Chris Linfoot | Meltdown and .mail

Wednesday, 14. April 2004

Meltdown and .mail

Looking through the logs and spamtraps here after the Easter break, one thing is abundantly clear - email cannot continue the way it is now.

The exponential growth in spam and related abuses continues unabated. Even with the very strong countermeasures already deployed here, it is increasingly difficult to insulate users from the impact of these abuses and the volume of unblocked, unfiltered spam in users' in-boxes is rising inexorably.

If ever there was a time to pay due attention to the detail of proposed enhancements to global email it is now. Few proposals before .mail (none in my memory) have even come close to addressing the root cause of the problem -- a peer network of 4 billion IPv4 addresses and no means of distinguishing those that should be sending email from those that should not.

In a nut shell, the issue is one of scale. Conventional approaches to spam (blocking, filtering) must eventually fail because spam itself has the potential to scale well beyond their limits. And that is just with IPv4. Add IPv6 to the mix and you can simply forget an unregulated global peer network as a viable email backbone. Email in anything like its present form will be killed off.

And yet reading some of the comments over at the ICANN stld-rfp-mail archive, and from comments addressed to me personally there seems to be both a lot of confusion over .mail and an utter paucity of well thought out alternatives. Sadly, this is compounded further by attempts to obfuscate an apparently complex issue by parties with interests to protect. In truth, .mail is neither particularly difficult nor necessarily expensive for the majority of net users. Why?

You only need a .mail domain if you operate a mail server that sends email direct-to-MX.
Home users who use only an MUA to send outbound mail via their ISP's mail hosts will never need .mail domains, even if they have their own .com, .net or whatever domain with MX at their ISP.
Hobby or small business users who do operate an MTA, but relay all outbound email via their ISPs' smart hosts do not need a .mail domain.
If you currently do send direct to MX and wish to avoid the .mail domain charge and have the benefit of a .mail domain, then arrange with your ISP to be allowed to relay all your outbound mail via their hosts (assuming the ISP in question does operate a .mail domain).
No-one wishing to receive email needs a .mail domain - though these users may find it useful to check whether hosts delivering mail to them are in .mail.
If you do not register the .mail version of any or all of your domains, no-one else can steal them from you - they will just never be used.
If you do operate your own MTA and want to continue to send direct-to-MX and you therefore decide to use a a .mail domain, you only need one even if you operate several mail hosts and send mail on behalf of several domains. The check at the receiving end is simple; does this mail originate at a host in .mail? That is all.
You do not need to change your email address. If your address is user@example.com, it will still be user@example.com, not user@example.com.mail (the only @*.mail addresses that will be much used will be abuse@ for each domain and these will go to the Anti Spam Community Registry, not to user sites).

.mail will succeed if adopted by:

Medium/Large Businesses
Internet Service Providers
Suppliers of value added services such as outside-the-perimeter virus scanning (Messagelabs for example)

All of these can afford the cost of registering the one .mail domain they will actually need and the Internet mail system will finally have what it so desparately lacks now - a virtual central backbone of trust.

(See also my earlier post on .mail.)

Category: Fixing SMTP
Technorati: Fixing SMTP

Comments :

1. Gerco Wolfswinkel14/04/2004 12:30:29
Homepage: http://www.wolfswinkel.net

What's the proposed 'fine' for registering a .mail domain? I haven't been able to find that. I do agree with the usefulness (and elegance) of the .mail proposal, but don't quite see the need for a high entry fee (there should be a fee for covering the costs, obviously). The owner of a domain controls the creation of .mail, so the entry charge seems just a fine for small parties. Is it intended specifically to shut those out from direct to MX SMTP mail?

Anyone capable of registering a .mail domain and configuring a server properly should be able to send mail direct to mx imho. The Anti Spam Community Registry should have the authority to act against any abuse of .mail to weed out abusers (or lax administrators )

2. Chris Linfoot14/04/2004 12:56:10

1) $2,000 and it's not a fine - it is subject to negotiation with ICANN at the next stage of the RFP and could well come down.

2) For the record, I will pay it - gladly.

3) A by product of .mail may be that in future fewer hosts will send mail direct to MX, but this is not the primary intention

4) Sending email direct to MX is not a right, it is a privilege, albeit one we have become accustomed to taking for granted.

You pay tax to keep your car on the road (not a fine), you pay taxes to cover the cost of police and other law enforcement agencies (not a fine either). In this context, is paying for a .mail domain really so bad?

5) You don't have to pay for one anyway, providing your ISP does.

And I wouldn't worry about having to use an outbound SMTP smarthost. You can still have MX for all your domains pointed directly at your own servers so you can use blacklists, whitelists and so on.

Unable to post a comment? Please read this for a possible explanation...