One of my pet peeves is the headline "n %" of email is spam, it is inherently misleading, and conveys no useful data. I guess it makes for great newspaper headlines then! On our servers looking at one email address for 4 hours, we saw 208 attempted connections for SMTP traffic referring to this email address. ...One can't measure spam in relation to the amount of genuine email, because the amount of genuine email is not connected to the amount of spam... more
It has taken almost three years -- by some counts, more than 6 years -- but ICANN's domain name policy making organization has finally taken a stand on Whois and privacy. And the results were a decisive defeat for the copyright and trademark interests and the US government, and a stunning victory for advocates of the rights of individual domain name registrants... more
The recent announcement in eWeek titled "Feds Won't Let Go of Internet DNS" (slashdotted here) has some major internet policy implications. The short, careful wording appears to be more of a threat to ICANN than a power grab. In short, the US Department of Commerce's (DOC) National Telecommunications and Information Administration (NTIA) announced that it was not going to stop overseeing ICANN's changes to the DNS root. ...Of course, they have done next to nothing to support DNSSEC or other proposal for securing the DNS, but it sounds reassuring. The last sentence shows that the Bush administration shares the Clinton administration's lack of understanding of how the internet should evolve... more
The long awaited Service Concession Contract to operate the .eu registry was signed yesterday (Oct. 12). Now the European Commission will formally notify ICANN of the selected registry operator allowing official negotiations to commence between EURid and ICANN to have .eu put in the root. According to the press release, registrations could begin in six to nine months... more
This morning, at 10 am in 2141 Rayburn, the Subcommittee on Courts, the Internet, and Intellectual Property is holding a hearing on "Internet Domain Name Fraud -- New Criminal and Civil Enforcement Tools." At that hearing, the Subcommittee will be considering a new Whois bill creating new penalties for people who provide false data when registering a domain name. We need to raise our collective eyebrows at this bill (which was suddenly dropped the evening before this hearing). The title of the bill is the "Fraudulent Online Identity Sanctions Act." (FOISA) more
ICANN has launched three task forces on WHOIS restructuring...It sounds innocuous enough -- nobody likes spam -- but the restrictions being discussed reach further than marketers. Pushed by registrars who feel that WHOIS amounts to forced disclosure of their customer lists, the task force is seriously discussing closing off port 43's straightforward access to WHOIS information, replacing it with GIF-based barriers or similar access restrictions. more
According to RFC1034, "cnn.com" and "cnn.com." should be the same domain names. However, it doesn't appear that programmers always understand that trailing dots can be added to domain names. Web servers also can't seem to agree what to do with a period at the end of a host name. IIS, thttp, and Akamai's Web server all get confused while Apache doesn't seem to care. How much other software behaves incorrectly because of a trailing period on a domain name? Can spam-filtering software be bypassed with dotted email addresses? Here is a situation when bad things can happen -- "WebShield SMTP infinite loop DoS Attack"... more
When it comes to stealing domain names, I suspect that there are two reasons why so many web bandits appear to be immune from ICANN (the Internet Corporation for Assigned Names and Numbers uses the acronym ICANN): the first reason I discussed in my last column on domain name theft (where I described a substantive void in domain name "regulation" as a primary factor for the increasing incidence of domain name theft), the second reason, which is the focus of this column, is the procedural anomaly that currently infuses ICANN's uniform dispute resolution process (UDRP) by providing no administrative forum for domain name registrants who become victims of domain name theft carried out by ICANN's registrars. more
ICANN has introduced the Registration Data Request Service (RDRS), offering a standardized way to request access to nonpublic data for generic top-level domains (gTLDs). more
Late last year, the U.S. Federal Trade Commission - the governmental arm responsible for protecting Americans from unfair trade practices -- opened a comment period on a proposed "Trade Regulation Rule on Impersonation of Governments and Businesses." It's no surprise that those who are victims of or are battling online impersonation saw this as an opportunity to highlight the importance of a working domain name registration data system ("WHOIS") ... more
The recent adoption at the end of December of the new EU Directive for a high level of cybersecurity across the Union -- commonly referred to as "NIS2" - paved the way for important updates to the domain name system (DNS). Most significantly, Article 28 of NIS2 and its related recitals resolved any ambiguities about the public interest served by a robust and objectively accurate WHOIS system that permits legitimate access by third parties to data... more
WHOIS is about to become even harder to find. ICANN has recently concluded long-delayed contract negotiations with industry meant to accommodate the technical migration from the WHOIS protocol to the Registration Data Access Protocol (RDAP). Instead of limiting the changes to what's necessary to implement the new technical protocol, the proposals effectively gut WHOIS, making it virtually impossible to find by eliminating web-based WHOIS access... more
After years of work on a proposed standardized system of WHOIS data disclosures (referred to as SSAD), and over a year of operational assessment of the proposal by ICANN itself, the ICANN Board seems poised to reject the proposal. And rightly so. The proposed SSAD is entirely watered down, fractured, and affords no oversight powers to ICANN regarding disclosure decisions that would continue to be left to the complete discretion of individual registrars (the very parties ICANN oversees). more
We're halfway into ICANN71, and early interactions are posing questions about ICANN Org's capability to carry out its mission to maintain an orderly domain name system (DNS). Or, if that's not the case, ICANN leadership seems bent on a hands-off approach to its oversight responsibilities to the DNS. For years now - years - the ICANN community has raised the volume level about acute issues -- a workable Whois management and access system (including clearly delineated controllership)... more
In the world of ICANN and Internet policy, complexity is manufactured to create an illusion that issues are impenetrably technical such that normal and everyday principles can't apply. This causes a pervasive and entrenched phenomenon of eyes that glaze over at the mere mention of the word "ICANN" -- including those of government regulators and other officials that might otherwise take more of an active interest. more
A World-Renowned Source for Internet Developments. Serving Since 2002.