ICANN ICANN Email List Archives

[stld-rfp-mail]

<<< Chronological Index >>>    <<< Thread Index >>>

.mail opinion

  • To: stld-rfp-mail@xxxxxxxxx
  • Subject: .mail opinion
  • From: Ginger <gingerbellhop@xxxxxxxxx>
  • Date: Fri, 9 Apr 2004 08:26:51 -0700 (PDT)

The .mail solution to spam does not even begin to address the spam problem.

Let's take Yahoo as an example. How many free and paid email addresses does Yahoo provide? The number is in the thousands, perhaps even millions. They are all registered under yahoo.com.  These are the favored addresses for eBay. Will you attempt to enforce a $2000 registration fee on each one of these users?

And that's just one of the free and paid email providers on the web. There are thousands. I can purchase a script today and set up shop providing free and paid email under my domain.

Or is the plan to charge Yahoo $2000 and then they just give away email addresses or charge for email addresses?

Then consider how many email addresses have been issued under dialup accounts such as comcast.net, verizon.com and so on.

Is the plan that only businesses will be able to send email?

The second problem is the authentication scheme. This will not deter criminals adept at forgery, identity theft and sting operations. Does spamhaus plan to visit the physical address of each applicant?

Third, spamcop, spam assassin, and like products not only filter out spam, they filter out legitimate email. I have personally had legitimate email rejected by servers using these systems. I can only assume that this system will have similar, if not the same problems.

Fourth, we have had to obscure the path and names for our form mail scripts on our server. This has actually been somewhat effective - what we find is that the spammers spider our sites continually, searching for instances of formmail, and other scripts to hijack and employ for spamming. If they can't find them, they can't use them. What is to prevent spammers from using the form mail scripts on the .mail domain? And what is to prevent crackers and hackers from infiltrating any new system put in place. You can be sure that they will get to work just as fast as they can to crack the system.

Given the above considerations, I do not see how .mail will do anything effective other than make somebody very rich collecting a $2000 registration fee.

The actual solution probably lies in the direction of applying standards to email client software, designing the software to detect forged headers and implementing a system similar to Yahoo's permission based friends list in all email clients on the market and handling the security holes in form mail scripts that allow them to be hijacked.

 

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today
<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy