Internet and e-mail policy and practice
including Notes on Internet E-mail


2006
Months
Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed

Add to My Yahoo!

Subscribe with Bloglines


[Valid RSS]

Home

28 Dec 2006

Earthquake in Asia, Spam Plummets Email
An earthquake on Tueday near Taiwan caused widespread disruption to telephone and Internet networks. The quake affected an area of the sea bottom with a lot of undersea cables that broke, and since there is only a limited number of cable repair ships, it will take at least weeks to fish them up and splice them.

See more ...


posted at: 11:48 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/earthquake.trackback

16 Dec 2006

In the UK, it's illegal to sell sucker lists to pornographers Email
In a story reported yesterday at
Out-Law.com, and in the Milton Keynes local paper, Microsoft win a suit against Paul McDonald (a/k/a Gary Webb) for illegally selling e-mail addresses.

See more ...


posted at: 22:17 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/ukporn.trackback

12 Dec 2006

Oklahoma Anti-Spammer Loses Big in Court Email
In November, Mark Mumma, who runs a little design firm at webguy.com, lost an appeal in the Fourth Federal Circuit. He'd filed suit against cruise.com and their parent Omega World Travel under CAN SPAM and an Oklahoma anti-spam law. Omega countersued for defamation. The court threw out Mumma's case, and allowed part of the defamation case to proceed. At first blush, this looks like a big win for spammers.

See more ...


posted at: 16:30 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/mumma.trackback

We're from the Government, and We're Here to Spam You Email
I was somewhat surprised to get spam last week from the United States Postal Service. It was advertising a new feature of Click-N-Ship, a web shipping service, sent to an address that I think I gave them when I signed up to try out some other online system for validating postal mail addresses. The message did not have the postal mailing address of the sender (pretty ironic, huh?) nor opt-out instructions, both of which are mandatory under CAN SPAM. Did the USPS break the law?

See more ...


posted at: 16:18 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/govtspam.trackback

16 Nov 2006

Dog Eats Opt-Out Requests, FTC Is Not Impressed Email
Last week the Federal Trade Commission
settled a lawsuit against Yesmail, a large ESP (Email Service Provider). The facts of the case are not in dispute, but their meaning is.

See more ...


posted at: 21:26 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/yesmail.trackback

Huge Increase in Spam in October Email

You may have read reports that the total amount of spam is on the decline. Don't believe them. In the month of October, I saw the amount of spam in my traps here roughly double, from about 50,000 per day to 100,000/day now. In conversations with managers at both ISPs and corporate networks, I'm hearing the same thing. One corporate network has gone from about 12 million spam rejects a month in June and July to 28 million in October. The very large mail systems don't publish their numbers, but they tell me informally they're seeing the same thing.

So far, nobody can figure out why. Perhaps we have a new generation of zombies, so numerous that price has dropped and spammers can buy twice as many of them. But whatever it is, if anyone tells you that the worst of spam is over, they're just wrong.

Update on Nov 15th: There's been yet another huge spike in spam today, even beyond last month's level. I noticed it overwhelming my modest servers, and friends at both corporate mail systems and large ISPs say they've seen it, too. We can only deal with so many doublings of the spam load before there just isn't enough hardware and software to handle it.


posted at: 21:26 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/morespam.trackback

08 Oct 2006

ICANN ALAC Doesn't Like The Proposed *.travel Wildcard ICANN
In case you missed it, .travel is yet another new domain intended for the travel industry.
Tralliance, the shell organization that runs .travel, asked ICANN for permission to add a top level wildcard similar to the one in the obscure .museum domain, and the one that Verisign briefly added to .com as their notorious Sitefinder product.

See more ...


posted at: 21:00 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/travelstar.trackback

20 Sep 2006

Spamhaus Loses Court Case for $11 Million, Except They Didn't Email
Reports in the press have been saying that the
Spamhaus Project lost an $11 million dollar lawsuit in Chicago to mailer e360 Insight. Technically it's true, in reality, it's not.

See more ...


posted at: 01:42 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/shdef.trackback

Abuse.net gets blacklisted Email

I run a service called abuse.net that provides a contact database for people to use to report spam and other network abuse. One of the ways people can use it is to register and then forward mail through it, so that for example mail to furble.net@abuse.net is remailed to whatever the abuse contact is for furble.net.

Last Friday (while I was on the way to a meeting at an undisclosed location east of Seattle) someone sent me a note telling me that mail sent through abuse.net was bouncing:

See more ...


posted at: 01:15 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/spamcop.trackback

10 Sep 2006

Pump and dump still works Email
In July I
wrote about a paper on pump and dump spam by Böhm and Holz. A more recent paper by Frieder and Zittrain takes a more detailed look and comes to the same conclusion, that pump and dump works for the spammers.

See more ...


posted at: 16:19 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/morepump.trackback

29 Aug 2006

More on domain tasting ICANN

The ICANN ALAC, of which I am a member, has been thinking about what our position should be on domain tasting. (Since we are supposed to represent the interests of at-large users, i.e., everyone other than the special insterests, feel free to add your opinions.)

We started by trying to figure out what the problem is that we're worried about. There is a meaningful difference between domain monetization and domain tasting.

See more ...


posted at: 21:05 :: permanent link to this entry :: 2 comments
Trackback link is http://jl.ly/ICANN/taste.trackback

26 Aug 2006

How much do you think a .ORG, .BIZ, or .INFO domain costs? ICANN
Whatever you think the answer is (typically about ten bucks), the answer is likely to change radically for the worse, based on new contracts that ICANN is planning to approve. On July 28th ICANN posted
proposed new contracts for .ORG, .BIZ, and .INFO, for a public comment period that ends four days from now, on the 28th. There's a lot not to like about these proposed contracts, but I will concentrate here on two related particularly troublesome areas, pricing and data mining.

See more ...


posted at: 15:58 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/squeezem.trackback

17 Aug 2006

Cameroon *.CM wildcard--it's baaack ICANN

Today the wildcard is back in all but one of the CM name servers, again pointing at the same server in Canada that doesn't identify itself but has a big link farm of Overture pay-per-click links.

Also, Appolinaire Noumbi, who identifies himself as the Chairman, Federation of Cameroonian Engineers, has posted a most peculiar personal page at Circle ID.

I still think that it is not a fundamentally bad idea for Cameroon to take advantage of its typographic proximity to .COM, but an anonymous junk parking page is not the way to do it.


posted at: 23:29 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/cameroon4.trackback

12 Aug 2006

Making DKIM More Useful with Domain Assurance Email
The IETF
DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a messge from fred@furble.net, the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in.

See more ...


posted at: 01:30 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/dac.trackback

11 Aug 2006

Cameroon *.CM wildcard is gone ICANN

As of this morning there's no longer a wildcard in the CM zone. Perhaps Mr. Noubi will be able to give us the background.


posted at: 09:20 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/cameroon3.trackback

10 Aug 2006

More Developments with the *.CM wildcard ICANN

As of 9 Aug, the typosquat domains at Rackspace have all stopped working. They still have entries in .CM, but the Rackspace servers to which they are delegated no longer have data for them. Wow, people actually read my blog.

Also, there are some interesting comments both on my blog entry as well as on the original Circle ID message from Appolinaire Noumbi, who says he is the Chairman of the Cameroon Federation of Engineers, asking for help to understand and fix the problem.

See more ...


posted at: 00:03 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/cameroon2.trackback

09 Aug 2006

Has Your Browser Been to Cameroon Lately? ICANN
A recent
message on Circle ID notes that Cameroon in west Africa has added a wild card to its .CM country domain. This means that anyone who tries to type something.com into his browser and types something.cm instead will in most cases end up at the web site the wild card points to, similar to what Verisign did with their infamous Sitefinder a few years ago. (I say most, because if you type the name of an actual .cm domain, you'll end up at that domain. More about that later.)

See more ...


posted at: 23:02 :: permanent link to this entry :: 3 comments
Trackback link is http://jl.ly/ICANN/cameroon.trackback

08 Aug 2006

More top level wildcards ICANN
With all of the recent excitement about *.cm, the Cameroonian wildcard that someone is using to collect vast numbers of mistyped .com addresses, I wondered how many other wildcards there were at the DNS top level. There's a total of 13.

See more ...


posted at: 23:15 :: permanent link to this entry :: 3 comments
Trackback link is http://jl.ly/ICANN/morewild.trackback

03 Aug 2006

Internet Governance for Dummies ICANN

I spoke last year at the Oxford Internet Institute on Internet Governance for Dummies, trying to lay out both what on the 'net needs governing (IP addresses and domains, if you know what they are), and who governs it, mostly ICANN with a large set of supporting characters.

They taped it, so you can visit the OII's web page for the talk where you can choose streaming video or downloadable MP4's.

When I returned this year the OII people told me that this is one of their most popular videos. Let me know whether or not you like it.


posted at: 23:34 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/igov4dum.trackback

Internet Security: Legend or Myth ICANN

In late June I paid a visit to the Oxford Internet Institute, where they offered me the chance to talk about whatever I wanted. This year's talk was on Internet Security: Legend or Myth. The blurb said:

The Internet is sort of like a town where your local crack house can put up a front window that looks just like Boots, and teenagers can hotwire most people's cars and start playing bumper cars on the M40. Is this a place that anyone would want to visit, much less live in? What can we do about it?

I thought it went pretty well, but you can watch it and decide for yourself. Visit the OII's web page for the talk where you can choose streaming video or downloadable MP4's.

Free video bonus: at the beginning of the talk, Ted Nelson introduces me.


posted at: 23:26 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/ICANN/legendormyth.trackback

29 Jul 2006

It's not spam because we're nice Email
Here are some excerpts from an all too typical exchange I recently had with an e-mail service bureau (usually called an ESP for Email Service Provider.) It started when I sent them a boilerplate spam complaint, one of about a thousand a day I send for spam that either hits my spamtraps or gets caught in the spam filters.

See more ...


posted at: 21:54 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/notspam.trackback

20 Jul 2006

Another try at proof-of-work e-postage Email
Another paper from the
Fifth Workshop on the Economics of Information Security, (WEIS 2006) is Proof of Work can Work by Debin Liu and L, Jean Camp of Indiana University. Proof of work (p-o-w) systems are a variation on e-postage that uses computation rather than money. A mail sender solves a lengthy computational problem and presents the result with the message. The problem takes long enough that the sender can only do a modest number per time period, and so cannot send a lot of messages, thereby preventing spamming. But on a net full of zombies, proof of work doesn't work.

See more ...


posted at: 21:25 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/hashpow.trackback

Does pump and dump spam work? Email
I've been reading some of the very interesting papers from the
Fifth Workshop on the Economics of Information Security, (WEIS 2006), held last month in Cambridge (UK). Rainer Boehme and Thorsten Holz's paper The Effect of Stock Spam on Financial Markets is the first analysis I have seen of pump and dump spam, and comes to the dismaying conclusion that it works.

See more ...


posted at: 19:37 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/pumpndump.trackback

19 Jul 2006

What's up with DKIM Email
The DKIM working group in the IETF has been making good progress. We now have a draft of
an overview document as well as an updated and, with any luck, final version of the threats document. The main spec for DKIM signatures seems to be close enough to done for a "last call" for complaints and comments.

See more ...


posted at: 00:44 :: permanent link to this entry :: 2 comments
Trackback link is http://jl.ly/Email/dkimietf67.trackback

08 Jun 2006

How much money do spammers make? Email
News reports say that high profile Ryan Pitylak was fined $10 million by the Texas Attorney General. A few days ago, he paid a $1M settlement to Microsoft. Since it had been widely reported that he'd made between $3M and $4M during his spamming career, that seemed like a pretty good deal for him. As I commented to the San Antonio Express, this new fine is more in line with what he did, and at least relieves him of all his ill-gotten gains.

See more ...


posted at: 11:14 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/pitylak.trackback

17 May 2006

Blue Security Is Kaput Email

Wired reports that Blue Security shut down yesterday. It's a little hard to make sense of the explanations offered, but as best I can make out, after Blue Security's clumsy attempts to deal with a denial of service attack clobbered several other web sites, the owners appear to have pulled the plug.

The investors say the technology has other uses, so we may not have heard the last of this bad idea.


posted at: 02:42 :: permanent link to this entry :: 2 comments
Trackback link is http://jl.ly/Email/deadblue.trackback

12 May 2006

March of the Frogs Email
As I predicted last week in
this blog entry on Blue Security, the Frog's fans leapt to its defense, with a blizzard of more or less interchangable outraged messages, often refuting points I never made. Oddly, very few comments appeared on the recent message that was at the top of the blog's home page, but instead on an earlier message I wrote last July. Huh?

See more ...


posted at: 00:40 :: permanent link to this entry :: 33 comments
Trackback link is http://jl.ly/Email/froggers.trackback

03 May 2006

Spam defense or video game? Email
The blogosphere is abuzz with stories about an allegedly titanic battle between Blue Security and some spammers. Blue Security, as you probably know, distributes a freeware program called Blue Frog that is supposed to crush spammers by hammering on their web sites with gazillions of opt out requests or something like that. For a variety of reasons, the mainstream anti-spam community has never thought much of this approach, but every criticism only leads Blue Frog's partisans to leap ever more forcefully to its defense. (See, for example, the comments on
my note about them last year, and the comments that will doubtless be posted on this message, too.) This latest round made me realize that Blue Frog makes perfect sense if you think of it as a video game, or perhaps a fashion accessory, rather than as an anti-spam tool.

See more ...


posted at: 00:30 :: permanent link to this entry :: 23 comments
Trackback link is http://jl.ly/Email/bluefog.trackback

24 Apr 2006

Better automated abuse reporting with ARF Email
Since we know we're not going to find a
FUSSP any time soon, anti-spam efforts are concentrating on incremental efforts to make the current mail system, messy though it is, work better. Dealing with abuse reports is a particularly messy and labor-intensive area that desperately needs more automation.

See more ...


posted at: 01:08 :: permanent link to this entry :: 3 comments
Trackback link is http://jl.ly/Email/arf.trackback

07 Apr 2006

California Frets about Goodmail Email

On Monday the 3rd, California state Senator Dean Flores held a hearing of the E-Commerce, Wireless Technology, and Consumer Driven Programming committee grandly titled AOL: You Have Certified Mail, Will Paid E-mail Lead to Separate, Unequal Systems or is it the Foolproof Answer to Spam?. The senator's office said they were very eager to have me there, to the extent they offered to fly me out from New York, so since I happened to be on the way home from ICANN in New Zealand that weekend, I took a detour through Sacramento. Sen. Florez conducted the hearing, with Sens. Escutia and Torlakson sitting in briefly. Unfortunately, Sen. Bowen, who is very well informed on these topics, wasn't there.

There were five panels of speakers, and I got to lead off.

See more ...


posted at: 08:43 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/casenate.trackback

19 Mar 2006

Google Wins an Easy One Copyright Law
Last week a court in Philadelphia dismissed a 2004 case filed by Gordon Roy Parker. In
the decision the judge threw out the entire case alleging copyright infringement, defamation, invasion of privacy, and a grab bag of other complaints.

See more ...


posted at: 14:06 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Copyright_Law/googleparker.trackback

12 Mar 2006

Wow, that's creepy

Last week I had lunch with an old friend who designs and sells video chips.

He told me about an RFP they got from a large retailer. (He didn't say which one.) They want to install a grid of little cameras on the ceiling of their stores that can track people as they walk around the store, starting from when they walk in the door until they leave. The grid would be self-organizing, adjacent cameras talking to each other and handing off trackees to each other. It couldn't recognize people, although if you buy something with something other than cash, it'd know who you were from that transaction. This isn't intended for loss control (retailese for shoplifting) but more for marketing. They could, for example, rent a rack in a prominent position to a supplier, and charge them by the number of people who stop to look at it.

But wait, there's more!

See more ...


posted at: 10:14 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/creepy.trackback

16 Feb 2006

Reflection on new TLDs ICANN
While pondering the renewal prospects for the three sponsored TLDs, .aero, .museum, and .coop, I went back and looked at the original applications for those and also for the unsponsored TLDs approved at the same time, .BIZ, .INFO, .NAME, and .PRO. Two lessons leapt out at me

See more ...


posted at: 22:01 :: permanent link to this entry :: 5 comments
Trackback link is http://jl.ly/ICANN/tldreflec.trackback

14 Feb 2006

How Bad is Goodmail? Email
Goodmail Systems made a big splash last week when AOL and Yahoo announced that they will be giving preferential treatment to mail that uses Goodmail's CertifiedEmail service, claiming (implausibly) that this has something to do with stopping spam.. Since Goodmail charges senders for each message, some people see this as the end of e-mail as we know it. I have my concerns about Goodmail, but a lot of the concerns are either overblown or based on bad reporting.

See more ...


posted at: 14:33 :: permanent link to this entry :: 2 comments
Trackback link is http://jl.ly/Email/goodmail.trackback

01 Feb 2006

More TLDs: why and how ICANN

This is a joint posting; John Levine is posting it to his blog and Paul Hoffman is posting it to his blog.

Susan Crawford, a new member of the ICANN board, asked about auctions and lotteries for new gTLDs. Lots of people responded in the comments, and then the two of us kind of took over. We have now stopped, and are posting here.

See more ...


posted at: 14:10 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/ICANN/whydom.trackback

30 Jan 2006

Court rules for Google in cache copyright case Copyright Law

In a widely noted decision, a Nevada judge has handed down a ruling in favor of Google in a case in which attorney Blake Field sued Google for copyright infringement due to Google's web page cache keeping copies of his material. Read comments by the EFF, Red Herring, and Larry Lessig's blog.

I am Google's technical expert in the case, and as you might expect, I am pleased that the judge found our position, including my report and declaration, so persuasive.


posted at: 02:28 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Copyright_Law/field.trackback

18 Jan 2006

DKIM and Mailing Lists Email
It's fairly straightforward to see how DKIM applies to normal mail--I send the mail, my mail system signs it, you get it, and you check the signature from my mail system. But it's a lot less clear what the best approach is for mailing lists, the discussion type that forward messages from members out to the list.

See more ...


posted at: 17:18 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/dkimlists.trackback

06 Jan 2006

DKIM working group chartered Email
The IETF finally chartered a working group to create a DKIM standard earlier this week. See
this notice which includes the text of the charter and the rather aggressive schedule:

See more ...


posted at: 14:29 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/dkimcharter.trackback

02 Jan 2006

Time to renew .coop, .museum, and .aero ICANN
Way back in 2000-2001, ICANN approved a handful of new top level domains, and entered into agreements with their promoters. Three of the sponsored domains, are coming up for renewal next year, so they've sent in their
renewal proposals. A sponsored domain is one that restricts who can register to members of a particular community, in this case respectively co-ops, museums, and the airline industry. Let's take a look and see how they're doing.

See more ...


posted at: 08:57 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/ICANN/stldrenew.trackback

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Can big companies stop being hacked?
2 days ago

A keen grasp of the obvious
In keeping with the theme of this blog
13 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2014 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.