HI,
What you think about this?
- Marcelo
---------- Forwarded message ----------
Date: Mon, 12 Apr 2004 23:32:25 -0300
Subject: New .mail domain designed to slow spam
http://www.msnbc.msn.com/id/4694684/
New .mail domain designed to slow spam
Proposal offers relief from phishing scams, too
By Bob Sullivan
Technology correspondent
MSNBC
Updated: 10:41 p.m. ET April 08, 2004
It's one of the boldest proposals yet to fight spam, and it's not a moment too soon.
The first message on the public comment page devoted to the proposal read like this:
"I am a highly placed official of the Government of Nigeria and also a founding member
of the ruling Peoples Democratic Party (PDP). Myself and other colleagues in the NDDC
are currently in need of a foreign partner ..."
Last week, the Internet Corporation For Assigned Names and Numbers (ICANN) announced
it was entertaining a list of proposals for new top-level domains that would join
well-known Internet designations like .com, .net and .org. There are 10 new
variations, with creation of an all-adult .xxx domain getting perhaps the most initial
attention.
But some Internet spam fighters are putting their hopes behind a radical new e-mail
verification system that begins with creation of a top-level domain called ".mail."
As a byproduct, .mail could also put a serious dent in so-called "phisher" scams:
e-mails which look like they are from companies like eBay or Citibank, but are really
designed to steal your personal information.
While there have been a host of anti-spam schemes put forth by industry and trade
groups in recent years, the .mail proposal is being taken seriously because it's being
sponsored by one of the best known keepers of spam filter lists, the Britain-based
Spamhaus Project.
End the cloak of anonymity
At its core, the idea behind .mail is simple: eliminate the ability of spammers and
hackers to hide behind the anonymity of e-mail.
"With our proposal they can't forge the e-mail," said Chris Ambler, chief software
strategist at domain registrar eNom.com and someone who helped draft the plan. "Our
system would catch that."
The key problem with both spam and phisher e-mail has been the fact that senders can
obscure who they are, Ambler said. In fact, most phisher e-mail addresses are
"spoofed" -- that is, they appear to come from legitimate companies. That's because
today's e-mail systems are easily fooled into puttinng text like [EMAIL PROTECTED]
into the "from:" field in an e-mail.
The .mail proposal would change that.
First, taking ownership of a .mail domain name would require a much more stringent
process than the what's currently required to control a .com, .net or .org site. A
group set up by Spamhaus would verify all applications.
"We set the bar high to obtain use of one of these," said Matt, a Spamhaus volunteer
who withheld his last name -- many Spamhaus workers keep their identities secret to
avoid retribution from spammers. Matt currently assists in administerring the Spamhaus
black list, which attempts to cut off spammers by identifying their Internet
locations. "The .mail applications would be heavily vetted."
For starters, only owners of the corresponding .com sites could pick up .mail sites --
in other words, only msnbc.com could control msnbc.com.mail. And the .mail version
would only be granted if the .com versioon of the site had been in stable ownership
for six months, and the corresponding administrative contact information was valid. In
addition, registration would be a hefty $2,000.
Authorized e-mail only
The second step in implementing the anti-spam proposal would require software changes
in the back-end systems that pass e-mail around the Internet. E-mail servers would
have to be reprogrammed to challenge every e-mail that arrives, double-checking the
return address against the Spamhaus list. Only e-mail with return addresses that check
out would be sent; e-mail with "spoofed" headers would be dropped.
The effect is similar to a white list, where only mail from a pre-approved set of
people is allowed into an inbox. With .mail, only e-mail from preapproved domains is
allowed through.
The software changes to e-mail servers isn't an overwhelming barrier and in most cases
could be made in a few minutes, Matt said.
Eric Allman, the creator of Sendmail, the e-mail routing software which processes
about two-thirds of the Internet's e-mail, is also on the board of directors for the
proposed .mail governing organization.
ICANN is currently hosting a public comment period on all the new proposals. So far,
.mail hasn't attracted much attention, beyond the former Nigerian government officials
and a set of e-mails with familiar subject lines like "Re:Your Document," generated by
computer viruses -- exactly the kind of stray traffic the proposal is designed to
contain.
Won't stop current spam
But critics have already begun to attack the plan, saying spammers will simply find
their way into the .mail system the way they have taken ownership of various .com
domains.
The .mail signup process will be so time-consuming that it wouldn't be financially
viable for spammers to use it, Matt said. And Spamhaus' experienced staff will be able
to shut off any domain owner who misbehaves.
Instead, the biggest challenge facing acceptance of the .mail solution is the fact
that it doesn't do anything to stop the flow of spam or phisher e-mails that pound
your current inbox.
"This isn't a plan to end spam," said Matt. "This will just help ensure sender
authentication. But that doesn't sound as marketable."
Another way of putting it: The proposal wouldn't so much fix the current e-mail system
as create a new, spam-free e-mail area of the Internet. Spammers could still send just
as much e-mail throughout their currently-owned .com domains; criminals could still
impersonate eBay.com.
"This won't stop people from spamming in .com and .net," Ambler said. "But it will
only allow legitimate mailers to get into the .mail zone."
That could be a relief to companies like eBay.com, which are having trouble
communicating with their customers via e-mail, since so there are so many fake e-mails
floating around. E-mail from eBay.com.mail would effectively have a Good Housekeeping
seal. Eventually, Matt said he hopes that e-mail clients could display such notes in a
different color, or with a new logo that designated them as authentic.
And when the system reached critical mass, e-mail users could largely ignore most
e-mail that came from .com and .net domains.
That might sound like a radical solution, but Matt said he believes the spam problem
is weighty enough that e-mail providers and users are ready to take major steps to
address it.
"Critical mass will be reached by people getting more and more fed up with the amount
of spam," he said.
� 2004 MSNBC Interactive
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
