My hosting provider is knowingly destroying “my” data, and I was livid when I found out. But it turns out that this is normal practice for many (if not all) shared-server providers, even if they do not immediately disclose it.

Some background… web hosting providers come in two basic packages: shared and dedicated. If you have a dedicated server, you are spending hundreds of $$ per month, and in return you get your own Linux or Windows server. Presumably, you would have some sysadmin skills and could configure the server in whatever fashion your requirements dictate.

Shared servers, on the other hand, are template/module driven and offer point-and-click administration. You share the system with many other hosting provider clients, and as such your resources are a bit more restricted so that you can all co-exist without overloading the system.  Because of the resource sharing, the cost per month is orders of magnitudes cheaper.

Despite a shared set of resources, you still have a surprisingly flexible environment and a great value for the money. Your commodity resources are managed via a user-friendly “control panel” that provides uniform access to configuration tools (such as mailing lists, domain/URL redirectors, and web stats tools), and often there are installation managers like “Fantastico” that allow you to add web components (such as this WordPress app) in your own space regardless of what other customers might be doing.

So now back to my story… I was setting up a mailing list on my client’s shared-server account (using the supplied control panel functionality). It was very easy to do. When it came time to distribute a newsletter to this several-thousand person mailing list, we were puzzled why not everyone received it. After going back and forth with Customer Services, it finally came out: shared servers are limited to sending only 500 messages per hour per domain. Once that limit is reached, the domain is locked out: all other mail – even if not originating from the offending mailing list – is discarded!

There was no mailer-daemon bounce or log report to indicate that messages were destroyed, so unless you keep tabs you may be none the wiser. The default list functionality tries to send all messages at once, so it is very easy to exceed the hourly limit (whether you have light traffic to a large list, or heavy traffic to small ones). Unlimited mail accounts, but not unlimited mail. We looked everywhere for some public disclosure of this limit and the ramifications, but found nothing. The provider suggested that a tool which supports “throttling” or scheduled deliveries would be better suited, but the regular list manager does not offer such features. I guess they provide the default tool but don’t expect anyone to actually use it! We checked with other hosting providers, ready to take our business elsewhere, but when confronted they admitted that they too had similar (if not lesser!) shared-server limits.

I was both surprised and disappointed that hosting providers do not seem to openly acknowledge this intentional data loss. How many small companies might be relying on a shared-server hosted domain for business rather than just hobbyist purposes? Basic (non-spam) use of list services would be enough to go over the edge – at which point you just initiated your own Denial Of Service attack from within –  at least for the next hour or so. Lesson learned. There are lots of independent mailing list services (also known as mail marketing providers or campaign managers), but I wondered why one would use them if your hosting service already had mailing list capabilities. Now I have my answer. Just because the shared-server offers a service, it does not necessarily mean that it is safe to be use without restrictions.