Spam

Spam / Most Commented

Fight Spam With the DNS, Not the CIA

It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.

MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
 more

When DNSBLs Go Bad

I have often remarked that any fool can run a DNS-Based Blacklist (DNSBL) and many fools do so. Since approximately nobody uses the incompetently run black lists, they don't matter. Unfortunately, using a DNSBL requires equally little expertise, which becomes a problem when an operator wants to shut down a list. When someone sets up a mail server (which we'll call an MTA for Mail Transfer Agent), one of the tasks is to configure the anti-spam features, which invariably involves using DNSBLs. more

Accountability, Transparency, and… Consistency?

ICANN Compliance now has two conflicting answers on record concerning the enforceability of RAA 378 on WHOIS inaccuracy. This is a topic of extreme importance and one we are trying to get to the bottom of. ...inconsistency needs to be resolved as it directly impacts the current RAA negotiations and certainly before new gTLDs are deployed. more

Independence and Security Online Have Not Yet Been Won

As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more

Bit.ly Gets You Blocked

URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things... Making URLs shorter was their original role, and it's why they're so common in media where the raw URL is visible to the recipient -- instant messaging, twitter and other microblogs, and in plain text email where the "real" URL won't fit on a single line. From the moment they were invented they've been used to trick people to click on links to pages they'd rather not visit... more

Garth Bruen Discussing Whois, DNSSEC and Domain Security

NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years. more

Oh, Spammer, Where Art Thou?

A few weeks ago, I posted a piece on where individuals spammers were located in terms of sending IP. The United States was number 1, followed by China. This is in terms of total volume of spam that they send. However, a second piece of data that I did not take a look at was where all of the individual spam sites contained within the spam was located. For example, does a lot of spam sent from the United States point to spammy URLs hosted in China? more

A Few Thoughts on the Future of Email Authentication

With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more

Facebook Wins $800M Against Spammer. So What?

In a widely reported court case, Facebook won an $800M default judgment and injunction against a Montreal man named Adam Guerbuez, who has a long and sordid history. But it probably won't make any difference. The problem is that he's in Canada. more

Users Don’t Like Forwarded Spam

A message on Dave Farber's Interesting People list complained that Comcast was blocking mail forwarded by DynDNS, a popular provider of DNS and related services for small-scale users... Actually, they're blocking it because a lot of it is spam. This is a problem that every mail forwarder and every mail system encounters; the only unusual thing here is that DynDNS is whining about it. It's yet another way that spammers have broken the mail for the rest of us. more

Are Botnets Run by Spy Agencies?

A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more

Earthquake in Asia, Spam Plummets

An earthquake on Tuesday near Taiwan caused widespread disruption to telephone and Internet networks. The quake affected an area of the sea bottom with a lot of undersea cables that broke, and since there is only a limited number of cable repair ships, it will take at least weeks to fish them up and splice them. more

Chinese Alternate Root as a New Beginning and Real Internet Governance

I suppose not many have been listening to Paul Vixie or surfing from China, I have done both. The Chinese "alternate root" has been going on for a while. China is creating an alternate root, which it can control while using the Chinese language. I doubt I need to tell any of you about ICANN, VeriSign, Internet Governance, alternate roots or the history of these issues. Everyone else will. Unlike most of my colleagues, I hold a different opinion on the subject and have for some time. China launches an alternate root? It's about time they do, too! more

The Politics of Email Authentication, 2006 Edition

A student at a well-known US university wrote me and asked whether, given the huge national interest in getting the industry to unite behind (at least) one format, did I think that the FTC should've played a stronger role in pushing the industry to adopt an authentication format? I said: Nope. Part of the reason it's taking so long to agree on a standard is that the process is infested with academic theoreticians who are more interested in arguing about hypotheticals and pushing their pet spam solutions than in doing something useful... more

Actions Required by Developing Economies Against Spam

My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers. "Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere..." more