http://www.theregister.co.uk/content/6/36585.html
TM domain leads anti-spam charge
By Kieren McCarthy
Posted: 26/03/2004 at 17:25 GMT
The registry running the top-level .tm domains is leading the charge
against spam by adding the SPF protocol into all its domains' DNS
records.
While a large number of ISPs, big online names, anti-spam companies and
a few domain registrars have added SPF and so helped verify that an
email message comes from the address it says it does, TM Domain
Registry's general manager Paul Kane tells us this is the first time an
actual registry has included the protocol.
"It is very easy, non-intrusive and helps to reduce the amount of spam.
It's just a simple entry, a text file, it's relatively easy for people
to adopt - it's self-evident why we decided to add it," he said.
Kane is also keen to protect his existing 6,000 customers from email
spoofers. The business model for .tm domains is to attract the world's
biggest companies, who buy the domain because the 'tm' can be seen to
represent 'trademark' - for example www.rolex.tm.
Kane claims to have 30 per cent of the world's top 500 companies who pay
the $1,000 fee for a 10-year domain in order to have a more exclusive
domain than the usual '.com'. Such exclusivity would be somewhat
undermined though if spam arrived from a .tm domain.
Adding SPF took 'minutes' and was no more than a text file saying .tm
domains were SPF enabled, Kane explained.
SPF (Sender Policy Framework) itself is a very simple yet effective
method of cutting down spam. Internet domains already have MX records
tied in with their basic DNS information that say which mail servers
receive email for that machine. All SPF does is provide MX records for
the domain's mail servers that send email.
As such, when an ISP receives an email, it looks at the domain, looks up
the DNS record and if the mail server it came from is not one mentioned
in the MX records, it either deletes it or pushes it to one side for
review. Since a large number of spam messages are 'spoofed' in order to
make it look as though the email is coming from elsewhere, such a system
would reduce the number of spam as well as make tracking down spammers
easier.
It is now down to .tm domain companies (or their ISPs) to add the MX
records and allow for the SPF protocol (a four-hour job) and so complete
the circle - something Kane said should be completed in three months.
He readily acknowledges the variety of others protocols out there -
including Microsoft's (guess what) proprietary Caller ID system - but
says that SPF is 'simple, so logically it should be welcomed'.
Unfortunately, he doesn't know of any other top-level domains that are
looking to do the same, but he hopes TM Domain Registry's actions will
encourage others to do the same.