Thank Heavens for Class Action Lawyers

If you had an e-mail address any time in the past six years, you've probably gotten spam for something called VigRX for Men, with fairly specific promises that it will make you, ah, manlier. I always wondered how many nitwits could fall for this kind of nonsense. Thanks to a recent class action settlement, we now know that there have been quite a lot of them. A class action suit filed in 2001 in Colorado settled recently, with some quite amazing info in the documents available at http://lemsettlement.com. LEM stands for Leading Edge Marketing, the name used by the defendants for several companies in the US, Canada, and the Bahamas. more

DMARC: New Email Authentication Protocol

A consortium of companies including Google, Microsoft, Facebook and Paypal have announced that they were collaborating and coming up with a new protocol known as DMARC -- the Domain-based Message Authentication, Reporting and Conformance. What is DMARC? more

Are Botnets Really the Spam Problem?

Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more

Now Available - A Trend Chart Tracking DNSSEC Validation Globally

How can we track the amount of DNSSEC validation happening globally? Is there a way we can see the trend over time to (we hope!) see validation rise? At the recent excellent DNSSEC Workshop at ICANN 50 in London Geoff Huston let me know that his APNIC Labs team has now created this exact type of trend chart. more

Failure in ICANN’s Governance Framework

The legitimacy of the ICANN multistakeholder model and its governance framework are facing an existential threat requiring immediate attention. The recently announced results of the ICANN Nominating Committee highlight how the ICANN Board is captured by "affiliated" directors, which threatens its independence and ability to act for the public interest. more

Why Has ICANN Cut Subsequent TLD Round Preparations From Its Budget?

As we approach another ICANN meeting and another opportunity for our community to come together to discuss, collaborate and work, there is naturally a flurry of activity as stakeholders push for a spot on the agenda for their key areas of interest. And in the midst of current discussions, particularly around important topics like GDPR, it's easy for other vital conversations to be missed. more

The Continued Rise of Phishing and the Case of the Customizable Site

We’ve noted in previous CSC studies that phishing continues to be an extremely popular threat vector with bad actors and shows no signs of subsiding in part, because of the COVID–19 pandemic and the rise in popularity of remote working. Indeed, the most recent figures from the Anti-Phishing Working Group (APWG) show that the numbers of phishing attacks are higher than ever before, with the quarterly total of identified unique phishing attacks exceeding 1 million for the first time in Q1 2022, and over 600 distinct brands attacked each month. more

AI Initiatives at the US Post Office: Final Rethink Before We Dissolve It!

MIT released a comical study in May of 2020 on the historical innovation accomplishments, and the potential logistical endeavors brought to light by the beleaguered United States Postal Service. The apparent scholarly article cited several technological implementations and employee empowered frameworks that could define the USPS's plight over the next five years. These frameworks, through FY2025, mention a postal-banking initiative and two AI autonomous vehicles initiatives. more

Anatomy of a Domain Name Land Rush

The launch of a new or repurposed Top-Level Domain (TLD) is always surrounded with speculative activity. Some domainers will register domains in the new TLD with hopes of getting rich quick. Others will do so because the same domain in .com is worth a lot of money. And then there are the developers who see the prospect of building a carefully branded website in the new TLD. And with all those proposed new generic Top-Level Domains (gTLDs), this cycle will be repeated. But what does a Domain Name Land Rush look like? more

Meta Lawsuit Leads to Significant Decline in Phishing Domains Tied to Freenom

A lawsuit filed by Meta has led to a significant decrease in phishing websites tied to the domain name registrar Freenom. Cybersecurity expert Brian Krebs in a report on Friday said that Freenom, which provides free domain name registration services, was a favored resource for cybercriminals due to its policy of protecting customer identities. more

Civil Society Cautions Against ICANN Giving Governments Veto Over Geographic Domain Names

A group of twenty-four civil society organizations and individuals today submitted a joint statement regarding a proposal from an ICANN Governmental Advisory Committee (GAC) sub-group on the use of "geographic names" in top-level domains. The joint civil society statement cautioned against the adoption of the GAC proposal that would give governments veto power on domains that use "geographic names." more

How Spam Has Damaged Mail Forwarding - And Ways to Get Around It

Courtesy forwards have been a standard feature of e-mail systems about as long as there have been e-mail systems. A user moves or changes jobs or something, and rather than just closing the account, the mail system forwards all the mail to the user's new address. Or a user with multiple addresses forwards them all to one place to be able to read all the mail together. Since forwarding is very cheap, it's quite common for forwards to persist for many years. Unfortunately, forwarding is yet another thing that spam has screwed up. more

WLS & Recourse to the DOC

ICANN's recently posted "Seventh Status Report" states: "ICANN's Board of Directors voted 14-1 to take no action in response to the request, on the grounds that the decision to allow the Wait-Listing Service to be offered was not a threat to competition...".

Several firms that currently offer competing services have signaled (pdf) that they are not in agreement with this assessment. more

Old Cloud vs. New Cloud

Images of clouds have been used when discussing networks for quite some time. When traditional telecoms companies were selling point-to-point circuits a drawing of a cloud was sometimes used. The cloud symbol helped indicate the provider?s domain of responsibility, effectively hid the internal complexity of the network and focused on the end user. This was all fine when the product offered was an end-to-end circuit. more

SPIT is in Everyone’s Mouth, Though Not Yet in Everyone’s Ears

Spam over Internet Telephony (SPIT) is viewed by many as a daunting threat. SPIT is much more fatal than email spam, for the annoyance and disturbance factor is much higher. Various academic groups and the industry have made some efforts to find ways to mitigate SPIT. Most ideas in that field are leaning on classical IT security concepts such as intrusion detection systems, black-/white-/greylists, Turing tests/computational puzzles, reputation systems, gatekeeper solutions, etc... We identified the lack of a benchmark testbed for SPIT as a serious gap in the current research on the matter, and this motivated us at the to start working on a first tool for that. more