Domain Ads Generating Twice the Conversion Rate of Search Ads

A case study by Efficient Frontier mentions how using the Google Adsense for Domains network doubled the conversion ratio of search ads for their clients. According to their website, "Efficient Frontier manages more than $400 million in annual PPC spend under management, counts 80 of the top 500 search advertisers as clients and manages over 30 million keywords"... "When we analyzed the results, we were shocked. We didn't expect to see that domain park sites can bring in the quality of traffic necessary..." more

Will Arrest Stem Tide of Spam?

Legitimate email marketers, anti-spam groups and beleaguered recipients got a bit of good news with the arrest last week of a man described as one of the world's most prolific spammers. Robert Alan Soloway, 27, dubbed "the Seattle Spammer" by federal officials, was indicted on 35 charges related to fraudulent Internet activities. Soloway pleaded not guilty to all charges at his May 30 arraignment. You can read more here. Although it's always great when a notorious spammer gets put out of business, such actions probably won't result in a drop in the amount of spam that gets sent... more

Book Review: Sex.com by Kieren McCarthy

On the face of it, Kieren McCarthy's Sex.com was a book that could have written itself: a notorious, well-publicised feud over the most valuable domain name in existence, between two charismatic men -- one a serial entrepreneur with a weakness for hard drugs (Gary Kremen), the other a gifted con-man with delusions of grandeur (Stephen Cohen). It's a story replete with vicious acrimony, multi-million dollar lawsuits, and rumours of gunfights between bounty hunters in the streets of Tijuana. Thankfully, McCarthy wasn't content to just bundle together all the articles he's written about Sex.com over the years and slap a cover on the front... more

Put Security Alongside .XXX

Isn't security as important to discuss as .XSS? The DNS has become an abuse infrastructure, it is no longer just a functional infrastructure. It is not being used by malware, phishing and other Bad Things [TM], it facilitates them. Operational needs require the policy and governance folks to start taking notice. It's high time security got where it needs to be on the agenda, not just because it is important to consider security, but rather because lack of security controls made it a necessity. more

Ongoing Internet Emergency and Domain Names

There is a current ongoing Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated. This incident is currently being handled by several operational groups. This past February, I sent an email to the Reg-Ops (Registrar Operations) mailing list. The email, which is quoted below, states how DNS abuse (not the DNS infrastructure) is the biggest unmitigated current vulnerability in day-to-day Internet security operations, not to mention abuse. more

Please, Keep the Core Neutral

Many in the technical community attribute the rapid growth and spread of the Internet to innovation that took place at the "edge" of the network, while its "core" was left largely application neutral to provide a universal and predictable building block for innovation. It is this core neutrality that provides a basis for the security and stability of the Internet as a whole. And it is this same core neutrality that is critical to the continued spread of the Internet across the Digital Divide. Unfortunately, when the politics of censorship rather than solely technical concerns drive the coordination of these "core" Internet resources, it threatens the future security and stability of the Internet. This paper proposes a paradigm upon which all the governments of the world have equal access to these core Internet resources to empower them and their citizens with the rights acknowledged in the WSIS Declaration of Principles. more

If ICANN’t Keep a Contract, Let the Public Enforce It

Earlier in the Registerfly controversy, ICANN Vice President Paul Levins posted to the ICANN Blog: "ICANN is not a regulator. We rely mainly on contract law. We do not condone in any way whatsoever RegisterFly's business practice and behaviour." This is disingenuous. ICANN is the central link in a web of contracts that regulate the business of domain name allocation. ICANN has committed, as a public benefit corporation, to enforcing those contracts in the public interest. Domain name registrants, among others, rely on those contracts to establish a secure, stable environment for domain name registration and through that for online content location. more

ICA Questions ICANN on RegisterFly

The Internet Commerce Association sent this letter to ICANN yesterday in regard to the RegisterFly situation: "I am writing to you in my capacity as Counsel to the Internet Commerce Association (ICA), a non-profit trade association dedicated to promoting and protecting the rights of domain name (DN) owners... It has come to our attention that an ICANN-accredited registrar is in the midst of what appears to be a near-complete operational breakdown, and that its ongoing failure to carry out its responsibilities is causing substantial economic loss to tens of thousands of DN registrants in both the United States and multiple foreign jurisdictions." more

How Many Bots? How Many Botnets?

We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more

Picking Domain Names by Search Results

There is a definite advantage to knowing what users look for when typing in domain names that they think should work. This article from Government Computer News shows an excellent example in .gov. "600,000 visitors a year to FirstGov try to find the federal government's Web site by typing USA.gov into their browser", so they switched from firstgov.gov to usa.gov. It wasn't mentioned in the article, but firstgov.gov redirects automatically; this is more intelligence than I normally expect from US government web sites. more

Web Server Botnets and Server Farms as Attack Platforms

Are file inclusion vulnerabilitiess equivalent to remote code execution? Are servers (both Linux and Windows) now the lower hanging fruit rather than desktop systems? In the February edition of the Virus Bulletin magazine, we (Kfir Damari, Noam Rathaus and Gadi Evron (me) of Beyond Security) wrote an article on cross platform web server malware and their massive use as botnets, spam bots and generally as attack platforms. Web security papers deal mostly with secure coding and application security. In this paper we describe how these are taken to the next level with live attacks and operational problems service providers deal with daily. more

Trench Warfare in the Age of The Laser-Guided Missile

The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more

Europeans Moderate GAC Principles, But…

A U.S.-led Task Force in ICANN's Governmental Advisory Committee (GAC) released version 3 of its "Whois Principles" in preparation for the ICANN meeting in Brazil, where it will be debated and finalized. European countries pushed back against U.S. Government efforts to stop ICANN from respecting privacy concerns in its handling of domain name registrant contact data... more

ISOC-NY Panel: The Future of WHOIS Policy (Webcast)

The Metropolitan NY Chapter of the Internet Society continued its popular series of public events at the Jefferson Market library in Greenwich Village with a panel discussion on WHOIS policy, moderated by Danny Younger. This is a contentious issue, involving tradeoffs between privacy, anonymity, and accountability. more

JPA Agreement: Will it Change the Problems With the UDRP?

It was rather interesting to read this new agreement between the USDoC and ICANN talking about the mechanisms, methods and procedures necessary to effect the transition of Internet domain name and addressing system (DNS) to the private sector. What was more interesting though was to read in this very agreement the following: "...the Department continues to support the work of ICANN as the coordinator for the technical functions related to the management of the Internet DNS". OK, let's be honest! Technical? more