The Seventh Circuit has issued its opinion in the continuing saga of E360 Insight vs. the Spamhaus Project. While it is not a complete victory for Spamhaus, they did about as well as anyone could have hoped for under the circumstances. E360 won on the procedural issue, while Spamhaus won on the substance. The procedural issue was whether the default judgement against Spamhaus was properly granted last September. The court session was so odd that the appeals decision quotes several pages of the transcript. more
The following speech was prepared with the intention of using portions of it during the FTC Spam Summit, but CAUCE was not given the opportunity to participate due to time constraints... "I am here today to question. Yesterday we heard how the tenor of the discussion about spam became more mature. How, in the period of time that has elapsed since the last summit, things have developed as an industry. That may be true, but I question if the discussion at hand here this week is truly a big tent effort. I see few anti-spammers here..." more
In my day job I run one of the largest registrars / resellers of IE domains (the IE ccTLD is the domain name for Ireland). In the course of doing that I have spent quite a lot of time becoming accustomed to the rules and regulations that govern both the naming and general registration criteria of IE domains. In some cases I can understand why rules are the way they are, whereas in others I am completely baffled... more
As Antonios Broumas has correctly observed, the Internet Governance Forum (IGF) begins life in Athens next week without the means for its participants to agree upon any substantive documents such as resolutions or declarations. Indeed, according to Nitin Desai, the Chairman of its Advisory Group, it is impossible for the IGF to make any decisions, as it "is not a decision-making body. We have no members so we have no power to make decision."... more
It's no surprise that Google has been sued again for trademark infringement, but the basis of this lawsuit is surprising. Rather than another lawsuit over the sale of trademarked keywords to deliver ads (along the lines of the GEICO, American Blinds, Rescuecom and JTH Tax cases, or the dozens of international lawsuits), this lawsuit is based on a Blogspot blog URL. Because of its comparative novelty, this lawsuit raises some complex and unsettled legal issues. more
There is considerable coverage this morning (or this evening in Tunis) on the last minute WSIS deal struck yesterday. The gist of the coverage rightly reports that the U.S. emerged with the compromise they were looking for as the delegates agreed to retain ICANN and the ultimate U.S. control that comes with it (note that there is a lot in the WSIS statement that may ultimately prove important but that is outside the Internet governance issue including the attention paid to cybercrime, spam, data protection, and e-commerce). This outcome begs the questions -- what happened? And, given the obvious global split leading up to Tunis, what changed to facilitate this deal? more
This month I thought I could feel smug, deploying Postfix, with greylisting (Postgrey), and the Spamhaus block list (SBL-XBL) has reduced the volume of unsolicited bulk commercial email one of our servers was delivering to our clients by 98.99%. Alas greylisting is a flawed remedy, it merely requires the spambots to act more like email servers and it will fail, and eventually they will... more
After Two Security Assessments I Must Be Secure, Right? Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. When the final report came in, your company was given a clean bill of health. At first, you felt relieved, and confident in your security measures. Shortly thereafter, your relief turned to concern. ...Given you're skepticism, you decide to get one more opinion. ...And the results were less than pleasing. more
In many respects the internet is going to hell in a hand basket. Spam, phishing, DNS poisoning, DDoS attacks, viruses, worms, and the like make the net a sick place. It is bad enough that bad folks are doing this. But it is worse that just about every user computer on the net offers a nice fertile place for such ill behavior to be secretly planted and operated as a zombie under the control of a distant and unknown zombie farmer. ...Some of us are coming to the converse point of view that the net is being endangered by the masses of ill-protected machines operated by users. more
While everything seemed fine and various participants in these discussions were celebrating the merger of these proposals into one, as well as the support of Microsoft in this endeavor, there was an elephant in the room so to speak, and a rather large one at that. When the original Caller-ID proposal was published, a patent license came along with it. Microsoft indicated that they were planning on filing patents on Caller-ID or some of its aspects, and offered a royalty-free license for the use of their intellectual property. There was some talk about the incompatibility of the license with open source software, including comments from Eben Moglen of FSF and Richard Stallman, but Microsoft employees assured the MARID WG that the licensing issue would be resolved in time for the San Diego meeting. Except that it wasn't. more
Spam these days is more than an annoyance -- it increasingly carries malware payloads that can do serious damage to your PC, steal your identity, or turn your PC into a zombie that carries out denial of service attacks. So anything that law enforcement can do to fight spam should be a good thing, right? Well, not quite, as I'll explain. more
I'm sitting here at the Inbox conference on e-mail, and listening to an encouraging, plays-nicely-with-other-children talk from Ryan Hamlin, GM of anti-spam technology and strategy at Microsoft. Over the past couple of months, with evidence abounding at this conference, a number of big industry players have been getting together to fight spam. Most significantly, Microsoft, Yahoo! and AOL - plus a bunch of (other) ISPs are getting together behind a single standard for "Sender ID " - (actually, server authentication) name not yet determined... more
More than 200 leaders from government, business and civil society attended the Global Forum on Internet Governance, held on 25 and 26 March 2004 and organized by the United Nations Information and Communication Technologies (ICT) Task Force. The forum, held at United Nations Headquarters in New York, was intended, according to a UN press release, "to contribute to worldwide consultations to prepare the ground to a future Working Group on Internet Governance to be established by Secretary-General Kofi Annan, which is to report to the second phase of the World Summit on the Information Society (Tunis, 2005)". more
If you analyze the relay of spam- and malware-containing email circulating on the Internet purely through your mail server logs (running the Unix command "tail"), a large proportion seem to come from Asia Pacific hosts, especially those from mainland China. Therefore, many less-experienced systems administrators have simply blocked the access from subnets of Chinese or Asian origin, effectively destroying the fabric of the Internet -- messaging. If administrators took pains to analyze these supposedly Asian spam messages by analyzing the full Internet headers, they would have realized that the Asian servers were merely used by the real spammers as open relays, or perhaps as zombie hosts previously infected with the mass mailing worms through the exploitation of operating system vulnerabilities. more
There are indications that the Internet, at least the Internet as we know it today, is dying. I am always amazed, and appalled, when I fire up a packet monitor and watch the continuous flow of useless junk that arrives at my demarcation routers' interfaces. That background traffic has increased to the point where it makes noticeable lines on my MRTG graphs. And I have little reason for optimism that this increase will cease. Quite the contrary, I find more reason to be pessimistic and believe that this background noise will become a Niagara-like roar that drowns the usability of the Internet. And the net has very long memory... more