Slashdot Mirror


.mail Domain To Eliminate Spam?

steve.m writes "The BBC are reporting on a new batch of top level domain names being submitted to ICANN for approval. By far the most interesting proposal is for a .mail TLD to register legitimate mail servers. Could this eventually be the end of spam ?" *yawn* The same old discussion, with no implementation in sight.

5 of 472 comments (clear)

  1. Re:Obligatory spam solution rejection form by OECD · · Score: 5, Interesting

    Requires immediate total cooperation from everybody at once

    Does it? Couldn't it be a "soft whitelist" until widely adopted? E.g., Everything coming from .mail gets a bonus in my e-mail filtering.

    --
    One man's -1 Flamebait is another man's +5 Funny.
  2. What am I missing? by i8a4re · · Score: 5, Interesting

    After reading this article and the one a few days ago about AOL and spam, I came up with this idea

    I despise spam as much as most of you. My company is actually about to start a spam campaign against my recommendations. The day they start I will quit. Slashdot, here is my idea on blocking spam. What am I missing?

    We all know what IP addresses belong to which countries. At work, we only deal with customers that carry professional certifications within the US. Of our client base, less than 1% of 1% of these customers and potential customers live outside the US or Canada. Therefore, I have blocked most networks outside of the US and Canada. The only exception is .mil. This has reduced my spam problem considerably. Add to this a Bayesian filter and my spam problem is essentially eliminated. This got me thinking...

    ISPs should filter e-mail according to the user's requests. When you sign up for an account, by default, you can only receive e-mail originating/relaying from the US. Now, the user can go to their email configuration and pick which countries they wish to receive e-mail from. Most users only receive email from within the US and one or two other countries. If they only receive email from a few people outside the US, then just whitelist those address. If they want, Mexico, for instance opened, then let the user check the box next to allow e-mail from Mexico. Once this is setup, let the user decide if the e-mail failing to meet these conditions should be blocked or just moved to a separate folder for review. Another possibility is that if an e-mail originates from a blocked country and the spam filter thinks it's legitimate or just doesn't get a high spam score, send an NDR that says "Your e-mail looks like spam, but this could be a false positive. In order to deliver your email, please visit this site....." On that site, put one of the many methods to verify a human is actually visiting that site and then deal with the email accordingly.

    For most users, the only noticeable impact would be less spam. This would also force spammers to send and/or relay from within the US. Now if they are operating from within the US, we have an IP address within the US's jurisdiction. Granted these may be zombie machines, so if your e-mail server does a reverse lookup before allowing e-mail, these would be denied. Also, we need to get ISPs to block most ports by default. If you want a port opened, you simply request it from your ISP. Add a clause like "by opening these ports, you are taking responsibility for any traffic on these ports. If we find your computer is sending viruses or spam or DOSing, then your service will be terminated." Again, most users would never notice a difference. Those that do notice can have the ports opened.

    So now, for the average user, they would only receive e-mail originating or relaying from the US from a registered e-mail server. Now we can track this back to an ISP and shut down the account, seek legal action against the ISP for supporting spam, or black list that ISP. Since the spammer would have to have an MX record, you can get the registration info. This is probably bogus, so if we force registrars to verify the identity of the person, then we could actually track this back to a person. The spammer could probably falsify this too, but every step you add slows them down.

    The spammer is going to now have to purchase an account with an ISP in the US and a registrar. Both of these entities should require a method of traceable payment. This means no cash. Now, we should have a means of finding who wrote the check or who the credit card belongs to. We now either have the spammer, the spammer's company (which should lead back to the spammer), or the spammer has now committed fraud. If he commits fraud, we now have the FBI after him and potential of longer jail sentences.

    Not that I have to solicit criticism here on slashdot, but I'll ask anyways. What am I missing and why wouldn't this work?

    --

    If I drive fast enough at the red light, it'll appear green.
  3. change to SMTP over SSL by Muerte23 · · Score: 5, Interesting

    Why not change so that SMTP servers ONLY accept connections over SSL? And then only accept certificates that are signed either by a central authority or by people whose certificates are signed by those people...

    Then you could have a distributed revocation authority where people could send copies of spams (still over the SSL network to eliminate fake spam for DDoS purposes). You don't want to get your certificate revoked, so maintain your server!

    This makes the system more or less secure, and puts the burden onto mail server admins. You want your regular users to be able to send mail? Then don't let random people send spam.

    Individual servers could then implement whatever authentication they liked for their users to be able to send. Maybe a C/R system or authenticated logins. Whatever.

    Muerte

    ps. i keep posting this idea. ha!

  4. Good luck by deadmongrel · · Score: 5, Interesting

    although this might *seem* a good idea its not going to work. Good luck implementing this outside the united states. Most of the spammers forge email headers. would it be impossible to forge the email servers on your "soft whitelist"? Again the only real solution to spam is to stop buying from it. once the morons who support spammers financially stop the cash flow spam will stop. Again we still would have probles with worms sending spoofed emails.

  5. Re:How? by FalconZero · · Score: 5, Interesting

    >>You're stupid. The idea is to only accept mail from .mail TLDs because they have been verified.

    Just a few points :
    1. Who would verify the requests (worldwide)?
    2. How do you REALLY verify an account is never going to be abused?
    3. Where do you draw the line? Is a company of 20 allowed email? How about 4? How about just me?
    4. How do you persuade EVERYONE who currently uses email to change?
    5. How much do you think it would cost to make the switch globally?

    --
    Windows in 6 Bytes (IA-32) : 90 90 90 90 CD 19