Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpamHaus Behind .mail Top-Level Domain

Posted by CowboyNeal on from the better-mail-for-a-better-tomorrow dept.

securitas writes "The SpamHaus Project is the group pushing ICANN to create a new trusted-sender system and the .mail top-level domain. SpamHaus proposes that registrants under the .mail TLD would pay at least $2000 per year to and 'agree to abide by certain anti-spam mailing practices.' The interesting twist is that companies that comply with the US CAN-SPAM act - which SpamHaus opposed due to the legalization of bulk unsolicited commercial e-mail - would not be eligibile to register a .mail address. The .mail TLD proposal was recently discussed on Slashdot."

10 of 304 comments (clear)

  1. $2000 is the upper limit by alanw · · Score: 4, Informative
    In this posting to news:news.admin.net-abuse.email Steve Linford of Spamhaus says:
    the $2000 quoted in the application is the highest estimate, given at the deadline because ICANN rules don't allow you to increase a price later
    and in this posting he says
    (we'd prefer it in the region of $250)
    1. Re:$2000 is the upper limit by alanw · · Score: 2, Informative

      Oops - those links are both the same - the second one should have been to this posting

  2. Re:Goodby home mail server by RetroGeek · · Score: 3, Informative

    But there is nothing stopping an ISP from allowing mail from your domain, as long as there is a certificate attached to it.

    So then you need to buy a certificate. And there will be competitino for these certifiicates which should drive the price down to a reasonable level.

    --

    - - - - - - - - - - -
    I am a programmer. I am paid to produce syntax not grammar. Deal with it.
  3. Re:Correction by rgmoore · · Score: 2, Informative

    I think that you're misreading what I wrote. The point is that there are two ways of obeying the CAN-SPAM act:

    1. Putting a legitimate address in the mail, having and opt-out, etc.
    2. Refusing to spam.

    My point is that the original article seems to say that neither group 1 (spammers who follow the rules) nor group 2 (non-spammers) would be allowed to register under .mail. This would obviously be stupid, and isn't what SpamHaus is saying.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  4. Re:Goodby home mail server by aderusha · · Score: 3, Informative

    just like competition has driven down the price of ssl certificates? that's outrageous.

    like the original poster, i run about 10 domains on a mail server at home for myself and some friends. at $250 for a 2 year cert (bargain basement prices), that's going to cost me $1250 a year, which i think is unreasonable for the "little guy" who isn't running a company.

    keep in mind that there are plenty of people happily using the internet that have no commercial intent whatsoever. i know it's very un-american of me, but none of my websites and domains are intended to make money.

    competition is only going to drive down prices if there is true competition, which currently isn't the case with certificates. basically, microsoft has de facto control over who can issue certificates as they control which trusted root certificates are going to ship with their browsers. until this situation has changed, i'll take my chances with either un-secured connections or educating my users on how to install a root certificate into their browser before i pay into the verisign cartel.

  5. Re:why new TLD for paid reputation service? by Anonymous Coward · · Score: 1, Informative

    Why not just create a paid whitelist (or lists) along the same lines as a dnsbl, charge companies to register and require that they abide by certain practices for being listed?

    What? You mean like bonded sender.com?

    It works really well. The sender puts cash on deposit with a third party, and if the third party gets to many spam complaints, the sender looses cash. Of course, since most AOL users are idiots, they don't count complaints from AOL against you.

  6. Re:Why a TLD? by The+Famous+Brett+Wat · · Score: 2, Informative
    With a little research, I've managed to pretty much answer my own question, and the answer is, "yes, they're doing it for the air of official legitimacy" -- more or less. The answer is in the .mail TLD FAQ, question 15, which I'll reproduce here for your convenience, so you can see it in their own words.
    15) Couldn't this be done using a normal example.com type domain instead of creating a TLD?
    Yes... but in reality no. In truth, *any* TLD could really be a SLD (second level domain). In fact, many are (example.co.uk). The concept behind TLDs is to differentiate them, and their users - especially in the case of an sTLD (sponsored TLD) - from the internet at large and the other TLDs.

    There are also other reasons:

    Setting up the system behind .mail as a TLD will also help insure its acceptance and its longevity. It will be an ongoing effort run by a sponsoring organization rather than just a smaller entity. Also, psychology tends to show that "example.com.mail" will be accepted more readily than something like "example.com.this-is-not-spam.com"

    Running a system like this on an existing TLD would also bind it to the rules and regulations of that TLD. Each existing TLD has some rules and regulations that are not compatible with the stated rules and regulations of the .mail TLD as it is to be used in anti-spam.

    On the technical side, a TLD's infrastructure is also set up to be more robust and attack resistant than a normal domain from the outset. Whenever dealing with spammers, one must expect some level of attack.

    --
    proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
  7. Re:This is dumb by Dai-Sho · · Score: 2, Informative

    True. But you can then trace the money. If he authorizes a mail server via reverse DNS then he obviously has a relationship with the owners of the IP (ie a customer) so he must be paying. ie there is a trace back to the originator. Can't be anonymous anymore.

  8. Re:Goodby home mail server by damiangerous · · Score: 2, Informative
    I hate Verisign with a passion, but I have to admit that their SSL certs mean a hell of a lot more to the end-user.

    First, when does the end user ever have any idea of what company your cert is from? That information is never even presented to the user unless the CA is unknown. The end user knows when the little padlock is closed in his browser status bar and that's it.

    Second, even were the end user to know which CA is being used, how would they have any idea of the relative difficulty of getting a Verisign cert? They would have to have gotten a cert from Verisign and someone else themselves to be able to make that distinction, or known someone who has and what end user has ever done that?

    Your choice of CA is meaningless. As long as the major browers come with the root certificate preinstalled it's all the same from the end user's perspective.

  9. Re:Maybe a Good Thing? by SillyNickName4me · · Score: 2, Informative

    Well, I have been running both private and business smtp servers for the last 12 years, so I am somewhat aware of what is possible...

    A smarthost stops working the day your ISP decides that all mail from their servers must have a from address that they controll or are authorative for. Something that happens to be a rather obvious step also in combination with a .mail TLD setup.

    Don't tell me that won't happen, It happened to me with 2 ISPs already and is the main reason I decided to do my own delivery besides it giving a much better insight in the delivery status of mail.

    Last but not least. it forces me to depend on my ISPs servers. Those have shown a lot less reliable then the connection.

    So, while a smarthost may work in quite a few cases, it doesn't always and forcing it on people will take away the possibility to run their own mailserver.