Top level, bottom barrel.

Anyone remember my no-doubt-crushingly-boring rant about my email spam problems several blogs ago? A couple of you commented so I presume so. Interesting now to look back at that and consider my main problem being the filters on my forwarded accounts being too strict. As if the universe heard me, it was around that time that things really started kicking into overdrive and I started getting dozens of messages a day on the work host site, always with entirely randomized email addresses right down to the domain names. Now it wasn’t so much the annoyance of important messages not making it through forwarding, it was becoming nigh impossible to parse them out even at the source.

In an admission of defeat I enabled the SpamAssassin filtering feature on the host with a middling setting, crossing my fingers nothing legitimate would be blocked. There were no worries on that score, though, because it seemed like the assassins were rather sleepy so everything was still being let through. I got so desperate I went so far as to put up my anti-virus and no-script shields and follow one of the links on the spam emails promising to let people unsubscribe, on the offchance these people who kept changing all their source information were somehow caring enough about anti-spam laws to follow them. You had to enter your email, but that made sense, right? I mean they obviously already had my email or I wouldn’t be getting the spam in the first place. It couldn’t get any worse, right?

Well, of course, never ask that. Entering my email seemed to just encourage whatever automated evils were going on and now I got to get everything twice. Whee.

But how do you block or filter out a sender that keeps changing shape? Did I have the time or energy to maintain a whitelist and/or blacklist? As things escalated, could I afford not to?

Well, recently as I was slogging through yet another slew of crap trying to see if I had any housing updates from Comic-Con, I noticed something that the ever changing spam did actually have in common, which also wasn’t common at all. They all had email addresses ending in “.us”. This happens to be the domain server country code for the United States, so I’d never really thought about it… except it dawned on me that I shouldn’t be seeing the designation since I was located in the US, and so is my host. It’s possible I’m wrong about that, but searching for “.us domain spam” led me to posts about a new plague of abuse regarding “top level domains.” Top level domains are the ones you see at the end of an email address or URL… the proverbial dot-com (.com, short for “commerce” or “commercial”), or some of the other classics like .edu (for educational institutions), .org (non-profits), .gov (government sites), etc. There used to be only a few and they were always three letters long, no more and no less.

Now, though? All those old domains are filling up, especially at the hands of cyber squatters buying every variation of .com they can think of with no intention of use except to resell them later (no zombieranch.com, I’m not looking in your direction at all, why do you ask?) — so in an effort to keep the Internet an open prairie, ICANN, the international organization which maintains these regulations, decided a couple of years back to start rolling out new “generic” top level domains. So now instead of having to go with zombieranchcomic in order to get a .com that wasn’t taken, in this brave new era we could theoretically register a domain name of zombieranch.art, or zombieranch.rocks, or hey even get zombie.ranch if we applied for a new gTLD (though the $185k price tag is a bit out of our reach on that).

But who’s regulating all these new gTLD’s? Well, that seems to be the crux of the problem. The open prairie can be a lawless place, right? So this relaxation of standards which was meant to benefit the latecomers to the frontier benefited the bandits and outlaws as well. Perhaps even first and foremost, in some cases. That $185k pricetag I mentioned above is hefty, but after that it seems to basically be entirely up to the purchaser to police whatever customers they choose to sell their gTLD subdomains to, and some are either uninterested or unable to do that. As noted in the link above, the .science gTLD is estimated to have a whopping 92.8% of its registered domains in the hands of spammers, malware distributors and other bad actors.

Now .us is not on the current top 10 list of badness ratios, but that didn’t change that I had hundreds of messages from that domain in my Lab Reject Studios inbox and not one — not a single one — was from a legitimate source. I had a good share of .science messages obviously from the same source as well based on subject line and content, even if the rest kept morphing.

And so, I filtered it. It’s a semi-nuclear option, I admit. I suppose there’s a remote chance that at some point in the future, I’ll miss out on some business contact from a .us email address and that’s potentially tragic, but I’m not an ISP or a multinational conglomerate. Most people I’m ever going to talk business with are other vendors and creators who tend to just use gmail, or if they have their own domain it’ll be one of the classic TLDs like .com or .org. I may write a comic about a wild frontier, but some frontiers are just too problematic right now. The barbarians have been weaseling their way through my gates and I reckon at this point it’s better to just brick that entrance up until a little bit more law and order arrives.