Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more
After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more
I finally got the "official" word from Vint Cerf of ICANN, "on the record", who confirmed that my interpretation is correct, that differential/tiered pricing on a domain-by-domain basis would not be forbidden under the .biz/info/org proposed contracts. This means that the registries could charge $100,000/yr for sex.biz, $25,000/yr for movies.org, etc. if they wanted to -- it would not be forbidden the way the proposed contracts are currently written. This would represent a powerful pricing weapon for registries, and a fundamental shift in possible domain name pricing, that could lead them to emulate .tv-style price schedules. It doesn't mean they will necessarily do it, but it's not forbidden. When a contract doesn't forbid something bad, it implicitly allows it... more
The first salvo on NANOG this morning in response to the launch of OpenDNS was a predictable lambasting along the lines of "here comes SiteFinder II". Fortunately the follow-ups were quick to point out that OpenDNS was a far cry from SiteFinder for the obvious reason that people have the choice to use it, nobody had a choice with SiteFinder. ...the real magic here can come from it's use in phishing mitigation. more
MAAWG is the Messaging Anti-Abuse Working group. It was started by Openwave, a vendor that sells e-mail hardware and software to large ISPs and originally consisted only of Openwave customers, but has evolved into an active forum in which large ISPs and software vendors exchange notes on anti-spam and other anti-abuse activities. Members now include nearly every large ISP including AOL, Earthlink, Yahoo, Comcast and Verizon is a member, along with ESPs like Doubleclick, Bigfoot, and Checkfree, and vendors like Ciscom, Ironport, Messagelabs, Kelkea/Trend, and Habeas. They've also been quietly active in codifying best practices and working on some small but useful standards like a common abuse reporting format. more
There are many companies in the spam-fighting business and most, if not all, claim to be hugely successful. Yet spam is exponentially more prevalent today than it was just 2 years ago. How can one conclude that today's anti spam solutions are working? This year spammers will use machine-generated programs to send trillions of unsolicited email. Thankfully, a new anti-spam technology has made its way into the market. more
Many of my friends in the civil-liberties and Internet-law communities have been criticizing the Internet Society's agreement to sell the Public Interest Registry, which administers the .ORG top-level domain. I'm a free-speech guy, so I support their right to raise all these criticisms. But they often ask me directly – knowing that my track record as an Internet civil-libertarian is longer than most – why as a member of the Internet Society (a.k.a. ISOC) board I decided to join the board's unanimous approval of the deal. more
At the outset of the Internet Engineering Task Force (IETF) 100th meeting, a decidedly non-technical initial "Guide for human rights protocol considerations" was just published. Although the IETF has always remained true to its DARPA origins as a tool for developing disruptive new technical ideas, it launches into bizarre territory when dealing with non-technical matters. more
ICANN has recently stated that it will allow the public to register plural and singular gTLDs that are variants of words already registered as domain names. .Books will be able to join the currently allocated .book, and .pet will be able to join .pets. Of course, a pair like .blue and .blues, two words that look alike but have different meanings, isn't at issue here. The focus is just plurals and singulars. But that leaves plenty of room for trouble, and ICANN has to tackle some tough questions now, before the policy launch. more
There were long faces all over the new gTLD ecosystem yesterday -- applicants, consultants and technical operators alike -- when ICANN took their Application System (TAS) offline and announced that it would not be brought back up for 5 days. As a result, the long-anticipated close of the first new gTLD application window was pushed back from April 12 to April 20, 23:59 UTC. You could almost hear the groans of dismay spreading over social cyberspace! more
You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. more
Note: this is an update on my earlier story, which incorrectly said that the AP reported that Chairman Martin was seeking to impose "fines" on Comcast. In fact, the story used the word "punish" rather than "fine," and a headline writer at the New York Times added "penalty" to it "F.C.C. Chairman Favors Penalty on Comcast" (I won't quote the story because I'm a blogger and the AP is the AP, so click through.) Much of the initial reaction to the story was obviously colored by the headline. more
Comcast's furtive and undisclosed traffic manipulation reminds me of a curious, red herring asserted by some incumbent carriers and their sponsored researchers: that without complete freedom to vertically and horizontally integrate the carriers would lose synergies, efficiencies and be relegated to operating "dumb pipes."... Constructing and operating the pipes instead of creating the stuff that traverses them gets a bad rap. It may not be sexy, but it probably has less risk. But of course with less risk comes less reward, and suddenly no one in the telecommunications business is content with that. So incumbent carriers assert that convergence and competitive necessity requires them to add "value" to the pipes. more
Just when you thought the .xxx affair couldn't get any worse, it does. I'm beginning to think that ICANN's approach to TLD approval was cooked up by a demented sergeant from Abu Ghraib... Now, after the triple x people negotiated with ICANN's staff a contract that met all prior objections, and heads into what should be its final approval, word is that a few ICANN Board members are leaning in a negative direction. What is the reason? A group of pornographers has organized a campaign against .xxx, flooding ICANN's comment box with overwhelmingly negative remarks. more
The new and proposed ICANN registry contracts contain no definite price terms, and thus permit potential tiered pricing on a per domain name basis. This has raised concern within the community that a registry operator might abuse its sole source position to engage in pricing practices detrimental to registrants. ...Notwithstanding the possibility of tiered pricing on a per domain name basis in connection with the recently executed sponsored registry contracts (.MOBI, .JOBS, .TRAVEL, .CAT, and .TEL), there have been numerous comments submitted in connection with this possibility in connection with the proposed contracts for the .BIZ, .INFO and .ORG registry contracts. There were four messages that motivate me to write this article... more