The Email Hole

Email is not something to get too upset about, until you lose one to downtime by your provider of choice. And then you realise that it is too important to be left to free services, or even a domain hoster.

I use a hoster called Hostway, and they went spectacularly down last week. (This despite the fact, or perhaps because of it, that Hostway launched a new service recently offering 150 GB of space for $10 a month.) It was only about a day, but several domains I based there lost email access when their storage failed. Now I have no idea who might have been trying to reach me and couldn’t because of bounced emails, what newsletters I’ve been removed from because of bounced emails, what email newsletters I may have missed

Now this kind of thing happens, but it made me realise that losing one email is the same as losing all of them if you don’t know which email it is, since it may be the important one you’ve been waiting for offering you money/marriage/a new nose. Email is different to hosting a website: a website can go down, and you’ll lose some traffic, but it will come back up again. Email is a stream of discrete bits of information, and there’s no way of telling whether there are any missing.

In short, a good hoster needs to guarantee that, should something go wrong, no email is left behind. Hostway have not, so far not been able to assure me of that. They say that emails lost during the outage have been recovered, but as far as I can work out that does not refer to those lost because of the outage — in other words, those emails that were stored on their servers and not recovered by users before the outage hit. (Emails to their technical staff about this were responded to with pasted notifications from their support team, which didn’t address this issue.

This surprises me, but shouldn’t. They are listed by Netcraft as the second most reliable hoster last month and I’ve not had many problems with them. But they are a domain hoster, which means that bullet-proof email is not top of their priorities. As Syd Low of AlienCamel puts it (declaration of interest: I’ve been using Syd’s email service the past few years, and it’s rock solid), there are three types of email service: bundling services (like Hostway), free services (like Gmail) and paid services (like AlienCamel) which provide Web access, lots of redundant backups to make sure no email goes missing, plus anti-spam, anti-virus and anti-phishing features.

My lesson from all this: email is too important to entrust to people who don’t take it seriously, or who aren’t getting money for your business. Of course, no one wants to pay for something they’re getting for free, or more cheaply, but sometimes free and cheap is not enough.

24. July 2006 by jeremy
Categories: Email, Internet life, Malware, Productivity, Spam, Storage | Tags: , , , , , | 6 comments

Comments (6)

  1. Problem is those hosting agreements require that you give up all rights to complain, or to sue, to get any damages when they lose all of your e-mails. Recently, the e-mail company I use deleted all my e-mails dated prior to May 1. You’d think they’d have some back-up of what’s on their servers – but no!

  2. A little note about aliencamel, I don’t know anything about their services, but checking quickly:

    1) their authoritative nameserver hosts are split among ‘theplanet’ and ‘john companies’. Two apparent hosting providers.
    2) http://www.aliencamel.com is the same ip address as one of the authoritative nameservers
    3) the sole MX record for aliencamel.com (they have no backup MX, that seems odd for a company talking about mail server redundancy and such) is the same ip address as http://www.aliencamel.com

    I suppose that for 8$/month you can’t expect much more than this, but it’s too bad they talk about redundancy and resiliency while not really showing that in their publicly auditable configuration.

    Also it’s nice to note that they use the AOLserver for an http server, and the dreaded communigate-pro for email services 🙁

    Finally, no imap+ssl or pop+ssl? no smtp+tls? how can I feel remotely secure when my identity credetials are spewed all over the internet in plain text?

    8$/month, better than ‘free’? not in my book, atleast gmail supports imap+ssl or pop+ssl and smtp+tls…

    Thanks for the post though, it sure was a good read, and of interest to me, personally.

  3. A little note about aliencamel, I don’t know anything about their services, but checking quickly:

    1) their authoritative nameserver hosts are split among ‘theplanet’ and ‘john companies’. Two apparent hosting providers.
    2) http://www.aliencamel.com is the same ip address as one of the authoritative nameservers
    3) the sole MX record for aliencamel.com (they have no backup MX, that seems odd for a company talking about mail server redundancy and such) is the same ip address as http://www.aliencamel.com

    I suppose that for 8$/month you can’t expect much more than this, but it’s too bad they talk about redundancy and resiliency while not really showing that in their publicly auditable configuration.

    Also it’s nice to note that they use the AOLserver for an http server, and the dreaded communigate-pro for email services 🙁

    Finally, no imap+ssl or pop+ssl? no smtp+tls? how can I feel remotely secure when my identity credetials are spewed all over the internet in plain text?

    8$/month, better than ‘free’? not in my book, atleast gmail supports imap+ssl or pop+ssl and smtp+tls…

    Thanks for the post though, it sure was a good read, and of interest to me, personally.

  4. Hi Chris, Syd from AlienCamel here. I’m not sure what point you’re making regarding AOLserver and Communigate Pro, nor who hosts our DNS records; Our users’ login credentials are encrypted using SASL CRAM-MD5 or APOP. We also support imap+ssl and tls on all three protocols (smtp, pop and imap) if users wish to enable it in their email client. We also mirror all inbound emails to two separate datacentres. There’s more info about it here: http://aliencamel.com/press/acrelease06
    Drop me an email if you want more details.

  5. Syd, hey awesome! So first off, sorry for posting that comment 2x. Secondly the comment about AOLServer was actually a ‘good’ comment. I happen to like it, it’s neat and not widely used so it avoids many of the mundane security problems of the day. Communigate Pro I’ve seen issues with, nothing huge I suspect with competent administrators it’s fine.

    The hosting of the dns records (by whom) is probably not relevant, but the number and location is. I was pointing out that lots of services for you (atleast, possibly other folks on the shared device if it is shared) are tied to the same ip address in the case of www/mail/dns on a single host. This could potentially lead to some interesing failure scenarios. On the good side with DNS atleast you have diversity in the two authortiative servers location-wise though not software-wise. It’s probably best to seperate out services on individual ip’s if not individual hosts. that way if something bad happens (from inside or outside) to a single service it has less potential to impact the other services in question.

    It’s great to see that ssl/tls are supported that wasn’t obvious from my less than 5mins searching around on your site. I retract my comment about that then 🙂 Good to hear indeed.

    Thanks for the response.

  6. Hi Chris, Always glad to receive tips and hints from folks with experience. We’re always trying to optimize resilience with costs and continue to evolve as we grow. Educating users is the holy grail about ‘needing’ a reliable email service… Best, Syd