The Hidden Cost of Cheap Email (UOL/Locaweb)

TL;DR Hosting providers share SMTP IPs among thousands of clients — a single neighboring spammer tanks your deliverability. Without DKIM, DMARC and remote wipe, the cost isn't R$ 15/month; it's the next customer database leak from a former employee's phone.

In the corporate environment, email is not a "commodity". It is the central nervous system of the company. Treating it as such requires abandoning web hosting providers (UOL, Locaweb, KingHost) and migrating to dedicated collaboration infrastructure.

In this technical article, we dissect the network, authentication and compliance layers that differentiate a R$ 15 service from an Enterprise suite.

1. IP Reputation and Blacklists

The biggest technical bottleneck of shared providers is the concept of the "Noisy Neighbor".

When you sign up for a "Hosting + Email" plan, your domain is allocated on an SMTP server with a fixed IP address (e.g., 200.147.x.x). This same IP is shared with 5,000 other customers of the provider.

⚠️ Cross-contamination If just ONE of those 5,000 customers has an infected machine sending Spam or Phishing, the entire server IP gets listed on global block lists (Spamhaus, Barracuda). Your legitimate emails are rejected without you knowing.

Instantly, your legitimate emails to important clients (who use serious filters like Microsoft 365 or Google) are rejected at the edge. You receive the dreaded error:

550 5.7.1 Service unavailable; client [200.x.x.x] blocked using Spamhaus XBL

On Google Workspace, the infrastructure uses dynamic IP pools with "High Trust" reputation. If an IP is compromised, traffic is automatically rerouted, guaranteeing 99.9% deliverability.

2. Authentication: SPF, DKIM and DMARC

Most basic providers configure only SPF (Sender Policy Framework). This is insufficient for 2026.

Without the correct implementation of DKIM (DomainKeys Identified Mail) and DMARC, your emails are vulnerable to Spoofing. An attacker can send an email pretending to be your CEO (ceo@yourcompany.com.br) requesting a payment, and the recipient's server will have no way to validate the cryptographic signature.

Protocol	Basic Provider (UOL/Locaweb)	Google Workspace
DKIM	Manual (often absent)	Native (RSA-2048 signing)
DMARC	Not supported	Rejection reports dashboard
MTA-STS	No	Yes (forced TLS in transit)
BIMI (verified logo)	No	Yes, with VMC

3. Shadow IT and Leakage at Termination

The most common data leakage scenario in SMBs occurs when employees are terminated.

❌ Common provider

Sales rep uses Outlook on personal phone via IMAP.
Is fired.
IT changes the password in the hosting panel.
The 10 GB of emails (client list, proposals) were already downloaded locally. The password change blocks new access — it does not erase the history.

✅ Workspace + Endpoint Management

Admin runs "Wipe Account" in the console.
Signal is sent to Android/iOS.
Only corporate data is erased.
The former employee's personal photos remain intact — zero labor risk.

4. Forensic Audit (Google Vault)

In labor litigation, the judge may request communication evidence. If an employee deleted compromising emails from the trash before leaving, on a common provider that data has been overwritten.

With Google Vault (Business Plus and Enterprise plans), the company defines retention rules (e.g., "Retain all emails for 5 years"). Even if the user deletes and empties the trash, IT can recover and export the content with legal validity (eDiscovery).

Technical Conclusion

The choice of email infrastructure should not be guided by "cost per mailbox", but by "cost of risk mitigated".

Corporate email audit

Is your domain on a blacklist and nobody told you?

We run a complete audit: IP reputation, SPF/DKIM/DMARC, endpoint leakage. Report in 5 business days.

Request audit → Risks of Exchange migration