It used to be common for domain operators to run their...

It used to be common for domain operators to run their own mail servers, but doing that is actually hard. And what do we do when things are hard? We pay somebody else to do it for us. To the cloud!

So I was wondering: how much is SMTP centralized in 2023?

Like 10 Mar 2023 at 3:27 | Open on mstdn.social

23 comments

Jan Schaumann

With a fresh copy of 1169 gTLD zone files courtesy of #ICANN's Centralized Zone Data Service at https://czds.icann.org/, I went to work hitting my little @iscdotorg bind9 resolver and looked up MX records.

All of them.

10 Mar 2023 at 3:29 | Open on mstdn.social

Jan Schaumann

A single domain may of course have multiple MX records which may or may not be in the same domain (which itself may or may not be within the original domain):

Terminal output showing DNS lookups:

$ dig +short mx netmeister.org
50 panix.netmeister.org.

$ dig +short mx akamai.com
20 mx0b-00190b01.pphosted.com.
10 mxa-00190b01.gslb.pphosted.com.
10 mxb-00190b01.gslb.pphosted.com.
20 mx0a-00190b01.pphosted.com.

$ dig +short mx twitter.com
30 ASPMX3.GOOGLEMAIL.com.
20 alt1.aspmx.l.google.com.
10 aspmx.l.google.com.
30 ASPMX2.GOOGLEMAIL.com.
20 alt2.aspmx.l.google.com.

$ dig +short mx whynot.coffee
10 mailin.mx-hub.cz.
10 mailin.mx-hub.eu.
10 mailin.mx-hub.sk.
10 mailin.mx-hub.net.

10 Mar 2023 at 3:30 | Open on mstdn.social

Jan Schaumann

Looking up MX records for 203 million domains yielded around 30 million unique MX servers in around 21 million second-level domains.

But not every domain has an MX record. In fact, 119 million (58% of all) domains are lacking MX records.

10 Mar 2023 at 3:32 | Open on mstdn.social

Jan Schaumann

In that case, SMTP assumes an "implicit MX" and attempts to deliver the mail to the IP address (if any) of the bare domain name.

Of the 119 million domains without an MX record, 76 million (64%) do have an IP address, meaning they could at least theoretically receive mail.

10 Mar 2023 at 3:33 | Open on mstdn.social

Jan Schaumann

Reversing those bare domain IPs again, we can guess what services handle default domain parking:

28.8 million are under amazonaws.com., awsglobalaccelerator.com., and cloudfront.net.; 18 million under Google's 1e100.net. and googleusercontent.com.

10 Mar 2023 at 3:35 | Open on mstdn.social

Jan Schaumann

Some (1.5 million) domains set their MX to "localhost", but there's a much better way to signal that you don't want any mail: you set the "Null MX" record ("0 ."), specified in RFC7505.

This approach is used by roughly 2 million domains.

10 Mar 2023 at 3:37 | Open on mstdn.social

Jan Schaumann

Now let's take a look at the ~40% (approximately 81 million) of domains _with_ MX records.

Most domains have between one and five mail exchange records, but of course there are outliers: a few hundred domains have >10 MX records, and some domains even have over 100!

10 Mar 2023 at 3:38 | Open on mstdn.social

Jan Schaumann

The ever so aptly named everymailbox.com domain has 398 MX records, whiteinbox.net has 253, and rm02.net has 235.

All of these MX records have the same priority, suggesting they are trying to aim for some DNS round-robin load balancing here.

Terminal screenshot showing

$ host -t mx everymailbox.com | wc -l
398
$ host -t mx everymailbox.com | more
everymailbox.com mail is handled by 10 mx305.everymailbox.com.
everymailbox.com mail is handled by 10 mx56.everymailbox.com.
everymailbox.com mail is handled by 10 mx93.everymailbox.com.
everymailbox.com mail is handled by 10 mx348.everymailbox.com.
everymailbox.com mail is handled by 10 mx259.everymailbox.com.
everymailbox.com mail is handled by 10 mx213.everymailbox.com.
everymailbox.com mail is handled by 10 mx105.everymailbox.com.
everymailbox.com mail is handled by 10 mx427.everymailbox.com.
everymailbox.com mail is handled by 10 mx141.everymailbox.com.
everymailbox.com mail is handled by 10 mx140.everymailbox.com.
everymailbox.com mail is handled by 10 mx381.everymailbox.com.
everymailbox.com mail is handled by 10 mx334.everymailbox.com.
everymailbox.com mail is handled by 10 mx405.everymailbox.com.
everymailbox.com mail is handled by 10 mx126.everymailbox.com.
everymailbox.com mail is handled by 10 mx397.everymailbox.com.
everymailbox.com mail is handled by 10 mx270.everymailbox.com.
everymailbox.com mail is handled by 10 mx111.everymailbox.com.
everymailbox.com mail is handled by 10 mx442.everymailbox.com.
everymailbox.com mail is handled by 10 mx333.everymailbox.com.
everymailbox.com mail is handled by 10 mx200.everymailbox.com.
everymailbox.com mail is handled by 10 mx21.everymailbox.com.

10 Mar 2023 at 3:39 | Open on mstdn.social

Jan Schaumann replied to Jan

gaodong.com is another outlier: 123 MX records with 117 distinct priorities!

Terminal screenshot showing output of

$ host -t mx gaodong.com | more
gaodong.com mail is handled by 116 test18.gaodong.com.
gaodong.com mail is handled by 50 akola.gaodong.com.
gaodong.com mail is handled by 120 test188.gaodong.com.
gaodong.com mail is handled by 34 bingo.gaodong.com.
gaodong.com mail is handled by 110 vivian18.gaodong.com.
gaodong.com mail is handled by 44 way60420.gaodong.com.
gaodong.com mail is handled by 200 931214.gaodong.com.
gaodong.com mail is handled by 161 happymei.gaodong.com.
gaodong.com mail is handled by 281 joanlin.gaodong.com.
gaodong.com mail is handled by 122 test80.gaodong.com.
gaodong.com mail is handled by 218 shanelee.gaodong.com.
gaodong.com mail is handled by 169 torls.gaodong.com.
gaodong.com mail is handled by 295 try106.gaodong.com.
gaodong.com mail is handled by 96 alee.gaodong.com.
gaodong.com mail is handled by 222 vivian72.gaodong.com.
gaodong.com mail is handled by 40 utsvr188.gaodong.com.
gaodong.com mail is handled by 303 try103.gaodong.com.
gaodong.com mail is handled by 278 ivip.gaodong.com.
gaodong.com mail is handled by 66 tysh.gaodong.com.
gaodong.com mail is handled by 60 ut189.gaodong.com.
gaodong.com mail is handled by 224 twss.gaodong.com.
gaodong.com mail is handled by 32 chenyan.gaodong.com.
gaodong.com mail is handled by 152 pillar.gaodong.com.
gaodong.com mail is handled by 56 joe.gaodong.com.
gaodong.com mail is handled by 232 phpbb.gaodong.com.
gaodong.com mail is handled by 224 vivian188.gaodong.com.

10 Mar 2023 at 3:42 | Open on mstdn.social

Jan Schaumann replied to Jan

There are a number of misconfigured records, including non-fqdn RRs that presumably were accidentally added with a trailing dot...

Terminal screenshot showing output of

$ host -t mx dabafunk.xyz
dabafunk.xyz mail is handled by 10 mail.dabafunk.xyz.
dabafunk.xyz mail is handled by 0 smtp.dabafunk.xyz.
dabafunk.xyz mail is handled by 1 smtp.wesak.
dabafunk.xyz mail is handled by 1 smtp.bhargo.
dabafunk.xyz mail is handled by 2 mail.bhargo.
dabafunk.xyz mail is handled by 1 smtp.maitreya.
dabafunk.xyz mail is handled by 2 mail.wesak.
dabafunk.xyz mail is handled by 1 smtp.shamballa.
dabafunk.xyz mail is handled by 2 mail.maitreya.
$ host smtp.bhargo.dabafunk.xyz
smtp.bhargo.dabafunk.xyz has address 113.30.149.72
$ host -t mx trustedomain.com
trustedomain.com mail is handled by 10 imtatest2.
trustedomain.com mail is handled by 5 imta23.
trustedomain.com mail is handled by 10 imtat2.
trustedomain.com mail is handled by 5 imta14.
trustedomain.com mail is handled by 5 imta1.
trustedomain.com mail is handled by 5 imta10.
trustedomain.com mail is handled by 0 mx.zoho.com.
trustedomain.com mail is handled by 5 imta13.
trustedomain.com mail is handled by 5 imta7.
trustedomain.com mail is handled by 5 imta3.
trustedomain.com mail is handled by 5 imta2.
trustedomain.com mail is handled by 5 imta16.
trustedomain.com mail is handled by 5 imta4.
trustedomain.com mail is handled by 5 imta19.
trustedomain.com mail is handled by 5 imta6.
trustedomain.com mail is handled by 5 imta12.
trustedomain.com mail is handled by 5 imta27.
trustedomain.com mail is handled by 5 imta28.
trustedomain.com mail is handled by 5 imta9.

10 Mar 2023 at 3:43 | Open on mstdn.social

Jan Schaumann replied to Jan

...and then there's my favorite, where somebody just went "go give my mail to Cisco, and if that doesn't work out, try Microsoft, Intel, Google, Yahoo... whatever":

10 Mar 2023 at 3:45 | Open on mstdn.social

Jan Schaumann replied to Jan

But ok, let's look at the domains with reasonable MX records: of the 30 million unique servers found, almost 98% are globally unique.

Of the other 380K mail servers, around 2K appear more than 1,000 times.

10 Mar 2023 at 3:46 | Open on mstdn.social

Jan Schaumann replied to Jan

The top 20 most frequently used mail servers I found are:

01. 10.3 M mailstore1.secureserver.net. GoDaddy Hosted Mail
02. 10.3 M smtp.secureserver.net.
03. 9.6 M aspmx.l.google.com. Google
04. 9.5 M alt1.aspmx.l.google.com.
05. 9.5 M alt2.aspmx.l.google.com.
06. 6.7 M alt3.aspmx.l.google.com.
07. 6.7 M alt4.aspmx.l.google.com.
08. 3.9 M eforward1.registrar-servers.com. Namecheap
09. 3.9 M eforward5.registrar-servers.com.
10. 3.9 M eforward4.registrar-servers.com.
11. 3.9 M eforward2.registrar-servers.com.
12. 3.9 M eforward3.registrar-servers.com.
13. 2.7 M aspmx2.googlemail.com. Google2
14. 2.7 M aspmx3.googlemail.com.
15. 1.1 M mx3.mail.ovh.net. OVH / OVH Groupe SAS
16. 804 K mx01.1and1.com. IONOS / United Internet AG
17. 802 K mx00.1and1.com.
18. 793 K mx4.mail.ovh.net. OVH / OVH Groupe SAS
19. 784 K mail.h-email.net. Unknown / parked domains?3
20. 784 K smtpin.rzone.de. Strato AG / United Internet AG

10 Mar 2023 at 3:48 | Open on mstdn.social

Jan Schaumann replied to Jan

Now many domains that include alt1.aspmx.l.google.com. as an MX will likely also include alt2.aspmx.l.google.com., so let's flatten these numbers by MX domain frequency, which breaks down our data set to 21 million unique domains.

The top 20 are:

01. 46.7 M google.com. Google
02. 22.5 M secureserver.net. GoDaddy Hosted Mail
03. 19.7 M registrar-servers.com. Namecheap
04. 7.4 M outlook.com. Microsoft
05. 6.9 M googlemail.com. Google2
06. 3.4 M ovh.net. OVH / OVH Groupe SAS
07. 2.4 M mailspamprotection.com. SiteGround
08. 1.8 M hostedemail.com. Tucows / OpenSRS
09. 1.7 M 1and1.com. IONOS / United Internet AG
10. 1.6 M zoho.com. Zoho Corporation
11. 1.6 M jellyfish.systems. Namecheap
12. 1.3 M one.com. One.com
13. 1.3 M qq.com. Tencent QQ
14. 1.2 M ionos.com. IONOS / United Internet AG
15. 1 M gandi.net. Gandi SAS / Your.Online
16. 1 M rzone.de. Strato AG / United Internet AG
17. 992 K kundenserver.de. IONOS / United Internet AG
18. 973 K 123-reg.co.uk. 123 Reg
19. 835 K h-email.net Unknown / parked domains?3
20. 765 K oxcs.net EuroDNS / Datacenter Group

10 Mar 2023 at 3:50 | Open on mstdn.social

Jan Schaumann replied to Jan

We can combine some of the domains by company or parent organization to find that Google takes the lion's share of domains with about 34%, GoDaddy around 14%, Namecheap 13.5%, and Microsoft trailing behind with about 4.7%

A pie chart showing Google (34%), GoDaddy (14%), Namecheap (13.5%), Microsoft (4.7%) and misc other domains

10 Mar 2023 at 3:51 | Open on mstdn.social

Jan Schaumann replied to Jan

But all that is for _all_ gTLD domains, which includes millions of parked domains, typo-squatting and spam domains, etc.

What if we look at the Top 1M domains?

Let's pull the list from https://tranco-list.eu/...

10 Mar 2023 at 3:53 | Open on mstdn.social

Jan Schaumann replied to Jan

For those 1 million domains, we find around 433K distinct MX servers in 230K domains. The top 20 mail server domains there are:

01. 138 K google.com. Google
02. 94 K outlook.com. Microsoft
03. 59 K googlemail.com. Google2
04. 15.8 K yandex.net. Yandex LLC
05. 13 K mimecast.com. Mimecast Limited
06. 12.8 K pphosted.com. Proofpoint, Inc.
07. 9.5 K qq.com. Tencent QQ
08. 9.2 K registrar-servers.com. Namecheap
09. 8 K secureserver.net. GoDaddy Hosted Mail
10. 5.7 K barracudanetworks.com. Barracuda Networks
11. 5.5K K zoho.com. Zoho Corporation
12. 4.7 K amazonaws.com. Amazon Web Services, Inc.
13. 4.4 K emailsrvr.com. Rackspace Technology
14. 4.1 K yandex.ru. Yandex LLC
15. 3.7 K iphmx.com. Cisco IronPort Hosted MX
16. 3.5 K mail.ru. VK / Mail.ru Group
17. 3.5 K ovh.net. OVH / OVH Groupe SAS
18. 3.4 K mailspamprotection.com. SiteGround
19. 3 K ppe-hosted.com. Proofpoint, Inc.
20. 3 K beget.com. Beget LLC

10 Mar 2023 at 3:54 | Open on mstdn.social

Jan Schaumann replied to Jan

Google and Microsoft together handle over 60% of the Top 1M domains' mails!

Many other domains use service provides such as Proofpoint, Barracuda Networks, or Cisco / IronPort, but those may of course only sit in front of Google and Microsoft's mail servers as well.

A pie chart showing

Google: 41.1%
Microsoft: 19.6%
Yandex: 4.1%
Proofpoint: 3.3%
Mimecast: 2.7%
Tencent QQ: 2.0%
Namecheap: 1.9%
GoDaddy: 1.6%
Barracuda Networks: 1.2%
Zoho: 1.1%
Amazon AWS: 1.0%
Rackspace: 0.9%
Cisco IronPort Hosted MX: 0.8%
VK / Mail.ru Group: 0.7%
OVH: 0.7%
SiteGround: 0.7%
Beget LLC: 0.6%

10 Mar 2023 at 3:56 | Open on mstdn.social

Jan Schaumann replied to Jan

So all in all, the answer to the question of who can read your email pretty much boils down to -- yep -- "Google and Microsoft".

Even if your domain doesn't use one of their mail servers, chances are that whoever you are sending mail _to_ does.

10 Mar 2023 at 3:58 | Open on mstdn.social

Jan Schaumann replied to Jan

Now these companies are probably doing a much better job running and securing your mail than you would, and outsourcing often makes good sense.

But still, this is another example of increasing centralization: our businesses and personal online lives are concentrated in the hands of just a few companies.

10 Mar 2023 at 3:59 | Open on mstdn.social