<<< Date Index >>>     <<< Thread Index >>>

[alac-forum] Usurping Domain Names

For some time now, I have been receiving notifications of undeliverable email that did not originate from our server. It seems some SPAM-Mongers have been using our domain as their return address.
I want to stress that we, a legitimate ".org" are not a commercial enterprise, and never send commercial email. Any and all commercial email bearing our domain name, is a forgery. I have even seen in the undeliverable email transcript, where the sender actually uses our domain name in the SMTP handshake ... (HELO notaro.org) ... with the ultimate result that our domain has started to become blacklisted, rendering legitimate important email undeliverable.
This is no longer a matter of annoying email cluttering your in-box. Name space is property; we pay money to own it, and to use it without authorization is stealing ... and we are suffering material damages in the form of the inusability of our communications infrastructure.
The problem is manifested in two things: First, is the fact that there is no good way to certify that the sender is who he says he is. The second, is the practice of blacklisting. The first could be solved by adding digital signatures to the SMTP protocol, requiring all SMTP Servers to absolutely identify themselves to each other, and upon email reception, each server could stamp the message with the sender's true identity, so that all mail can be traced absolutely back to the actual originator. I realize that this will involve a massive change to the world internet infrastructure, but the problem of SPAM has reached a critical condition where something must be done; And tracing its source will go a long way to getting this under control.
The second issue, the practice of blacklisting, is a problem because it only harms the innocent. I realize that these measures are being undertaken in self defense, but the fact is that when SPAM Mongers get blacklisted, they just switch domain names ... they do it like you and I change our clothes ... and they don't even have to go through the trouble of registering new domain names .... they just use someone else's ... its easier, cheaper, and it leaves no trail To blacklist a given domain they are using on Tuesday does nothing to curtail SPAM on Wednesday. All it really does is harm the victims in the case where the domain has been usurped. I feel that the practice of blacklisting should be banned because it is ineffective, and harmful to the legitimate user community.