With some sadness, I have to acknowledge that self-maintained email services may be destined for the rubbish heap, tossed aside in a whirlwind of hand-wringing spam and virus concerns, as well as a general movement to managed email services. The fat lady may not have sung yet, but she appears to be drawing that fateful breath.
You see, it's becoming quite hard to run a private mail service. The Internet is increasingly tough on email traveling to or from smaller mail servers, especially those running on the other end of broadband connections, business or otherwise.
Heck, even mail services running on fiber and leased-line circuits are problematic. This is due in large part to a vast array of increasingly strict filtering measures for curtailing spam, phishing, viruses, and malware by maintaining lists of IP subnets that "shouldn't" be sending email. The idea is to block mail from consumer broadband ranges, which you could reasonably argue for. However, large numbers of business-class subnets inadvertently get included as well, and as we all know, subnets can move around fairly easily, especially with larger ISPs.
Besides, using huge lists of IP addresses to block data transmission is not a great idea anyway. It's the sledgehammer in surgery approach.
Many businesses have no need or desire to manage their own mail server, so they use Google, Yahoo, or even their ISP to handle their messages. There's nothing wrong with that, aside from the fact that as more and more businesses use these services, we may eventually come to a point when a majority of the legitimate email traffic on the Internet will be sourced from a relatively small number of providers. Even if those services are measured in the tens of thousands, it's conceivable that email could become a closed system with only major players allowed. All others would have to sign up with one of those vendors or risk having their email discarded out of hand.
As someone who has run his own mail server for about two decades, I can attest that times are rough for small servers. I've been seeing perfectly legitimate email -- coming from a well-configured relay, using SPF (Sender Policy Framework), is not on any RBL (Real-time Blackhole List), has no spam history or indications, and is running on a business-class data circuit -- get silently discarded by destination relays run by large email services. I've seen other destination services automatically shunt those messages into spam folders without prejudice, even in the face of users who flag the messages as nonspam and instruct the system to deliver the messages unsullied.
I have had more sent email fail to reach the intended recipients in the past several months than in perhaps the past five years combined. Multiple senders, multiple disparate recipients, and even InfoWorld -- I thought my editor was mad at me for a month or so. All the while, other mail reached other recipients with no problems whatsoever. It's fickle, impossible to predict or diagnose from the outside, but it's increasingly causing questions about the suitability of email in general -- a reality that should make us all uncomfortable.
There are steps we can take, of course. I could (and will probably have to) route all outbound mail through my ISP's relay. I'd feel better about that if everything was encrypted, but that's not the case, even today.
Also, I might need the ISP to relay inbound mail as well, meaning that all inbound email would need to be processed through its relays before arriving at my server. That would require configuration on the ISP's end, possibly a recurring cost, and it would constitute another point of failure -- one that is completely opaque when troubleshooting.
There are also no guarantees that the ISP would not implement heavy-handed filters of its own. It might silently discard legitimate inbound email to my server, and I would have no way of knowing I was missing email. All of these possibilities chip away at the already fragile foundation of email as a valid form of communication.
The fact is the volume of spam and other unwanted communication via email has dropped substantially (at least for my server) over the past decade. It's certainly a problem, but it's not nearly as bad as it was when I collected stats back in 2006.
I'd like to think that we have much better ways to detect and block illegitimate email these days than we did back then -- and we do. Maybe it's time to dispense with the heavy-handed relay rejection and classification methods so many ISPs and email services still seem to rely on. Instead, we must remember that SMTP is a field everyone can play on, no matter the size of their mail spool.