We’ve had email for so long that it’s now easy to assume it will be here forever.
However, certain trends are threatening the health of the email ecosystem on a global scale. And big senders are at the heart of these issues regarding security, privacy, reliability, and more.
You might be wondering:
- What are these trends and respective issues?
- How did the email ecosystem develop these issues?
- What can we do about them?
- Why should you listen to me?
All valid questions that I will answer. We’ll start with the last one.
Who Am I?
My name is Bogdan Moldovan, and I am an email geek with 25+ years of IT experience, mainly centered around software development, telco, VoIP, business development, sales, management, and many other adjacent topics that I’ve had to research during my years as a founder and business leader.
Speaking of, I’m also the CEO of Axigen, an email company with 17+ years of experience providing a reliable, secure, extensible, and customizable email server platform.
Today, I’m going to argue against a worrying trend that’s taken the world over — centralized email. By keeping all the users, large email corporations have essentially eliminated one of the key advantages of email at its origins: decentralization. We’ll take it step by step, so we begin with an easy one:
What Is Email?
Email is a way of exchanging messages between persons using electronic equipment. The name is shorthand for electronic mail. It designates both the medium where the electronic communications are held (e.g. “send us your thoughts via email”) and the communications themselves (e.g. “I sent Sharon an email”).
How Does Email Work?
Email works because of the infrastructure of the internet. It was one of the first applications developed on the internet back in 1971, along with web pages.
One of the key functions of the internet is that anyone can launch their own website. Similarly, the email ecosystem also allows anyone, anywhere, to deploy an email server, implement a few configuration parameters and two or three settings, and then communicate with anyone else who has an email server.
What Does Email Do?
Email allows messages to be sent between two or more people with access to an electronic device with a working internet connection.
The purpose of email when it was developed was to simulate real-world mail while allowing people to send messages to each other instantly, from anywhere in the world, and with no intermediary. While somewhat diluted, this purpose still remains largely true.
History of Email
In today’s internet world, it might be difficult to imagine just how revolutionary email was:
Email forever changed the way we communicate because it enabled the sending of messages between two people on Earth instantaneously, without the use of traditional forms of messaging that went through third-party intermediaries such as the postal system.
Before email, sending letters, postcards, legal documents, or other papers meant going through a centralized infrastructure that had multiple single points of failure - and many traditional mail systems still do. That meant important documents got lost. And when they didn’t, it often took days, weeks, even months for messages to reach their destination, and their security along the way was questionable at best.
Adapted and expanded from CloudHQ
If email did not exist and calling was your only option to deliver a message instantly, you’d have to pass through a carrier to make a phone call to other countries or even inside your own country.
Furthermore, if you weren’t in the same voice network as the person you were calling, for example, if you had to call from Europe to the Middle East, your call would be passing through multiple operators and multiple gateways, all operated by diverse corporations colloquially known as Big Telco.
Then the emails came, and suddenly — absolutely anyone from anywhere in the world could connect to the internet, create an email server, and send messages to anyone else with an email server without passing through censorship.
It was a breakthrough. Today, email is, however, very far from that momentous point.
What Email Used to Be
As mentioned above, the original concept of email was for everyone to be able to make their email server and use it without relying on platforms. While this was an ideal, it soon became clear that not everyone had the know-how or could actually take the time to make their own email server.
In the early days, before big businesses took over, email looked like this:
- First globally accessible messaging system
- Fully decentralized
- Available to anyone, anywhere
- Disparate from any existing infrastructure
- Slightly complex to set up your own server
What Email Is Today
Beginning with the launch of AOL mail in 1993, email began its own transformation from web1 to web2, slowly moving from publicly owned infrastructure to privately held servers. Those initial players slowly evolved and overtook the entire email ecosystem.
Today, after a long and fascinating evolution (which you can see in the video below), email looks more like this:
- Still the biggest, globally accessible messaging system
- Centralized around the big players
- Available to anyone, anywhere
- Works mostly on privately-held infrastructure
- Very complex to set up and secure your own email server
Why Is Email Important?
There are a few key reasons why email is such a vital form of communication:
- it’s completely free for anyone
- it’s the most reliable form of communication
- if it’s decentralized, it’s even more reliable and secure
- it allows for the free distribution of messages to relevant audiences
- it remains one of the best communication methods in terms of ROI
- It allows SMBs to talk to their clients without depending on costly methods of message broadcasting
An example for the last points: social media giants such as Facebook, Instagram, Twitter, despite being their own platforms, use email relentlessly to notify users, particularly inactive ones, of their account activity.
Decentralization in Email through the Years
Initially, email was built in a decentralized fashion. The entire concept of the global email ecosystem was for users to be fully independent, not tied to anyone’s business, government, or organization.
This decentralization characteristic of email that allowed everyone to have their own email server was, however, quickly hijacked by businesses. During the shift from web1 to web2, users wanted simpler ways of doing things — and that included email.
Suddenly, there was a need for platforms that simplified the process of getting an email address. That need was immediately met by AOL, Yahoo, and soon after, many other businesses across the globe.
With the intent of making email (and the internet) more accessible, most of the companies that met the new demand grew exponentially as a result. Startups and SMBs turned into large corporations. Large corporations became even larger.
Thus, email became centered around a few big players: Google, Yahoo, Outlook, NetEase in China, and more recently, Apple — with any competition reduced to single-digit or lower shares of users. These large corporations virtually canceled the decentralization aspect of email by hoarding email accounts to the point where they dominate a market used by more than half of the world’s population.
Number of Users
Email Market Share
Email Client Market Share
Platform Launch Date
April 1, 2004
October 8, 1997
January 16, 1997
October 12, 2011
4.22 (out of 4.3 billion)
*Apple automatically creates email addresses for its iCloud users.
**Apple Mail is the most widely used email client supporting Gmail, Yahoo, and nearly every other email provider.
How Did the Big Players Become so Successful?
Today, configuring an email server and making it operational is still possible, and you can use free or paid tools from the email ecosystem for it.
That being said, the process is infinitely more complex than it was in the early days of email. Creating your own email server isn’t simple at all. The amount of spam that now leads to information overload is a serious phenomenon that shouldn’t be ignored or underestimated.
That’s one of the reasons why the big players have been so successful — they haven’t just eliminated complexity from their users’ email setup, they’ve effectively made it a non-issue. 99% of the time, the average email user today doesn’t even have to think about email servers, spam filters, malware protection, or other complex topics. They can just send emails.
Furthermore, email addresses have become akin to a second digital ID, with anyone who doesn’t have one finding themselves at an immediate and often painful disadvantage in the online world. And with 99% of emails controlled by big players, everyone who wants to exist on the internet finds they must first agree to their terms and conditions before doing anything.
The Pitfalls of Centralized Email
The downside is, of course, that the decentralization characteristic of email has been effectively destroyed by these big players, with security & privacy being the first to suffer as a result.
The aggregation of inboxes around a few big corporations exposes both the corporations and their users to more severe attacks and security breaches. The reason? Hackers are attracted by the prize of succeeding in such an attack, which increases exponentially based on the number of users hacked. So essentially, the bigger these businesses are, the better the hackers are at their jobs.
Here we can look at some examples of gigantic data and security breaches, listed in order:
- 2009 Google Server Breach. Between June and December 2009, a group of hackers hired by the Chinese Government breached Google servers via spear-phishing attacks, obtaining information about China-based human rights activists and US law enforcement surveillance of Chinese spies. (Google).
- August 2013 Yahoo Breach. In August 2013, all Yahoo accounts were breached in a giant attack that compromised email addresses, passwords, and even personal information like birth dates and phone numbers. What’s worse, Yahoo did not disclose this breach until 2016, over three years after the attack took place, and then only reported 1 billion compromised accounts. Less than one year later, in October 2017, Yahoo reported that, in fact, “all [3 billion] accounts were likely victimized.” (CNBC)
- September 2014 Google Leak. In September 2014, the accounts and passwords of nearly 5 million users were published online. (Forbes)
- 2014 Yahoo Breach. Also reported in 2016, another breach affected Yahoo users in late 2014. State-sponsored hackers then stole account data for over 500 million users. This time around, attackers also obtained hashed passwords, security questions and answers, and data about users who likely didn’t even know they had a Yahoo account because of agreements between Yahoo and UK telecom firms BT and Sky Broadband. (Wired, The Guardian)
- September 2015 BrainTest Malware attack. In September 2015, the Android app BrainTest infected nearly 1 million Android devices, with the exact number of victims unknown. The malware established a rootkit on any infected device, essentially allowing cybercriminals to execute any command, leading to payload deployments that stole Google account credentials. (Checkpoint)
- July 2016 Yahoo Discovery. In July 2016, notorious cybercriminal and data broker Peace_of_Mind stated in confidential interviews that he had account names and passwords for 200 million Yahoo accounts, with some as old as 2012. He claimed to have been selling them since late 2015. (Wired)
- November 2016, Gooligan Malware attack. In November 2016, over 1 million Google Accounts were breached through an Android malware that, similarly to BrainTest, rooted devices and gained access to Gmail and all the other G-suite apps. The Gooligan Malware reached a disturbing infection rate of 13,000 devices per day. (Checkpoint).
- Big Asian Leak of 2017. In January 2017, a Darkweb marketplace started selling user data from over 1 billion accounts associated with Chinese internet giants, the majority of which came from Chinese email provider NetEase. (Hackread)
- 2018 Google+ Data Breach. In March and December 2018, Google suffered a massive data breach due to a bug in Google+ that essentially allowed third-party developers to access the data of approximately 53 million users. (Wired)
- December 2019 Leak. In December 2019, a database containing 2.7 billion accounts and 1 billion passwords from the original 2017 Big Asian Leak was revealed. The data took 3 days to be discovered and remained publicly available for over a week, during which time it grew by 1 million accounts. (CompariTech)
Unsurprisingly, due to the nature of centralized systems, hackers aren’t the only threat to email users’ information. Since Google, Yahoo, and other big players are essentially personal data conglomerates, they can also mislead their users into a false sense of security.
Here’s a rundown of privacy violations by giant email corporations:
- October 2016. Yahoo systematically scanned all its email users’ private conversations by adapting its spam filter to facilitate US Government surveillance. (The New York Times)
- August 2018. Google tracked the location data of 2 billion users without explicit permission in many cases. (The Guardian)
- September 2019. Google was fined $170 million by the US Government for breaking child privacy laws. (Bloomberg)
- April 2020. Google was tangled in a $5bn lawsuit in which it was accused of tracking the private browsing data of its users in Incognito Mode. (Reuters)
Since mailboxes accumulate personal data over years and even decades, they become similar to old-timey letterboxes containing all of a person’s correspondence, including bills, contracts, and many other types of personal information.
Remember the Facebook example above? Since social media websites bombard users with countless emails about their account activity, social media data is also very much at risk from email security breaches.
Naturally, these large corporations do have extensive security systems in place that are continuously updated and improved. However, it’s similar to the chicken and the egg problem, wherein the more they invest in security, the more hackers invest in their methods and become not just better at hacking, but at waiting for these big players to slip. And security slips like the Google+ one above are inevitable when an organization reaches this size and complexity.
What Can We Do? What Does Axigen Do?
After such horrific examples, you might be tempted to panic and wonder: what can be done?
Configuring your own email server and securing it has become infinitely more complex on account of the constant hacker wars between large corporations and cybercriminals. However, even with this added complexity, it’s still possible to have your emails and send them too, i.e. to self-host and send emails while keeping them private and secure.
For example, with Axigen, we’re building and optimizing a software product that would allow email hosting providers to offer email by region, by business niche, and to local users through a data-territoriality approach.
If email hosting is one of your core products, or if you want it to be, Axigen represents the perfect solution. Our reliable, secure, extensible, and customizable platform is ready for you, and you can deploy it both on-prem or in your private cloud.
We also allow those with technical know-how to use our software to set up their personal email servers. Through this approach, we give them and their users* the power over the data they choose to share over email.
* if applicable
We do all this because we believe that the industry must find its own way out:
5️⃣ The email industry must lead its regeneration— Carlos Fenollosa (@cfenollosa) September 4, 2022
We already have the technology in place but the industry has no incentives to move in this direction.
Nobody is making a great fuss when small servers are being discriminated against, so they don't care.
Axigen is the product, team, and services combination that will work with and for you, side by side to empower your differentiated hosting business.
Manifesto: A Different Way of Doing Things
We, at Axigen, don’t believe that email should exist in the hands of just a few giant corporations, but that it should be kept in alignment with its original decentralized concept.
To combat this trend:
Our team works tirelessly to create a software product that CAN be used by governmental entities, by private individuals, and by email hosting providers to create and to self-host email and become owners and stewards of their own data, without worrying about the next big data breach, while having peace of mind that their data is and always will be secure, private, and under their control.