Re: Google and UK.COM domains
On Tue, Dec 14, 2021 at 09:46:52PM +0100, Jaroslaw Rafa wrote: I'm not sure how exactly PSL is maintained, but I guess that if you'd want scconsult.com to be included in PSL (so that you could somehow back up your claim that it's a registry) Every operator of any domain is a registry operator: you register domains inside your domain. That's how DNS works. If you want to assert that you accept such registrations from the public, you can tell the PSL: https://publicsuffix.org/submit/ I suspect, however, that we're getting a little off-topic for this list. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com
Re: Google and UK.COM domains
if you have made successfully a DIY registry you could benefit from it by finance. such as what "de.com", "uk.net", "in.com" does. :) I always have a dream to buy a top-level domain from IANA and run my own registry biz. For instance ".tomato" is my gTLD, welcome you to become the registrar for this TLD. On 2021/12/15 7:34 上午, Bill Cole wrote: All that might be nice, were I *actually* running a DIY registry, but suppose that all I want to do is assure that my alter-ego/customer/subcontractor spammers get reported to ME rather than upstream: why do any of it?
Re: Google and UK.COM domains
Let's all take a deep breath and recall that the origins of the PSL are in web browsing, and directly tied to that invention so necessary to our collective privacy: the cookie. It was a list, originally maintained by Mozilla, of domains (or stems) that you can't set cookies for. -- Fred Morris
Re: Google and UK.COM domains
On 2021-12-14 at 15:46:52 UTC-0500 (Tue, 14 Dec 2021 21:46:52 +0100) Jaroslaw Rafa is rumored to have said: Dnia 14.12.2021 o godz. 13:34:06 Bill Cole pisze: For example, I could *CLAIM* to be an independent customer of whoever runs scconsult.com as a registry, and I just "registered" billmail.scconsult.com with them, and therefore am completely innocent of the bad behavior by some evil guy who "registered" spammer.scconsult.com. All that bozo who runs scconsult.com does is hand out subdomains without oversight, because ICANN has no jurisdiction over non-parties to their association. I'm not sure how exactly PSL is maintained, but I guess that if you'd want scconsult.com to be included in PSL (so that you could somehow back up your claim that it's a registry), Why bother? Anyone disputing my claim is welcome to try to disprove it. :) you would need some proof that actually anyone can register the domain under scconsult.com. You would probably need to have a publicly documented registration procedure and policy, and maybe be able to demonstrate a bunch of actual independent subdomains registered under this domain, run by someone else than you? Because that's the way eu.org, uk.com and similar operate. All that might be nice, were I *actually* running a DIY registry, but suppose that all I want to do is assure that my alter-ego/customer/subcontractor spammers get reported to ME rather than upstream: why do any of it? It's pretty easy to mimic a diligent abuse desk. The fight for better policy enforcement standards and transparency was lost decades ago, to the point that a faux registry could easily appear to out-BOFH the poor abuse desk folks at eu.org and uk.com who are presumably tethered to honesty. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Google and UK.COM domains
Dnia 14.12.2021 o godz. 13:06:49 Andrew Sullivan pisze: > On Mon, Dec 13, 2021 at 12:31:07PM +0100, Jaroslaw Rafa wrote: > >That's exactly what Public Suffix List is for. It lists all such domains. > > Well, to be a little more pointed about it, it attempts to provide a > volunteer-curated list of such domains. It does an amazing job for what > it is, but it's certainly not perfect and is basically a curated list and > not something that can be properly generated out of the DNS. Because you simply can't generate such list automatically out of DNS, as there is no rule allowing to recognize such domains. The curated list is the only possible option. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Google and UK.COM domains
Dnia 14.12.2021 o godz. 13:34:06 Bill Cole pisze: > > For example, I could *CLAIM* to be an independent customer of > whoever runs scconsult.com as a registry, and I just "registered" > billmail.scconsult.com with them, and therefore am completely > innocent of the bad behavior by some evil guy who "registered" > spammer.scconsult.com. All that bozo who runs scconsult.com does is > hand out subdomains without oversight, because ICANN has no > jurisdiction over non-parties to their association. I'm not sure how exactly PSL is maintained, but I guess that if you'd want scconsult.com to be included in PSL (so that you could somehow back up your claim that it's a registry), you would need some proof that actually anyone can register the domain under scconsult.com. You would probably need to have a publicly documented registration procedure and policy, and maybe be able to demonstrate a bunch of actual independent subdomains registered under this domain, run by someone else than you? Because that's the way eu.org, uk.com and similar operate. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Google and UK.COM domains
On Tue, Dec 14, 2021 at 01:34:06PM -0500, Bill Cole wrote: For example, I could *CLAIM* to be an independent customer of whoever runs scconsult.com as a registry, and I just "registered" billmail.scconsult.com with them, and therefore am completely innocent of the bad behavior by some evil guy who "registered" spammer.scconsult.com. Yes, totally. This was an issue we experienced with dyndns.org domains, for instance (I used to work there). The ICANN community remit is basically policy over the DNS root zone, and despite the many efforts various people have made to sell them as "the people in charge of the DNS" the DNS, plainly, does not actually work that way. The legitimacy of eu.org and uk.com *as registries* is unmoored to ICANN policy, just as scconsult.com would be if I ran it as a registry+registrar. I don't follow ICANN activities closely but I believe that they explicitly allow registrars and registries to judge a domain to be used abusively and rescind the registration. Back in the distant past, some would do so. COM has always been fairly reluctant to cancel things. PIR, who are the registry for ORG, have IMO a fairly robust but narrow meaning of "abuse", which they definitely enforce. There are ICANN consensus policies that make it much easier for the registrar to act than for the registry, however, and that is how the market is designed & so is as it should be. (Full disclosure: I'm the CEO of the Internet Society, and PIR is a supporting organization of the Internet Society. I am not speaking for the Internet Society here and I'm definitely not speaking for PIR.) A -- Andrew Sullivan a...@anvilwalrusden.com
Re: Google and UK.COM domains
On 2021-12-14 at 12:52:06 UTC-0500 (Tue, 14 Dec 2021 17:52:06 +) Chris Green is rumored to have said: I have a mix of .co.uk, .com, .net, .org, .biz, .uk, .be and .eu domains. All of which are subject as domains to ICANN and/or governmental registry rules. Surely it's the provider of the hosting who gets blacklisted not the 'name' of the host. No, not so much. It takes some work to determine the "hosting" of any particular machine, and it really isn't appropriate to blacklist a hoster (i.e. an Autonomous System Number with multiple large address assignments) for the behavior of one customer, provided they address policy violations in a sensible fashion and are not ONLY hosting abusive customers. A DNS parent (like a registry or pseudo-registry) is a much simpler target to identify and a much more granular way to target consequences. For example, Postfix has directives to reject mail based on the name or IP address of the nameserver used for the sender domain, the HELO/EHLO name, and the (verified) reverse client hostname. It has no way to reject based on ASN. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Google and UK.COM domains
On 2021-12-14 at 13:10:36 UTC-0500 (Tue, 14 Dec 2021 13:10:36 -0500) Andrew Sullivan is rumored to have said: Hi, On Tue, Dec 14, 2021 at 12:35:17PM -0500, Bill Cole wrote: On the other hand, anyone who wants to do so can buy a 2nd-level domain in a gTLD and run a pseudo-registry like uk.com or eu.org for subdomains. Not any more in new TLDs. There's an ICANN consensus policy that is designed to prevent this. It was put in place for the 2001-round expansion (.info, .biz) of the root and has not, AFAIK, ever been repealed. There had to be a special provision permitted to allow "2-character IDNs" (which aren't 2 characters in the DNS, since they all start xn--), in fact. My point was really about the pseudo-registry/registrar use, not the 2-character aspect of those 2 particular names. For example, I could *CLAIM* to be an independent customer of whoever runs scconsult.com as a registry, and I just "registered" billmail.scconsult.com with them, and therefore am completely innocent of the bad behavior by some evil guy who "registered" spammer.scconsult.com. All that bozo who runs scconsult.com does is hand out subdomains without oversight, because ICANN has no jurisdiction over non-parties to their association. The legitimacy of eu.org and uk.com *as registries* is unmoored to ICANN policy, just as scconsult.com would be if I ran it as a registry+registrar. I don't follow ICANN activities closely but I believe that they explicitly allow registrars and registries to judge a domain to be used abusively and rescind the registration. Back in the distant past, some would do so. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Google and UK.COM domains
Hi, On Tue, Dec 14, 2021 at 12:35:17PM -0500, Bill Cole wrote: On the other hand, anyone who wants to do so can buy a 2nd-level domain in a gTLD and run a pseudo-registry like uk.com or eu.org for subdomains. Not any more in new TLDs. There's an ICANN consensus policy that is designed to prevent this. It was put in place for the 2001-round expansion (.info, .biz) of the root and has not, AFAIK, ever been repealed. There had to be a special provision permitted to allow "2-character IDNs" (which aren't 2 characters in the DNS, since they all start xn--), in fact. But most of the original TLDs already had all the 2-character combinations sold by the time the new restriction went into place, so the rules don't hold for those. A -- Andrew Sullivan a...@anvilwalrusden.com
Re: Google and UK.COM domains
> Surely it's the provider of the hosting who gets blacklisted not the > 'name' of the host. RBL public black list companies keep a database of both IP's and domain names. While banning the IP does blacklist the hosting provider, banning the domain name follows them no matter where they host. Spammers know this which is why they purchase disposable domain names in bulk. I've seen a lot of disposable .co domains being used for spam lately.
Re: Google and UK.COM domains
On Mon, Dec 13, 2021 at 12:31:07PM +0100, Jaroslaw Rafa wrote: That's exactly what Public Suffix List is for. It lists all such domains. Well, to be a little more pointed about it, it attempts to provide a volunteer-curated list of such domains. It does an amazing job for what it is, but it's certainly not perfect and is basically a curated list and not something that can be properly generated out of the DNS. A -- Andrew Sullivan a...@anvilwalrusden.com
Re: Google and UK.COM domains
On Tue, Dec 14, 2021 at 12:35:17PM -0500, Bill Cole wrote: > On 2021-12-13 at 06:19:47 UTC-0500 (Mon, 13 Dec 2021 19:19:47 +0800) > Frank Hwa > is rumored to have said: > > > for the second level domain, some are "com.au", "com.hk" (the com one), > > some are "co.uk", "co.jp" (the co one). I am not sure, isn't there a > > standard for this naming? > > No. The 2-letter TLDs are reserved for national authorities in each country, > who are broadly unwilling to be governed by sensible standards from > trans-national trade associations like ICANN. > > On the other hand, anyone who wants to do so can buy a 2nd-level domain in a > gTLD and run a pseudo-registry like uk.com or eu.org for subdomains. Such > operations meet great skepticism because historically spammers have tried to > insulated themselves from policy enforcement by running sock-puppet upstream > providers. I don't recall such an example in the past decade, but memories > are long. > I have a mix of .co.uk, .com, .net, .org, .biz, .uk, .be and .eu domains. They are all hosted on just two providers, one in the UK and the other in France. As far as I'm aware they could all be hosted on the same provider. Surely it's the provider of the hosting who gets blacklisted not the 'name' of the host. -- Chris Green
Re: Google and UK.COM domains
On 2021-12-13 at 06:19:47 UTC-0500 (Mon, 13 Dec 2021 19:19:47 +0800) Frank Hwa is rumored to have said: for the second level domain, some are "com.au", "com.hk" (the com one), some are "co.uk", "co.jp" (the co one). I am not sure, isn't there a standard for this naming? No. The 2-letter TLDs are reserved for national authorities in each country, who are broadly unwilling to be governed by sensible standards from trans-national trade associations like ICANN. On the other hand, anyone who wants to do so can buy a 2nd-level domain in a gTLD and run a pseudo-registry like uk.com or eu.org for subdomains. Such operations meet great skepticism because historically spammers have tried to insulated themselves from policy enforcement by running sock-puppet upstream providers. I don't recall such an example in the past decade, but memories are long. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Google and UK.COM domains
Dnia 13.12.2021 o godz. 10:10:07 jdebert pisze: > On Mon, 13 Dec 2021 19:19:47 +0800 > Frank Hwa wrote: > > > for the second level domain, some are "com.au", "com.hk" (the com > > one), some are "co.uk", "co.jp" (the co one). I am not sure, isn't > > there a standard for this naming? > > > > A long-standing convention to use ISO 2-letter country > codes as TLD for each nation since at least the beginning of DNS, IIRC. > > For consistency sake, 2 letter 2nd level domains were used. ie, co, or, > ac (equivalent of edu), etc. This is not a universal rule. Some countries use 2-letter SLDs like .co.uk, .co.at, but others adopted the traditional three-letter TLDs like .com, .org etc. to be used as SLD within country's TLD - like .com.pl, .com.br etc. And probably most of the countries do not use any generic SLDs under country's TLD (at least not mandatory ones), but just allow to register names directly under country's TLD, like somename.de, somename.hu, somename.nl etc. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Google and UK.COM domains
On Mon, 13 Dec 2021 19:19:47 +0800 Frank Hwa wrote: > for the second level domain, some are "com.au", "com.hk" (the com > one), some are "co.uk", "co.jp" (the co one). I am not sure, isn't > there a standard for this naming? > A long-standing convention to use ISO 2-letter country codes as TLD for each nation since at least the beginning of DNS, IIRC. For consistency sake, 2 letter 2nd level domains were used. ie, co, or, ac (equivalent of edu), etc. The US had and still has the .us. TLD. but that uses a different policy than the rest of the world. These may be codified, most likely are. I have had no reason to look into it. The most common TLDs of org, com, net, edu, mil, etc., are persistent artifacts of ARPANET. These are codified in early RFCs. -- --
Re: Google and UK.COM domains
On 2021-12-12 at 05:09:00 UTC-0500 (Sun, 12 Dec 2021 10:09:00 +) Linkcheck is rumored to have said: b) The customer's domain is one of the hugely expensive UK.COM pseudo-TLDs. UK.COM has been reported as being spammy; I assume due to bad apples amongst a high number of otherwise ok subdomains. And a failure (at least historically...) of the operators of uk.com to accept responsibility for the misbehavior of their customers. They can call themselves a TLD all they like, but that does not change the fact that they are NOT a TLD. My suspicion is that google is delaying the mail based on the reputation of the generic UK.COM domain name. Is this likely? Yes. Is google really dumb enough to treat all UK.COM subdomains as part of the same single domain? LOL, Yes. Why would you think otherwise? Any large organization is as dumb as its dumbest member. Google is very large and simple probability assures that regularly the organization will do something stupid because they have so many people capable of doing stupid things. If so, given they allow spammers virtually free range to send FROM gmail this is a bit hypocritical. It may seem that way, but it is illusory. The problem isn't that they miss a larger fraction of the spam people try to send though them than most smaller operations, it is that they are so damn huge that even if that's 1% of what is attempted, it's a mess. I have looked closely at what actually comes out of Google, Yahoo, & Microsoft on a few different receiving systems, and what I see is that for normal target addresses in use by humans, Google and Microsoft each consistently have a better ham/spam ratio than the average. They are not as clean as most small senders of legit business and personal mail, but they are far better than the bulk of senders (bots that only send spam) and somewhat better than the bulkiest senders (low-end ESPs.) -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Google and UK.COM domains
aha, you were smart.:) On 2021/12/13 7:32, Benny Pedersen wrote: i can make subdomain nameserver delegations if it was a good idear in the first place
Re: Google and UK.COM domains
On 2021-12-13 12:19, Frank Hwa wrote: for the second level domain, some are "com.au", "com.hk" (the com one), some are "co.uk", "co.jp" (the co one). I am not sure, isn't there a standard for this naming? i can make subdomain nameserver delegations if it was a good idear in the first place imho that was why co.dk died but my dns hoster does not yet support nullMX, hmm :=)
Re: Google and UK.COM domains
Dnia 13.12.2021 o godz. 19:19:47 Frank Hwa pisze: > for the second level domain, some are "com.au", "com.hk" (the com > one), some are "co.uk", "co.jp" (the co one). I am not sure, isn't > there a standard for this naming? That's exactly what Public Suffix List is for. It lists all such domains. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
AW: Google and UK.COM domains
On a side note, I see fraud and nigeria spam directly from Gmail accounts on the rise for some time now. Not only the Reply-To hosting, that they happily provide for many years to the criminal world. > If so, given they allow spammers virtually free range to send FROM gmail this > is a bit hypocritical.
Re: Google and UK.COM domains
for the second level domain, some are "com.au", "com.hk" (the com one), some are "co.uk", "co.jp" (the co one). I am not sure, isn't there a standard for this naming? regards. Frank On 2021/12/13 6:59, Benny Pedersen wrote: co.uk co.dk
Re: Google and UK.COM domains
Dnia 13.12.2021 o godz. 11:59:28 Benny Pedersen pisze: > > publicsiffix is poinsende :=) > > co.uk co.dk > > later is now non existing or just marketing > > note imho dmarc see tld uk, and dmarc subdomains is not on co.uk, so > maybe google is not that dumb ? What does co.uk have to do with uk.com ? Nobody told here anything about co.uk domain... Nobody also mentioned DMARC here. In my case (rafa.eu.org) I have both SPF and DMARC records, and both pass as indicated by Google. Yet it doesn't help anyhting against marking my emails by Google as spam... It is not a case of SPF, DMARC or anything we outside of Google can check. It is a case of "domain reputation" as seen *internally* by Google. And it clearly seems that Google is *merging* that "reputation" for different domains for which it shouldn't do this. That's what PSL is for - to specify which domains should *not* be mixed up with one another. Don't defend Google's email service, it's already so bad that it's not worth defending... Friends should not let friends use Gmail - that's all that can be said about it. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: Google and UK.COM domains
On 2021-12-13 11:41, Jaroslaw Rafa wrote: Both eu.org and uk.com are on the Public Suffix List (https://publicsuffix.org/list/public_suffix_list.dat ) which clearly indicates that different subdomains of these domains should NOT be treated as a part of the same entity. But yes, Google IS dumb enough to do so. publicsiffix is poinsende :=) co.uk co.dk later is now non existing or just marketing note imho dmarc see tld uk, and dmarc subdomains is not on co.uk, so maybe google is not that dumb ?
Re: Google and UK.COM domains
Dnia 12.12.2021 o godz. 10:09:00 Linkcheck pisze: > > My suspicion is that google is delaying the mail based on the > reputation of the generic UK.COM domain name. Is this likely? Is > google really dumb enough to treat all UK.COM subdomains as part of > the same single domain? Same happened for me a few weeks ago, Google started to similarly temp-reject mails from my domain rafa.eu.org. Mails from other domains sent from the same IP go through without issues. Previously, for over a year Google has been (and still is) putting emails from my rafa.eu.org domain into recipients' Spam folders, so it is actually worse situation than being rejected, because I think that the message has been delivered and the recipient never sees it (as the majority of average Gmail users never look into their Spam folders, as they firmly believe that they have absolutely no reason to). I have discussed this a lot on the mailop mailing list, and most people there (including someone from Google who occassionally appeared) seem to confirm that this is due to reputation of eu.org domain as a whole. What seems really "funny" that I am the only user at domain rafa.eu.org who is actually sending out mails (there are a few "receive only" addresses except mine, but mine is the only one used for sending) and I am 100% sure that never any spam has been sent from this address. Yet Gmail is treating almost every mail from me as spam (even marking the mail as non-spam by the recipient often doesn't help for further messages!) Both eu.org and uk.com are on the Public Suffix List (https://publicsuffix.org/list/public_suffix_list.dat ) which clearly indicates that different subdomains of these domains should NOT be treated as a part of the same entity. But yes, Google IS dumb enough to do so. > If so, given they allow spammers virtually free range to send FROM > gmail this is a bit hypocritical. 100% agree. They simply don't care about anyone that isn't using Gmail. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Google and UK.COM domains
I run a small postfix/dovecot mail service for my website customers. For the past several months one of my customers has had mail to gmail addresses delayed by approx 12 hours. The delaying/rejecting messages returned by google are on the lines of: (host alt1.gmail-smtp-in.l.google.com[142.250.153.27] said: 421-4.7.0 [185.35.151.121 15] Our system has detected that this message is 421-4.7.0 suspicious due to the very low reputation of the sending domain. To 421-4.7.0 best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. v7si12873259edc.295 - gsmtp (in reply to end of DATA command)) I know this isn't due to my mail server - at least, no one else has a problem with it and it has DMARC, DKIM and SPF correctly set up. I send several emails per week through it to gmail addresses with no problem. I can find no reason for the delay except for: a) The customer sometimes (not often) sends a mailshot which includes about a dozen gmail addresses, but this rejection happens whether or not a mailshot is in progress and can be some weeks afterwards. b) The customer's domain is one of the hugely expensive UK.COM pseudo-TLDs. UK.COM has been reported as being spammy; I assume due to bad apples amongst a high number of otherwise ok subdomains. My suspicion is that google is delaying the mail based on the reputation of the generic UK.COM domain name. Is this likely? Is google really dumb enough to treat all UK.COM subdomains as part of the same single domain? If so, given they allow spammers virtually free range to send FROM gmail this is a bit hypocritical. -- Dave Stiles