Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
In my spare time when I'm not dealing with the world of e-mail, I'm a politician so now and then I put on my cynical political hat. At the FTC Authentication Summit one of the more striking disagreements was about the merits and flaws of SPF and Microsoft's Sender-ID. Some people thought they are wonderful and the sooner we all use them the better. Others thought they are deeply flawed and pose a serious risk of long-term damage to the reliability of e-mail. Why this disagreement over what one might naively think would be a technical question? more
As a daily and enthusiastic reader of The New York Times, I was disappointed to read their February 1 article on CAN-SPAM entitled, "Law Barring Junk E-Mail Allows a Flood Instead" (subscription required). The theme of the article was, as the title suggests, that enacting CAN-SPAM was worse than having no laws at all. The article really missed the point on several fronts. more
There is much talk currently about the WSIS meeting taking place in Geneva this week which means some needed attention is being paid to Internet governance. While some may view the term "Internet governance" as an oxymoron and my natural reaction is something along the lines of "I hope that they continue to view regulation as too complicated so that we Internet-folks can just keep doing what we are doing" I confess to knowing deep down that we would all be better off with a simple, effective policy framework than with the current anarchic state. more
At the ENISA presentation on her botnet report at eco in Cologne, 9 and 10 March, one of the slots was dedicated to threats to the mobile environment. The message I was supposed to come home with was: we can still count the numbers of mobile viruses manually, <600; the problem will never be the same as on a fixed network as traffic is monitored and metered: We detect it straight away. We are studying the problem seriously. Are mobile operators really prepared for what is coming? more
The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more
I'm sitting here at the Inbox conference on e-mail, and listening to an encouraging, plays-nicely-with-other-children talk from Ryan Hamlin, GM of anti-spam technology and strategy at Microsoft. Over the past couple of months, with evidence abounding at this conference, a number of big industry players have been getting together to fight spam. Most significantly, Microsoft, Yahoo! and AOL - plus a bunch of (other) ISPs are getting together behind a single standard for "Sender ID " - (actually, server authentication) name not yet determined... more
Google News now shows more than 300 stories about Spamhaus, most about a proposed court order following a district court default judgment. To me, the most interesting is the meta-story -- why the non-event of a proposed order has the blogs scrambling with claims of constitutional crisis and even the notoriously close-lipped ICANN issuing an announcement "in response to community interest expressed on this topic." more
Have you ever found yourself blocked by a snowshoe spam filter or listed on a snowshoe blacklist? Or perhaps you've been told that one of your mailing practices makes you look like a snowshoe spammer? If so, you're probably wondering what snowshoe spam is, what you're doing to earn this reputation and what you should be doing differently. Here's a brief overview of the history of snowshoe and some suggestions on how to avoid being mistaken for a snowshoe spammer. more
Stratton Sclavos of VeriSign distills the essence of the SiteFinder controversy in his CNet interview...There is a subtle but essential misunderstanding here. Innovation can and should happen in Internet infrastructure, but there are a handful of core elements that must remain open and radically simple if the Internet is to remain, well, the Internet. These include TCP/IP, SMTP, HTTP, BIND, BGP, and the DNS (especially the .com registry). Any change in these protocols should be very carefully vetted through a consensus-based process. more
A week ago, Paul Vixie wrote a thoughtful piece on the morality of DDos, for both sides of the equation of the Wikileaks issues. In it he summarizes things nicely: "Denial of service is not merely a peaceful protest meant to garner attention for a cause. Denial of service is forcible and it is injurious. It is not like any form of civil disobedience, but rather it is criminal behaviour more like looting." Well said, Paul... more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more
I am at the ICANN meeting in Rome. The big story here is that ICANN is under attack for not sticking to its narrow mission -- technical coordination of the DNS and IP numbering system. People here are referring obliquely to the VeriSign lawsuit as "recent events" (as in "in light of recent events"). This euphemism reminds me of words used to reference the US Civil War ("the late unpleasantness"). more
It is with a heavy heart that we note the passing of a dear friend, colleague and member of the CAUCE board of directors, Don Blumenthal, on September 28, 2019, in Ann Arbor, Michigan. He was 67. Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous 'Spam Fridge,' the repository of junk email maintained by the Federal Trade Commission (FTC). more
The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more
A World-Renowned Source for Internet Developments. Serving Since 2002.