Slashdot Mirror
SpamHaus Behind .mail Top-Level Domain
securitas writes "The SpamHaus Project is the group pushing ICANN to create a new trusted-sender system and the .mail top-level domain. SpamHaus proposes that registrants under the .mail TLD would pay at least $2000 per year to and 'agree to abide by certain anti-spam mailing practices.' The interesting twist is that companies that comply with the US CAN-SPAM act - which SpamHaus opposed due to the legalization of bulk unsolicited commercial e-mail - would not be eligibile to register a .mail address.
The .mail TLD proposal was recently discussed on Slashdot."
This could probably be worded a little more clearly. Complying with the CAN-SPAM act is as easy as not doing anything at all. I think what the submitter means, correct me if I'm wrong, is the "one-shot" bulk mail that a company is allowed to send you under CAN-SPAM. Obviously, SpamHaus considers this spam, still, even though it's technically legal (I would tend to agree).
This new TLD proposal, according to their FAQ, is not aimed at stopping spam, or replacing the email infrastructure from the ground up. It's more towards legitimizing non-spam email. It may not be technically possible (not my area of expertise, I remember some nay-sayers in the last article discussion who at least sounded like they knew what they were talking about), but I still think their hearts are in the right place. Am I wrong?
I'm looking forward to the whitepaper they've promised on it.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
That's not quite correct. The SpamHaus rules wouldn't ban anyone who obeyed the CAN-SPAM act. Presumably most ordinary companies obey CAN-SPAM by refusing to do anything that vaguely resembles spamming, and they'd be just fine under the SpamHaus rules. What SpamHaus wants to do is to use a stricter definition of what constitutes spam, so that some senders who meet the terms of CAN-SPAM still wouldn't qualify.
There's no point in questioning authority if you aren't going to listen to the answers.
This is bad, as I host my own domain and send mail from it. I don't want to have to pay someone to host my mail server, and you know that plenty of ISPs will block mail that doesn't come from a .mail domain.
I certainly can't pay $2000 a year.
Set up a .spam level, and we can block everything from that if we want.
This is a retarded idea from the get-go.
We already have a perfectly good, workable proposal for sender validation. It's called SPF. It's free. It will work, like this proposal, when people adopt it.
Seriously, $2k to prove that you're not a spammer, by one organisation's definition of the phrase? That sounds like profiteering to me, much along the lines of Ironport's dodgy Bonded Sender (tm) program.
No thanks.
You're doing it wrong.
Because the cost of entry is high, and perhaps policed, it basically becomes a way of saying, "It's from a .mail domain, so it must NOT be spam."
.com, .net, .org, and .dust domains.
.mail domain? Death?
Whatever. Just like many whitelist methods, it has the standard flaws.
But I guess it couldn't hurt! Companies with the big bucks or with donors (I'm thinking Samba mailing lists, etc), could afford it.
The rest of us slobs would continue to crawl around in the
As an aside, could you have the same problem with this domain as with AOL's spam filtering, i.e., false reports? What are the punishments for violating the rules of the
Fellowship 9/11
The register article says $2000+ per year, the spamhaus faq just says they will cost $2000+. So is it a one-time fee (sounds good), or an annual fee?
I am guessing it is a one-time fee, and the renewal will be less. Spamhaus states the up front cost is high as the first roadblock for spammers -- why pay $2000 for the domain when you are going to get shutdown almost immediately after using it to send spam? It also is going to cost them more than normal to run this sTLD. So a large one-time fee makes sense.
Ironically, the word ironically is often used incorrectly.
This is just great... create a two-tiered system with "trusted" and "untrusted" e-mail servers. Guess who will own the "trusted" servers... corporations who can afford to pay the fee!
I would like the ability to run my own servers and web sites as an individual, please. We don't need ANY system of top level domains that favor corporations over non-corporations. Find another way around the problem, please.
Why don't you embrace your slashbotness instead of living in a dreamworld?
Registration fees to send mail via .mail?! No way, I know lots of small shots that wouldn't be able to afford that.
Beyond that $2000 is chump change for spammers. It hurts no one but the honest guy, which is what government lately seems to be for, so perhaps it'll get pushed as a law. *sigh*
Oh, wait, that's the divorce tactic.
What the heck, it'd probably work for spammers, too.
A feeling of having made the same mistake before: Deja Foobar
Why not just create a paid whitelist (or lists) along the same lines as a dnsbl, charge companies to register and require that they abide by certain practices for being listed? What does a new TLD add other than additional ICANN bureaucracy?
I think recent innovations -- SPF being my favorite so far -- offer a lot more promise than a new TLD. But that's just me :-)
If it's not one thing it's your mother.
Why do they need the .mail TLD to pull this off? Why not just go right ahead and do it under mail.spamhaus.org? Is it the air of official legitimacy associated with a TLD that they're after?
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
Yup. And Varisign will LOVE slurping up those .mail fees, too. By the way, Varisign is in the process of trying to destroy ICANN, which by itself would not be a bad thing *IF* ICANN's responsibilities shifted to the UN. But I'm sure that has zero chance of reality.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
I have a server of my own, hosting my personal site, some sites for family and for a few charity organisations. Total income for hosting: $0. If I would need to buy another domain like this, just to be able to send mail, my costs will triple.
.mail is NOT an option if it costs more than $5!!!
I cannot afford this. Meaning I will have to close all sites.
Personally, I think SPF is the best solution so far. It may not stop spam, but at least it stops forging headers, like the headers of 99,9% of spam in my inbox are.
.sig: No such file or directory
Ok, then they need to update their FAQ, question 9 "What does a domain cost and why?":
The use of each domain will cost over US$2000. The price may vary depending on the registrar one uses.
This high cost will insure that most spammers will not bother and attempt to sign up for one, and if they do, it will be a high cost for what will be a very short time period of spamming.
The cost also pays for the much greater than normal vetting procedures places requesting this domain will go though before one is granted to them.
Emphasis mine. Sounds to me like $2000 is the lower limit.
Wouldnt that cost be pushed to the end user? Doesnt that mean we're going to have to pay for email?
Sounds like a recipe for email tax. I think the only way to really stop this is to stop the 200 or so people per spam message that actually respond to spam and make it a profitable business.
Do you think that Yahoo! or Microsoft's Hotmail would pay that $2,000 just so people could send email from them. Would smaller free e-mail companies even be able to afford it?
.mail domain, would that stop spam? How much spam do you get already that comes from Yahoo! or Hotmail or some other free email survice.
Even if those free email places did pay for a
This would either get rid of free email or let spam live, both while closing down the small free email services. I don't like either option, we should do something else.
the only email that'll make it past everyone's spamfilters would be that from MXes in the .mail TLD. ...and those of us who can't shell out $2k/year just to have our private domain in .mail are just screwed.
Brilliant idea. While we're at it, why don't we just let ICANN authoritatively say who can and can't send mail, and be done with it? It's not like their board is captured or anything.
.@.
If a company or provider isn't sending or supporting spam then why the hell would give a damn about someone else's spam filters? That is the only reason for this whitelist. I mean if they aren't sending spam then why should they be concerned about loosing mail to someone else's spam filters? Why would they want to drop $2k per domain for another whitelist? If perhaps I was a company that did mass mail customers like Sears, JCPenny's, or Amazon then maybe I would want to get on a popular whitelist. That said, why in the hell would I as an average joe or I as a typical ISP give a hoot about what someone else's spam filters do with my non-spam? If their filters are mistakenly tagging my mail as spam their customers will bitch and the problem will get fixed. It doesn't concern me.
I really don't see the point in a .mail TLD. Steve is a smart guy. Even at that I absolutely can not see his reasoning here. This is really a dumb idea. I make a point to personally blacklist domains that use tools that break email such as TMDA. I guess I'll just have to add another check to my rules.
This is the most asinine thing ever. First of all no one is every going to implement something like this that requires someone not to comply with US law. It just won't happen.
Secondly, wtf. $2000 a year? That's insane. Right now, I can use my own mail server and only pay the $8/year domain registration fee. And that's the way it should be. People with enough tech savvy (and it doesn't take much these days) should be running their own mail servers. Open relays aren't an issue with modern mail servers (you have to work pretty hard to create one these days), and running your own mail server gives you a lot of fine-grained control over how you filter Spam for yourself (for example, using a catch-all email and using a different email for everything, letting you track how your address gets disseminated, and blocking addresses that get 'liberated')
It seems like some of these anti-Spam people hate Spam so much they completely lose track of what Email is for and the people it's supposed to be used by, everyone. Email black holes are one thing, but it's wrong to apply them as filters for people without their knowledge or consent. I read a salon article about a woman who, when roadrunner implemented RTBL she lost out on tons of email, including email from potential employers (she was a freelance author). She still got tons of Spam, of course.
I don't believe that technical solutions alone will stop Spam, but they, with real legal enforcement can probably reduce it a lot.
I'm also tired of these top-down authoritarian systems that put a few people in control of email (like e-stamps, or this insane plan, etc) before we even get good solutions like SPF working. Once people start checking SPF records a lot of this crap will get a lot better.
autopr0n is like, down and stuff.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Someone please explain to me exactly how a smal/mid-size locally owned bussines can afford 2k to send mail ? They claim spammers wont pay the 2 grand on their webpage, thats bullshit. Spammers can and will pay this. You will however be excluding small bussiness's and personal domains.
And also exactly WHERE the money is going to ? The last thing we need is one governing body trying to control mail for the "betterment of all, so long as it helps our bottom line". We dont need a spam czar, or a spam conglomerate. We need the existing people to work together to prevent spam. ALL spam.
This is a half assed idea.
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
I'm just not getting how this proposal would do much. I read through the text of the proposal, which is written in fairly obtuse language I just couldn't quite plod through right now.