As a daily and enthusiastic reader of The New York Times, I was disappointed to read their February 1 article on CAN-SPAM entitled, "Law Barring Junk E-Mail Allows a Flood Instead" (subscription required). The theme of the article was, as the title suggests, that enacting CAN-SPAM was worse than having no laws at all. The article really missed the point on several fronts. more
I'm a guest at the MAAWG conference in San Francisco this week and several people have now mentioned to me the problem and the opportunity of anti-spam e-mail filtering for IPv6. Tomorrow is World IPv6 Day but since a bunch of the pieces have clicked together in my head I'll post this a day early. more
Network operators rely on guidance from IP address experts because not all IP addresses used on the Internet are the same. The "reputation" of email senders is especially important because some are malicious users of the system. But identifying "senders" based on their email addresses or the individual IP address of a user presents issues that are unnecessarily complex. more
Email is a complex service and email abuse adds confusing deceptions. Worse, like postal mail and even telephone service, Internet mail is inherently open, flexible and even anonymous, making things much easier for abusers. Bad actors hide their true identity and their true purpose. Most other communication tools for users also are also quite open, and problems with email are being replicated elsewhere, such as instant messaging and social media. more
Has your organization recently received an email claiming to be from NABP's Internet Drug Outlet Identification Program (IDOI)? If so, it is possible that someone is trying to trick you. The NABP IDOI team's email account has recently been illegally "spoofed" by unaffiliated persons or organizations. Email spoofing involves the forgery of an email header so that the email appears to have originated from someone other than the actual source. more
Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more
There has been a lot of talk about IDNs here and elsewhere but what does the reality look like for a plain user? As a test, I randomly choose 28 domains from Alexa's top 100 Sites and tried to create a user account with the email address user@??.com. The bleak result... more
As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more
Declan McCullagh reporting in CNET: "The FBI is asking Internet companies not to oppose a controversial proposal that would require the firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance. In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities..." more
At the ENISA presentation on her botnet report at eco in Cologne, 9 and 10 March, one of the slots was dedicated to threats to the mobile environment. The message I was supposed to come home with was: we can still count the numbers of mobile viruses manually, <600; the problem will never be the same as on a fixed network as traffic is monitored and metered: We detect it straight away. We are studying the problem seriously. Are mobile operators really prepared for what is coming? more
Thanks to Prof. Goldman I see that the Virginia Supreme Court issued its opinion in Jaynes, the state-law criminal spam case that has wound its way through the courts there. It affirms the conviction and rejects the various challenges to Virginia's spam statute... As a side note I should say that it's not often one is actually excited to read an order in a case you're not involved with. This is definitely one of those instances where the excitement is palpable... The news reports billed the case as the first felony conviction for sending spam. more
Oh, Internet. You had such potential when you were born — darling of the research community, supported by the wealthiest military the world has ever known. And you married well, into a powerful merchant family. Why are you so lost? Is it a midlife crisis? You were born, some say, 40 years ago this week in a lab at UCLA — one of ARPA's many children. It wasn't until nearly two months later that you first spoke, transmitting the letters "L" and "O" before crashing... more
A new report from SecureWorks Counter Threat Unit has revealed a hacking group operating from the Russian Federation, implemented spearphishing techniques involving use of look-alike Google login pages to gain access to DNC emails and other data. more
You all remember cybersquatting, a popular sport in the late 90s, right? McDonalds.com, JenniferLopez.com, Hertz.com and Avon.com thankfully all point to the right web sites today, but thaiairline.com, mcdonald.com, luftansa.com, gugle.com, barnesandnobles.com and other misspellings are fake web sites intended to trap the casual surfer with a hand that's a bit too much quicker than the eye... If you want to go to the McDonalds web site, you don't even spend the 10 seconds to look it up -- you will type McDonalds.com and expect to see the latest dollar meal menu. But the same is true for the other popular form of communication -- email... more
The new year is upon us and it's time for our annual look at CircleID's most popular posts of the past year and highlighting those that received the most attention. Congratulations to all the 2016 participants and best wishes to all in the new year. more
A World-Renowned Source for Internet Developments. Serving Since 2002.