Even with DKIM, all you need is the recipient of one email from one user on one domain (I have hundreds of domains) of your mail server to file a spam report, and WHAM you are blacklisted. So yes, it is a problem even with DKIM. If you have a solution, I would LOVE to hear about it.
I file this under “you can’t have a technical solution to a social problem”. We can do all we want to protect e-mail, but when it comes down to it, someone is going to figure out a way around it and ruin it for others.
The current situation is that we have technical solutions for authenticating smtp sending domains. But there will always be someone who flags an email too quickly or just wants to spite you. Or someone that will send spam regardless (or hack an account, etc...). And so we’re back at square one.
This is especially true for situations (like email) that aren't subject to market forces. Because sending email is so cheap, the return rates can be very small to still justify sending spam. There just isn't any market pressure to keep it contained...
One of my clients is a construction firm specializing with churches. It is not infrequent for them to be communicating about a project with a church - often to a role account (e.g. info@church.org), which is step 1 towards being filed as spam - where the role account is shared with a dozen or more people. The building manager will check the email on Mon, Wed and Fri and every other day there will be a number of well-intentioned volunteers at least one of which will click on the spam button dooming my client's email into the abyss. Weeks later we find the church has gone with a different contractor, as they "could never get a response" from my client.
We will go so far as to donate a new IT/Cloud system to the church (small $$ compared with the project) just to ensure reliable communication. But then they think we are just trying to buy them.
Now my client has a blacklisted domain/mail server IP, and bids they send out are rejected as spam by the providers to other churches.
Makes no difference if we are hosting the mail server or if it is a 3rd party mail service. As soon as a customer is sold, we try and move them off email into a web-application framework for ongoing legitimate communication. Again a lot of resistance.
Does this happen even if you move your client to Google Workspace/Office 365? Using one of those two should eliminate the problem. Was that your experience?
If the alternative is that your construction firm fails and you and everyone else are out of a job - well your email hosting choice is a weird hill to die on.
Presumably most of the firms clients are themselves hosting email on Workspace or 365. And Google/MS might treat email originating from their own systems differently than inbound email originating elsewhere.
Also I'd expect all the firms competitors to be using Workspace or 365, so if using them gives no apparent protection, presumably they should be suffering from this as well?
Hashcash was originally proposed to add some form of cost to sending email. Something similar could be a great way to get mail from legitimate people through. Spam wouldn't scale but the average person would only pay in a bit of CPU time/cost.
“spam wouldn’t scale” - unconvinced on this: spammers already mostly use other people’s compromised machines to do the sending; there is no cost to them here.
If you charge some cost per mail (whether that's CPU time or actual money), users/teams would check their spend and optimize accordingly. They'd notice runaway spend and act on it. The only reason why mail servers become compromised and nobody notices is that bandwidth for mail is generally too cheap to meter. On any 10s of megabits connection, sending a deluge of spam is trivial.
Not even that, you can become the victim of a "noisy" neighbor if someone on the same IPv4 /24 sends too much spam (some of the common blacklist providers will do entire netblocks if they get enough complaints)
