Can we take our emails back, please?
Synopsis
Before the 2000s, most broadband providers, institutions and businesses ran their own email infrastructure. User emails were distributed among thousands of servers around the world that could talk to each other directly using SMTP protocol. It was pretty normal to have a long, hard to remember email such as dmysenko@fiction.lcs.mit.edu because even a single institution could easily have a hundred operational mail servers. This meant that email messages were effectively stored on many different servers owned by many different companies.
It’s almost 2020 and most people today tend to use one of the few giant mail providers instead of your university lab’s Linux or your company’s server hissing somewhere in a hidden server room. The email traffic consolidated so much so that Gmail alone handles 20% of the world’s e-mail traffic [4]. If you combine the top 3–4 mail providers together, you get up to 73% of the e-mail traffic [2]. And this goes beyond personal emails since more and more companies move to outsourced corporate services like Google Suite or Office 365.
This creates a few potential issues including potential privacy breaches, lock-in commitment, unsolicited marketing, and low email performance. We pretty much don’t own our email boxes anymore and have no idea where they are stored and who else has access to them.
Before
When I got my first e-mail address, the global e-mail infrastructure looked something like this:
Thousands, thousands of mail servers all over the world talking to each other directly using SMTP protocol. Not one server more important than another. Total chaos and decentralization — the Internet at its best.
Every department of every faculty of every university in the world would have its own mail server. Using free e-mails like Hotmail was considered “lame” or untrustworthy by many. And even with free e-mail providers, every country had many.
Back then, all it took to download all your e-mails from the server was to copy a single file, eg. /var/mail/dmysenko — one plain text file! Delete it — and nobody can see it anymore. Copy it and you have a backup.
This also meant that no single person or company can analyze a significant enough share of the e-mail traffic. You can’t easily say how many people in the US are pro-Trump or against Trump. You can’t easily say how many people purchased a new iPhone within the last 12 months.
After
Fast forward 20 years and we now got this:
Just 3 American companies together handle more than 30% (70% in Australia [2]) of e-mail traffic. Even if your email doesn’t end in gmail.com, it could as well be Gmail — Gmail supports custom domains and many companies choose not to run their own mail servers anymore.
Even prominent startups (eg. GitHub, GitLab, Eventbrite) rely on Gmail for their corporate emails. According to SecurityTrails statistics [1], 10 million domains have Google mail servers set as MX (incoming email address).
So if Gmail has 20% of the e-mail traffic and we can assume that Gmail users send messages to non-Gmail addresses as well, this could mean that Google can read and analyze [3] up to 30% of the world communications. So that they (or their partners) can sell you something. Or take better decisions (beneficial for them, not for you). Isn’t that a bit scary?
On top of that, unless you live in the United States, accessing your emails is a bit slow since they are stored thousands of kilometers (or miles) away from you.
On top of that, you can’t just go and leave — there is no easy way to transfer all your old emails to another provider. You are locked in.
But why?
But why did all of this happen?
The consensus today is that every company should focus on its core activities and running email servers isn’t one of them for most enterprises. For 5$ a month (the price of a company email with Gmail) you get a decent interface, a lot of space, good spam filters and so on. And no need to pay salary to systems administrator.
Since users moved to providers like Gmail out of convenience, it’s reasonable to assume that they will only move somewhere else if it’s very easy-to-use and has low-to-none maintenance involved.
Possible solution
There are a few good affordable cloud providers today including DigitalOcean, Vultr, and Linode. The cost of cloud computing has been decreasing in the past 10 years, and you can get a tiny server for as little as 2.5$ a month.
Further, there is a concept of a one-click app where user can start a new server (virtual server) instance running a specific Docker image:
What if there is a one-click app that handles all your emails for you?
There are a few attempts at making a mail server Docker image already (Poste, Mailu) but they are still way too complicated for most users.
Time for some fantasizing:
- What if you could click “Email server” in the list above, enter your domain name and that’s it? It spins up a server that accepts emails for that domain?
- Then you could run your personal mail server in any region of your choice or even move it around (eg. your mail server is in Sydney while you are on a 6-month work trip in Australia, then it’s back to Frankfurt)
- Then you could back it up in a single click
- Then you could download the snapshot and deploy it with a different provider
- Emails could be encrypted at rest so that even if somebody hacks your personal email server, they can’t read your messages
- All traffic between email servers would be encrypted so that even your provider cannot read your emails
Then we would:
- Have millions of small mail servers instead of 5 giant ones (true Internet?)
- Have no big company or government be able to read people’s emails
- Have users who own their emails and can act freely with them
Our email traffic diagram would become this:
And why not? After all, this was a part of the original design of DNS/MX and SMTP. It was assumed that millions will talk to millions directly, not that Gmail will talk to Outlook.
As result, cloud providers can get a massive number of new users (who would have never become customers before). And users get performant, protected, confidential, flexible emails.
The Docker image (single-click app) itself would be open-source and completely free, but there would be an opportunity to offer affordable managed instances as well (eg. targeted at small enterprises or advanced users) so that somebody can upgrade software versions for you, troubleshoot in case of issues and so on.
References
[1] https://securitytrails.com/stats
[2] http://www.roymorgan.com/findings/6884-gmail-now-ahead-of-microsoft-hotmail-outlook-live-email-australia-march-2016-201607111137
[3] https://www.theguardian.com/technology/2014/apr/15/gmail-scans-all-emails-new-google-terms-clarify
[4] https://techjury.net/stats-about/gmail-statistics#gref
