The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a message from [email protected], the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in... more
The International Telecommunication Union (ITU), held an ITU WSIS Thematic Meeting on Countering Spam from 7 to 9 July 2004, in Geneva, Switzerland. The meeting was focused around various topics including: Scope of the problem, Technical solutions, Consumer protection and awareness, Legislation and enforcement, and International cooperation. The following is a report by William J. Drake, Senior Associate International Centre for Trade and Sustainable Development in Geneva. more
The Whois Task Force of the Domain Name Supporting Organization (DNSO) has been consulting with registrars over the past few months on the Whois accuracy issue for law enforcement. The Task Force has enumerated three primary areas of interest: accuracy, uniformity, and better searching capabilities. When the registrars met with the Task Force in Shanghai, a fourth area of interest was also brought forward and advocated by many of the registrars at the meeting as paramount to the other three areas. This fourth area of interest was privacy. more
DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have gathered a great deal of expertise running them. Over the next decade or two mail will probably move to IPv6. How will running IPv6 DNSBLs differ from IPv4? There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make some extrapolations from the IPv4 experience. more
It seems to be impossible to implement a law against spam - unsolicited bulk email - without making a hash of it. At best, anti-spam laws are ineffective; at worst, they cause more problems than spam itself. Can technology fare any better? ...But despite this flurry of initiatives, we are yet to see a definitive answer to the spam problem. An Anti-Spam Technical Alliance has been formed by Microsoft, America Online, Yahoo! and EarthLink, but these companies continue to proffer competing solutions. Meanwhile, the technology being deployed in the spam wars is causing collateral damage, in the form of 'false positives' - email that is incorrectly categorised as spam, and so never reaches its intended recipient. more
While conventional cyber attacks are evolving at breakneck speed, the world is witnessing the rise of a new generation of political, ideological, religious, terror and destruction motivated "Poli-Cyber™" threats. These are attacks perpetrated or inspired by extremists' groups such as ISIS/Daesh, rogue states, national intelligence services and their proxies. They are breaching organizations and governments daily, and no one is immune. more
All effective spam filters use DNS blacklists or blocklists, known as DNSBLs. They provide an efficient way to publish sets of IP addresses from which the publisher recommends that mail systems not accept mail. A well run DNSBL can be very effective; the Spamhaus lists typically catch upwards of 80% of incoming spam with a very low error rate. DNSBLs take advantage of the existing DNS infrastructure to do fast, efficient lookups. A DNS lookup typically goes through three computers... more
This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux. more
This is, of course, about the recent NYT article that showcases the results of Prof Stefan Savage and his colleagues from UCSD/Berkeley. As my good friend and longtime volunteer at CAUCE, Ed Falk, points out, this is a great find, but hardly a FUSSP. The nice thing about the fight against bots and spammers is these little victories people on "our" side keep having in an endless series of skirmishes and battles... more
Neil Schwartzman writes: "The Canadian Radio-television and Telecommunications Commission's (CRTC's) Chief Compliance and Enforcement Officer today issued a Notice of Violation to Compu-Finder, which includes a penalty of $1.1 million, for breaking Canada's anti-spam law. Compu-Finder has 30 days to submit written representations to the CRTC or pay the penalty. It also has the option of requesting an undertaking with the CRTC on this matter." more
ICANN is clearly changing with the new CEO making immediate changes to the organizational structure and Compliance announcing a number more effective tools and procedures at Sunday's At-Large Advisory Committee (ALAC) and Regional Leadership Meetings. It seems very ambitious and they will need to be because our year-long research, publicly distributed here for the first time, shows a complete breakdown in ICANN's Compliance functions on every level possible. more
To paraphrase an old Klingon proverb, there can be no spam solution, so long as e-mail is free. Yahoo has unveiled plans to launch its Domain Keys software as an open-source toolkit in 2004. The intent is to allow developers of major e-mail systems to integrate Yahoo's public/private key authentication system into their own software and thus create momentum for a standard whose raison d'etre is identify verification. This is a commendable effort, but a closer look reveals that it will not only not stop the spam problem, it may have almost no effect at all. more
Micorsoft has released a 253 page cybersecurity ebook primarily intended for teens but also serves as a useful resource for adults interested in overall understanding of various Internet security topics. more
The Canadian Radio-television and Telecommunications Commission (CRTC) today announced that Plentyoffish Media Inc. has paid $48,000 as part of an undertaking for an alleged violation of Canada's anti-spam legislation. more
From time to time, a party can get out of control. Raucous celebration can become careless, even destructive. Combine a critical number of young people, a certain amount of beer and lots of music and damage often happens. Partygoers leave a mess behind them. The same thing happens to some IP addresses. Malicious actors use IP addresses properly registered to someone else. more
A World-Renowned Source for Internet Developments. Serving Since 2002.