.mail Domain To Eliminate Spam?

steve.m writes "The BBC are reporting on a new batch of top level domain names being submitted to ICANN for approval. By far the most interesting proposal is for a .mail TLD to register legitimate mail servers. Could this eventually be the end of spam ?" *yawn* The same old discussion, with no implementation in sight.

Re:Ok..

[tanguyr]

well, if you use it to receive mail, your mail server is already identified by an MX record...

Re:This will work!

[WaterTroll]

Ok, so average user has his outlook express configured to a .mail service. His computer his hijacked by spyware and it's sending tons of spam using the .mail account settings found in outlook express. I don't see a solution, or am I pisssing the point?

Re:Note to self

[Anonymous Coward]

Just make sure you tell them that hot.mail is a site that is somehow related to porn and has nothing to do with hotmail.com. That way you'll be ok legally.

Re:no solution in sight

[awol]

Junk snail mail is not spam. Spam exists, precisely because the marginal cost of one more recipient is zero (or indistinguishable from zero). Whilst it is true that junk mail still exists it is considerably less of an issue than spam, not the least of which is because (a) the centralised server [insert your postal service of choice] will respect a "no junk mail" sign and (b) the services offered in the junk have to have legit contact details within jurisdiction for the cost to be even remotely effective, hence they can be drawn to account for unethical action.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Good luck

[afidel]

um, we have this cool tool called reverse DNS that allows us to confirm that the machine we are talking to does indeed have a legitimate entry under the DNS name they are purporting to send mail from.

Re:Good luck

[golgotha007]

i don't like this form of validation. I have many business customers running mail servers using business DSL from various ISP's. These IPS's do not allow for custom reverse entries on their DNS servers.

This form of validation would cripple thousands of businesses.

Re:Obligatory spam solution rejection form

[ameoba]

How long would it be before one of the 'alternative' DNS providers starts selling .mail domains? If need be, they'd use adware to add their DNS servers to your lookups.

Re:Obligatory spam solution rejection form

[Beardydog]

Nope. [straightdope.com]

Re:You want a new goddamned standard?

[El Cubano]

Here's the goddamned standard... Make it ultra-easy so it's simple to hit critical mass where everyone uses it.

Take a look at this: Sender Policy Framework [pobox.com].

There is even a wizard that walks you through the creation of the appropriate TXT records for your DNS zone file.

Re:Good luck

[Anonymous Coward]

No, you just need the SMTP server to give the .mail hostname it thinks it is, then do a forward DNS on that hostname to make sure it resolves to that IP.

Re:Obligatory spam solution rejection form

[Tomun]

It appeared in a slashdot comment here [slashdot.org]
and its also at Cory Doctorow's site here [craphound.com].

My guess is that Cory wrote it.

Re:Good luck

[golgotha007]

Uhm, what part of DNS aren't you understanding?

obviously more than yourself.

you see, just because you have reverse entries in your own DNS servers doesn't mean that you're authoritative for those IP addresses.

you might want to check out ARIN [arin.net] for more information on this.

p.s. if you want to prevent yourself looking like an ass in the future, try this:
if you're not 100 percent sure about a particular subject, send in a probe before you send in the missles.

Here we go again

[Jesus IS the Devil]

This is just another get-rich-quick scheme by businesses to extract more money from unsuspecting domain name whores. They want you to pay money for thin air basically.

I don't get how another new domain will curb spam. People want to send emails at the same domain as the web sites.

And what about open relays, mom-and-pop websites that won't want to go through the trouble, hacked servers, spoofed email addresses? This "new" method solves none of these things.

The .porn/.xxx domains didn't work, and neither will this. Don't get suckered into paying more money on a pipe dream.

Re:Good luck

[asdfghjklqwertyuiop]

you see, just because you have reverse entries in your own DNS servers doesn't mean that you're authoritative for those IP addresses.

If your ISP has delegated a reverse lookup zone to your DNS servers, then yes you are authoritative. That's literrally what the word authoritative [menandmice.com] means.

Re:Good luck

[Tassach]

I think it has more to do with blocking servers and preventing people from using their home DSL account to host a Counterstrike server.

If that's the purpose, then it's horribly ineffective. It's trivial to set up a dynamic DNS solution which is virtually transparent to the outside world. It's not a perfect solution, but for a low-traffic domain, it's satisfactory.

In my setup, I have a cron job on my Linux box which runs zoneclient [sourceforge.net] every 10 minutes. Zoneclient queries my router for it's external IP address, and if it has changed since the last check, it tells my DNS provider [zoneedit.com] to update the appropriate A records. 10 minutes is a pretty arbitrary number, it's good enough for my purposes. I could crank the cron job up to run 1/min without any trouble, but that seems like overkill to me, since I usually only wind up getting a new address once or twice a month. Dynamic DNS probably isn't good enough for a serious production server; but it's adequate for a private mail server, especially if you have an external store-and-forward backup [zoneedit.com] server to hold your mail temporarily. For a game server used by you and your friends, this setup works perfectly.

Re:Good luck

[Tassach]

If your ISP has delegated a reverse lookup zone to your DNS servers

That's a pretty big "if". While it's true, it's going to be irrelevant to someone who doen't have their own a static IP block. If your ISP isn't going to give you a static IP, they sure as hell aren't going to delegate reverse lookups.

Re:Good luck

[jafiwam]

Reverse DNS confusion ensues.

Many, many mail admins are using reverse DNS as a means to block spam already. It is highly effective as the goobers that don't do it are either virus-zombies or goobers that shouldn't be sending mail to my server anyway. Anybody that is serious about email can do the reverse pretty easily.

However there are also many many people in this thread that do not understand it, or understand how it works with email or spam blocking.

Reverse DNS checking for email has two options:

a) check that reverse DNS exists (i.e. that when one is done a response comes back)

b) check that revesse DNS matches up with an particluar hostname and the hostname with that IP address. I.e. if mail comes from mail.yourisp.com from 127.0.0.1, then the reverse for 127.0.0.1 is a zone 1.0.0.127.in-addr.arpa that holds the hostname "mail.yourisp.com".

MOST email admins DO NOT USE option B. They use option A. That means any crap-wildcard reverse DNS the ISP chooses to put in will work just fine. They do not care if the reverse is correct or not, just that it is there. This is for speed reasons (all those lookups take time, CPU time and bandwidth), as well as NATing reasons, you can't name a single IP both www.companyname.com and mail.companyname.com in reverse.... so matching the reverse DNS cannot be used as a criteria for sending mail. It would quickly be shut off as it is an admin's nightmare.

So, most of the time, you just need your ISP to get a reverse DNS entry to say something like "ip-address.modempool.ispname.com" or whatever. No delegation required, no upkeep required, permenent for anybody using that IP.

So before complaining about "i want to run a mail server I have the right to send mail without reverse DNS" be sure you know what is happening with the filtering.

Many ISPs do not bother to set reverse unless there is a reason to... so a lot of times the "not important to the ISP" ip addresses don't get it. That's a pretty good way to filter mail, as if the ISP doesnt know there might be mail coming from it... you probably don't want to get that mail.

Learn more here:
http://www.dnsstuff.com/info/revdns.htm

Re:Obligatory spam solution rejection form

[wkcole]

I think you need to read the proposal more carefully and to look at the less formally worded materials at Spamhaus [spamhaus.org] regarding the plan for use of the TLD. It is inaccurate to look at this as a means of fighting spam, much less a FUSSP [rhyolite.com] because it is in fact a way to address the issues of legitimate mail getting caught by various imperfect approaches to spam detection.

Because it is designed to provide a sort of 'bus lane' for mail servers whose operators are willing to meet the rather stringent conditions and the hefty price of a domain in the TLD to get their mail servers into the TLD, it does not require universal acceptance. It also has literally NOTHING to do with SMTP headers , is designed to be useless as a pure whitelist (eliminating the related objections,) does not depend on spammer honesty, is totally unrelated to the lack of a central controlling authority for email, and is significantly resistant to 'joe jobs' and identity theft for the entities with .mail domains because any mail not coming from their .mail machines would be readily repudiable.

In short, your comment might have deserved the 'funny' moderation if you were the first person to come up with a checklist response, but all you have really shown is that you did not bother to dig any deeper than the rather misleading /. blurb.