Phish-Proofing URLs in Email?

For those who've been living in an e-mail free cave for the past year, phishing has become a huge problem for banks. Every day I get dozens of urgent messages from a wide variety of banks telling me that I'd better confirm my account info pronto. ...Several people have been floating proposals to extend authentication schemes to the URLs in a mail message. A sender might declare that all of links in it are to its own domain, e.g., if the sender is bigbank.com, all of the links have to be to bigbank.com or maybe www.bigbank.com. Current path authentication schemes don't handle this, but it wouldn't be too hard to retrofit into SPF. ...So the question is, is it worth the effort to make all of the senders and URLs match up? more

Study Finds Spammers Use P2P Harvesting to Spam Millions

A recent study conducted by Blue Security reports how Internet users can unknowingly expose their contacts' emails addresses to Spammers while sharing files, music, games and DVDs over Peer-to-Peer (P2P) networks. The study has uncovered hundreds of incidents where files containing email addresses were made accessible in P2P networks. more

Port 25 Blocking, or Fix SMTP and Leave Port 25 Alone for the Sake of Spam?

Larry Seltzer wrote an interesting article for eWeek, on port 25 blocking, the reasons why it was being advocated, and how it would stop spam. This quoted an excellent paper by Joe St.Sauver, that raised several technically valid and true corollaries that have to be kept in mind when blocking port 25 -- "cough syrup for lung cancer" would be a key phrase... Now, George Ou has just posted an article on ZDNET that disagrees with Larry's article, makes several points that are commonly cited when criticizing port 25 blocking, but then puts forward the astonishing, and completely wrong, suggestion, that worldwide SPF records are going to be a cure all for this problem. Here is my reply to him... more

More on Story Behind .ASIA

James Seng, my good colleague in APEET, said: "...Chiao called .ASIA 'more or less like a joint venture among APxx organizations'. I say nonsense!" When I say more or less, I mean more or less... On this .ASIA entry, I've intended to use the language carefully at this moment 'cos I know someone will be watching... more

Fitting .JOBS Into the Marketplace

There have been several posts over the last 48 hours in response to the new dot jobs domain on both sides of the argument. John Sumser from The Electronic Recruiting News provides a balanced view of the new domain and in the end determines that then new domain will not help job seekers. Gerry Crispin has a slightly different view on The CareerXroads, which is not surprising as Gerry was a advocate of the new domain from the beginning. Joel Cheesman provides a fantastic top 10 thoughts on the new domain as well... more

Story Behind .ASIA

After releasing .travel and .jobs (hey, steve.jobs up for bidding!), ICANN said they will look at .xxx and .asia next. (via Chiao) "Vint Cerf: ...of those, we have had fairly extensive discussion about .asia and .xxx. We continue to evaluate those. The others will be attended to as we can get to them. But i want to say for the record that we will attempt within the next 30 days to come to a conclusion one way or the other about .asia and .xxx so these will be on a board call sometime within that period." Chiao called .ASIA "more or less like a joint venture among APxx organizations". I say nonsense! Don't let appearance fool you. more

In Pursuit of IDN Perfection?

Many of the problems of IDNs come from trying to do multiple languages at the same time or languages one can't read. The biggest difficulty is implementing them in gTLDs like .com or .org. I think that if we focus on helping the country level TLDs (ccTLDs) get going with IDNs in their own native languages, we would be solving the problem for 80% or so of the people. My concern is holding up the ability for these people to use IDNs because we can find the perfect solution for the edge cases. more

Creating a National Cybersecurity Framework: Need For New Regulation?

The Congressional Research Service (CRS) recently released a major new study examining cybersecurity. The report, "Creating a National Framework for Cybersecurity: An Analysis of Issues and Options" discusses a variety of significant public and private cybersecurity concerns. The CRS analysis lists several broad options for addressing cybersecurity weaknesses ranging from adopting standards and certification to promulgating best practices and guidelines and use of audits among other measures. more

The Ultimate Solution to Internet Governance: Let ITU and ICANN compete

Controversies over ICANN led to the creation of the Working Group on Internet Governance, but so far there have been few specific proposals for change. The Internet Governance Project has entered that breach with a new policy paper: "What to Do About ICANN: A Proposal for Structural Reform." The proposal, by Hans Klein and myself, proposes three clean, clear but probably controversial solutions to the criticisms that have been made of ICANN. more

JET Open Letter to Microsoft

We, members of the JET (Joint Engineering Team), send this open letter to request Microsoft Corporation to implement IDN (Internationalized Domain Names) standards[1] in the next version of Internet Explorer. ...IDN is a critical enabling technology that will make the Internet more useable and attractive to the majority of the Chinese, Japanese and Korean population who do not use English in their daily life. In fact, IDN is mentioned as one of the Declaration of Action of the World Summit of Information Society (WSIS). To date, IDN registration has been launched in .cn, .jp, .kr, .tw and many other European country code top level domain as well as other generic top level domain names. More than 1 million IDNs have been registered since 2000. Most of the web browsers, such as Safari, Firefox and Opera have implemented IDN standards. This means that users can use IDN in these web browsers without additional applications or plug-ins... more