Gregory's ServerSome (1.5 million) domains set their MX to "localhost", but there's a much better way to signal that you don't want any mail: you set the "Null MX" record ("0 ."), specified in RFC7505.
This approach is used by roughly 2 million domains.
|
17 comments
 The ever so aptly named everymailbox.com domain has 398 MX records, whiteinbox.net has 253, and rm02.net has 235. All of these MX records have the same priority, suggesting they are trying to aim for some DNS round-robin load balancing here. gaodong.com is another outlier: 123 MX records with 117 distinct priorities! There are a number of misconfigured records, including non-fqdn RRs that presumably were accidentally added with a trailing dot... ...and then there's my favorite, where somebody just went "go give my mail to Cisco, and if that doesn't work out, try Microsoft, Intel, Google, Yahoo... whatever": But ok, let's look at the domains with reasonable MX records: of the 30 million unique servers found, almost 98% are globally unique. Of the other 380K mail servers, around 2K appear more than 1,000 times. Now many domains that include alt1.aspmx.l.google.com. as an MX will likely also include alt2.aspmx.l.google.com., so let's flatten these numbers by MX domain frequency, which breaks down our data set to 21 million unique domains. The top 20 are: We can combine some of the domains by company or parent organization to find that Google takes the lion's share of domains with about 34%, GoDaddy around 14%, Namecheap 13.5%, and Microsoft trailing behind with about 4.7% But all that is for _all_ gTLD domains, which includes millions of parked domains, typo-squatting and spam domains, etc. What if we look at the Top 1M domains? Let's pull the list from https://tranco-list.eu/... For those 1 million domains, we find around 433K distinct MX servers in 230K domains. The top 20 mail server domains there are: Google and Microsoft together handle over 60% of the Top 1M domains' mails! Many other domains use service provides such as Proofpoint, Barracuda Networks, or Cisco / IronPort, but those may of course only sit in front of Google and Microsoft's mail servers as well. So all in all, the answer to the question of who can read your email pretty much boils down to -- yep -- "Google and Microsoft". Even if your domain doesn't use one of their mail servers, chances are that whoever you are sending mail _to_ does. Now these companies are probably doing a much better job running and securing your mail than you would, and outsourcing often makes good sense. But still, this is another example of increasing centralization: our businesses and personal online lives are concentrated in the hands of just a few companies. Alright, that's all for today. Gotta go and fix my postfix DMARC setup and block a bunch of spammers or something. And if you don't like social media threads or want to share this outside of Mastodon, here's all of the above in a single blog post: |
Now let's take a look at the ~40% (approximately 81 million) of domains _with_ MX records.
Most domains have between one and five mail exchange records, but of course there are outliers: a few hundred domains have >10 MX records, and some domains even have over 100!