Forgot your password?
typodupeerror
Spam Programming IT Technology

.mail Domain To Eliminate Spam? 472

Posted by Hemos
from the been-talked-about dept.
steve.m writes "The BBC are reporting on a new batch of top level domain names being submitted to ICANN for approval. By far the most interesting proposal is for a .mail TLD to register legitimate mail servers. Could this eventually be the end of spam ?" *yawn* The same old discussion, with no implementation in sight.
This discussion has been archived. No new comments can be posted.

.mail Domain To Eliminate Spam?

Comments Filter:
  • This article advocates a

    (x) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work.
    (One or more of the following may apply to your particular idea, and it may
    have other flaws which used to vary from state to state before a bad federal
    law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential
    employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    (x) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    (x) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    ( ) Ideas similar to yours are easy to come up with, yet none have ever been
    shown practical
    ( ) Any scheme based on opt-out is unacceptable
    (x) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    (x) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    (x) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    • Summary:

      People won't bother patching their SMTP server's, hence you will keep getting SPAM.
    • by OECD (639690) on Tuesday March 23, 2004 @12:54PM (#8646036) Journal

      Requires immediate total cooperation from everybody at once

      Does it? Couldn't it be a "soft whitelist" until widely adopted? E.g., Everything coming from .mail gets a bonus in my e-mail filtering.

      • Good luck (Score:5, Interesting)

        by deadmongrel (621467) <karthik@poobal.net> on Tuesday March 23, 2004 @01:10PM (#8646264) Homepage
        although this might *seem* a good idea its not going to work. Good luck implementing this outside the united states. Most of the spammers forge email headers. would it be impossible to forge the email servers on your "soft whitelist"? Again the only real solution to spam is to stop buying from it. once the morons who support spammers financially stop the cash flow spam will stop. Again we still would have probles with worms sending spoofed emails.
        • Re:Good luck (Score:5, Informative)

          by afidel (530433) on Tuesday March 23, 2004 @01:15PM (#8646328)
          um, we have this cool tool called reverse DNS that allows us to confirm that the machine we are talking to does indeed have a legitimate entry under the DNS name they are purporting to send mail from.
          • by dipipanone (570849) on Tuesday March 23, 2004 @01:26PM (#8646486)
            There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order

            This message has been brought to you by Well-scrubbed Geeks for a Free America.
          • Re:Good luck (Score:5, Informative)

            by golgotha007 (62687) on Tuesday March 23, 2004 @01:29PM (#8646530)
            i don't like this form of validation. I have many business customers running mail servers using business DSL from various ISP's. These IPS's do not allow for custom reverse entries on their DNS servers.

            This form of validation would cripple thousands of businesses.
            • Re:Good luck (Score:4, Interesting)

              by rvega (630035) on Tuesday March 23, 2004 @01:43PM (#8646736)
              I agree with you on this. I manage the IT infrastructure for the four European branch offices of an American company, and I take advantage of the cheap, fast DSL lines in these offices to route outgoing SMTP mail, instead of routing it over expensive, slow WAN lines back to corporate headquarters in California to be distributed out our "official" pipe. So far so good. Unfortunately, many of our European customers have subscribed to blacklists banning the dynamic IP ranges given out by many ISPs, like Deutsche Telekom. There goes my great solution.

              At the same time I was going through all this frustration, my colleagues back in in California actually configured our incoming mail server to use just the kind of dynamic-IP blacklist that was giving me a headache! Not too funny. Well, they've removed the blacklist now, which is good.

              Still, I do wonder what the incentive is for the ISPs to use dynamic addresses. Are they oversubscribing their IP ranges? That seems stupid. Otherwise, why not give all customers their own, single, static address? Some of them are reserving this for a higher-cost "business DSL" service, but it would be up to the customers to put pressure on them to remedy this situation.

              Deutsche Telekom, for example, makes it very expensive to get a static IP address. My ISP in the Netherlands, on the other hand, XS4ALL [xs4all.nl] (an outstanding outfit, IMHO) on the other hand, provides me with a static IP address for my business-class connection at work, but also for my entry-level connection at home. Customers should flock to the savvy XS4ALLs of the world and force the change.

              Maybe I'm too hard on Telekom and their likes. Maybe they have a good reason. I'd like to hear it.
            • Re:Good luck (Score:3, Informative)

              by jafiwam (310805)
              Reverse DNS confusion ensues.

              Many, many mail admins are using reverse DNS as a means to block spam already. It is highly effective as the goobers that don't do it are either virus-zombies or goobers that shouldn't be sending mail to my server anyway. Anybody that is serious about email can do the reverse pretty easily.

              However there are also many many people in this thread that do not understand it, or understand how it works with email or spam blocking.

              Reverse DNS checking for email has two options:

              a)
          • by bigpat (158134) on Tuesday March 23, 2004 @02:10PM (#8647074)
            I am not a spammer, but I am trying to keep a small company going, which has multiple domains running on one server. Many of these proposed solutions are very poorly documented and seem to just raise the bar for the little guy and do nothing to reduce spam.

            Solutions that expect so called "legitamite" companies to have IT departments and multiple servers and multiple T1s will just end up raising the barriers to entry for small business. Spammers, these days, don't follow the rules.

        • Re:Good luck (Score:3, Insightful)

          by kaden (535652)
          But as the recent article about the guy who loved buying from spammers [slashdot.org] proved, Spammers have an effective business model because they only need a tiny percentage of their victims to bite before the spammers make a profit. You can convince 99% of people to boycott spam, but spammers still win because of that 1% who don't care.

          I know this is impossible for any number of reasons, but wouldn't the solution be to make it illegal to buy from spammers? I imagine the huge bulk of their sales are to people in the

      • How long would it be before one of the 'alternative' DNS providers starts selling .mail domains? If need be, they'd use adware to add their DNS servers to your lookups.
    • Um - call be crazy, but it seems to me that the linked article does not actually propose any solution/technology to fight spam. It's about possible new top level domain names, and it only briefly mentions the fact that some anti-spammers want to use .mail to store mail server information. Whee ...

      Personally, I don't think anti-spammers' interest in .mail is the main story here. It's certainly not the only one...

    • Too bad +5 is as high as the meter will go. This was a lucid, irreverant, intelligent comment. The part I liked most was (in the 'Specifically, your plan fails to account for' section, "Requires immediate total cooperation from everybody at once".

      You know we could all move the Earth from it's current orbit if we all jumped up at the same time. Okay, China you've got 1/6th the population, don't screw this up again!

      Great post. Parent should go SHoF (Slashdot Hall of Fame).

      Peace out.
    • (x) Sorry dude, but I don't think it would work.

      Due to the exponential growth of the "tragedy of the commons" with respect to email, email will soon become so unusable that even a solution which "won't work" will work better than email as it exists today.

      The only solution which makes sense from an economic point-of-view must attack the ( ) Sending email should be free premise for unsigned non-whitelisted email (except to maybe police tip-lines and rape crisis centers, et. al. who want to get anonymous emai

  • by Numeric (22250) on Tuesday March 23, 2004 @12:46PM (#8645901) Homepage Journal
    that way email users are guaranteed that all spam will be filtered!
  • by Anonymous Coward on Tuesday March 23, 2004 @12:46PM (#8645910)
    Give me a break, now on top of my .com .net and .org domain, I need to buy a .mail name to send mail??? I don't think so.
  • im sorry, folks, but the only thing that i see ever working is micropayments.
    • by tanguyr (468371) <tanguyr+slashdot@gmail.com> on Tuesday March 23, 2004 @12:50PM (#8645981) Homepage
      im sorry, folks, but the only thing that i see ever working is micropayments.
      • SPF
      • server side filtering
      • forced castration/neutering of people who buy spam promoted products


      it will take some time, but it will eventually work.
    • by gid13 (620803)
      I still think that's a terrible idea. Aside from the cost to legitimate users, there's also the fact that snail mail spam survives, and at a much higher cost per attempt. This means the e-mail spam people can probably afford their much worse success to attempt ratio.
      • by awol (98751) on Tuesday March 23, 2004 @01:05PM (#8646192) Journal
        Junk snail mail is not spam. Spam exists, precisely because the marginal cost of one more recipient is zero (or indistinguishable from zero). Whilst it is true that junk mail still exists it is considerably less of an issue than spam, not the least of which is because (a) the centralised server [insert your postal service of choice] will respect a "no junk mail" sign and (b) the services offered in the junk have to have legit contact details within jurisdiction for the cost to be even remotely effective, hence they can be drawn to account for unethical action.
    • I don't get spam. The solution I use is relatively simple [slashdot.org] and Yahoo! are now offering a commercial service that does something similar.

      Micropayments will not work because they require an upgrade of the network infrastructure, together with the creation of some form of money transfer network. International tax laws would be the final nail in the coffin.

      The main reason why we still have spam is that current systems are based on the notion we need to punish spammers and anyone remotely connected to them, s

    • Yeah, micropayments to Microsoft. That would be
      fantastic! Hey if micropayments are good what about maxipayments. Let me send my credit card number to Microsoft right now!
  • How? (Score:5, Insightful)

    by FalconZero (607567) * <FalconZeroNO@SPAMGmail.com> on Tuesday March 23, 2004 @12:47PM (#8645919)
    I might have missed something, but how would changing the TLD prevent spam?
    * I could still sign up for bogus accounts with www.hotmail.mail
    * I can still have a poorly configured box that relays spam to www.myisp.mail

    Changing the name will not fix this unless the roots of the problem are addressed, unless
    it was intended that only servers with a .mail TLD be able to send mail to each other?

    "That which we call a rose by any other name would smell as sweet" - William Shakespeare
    • Yes, only those with a .mail domain name may send email and thus someone can not hi-jack a broadband computer with a virus and start to pump out spam.

      All ISP then have to force all customers to send email through their own .mail-servers.

  • Silly silly silly (Score:5, Insightful)

    by grub (11606) <slashdot@grub.net> on Tuesday March 23, 2004 @12:47PM (#8645926) Homepage Journal

    A huge amount (if not the majority) of spam comes from open relays and compromised machines which this silly idea doesn't address. A ground-up overhaul of the mail system (with authentication) is what's needed, not another level of bureaucratic nonsense.
    • Re:Silly silly silly (Score:3, Interesting)

      by Clinoti (696723)
      Indeed, unless the root (no pun) system is taken to the measure and redeveloped this solution is not something that I would want implemented or would want to live with. I gather that in all the time it takes to develop this system, mailboxes will now have spam from all the open-relays, and bundles of spam from the new systems that are online with their open relays due to admins just throwing the boxes online just for some measure of compliance.

      It's just now that some ISP's are starting to manage their ow

  • Ok.. (Score:2, Interesting)

    by hookedup (630460)
    I'm not really into the idea of splitting up the entire net into all these tlds. I dont want my mail server being so easily identified as such.
  • by brejc8 (223089) * on Tuesday March 23, 2004 @12:47PM (#8645930) Homepage Journal
    Uses for the new domains: .asia - Asian pr0n companies .cat - Feline pr0n companies .jobs - Jobs in the pr0n companies .mail - Pr0n spam companies .mobi - Pr0n to your mobile companies .post - Pr0n through your post companies .tel - Sex chatline companies .travel - Sex tourism companies .xxx - Unknown

  • by joeszilagyi (635484) on Tuesday March 23, 2004 @12:47PM (#8645934)
    Since it's impossible and illegal to fake your domain name registration info, there is no way any .mail named mail server would be used for illicit purposes. Anyone mailing you from server.cheapest-viagra-online.mail.cn must clearly be a legitimate mail server of a pharmaceuticals corporation and should be whitelisted.
    • Re:This will work! (Score:3, Informative)

      by WaterTroll (761727)
      Ok, so average user has his outlook express configured to a .mail service. His computer his hijacked by spyware and it's sending tons of spam using the .mail account settings found in outlook express. I don't see a solution, or am I pisssing the point?
  • by some2 (563218) * on Tuesday March 23, 2004 @12:47PM (#8645938)
    I have not been a fan of new TLDs for some time, as it seems to promote confusion. I consider it to be more inefficient to have companyname.info, companyname.com, companyname.net, companyname.org, companyname.mail, etc.... than to just have a simple single domain name (or the three majors, org net and com), with subdomains to break out the company functions (support, sales, mail, www, ftp). It seems much more confusing to me to have companyname.mail than mail.companyname.com, and besides that, why would we possibly want to justify the cost to register our domain under several TLDs, when .com has always been enough?
    • by Anonymous Coward on Tuesday March 23, 2004 @12:59PM (#8646105)
      but not selling 30 or more domain names to each company makes much less money for the registrars..

      the whole thing is driven by greed, and it is EXACTLY what the creators of the internet said would happen as soon as greedy asshats got their hands on it.

      anyone want to start Internet 1.5? create a wrapper protocol to run a real internet on top of the current mess?
      • 1.5? sure... (Score:3, Insightful)

        by The Queen (56621)
        Who's going to fund THAT one? As long as any endevour requires man-hours, and those man-hours are not 100% voluntary, you WILL have marketing and greed seep in.

        I agree with the parent post, there are WAY too many TLDs as it is, and the overlap is insane. Why didn't we stick to .com for business, .net for networks, .edu for schools and .org for non-profits? Why should any corporation be allowed to register a .org???
    • And what about the cases where .gov is a different organization than .com, such as "whitehouse" (to use a bad example) or "PDF" (.com is a process development consultant, .org is the Parkinsons Disease Foundation, .net is another consultant, .biz is a forms processing product PDFTyper...).

      Who gets .mail in those cases?
    • I have not been a fan of new TLDs for some time, as it seems to promote confusion. I consider it to be more inefficient to have companyname.info, companyname.com, companyname.net, companyname.org, companyname.mail,

      You missed Halliburton.mil, Halliburton.gov

  • I'm curious... (Score:3, Insightful)

    by Dot.Com.CEO (624226) * on Tuesday March 23, 2004 @12:48PM (#8645943)
    If it's such a stupid / boring idea (which it properly is), why the hell is it in the front page of slashdot?
    • Uhh.. do you really have to ask yourself that question?

    • Re:I'm curious... (Score:3, Insightful)

      by swb (14022)
      So the slashbots can have something to rail against.

      What's amusing/irconic about the spam debate is that any possible solution is always shot down for technical/philosophical/OSS reasons. I have yet to see a solution advocated that gets more than 25% support.

      I'm personally in favor of an RICO organized-crime investigation of the spamming "industry" and its related businesses; I think if real people started going to jail for long terms, including colluding executives from "legitimate" businesses such as I
      • Re:I'm curious... (Score:4, Insightful)

        by Dot.Com.CEO (624226) * on Tuesday March 23, 2004 @01:02PM (#8646154)
        You assume something as the basis for your thesis that is not necessarily true: that spamming is a crime. It is not. It might be obnoxious, it might even advocate illegal services or products but mass mailing is not an illegal activity, obnoxious as it is. The only realistic solution is for us geeks to install spam blockers, bayesian if possible, to as many friends' computers as possible, thus rendering mass mailings ineffective.

        Interestingly enough, more and more spam seem to sieve through my spam-filters. I guess we need something better? Or is spamassassin not the dog's bollocks any longer?

        • Re:I'm curious... (Score:3, Interesting)

          by man_ls (248470)
          Technically, it is a crime now, with the new laws (CAN-SPAM Act) that were passed...
        • The only realistic solution is for us geeks to install spam blockers, bayesian if possible, to as many friends' computers as possible, thus rendering mass mailings ineffective.

          This is like virus scanning.. It's reactive rather than proactive. I'd rather see GPG with trust calculations properly integrated into Windows email clients and actively promoted. Tell your friends that you only read untrusted email once a week and encourage them to sign everything they send. Hell, I'd have no problem with trus
      • What's amusing/irconic about the spam debate is that any possible solution is always shot down for technical/philosophical/OSS reasons. I have yet to see a solution advocated that gets more than 25% support.

        That's because the quickest way to look smart is to poke holes in someone else's idea. And the slashbots love to have themselves look smart and others look stupid.

        The philosophical grounds are a catch-all for anly solutions that have technical merit, usually because such solutions are proposed by org
  • by FortKnox (169099) on Tuesday March 23, 2004 @12:48PM (#8645950) Homepage Journal
    *yawn* The same old discussion, with no implementation in site.

    Sorta like making an improved moderation system on slashdot instead of ping-ponging votes around?
  • Two domain names (Score:5, Insightful)

    by nempo (325296) on Tuesday March 23, 2004 @12:49PM (#8645959)
    Great, now you're forced to own two domain names to be able to host your own email server, one .mail for *gasp* your mail and one .*** for everything else.
    Why not create .ftp, .ssh and so on when you're at it.
  • by weave (48069) * on Tuesday March 23, 2004 @12:49PM (#8645961) Journal
    Yet another way for domain registrars to make a new killing off of providing a tiny record in a database somewhere.

    Where can I sign up for my 100 year .mail domain?

  • ...you'll need to add the .femail domain as well to make everybody happy
  • site? (Score:3, Funny)

    by SuperBanana (662181) on Tuesday March 23, 2004 @12:49PM (#8645965)
    The same old discussion, with no implementation in site

    Hmm, the site spell chequer must bee down to.

  • However, (Score:2, Interesting)

    by rasafras (637995)
    Will it cure cancer and AIDS before or after it eliminates spam?
  • by brejc8 (223089) * on Tuesday March 23, 2004 @12:49PM (#8645969) Homepage Journal
    Acording to ICANN [icann.org] the sponsor for .xxx is The International Foundation for Online Responsibility. It wopuld be a bit weird when the organisation's main source of funding will come from the pr0n industry.
    IFFOR brought to you by nastygirls.xxx
  • Spam (Score:2, Insightful)

    by Iberian (533067)
    The only way to elimanate spam is to hold users accountable which is neat impossible with the anonmity the internet provides so unless you want to start registering your SSN and removing your foil hats just accept it as the small price for freedom.
  • by Rosco P. Coltrane (209368) on Tuesday March 23, 2004 @12:49PM (#8645971)
    - Quick quick, register hot.mail ASAP!!
    - Wait for Microsoft to contact me, tell them I take cash and checks
  • by ari_j (90255) on Tuesday March 23, 2004 @12:52PM (#8646006)
    Now I have to get mycompany.mail to handle mail and mycompany.com for my other uses, and people will get confused because mycompany.mail and mycompany.com are not necessarily the same mycompany. Moreover, there'll be no way to tell if I am from mycompany.com when I give an address of me@mycompany.mail. Yes, you can MX mycompany.mail to handle for mycompany.com, but you could register hiscompany.mail and people might get confused and send mail to him@hiscompany.mail instead of him@hiscompany.com, totally messing with him.

    This is why you're supposed to have a mail.yourcompany.com subdomain to handle mail for yourcompany.com - there's only ambiguity if mail.yourcompany.com gets hijacked or your DNS provider gets bribed into giving it to a friend for a can of Coke (that bastard).

    I think the appropriate solution to spam is to hunt down everyone who buys the stuff and kill them off. When people stopped buying pet rocks, they went off the market. Kill the demand, because spammers are lowlife who will risk death to supply it if the demand is there.
  • by El Cubano (631386) <roberto.connexer@com> on Tuesday March 23, 2004 @12:56PM (#8646062) Homepage
    It's pretty light on details, but it seems that the two most logical applications are problematic:

    1) When you register foo.{com,net,biz,org,*} you also got foo.mail as a bonus. But if one person rgisters foo.com and also gets foo.mail, what happens to the person who later registers foo.net.

    2) As a possible solution to point 1, when you register foo.com you also get foo.com.mail. This just seems ugly.

    Also, will it cost me another $15-$45/year to get the benefit of this new domian? What of people who choose to not porticipate?

    I still fail to see what the problem is with just doing a reverse lookup on the domain's MX. It utilizes existing infrastructure and isn't as ugly as throwing in another TLD to the mix.
  • 1. If the IP address of the sender doesn't resolve to a .mail domain, discard it.

    2. If any server on the .mail domain is used for spam, the name shall be terminated.

    3. Set up a strict set of rules that define what is spam and what isn't, and all who are registered with a .mail domain must follow these rules, lest they be terminated as well.
  • FUSSP (Score:2, Funny)

    by McDutchie (151611)
    This is, indeed, yet another Final Ultimate Solution to the Spam Problem [rhyolite.com].
  • new .x (Score:5, Funny)

    by maxbang (598632) on Tuesday March 23, 2004 @12:58PM (#8646096) Journal

    how about a .stupid for ideas like this? maybe even a .pointlessdiscussions or .useless? i'll be the first to sign up for .stupid and .useless. You'll be able to find my blog on them.

  • What am I missing? (Score:5, Interesting)

    by i8a4re (594587) on Tuesday March 23, 2004 @01:02PM (#8646160)

    After reading this article and the one a few days ago about AOL and spam, I came up with this idea

    I despise spam as much as most of you. My company is actually about to start a spam campaign against my recommendations. The day they start I will quit. Slashdot, here is my idea on blocking spam. What am I missing?

    We all know what IP addresses belong to which countries. At work, we only deal with customers that carry professional certifications within the US. Of our client base, less than 1% of 1% of these customers and potential customers live outside the US or Canada. Therefore, I have blocked most networks outside of the US and Canada. The only exception is .mil. This has reduced my spam problem considerably. Add to this a Bayesian filter and my spam problem is essentially eliminated. This got me thinking...

    ISPs should filter e-mail according to the user's requests. When you sign up for an account, by default, you can only receive e-mail originating/relaying from the US. Now, the user can go to their email configuration and pick which countries they wish to receive e-mail from. Most users only receive email from within the US and one or two other countries. If they only receive email from a few people outside the US, then just whitelist those address. If they want, Mexico, for instance opened, then let the user check the box next to allow e-mail from Mexico. Once this is setup, let the user decide if the e-mail failing to meet these conditions should be blocked or just moved to a separate folder for review. Another possibility is that if an e-mail originates from a blocked country and the spam filter thinks it's legitimate or just doesn't get a high spam score, send an NDR that says "Your e-mail looks like spam, but this could be a false positive. In order to deliver your email, please visit this site....." On that site, put one of the many methods to verify a human is actually visiting that site and then deal with the email accordingly.

    For most users, the only noticeable impact would be less spam. This would also force spammers to send and/or relay from within the US. Now if they are operating from within the US, we have an IP address within the US's jurisdiction. Granted these may be zombie machines, so if your e-mail server does a reverse lookup before allowing e-mail, these would be denied. Also, we need to get ISPs to block most ports by default. If you want a port opened, you simply request it from your ISP. Add a clause like "by opening these ports, you are taking responsibility for any traffic on these ports. If we find your computer is sending viruses or spam or DOSing, then your service will be terminated." Again, most users would never notice a difference. Those that do notice can have the ports opened.

    So now, for the average user, they would only receive e-mail originating or relaying from the US from a registered e-mail server. Now we can track this back to an ISP and shut down the account, seek legal action against the ISP for supporting spam, or black list that ISP. Since the spammer would have to have an MX record, you can get the registration info. This is probably bogus, so if we force registrars to verify the identity of the person, then we could actually track this back to a person. The spammer could probably falsify this too, but every step you add slows them down.

    The spammer is going to now have to purchase an account with an ISP in the US and a registrar. Both of these entities should require a method of traceable payment. This means no cash. Now, we should have a means of finding who wrote the check or who the credit card belongs to. We now either have the spammer, the spammer's company (which should lead back to the spammer), or the spammer has now committed fraud. If he commits fraud, we now have the FBI after him and potential of longer jail sentences.

    Not that I have to solicit criticism here on slashdot, but I'll ask anyways. What am I missing and why wouldn't this work?

    • Okay, I'm dubious about the legal stuff you want to do. There are a *lot* of implications of doing something like that, including privacy issues.

      However, you have one point absolutely dead-on accurate. If you want to do any kind of server-side filtering, if there is any proposal to do so, *users* should have the ability to set this filter. Server-side filtering (as opposed to client-side) has a lot of benefits -- it means that clients don't have to be maintained, that users can easily switch clients, se
    • by dasunt (249686)

      Also, we need to get ISPs to block most ports by default. If you want a port opened, you simply request it from your ISP.

      Not that I have to solicit criticism here on slashdot, but I'll ask anyways. What am I missing and why wouldn't this work?

      My major fear is as soon as most ISPs switch to a system like this, opening up additional ports will only be possible for an additional cost, or for a more expensive plan.

      "You want port 22 opened? That will be an additional $7.95 a month."

  • by aardwolf204 (630780) on Tuesday March 23, 2004 @01:03PM (#8646171)
    Ohh! TLDs! Lets see how much useless crap we can come up with!:

    .spam - everything thats spam
    .sex - all those pr0n sites
    .troll - because you know they'll stay in their own domain
    .h4x - let them h4x0r to themselves
    .blog - now we can exclude these from searches!
    .trek - for everything except Enterprise NX-01
    .estaog - another great tld for your hosts file
    .net - just give it to M$'s marketing team already
    . - one step closer to having www./. [slashdot.org]


    Yay! More TLDs! Thats just what we need. I cant wait to exclude all these new TLDs from my Google searches just to find that there's nothing left on the net but www.BringBackThePorn.com [bringbacktheporn.com]

    Did I miss any?
    • Just to be pedantic and a smartalec and get accused of taking a joke far too seriously ;-)

      . - one step closer to having www./.

      Whisper it quietly, but there already is a dot at the top level. Every domain name ends in ".". By omitting the dot you're giving your resolver permission to search for the domain within your search path (though few will unless it contains no dots at all.)

      This usually bites people on the rear when they're entering names into one of BIND's configuration files, you'll do somethin

    • Technically, if . was a TLD, the address would be http:///...
  • by Muerte23 (178626) on Tuesday March 23, 2004 @01:06PM (#8646220) Journal
    Why not change so that SMTP servers ONLY accept connections over SSL? And then only accept certificates that are signed either by a central authority or by people whose certificates are signed by those people...

    Then you could have a distributed revocation authority where people could send copies of spams (still over the SSL network to eliminate fake spam for DDoS purposes). You don't want to get your certificate revoked, so maintain your server!

    This makes the system more or less secure, and puts the burden onto mail server admins. You want your regular users to be able to send mail? Then don't let random people send spam.

    Individual servers could then implement whatever authentication they liked for their users to be able to send. Maybe a C/R system or authenticated logins. Whatever.

    Muerte

    ps. i keep posting this idea. ha!
    • And then only accept certificates that are signed either by a central authority...

      Because I can't think of one single entity that I'd trust to manage such a thing at a global level. Verisign? ICANN? Hah!

      ...or by people whose certificates are signed by those people.

      Verisign signs J. Random Spamfriend's certificate. JRS signs a spammer's certificate. See the problem? Maintaining a global PKI with near-real-time revocation is a non-trivial problem.

    • This is quite similar to what I and others have been suggesting: use PGP. The sender encrypts a digest of the message with his private key, you decrypt with their alleged public key. If it matches with the digest you calculate, you know that:

      1. The message is what the sender sent
      2. The sender has the private key

      Form here, you can go two ways. You can switch the whole world over to using PGP and implement networks of trust, revoking keys used for spamming, etc, etc. Or you can apply the solution to yoursel
  • by mackman (19286) * on Tuesday March 23, 2004 @01:13PM (#8646297)
    .biz was the best thing I've seen for reducing the amount of spam in my inbox. I've filtered thousands of spam and have received zero legitimate emails from .biz addresses. Lets add more stupid TLDs so we can identify spam more easily!
  • by The Tithe (516691) on Tuesday March 23, 2004 @01:15PM (#8646329)

    So, even if this does go through and we do get a .mail TLD that is for only registerd mail servers. What happens when both companies/people owning the domains x.com and x.net suddenly want to get their x.mail domain to send mail. Who gets it? Maybe they're assuming people will opt for x.com.mail and x.net.mail. But that seems really annoying.

  • by OneFix at Work (684397) on Tuesday March 23, 2004 @01:17PM (#8646359)
    You want every little mom & pop company running a 10 year old mail server to register a new domain and reconfigure their box overnight???

    Exactly when is this supposed to happen???

    For right now, the best solution is to...

    1) Block IPs that are causing problems...this can acutally be automated...I'm working on a script at our site that passes all spam identified by spamassassin as a level 20 or higher into a blocklist for our MTA.

    2) SpamAssassin...run SA as a service for all users and give them info on how to tailor it to their own preferences...

    3) ClamAV...this catches some of the really nasty stuff...the ones that use exploits to "phone home" or run code on the user's machine...

    These ARE and will be the only way to stop spam into the forseeable future. The only real way to stop it all would be a redesign of the protocol from the ground-up and that is just not going to happen...SMTP is already too entrenched into the backbone of the internet...it just won't happen...
  • by Dracolytch (714699) on Tuesday March 23, 2004 @01:19PM (#8646378) Homepage
    Here's the goddamned standard... Make it ultra-easy so it's simple to hit critical mass where everyone uses it.

    For your domain, put out a text file. In that text file, put the IP addresses or range of your server.

    Name the file: mailservers.txt

    For example... I would have (for DracoSoftware.com) a page called mailservers.txt. It would contain:

    206.67.56.202

    If I had a range, it could be either individual IPs:
    206.67.56.202 206.67.56.203 206.67.56.204

    OR, a range delimited by a dash:

    206.67.56.202-206.67.56.204

    Once we get sites to publish their legit mail servers, the rest is easy... Setting up servers who do DNS-like caching at your local ISP is easy. Your individual e-mail program can then do WHATEVER IT WANTS with the e-mail... Whitelist/blacklist/take into consideration for baysian filtering... whatever. The important thing is to get the legit mail servers published.

    If a mail comes from legit mail-server... Easy.
    If a mail spoofs a publicized server... easy.
    If a mail comes from an unknown server, mark it as suspicious.

    If people want, I'll start posting names of domains that were cool enough to create a mailservers.txt file.

    Ready??? GO!

    ~D
  • by jjo (62046) on Tuesday March 23, 2004 @01:31PM (#8646550) Homepage
    It's apparent that the knee-jerk rejections of .mail are coming from people who haven't bothered to actually read the .mail proposal [icann.org], or else who conclude that any anti-spam initiative that will not cause an immediate, total, worldwide cessation of spam is not even worth considering. All the .mail domain proposes is a more reliable locus for distributing whitelist information. It is expressly not intended to be user-visible, but rather to be solely for the purpose of automatic sender validation by mail receivers.

    Whitelists work. Do they eliminate all spam? No. Are they part of a framework for reducing spam? Yes. Snide remarks about the futility of any possible approach to the spam problem may be amusing, but they obscure the fact that real (not perfect, but real) progress is possible. A .mail domain can be part of the solution.
  • by jackbird (721605) on Tuesday March 23, 2004 @02:04PM (#8647009)
    I hope they had the foresight to make it compatible with RFC 3514 [ietf.org].
  • by filesiteguy (695431) <kai@perfectreign.com> on Tuesday March 23, 2004 @03:20PM (#8647840) Homepage
    ...and I've been advocating that .org address be used to identify porn sites. That hasn't worked either.
  • Here we go again (Score:3, Informative)

    by Jesus IS the Devil (317662) on Tuesday March 23, 2004 @03:36PM (#8648053)
    This is just another get-rich-quick scheme by businesses to extract more money from unsuspecting domain name whores. They want you to pay money for thin air basically.

    I don't get how another new domain will curb spam. People want to send emails at the same domain as the web sites.

    And what about open relays, mom-and-pop websites that won't want to go through the trouble, hacked servers, spoofed email addresses? This "new" method solves none of these things.

    The .porn/.xxx domains didn't work, and neither will this. Don't get suckered into paying more money on a pipe dream.
  • Why TLD? (Score:3, Interesting)

    by AnotherBlackHat (265897) on Tuesday March 23, 2004 @03:56PM (#8648258) Homepage

    By far the most interesting proposal is for a .mail TLD to register legitimate mail servers.


    If this really was a good idea, then there's no reason you couldn't do it under a second or even lower tier domain.

    I'd certainly trust randomdomain.approved-mailservers.spamhaus.org a lot more than randomdomain.mail

    They should have spent the $45,000 fee on something useful - like legos.

    -- this is not a .sig
  • Typical (Score:3, Interesting)

    by TwistedGreen (80055) <twistedgreen AT gmail DOT com> on Tuesday March 23, 2004 @04:17PM (#8648490)
    Wow, what a brain-dead idea. Sounds like it was designed by management committee.

    Instead of starting with core infrastructure, they start with... registering domain names. Yeah.
  • by SlipJig (184130) on Tuesday March 23, 2004 @05:06PM (#8649005) Homepage
    I wonder about the long-term effects of anti-spam strategies that rely on eliminating the market or profitability for spammers. It seems to me that this may result in spam levels oscillating between prevalence and rarity. Lemme explain.

    Let's assume we implement some Bayesian filtering on a widespread basis. Let's then assume that most spammers go out of business, and that the amount of spam sent drops drastically. Sounds great! But after a year or two (or five) of this, it seems to me things will be ripe for new spam action. Some spammer will get a message past the filters, which ironically may be less effective due to the lower incidence of spam. Users who haven't seen a spam message in a year will open it, and all of a sudden this particular spammer is immensely profitable. Other spammers see his success and jump on the bandwagon, and pretty soon we're back where we were before.

    Of course this is all conjecture, but I do wonder if we need a better fix, one that can guarantee results long-term.

My problem lies in reconciling my gross habits with my net income. -- Errol Flynn Any man who has $10,000 left when he dies is a failure. -- Errol Flynn

Working...