As you certainly noticed, a lot of traditional media has recently been focusing on click fraud. Is it as big of an issue as it is made out to be, compared to traditional advertising? Unfortunately Eytan Elbaz of Google will not answer this question with statistics, but he lets us know that Google has the problem under control. Here are some notes based on the Click Fraud Session at the Targeted Traffic Conference in Hollywood, Florida last week. more
Whatever you think the answer is (typically about ten bucks), the answer is likely to change radically for the worse, based on new contracts that ICANN is planning to approve. On July 28th ICANN posted proposed new contracts for .ORG, .BIZ, and .INFO, for a public comment period that ends four days from now, on the 28th. There's a lot not to like about these proposed contracts, but I will concentrate here on two related particularly troublesome areas, pricing and data mining. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
ICANN's Board voted to accept the latest settlement proposal by a vote of 9 to 5: "Today, ICANN's Board of Directors approved, by a majority vote, a set of agreements settling a long time dispute between ICANN and VeriSign, the registry operator for the .COM registry. These settlement documents include a new registry agreement relating to the operation of the .COM registry..." more
There's a lot of argument as to which "anti-spam" techniques are legitimately so called. In this article, I'd like to consider what constitutes an anti-spam technique in an ideal sense, then consider the various practiced approaches to spam mitigation in that light, drawing conclusions as to how we should frame the "anti-spam" discussion. ...For the purposes of this discussion, let "spam" refer to "unsolicited bulk email". Not everyone agrees on this definition, but it's by far the most widely accepted, and without a working definition we won't be able to define "anti-spam"... more
There's been a lot of noise this week since the news broke about AOL and Goodmail, so I thought I'd take the opportunity to change the direction of the dialog a little bit. First, there are two main issues here, and I think it's healthy to separate them and address them separately. One issue is the merits of an email stamp system like the one Goodmail is proposing, relative to other methods of improving and ensuring email deliverability. The second issue -- and the one that got me started earlier this week - is the question of AOL making usage of Goodmail stamps a mandatory event, replacing its enhanced whitelist. more
Most of us would be put off if a court issued a press release cheering the number of prisoners its judges had put behind bars or the number of tenants it had helped landlords to evict. That seems antithetical to the neutral adjudication of disputes, and ethical rules regularly decry such "appearance of bias." Yet WIPO seems to think it perfectly natural to crow about its arbitrators' favoritism for complainants against "cybersquatters" in UDRP proceedings. It issued a release that reads like a solicitation for trademark claimants' business, not a promotion of neutral arbitration services... more
Despite the significant traffic that comes from typed-in domain names, the public harumphing and clucking about type-in traffic is climbing in volume as it becomes clear how much money is involved. Articles this week show that domain names, and the people who make money on them, are making some commentators uncomfortable. more
The UN's WSIS Prepcomm in Geneva has ended on a divided note. The US Government's Ambassador Gross pre-announced war-cry "The United Nations will not be in charge of the Internet. Period." had been met by a nearly unanimous global response from nations for some sort of government control of the Internet on a multilateral basis. A raft of proposals to alter the current situation are on the table -- most of them fairly benign, but none supportive of the indefinite continuance of unilateral US control of the root zone authorisation. more
The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more
Yesterday, the IESG, the group that approves RFCs for publication received an appeal from Julian Mehnle to not to publish the Sender-ID spec as an experimental RFC due to technical defects. IESG members' responses were sympathetic to his concerns, so I'd say that a Sender-ID RFC has hit a roadblock. The problem is simple: Although Sender-ID defines a new record type, called SPF 2.0, it also says that in the absence of a 2.0 record, it uses the older SPF1 record. Since SPF and Sender-ID can use the same records, if you publish an SPF record, you can't tell whether people are using it for SPF or Sender-ID. Ned Freed commented... more
After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn't include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows. more
I've mentioned before that there is something special about the .net top level domain - in particular .net is the place where the legacy root DNS servers and most of the TLD servers are to be found. Thus, if .net were to wobble there is more than a strong chance that the DNS root and other TLDs would also begin to wobble. This kind of cross-dependency is something that A) is a risk to overall internet stability and B) is something that ICANN seems utterly unable to perceive. more
The NANOG list yesterday was the virtual equivalent of a nearby nocturnal car alarm: "panix.com has been hijacked!" (whoo-WEE, whoo-WEE); "those jerks at VeriSign!" (duhhhhh-WHEEP, duhhhh-WHEEP); "no one's home at Melbourne IT!" (HANK, HANK, HANK, HANK). Finally, on Monday morning in Australia, the always-competent and helpful Bruce Tonkin calmly fixed the situation. So the rest of us can get some sleep now. But as we nod off in the quietness, let's consider just exactly what happened here. more
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. But e-mail sender authentication alone won't solve the Net's fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there's another meeting, in Cape Town, South Africa, that could make even more of a difference...but it probably won't. more
A World-Renowned Source for Internet Developments. Serving Since 2002.