About a week or two ago, I saw then-Senator Barack Obama doing an interview on The Daily Show with John Stewart. He was responding to some criticisms from the McCain campaign that arose in regards to his comments that we should "share the wealth." He joked that the McCain campaign was calling him as a socialist because in kindergarten he shared his toys with other kids. I thought that was quite funny.
Now, contrary to what you might think, this blog post is not about politics. I’m simply using it as an intriguing post title, but I’m going to come back to Obama’s point about sharing toys.
In a hosted service, or indeed, in any service that has shared IP space, sharing that IP space often leads to major headaches. For an outbound email service, many different businesses and organizations use us for outbound mail and they get routed through a single IP (or rather, a smaller subset of IPs). If one of those customers starts doing something bad, such as getting a box infected into a botnet and spewing out spam, that one customer can ruin it for everyone. If our one outbound IP gets listed on a 3rd party blocklist, then other customers who are sending to people who use that blocklist can get their mail bounced. They didn’t do anything to deserve it, but actions of someone sharing the IP space can hurt them.
Similarly, if I were on a dynamic cable modem pool and I were a single user hidden behind a NAT, my outbound IP is the same as all of my neighbors. If I start doing something abusive, such as trying to hack into the Department of Defense, I can affect the access of users who are sharing that same IP space if the DOD decides to ban me, and the other web portals decide to list me and ban me as well. All of my neighbors can’t access their favorite web sites either.
The sharing (socialism) of IP space is a real headache. We each only get so many IPs so customers have to share them. Yet, a single customer can (and does) ruin the experience for everybody. When we first started tracking outbound spam incidents closely, we found that we had an incident about once per day. It’s less now, maybe 2-3 per week, but the point is that left unchecked these problems will re-assert themselves time and again.