A recent statement released by the U.S. Federal Trade Commission emphasized that the Whois databases should be kept "open, transparent, and accessible," allowing agencies like the FTC to protect consumers and consumers to protect themselves: "In short, if ICANN restricts the use of Whois data to technical purposes only, it will greatly impair the FTC's ability to identify Internet malefactors quickly -- and ultimately stop perpetrators of fraud, spam, and spyware from infecting consumers' computers," the statement states." more
CAUCE, the Coalition Against Unsolicited Commercial Email, has looked back at the notable events of the last decade in our industry. Each year/link in the post explodes to a discrete blog entry with a month-by-month break-out of notable events. more
With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more
Since its launch in October, 2004 Project Honey Pot has made some interesting progress in their war against spam email. The project is a distributed system used to identify spammers and spambots operating across the Internet. To put it simply, Project Honey Pot lays millions of traps around the Internet (66,393,293 as of this writing) baited with specific email addresses that are configured to forward received emails to the Project Honey Pot system. Since these are not email addresses used by real individuals virtually every email received is positively identified as spam. more
For some time now I have contended that Confirmed Opt-in, 'COI' is dead, or at the very least on life support. It certainly is not a major factor in the continued relation between sender and receiver; that relies far more heavily on the ongoing and historical reputation of the mailer and the mail stream. Proof of permission doesn't scale; end-users complain all the time, but it is rare if not impossible for a receiving site to request proof when an end-user complains, then the receiver complains to the sender, and the sender says that permission was actually in place. Much more commonly, the sender unsubscribes the address and moves on, permission or not, since the subscriber doesn't want the mail any more. But then, I recently had two eye-opening experiences... more
We have posted our support of the WHOIS Policy Review Team Report with two important comments. First, on page 79 of the report it is confirmed that the RAA is unenforceable on WHOIS inaccuracy (we wrote about this while at the last ICANN meeting) because the language of RAA 3.7.8 has no enforcement provision. It is now time for ICANN to confirm this problem officially. more
Goodmail Systems made a big splash last week when AOL and Yahoo announced that they will be giving preferential treatment to mail that uses Goodmail's CertifiedEmail service, claiming (implausibly) that this has something to do with stopping spam... Since Goodmail charges senders for each message, some people see this as the end of e-mail as we know it. I have my concerns about Goodmail, but a lot of the concerns are either overblown or based on bad reporting... more
Last Friday, Microsoft made an unsolicited offer to buy Yahoo for $31 per share, representing over a 50% premium from Yahoo's then-share price. As an employee working for Microsoft in Exchange Hosted Services (i.e. spam filtering), I'd like to comment on this buyout offer. Leaving aside the question of whether or not this is a good deal for shareholders and what Microsoft's true motivations are for buying Yahoo (namely, to become the number 2 player in the search market), I'd like to look at it from an anti-spam point of view. more
On Monday the 3rd, California state Senator Dean Flores held a hearing of the E-Commerce, Wireless Technology, and Consumer Driven Programming committee grandly titled AOL: You Have Certified Mail, Will Paid E-mail Lead to Separate, Unequal Systems or is it the Foolproof Answer to Spam?. The senator's office said they were very eager to have me there, to the extent they offered to fly me out from New York, so since I happened to be on the way home from ICANN in New Zealand that weekend, I took a detour through Sacramento. Sen. Florez conducted the hearing, with Sens. Escutia and Torlakson sitting in briefly. Unfortunately, Sen. Bowen, who is very well informed on these topics, wasn't there. There were five panels of speakers, and I got to lead off... more
A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more
Yesterday -- in a unanimous decision of the US Federal Court of Appeals for the DC Circuit (CADC) in ASTM v. Public.Resource.Org --- some of the worst standards paywalls came tumbling down. The court definitively determined that where governmental authorities incorporate private organisation technical standards into law by reference, non-commercial dissemination of those standards "constitutes fair use and cannot support liability for copyright infringement." more
A message on Dave Farber's Interesting People list complained that Comcast was blocking mail forwarded by DynDNS, a popular provider of DNS and related services for small-scale users... Actually, they're blocking it because a lot of it is spam. This is a problem that every mail forwarder and every mail system encounters; the only unusual thing here is that DynDNS is whining about it. It's yet another way that spammers have broken the mail for the rest of us. more
NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting. .. One of the more memorable sides in this presentation was a reference to "map" drawn by Charles Minard in 1869 describing the statistics relating to the Napoleonic military campaign in Russia, and the subsequent retreat. more
Engineers in the Internet Engineering Task Force, in the Messaging Anti-Abuse Working Group, and elsewhere have been debating how to handle e-mail-server blocklists in an IPv6 network. Let's take a look at the problem here. We basically have three ways to address spam, in our goal of reducing the amount of spam in our inboxes... more
The Federal Trade Commission and NIST had a two-day Authentication Summit on Nov 9-10 in Washington DC. When they published their report explaining their decision not to create a National Do Not Email Registry, the FTC identified lack of e-mail authentication as one of the reasons that it wouldn't work, and the authentication summit was part of their process to get some sort of authentication going. At the time the summit was scheduled, the IETF MARID group was still active and most people expected it to endorse Microsoft's Sender-ID in some form, so the summit would have been mostly about Sender-ID. Since MARID didn't do that, the summit had a broader and more interesting agenda. more
A World-Renowned Source for Internet Developments. Serving Since 2002.