Notices by Jan Schaumann (jschauma@mstdn.social)

"Multinational corporations are destroying Earth for profit. If we want real change, we have to be willing to threaten those profits"

https://www.irishtimes.com/life-style/people/2024/11/23/sally-rooney-when-are-we-going-to-have-the-courage-to-stop-the-climate-crisis/

Every career path in tech:

"At this point in your career, your only possible promotion is to management, where you will stop doing the work you love and use a skill set you don’t have and we don’t teach."

https://www.newyorker.com/cartoon/a27374

Well done, Rolling Stone. That's how you write a headline. (And the rest of the obit brings more 🔥.)

https://www.rollingstone.com/politics/politics-news/henry-kissinger-war-criminal-dead-1234804748/

#kissinger

Who reads your email? Ok, ok, nobody does. Even you don't want to, I know. But... who _could_?

A 🧵 about centralization of MX records across gTLDs:

SMTP relies on MX records in the DNS to identify which server(s) it should hand the mail off to, and over 40 years after RFC722 was published, email is still cleartext.

Together, this means that any receiving mail server can trivially read any message passing through.

It used to be common for domain operators to run their own mail servers, but doing that is actually hard. And what do we do when things are hard? We pay somebody else to do it for us. To the cloud!

So I was wondering: how much is SMTP centralized in 2023?

With a fresh copy of 1169 gTLD zone files courtesy of #ICANN's Centralized Zone Data Service at https://czds.icann.org/, I went to work hitting my little @iscdotorg bind9 resolver and looked up MX records.

All of them.

A single domain may of course have multiple MX records which may or may not be in the same domain (which itself may or may not be within the original domain):

Looking up MX records for 203 million domains yielded around 30 million unique MX servers in around 21 million second-level domains.

But not every domain has an MX record. In fact, 119 million (58% of all) domains are lacking MX records.

In that case, SMTP assumes an "implicit MX" and attempts to deliver the mail to the IP address (if any) of the bare domain name.

Of the 119 million domains without an MX record, 76 million (64%) do have an IP address, meaning they could at least theoretically receive mail.

Reversing those bare domain IPs again, we can guess what services handle default domain parking:

28.8 million are under amazonaws.com., awsglobalaccelerator.com., and cloudfront.net.; 18 million under Google's 1e100.net. and googleusercontent.com.

Some (1.5 million) domains set their MX to "localhost", but there's a much better way to signal that you don't want any mail: you set the "Null MX" record ("0 ."), specified in RFC7505.

This approach is used by roughly 2 million domains.

Now let's take a look at the ~40% (approximately 81 million) of domains _with_ MX records.

Most domains have between one and five mail exchange records, but of course there are outliers: a few hundred domains have >10 MX records, and some domains even have over 100!

The ever so aptly named everymailbox.com domain has 398 MX records, whiteinbox.net has 253, and rm02.net has 235.

All of these MX records have the same priority, suggesting they are trying to aim for some DNS round-robin load balancing here.

gaodong.com is another outlier: 123 MX records with 117 distinct priorities!

There are a number of misconfigured records, including non-fqdn RRs that presumably were accidentally added with a trailing dot...

...and then there's my favorite, where somebody just went "go give my mail to Cisco, and if that doesn't work out, try Microsoft, Intel, Google, Yahoo... whatever":

But ok, let's look at the domains with reasonable MX records: of the 30 million unique servers found, almost 98% are globally unique.

Of the other 380K mail servers, around 2K appear more than 1,000 times.

The top 20 most frequently used mail servers I found are:

Now many domains that include alt1.aspmx.l.google.com. as an MX will likely also include alt2.aspmx.l.google.com., so let's flatten these numbers by MX domain frequency, which breaks down our data set to 21 million unique domains.

The top 20 are: