|
Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
RSS feed
|
Home
28 Dec 2006
An earthquake on Tueday near Taiwan caused widespread disruption to telephone
and Internet networks.
The quake affected an area of the sea bottom with a lot of undersea cables
that broke, and since there is only a limited number of cable repair ships,
it will take at least weeks to fish them up and splice them.
See more ...
Stable link is https://jl.ly/Email/earthquake.html
16 Dec 2006
In a story reported yesterday at
Out-Law.com, and in
the Milton Keynes local paper,
Microsoft win a suit against Paul McDonald (a/k/a Gary Webb)
for illegally selling e-mail addresses.
See more ...
Stable link is https://jl.ly/Email/ukporn.html
12 Dec 2006
In November, Mark Mumma, who runs a little design firm at webguy.com,
lost an appeal in the Fourth Federal Circuit.
He'd filed suit against cruise.com and their parent Omega World Travel
under CAN SPAM and an Oklahoma anti-spam law.
Omega countersued for defamation.
The court threw out Mumma's case, and allowed part of
the defamation case to proceed.
At first blush, this looks like a big win for spammers.
See more ...
Stable link is https://jl.ly/Email/mumma.html
I was somewhat surprised to get spam last week from the United States
Postal Service.
It was advertising a new feature of Click-N-Ship, a web shipping
service, sent to an address that I think I gave them when I signed up
to try out some other online system for validating postal mail addresses.
The message did not have the postal mailing address of the sender (pretty
ironic, huh?) nor opt-out instructions, both of which are mandatory
under CAN SPAM.
Did the USPS break the law?
See more ...
Stable link is https://jl.ly/Email/govtspam.html
16 Nov 2006
Last week the Federal Trade Commission
settled a lawsuit
against Yesmail, a large ESP (Email Service Provider).
The facts of the case are not in dispute, but their meaning is.
See more ...
Stable link is https://jl.ly/Email/yesmail.html
You may have read reports that the total amount of spam is on the
decline.
Don't believe them.
In the month of October, I saw the amount of spam in my traps here
roughly double, from about 50,000 per day to 100,000/day now.
In conversations with managers at both ISPs and corporate networks,
I'm hearing the same thing.
One corporate network has gone from about 12 million spam rejects a
month in June and July to 28 million in October.
The very large mail systems don't publish their numbers, but they tell
me informally they're seeing the same thing.
So far, nobody can figure out why.
Perhaps we have a new generation of zombies, so numerous that price has dropped
and spammers can buy twice as many of them.
But whatever it is, if anyone tells you that the worst of spam is over,
they're just wrong.
Update on Nov 15th: There's been yet another huge spike in spam
today, even beyond last month's level.
I noticed it overwhelming my modest servers, and friends at both corporate
mail systems and large ISPs say they've seen it, too.
We can only deal with so many doublings of the spam load before there just
isn't enough hardware and software to handle it.
Stable link is https://jl.ly/Email/morespam.html
08 Oct 2006
In case you missed it, .travel is yet another new domain intended for
the travel industry. Tralliance,
the shell organization that runs .travel, asked ICANN for permission
to add a
top
level wildcard similar to the one in the obscure .museum domain,
and the one that Verisign briefly added to .com as their notorious
Sitefinder product.
See more ...
Stable link is https://jl.ly/ICANN/travelstar.html
20 Sep 2006
Reports in the press have been saying that the
Spamhaus Project lost an $11 million
dollar lawsuit in Chicago to mailer e360 Insight.
Technically it's true, in reality, it's not.
See more ...
Stable link is https://jl.ly/Email/shdef.html
I run a service called abuse.net that
provides a contact database for people to use to report spam and other
network abuse.
One of the ways people can use it is to register and then forward mail through
it, so that for example mail to furble.net@abuse.net is remailed
to whatever the abuse contact is for furble.net.
Last Friday (while I was on the way to a meeting at an undisclosed location
east of Seattle) someone sent me a note telling me that mail sent through
abuse.net was bouncing:
See more ...
Stable link is https://jl.ly/Email/spamcop.html
10 Sep 2006
In July I wrote about a
paper on
pump and dump spam by Böhm and Holz.
A more recent
paper
by Frieder and Zittrain takes a more detailed look and comes to the same
conclusion, that pump and dump works for the spammers.
See more ...
Stable link is https://jl.ly/Email/morepump.html
29 Aug 2006
The ICANN ALAC, of which I am a member, has been thinking about what our
position should be on domain tasting. (Since we are supposed to represent
the interests of at-large users, i.e., everyone other than the special
insterests, feel free to add your opinions.)
We started by trying to figure out what the problem is that we're
worried about.
There is a meaningful difference between domain monetization and
domain tasting.
See more ...
Stable link is https://jl.ly/ICANN/taste.html
26 Aug 2006
Whatever you think the answer is (typically about ten bucks), the answer
is likely to change radically for the worse, based on new contracts that
ICANN is planning to approve.
On July 28th ICANN posted
proposed new contracts
for .ORG, .BIZ, and .INFO, for a public comment period that ends four days from
now, on the 28th.
There's a lot not to like about these proposed contracts,
but I will concentrate here on two related particularly troublesome areas,
pricing and data mining.
See more ...
Stable link is https://jl.ly/ICANN/squeezem.html
17 Aug 2006
Today the wildcard is back in all but one of the CM name servers,
again pointing at the same server in Canada that doesn't identify
itself but has a big link farm of Overture pay-per-click links.
Also, Appolinaire Noumbi, who identifies himself as the
Chairman, Federation of Cameroonian Engineers, has posted
a most peculiar
personal page at Circle ID.
I still think that it is not a fundamentally bad idea for Cameroon
to take advantage of its typographic proximity to .COM, but an
anonymous junk parking page is not the way to do it.
Stable link is https://jl.ly/ICANN/cameroon4.html
12 Aug 2006
The IETF
DKIM working group
has been making considerable progress, and now has a close-to-final
draft.
DKIM will let domains sign their mail so if you get a messge from
fred@furble.net, the furble.net mail system can sign it so
you can be sure it really truly is from furble.net.
But unless you already happen to be familiar with furble.net, this
doesn't give you any help deciding whether you want the message.
This is where the new
Domain Assurance Council
(DAC) comes in.
See more ...
Stable link is https://jl.ly/Email/dac.html
11 Aug 2006
As of this morning there's no longer a wildcard in the CM zone.
Perhaps
Mr. Noubi
will be able to give us the background.
Stable link is https://jl.ly/ICANN/cameroon3.html
10 Aug 2006
As of 9 Aug, the typosquat domains at Rackspace have
all stopped working.
They still have entries in .CM, but the Rackspace servers to which
they are delegated no longer have data for them.
Wow, people actually read my blog.
Also, there are some interesting comments both on my blog
entry as well as on the original
Circle ID message from Appolinaire Noumbi, who says he is the
Chairman of the Cameroon Federation of Engineers, asking for help to
understand and fix the problem.
See more ...
Stable link is https://jl.ly/ICANN/cameroon2.html
09 Aug 2006
A recent
message on Circle ID
notes that Cameroon in west Africa has added a wild card to its .CM
country domain.
This means that anyone who tries to type something.com into his
browser and types something.cm instead will in most cases end
up at the web site the wild card points to, similar to what Verisign
did with their infamous Sitefinder a few years ago. (I say most, because
if you type the name of an actual .cm domain, you'll end up at that
domain. More about that later.)
See more ...
Stable link is https://jl.ly/ICANN/cameroon.html
08 Aug 2006
With all of the recent excitement about *.cm, the Cameroonian wildcard
that someone is using to collect vast numbers of mistyped .com addresses,
I wondered how many other wildcards there were at the DNS top level.
There's a total of 13.
See more ...
Stable link is https://jl.ly/ICANN/morewild.html
03 Aug 2006
I spoke last year at the Oxford Internet Institute on Internet
Governance for Dummies, trying to lay out both what on the 'net
needs governing (IP addresses and domains, if you know what they are),
and who governs it, mostly ICANN with a large set of supporting characters.
They taped it, so you can visit
the
OII's web page for the talk where you can choose streaming video or
downloadable MP4's.
When I returned this year the OII people told me that this is one of
their most popular videos.
Let me know whether or not you like it.
Stable link is https://jl.ly/ICANN/igov4dum.html
In late June I paid a visit to the Oxford Internet Institute, where they
offered me the chance to talk about whatever I wanted. This year's talk
was on Internet Security: Legend or Myth. The blurb said:
The Internet is sort of like a town where your local crack house can
put up a front window that looks just like Boots, and teenagers can
hotwire most people's cars and start playing bumper cars on the
M40. Is this a place that anyone would want to visit, much less live
in? What can we do about it?
I thought it went pretty well, but you can watch it and
decide for yourself.
Visit the
OII's web page for the talk where you can choose streaming video or
downloadable MP4's.
Free video bonus: at the beginning of the talk, Ted Nelson introduces me.
Stable link is https://jl.ly/ICANN/legendormyth.html
29 Jul 2006
Here are some excerpts from an all too typical exchange I recently had
with an e-mail service bureau (usually called an ESP for Email Service
Provider.) It started when I sent them a boilerplate
spam complaint, one of about a thousand a day I send for spam that either
hits my spamtraps or gets caught in the spam filters.
See more ...
Stable link is https://jl.ly/Email/notspam.html
20 Jul 2006
Another paper from
the Fifth
Workshop on the Economics of Information Security,
(WEIS 2006) is
Proof of Work
can Work by Debin Liu and L, Jean Camp of Indiana University.
Proof of work (p-o-w) systems are a variation on e-postage that uses
computation rather than money. A mail sender solves a
lengthy computational problem and presents the result with the
message. The problem takes long enough that the sender can only do
a modest number per time period, and so cannot send a lot of messages,
thereby preventing spamming.
But on a net full of zombies, proof of work doesn't work.
See more ...
Stable link is https://jl.ly/Email/hashpow.html
I've been reading some of the very interesting papers from
the Fifth
Workshop on the Economics of Information Security,
(WEIS 2006), held last month in Cambridge (UK).
Rainer Boehme and Thorsten Holz's paper
The
Effect of Stock Spam on Financial Markets is the first analysis I have
seen of pump and dump spam, and comes to the dismaying conclusion that
it works.
See more ...
Stable link is https://jl.ly/Email/pumpndump.html
19 Jul 2006
The DKIM working group in the IETF has been making good progress.
We now have a draft of
an overview document
as well as an updated and, with any luck, final version of
the threats document.
The
main spec for DKIM signatures seems to be close enough to done
for a "last call" for complaints and comments.
See more ...
Stable link is https://jl.ly/Email/dkimietf67.html
08 Jun 2006
News
reports say that high profile Ryan Pitylak was fined $10 million by
the Texas Attorney General.
A few days ago, he paid a
$1M settlement to
Microsoft.
Since it had been widely reported that he'd made between $3M and $4M during
his spamming career, that seemed like a pretty good deal for him.
As I commented to
the San Antonio Express,
this new fine is more in line with what he did, and at least relieves him
of all his ill-gotten gains.
See more ...
Stable link is https://jl.ly/Email/pitylak.html
17 May 2006
Wired reports
that Blue Security shut down yesterday.
It's a little hard to make sense of the explanations offered, but as best
I can make out, after Blue Security's clumsy attempts to deal with a denial
of service attack clobbered several other web sites, the owners appear to
have pulled the plug.
The investors say the technology has other uses, so we may not have heard
the last of this bad idea.
Stable link is https://jl.ly/Email/deadblue.html
12 May 2006
As I predicted last week in
this blog
entry on Blue Security, the Frog's fans leapt to its defense, with a
blizzard of more or less interchangable outraged messages,
often refuting points I never made.
Oddly, very few comments appeared on the recent message that was at
the top of the blog's home page, but instead on
an earlier
message I wrote last July. Huh?
See more ...
Stable link is https://jl.ly/Email/froggers.html
03 May 2006
The blogosphere is abuzz with stories about an allegedly titanic
battle between Blue Security and some spammers. Blue Security, as you
probably know, distributes a freeware program called Blue Frog that is
supposed to crush spammers by hammering on their web
sites with gazillions of opt out requests or something like that.
For a variety of reasons,
the mainstream anti-spam community has never thought much of this
approach, but every criticism only leads Blue Frog's partisans to
leap ever more forcefully to its defense.
(See, for example, the comments on
my note about them last year,
and the comments that will doubtless be posted on this message, too.)
This latest round made me realize that Blue Frog makes perfect sense
if you think of it as a video
game, or perhaps a fashion accessory, rather than as an anti-spam tool.
See more ...
Stable link is https://jl.ly/Email/bluefog.html
24 Apr 2006
Since we know we're not going to find a
FUSSP
any time soon, anti-spam efforts are concentrating on incremental efforts
to make the current mail system, messy though it is, work better.
Dealing with abuse reports is a particularly messy and labor-intensive
area that desperately needs more automation.
See more ...
Stable link is https://jl.ly/Email/arf.html
07 Apr 2006
On Monday the 3rd, California state Senator Dean Flores held a hearing
of the E-Commerce, Wireless Technology, and Consumer Driven Programming
committee
grandly titled AOL: You Have Certified Mail, Will Paid E-mail Lead to
Separate, Unequal Systems or is it the Foolproof Answer to Spam?.
The senator's office said they were very eager to have me there, to the
extent they offered to fly me out from New York, so since I happened to
be on the way home from ICANN in New Zealand that weekend, I took a detour
through Sacramento.
Sen. Florez conducted the hearing, with Sens. Escutia and Torlakson
sitting in briefly.
Unfortunately, Sen. Bowen, who is very well informed on these topics,
wasn't there.
There were five panels of speakers, and I got to lead off.
See more ...
Stable link is https://jl.ly/Email/casenate.html
19 Mar 2006
Last week a court in Philadelphia dismissed a 2004 case filed by Gordon
Roy Parker.
In the
decision the judge threw out the entire case alleging copyright
infringement, defamation, invasion of privacy, and a grab bag of other
complaints.
See more ...
Stable link is https://jl.ly/Copyright_Law/googleparker.html
12 Mar 2006
Last week I had lunch with an old friend who designs and sells video chips.
He told me about an RFP they got from a large retailer.
(He didn't say which one.)
They want to install a grid of little cameras on the ceiling
of their stores that can track people as they walk around the store,
starting from when they walk in the door until they leave.
The grid would be self-organizing, adjacent cameras talking to each
other and handing off trackees to each other.
It couldn't recognize people, although if you buy something with
something other than cash, it'd know who you were from that transaction.
This isn't intended for loss control (retailese for shoplifting) but more
for marketing.
They could, for example, rent a rack in a prominent position to a supplier,
and charge them by the number of people who stop to look at it.
But wait, there's more!
See more ...
Stable link is https://jl.ly/creepy.html
16 Feb 2006
While pondering the renewal prospects for the three sponsored
TLDs, .aero, .museum, and .coop, I went back and looked at the original
applications for those and also for the unsponsored TLDs approved at
the same time, .BIZ, .INFO, .NAME, and .PRO.
Two lessons leapt out at me
See more ...
Stable link is https://jl.ly/ICANN/tldreflec.html
14 Feb 2006
Goodmail Systems made a big
splash last week when AOL and Yahoo announced that they will be giving
preferential treatment to mail that uses Goodmail's CertifiedEmail service,
claiming (implausibly) that this has something to do with stopping spam..
Since Goodmail charges senders for each message, some people see this as the
end of e-mail as we know it.
I have my concerns about Goodmail, but a lot of the concerns are either
overblown or based on bad reporting.
See more ...
Stable link is https://jl.ly/Email/goodmail.html
01 Feb 2006
This is a joint posting; John Levine is posting it to
his blog and Paul Hoffman
is posting it to his blog.
Susan Crawford, a
new member of the ICANN board, asked about auctions
and lotteries for new gTLDs. Lots of people responded in the
comments, and then the two of us kind of took over. We have now
stopped, and are posting here.
See more ...
Stable link is https://jl.ly/ICANN/whydom.html
30 Jan 2006
In a widely noted decision, a Nevada judge has handed down a ruling in
favor of Google in a
case in which attorney Blake Field sued Google for copyright infringement
due to Google's web page cache keeping copies of his material.
Read comments by
the EFF,
Red Herring,
and
Larry Lessig's blog.
I am Google's technical expert in the case, and as you might expect,
I am pleased that the judge found our position,
including my report and declaration, so persuasive.
Stable link is https://jl.ly/Copyright_Law/field.html
18 Jan 2006
It's fairly straightforward to see how DKIM applies to normal mail--I
send the mail, my mail system signs it, you get it, and you check the
signature from my mail system. But it's a lot less clear what the best
approach is for mailing lists, the discussion type that forward
messages from members out to the list.
See more ...
Stable link is https://jl.ly/Email/dkimlists.html
06 Jan 2006
The IETF finally chartered a working group to create a DKIM standard
earlier this week. See
this
notice
which includes the text of the charter and the rather aggressive schedule:
See more ...
Stable link is https://jl.ly/Email/dkimcharter.html
02 Jan 2006
Way back in 2000-2001, ICANN approved a handful of new top level domains,
and entered into agreements with their promoters.
Three of the sponsored domains,
are coming up for renewal next year, so they've sent in their
renewal
proposals.
A sponsored domain is one that restricts who can register to members of a particular
community, in this case respectively co-ops, museums, and the airline industry.
Let's take a look and see how they're doing.
See more ...
Stable link is https://jl.ly/ICANN/stldrenew.html
|
Topics
My other sites
Who is this guy?
Airline ticket info
Taughannock Networks
Other blogs
CAUCE
It turns out you don’t need a license to hunt for spam.
27 days ago
A keen grasp of the obvious
Italian Apple Cake
585 days ago
Related sites
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse
My
Mastodon feed
|
