CIRA incompetence

Some time ago (June 2008), CIRA, the body which runs .ca, Canada's ccTLD, chose to make an SSL-capable Web browser a requirement for holding a .ca domain name. (They didn't like to put it that baldly, but I can't really put any other construction on it; I wrote up a document laying out the story.)

Now, it seems that not only are they making stupid and exclusionary choices when managing their domain*, they are not even competent to send email! My mailer has various correctness tests in it, mostly prompted by noticing that spam exhibited the problems tested for. A few of these proved to be present in ham as well, but I left the tests in because they are, in my opinion, cases of brokenness that needs to be rendered obviously broken in order to get the offending software fixed or replaced. (For example, a lot of mail is marked as being in ISO 8859-1 but contains octets that are not valid ISO 8859 printables.)

For most of these tests, failure not only causes a rejection during the SMTP session but also causes a copy of the offending mail to be logged. Today, I was flipping through logged mail for unrelated reasons and happened to notice mail attempts from CIRA to my .ca domain's administrative address. Prompted by this, I looked through back data as well and found more. Going back as far as I can without unpacking .tar.bz2 archives, which means 2009-07-14, I find three more such emails. They all exhibit the same flaws:

So far, each of those has been pretty much exclusive property of spammer ratware. (I did once see some non-ratware exhibit the latter, but it was new software in pre-alpha test, and when I alerted the sender to the problem it got fixed promptly.) CIRA is, thus, either using spammer ratware to send out their email or is using new software written by people who either didn't read up on the protocol they were supposed to be implementing, weren't competent to implement it despite reading up on it, or just couldn't be bothered. None of these alternatives is good, and, if I hadn't already switched away from using it, would make me ashamed to be under their umbrella.

And that's not even getting into the content of those messages. The first one, for example (dated 2009-07-16), tells me that my voice counts, addresses me as "Dear <insert name>"(!), and then goes on to make it clear that my voice counts only if I have, and am willing to use, that SSL-capable Web browser I mentioned above. The second (2010-01-05) was actually not bad (announcing the results of `public consultations' on the breaking of WHOIS I mentioned in the document I wrote up and linked to above). The third (2010-02-23) and fourth (2010-03-12) are, in my opinion, spam, though there is enough of an EBR that reasonable disagreement is possible; they are plugging some kind of plug-your-website "contest". Most cases of things like this are attempts to expand customer lists, but in this case the recipients already are customers, so I'm not sure what the point is—maybe CIRA is trying to get domain holders to make advertising videos for them on the cheap. (The mail also exhibits an apparent belief that the only reason to have a domain name is to run a website; to enter you have to "[s]end [CIRA] a video telling [them] why your .CA website is the best thing since Web 2.0".)

* This is not the only mistake they've made; for example, some years earlier, they decided to learn nothing from history and throw .CA open to anyone at all levels, rather than preserving the reasonable structure it had back at the start.