The Interocitor

FTC Wants to Ban Domain Hosting

Well, not in so many words, but the FTC urges ISPs to block all email that doesn't go through their servers. The idea is to prevent robo-spam, but it will also prevent anyone who has a private domain hosted elsewhere from using their domain's servers to send email. Worse, this stopgap suggestion, known as Port 25 blocking, will prevent any workable resolution of the spam problem, such as SPF or Sender ID. The FTC's advisors are clearly technical incompetents and should be fired.

What is required to solve the problem is twofold:

1. All email should be validated against the purported sender domain, by inquiring if the sending mailserver is associated with the domain. This takes a minor additon to each domain record and some updates to server software.


2. All servers should detect outgoing spam via Bayesian filtering or some similar method. This would presumably be required under the FTC method anyway (assuming that they haven't argued for message-counting or some other equally incompetent means).

Probelm is that SPF and such require that email from private domains not go through local ISP mailservers, but instead go through the remote domain's server using logins for authenitication.

Spam is a huge problem, as are viruses and phishing. The FTC solution fails because a) it won't work; b) it blocks many legitimate uses; and c) prevents better solutions from working. Stupid. Stupid. Stupid.

(And yes, I am fairly expert in this area).

Posted by Kevin Murphy at May 25, 2005 09:32 AM