Podcast Ethical hosting is more profitable than cheap hosting By MailChannels | 7 minute read For years, hosting providers have been treated like utilities. Power on. Bits flow. Problems belong to someone else. That model is breaking down. In a recent MailChannels podcast conversation, infrastructure misuse expert David Snead made a blunt point: hosts are not really the “internet police.” They are closer to a neighborhood watch. Not because they want the job, but because the economics now force it. Bad actors on a network create real costs, and those costs keep rising. This post breaks down the key ideas from the episode, what is changing in hosting and platform operations, and why “ethical hosting” is becoming a competitive advantage instead of a nice-to-have. Listen to the full episode: https://youtu.be/Rh4rMtqJ33E Hosting providers are not the police. They are the blast radius Snead’s framing is useful because it describes reality without pretending there is a single authority that will fix abuse. There are “real police” for narrowly defined harms. But for spam, phishing, malware hosting, and other infrastructure misuse, enforcement is fragmented. That means the practical burden lands on the infrastructure layer: registrars, hosts, platforms, and email providers. The shift is not that hosts suddenly became responsible. It is that the economic impact of hosting bad actors has increased. If abuse drives IP blacklists, payment disputes, upstream pressure, customer churn, or time-consuming investigations, the business cost becomes unavoidable. The big blind spot: customer risk is often ignored Snead described something he saw repeatedly, including during his time as general counsel at cPanel: many hosting providers track technical risks like DDoS and breaches, but do not rigorously evaluate customer risk. Some providers were not even doing basic credit checks. Others used loss-leader offers, such as free accounts or free months, without factoring in how often those promotions attract misuse. The key distinction he made is important: “Know your customer” screening is not always the goal. Knowing whether a customer is likely to disrupt your network is the goal. That is a practical, operational definition of risk. It is also the kind of risk that can quietly destroy margins in a low-margin business. Roll-ups change legal maturity, not always network hygiene Consolidation is reshaping hosting. Snead described cycles where small operators get acquired, professionalized, and rolled up into larger groups. Larger entities tend to get more serious about corporate risk: terms of service, formal compliance, and legal process. But “are they more concerned about what is going on on their network?” The answer is mixed. Some are dialed in. Some are not. This matters because network hygiene is not a policy document. It is process, tooling, staffing, and the willingness to enforce standards when it costs revenue in the short term. What is the Secure Hosting Alliance? The Secure Hosting Alliance (SHA) is Snead’s attempt to make “clean networks” a marketable advantage, not just an internal cost center. He described two primary components: A Trust Seal (launched in October, with 13 members at the time of the recording) that certifies hosts meeting specific criteria. A community layer that rebuilds peer-to-peer collaboration through events, shared channels, and regular conversations, including trust and safety practitioners and vendors. The thesis is straightforward: ethical hosts should be able to charge more, retain customers longer, and operate with less overhead than hosts who compete only on price. The proof will take time. Snead noted that the seal is new and the data is still emerging. Why community is a security control One of the most practical ideas in the episode was that information sharing is not “nice.” It is one of the only scalable defenses. Attackers do not target one host. They target categories of hosts. If one provider sees a new abuse pattern, others are likely to see it next. A trusted channel reduces duplicate work and shortens time-to-response. There is also a human reason: trust and safety teams are often isolated. They deal with high-volume, high-stress problems and rarely get recognition because they are not a direct revenue function. Community reduces burnout and improves consistency of enforcement. That matters for any multi-tenant platform, not just web hosting. The overlooked operational nightmare: law enforcement requests One detail from the conversation should resonate with anyone operating email or hosting infrastructure: law enforcement requests are expensive to handle. These requests often arrive as PDFs sent to an abuse inbox, with inconsistent formats, incomplete technical context, and unclear routing. That creates manual work: triage, interpretation, internal handoffs, account mapping, and privacy review. Snead’s take was pragmatic: Centralizing law enforcement is hard because law enforcement itself is decentralized. The baseline improvement is ensuring there is a monitored, functional contact path. A second lever is education: teach law enforcement how the infrastructure stack works so requests go to the right place. If you run a platform where abuse incidents trigger investigative requests, this is not an edge case. It is a recurring operational tax. Two US legislative threats hosting providers should track Snead flagged two categories of legislation that could create outsized costs for infrastructure providers. 1. Site-blocking legislation Site blocking proposals keep returning in the US. Snead argued they are often justified using poor data, and that DNS or IP blocking has a history of collateral damage, including unintended disruption of unrelated services. Even when these bills do not pass, they shape expectations. They also influence what upstream providers, regulators, and partners assume is “reasonable.” 2. AI monitoring and “stay down” requirements Snead also pointed to proposed AI-related legislation (he referenced “NO FAKES” by its common name in the conversation) that could effectively require around-the-clock monitoring and “takedown and stay down” controls. For smaller providers, that is not just compliance. It is an unfunded mandate for content monitoring infrastructure, which can raise barriers to entry and shift the market toward incumbents. AI changes the abuse surface, even if liability stays unclear On AI liability, Snead’s view was cautious: conduit immunity frameworks may still insulate hosts in many cases, but that does not remove operational responsibility. If a provider offers AI website generation tools, or enables AI-driven outbound messaging, it needs guardrails and monitoring as part of network hygiene. This connects directly to what MailChannels sees in email: the hardest problems are not purely technical. They are incentive problems. When the cost of abuse is externalized, abuse scales. When enforcement is binary, legitimate users get caught in blast-radius events. Practical takeaways for hosts and multi-tenant platforms If you operate hosting, a SaaS platform, or any multi-tenant system that can be abused, the episode points to a few concrete moves: Treat customer behavior as a first-class risk domain. Not just infrastructure uptime risk. Invest in proportional enforcement. Reduce harm without defaulting to full account shutdowns when a single tenant misbehaves. Build trusted peer channels. Faster detection, better playbooks, less isolation for trust and safety teams. Standardize intake for abuse and law enforcement. Even partial consistency reduces manual load. Track regulatory direction, not just enacted laws. The “future compliance burden” often shows up in partner expectations before statutes land. Where MailChannels fits MailChannels works with platforms and providers that cannot afford deliverability outages, blacklisting cascades, or sudden enforcement events that take transactional email offline. That is the same operational theme running through this episode: continuity matters, and abuse needs to be handled in a way that reduces blast radius. If your business depends on transactional email, evaluate providers the same way you evaluate hosting: predictable behavior under stress, clear enforcement, and security that is designed in from the start.