Slashdot Mirror
SpamHaus Behind .mail Top-Level Domain
securitas writes "The SpamHaus Project is the group pushing ICANN to create a new trusted-sender system and the .mail top-level domain. SpamHaus proposes that registrants under the .mail TLD would pay at least $2000 per year to and 'agree to abide by certain anti-spam mailing practices.' The interesting twist is that companies that comply with the US CAN-SPAM act - which SpamHaus opposed due to the legalization of bulk unsolicited commercial e-mail - would not be eligibile to register a .mail address.
The .mail TLD proposal was recently discussed on Slashdot."
This could probably be worded a little more clearly. Complying with the CAN-SPAM act is as easy as not doing anything at all. I think what the submitter means, correct me if I'm wrong, is the "one-shot" bulk mail that a company is allowed to send you under CAN-SPAM. Obviously, SpamHaus considers this spam, still, even though it's technically legal (I would tend to agree).
This new TLD proposal, according to their FAQ, is not aimed at stopping spam, or replacing the email infrastructure from the ground up. It's more towards legitimizing non-spam email. It may not be technically possible (not my area of expertise, I remember some nay-sayers in the last article discussion who at least sounded like they knew what they were talking about), but I still think their hearts are in the right place. Am I wrong?
I'm looking forward to the whitepaper they've promised on it.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
That's not quite correct. The SpamHaus rules wouldn't ban anyone who obeyed the CAN-SPAM act. Presumably most ordinary companies obey CAN-SPAM by refusing to do anything that vaguely resembles spamming, and they'd be just fine under the SpamHaus rules. What SpamHaus wants to do is to use a stricter definition of what constitutes spam, so that some senders who meet the terms of CAN-SPAM still wouldn't qualify.
There's no point in questioning authority if you aren't going to listen to the answers.
This is a retarded idea from the get-go.
We already have a perfectly good, workable proposal for sender validation. It's called SPF. It's free. It will work, like this proposal, when people adopt it.
Seriously, $2k to prove that you're not a spammer, by one organisation's definition of the phrase? That sounds like profiteering to me, much along the lines of Ironport's dodgy Bonded Sender (tm) program.
No thanks.
You're doing it wrong.
This is just great... create a two-tiered system with "trusted" and "untrusted" e-mail servers. Guess who will own the "trusted" servers... corporations who can afford to pay the fee!
I would like the ability to run my own servers and web sites as an individual, please. We don't need ANY system of top level domains that favor corporations over non-corporations. Find another way around the problem, please.
Why don't you embrace your slashbotness instead of living in a dreamworld?
Registration fees to send mail via .mail?! No way, I know lots of small shots that wouldn't be able to afford that.
Beyond that $2000 is chump change for spammers. It hurts no one but the honest guy, which is what government lately seems to be for, so perhaps it'll get pushed as a law. *sigh*
I wouldn't pay it either, but Id be happy to accept all mail from www.*.mail if I could be sure it wasn't spam. It would be good for Yahoo, MSN, and other web mail places to get a .mail domain.
--
Hot deal search engine. Better than google, froogle, pricewatch, pricegrabber, etc!
Why not just create a paid whitelist (or lists) along the same lines as a dnsbl, charge companies to register and require that they abide by certain practices for being listed? What does a new TLD add other than additional ICANN bureaucracy?
I think recent innovations -- SPF being my favorite so far -- offer a lot more promise than a new TLD. But that's just me :-)
If it's not one thing it's your mother.
I certainly can't pay $2000 a year.
Nor can a lot of people, which is why this propsal will never work.
Heh one domain? You're lucky. I host 5 and handle email for all of them. I REALLY can't afford $10,000 just to provide my family with email addresses. This entire proposal is insane.
.technomancer
which also pretty much means it won't go through.
it would also rely on spammers actually playing by the rules.
world was created 5 seconds before this post as it is.
Actually, this fee would be counter-productive IMHO. Spam or borderline spam companies can easily fork over 2 grand to dump a few million e-mails before having their domain revoked. My little company can't afford it though so anyone allowing only .mail addresses in will block my legit e-mails. A lower fee combined with ultra-fast shut downs of offenders and tough identity checks going in would go farther I think. Even with all of this, it sounds like yet another pie in the sky idea of spam blocking that will end up on the shelf with all the other unimplemented "good" ideas.
Yup. And Varisign will LOVE slurping up those .mail fees, too. By the way, Varisign is in the process of trying to destroy ICANN, which by itself would not be a bad thing *IF* ICANN's responsibilities shifted to the UN. But I'm sure that has zero chance of reality.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Comment removed based on user account deletion
I have a server of my own, hosting my personal site, some sites for family and for a few charity organisations. Total income for hosting: $0. If I would need to buy another domain like this, just to be able to send mail, my costs will triple.
.mail is NOT an option if it costs more than $5!!!
I cannot afford this. Meaning I will have to close all sites.
Personally, I think SPF is the best solution so far. It may not stop spam, but at least it stops forging headers, like the headers of 99,9% of spam in my inbox are.
.sig: No such file or directory
for a major schizm of internet mail protocols.
Which will leave "companies able to pay $2k/year" on one side, and "individuals capable of installing their own mail server" on the other.
This will cause a bit of disruption at first, as a few competing standards emerge, but in the long run, it will make blocking corporate traffic far easier (yeah, I get soooo much legit email from non-individuals... I think I can count the past year's on one hand). And with a bit of care, the non-corporate protocol will finally include several of the oft-discussed but as-yet-unimplemented techniques for completely locking out spam (or at least making it trivial to identify the source).
And encryption. Don't forget encryption. The non-corporate protocol should include end-to-end crypto, now that Big Brother can watch us on a whim right from the privacy of our own ISP's back door.
Only the smtp server needs to have a .mail domain, right? You can host an indefinite ammount of domains for email on one server, I don't see any reason why you would need a .mail domain for every email domain.
Can you imagine a company like Charles Schwab ever sending out mail with a domain like schwab.mail.spamhous.org? I can't either. However, a company like that would buy a schwab.mail domain. This has everything to do with companies demanding a professional look and feel to their image.
No, I don't think this is a good idea. But I see why a top level domain is necessary to pull it off.
It doesn't hurt to be nice.
You should really shop around...
InstantSSL sells 2 year certs for $89.
And they are trusted by the same 99.3% (who came up with that number) of browsers as Verisign.
Perhaps not. But at least it get's it out of the grubby hands of VariSign and the corporate dog ICANN.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
Do you think that Yahoo! or Microsoft's Hotmail would pay that $2,000 just so people could send email from them. Would smaller free e-mail companies even be able to afford it?
.mail domain, would that stop spam? How much spam do you get already that comes from Yahoo! or Hotmail or some other free email survice.
Even if those free email places did pay for a
This would either get rid of free email or let spam live, both while closing down the small free email services. I don't like either option, we should do something else.
the only email that'll make it past everyone's spamfilters would be that from MXes in the .mail TLD. ...and those of us who can't shell out $2k/year just to have our private domain in .mail are just screwed.
Brilliant idea. While we're at it, why don't we just let ICANN authoritatively say who can and can't send mail, and be done with it? It's not like their board is captured or anything.
.@.
This is the most asinine thing ever. First of all no one is every going to implement something like this that requires someone not to comply with US law. It just won't happen.
Secondly, wtf. $2000 a year? That's insane. Right now, I can use my own mail server and only pay the $8/year domain registration fee. And that's the way it should be. People with enough tech savvy (and it doesn't take much these days) should be running their own mail servers. Open relays aren't an issue with modern mail servers (you have to work pretty hard to create one these days), and running your own mail server gives you a lot of fine-grained control over how you filter Spam for yourself (for example, using a catch-all email and using a different email for everything, letting you track how your address gets disseminated, and blocking addresses that get 'liberated')
It seems like some of these anti-Spam people hate Spam so much they completely lose track of what Email is for and the people it's supposed to be used by, everyone. Email black holes are one thing, but it's wrong to apply them as filters for people without their knowledge or consent. I read a salon article about a woman who, when roadrunner implemented RTBL she lost out on tons of email, including email from potential employers (she was a freelance author). She still got tons of Spam, of course.
I don't believe that technical solutions alone will stop Spam, but they, with real legal enforcement can probably reduce it a lot.
I'm also tired of these top-down authoritarian systems that put a few people in control of email (like e-stamps, or this insane plan, etc) before we even get good solutions like SPF working. Once people start checking SPF records a lot of this crap will get a lot better.
autopr0n is like, down and stuff.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Interestingly spammers CAN pay that, so I don't see how this is a good idea!!
My other car is first.
So I buy personal.mail and then I sell you
lastname.net.personal.mail for $1. I sell freakiedeakie.org.personal.mail to someone else for $1 and so on and so forth until I get my $2000 back?
I could hack bind so that I can throttle reverse lookups per domain so that I can keep my bandwidth low and target the small market.
Since ANYONE could do this, there is no reason to jack up the price. However, for SLA would be best-effort only (since I am not a real company)
And if I get my 2001st subscriber, I would be in the black (Woo hoo)
That should have been "might not be eligible to register a .mail address.
In all probability, most people would be compliant with both CAN-SPAM and the .mail requirements (modulo being willing to pay $2K/year to send email).
Free Software: Like love, it grows best when given away.
As someone who frequently runs up 'cheap' linux servers for various network services, I enjoy the ease with which I can put up a mail server. $2000 may not be much for corporate mail domains, but this will be very restrictive for people like myself. One of the big points in linux/open source has always been the accessibility of enterprise-class technology for the cost of source tar download. I'm all for castrating the spammers, but when the solution negatively affects legitimate users there is a problem.
Someone please explain to me exactly how a smal/mid-size locally owned bussines can afford 2k to send mail ? They claim spammers wont pay the 2 grand on their webpage, thats bullshit. Spammers can and will pay this. You will however be excluding small bussiness's and personal domains.
And also exactly WHERE the money is going to ? The last thing we need is one governing body trying to control mail for the "betterment of all, so long as it helps our bottom line". We dont need a spam czar, or a spam conglomerate. We need the existing people to work together to prevent spam. ALL spam.
This is a half assed idea.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
I'm just not getting how this proposal would do much. I read through the text of the proposal, which is written in fairly obtuse language I just couldn't quite plod through right now.
The reason why we have so much spam is that the protocol is shit, not that people run it at home. Spam cannot be blocked unless we fix the protocol, or at least band-aid it with some kind of OOB lookup.
Be happy. Nothing else matters.
You wanna know what he's thinking? KA-CHING!
.mail TLD with your org as the registrar!
.mail TLD will not stop spam, spam-trojans, or anything of the like. It would be trivial for a spam trojan on a compromised machine to look into the configuration of any email software installed, extact the SMTP server name and just simply send through that server instead of sending directly to the recipients server. Most ISP's allow relays off of their network through their mail server with no authentication.
1. Get into the anti-spam biz.
2. Talk ICANN into a
3. PROFIT!
If you wish to debate #2 just think about it for a bit.
The
Won't change a damn thing, just the method if that method is not already used.
Steve's Computer Service, Hobbs, NM
Like I mentioned in the prior discussion on this, just because you have a .mail TLD won't stop spammers. TLDs are in DNS, and in the final analysis, it's all arbitrary, as you can use ANY word as a top level domain. That's why you have alternate roots like OpenNIC.
This sig no verb.
What you are referring to is enforceability of those laws. True, the US may not be able to enforce its laws against those resident in other countries who do not have presence or assets in the USA.
But it means anyone connected with such an operation better not have assets in the US. Or even visit the US.
And, depending on how the law is drafted, perhaps no person in the US (or with assets there) better use such an operation to *send* spam, or face being prosecuted, or other consequences. Vide internet gambling.
So that US laws, alone, could stop (a) American spammers; and (b) anyone in or doing business with America or visiting America or with assets there (NYSE shares, anyone?) from *using* overseas spammers who do not comply with US law.
And for those that are left, the US can just lean on other countries to enact similar laws, either as part of international treaties (GATT and TRIPS, anyone?) or bilateral trade treaties, or just by leaning on them.
Methinks that would do a great deal to cut down on spam...
If you doubt this, see how effectively the US is able to export its copyright laws to other countries. Or Sarbanes-Oxley, as applied to foreign lawyers or accountants. And how it is now doing the same thing with bank secrecy laws (with an emphasis on terrorism; it has done the same previously with respect to evasion of US taxes). There are many relevant links.
Sure they can. I get spammed by plenty of people who can afford that. ISP's, banks, Amazon, partners of some company I bought a product through online, porn sites etc... All of which HAVE money. They can afford to send snail mail, they can afford 2k to spam me.
No matter what way you cut it this problem wont be solved by political bullshit, or bussiness bullshit. Its a technical issue, it will be solved by technical means. Some hacker needs to sit down and spend a few months writing an open standard for mail that takes SPAM into account. If a company does it, it'll hurt competition and the little guy, if the gov't does it, privacy will be gone.
This is a political solution with bussiness over-tones. I own several domains (nothing major) and want to spring up a few more over the summer. I dont spam anyone, and noone spam's people through my mailservers. But I cannot afford 2k. And I cant afford to be blocked by every major domain 'cause I cant afford 2k. Most major domains dont have mailservers setup in a way that is useful to me, so that idead is useless. This idea will screw over all small bussiness owners, and personal domain holders. Its a crock of shit.
Give me a technical solution, written by a technical person.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
Nor can a lot of people, which is why this propsal will never work.
The current email system already doesn't work. There's no way people who get 1000's of spam emails per day will ever find email from your domain in their mail filter logs. So this plan doesn't have to work. It just has to be less broken then the status quo.
Full story at
.mail TLD and related concept is remarkably similar to a patent I filed in Australia and it could be the answer to all our email problems, if a few changes are made:
http://www.intechcomm.net.au
Originally posted 28/1/04.
Copyright Joshua Leisk. This article may be reproduced, provided it is reproduced in its entirety, without alteration.
I am posting this story, as the
SPAM. Currently unsolicited email from less than 0.2% of the online community wastes time and impacts the productivity of the other 99.8%, as well as impeding network bandwidth and creating traffic costs. SPAM represents over 65% of all email sent.
EMAIL VIRUSES. Mass-mailing viruses cause significant financial damage to organisations and individuals alike. At least 60% of all the services my IT outsourcing company currently performs is virus-related.
I think we have all come to the realization that the problem in eliminating SPAM and email viruses, is that even though it is impossible to verify the legitimacy of all email being exchanged, we still accept mail from any software capable of transmitting mail, as though it were a trusted source of information! Many mail servers are flawed by inept security and administrators, many countries have no anti-SPAM laws, every successful mass-mailing virus has its own SMTP engine and of course we suffer the deliberately configured SPAM email servers employed by dodgy SPAM 'barons' every day to solicit millions of people to buy dodgy 'Viagra', dodgy University degrees and enough porn to humble a veteran pornographic movie star - all for the sake of making a dishonest dollar at every body else's expense.
The simple fact is, you cannot prevent the shady 0.2% of the online community from targeting the remaining 99.8% of us without a global mail exchanging system that has zero-tolerance for unsolicited mail and an effective way of globally policing the system. Message filtering and 'real-time block lists' will never provide an effective solution, because it is a never-ending race to identify, report and 'block' SPAM and 'rogue' mail servers, which then merely rise like a 'phoenix from the ashes' hours later, under a new domain name, or a new IP address, when shut down by Internet authorities. Currently SPAM recipients are always one step behind the SPAM senders and feeling helpless to their plight. Why should we allow ourselves to be victims of our flawed technology, allowing rogue mail servers to financially impair rest of the Internet community?
When SPAM and viruses already makes up more than 50% of all email sent, it becomes more logical and far simpler to protect the legitimate email, rather than trying to filter the illegitimate email!
The only way to permanently eliminate SPAM and email viruses is to establish a mail server authority to register and regulate email servers, in much the same way as the Domain Name System, thus allowing enforceability, financial accountability and liability to those who SPAM, or allow SPAM to propagate. You need a license to own a gun or anything else capable of significantly impacting others, so why not an email server? Currently, Australians pay an average $45 per year to register a '.com.au' domain name, as well as the additional hosting fees to facilitate the DNS system and traffic caused by it, thus creating orderly domain name management. We wouldn't tolerate chaos and anarchy in the Domain Name System, so why should the email system be any different?
I propose that we MUST construct a global registry of certified closed-relay, 'spoof'-proof email servers, married to the verified details of the server's owner, who are possibly placed under a financial security bond, depending on the age of the domain name and previous history, to operate it SPAM-free and then prevent all 'registered' email servers from receiving email from any 'unregistered' email server (or be cleaned and filed separately - see "'Softer' Variation of the Concept"), or accepting email client submi