Slashdot Mirror
.mail Domain To Eliminate Spam?
steve.m writes "The BBC are reporting on a new batch of top level domain names being submitted to ICANN for approval. By far the most interesting proposal is for a .mail TLD to register legitimate mail servers. Could this eventually be the end of spam ?" *yawn* The same old discussion, with no implementation in sight.
This article advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been
shown practical
( ) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
The Army reading list
that way email users are guaranteed that all spam will be filtered!
-- ladies and gentlemen we are floating in space!
"in site"? Whose office are they talking about? And why would an implementation be site-specific?
Sigh...
Give me a break, now on top of my .com .net and .org domain, I need to buy a .mail name to send mail??? I don't think so.
im sorry, folks, but the only thing that i see ever working is micropayments.
I might have missed something, but how would changing the TLD prevent spam?
.mail TLD be able to send mail to each other?
* I could still sign up for bogus accounts with www.hotmail.mail
* I can still have a poorly configured box that relays spam to www.myisp.mail
Changing the name will not fix this unless the roots of the problem are addressed, unless
it was intended that only servers with a
"That which we call a rose by any other name would smell as sweet" - William Shakespeare
Windows in 6 Bytes (IA-32) : 90 90 90 90 CD 19
A huge amount (if not the majority) of spam comes from open relays and compromised machines which this silly idea doesn't address. A ground-up overhaul of the mail system (with authentication) is what's needed, not another level of bureaucratic nonsense.
Trolling is a art,
I'm not really into the idea of splitting up the entire net into all these tlds. I dont want my mail server being so easily identified as such.
Uses for the new domains: .asia - Asian pr0n companies .cat - Feline pr0n companies .jobs - Jobs in the pr0n companies .mail - Pr0n spam companies .mobi - Pr0n to your mobile companies .post - Pr0n through your post companies .tel - Sex chatline companies .travel - Sex tourism companies .xxx - Unknown
Mouse powered Chips, Open source Processors and Lego
Since it's impossible and illegal to fake your domain name registration info, there is no way any .mail named mail server would be used for illicit purposes. Anyone mailing you from server.cheapest-viagra-online.mail.cn must clearly be a legitimate mail server of a pharmaceuticals corporation and should be whitelisted.
Dude, where's my packet?
I have not been a fan of new TLDs for some time, as it seems to promote confusion. I consider it to be more inefficient to have companyname.info, companyname.com, companyname.net, companyname.org, companyname.mail, etc.... than to just have a simple single domain name (or the three majors, org net and com), with subdomains to break out the company functions (support, sales, mail, www, ftp). It seems much more confusing to me to have companyname.mail than mail.companyname.com, and besides that, why would we possibly want to justify the cost to register our domain under several TLDs, when .com has always been enough?
Can this organization force a .mail designation on a site? If not, what's keeping somebody from designating a domain for porn sites to sex.mail, or a spammer naming his domain iminnocent.org?
CMDRTACO CHECK YOUR EMAIL!
If it's such a stupid / boring idea (which it properly is), why the hell is it in the front page of slashdot?
Mother is the best bet and don't let Satan draw you too fast.
*yawn* The same old discussion, with no implementation in site.
Sorta like making an improved moderation system on slashdot instead of ping-ponging votes around?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Well, I'm sure it hasn't been implemented in a site yet either...
Editor Emeritus and Senior Writer, TeleRead.org
Great, now you're forced to own two domain names to be able to host your own email server, one .mail for *gasp* your mail and one .*** for everything else. .ftp, .ssh and so on when you're at it.
Why not create
--- No, english is not my mother tongue.
Where can I sign up for my 100 year .mail domain?
...you'll need to add the .femail domain as well to make everybody happy
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
Hmm, the site spell chequer must bee down to.
Please help metamoderate.
Will it cure cancer and AIDS before or after it eliminates spam?
webpage
Acording to ICANN the sponsor for .xxx is The International Foundation for Online Responsibility. It wopuld be a bit weird when the organisation's main source of funding will come from the pr0n industry.
IFFOR brought to you by nastygirls.xxx
Mouse powered Chips, Open source Processors and Lego
The only way to elimanate spam is to hold users accountable which is neat impossible with the anonmity the internet provides so unless you want to start registering your SSN and removing your foil hats just accept it as the small price for freedom.
- Quick quick, register hot.mail ASAP!!
- Wait for Microsoft to contact me, tell them I take cash and checks
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Eye, fore won, think their is hope two bee had.
Obliteracy: Words with explosions
Now I have to get mycompany.mail to handle mail and mycompany.com for my other uses, and people will get confused because mycompany.mail and mycompany.com are not necessarily the same mycompany. Moreover, there'll be no way to tell if I am from mycompany.com when I give an address of me@mycompany.mail. Yes, you can MX mycompany.mail to handle for mycompany.com, but you could register hiscompany.mail and people might get confused and send mail to him@hiscompany.mail instead of him@hiscompany.com, totally messing with him.
This is why you're supposed to have a mail.yourcompany.com subdomain to handle mail for yourcompany.com - there's only ambiguity if mail.yourcompany.com gets hijacked or your DNS provider gets bribed into giving it to a friend for a can of Coke (that bastard).
I think the appropriate solution to spam is to hunt down everyone who buys the stuff and kill them off. When people stopped buying pet rocks, they went off the market. Kill the demand, because spammers are lowlife who will risk death to supply it if the demand is there.
Nah. Hormel wouldnt like that.
It's pretty light on details, but it seems that the two most logical applications are problematic:
1) When you register foo.{com,net,biz,org,*} you also got foo.mail as a bonus. But if one person rgisters foo.com and also gets foo.mail, what happens to the person who later registers foo.net.
2) As a possible solution to point 1, when you register foo.com you also get foo.com.mail. This just seems ugly.
Also, will it cost me another $15-$45/year to get the benefit of this new domian? What of people who choose to not porticipate?
I still fail to see what the problem is with just doing a reverse lookup on the domain's MX. It utilizes existing infrastructure and isn't as ugly as throwing in another TLD to the mix.
1. If the IP address of the sender doesn't resolve to a .mail domain, discard it.
.mail domain is used for spam, the name shall be terminated.
.mail domain must follow these rules, lest they be terminated as well.
2. If any server on the
3. Set up a strict set of rules that define what is spam and what isn't, and all who are registered with a
Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
This is, indeed, yet another Final Ultimate Solution to the Spam Problem.
how about a .stupid for ideas like this? maybe even a .pointlessdiscussions or .useless? i'll be the first to sign up for .stupid and .useless. You'll be able to find my blog on them.
I also reply below your current threshold.
but not selling 30 or more domain names to each company makes much less money for the registrars..
the whole thing is driven by greed, and it is EXACTLY what the creators of the internet said would happen as soon as greedy asshats got their hands on it.
anyone want to start Internet 1.5? create a wrapper protocol to run a real internet on top of the current mess?
Sight, anyone?
After reading this article and the one a few days ago about AOL and spam, I came up with this idea
I despise spam as much as most of you. My company is actually about to start a spam campaign against my recommendations. The day they start I will quit. Slashdot, here is my idea on blocking spam. What am I missing?
We all know what IP addresses belong to which countries. At work, we only deal with customers that carry professional certifications within the US. Of our client base, less than 1% of 1% of these customers and potential customers live outside the US or Canada. Therefore, I have blocked most networks outside of the US and Canada. The only exception is .mil. This has reduced my spam problem considerably. Add to this a Bayesian filter and my spam problem is essentially eliminated. This got me thinking...
ISPs should filter e-mail according to the user's requests. When you sign up for an account, by default, you can only receive e-mail originating/relaying from the US. Now, the user can go to their email configuration and pick which countries they wish to receive e-mail from. Most users only receive email from within the US and one or two other countries. If they only receive email from a few people outside the US, then just whitelist those address. If they want, Mexico, for instance opened, then let the user check the box next to allow e-mail from Mexico. Once this is setup, let the user decide if the e-mail failing to meet these conditions should be blocked or just moved to a separate folder for review. Another possibility is that if an e-mail originates from a blocked country and the spam filter thinks it's legitimate or just doesn't get a high spam score, send an NDR that says "Your e-mail looks like spam, but this could be a false positive. In order to deliver your email, please visit this site....." On that site, put one of the many methods to verify a human is actually visiting that site and then deal with the email accordingly.
For most users, the only noticeable impact would be less spam. This would also force spammers to send and/or relay from within the US. Now if they are operating from within the US, we have an IP address within the US's jurisdiction. Granted these may be zombie machines, so if your e-mail server does a reverse lookup before allowing e-mail, these would be denied. Also, we need to get ISPs to block most ports by default. If you want a port opened, you simply request it from your ISP. Add a clause like "by opening these ports, you are taking responsibility for any traffic on these ports. If we find your computer is sending viruses or spam or DOSing, then your service will be terminated." Again, most users would never notice a difference. Those that do notice can have the ports opened.
So now, for the average user, they would only receive e-mail originating or relaying from the US from a registered e-mail server. Now we can track this back to an ISP and shut down the account, seek legal action against the ISP for supporting spam, or black list that ISP. Since the spammer would have to have an MX record, you can get the registration info. This is probably bogus, so if we force registrars to verify the identity of the person, then we could actually track this back to a person. The spammer could probably falsify this too, but every step you add slows them down.
The spammer is going to now have to purchase an account with an ISP in the US and a registrar. Both of these entities should require a method of traceable payment. This means no cash. Now, we should have a means of finding who wrote the check or who the credit card belongs to. We now either have the spammer, the spammer's company (which should lead back to the spammer), or the spammer has now committed fraud. If he commits fraud, we now have the FBI after him and potential of longer jail sentences.
Not that I have to solicit criticism here on slashdot, but I'll ask anyways. What am I missing and why wouldn't this work?
If I drive fast enough at the red light, it'll appear green.
The only service that has been able to stop my spam: www.spamgourmet.com (or www.xoxy.net if you're too lazy to type more). Actually, I think spamgourmet gets recommended on almost every /.-spam-post!
Ohh! TLDs! Lets see how much useless crap we can come up with!:
.spam - everything thats spam
.sex - all those pr0n sites
.troll - because you know they'll stay in their own domain
.h4x - let them h4x0r to themselves
.blog - now we can exclude these from searches!
.trek - for everything except Enterprise NX-01
.estaog - another great tld for your hosts file
.net - just give it to M$'s marketing team already
. - one step closer to having www./.
Yay! More TLDs! Thats just what we need. I cant wait to exclude all these new TLDs from my Google searches just to find that there's nothing left on the net but www.BringBackThePorn.com
Did I miss any?
Im dreaming ofa big bndwdth, That can resist the
And what about the cases where .gov is a different organization than .com, such as "whitehouse" (to use a bad example) or "PDF" (.com is a process development consultant, .org is the Parkinsons Disease Foundation, .net is another consultant, .biz is a forms processing product PDFTyper...).
.mail in those cases?
Who gets
Design for Use, not Construction!
This is just like most solutions proposed, if EVERYONE adopted it, then it would work, otherwise it's futile. Though, if you run your own mailserver, you could decide to only accept messages from .mail's but i don't see aol.mail, yahoo.mail, and friends being up anytime soon.
:(){
Why not change so that SMTP servers ONLY accept connections over SSL? And then only accept certificates that are signed either by a central authority or by people whose certificates are signed by those people...
Then you could have a distributed revocation authority where people could send copies of spams (still over the SSL network to eliminate fake spam for DDoS purposes). You don't want to get your certificate revoked, so maintain your server!
This makes the system more or less secure, and puts the burden onto mail server admins. You want your regular users to be able to send mail? Then don't let random people send spam.
Individual servers could then implement whatever authentication they liked for their users to be able to send. Maybe a C/R system or authenticated logins. Whatever.
Muerte
ps. i keep posting this idea. ha!
1. Sell 'spamless' .mail domains for big $$$ to fortune 500 companies. .mail domains for smaller $$$ to established companies. .mail domains for $9.99 per annum to any Tom, Dick or Harry with the cash.
2. Sell 'spamless'
3. Sell 'spamless'
4. ???
5. Profit.
Does anyone think that this wouldn't happen?
although this might *seem* a good idea its not going to work. Good luck implementing this outside the united states. Most of the spammers forge email headers. would it be impossible to forge the email servers on your "soft whitelist"? Again the only real solution to spam is to stop buying from it. once the morons who support spammers financially stop the cash flow spam will stop. Again we still would have probles with worms sending spoofed emails.
The parent contains the best information I have found so far about the .mail domain. Someone has modded it down. Someone mod it up pronto so other users can see it.
No implementation in sight, either.
Proofread, dumbass.
Seriously who gets the money? I don't think the EU will support giving MS or any american organization the money. personally, I think the best place to send the money would be to the UN, have the proceeds go to Unicef or something. But like that'll happen. I don't see micropayments working. besides, what happens when the spammers steal credit card numbers and have people pay for their own spam?
.biz was the best thing I've seen for reducing the amount of spam in my inbox. I've filtered thousands of spam and have received zero legitimate emails from .biz addresses. Lets add more stupid TLDs so we can identify spam more easily!
Who's going to fund THAT one? As long as any endevour requires man-hours, and those man-hours are not 100% voluntary, you WILL have marketing and greed seep in.
.com for business, .net for networks, .edu for schools and .org for non-profits? Why should any corporation be allowed to register a .org???
I agree with the parent post, there are WAY too many TLDs as it is, and the overlap is insane. Why didn't we stick to
The House Between - Original Sci-Fi Series
I still don't understand why the quagmire approach hasn't gotten more widely used. Anyone?
o)
Could this eventually be the end of spam?
Of course! Because, a TLD is so incredibly different than a domain. Luckily, open relays won't even be a problem!
Phew!
So, even if this does go through and we do get a .mail TLD that is for only registerd mail servers. What happens when both companies/people owning the domains x.com and x.net suddenly want to get their x.mail domain to send mail. Who gets it? Maybe they're assuming people will opt for x.com.mail and x.net.mail. But that seems really annoying.
1) You could do this for "resolves to a valid domain" and cut off a lot of the P2P infect spamdrones. Puts more load on your server though
.mail domain on top of my regular one? What if somebody steals that domain... should the .mail not match my normal domain? Seriously, what could be done with .mail that can't be done with a normal domain... they're just letters that resolve to an IP address.
2) You could terminate normal domains used for spam. But when they're profitable, the ISP/registrar doesn't seem to bother
3) See #2. There are lots of ISPs with rules than they know are broken, but the dollars keep the spammers in
And also
4) As somebody who doesn't run a spam-friendly server, has never had issues with (sending) spam, you now want me to register
You want every little mom & pop company running a 10 year old mail server to register a new domain and reconfigure their box overnight???
Exactly when is this supposed to happen???
For right now, the best solution is to...
1) Block IPs that are causing problems...this can acutally be automated...I'm working on a script at our site that passes all spam identified by spamassassin as a level 20 or higher into a blocklist for our MTA.
2) SpamAssassin...run SA as a service for all users and give them info on how to tailor it to their own preferences...
3) ClamAV...this catches some of the really nasty stuff...the ones that use exploits to "phone home" or run code on the user's machine...
These ARE and will be the only way to stop spam into the forseeable future. The only real way to stop it all would be a redesign of the protocol from the ground-up and that is just not going to happen...SMTP is already too entrenched into the backbone of the internet...it just won't happen...
Good point. All this is really doing is turning things arround from one domain with multiple servers/subdomains ([mail|ftp|www|etc].somedomain.com) to having multiple domains, each with a specific purpose (mail.somedomain.mail, ftp.somedomain.ftp, etc.). In the end, ftp.somedomain.[com|ftp|mail|org] are all going to get pointed to my ftp server, in order to avoid confusion for my users.
The only winners here will be the domain registrars, since companies of any size will have to register more domains as defensive measures to keep from getting spoofed (think of the fun if you owned microsoft.mail)
Here's the goddamned standard... Make it ultra-easy so it's simple to hit critical mass where everyone uses it.
For your domain, put out a text file. In that text file, put the IP addresses or range of your server.
Name the file: mailservers.txt
For example... I would have (for DracoSoftware.com) a page called mailservers.txt. It would contain:
206.67.56.202
If I had a range, it could be either individual IPs:
206.67.56.202 206.67.56.203 206.67.56.204
OR, a range delimited by a dash:
206.67.56.202-206.67.56.204
Once we get sites to publish their legit mail servers, the rest is easy... Setting up servers who do DNS-like caching at your local ISP is easy. Your individual e-mail program can then do WHATEVER IT WANTS with the e-mail... Whitelist/blacklist/take into consideration for baysian filtering... whatever. The important thing is to get the legit mail servers published.
If a mail comes from legit mail-server... Easy.
If a mail spoofs a publicized server... easy.
If a mail comes from an unknown server, mark it as suspicious.
If people want, I'll start posting names of domains that were cool enough to create a mailservers.txt file.
Ready??? GO!
~D
This sig has been enciphered with a one-time pad. It could say almost anything.
*** FLAME SHEILD ON ***
.org add much value?
I almost like the way AOL uses keywords instead of name.whatever - AOL it would be just "name". For example you wouldn't use www.slashdot.org it would be keyword slashdot. Does the WWW. and
*** FLAME SHIELD OFF **
Flame shields were used during the transmission of this message. Any flame attempt directed at this message about AOL having on OK idea bounces off me and sticks on you.
I believe the word you are looking for is "poor," as in "it is a poor law."
Yeah, right.
I had the same idea in this slashdot comment .
Costin
There is absolutely no need for this whatsoever. There are a zillion ways to pull off this kind of mail system without introducing a new TLD...
A better requirement, though probably almost impossible to pull off due to negligence in the past, is to make sure that domains are registered to true, legal entities, and yank them if they are not.
Sorry to be so petty, but your basis for arguement is wrong. His arguement is on *2* lines, the last is his sig. If I wanted to be petty, I could say that his arguement is 1 line, with a line of quotes for context, and a line for a sig. Since I am above that I won't be that silly.
-Charlie
(Yes, for the slow, this was sarcasm)
check our smtpnic.org
Same idea, just not with a TLD
"no implementation in sight", not "no implementation in SITE"!!
You can run but you can't hide, except, apparently, along the Afghan-Pakistani border.
what happens when the spammers buy a few hundred lookalike .mail domains?
Simple. A completely unrelated spam conglomerate, so they can send legitimate and important-looking spam.
Why they think it's a good idea to give more options for cybersquatting or general domain masquerading is what confuses me out of all of this.
Not to necessarily throw the snowball down the hill, but once we start getting all of these TLDs added, more strict measures are probably going to be put in place to keep people from abusing the abundant choices in all of these new domains. (mikerowesoft.mail, mikerowesoft.jobs, mikerowesoft.xxx?) I'm not sure what we might see in the future as a result of this, but trademark requirements or ICANN-sanctioned domain auctions are two that come to mind.
type http://www.slashdot.org. into your address bar - WITH the trailing period
the "." is a special-character and delimits parts of the address - so if they were to perform an $sections = explode($url, '.') {PHP function reference} with $url="www.slashdot.org" or $url="www.slashdot.org." they would get $sections = array ("www", "slashdot", "org") or $sections = array("www", "slashdot", "org", "") - and they discard empty strings for tidiness
so you'd have to suddently patch every DNS server in existance at the same time for "." to be it's own TLD
If you cannot keep politics out of your moderation remove yourself from the Mod Lottery.. NOW!
*yawn* The same old discussion, with no implementation in site.
you dont need proper grammar when punning it up
I'm no English literature buff but I think it's in sight instead of in site.
You missed Halliburton.mil, Halliburton.gov
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Site (n)
Etymology: Middle English, place, position, from Middle French or Latin; Middle French, from Latin situs, from sinere to leave, allow
1 a : the spatial location of an actual or planned structure or set of structures (as a building, town, or monuments) b : a space of ground occupied or to be occupied by a building
2 a : the place, scene, or point of something b : one or more Internet addresses at which an individual or organization provides information to others often including links to other locations where related information may be found
Sight (n)
Etymology: Middle English, from Old English gesiht faculty or act of sight, thing seen; akin to Old High German gisiht sight, Old English sEon to see
[... other definitions elided...]
6 a : a perception of an object by or as if by the eye "never lost sight of the objective" b : the range of vision "was nowhere in sight"
I am pretty sure that the brainchildren who think that a .mail TLD will stop spam are the ones behind the .xxx/.sex domains. It doesn't take a leap of logic to think that if the first harebrained scheme works, the second is sure to get them laid. Rock on, do good, and move out of your parents basement.
-Charlie
It's apparent that the knee-jerk rejections of .mail are coming from people who haven't bothered to actually read the .mail proposal, or else who conclude that any anti-spam initiative that will not cause an immediate, total, worldwide cessation of spam is not even worth considering. All the .mail domain proposes is a more reliable locus for distributing whitelist information. It is expressly not intended to be user-visible, but rather to be solely for the purpose of automatic sender validation by mail receivers.
.mail domain can be part of the solution.
Whitelists work. Do they eliminate all spam? No. Are they part of a framework for reducing spam? Yes. Snide remarks about the futility of any possible approach to the spam problem may be amusing, but they obscure the fact that real (not perfect, but real) progress is possible. A
This article advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam.
I'd love to see a web site with this format, devoted to all the proposed solutions to SPAM. Call it the Baloney Detection Kit for Spam.
Or, the "Spam That's Really Baloney Detection Kit..."
Or, the "Spam Proposal Detection Kit for Spam..."
Fine! You think of a good name.
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
On you go. There aren't that many people outside the US. There can't be more than what? A couple of million on the strip of land round the edge of the map.
Government of the people, by corporate executives, for corporate profits.
If you go blocking every domain that's not "trusted", then what will happen to people who send mail through their personal domains?
ICANN won't know whether to trust my personal/private domain.com, unless they're going based off NAME and who owns it (spammers are most likely to be associated by name). So does that mean I won't be able to send email to most people I know for fear that their ISPs will go blacklist anything that's not trusted?
It would work perfectly if everything was a commercial/licensed business, but that's not the case for quite a large chunk of these personal domains.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
oh great, so now I have to register ANOTHER domain to keep company going.
$30 here, $30 there, have thet any idea how much all this cruft is costing us, AND making for the registrars btw. Its a license to print money - outrageous...
bad adj. worse, (wurs) worst (wurst) Not achieving an adequate standard; poor: a bad concert.
Only if it utilizes software like Qmodem and Qmodem Pro :)
-A
I mod down so you can mod up. Your welcome.
Thanks for pointing that out!
Because only non-spammers have legitimate companies and domains. Right.
sig:- (wit >= sarcasm)
What specifically do you find *good* about this?
It seems to me on a quick skim to have all the same flaws that SPF does. Additionally, the cynic in me can't help but think that this is rather likely to have been pushed by domain name registrars, as it means that they can charge money per registration.
Ultimately, I've yet to see a long-term-workable antispam solution proposed that doesn't involve the use of PKI and a trust system of some sort (probably transparent). Yes, it's a pain to roll out, but it's going to have to be done eventually.
May we never see th
I hope they had the foresight to make it compatible with RFC 3514.
In short, the only thing a TLD has to do with DNS is in a MX record - and even that's arbitrary.
This sig no verb.
Follow the money folks. You have to make it more expensive for spammers to conduct business. As long as their ROI is as high as it is, what would deter any profiteering individual from using UCE?
SMTP is to open.... when it was made no one ever thought spam could happen. It was just like 12 guys at universities mailing each other. imagine one thing is for sure you'd know the jokes were fresh back then.
---
I'd give you an "Insiteful" if I had mod points. :)
/*drunk.. fix later*/
I have not been a fan of new TLDs for some time, as it seems to promote confusion.
.com .net .org, brand-happy organizations registered all three, just to make sure nobody else got them. That's a little harder to do when there are, say, thirty different TLD's. There should be 100 or more! Discourage people from registering in every possible TLD.
I think that a large number of TLD's are exactly what we need. Two reasons:
1. When it was just
2. Perhaps if there are lots of different TLD's for lots of different purposes, Joe Sixpak (damn I hate that guy, not only does he buy from spammers, but he buys from even less reputable companies like Microsoft and Wal-Mart) might finally start looking things up properly instead of just assuming "The site I'm looking for is at $BRAND + '.com'"
Tired of FB/Google censorship? Visit UNCENSORED!
Okay, I'm dubious about the legal stuff you want to do. There are a *lot* of implications of doing something like that, including privacy issues.
However, you have one point absolutely dead-on accurate. If you want to do any kind of server-side filtering, if there is any proposal to do so, *users* should have the ability to set this filter. Server-side filtering (as opposed to client-side) has a lot of benefits -- it means that clients don't have to be maintained, that users can easily switch clients, server-to-client bandwidth is saved, etc. However, it's *tremendously* frusterating when a server operator chooses to block something that a user specifically knows he needs.
Even if a good antispam system is put in place, it makes a *lot* of sense to let users have some kind of protocol, some set of extensions to SMTP, that let them alter server-side filtering associated with their mailbox. Maybe even expose a series of complex presets that the server can provide (SpamAssassin, block Asian-originating email, etc), and let the client enable them on his account. Provide an idiot-proof GUI to interoperate with this, and you're gold.
The main issues would be added server complexity and processing load.
May we never see th
I am not a spammer, but I am trying to keep a small company going, which has multiple domains running on one server. Many of these proposed solutions are very poorly documented and seem to just raise the bar for the little guy and do nothing to reduce spam.
Solutions that expect so called "legitamite" companies to have IT departments and multiple servers and multiple T1s will just end up raising the barriers to entry for small business. Spammers, these days, don't follow the rules.
and the following philosophical objections may also apply:
.mail registrar with a razor blade to the Internet's wrist and demands from stockholders.
(x) Countermeasures should not be a profit center for a single corporation.
After VeriSign, I'd like less corporate involvement in the Internet's structure, thank you. It sounds good, people promise to do the right thing, and in the end, everything is sacrificed in the name of short-term profits. I do not want a
May we never see th
...is that Steve Jobs will have his own TLD! ;-)
Trolls lurk everywhere. Mod them down.
Today I implemented a surefire way to combat spam at least until my way becomes popular :). We have a domain which I will call @ourcompany.com. Whenever anyone signs up for a mailing list or fills out any kind of Internet form, they use firstname_lastname-indicator@vmail.ourcompany.com. If suzy_smith wanted to sign up for the infotech newsletter, she would use the address suzy_smith-infotech@vmail.ourcompany.com. The qmail alias .qmail-vmail-suzy_smith-default picks up the email and forwards it to suzy_smith@ourcompany.com. If infotech sells the list to a spammer, we simply blacklist the infotech address or create an infotech alias that points to /dev/null. For the surefire no spam solution we block all Internet mail to suzy_smith@ourcompany.com and only allow email sent using the @vmail.ourcompany.com aliases. I expect to increase our blocking rate to 100% for users that care. And it is self administrating once I make a web form where they can block any alias that they are getting spam at. Oh, and when you get a message in your Notes/Outlook inbox, the To: address shows the full original To: address as suzy_smith-infotech@vmail.ourcompany.com so you know infotech is filthy dirty company that sold your address.
Can anyone find any holes in this?
with no implementation in sight.? so why bother posting it on the front page?
junk mailers pay for their use of the mail system - theoretically, they may even pay for some of other users' mail through their rates. Contrast with spam, where the evil bast@*d^H^H^H^H^H^H^H^H^H^H^Hspammers don't pay for any of the bandwidth they use other than what they pay for their spamming computer (and the real lowlifes don't even pay that - they use viruses, etc. to zombie others into paying for and sending their spam). In addition, junk mail that lies can be subject to mail fraud, which can involve time in the federal prison system and a roommate/significant other named Bubba; presumably spam is subject to wire fraud stautes if it lies, but the spammers are harder to catch (I don't know if any spammers have been successfully prosecuted for this).
Junk mailers pay to send their messages. Spammers steal (bandwidth, time, cycles) from others to send theirs.
bad
1 a : failing to reach an acceptable standard
3 : inadequate or unsuited to a purpose
poor
2 a : less than adequate
4 a : inferior in quality or value
As you say, managing trust hierarchically is non-trivial on this scale.
Even if that weren't the case, I'm not comfortable with the idea that only certain entities have the power to decide who may or may not use a protocol publicly. The policy would have to be enforced to be useful, and enforcement would be a huge impingement on people's rights.
If you give certs away, there's no trust.
If you restrict them there's no freedom.
lose-lose situation.
I think someone should submit .mofo as a TLD. how cool would that be? A little to cool if you ask me.
If it's true that people want to receive spam (like spammers often say), why not force them to use their own TLD. Everyone who "wants" to read spam can, and the rest of us can effectively block it.
:)
I guess that makes too much sense to work.
Start catching these folks and hand them over to the ISPs they waste their bandwidth or end users that get scammed. Creating The Running Man for spammers. If you can get out alive, you can go free -- but the folks you spammed have chainsaws and whips. Of course, the major TV networks will jump on this. Forget Survior. Have a nice day.
SPAM solution made easy: 1 spammer, 5 cords of rope, 5 hourses, and fireworks. Be creative.
Already suggested -- it's called .xxx -- but it might not make it. I gets suggested few years.
SPAM solution made easy: 1 spammer, 5 cords of rope, 5 hourses, and fireworks. Be creative.
Get off your frickin' high horse. Just because the parent poster happened to be posting from the US doesn't mean the solution only applies there. For the VAST majority of email users in ANY country, the only (legitimate) email they receive is from the same country. Those of you in academia or business, you world travelers, or residents of Belgium are exceptions. The parent poster deals with the exceptions. Blocking, by default, all email originating outisde your local jurisdication is a valid solution for the vast majority of global email users.
For the rest of us, simply pretending that Russia, Korea, Belize and the Netherlands don't exist is a good start.
The cure for cancer is coming: Reovirus
Just bloody stupid.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
This could be interesting - I'm sure at least some of the newly proposed TLDs are already in use and registered with Open-RSC
This could result in a battle between the 'official' and 'open' DNS databases.
*yawn* The same old discussion, with no implementation in sight.
Wow, Hemos. I would have expected that kind of cynical remark from Michael but not from you. These people are actually working towards a solution and all you have to offer in the way of help is a smart-ass remark?
No, it is like SPF lite. It has *fewer* features than SPF and is less flexible. And you have to pay.
.mail TLD provides is a reverse MX record that maps a .mail domain to an IP. SPF allows you to specify what kinds of machines can send email for your domain. You can specify an IP address as a valid sender (the equivalent of a .mail TLD). You can also say that anyone with an MX record in your domain is a valid sender (a reasonable default), etc.
All the
This would make it so only the servers that register their information can send out email, it would help stop virus propagation, becuase they would have to relay through a .mail server to get sent out. If too much spam or viruses are sent out then the server gets blacklisted untill it is fixed. Most companies keep a close watch on virus emails and spam that individuals are sending through their server and block those that they need to. And those that don't deserve to be blacklisted.
Spam companies would have to register for a .mail tld to send out from their own servers, which means they are now easily traceable, less likely to use illegal tactics, and easier to block.
While it's not a perfect solution, it is better than the current situation. And would only require one registration process per company.
The only downside is for those that cannot controll their own reverse lookup information. It would cause a lot of problems for smaller companies with uncooperative isp's.
...and I've been advocating that .org address be used to identify porn sites. That hasn't worked either.
The Kai's Semi-Updated Website Thingy
The US legalized "legitimate" spam with the CAN-SPAM act. Bulk mail with forged headers is a criminal offense. Bulk mail using stolen resources is a felony. The FTC is very soft on spamcrime. There have been no FTC actions under the CAN-SPAM act whatsoever.
Wait until Kerry is in. We may have some progress under the next administration.
That might explain why he doesn't know if he supported the Iraq war or not.
This is just another get-rich-quick scheme by businesses to extract more money from unsuspecting domain name whores. They want you to pay money for thin air basically.
.porn/.xxx domains didn't work, and neither will this. Don't get suckered into paying more money on a pipe dream.
I don't get how another new domain will curb spam. People want to send emails at the same domain as the web sites.
And what about open relays, mom-and-pop websites that won't want to go through the trouble, hacked servers, spoofed email addresses? This "new" method solves none of these things.
The
eTrade SUCKS
If this really was a good idea, then there's no reason you couldn't do it under a second or even lower tier domain.
I'd certainly trust randomdomain.approved-mailservers.spamhaus.org a lot more than randomdomain.mail
They should have spent the $45,000 fee on something useful - like legos.
-- this is not a
This is what SPF is meant to provide: "reverse MX" of sorts. It's a decent idea, but suffers from the need to be evangelized and heavily adopted to make an impact.
Wow, what a brain-dead idea. Sounds like it was designed by management committee.
Instead of starting with core infrastructure, they start with... registering domain names. Yeah.
Maybe I'm out of my mind (I probably am), but I actually think, by and large, this might be a good idea. Restrict e-mail only to .mail and probably .edu too. There don't seem to be many spam creations coming from .edu, at least not ending up in my junk mail directory that is.
"I consider it to be more inefficient to have companyname.info, companyname.com, companyname.net, companyname.org, companyname.mail, etc"
How about companyname.shop.fr and companyname.restaurant.uk?
If you're going to use trademarks, may as well use them properly -- unique in their own region, and line of business...
UUCP used to work pretty well...
you can only upload mail going out to known servers, and it's *really* hard to add authentication to a server to.
Actually, considering I installed exim with SMTP_AUTH in about 5 minutes the other day - why can't other people - it's useable between mail servers.
The thing about spammers is that no matter how many proxies, zombie machines, foreign servers and fake addresses they hide behind - at SOME point, there has to be a contact between spam victim and spammer for spam to be an effective money-maker. Spammers try to sell you things - things which require monetary transactions to complete. That's where they are vulnerable. Find out the businesses that profit from spam and go after them. They can't hide forever, especially if they want to sell you something.
Men believe what they want. - Caesar
Will you be telling us just who this company is, at least once they do the spam run? We'd like to hear your whole story. If they end up not taking your advice and you move on, that's the time to reveal what kind of scumbags they are, and just who they are.
At least drop a hint.
now we need to go OSS in diesel cars
NO...
Stupid idea...
Would the techies at those companies please get their head out of their ass?
NO SIG
*yawn* The same old discussion, with no implementation in sight. ... Meanwhile, being sarcastic and making witty remarks about the lack of progress does so much for the cause.
I wonder about the long-term effects of anti-spam strategies that rely on eliminating the market or profitability for spammers. It seems to me that this may result in spam levels oscillating between prevalence and rarity. Lemme explain.
Let's assume we implement some Bayesian filtering on a widespread basis. Let's then assume that most spammers go out of business, and that the amount of spam sent drops drastically. Sounds great! But after a year or two (or five) of this, it seems to me things will be ripe for new spam action. Some spammer will get a message past the filters, which ironically may be less effective due to the lower incidence of spam. Users who haven't seen a spam message in a year will open it, and all of a sudden this particular spammer is immensely profitable. Other spammers see his success and jump on the bandwagon, and pretty soon we're back where we were before.
Of course this is all conjecture, but I do wonder if we need a better fix, one that can guarantee results long-term.
Read my keyboard review.
Micropayments won't work. As soon as you start charging for email messages spammers will figure out a way to avoid the charges by getting legitimate Mail servers to send their email (hey, I mean they do that already). Then legit businesses will get their bill the next month and say 'Hey wait a minute, I didn't send all those emails'
Micropayments would just make more of a mess.
humble and proud of it.
This has all become far too complex, with the usual confusion of more TLD's, where a much simpler solution is warranted and readily apparent.
I propose a single new top level domain that will solve the problem:
Screw 1.5... Why not just jump to Internet 2? www.internet2.org
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I'm pretty sure it's a service issue. If you only hand out static IPs (or primarily hand out static IPs), you're going to subject to a lot of support calls about why so-and-so's machine can't connect because they mistyped their IP address, or because somebody else mistyped their address so that the address you're looking for is already in use by the wrong person, and so on. Lots of paperwork to track allocation and all that nonsense.
Alternatively, they can click a couple of radio buttons on the same Windows dialog and everything is smooth sailing. Making static IPs an additional expense also discourages a number of twits who don't actually need one, I'd guess, and enables them to oversub things if they think it's a viable proposal (IME, a 'dynamic' IP assigned to you by the cable company is only going to change if there are major network changes, which would probably require a change in static IPs as well). It also would probably allow them to keep the folks who are going to run a webserver out of their basement from tying up the bandwidth of everyone else with the misfortune of being on the same circuit.
Canthros
From the article: .mail domain has been put forward by anti-spam workers who want to use it for storing information about legitimate e-mail servers.
.mail be used eventually to silence people who legitimately run their own SMTP servers, forcing people to either give up their privacy by using their ISP's service (in the age of Carnivore), or pay an entry fee for the privilege to send e-mail idependently of one's ISP - which the registration fee for a .mail domain could essentially do if ISPs and servers all over the Internet reject any email not originating from a .mail or other pre-approved source.
One proposal for the
Putting aside the obvious problem of faked headers, etc, how would such a system be implemented? My ISP doesn't allow me to run an SMTP server. This pisses me off. But open relays exist somewhere...
Could
Maybe it's extreme. I'm shooting from the hip here, but it's enough I can't run my own SMTP!!
Maybe I missed it, but I thought the idea was to have .mail on tyhe mail server. One of you is abracadabra.mail the other one is whateverelse.mail.... you know MX records do not have to be from the same domain as the mail server sits in.... I have my mail for domain1.com, domain2.com, domain3.net, and domain4.us all routed through mail.domain2.com.
as an aside, I think forcing all email addresses to be .mail is ridiculous, but I dont think this is what the proposal is suggesting.
If you enabled DCHP, then the DCHP server can assign the same IP address to a particular MAC address each time. Thus it would have a 'static' IP address.
The big routers all seem to be playing by the original internet rules, so as far as I can tell the Internet is working fine. There are some problems out near the leaf nodes (mostly involving Comcast and their ilk) but you're not going to fix that with a wrapper protocol.
"That which we call a rose by any other name would smell as sweet" - William Shakespeare
"Not if you called them Stenchblossoms." - Bart Simpson
See my post here - which also references an even earlier post of mine on the subject of a .mail (or .po) TLD for validated mail delivery....
.po or something for mail systems - maybe requiring some sort of adherence to installation of non-relaying systems based on agreed standards... or something to that effect)"
"-.mail (or
I knew I should have had Darl patent this for me when I had the chance!
Not the way I read it. It looks as if it only applies to what ones email server is called. In fact, it seems to say one cannot have .mail email addresses. It's less a true domain and more of a trusted email path.
:-)
Looks okay, have to see how it works in practice, heck I hate to lose any emails from online-chicks just cuz they're talking dirty to me!
Any idiot with access to a computer can spoof a domain name.
Sounds like a fine idea to me l-image@verizon.net
...but he'll also have to be banned from future /. postings as this sort of thing just cannot be allowed!
/. is all about the funny not the facts these days damit!!!!!
It's so much funnier to post some form that has everything backwards - and
Here's "THE" solution for spamming:
This requires a new feature to be added to mail servers and clients to implement this functionality, but it should be relatively straightforward and is 100% backwards compatible with non-conforming servers and clients.
Basically how it should work is if johnny@aol.com sends me a message at andy@att.com, the mail server at aol.com (the sending server) will store a list of recently sent emails.
All it stores is the sender email address (johnny@aol.com) and a unique id for the email, maybe a CRC number (see explanation at the very end) derived from the message contents and all attachments.
When the receiving mail server (that's Andy's server at ATT) gets the message, it contacts the server at aol.com (derived from the 'from' field) and queries to see if a message from such a person was actually sent.
It sends the email address (johnny@aol.com) together with its own generated CRC number.
The sending server (which was aol.com) now checks its list of recently sent email and either returns a yes or no based on the test to see if the address/CRC pair is on the list.
I'm sure a time-stamp check will be done in this process, maybe to a 60th of a second, then the spammers will be stopped.)
Once the user (Andy) downloads the message and removes it from the server the receiving server (Andy's at ATT) sends a message to the originating server (Johnny's AOL) that it's ok to remove the message record from the recently sent email list.
This method makes it impossible to spoof the "from" field--- (I am sure all you who read this are more than familiar with the spoofing done by spammers).
If spammers can't spoof the "from" field they lose their anonymous/fake cover.
It's possible to trace them back to the originating ISP and that ISP will have records of whom that account belongs to or will simply shut down the account if it's a free mail service.
Basically spam can be traced back to its source (and maybe even viruses).
Of course, not all servers will implement such functionality right away.
The end user can set up their mail client to simply filter email from servers that don't support this feature into a special folder that will contain "unverified" email, but this folder will get less and less email as this feature gets implemented more and more.
If the server does support this feature, and the sender is not verified, you KNOW its spam.
If AOL, Hotmail, Yahoo implemented this feature, and you have a client that supports this feature, you KNOW you won't get spam from any of those servers anymore.
------------
CRC
Short for cyclic redundancy check, a common technique for detecting data transmission errors.
Transmitted messages are divided into predetermined lengths that are divided by a fixed divisor.
According to the calculation, the remainder number is appended onto and sent with the message.
When the message is received, the computer recalculates the remainder and compares it to the transmitted remainder. If the numbers do not match, an error is detected.
They'll be out of biz about 14 days after "check that every mail server which claims to be company.mail matches the IP it is using" day.
Many of the other posters didn't realize that it is only the mail servers which should be changed. Clients won't feel a thing other than all the hijacked computers suddenly being useless for spamming purposes.
-- From Denmark
Spammers, these days, don't follow the rules.
Then change the rules, making it virtually impossible for you to see the spam they send. I wrote and use a program (see sig) that funnels all the spam I get into two files for easy perusal and deletion.
The thing to do is to only allow bonafide mailservers (via DNS MX), POP-before-SMTP, and IP black/whitelists to (deny) access a mailserver. Doing that will stop the hardcore pro spammers (who will have their spamservers IP blacklisted). POP-before-SMTP will stop rampant 'relay rape'. Any spammers that make it past the connection stage can have their spam 'delivered' (silently routed to the bit bucket) or rejected based on the content of it -- say using the techniques my program uses to dectect and archive (likely) spam.
Archiving the spam prevents the loss of 'false positive messages' from people sending me real email but don't know about my email policy. The rest of the spam I get is the real thing and is treated as such: Selfishly Promoted Advertising Messages.
there should be somekind of centralized authority.
people keep suggesting trusted models without a strong distributed trust model.
Just as the posters have mentioned over and over again, it'll eventually come down to people either adopting a centralized and distributed from there trust model (akin to dns perhaps or opensrs).
That will work for about 5 min until the spammers start cracking boxes and sending cubic fucktonnes of spam through there like is already happening.
or the "let's pay for email" model could be adopted which would also solve nothing except for having large costs associated with breakins and aformentioned cubic fucktonnes.
good luck, folks. someone huge will have to do it first in any case.