119 million (58% of all) domains are lacking MX records.
  
  In conversation Saturday, 11-Mar-2023 01:16:58 JST permalink
  
  Adrian Cochrane repeated this.
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:16:59 JST Jan Schaumann
  in reply to
  
  A single domain may of course have multiple MX records which may or may not be in the same domain (which itself may or may not be within the original domain):
  In conversation Saturday, 11-Mar-2023 01:16:59 JST permalink
  Attachments
  1. Terminal output showing DNS lookups: $ dig +short mx netmeister.org 50 panix.netmeister.org. $ dig +short mx akamai.com 20 mx0b-00190b01.pphosted.com. 10 mxa-00190b01.gslb.pphosted.com. 10 mxb-00190b01.gslb.pphosted.com. 20 mx0a-00190b01.pphosted.com. $ dig +short mx twitter.com 30 ASPMX3.GOOGLEMAIL.com. 20 alt1.aspmx.l.google.com. 10 aspmx.l.google.com. 30 ASPMX2.GOOGLEMAIL.com. 20 alt2.aspmx.l.google.com. $ dig +short mx whynot.coffee 10 mailin.mx-hub.cz. 10 mailin.mx-hub.eu. 10 mailin.mx-hub.sk. 10 mailin.mx-hub.net.
    https://media.mstdn.social/media_attachments/files/109/996/867/734/803/609/original/9f7cd4925a8e4688.png
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:17:00 JST Jan Schaumann
  in reply to
  - ISC.org
  With a fresh copy of 1169 gTLD zone files courtesy of #ICANN's Centralized Zone Data Service at https://czds.icann.org/, I went to work hitting my little @iscdotorg bind9 resolver and looked up MX records.
  All of them.
  In conversation Saturday, 11-Mar-2023 01:17:00 JST permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Sign In | Centralized Zone Data Service
    
    Sign in to Centralized Zone Data Service
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:17:01 JST Jan Schaumann
  in reply to
  
  It used to be common for domain operators to run their own mail servers, but doing that is actually hard. And what do we do when things are hard? We pay somebody else to do it for us. To the cloud!
  So I was wondering: how much is SMTP centralized in 2023?
  
  In conversation Saturday, 11-Mar-2023 01:17:01 JST permalink
- Jan Schaumann (jschauma@mstdn.social)'s status on Saturday, 11-Mar-2023 01:17:02 JST Jan Schaumann
  in reply to
  
  SMTP relies on MX records in the DNS to identify which server(s) it should hand the mail off to, and over 40 years after RFC722 was published, email is still cleartext.
  Together, this means that any receiving mail server can trivially read any message passing through.
  
  In conversation Saturday, 11-Mar-2023 01:17:02 JST permalink

Feeds