contact us about us
FREQUENTLY ASKED QUESTIONS
The .mail TLD
General questions

1) Why is this needed?
The .mail domain is intended to carve out an identifiable domain and underlying system to differentiate legitimate email from spam. The plan proposed, even if used by a portion the full email community, will still be a benefit to the the entire community.

Some spam blocking and filtering systems will sometimes bounce or flag legitimate non-spam email due to any number of reasons: country of origin, excessive HTML, "bad" keywords in subject or body, etc. The .mail system addresses this problem by allowing non-spam to be passed around filter systems, thus reducing this overhead on emails known to be "clean".

The .mail domains helps promote the use of accurate "Whois" identification data for every domain. Spammers love to hide behind fake information; this domain will make that next to impossible for them to do.

Finally, .mail assists new "sender authentication technologies" (such as: SPF, DomainKeys, Caller-ID) in proving their effectiveness and in day-to-day operations.

2) Who needs a .mail domain?
Any place that wishes to send non-spam email unencumbered by blocking/filtering systems that will sometimes bounce or flag legitimate non-spam email due to any number of reasons. Country of origin, excessive HTML, "bad" keywords in subject or body, etc.

If you currently have no problems sending email and having it accepted - which probably means you don't live in China, Korea, Brazil or Africa, or send large volumes of non-spam, but similar looking email, or send email for the "How to cook using SPAM" mailing-list - then save your money as you don't need a .mail domain.

3) Will this stop spam?
No. Nor is it designed to. But if will prevent spamming from places who use this domain and the system behind it. If any domain holder uses the system to spam, the domain's use is revoked.

The idea is that messages authenticated through the .mail system could be delivered without expensive and time-consuming filtering, making recipients more likely to allow them in. In other words, the .mail namespace supports the free flow of spam-free electronic mail. With proven success and the cooperation of our supporters (who make and distribute the majority of mail transport agents), we anticipate rapid adoption and use of the .mail sTLD.

4) Okay. How does .mail benefit me?
One problem with the myriad of filters and other methods to try to control spam at the recipient-level is the likelihood of “false positives.” That is, email that is received and marked as spam, when it is actually not. With the .mail system, all email received via a .mail-enabled domain is, by definition, not spam. Consider the number of submissions to mailing lists that are often misidentified as spam. A mailing list using the .mail system would be assured that posts were not so misidentified. Consider, also, confirmation email after making an online purchase (or bidding in an online auction), which is often falsely identified as spam by some filters. With the .mail proposal, such email would not become another false positive.

5) What is The Anti-Spam Community Registry?
It will be a non-profit organization set up to sponsor the TLD upon ICANN approval. It will allow greater participation of the community at large than just that of Spamhaus.

6) Why is the Spamhaus Project supporting the creation of this TLD?
Although Spamhaus is known for helping stop spam and the systems we've built allow users worldwide to reject billions of spam emails each day, we've always felt it's even more important to insure that legitimate, non-spam, emails are properly routed. The idea behind this TLD is to enable email recipients to accept email and route it around spam filters without fearing it may be spam.

7) Can anyone get a domain?
Actually, no. Use of the domains is reserved for people, companies and organizations that do not spam or have a direct role in supporting spammers. Additionally, the Supporting Organization will perform a rigorous verification of all WHOIS data. For example, applicants must have verifiable physical address contact information, telephone contact information, and also must have owned the key domain for a period of six months before being granted the use of a domain under .mail.

8) Can anyone request any domain they wish?
No. Only the verifiable owners of an existing domain ("key" domain) under a set of other TLDs will be granted the use of a domain under this TLD.

Also, one must have owned the existing domain for a period of six months before being granted the use of a domain under this TLD.

9) What does a domain cost and why?
The use of each domain will cost over US$2000. The price may vary depending on the registrar one uses.

This high cost will insure that most spammers will not bother and attempt to sign up for one, and if they do, it will be a high cost for what will be a very short time period of spamming.

The cost also pays for the much greater than normal vetting procedures places requesting this domain will go though before one is granted to them.

10) Where would one apply to purchase these domains?
If approved, the use of these domains will be sold though many of the usual registrars where one currently obtains other TLD domains.

11) Can this be used by an ISP for all its customers?
Maybe. Since the domain can be revoked due to spamming, and ISP will have to have very low limits on the number of emails a customer/account can send per day.

If this is not feasible to manage over all customers/accounts, an ISP can probably set up a smaller sub-set of users, and their own corporate servers, to use this domain.

12) Can senders use this even if recipients are not using it?
Yes. This TLD works the same way as any other. It's only when the recipient checks its validation status that it gives the extra "not spam" value.

13) Can this prevent legitimate non-spam email getting filtered?
Yes. That is a main reason for this TLD. As mailservers and spam filter systems implement its easy-to-use check, less legitimate emails will be rejected as spam.

14) If this is used to bypass spam filtering, is spam filtering bad?
Absolutely not. Most spam filtering is good and very needed. But as the spam problem just continues to grow, and as spammers get sneakier in their attempts to foil the filters, tighter filtering is being used to control the problem. This leads to a greater number of legitimate emails being bounced or tagged as spam. The idea behind this system is to allow recipients to run as much spam filtering as they wish to, yet keep legitimate, non-spam email from getting filtered as spam.

15) Why do you need a TLD for .mail? Why not do this with a second-level domain?
First and foremost is the issue of control over the zone. Were this proposal to be made under an existing TLD, that zone would be subject to removal or revocation by the registry. Additionally, it would be subject to UDRP or other legal action that might force the registry to remove or suspend the domain, rendering all registrations useless. Clearly, this isn’t an option.

In truth, *any* TLD could really be a SLD (second-level domain). In fact, many are (example.co.uk). The concept behind TLDs is to differentiate them, and their users - especially in the case of an sTLD (sponsored TLD) - from the internet at large and the other TLDs.

An honest answer must also include the issue of perception. In creating a namespace in which responsible electronic mail is enforced, doing so under a 2nd-level domain may not give the perception of a credible system. Setting up the system behind .mail as a TLD will also help insure its acceptance and its longevity. It will be an ongoing effort run by a sponsoring organization rather than just a smaller entity. Also, psychology tends to show that "example.com.mail" will be accepted more readily than something like "example.com.this-is-not-spam.com"

As stated above, running a system like this on an existing TLD would bind it to the rules and regulations of that TLD. Each existing TLD has some rules and regulations that are not compatible with the stated rules and regulations of the .mail TLD as it is to be used in anti-spam.

On the technical side, a TLD's infrastructure is also set up to be more robust and attack resistant than a normal domain from the outset. Whenever dealing with spammers, one must expect some level of attack.

It's the same sort of answer with 3rd-level domains. www.example.com is for the web, ftp.example.com is for FTP, why not mail.example.com?

In order to maintain control over the authentication records, everything must be under a single TLD. While individual entities could agree to set up a common third-level domain to indicate responsible email, there would be nothing preventing an irresponsible sender from setting up the same domain and sending large amounts of spam. When it comes to spam, a deficiency of the Sender Authentication Technologies (SAT) is that they do nothing to prevent a spammer from registering a large number of "throw-away" domains, setting up SAT records on them, spamming from them until they are blocked, and then moving on to the next domain.

The .mail sTLD Sponsor Organization-monitored zone is really the key that makes this system function spam-free. If you spam, you lose the use of the domain.

16) Couldn't this be done using a DNSBL-like system instead of creating a TLD?
Yes... but in reality no. DNS based "whitelist" systems (we call them DNSWLs) have been done and do work if used. But the work involved in building them is even greater than the work in building a DNSBL such as the Spamhaus Block List.

The use and worldwide acceptance of a DNSWL would also be far slower than use and worldwide acceptance of a widely known and recognizable concept such as a .mail TLD.

On the technical side, a TLD's infrastructure is also set up to be more robust and attack resistant than a DNSBL based lookup system. Whenever dealing with spammers, one must expect some level of attack.

There are also other goals with this TLD based system:

One it to insure that the all reports of abuse are sent to the sponsoring organization, not to the domain user. This will insure a quick shut-down of any place who tries to abuse the .mail TLD.

Another goal is to provide internet users with proper, correct and validated "Whois" contact info. This will help many segments of the internet in many different ways. Hosting companies can better vet prospective clients. Law enforcement agencies can better track down the criminal abusers. Legal service will be much easier to effect upon spammers who violate laws. An added benefit will be that the places who apply for use of a .mail domain must also have proper, correct and validated information in their underlying "key" domain (.com, .net., etc.) - this will help people and places not using or even aware of the .mail TLD.

17) How does the system work?
In simple terms, it works during an SMTP transaction between an email sending server and a recipient server using a DNS check.

DNS for all domains under this TLD are run by the TLD sponsor, not by the people running the email sending server. This is how the validation, or lack there of, is controlled.

18) Does this change the SMTP protocol in any way?
Not at all. Email flows as it always has. This TLD and system provide the means to validate that the email sent with this TLD is spam-free. It is one more way recipients can enforce their email policies.

19) How are subdomains handled?
Subdomains are all managed by the user of the top-level .mail domain. The user of the top-level domain (eg. example.com.mail) is responsible for the emailing practices of all subdomain users (eg. remote-factory.example.com.mail).

20) Will this take a lot of effort to implement on current systems? Doesn’t it require everyone to participate in a particular protocol?
No. Most current email server software and much email filter software can be modified to use this system right now, and many implementations have already indicated their intent do to so. As these implementations add the .mail to their default configuration options, it'll be easier yet.

21) Must everyone use a particular anti-spam technology with .mail?
Absolutely not. It is important to note that the sTLD is both the platform as well as the community in which responsible use of email can be monitored and enforced, but is also technology-agnostic in how that responsible use is accomplished. By providing a secure DNS zone for the sTLD, the appropriate records to implement a wide variety of sender-authentication and authorization technologies may be entered and maintained. All of the major, current proposals are suitable for use in the sTLD. In this light, we are confident that the sTLD will play a key role in the proving and use of these technologies, and a solution can and will be found to the ongoing spam problem.

22) Won't most places just reject all email from non-.mail validated domains? Won't non-users be left out?
No to both. Email from .mail validated domains is expected to be spam-free and will be accepted as such. Sadly, the fact is that more than 50% of all other email is spam, email from non-.mail domains will be "suspect" as it is nowadays. But this does not mean it will or should be rejected, it will flow though the normal filtering channels that are in use currently.

Places that implement a well run email filtering policy based on commercial tools, or done in house, deliver a very small percentage of sent spam to their user's email boxes. There is no need to reject non-.mail domain email. But even the best run email filtering can on occasion produce a "false positive", this is what the proposed sTLD system is meant to address.

23) Will the cost for domain use ever be changed? Higher or lower?
Higher - No, ICANN rules governing every TLD state that the price cannot be raised at any time.

Lower - Yes, we are working on solutions based on other verification processes and other ways or running the TLD system to minimize costs. We belive that an increasing volume of registrations will also help bring the price down to a level where more can afford the cost, but a level that will still allow us to keep the spammers from using the system.

The ideal pricing model for use of the .mail TLD would be less than it is currently set at, but since the price cannot be raised, in the application to ICANN it was listed at the highest end of the range needed to cover the costs of starting a new TLD, building the infrastructure and the ongoing costs validating applications.

24) Again, how will you stop spammers from forging this domain?
Nothing can stop a spammer from forging a .mail domain, but the entire TLD DNS system - the thing that controls all domains under this TLD - is run by the Sponsor Organization. What this means is that a system that tests to see if the connecting .mail domain is a valid, "no spam" domain, will be able to spot an attempt to forge it right at the start of the SMTP transaction. Attempts to forge can be rejected on the spot, or passed on to further spam-filter checks.

25) We have a dozen different domain names, does this mean we have to apply for a .mail domain for each one?
Not at all. The .mail domain is only used to identify your mailserver(s). You will still be able to send mail using all your other domains. To gain the benefit of the .mail system, you'll just use an outbound server that announces itself as a ".mail" server.

For example, if your email address is "joe@joesdeli.eat", your .mail server could be called "mailserver.joesdeli.eat.mail", the IP address associated with this name will be your outbound server's IP address. If you also had addresses at domains like "joespizza.eat" and "joeshotdogs.eat" you could use the same server to send email from, or you could use another server, at another IP address, and name that one "secondserver.joesdeli.eat.mail".

All the domains will have the benefit of using the .mail system.

One more thing, let's say you provide free email service at "joesdeli-free-email.eat", and you fear that someone may sign up and spam using it, you can send that email though a server that does not announce itself as a .mail server.

26) How many mailserver IP addresses can be associated with a .mail domain?
An unlimited quantity. One will be able to assign name/IP combinations for each of ones servers. For example:

mailout-01.example.com.mail A 233.0.42.41
mailout-02.example.com.mail A 233.0.42.42
mailout-03.example.com.mail A 233.0.42.43
remote-factory.example.com.mail A 2.111.244.10
list-server.example.com.mail A 127.0.14.1

27) When can I get detailed information on the TLD system?
A whitepaper on the system is due out soon.

28) Have there been press articles published on this proposal?
Yes:

29) Spammers are rich. These rich spammers will just sign up for a bunch of these domains and spam won't they?
Unlikely. First, most spammers are not rich, it's a myth. The few who do profit from their network abuse, or crime in many cases, are very well known and their applications would never be approved.

Secondly, if a new spammer, or a known one who's managed to cloak his identity though one fraudulent way or another, gets a .mail domain, he'll find it was a wasted investment. The moment he starts to spam using it, the sponsor organization will get the reports of the spamming and immediately remove his .mail domain from the DNS and the zone. The spammer will still be able to send, but recipients will see his attempts to connect as an attempt to forge a .mail connection and either reject the connection based on that, or, depending on policies, let it though but test it against spam blocklists and run it though other spam filtering systems.

If this spammer signed up for a bunch of .mail domains, his loss has really been magnified.

31) How does this work at the MTA level? What's happening behind the scenes?
When a mail server wishes to send electronic mail in a responsible manner under the .mail system, it establishes a Simple Mail Transport Protocol (SMTP) connection with the recipient's mail server. Upon connecting, the sender identifies itself as a .mail-enabled server by using the .mail domain corresponding to the sender's actual domain name. In other words, if the sender is steve@example.com, the sending mail server might be mailserver1.example.com, and would identify itself as mailserver1.example.com.mail. This informs the receiving server that the sending server is saying it supports responsible email. The receiving server may then verify this claim by comparing the DNS value of mailserver1.example.com.mail with the IP address the sending mail server has connected with.

If this verification checks out, the receiving server should have high confidence that the mail being sent is not spam.

At this point, the receiving server will also know that the sending server should have available one, or more, of the different sender-verification technologies available for use.