Are Cloud Servers Bad for Sending Email?

April 12th, 2018

Public cloud servers are great for many things; however, sending email is not one of them.

Why Cloud Servers are Bad for Sending Email?

The IP address spaces used by the major public cloud vendors (i.e. Amazon, Rackspace, etc.) for their cloud servers are well known and are generally black- or gray-listed by anti-spam systems. Additionally, many of the IP addresses in use by these systems are additionally “polluted” from previous abusive use by spammers.  When you set up a new cloud server, you could be easily assigned a “tarnished IP.”  Even if you do not inherit an exceptionally bad IP reputation from the previous user(s) of your new IP, your server will still be in the uncertain neighborhood of “public cloud IP addresses.”  This is the “wrong side of the tracks” and thus considered a possible spam source.


We have investigated several services that claim to offer “Cloud-Based Outbound Email” and have found that many use cloud servers for things like scanning email messages for spam and viruses, but use non-public cloud servers for the actual sending of email.  This is obviously not true for all companies, but it points to the fact that if everyone might be affected, the solution is to NOT send email directly from your public cloud.  There are, however, straight-forward solutions to getting email originating from such servers delivered.

How Did Cloud Servers get a Bad Email Reputation?

The “utility computing” model of the cloud is to blame. In the interest of making these servers and services as cheap as possible and to be able to charge for “by the second with no setup fee”, there are generally very few services included. In particularly, you get 1) minimal customer support, 2) little pre-sales work, and 3) minimal, if any, validation of new customers. All that time would increase prices.  In short, you signup with a name and credit card and get going almost immediately.  All you have to do is agree to “terms and conditions” by checking a box (how much do spammers care about that?)

Spammers and fraudsters take advantage of this easy to buy, inexpensive service to setup servers for sending spam or performing other abusive actions.  They do not care if they get shutdown fairly quickly because:

  • They are using stolen credentials and payment information,
  • it is so easy to setup a basic cloud server, that there is not much time lost, and
  • even if they get shut down “fairly quickly”, they have still done their damage, sent some of their spam, etc.

Once they get shut down, they go to another public cloud server provider somewhere else under another stolen identity and do it again.  They can even automate this signup process by using the available APIs for these services.

The above scenario contributes to the pollution of the reputation of IP addresses and the public cloud servers in general.

With physical dedicated and managed servers and private clouds, you typically interact with a Sales staff, sign a real contract, and undergo some level of validation (even if that happens behind the scenes).  This serves to block most of the fly-by-night spammers and fraudsters who use these services and therefore keeps these IP address spaces much cleaner.  The more validation and attention that is offered by a sales and support staff before signing up their customers, the cleaner the IPs are.  This is why, for example, managed services at Rackspace have an excellent reputation that generally exceeds that of dedicated servers offered by commodity server providers.

If you are sending important email from a cloud server, to avoid the risk of your emails getting blocked by spam filtering services due to poor IP reputation, you should consider LuxSci Secure Connector your outbound email through an email provider, like LuxSci.  This will mitigate the fact that you are sending from a “bad neighborhood” and significantly increase the deliverability of your email.  This can also add other features to your outbound email such as (a) automatic encryption, (b) archival of copies of all messages sent, (c) scanning for spam and viruses, and (d) data loss prevention (i.e., scanning for specific content in outbound email).