ICANN ICANN Email List Archives

[sac053-dotless-domains]


<<< Chronological Index >>>    <<< Thread Index >>>

From an email admins perspective

  • To: sac053-dotless-domains@xxxxxxxxx
  • Subject: From an email admins perspective
  • From: Noel Butler <noel.butler@xxxxxxxxxx>
  • Date: Fri, 21 Sep 2012 08:45:28 +1000

Dear SSAC Members,


As an Email administrator, this is a horrible idea, much of the
anti-spam measures in use today use this as one of the most basic of
tests, given a lot of machines, mostly malware infected, connect using
helo somemachinebriefname , they can be rejected outright there and
then.

If dotless domains become a fact of life,  MTA's, and anti spam software
will become much less effective, or,  and the more likely scenario, is
that the legitimate dotless domain messages will be blocked, through
fault of the MTA server, the anti spam measures, or the "if it aint
broke don't fix it" attitude many admins and businesses alike have. Even
if this was to be so, there are rightly or wrongly, many ancient
unsupported mail transport agents out there that, as unsupported, will
never be modified to allow dotless domains. Even those that are, may
take years to do anything about it, just have a look at how many servers
out there that are running such old software they barf at looking up an
SPF resource record, and sadly, many of them are on large busy networks.

The affect of this will be like ISP's blocking all inbound port 25 to
residential customers so they can not run a mail server, but allowing
business customers to do so, whilst putting those business class
customers in the residential (blocked) pool.

Another detrimental fact is with internal sites, and those who use
aliasing in their hosts file, take "foo" as an example, lets assume 
foo may now be a new legitimate domain,  foo, may also be an internal
hostname of a network, as in foo.example.net, aliased in a search/domain
entry in *nix, or a windows equivalent, in this case, foo is treated as
local, and the external domain wont be as easily accessible , if I ssh
foo, I not only want, but expect it to be that local host
(foo.example.net), and not someone else's domain, where I may start
setting off alarms for "why is this person trying to gain access to our
machine, are they trying to hack us" etc etc etc.

The cons outweigh any possible pro's, and the only pro I see, is for a
domain to grandstand, really, I mean, people do not care if its address
is http://icann  or http://icann.org , to use as an example.

I consider this a terrible, even ridiculous idea to consider, and ask
that you keep the status quo which works very well and will not cause
problems or dramas that will be felt for many years if this is approved.



--
Kind Regards,
Noel Butler
Public GPG Keys 
 
This Email, including any attachments, may contain legally privileged
information, therefore remains confidential and subject to copyright
protected under international law. You may not disseminate, discuss or
reveal any part to any one without the authors express written authority
to do so. If you are not the intended recipient, please notify the
sender then delete all relevance of this message including any
attachments immediately. Confidentiality, copyright, and legal privilege
are not waived or lost by reason of the mistaken delivery of this
message. Only PDF and ODF documents are accepted, do not send Microsoft
proprietary formatted documents.


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy