Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Content inspection is a poor way to recognise spam, and the proliferation of image spam recently drums this home. However if one must use these unreliable techniques, one should bring mathematical rigour to the procedure. Tools like SpamAssassin combine content inspection results, with other tests, in order to tune rule-sets to give acceptable rates of false positives (mistaking genuine emails for spam), and thus end up assigning suitable weights to different content rules. If one is going to use these approaches to filtering spam, and some see it as inevitable, one better know one's statistics... more
We have posted our support of the WHOIS Policy Review Team Report with two important comments. First, on page 79 of the report it is confirmed that the RAA is unenforceable on WHOIS inaccuracy (we wrote about this while at the last ICANN meeting) because the language of RAA 3.7.8 has no enforcement provision. It is now time for ICANN to confirm this problem officially. more
The first week in July I went to an acronym-heavy World Symposium on the Internet Society Thematic Meeting on spam in Geneva. A few people have reported this as a meeting by "the UN", which it wasn't. Although the International Telecommunications Union is now part of the UN, it dates back to an 1865 treaty to manage international telegraph communication... more
With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more
For some time now I have contended that Confirmed Opt-in, 'COI' is dead, or at the very least on life support. It certainly is not a major factor in the continued relation between sender and receiver; that relies far more heavily on the ongoing and historical reputation of the mailer and the mail stream. Proof of permission doesn't scale; end-users complain all the time, but it is rare if not impossible for a receiving site to request proof when an end-user complains, then the receiver complains to the sender, and the sender says that permission was actually in place. Much more commonly, the sender unsubscribes the address and moves on, permission or not, since the subscriber doesn't want the mail any more. But then, I recently had two eye-opening experiences... more
A recent statement released by the U.S. Federal Trade Commission emphasized that the Whois databases should be kept "open, transparent, and accessible," allowing agencies like the FTC to protect consumers and consumers to protect themselves: "In short, if ICANN restricts the use of Whois data to technical purposes only, it will greatly impair the FTC's ability to identify Internet malefactors quickly -- and ultimately stop perpetrators of fraud, spam, and spyware from infecting consumers' computers," the statement states." more
CAUCE, the Coalition Against Unsolicited Commercial Email, has looked back at the notable events of the last decade in our industry. Each year/link in the post explodes to a discrete blog entry with a month-by-month break-out of notable events. more
The best part is ... this isn't one of those 'now that I've got your attention' tricks, like one of those old "free beer" posters; there really is a ton of stuff happening above the 49th parallel this summer. To begin with, as a precursor to Canada's Anti-spam Law coming into effect later this year, the Office of the Privacy Commissioner, the Canadian Radio-television Telecommunications Commission, and Industry Canada have all issued regulations, the latter two in draft form with an RFC. more
Since its launch in October, 2004 Project Honey Pot has made some interesting progress in their war against spam email. The project is a distributed system used to identify spammers and spambots operating across the Internet. To put it simply, Project Honey Pot lays millions of traps around the Internet (66,393,293 as of this writing) baited with specific email addresses that are configured to forward received emails to the Project Honey Pot system. Since these are not email addresses used by real individuals virtually every email received is positively identified as spam. more
New research has uncovered evidence of spammers establishing their own fake URL-shortening services for the first time. According to the latest MessageLabs Intelligence report, shortened links created on these fake URL-shortening sites are not included directly in spam messages; instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. "Rather than leading directly to the spammer's final Web site, these links actually point to a shortened URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's final Web site." more
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. But e-mail sender authentication alone won't solve the Net's fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there's another meeting, in Cape Town, South Africa, that could make even more of a difference...but it probably won't. more
Last Friday, Microsoft made an unsolicited offer to buy Yahoo for $31 per share, representing over a 50% premium from Yahoo's then-share price. As an employee working for Microsoft in Exchange Hosted Services (i.e. spam filtering), I'd like to comment on this buyout offer. Leaving aside the question of whether or not this is a good deal for shareholders and what Microsoft's true motivations are for buying Yahoo (namely, to become the number 2 player in the search market), I'd like to look at it from an anti-spam point of view. more
Goodmail Systems made a big splash last week when AOL and Yahoo announced that they will be giving preferential treatment to mail that uses Goodmail's CertifiedEmail service, claiming (implausibly) that this has something to do with stopping spam... Since Goodmail charges senders for each message, some people see this as the end of e-mail as we know it. I have my concerns about Goodmail, but a lot of the concerns are either overblown or based on bad reporting... more
A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more
A message on Dave Farber's Interesting People list complained that Comcast was blocking mail forwarded by DynDNS, a popular provider of DNS and related services for small-scale users... Actually, they're blocking it because a lot of it is spam. This is a problem that every mail forwarder and every mail system encounters; the only unusual thing here is that DynDNS is whining about it. It's yet another way that spammers have broken the mail for the rest of us. more
A World-Renowned Source for Internet Developments. Serving Since 2002.