There Is No “Spam Problem”

This month I thought I could feel smug, deploying Postfix, with greylisting (Postgrey), and the Spamhaus block list (SBL-XBL) has reduced the volume of unsolicited bulk commercial email one of our servers was delivering to our clients by 98.99%. Alas greylisting is a flawed remedy, it merely requires the spambots to act more like email servers and it will fail, and eventually they will... more

WIPO Crowing Again About “Cybersquatting”

Most of us would be put off if a court issued a press release cheering the number of prisoners its judges had put behind bars or the number of tenants it had helped landlords to evict. That seems antithetical to the neutral adjudication of disputes, and ethical rules regularly decry such "appearance of bias." Yet WIPO seems to think it perfectly natural to crow about its arbitrators' favoritism for complainants against "cybersquatters" in UDRP proceedings. It issued a release that reads like a solicitation for trademark claimants' business, not a promotion of neutral arbitration services... more

New Internet Study Finds Web and Streaming Higher Than P2P Traffic

ipoque, a European deep packet inspection hardware provider has published an Internet study for 2008/2009 providing an overview of the Internet's current state based on analyzing 1.3 petabytes of Internet traffic -- "the amount of data equal to 300,000 DVDs" -- in eight regions of the world (Northern Africa, Southern Africa, South America, Middle East, Eastern Europe, Southern Europe, Southwestern Europe, Germany). The study includes the use of about 100 of the most popular Internet protocols including P2P, VoIP, media streaming, instant messaging. more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

Maybe the IETF Won’t Publish SPF and Sender-ID as Experimental RFCs After All

Yesterday, the IESG, the group that approves RFCs for publication received an appeal from Julian Mehnle to not to publish the Sender-ID spec as an experimental RFC due to technical defects. IESG members' responses were sympathetic to his concerns, so I'd say that a Sender-ID RFC has hit a roadblock. The problem is simple: Although Sender-ID defines a new record type, called SPF 2.0, it also says that in the absence of a 2.0 record, it uses the older SPF1 record. Since SPF and Sender-ID can use the same records, if you publish an SPF record, you can't tell whether people are using it for SPF or Sender-ID. Ned Freed commented... more

Internet Governance Outlook 2023: Will “Digital Coop-Frontation” Become the “New Normal”?

In 2022, the Internet world was shaken by big contradictions. On the one hand, efforts to constitute a stable and secure framework for a safe cyberspace made substantial progress. The UN got a new Tech Envoy. The UN-based Internet Governance Forum (IGF) got a "Leadership Panel." The UN negotiations on cybersecurity and cybercrime produced constructive interim results. more

Zuccarini To Receive 30 Months in Prison

In a Press Release issued yesterday, February 26, 2004, it has been announced that Zuccarini (background here) will receive 30 months in prison for violating the Truth in Domain Names Act. At least two of the domain names mentioned in the press release, DINSEYLAND.COM and BOBTHEBIULDER.COM appear to have been registered by third parties and are pointing to pages of links... more

Top Domain Name News Stories of 2006

Record-breaking domain sales, acquisitions, and growing industry credibility all highlight a critical year for the domain name industry. The domain name industry had a heck of a year. It's impossible to rank the top news stories of 2006, but I'm going to make an attempt... Let's talk about it before the end of the year; then let's look forward to a fantastic 2007. more

Assault on State Censorship at the IGF

Knee-jerk UN haters in the US are fond of pointing horrified fingers at the presence of China, Syria and other authoritarian states whenever global governance is mentioned. See for example Declan McCullough's slanted piece in CNET. They might be surprised to learn that the UN Internet Governance Forum has opened the opportunity for a major assault on Internet blocking and filtering, and put repressive governments on the defensive by heightening awareness of the practice and pressuring them to justify it or change it... more

At the Moment, No One Governs the Internet

What's remarkable about this moment is that the hot potato of DNS standard-setting is still up in the air. The US government didn't want to appear to be in charge, and wanted to convince European governments that it wasn't in charge, and so it created (or called for the creation of) ICANN. ICANN was designed to keep other governments at bay. ICANN has, however, no particular delegated power beyond that accorded to it by the contracts it has signed with registries and registrars. In fact, it can't have more power than that, because if it pretends to be a regulatory agency it should be complying with the APA -- and if it pretends to be a regulator its private nature probably violates US law in a number of respects. more

80% of Spam Originating from Home PCs

The majority of spam -- as much as 80 per cent of all unsolicited marketing messages sent -- now emanates from residential ISP networks and home user PCs. This is due to the proliferation of spam trojans, bits of surreptitious malware code embedded in residential subscriber PCs by worms and spyware programs. Worm attacks are growing in frequency because they provide a fast means of infecting a vast number of computers with spam trojans in a very short period of time. It's no surprise that many service providers report an upsurge in spam traffic immediately following a worm attack. more

Is Industry Underestimating the Ending Dot?

According to RFC1034, "cnn.com" and "cnn.com." should be the same domain names. However, it doesn't appear that programmers always understand that trailing dots can be added to domain names. Web servers also can't seem to agree what to do with a period at the end of a host name. IIS, thttp, and Akamai's Web server all get confused while Apache doesn't seem to care. How much other software behaves incorrectly because of a trailing period on a domain name? Can spam-filtering software be bypassed with dotted email addresses? Here is a situation when bad things can happen -- "WebShield SMTP infinite loop DoS Attack"... more

ICANN UDRP and Contract Disputes

When domain name conflicts between manufacturers and distributors rest on contractual disputes over the use of the trademark owners' marks, ICANN UDRP panels have frequently denied relief. See generally the cases cited and discussed in Western Holdings, LLC v. JPC Enterprise, LLC d/b/a Cutting Edge Fitness and d/b/a Strivectin SD Sales & Distribution, D2004-0426 (WIPO August 5, 2004) by Mark Partridge as sole panelist. The decision summarizes other ICANN UDRP decisions involving contractual disputes. For instance... more

Legal Controls on Extreme End-to-End Encryption (ee2ee)

One of the most profoundly disruptive developments occurring in the cyber security arena today is the headlong rush by a set of parties to ubiquitously implement extreme End-to-End (e2e) encryption for communication networks using essentially unbreakable encryption technology. A notable example is a new version of Transport Layer Security (TLS) known as version 1.3. The activity ensues largely in a single venue... more

Google Voice Dispute Highlights an Opportunity for Mobile Network Operators

The recent row between Google, Apple and AT&T concerning the removal of Google Voice from the Apple iPhone store highlights the friction existing between network operators and so-called over the top (OTT) application providers. Most observers believe that AT&T initiated the blockade because Google Voice (which offers free or highly discounted calling rates) is a direct threat to AT&Ts call revenue (Google Voice users need only pay AT&T for access to the Internet). more