.mail Domain To Eliminate Spam? 472
steve.m writes "The BBC are reporting on a new batch of top level domain names being submitted to ICANN for approval. By far the most interesting proposal is for a .mail TLD to register legitimate mail servers. Could this eventually be the end of spam ?" *yawn* The same old discussion, with no implementation in sight.
Obligatory spam solution rejection form (Score:5, Funny)
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work.
(One or more of the following may apply to your particular idea, and it may
have other flaws which used to vary from state to state before a bad federal
law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever been
shown practical
( ) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
Re:Obligatory spam solution rejection form (Score:2)
People won't bother patching their SMTP server's, hence you will keep getting SPAM.
Re:Obligatory spam solution rejection form (Score:5, Interesting)
Requires immediate total cooperation from everybody at once
Does it? Couldn't it be a "soft whitelist" until widely adopted? E.g., Everything coming from .mail gets a bonus in my e-mail filtering.
Good luck (Score:5, Interesting)
Re:Good luck (Score:5, Informative)
Re:Good luck (Score:4, Funny)
This message has been brought to you by Well-scrubbed Geeks for a Free America.
Re:Good luck (Score:5, Informative)
This form of validation would cripple thousands of businesses.
Re:Good luck (Score:4, Interesting)
At the same time I was going through all this frustration, my colleagues back in in California actually configured our incoming mail server to use just the kind of dynamic-IP blacklist that was giving me a headache! Not too funny. Well, they've removed the blacklist now, which is good.
Still, I do wonder what the incentive is for the ISPs to use dynamic addresses. Are they oversubscribing their IP ranges? That seems stupid. Otherwise, why not give all customers their own, single, static address? Some of them are reserving this for a higher-cost "business DSL" service, but it would be up to the customers to put pressure on them to remedy this situation.
Deutsche Telekom, for example, makes it very expensive to get a static IP address. My ISP in the Netherlands, on the other hand, XS4ALL [xs4all.nl] (an outstanding outfit, IMHO) on the other hand, provides me with a static IP address for my business-class connection at work, but also for my entry-level connection at home. Customers should flock to the savvy XS4ALLs of the world and force the change.
Maybe I'm too hard on Telekom and their likes. Maybe they have a good reason. I'd like to hear it.
Comment removed (Score:5, Interesting)
Re:Good luck (Score:3, Insightful)
2) If they change something around, they don't have to contact you to change your IP.
Re:Good luck (Score:3, Interesting)
hell, I even remember a customers who had called to get his connection setup...he was paying extra for the "super speed super bandwith" package that was almost 100
Re:Good luck (Score:3, Informative)
If that's the purpose, then it's horribly ineffective. It's trivial to set up a dynamic DNS solution which is virtually transparent to the outside world. It's not a perfect solution, but for a low-traffic domain, it's satisfactory.
In my setup, I have a cron job on my Linux box which runs zoneclient [sourceforge.net] every 10 minutes. Zoneclient queries my router for it's external IP
Re:Good luck (Score:3, Insightful)
Re:Good luck (Score:3, Informative)
Many, many mail admins are using reverse DNS as a means to block spam already. It is highly effective as the goobers that don't do it are either virus-zombies or goobers that shouldn't be sending mail to my server anyway. Anybody that is serious about email can do the reverse pretty easily.
However there are also many many people in this thread that do not understand it, or understand how it works with email or spam blocking.
Reverse DNS checking for email has two options:
a)
Re:Good luck (Score:3, Interesting)
Except for the fact that your proposed solution solves very little and causes major inconvenience.
In other words, it is a bad solution.
Why?
Now you know that whatever the mailserver suggests its hostname is, actually resolves to its IP.
It fails to verify in any way if that machien should actually be deliver
Re:Good luck (Score:3, Informative)
If your ISP has delegated a reverse lookup zone to your DNS servers, then yes you are authoritative. That's literrally what the word authoritative [menandmice.com] means.
Re:Good luck (Score:3, Informative)
reverse DNS sometimes costs extra (Score:4, Insightful)
Solutions that expect so called "legitamite" companies to have IT departments and multiple servers and multiple T1s will just end up raising the barriers to entry for small business. Spammers, these days, don't follow the rules.
Re:Good luck (Score:3, Insightful)
I know this is impossible for any number of reasons, but wouldn't the solution be to make it illegal to buy from spammers? I imagine the huge bulk of their sales are to people in the
Re:Obligatory spam solution rejection form (Score:3, Informative)
Re:Obligatory spam solution rejection form (Score:2, Insightful)
Um - call be crazy, but it seems to me that the linked article does not actually propose any solution/technology to fight spam. It's about possible new top level domain names, and it only briefly mentions the fact that some anti-spammers want to use .mail to store mail server information. Whee ...
Personally, I don't think anti-spammers' interest in .mail is the main story here. It's certainly not the only one...
Re:Obligatory spam solution rejection form (Score:3, Insightful)
You know we could all move the Earth from it's current orbit if we all jumped up at the same time. Okay, China you've got 1/6th the population, don't screw this up again!
Great post. Parent should go SHoF (Slashdot Hall of Fame).
Peace out.
Re:Obligatory spam solution rejection form (Score:3, Informative)
Re:Obligatory spam solution rejection form (Score:3, Interesting)
Due to the exponential growth of the "tragedy of the commons" with respect to email, email will soon become so unusable that even a solution which "won't work" will work better than email as it exists today.
The only solution which makes sense from an economic point-of-view must attack the ( ) Sending email should be free premise for unsigned non-whitelisted email (except to maybe police tip-lines and rape crisis centers, et. al. who want to get anonymous emai
Re:Obligatory spam solution rejection form (Score:3, Insightful)
Nearing 500 messages, it's the first time I'm called a troll, by the way.
Re:Values (Score:3, Funny)
Pedantic is an unambiguous, but I think your assessment of the poster is still a 'misnomer' in that it doesn't fully capture the essence of the post. I was thinking something along the lines of 'ignominious troll', but that's just me.
Re:Obligatory spam solution rejection form (Score:5, Informative)
and its also at Cory Doctorow's site here [craphound.com].
My guess is that Cory wrote it.
maybe they should create .spam TLD (Score:5, Funny)
Only a way to extract more money from people (Score:3, Insightful)
Re:Only a way to extract more money from people (Score:5, Interesting)
say i have abracadabra.com and you have abracadabra.net - which one of us gets abracadabra.mail? Or are we talking abracadabra.com.mail and abracadabra.org.mail?
no solution in sight (Score:2, Insightful)
Re:no solution in sight (Score:5, Funny)
it will take some time, but it will eventually work.
Re:no solution in sight (Score:3, Insightful)
Re:no solution in sight (Score:4, Informative)
Re: (Score:2)
Re:no solution in sight (Score:2)
fantastic! Hey if micropayments are good what about maxipayments. Let me send my credit card number to Microsoft right now!
How? (Score:5, Insightful)
* I could still sign up for bogus accounts with www.hotmail.mail
* I can still have a poorly configured box that relays spam to www.myisp.mail
Changing the name will not fix this unless the roots of the problem are addressed, unless
it was intended that only servers with a
"That which we call a rose by any other name would smell as sweet" - William Shakespeare
Re:How? (Score:2)
All ISP then have to force all customers to send email through their own
Re:How? (Score:5, Interesting)
Just a few points
1. Who would verify the requests (worldwide)?
2. How do you REALLY verify an account is never going to be abused?
3. Where do you draw the line? Is a company of 20 allowed email? How about 4? How about just me?
4. How do you persuade EVERYONE who currently uses email to change?
5. How much do you think it would cost to make the switch globally?
Silly silly silly (Score:5, Insightful)
A huge amount (if not the majority) of spam comes from open relays and compromised machines which this silly idea doesn't address. A ground-up overhaul of the mail system (with authentication) is what's needed, not another level of bureaucratic nonsense.
Re:Silly silly silly (Score:3, Interesting)
It's just now that some ISP's are starting to manage their ow
Re:Silly silly silly (Score:3, Insightful)
Or to use the same (rather silly) metaphor, the Wal-Mart down the street has a public phone number. Does this mean Wal-Mart's phone is constantly ringing?
I am not a celebrity, in real life or on the Internet. Would you like me to forward my spam to you? I guarantee that I get more spam than Bob Barker gets phone calls.
Ok.. (Score:2, Interesting)
Re:Ok.. (Score:5, Informative)
Uses for the domains (Score:5, Funny)
Re:Uses for the domains (Score:3, Funny)
This will work! (Score:5, Funny)
Re:This will work! (Score:3, Informative)
Why would I want to register under so many TLDs? (Score:5, Insightful)
Re:Why would I want to register under so many TLDs (Score:5, Insightful)
the whole thing is driven by greed, and it is EXACTLY what the creators of the internet said would happen as soon as greedy asshats got their hands on it.
anyone want to start Internet 1.5? create a wrapper protocol to run a real internet on top of the current mess?
1.5? sure... (Score:3, Insightful)
I agree with the parent post, there are WAY too many TLDs as it is, and the overlap is insane. Why didn't we stick to
Re:Why would I want to register under so many TLDs (Score:2)
Who gets
Re:Why would I want to register under so many TLDs (Score:3, Funny)
You missed Halliburton.mil, Halliburton.gov
I'm curious... (Score:3, Insightful)
Re:I'm curious... (Score:2, Funny)
Uhh.. do you really have to ask yourself that question?
Re:I'm curious... (Score:2)
Re:I'm curious... (Score:3, Insightful)
What's amusing/irconic about the spam debate is that any possible solution is always shot down for technical/philosophical/OSS reasons. I have yet to see a solution advocated that gets more than 25% support.
I'm personally in favor of an RICO organized-crime investigation of the spamming "industry" and its related businesses; I think if real people started going to jail for long terms, including colluding executives from "legitimate" businesses such as I
Re:I'm curious... (Score:4, Insightful)
Interestingly enough, more and more spam seem to sieve through my spam-filters. I guess we need something better? Or is spamassassin not the dog's bollocks any longer?
Re:I'm curious... (Score:3, Interesting)
Re:I'm curious... (Score:2)
Re:I'm curious... (Score:3)
This is like virus scanning.. It's reactive rather than proactive. I'd rather see GPG with trust calculations properly integrated into Windows email clients and actively promoted. Tell your friends that you only read untrusted email once a week and encourage them to sign everything they send. Hell, I'd have no problem with trus
Re:I'm curious... (Score:2)
That's because the quickest way to look smart is to poke holes in someone else's idea. And the slashbots love to have themselves look smart and others look stupid.
The philosophical grounds are a catch-all for anly solutions that have technical merit, usually because such solutions are proposed by org
hehe... comments CAN bite back... (Score:5, Insightful)
Sorta like making an improved moderation system on slashdot instead of ping-ponging votes around?
Two domain names (Score:5, Insightful)
Why not create
Re:Two domain names (Score:4, Funny)
What a great idea... (Score:5, Insightful)
Where can I sign up for my 100 year .mail domain?
Won't fly in the US, it's not PC (Score:2, Funny)
site? (Score:3, Funny)
Hmm, the site spell chequer must bee down to.
However, (Score:2, Interesting)
IFFOR sponsored by .xxx (Score:3, Interesting)
IFFOR brought to you by nastygirls.xxx
Spam (Score:2, Insightful)
Note to self (Score:3, Funny)
- Wait for Microsoft to contact me, tell them I take cash and checks
Re:Note to self (Score:2)
Prefix, not suffix, you dumbasses (Score:5, Insightful)
This is why you're supposed to have a mail.yourcompany.com subdomain to handle mail for yourcompany.com - there's only ambiguity if mail.yourcompany.com gets hijacked or your DNS provider gets bribed into giving it to a friend for a can of Coke (that bastard).
I think the appropriate solution to spam is to hunt down everyone who buys the stuff and kill them off. When people stopped buying pet rocks, they went off the market. Kill the demand, because spammers are lowlife who will risk death to supply it if the demand is there.
Not sure how .mail will work (Score:5, Insightful)
1) When you register foo.{com,net,biz,org,*} you also got foo.mail as a bonus. But if one person rgisters foo.com and also gets foo.mail, what happens to the person who later registers foo.net.
2) As a possible solution to point 1, when you register foo.com you also get foo.com.mail. This just seems ugly.
Also, will it cost me another $15-$45/year to get the benefit of this new domian? What of people who choose to not porticipate?
I still fail to see what the problem is with just doing a reverse lookup on the domain's MX. It utilizes existing infrastructure and isn't as ugly as throwing in another TLD to the mix.
How about you add this to it: (Score:2, Insightful)
2. If any server on the
3. Set up a strict set of rules that define what is spam and what isn't, and all who are registered with a
FUSSP (Score:2, Funny)
new .x (Score:5, Funny)
how about a .stupid for ideas like this? maybe even a .pointlessdiscussions or .useless? i'll be the first to sign up for .stupid and .useless. You'll be able to find my blog on them.
What am I missing? (Score:5, Interesting)
After reading this article and the one a few days ago about AOL and spam, I came up with this idea
I despise spam as much as most of you. My company is actually about to start a spam campaign against my recommendations. The day they start I will quit. Slashdot, here is my idea on blocking spam. What am I missing?
We all know what IP addresses belong to which countries. At work, we only deal with customers that carry professional certifications within the US. Of our client base, less than 1% of 1% of these customers and potential customers live outside the US or Canada. Therefore, I have blocked most networks outside of the US and Canada. The only exception is .mil. This has reduced my spam problem considerably. Add to this a Bayesian filter and my spam problem is essentially eliminated. This got me thinking...
ISPs should filter e-mail according to the user's requests. When you sign up for an account, by default, you can only receive e-mail originating/relaying from the US. Now, the user can go to their email configuration and pick which countries they wish to receive e-mail from. Most users only receive email from within the US and one or two other countries. If they only receive email from a few people outside the US, then just whitelist those address. If they want, Mexico, for instance opened, then let the user check the box next to allow e-mail from Mexico. Once this is setup, let the user decide if the e-mail failing to meet these conditions should be blocked or just moved to a separate folder for review. Another possibility is that if an e-mail originates from a blocked country and the spam filter thinks it's legitimate or just doesn't get a high spam score, send an NDR that says "Your e-mail looks like spam, but this could be a false positive. In order to deliver your email, please visit this site....." On that site, put one of the many methods to verify a human is actually visiting that site and then deal with the email accordingly.
For most users, the only noticeable impact would be less spam. This would also force spammers to send and/or relay from within the US. Now if they are operating from within the US, we have an IP address within the US's jurisdiction. Granted these may be zombie machines, so if your e-mail server does a reverse lookup before allowing e-mail, these would be denied. Also, we need to get ISPs to block most ports by default. If you want a port opened, you simply request it from your ISP. Add a clause like "by opening these ports, you are taking responsibility for any traffic on these ports. If we find your computer is sending viruses or spam or DOSing, then your service will be terminated." Again, most users would never notice a difference. Those that do notice can have the ports opened.
So now, for the average user, they would only receive e-mail originating or relaying from the US from a registered e-mail server. Now we can track this back to an ISP and shut down the account, seek legal action against the ISP for supporting spam, or black list that ISP. Since the spammer would have to have an MX record, you can get the registration info. This is probably bogus, so if we force registrars to verify the identity of the person, then we could actually track this back to a person. The spammer could probably falsify this too, but every step you add slows them down.
The spammer is going to now have to purchase an account with an ISP in the US and a registrar. Both of these entities should require a method of traceable payment. This means no cash. Now, we should have a means of finding who wrote the check or who the credit card belongs to. We now either have the spammer, the spammer's company (which should lead back to the spammer), or the spammer has now committed fraud. If he commits fraud, we now have the FBI after him and potential of longer jail sentences.
Not that I have to solicit criticism here on slashdot, but I'll ask anyways. What am I missing and why wouldn't this work?
Holy cow, someone with their head screwed on right (Score:3, Interesting)
However, you have one point absolutely dead-on accurate. If you want to do any kind of server-side filtering, if there is any proposal to do so, *users* should have the ability to set this filter. Server-side filtering (as opposed to client-side) has a lot of benefits -- it means that clients don't have to be maintained, that users can easily switch clients, se
Re:What am I missing? (Score:3, Insightful)
Also, we need to get ISPs to block most ports by default. If you want a port opened, you simply request it from your ISP.
Not that I have to solicit criticism here on slashdot, but I'll ask anyways. What am I missing and why wouldn't this work?
My major fear is as soon as most ISPs switch to a system like this, opening up additional ports will only be possible for an additional cost, or for a more expensive plan.
"You want port 22 opened? That will be an additional $7.95 a month."
More useless TLDs for the ever so geeky geek (Score:5, Funny)
. - one step closer to having www./. [slashdot.org]
Yay! More TLDs! Thats just what we need. I cant wait to exclude all these new TLDs from my Google searches just to find that there's nothing left on the net but www.BringBackThePorn.com [bringbacktheporn.com]
Did I miss any?
Re: (Score:3, Informative)
Re:More useless TLDs for the ever so geeky geek (Score:3, Funny)
change to SMTP over SSL (Score:5, Interesting)
Then you could have a distributed revocation authority where people could send copies of spams (still over the SSL network to eliminate fake spam for DDoS purposes). You don't want to get your certificate revoked, so maintain your server!
This makes the system more or less secure, and puts the burden onto mail server admins. You want your regular users to be able to send mail? Then don't let random people send spam.
Individual servers could then implement whatever authentication they liked for their users to be able to send. Maybe a C/R system or authenticated logins. Whatever.
Muerte
ps. i keep posting this idea. ha!
Re:change to SMTP over SSL (Score:3, Interesting)
Because I can't think of one single entity that I'd trust to manage such a thing at a global level. Verisign? ICANN? Hah!
Verisign signs J. Random Spamfriend's certificate. JRS signs a spammer's certificate. See the problem? Maintaining a global PKI with near-real-time revocation is a non-trivial problem.
Re:change to SMTP over SSL (Score:3, Interesting)
1. The message is what the sender sent
2. The sender has the private key
Form here, you can go two ways. You can switch the whole world over to using PGP and implement networks of trust, revoking keys used for spamming, etc, etc. Or you can apply the solution to yoursel
I support new TLDs (Score:3, Funny)
What about duplicate names? (Score:3, Insightful)
So, even if this does go through and we do get a .mail TLD that is for only registerd mail servers. What happens when both companies/people owning the domains x.com and x.net suddenly want to get their x.mail domain to send mail. Who gets it? Maybe they're assuming people will opt for x.com.mail and x.net.mail. But that seems really annoying.
Lemme get this straight... (Score:5, Interesting)
Exactly when is this supposed to happen???
For right now, the best solution is to...
1) Block IPs that are causing problems...this can acutally be automated...I'm working on a script at our site that passes all spam identified by spamassassin as a level 20 or higher into a blocklist for our MTA.
2) SpamAssassin...run SA as a service for all users and give them info on how to tailor it to their own preferences...
3) ClamAV...this catches some of the really nasty stuff...the ones that use exploits to "phone home" or run code on the user's machine...
These ARE and will be the only way to stop spam into the forseeable future. The only real way to stop it all would be a redesign of the protocol from the ground-up and that is just not going to happen...SMTP is already too entrenched into the backbone of the internet...it just won't happen...
You want a new goddamned standard? (Score:5, Interesting)
For your domain, put out a text file. In that text file, put the IP addresses or range of your server.
Name the file: mailservers.txt
For example... I would have (for DracoSoftware.com) a page called mailservers.txt. It would contain:
206.67.56.202
If I had a range, it could be either individual IPs:
206.67.56.202 206.67.56.203 206.67.56.204
OR, a range delimited by a dash:
206.67.56.202-206.67.56.204
Once we get sites to publish their legit mail servers, the rest is easy... Setting up servers who do DNS-like caching at your local ISP is easy. Your individual e-mail program can then do WHATEVER IT WANTS with the e-mail... Whitelist/blacklist/take into consideration for baysian filtering... whatever. The important thing is to get the legit mail servers published.
If a mail comes from legit mail-server... Easy.
If a mail spoofs a publicized server... easy.
If a mail comes from an unknown server, mark it as suspicious.
If people want, I'll start posting names of domains that were cool enough to create a mailservers.txt file.
Ready??? GO!
~D
Re:You want a new goddamned standard? (Score:5, Informative)
Here's the goddamned standard... Make it ultra-easy so it's simple to hit critical mass where everyone uses it.
Take a look at this: Sender Policy Framework [pobox.com].
There is even a wizard that walks you through the creation of the appropriate TXT records for your DNS zone file.
How the .mail domain will work (Score:5, Insightful)
Whitelists work. Do they eliminate all spam? No. Are they part of a framework for reducing spam? Yes. Snide remarks about the futility of any possible approach to the spam problem may be amusing, but they obscure the fact that real (not perfect, but real) progress is possible. A
Needs the blessing of a standards body... (Score:3, Funny)
.maill or .org (Score:3, Funny)
Here we go again (Score:3, Informative)
I don't get how another new domain will curb spam. People want to send emails at the same domain as the web sites.
And what about open relays, mom-and-pop websites that won't want to go through the trouble, hacked servers, spoofed email addresses? This "new" method solves none of these things.
The
Why TLD? (Score:3, Interesting)
If this really was a good idea, then there's no reason you couldn't do it under a second or even lower tier domain.
I'd certainly trust randomdomain.approved-mailservers.spamhaus.org a lot more than randomdomain.mail
They should have spent the $45,000 fee on something useful - like legos.
-- this is not a
Typical (Score:3, Interesting)
Instead of starting with core infrastructure, they start with... registering domain names. Yeah.
Long-Term Cyclic Effects (Score:3, Interesting)
Let's assume we implement some Bayesian filtering on a widespread basis. Let's then assume that most spammers go out of business, and that the amount of spam sent drops drastically. Sounds great! But after a year or two (or five) of this, it seems to me things will be ripe for new spam action. Some spammer will get a message past the filters, which ironically may be less effective due to the lower incidence of spam. Users who haven't seen a spam message in a year will open it, and all of a sudden this particular spammer is immensely profitable. Other spammers see his success and jump on the bandwagon, and pretty soon we're back where we were before.
Of course this is all conjecture, but I do wonder if we need a better fix, one that can guarantee results long-term.
Re:Proper grammar?? (Score:3)