One, we applaud the authors for their intentions but, however, the
critics of the ".mail" Domain Name Extension addition are
unfortunately quite accurate in their assessment saying "spammers will
simply find their way into the .mail system the way they have taken ownership
of various .com domains."
Two, the British Spamhaus guys’ effort is laudable but
unfortunately much overly optimistic and unrealistic and just plain
erroneous. The fact that they are "totally depending" on a
paltry $2,000 dollar "market entry fee" (a/k/a registration fee) to
scare away multimillion dollar spammers is ludicrous and downright funny much in
the same spirit as a Monty Python Rube-Goldberg machine that requires the
movement of raw eggs to stop spam (or sometimes "cook it" - the real
spam too that is). It would be so easy for the deceitful mega-spammers to
simply start up scores of dummy corporations and just let them age like a fine
wine until they sequentially one after another month after month reach the ripe
old age of 6 months and THEN start their old usual spamming operations again.
Three, the proposal is useless because they neglected to address the
existing email and .com markets when they stated and we quote: "the .mail
version would only be granted if the .com version of the site had been in
stable ownership for six months, and the corresponding administrative contact
information was valid. In addition, registration would be a hefty
$2,000." So, considering that statement, it sounds quite clear that
they would expect the existing market to totally stop using their email (to
avoid spam) or wait 6 months to start using it again under the auspices of a
".mail" scenario.
Four, they have no idea how changing the way standard email works would
affect the Fortune 500 and Global 2000 companies' internal operations, existing
applications dependent on the current and backward compatibility of standard
email which tells me possibly that none of them have ever worked for a company
with more than a few dozen people in it or they are simply not experienced
enough to anticipate the HUGE impact it would have on these large companies -
which is why they wouldn't change to ".mail" technology. The internet
is already so established as well as existing email behavior that their
".mail" scenario would take a decade to take affect, if ever.
Five, companies like "eBay" would not likely see much relief
with a ".mail" strategy because most of their customers (99.99%) are
private individual consumers - the easiest TYPE of email addresses to spoof
because most users don't even understand the basics of how email works and
would not be able to detect that someone is "spoofing them", and
besides, it would cost a fortune for every individual to "register"
their email and ISP addresses with "eBay", and then with all the
other companies they would have to register with because of the "authentication
problem" they have.
Six, there are so many application programs (thousands at every large
company) that would have to be "retrofitted" and hand-programmed to
change their sender email addresses from using ".com" and
".net" addresses that the task would take at least 7 to 10 years to
complete because even if companies still have the original source code that
programs in their ".com" and ".net" sender addresses, it
would take so many dedicated programmers 7 - 10 years to change every line of
code even if these projects were budgeted. But, speaking of budgets, that
brings us to reason seven why ".mail" isn't a well-thought out
solution.
Seven, after the huge cost of the "Y2K" year 2000 programming
changes that were made by companies and the past 3 and a half years of the
“dry economy”, getting companies to retrofit every
application to handle a non-standard email technology like
".mail" would cost them a fortune with "no guarantee or even
near guarantee" because spammers could still setup up "legitimate
.mail accounts" and do what they've always done.
Eight, most large companies DON'T have all the source code for all
their application software so they'd still have to be able to receive the standard
".com" and ".net" based emails instead of only receiving
the new ".mail" type emails.
Nine, first before anything happens within large companies, their tool
vendors would have to first make the changes to their tools to handle the
".mail" technology before corporations could even begin to change
their existing application software so there's another long wait for a lead
time to tool availability.
So, to summarize, it looks like there are so many reasons as to why
".mail" doesn't make sense that I pity any investor that dumps money
into the effort at this point. If you think about it, when banks used PBX lines
(Private Branch eXchanges) also known as "private leased lines",
there were almost never any false messages sent or received on those networks
because they used private hardware communication wires (not shared) and the
only way to "spoof" the system was to physically cut the wires and tap
into the system if and only if someone knew the protocol and produced hardware
devices capable of transmitting and receiving the proper signal levels without dragging
down the real signals by tapping into the wire in the first place. Unfortunately today few of those lines
are available compared to all the millions of virtual communication wires
available at significantly lower costs.
We are not arguing that nothing can work so we should throw up our
hands, but it's dismaying that the same old unworkable anti-spam approaches
keep reappearing over and over, reinvented by people who haven't done the most
rudimentary investigation of prior work, invariably foundering on the same
problems that came up the last six times that similar proposals failed.
Sincerely,
Chris Weideman, Chief Architect, Daimler Chrysler Services, Ypsilanti,
Michigan
Stephen Lange Ranzini, President & Chairman, University Bank, Ann Arbor,
Michigan & the U.S. Delegate to United Nations CEFACT TBG5 (Finance)
Comments welcome at: ranzini@xxxxxxxxxxxxxxxxxxx
Note: The authors speak in a strictly personal capacity and their
titles are provided solely for purposes of establishing their credentials.
�