|
|
|
Click the comments link on any story to see comments or add your own. Subscribe to this blog
|
26 Dec 2011
posted at: 23:40 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/Email/tcpfilter.trackback 17 Dec 2011
posted at: 14:46 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/ICANN/xxxzone.trackback 14 Dec 2011
A year and a half ago I blogged about my Capital One credit card's payment checks sent along with the monthly statement, that offered a free loan for about 45 days. Early last year I stopped because they sometimes bounce the checks even though the online statement says there's plenty of credit. Since then, they stopped sending the checks, but I found that I could point and click on their web site and have them mail me a check, payable to me.posted at: 13:20 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/Money/freeupdate.trackback 07 Dec 2011
posted at: 23:13 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/grey11a.trackback 21 Nov 2011
posted at: 23:24 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/ICANN/manwinsuit.trackback 19 Nov 2011
J D Falk, one of the best known people in the e-mail industry, died this week from cancer. Despite his youth (20 years younger than me) he had worked for nearly every important e-mail company, and accomplished as much as anyone. I couldn't possibly write as fine a remembrance as the one that Neil Schwartzman did, so please read it here. posted at: 14:42 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/jdfalk.trackback 15 Nov 2011
In a press release earlier this week, a long list of large US businesses and trade associations announced the formation of the Coalition for Responsible Internet Domain Oversight or CRIDO. It has long been apparent to me that ICANN stopped listening to all of the reasons that a flood of new TLDs is a bad idea, mesmerized by a combination of lobbying by parties that stand to profit from them, and the prospect of a torrent of cash for ICANN itself. It is a complete waste of time to try to use ICANN's own processes to make them stop and reconsider or even slow down a little. Although ICANN fancies itself to be a global-scope bottom-up, multi-stakeholder, consensus-based (is that enough hyphens?) organization, in fact it is a California not-for-profit corporation subject to US law. So the key facts about CRIDO are that a) they're in the US, and b) they represent organizations with a great deal of money and a great deal to lose from new TLDs. CRIDO clearly exists to force ICANN to defend its new TLD plans in US courts, and I look forward to the discovery stage in which we will with any luck learn more about the conflicts of interest by ICANN board and staff. Will we, for example, find out whether former ICANN board chair Peter Dengate Thrush already had a job offer from domain consultants Minds+Machines when he voted to approve new TLDs? Stay tuned. posted at: 10:14 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/ICANN/crido.trackback 09 Nov 2011
Greylisting is a hoary technique for rejecting spam sent by botnets and other poorly written spamware. When a mail server receives an attempt to deliver mail from a hitherto unseen sending host IP address, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail software does try again, at which point you note that the host knows how to retry and you don't greylist mail from that IP again. The theory is that spamware doesn't retry, so you won't get that spam. I wrote a paper on it for the 2005 CEAS conference, and concluded that conservative greylisters worked well. We've now been using greylisting for close to a decade, and some people have argued that it's no longer useful, since the bad guys could easily fix their spamware to retry, or since bots are so cheap, they could just send everything twice. So does it still work?posted at: 11:11 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/Email/grey11.trackback 18 Oct 2011
posted at: 01:13 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/mainsleaze.trackback 10 Oct 2011
A friend whose daughter just had yet another credit card cancelled and reissued due to online fraud asked me what she did that let bad guys steal her credit card. The answer is probably nothing. Bank security stinks, and large company security stinks more. For example, a few years ago someone stole 45 million card numbers from TJ Maxx, cards which as far as I can tell, the customers swiped at the register and never left their hands. Banks are figuring out that they need to do better, but they are ponderous, timid, and move in herds, so change comes slowly. I've seen estimates from well-informed people that crooks may have something like half of all credit card numbers issued in the US.posted at: 23:23 :: permanent link to this entry :: 1 comments Trackback link is http://jl.ly/Money/cards.trackback 22 Sep 2011
posted at: 19:49 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/Email/symantec.trackback 17 Sep 2011
posted at: 23:59 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign8.trackback 08 Sep 2011
In the previous installments, we've been looking at aspects of the design of the DNS. Many databases go to great effort to present a globablly consistent view of the data they control, since the alternative is to lose credit card charges and double-book airline seats. The DNS has never tried to to that. The data is roughly consistent, but not perfectly so.posted at: 10:15 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign4.trackback
In the previous installments, we looked at the overall design of the DNS and the way DNS name matching works. The DNS gains considerable administrative flexibility from its delegation structure. Each zone cut, the place in the DNS name tree where one set of DNS servers hands off to another, offers the option to delegate the administration of a part of the DNS at the delegation point. But for the delegation to work well, the delegation structure has to match the name structure.posted at: 10:13 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign3.trackback
posted at: 10:08 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign1.trackback 07 Sep 2011
posted at: 22:43 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign5.trackback
posted at: 22:23 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign6.trackback 06 Sep 2011
posted at: 00:44 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign7.trackback 26 Aug 2011
posted at: 14:02 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/dnsdesign2.trackback 17 Aug 2011
I've never claimed to be a marketing expert, but sometimes people leave me no choice. Last week I got a note from a friend who works at a national non-profit which is an umbrella organization for many local chapters, which we'll call the ABC. (The details are disguised for reasons that will shortly be apparent.) The national organization has contact information for most of the chapter members, so they can send them the magazine. They've asked for e-mail addresses, although they haven't done much with them so far. They also run mailing lists for the chapter officers and the like. So in last week's note, the friend said that they were thinking of starting an online newsletter, and would it be OK to send it to every address they have, or at least send an invitation to every address they have?. Of course not, that's Bad Marketer Syndrome.posted at: 16:23 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/bms.trackback 10 Jul 2011
posted at: 15:40 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/Email/i18n2.trackback
posted at: 15:40 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/i18n3.trackback 08 Jul 2011
Back when the Internet was young and servers came with shovels (for the coal), everyone on the net spoke English, and all the e-mail was in English. To represent text in a computer, each character needs to have a numeric code. The most common code set was (and is) ASCII, which is basically the codes used by the cheap, reliable Teletype printing terminals everyone used as their computer consoles. ASCII is a seven bit character code, code values 0 through 127, and it includes upper and lower case letters and a reasonable selection of punctuation adequate for written English. It also includes some obscure characters, such as @ which was chosen for the middle of e-mail addresses in part because it was on the ASCII keyboard and otherwise not much used. But nearly every other written language requires characters outside the ASCII set. On the modern Internet, mail users live in every country in the world and write in a vast array of languages, and e-mail has been slowly evolving to handle everyone else's language. In today's note I'll describe the changes already made to Internet mail to handle other languages, and in the next message I'll describe the work in progress to handle the last missing parts.posted at: 02:36 :: permanent link to this entry :: 1 comments Trackback link is http://jl.ly/Email/i18n.trackback 04 Jul 2011
In a previous message we looked at the question of how hard it will be to get IPv4 address space once the original supply runs out. Today we'll look at the other end of the question, how much v4 address space do people really need? The end to end principle says, more or less, that all computers on the Internet are in principle the same, any of them can be a server, any can be a client, and the Net should just be a dumb pipe between them, allowing people to invent new applications without having to get permission from, or even notify anyone in between. While this idea has great appeal, for consumers Internet connections, it's much more common to have several kinks in the pipe.posted at: 15:22 :: permanent link to this entry :: 5 comments Trackback link is http://jl.ly/Internet/v6incor2.trackback
Every packet of data sent over the Internet is sent from one IP address to another. The IP addresses in the Internet serve somewhat the same function as phone numbers in the US phone system, fixed length numeric identifiers where the first part tells what network the address is on. Since the dawn of the Internet in the early 1980s, the IP addresses in use have been IPv4, 32 bit addresses which means there are about 4 billion of them. Unless you've been living under a rock, you've doubtless seen reports that the supply of IPv4 addresses is running out. Earlier this month IANA, the master allocation authority, handed out the last so-called /8, a large chunk of 16 million addresses, to one of the regional address registries, and sometime months or perhaps a few years after that, the registries will hand out the last pieces of their chunks. Then what? The conventional wisdom is that everyone needs to support IPv6, a mostly compatible upgrade to IPv4 with much larger addresses, by the time the v4 space runs out. But I'm not so sure, particularly for e-mail.posted at: 15:22 :: permanent link to this entry :: 7 comments Trackback link is http://jl.ly/Internet/v6incor.trackback 27 Jun 2011
posted at: 23:31 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/Internet/nomorev4.trackback
posted at: 14:48 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/ICANN/tldchess.trackback 17 Jun 2011
In most parts of the world, people tend to use domain names in their country's top level domain. In the UK, it's whatever.co.uk, in Canada, it's whatever.ca, in Japan it's whatever.co.jp, and so forth. But in the US, most people use .COM rather than .US. Why? Back in 1992 and 1993, the then-powers that be in the Internet (mostly Jon Postel) decided to arrange the .US domain in a tidy geographic way. As laid out in RFC 1386 and RFC 1480, all registrations had to be of the form <name>.<place>.st.us, such as IBM.ARMONK.NY.US (an example they used.) Government agencies had their own pseudo-places, e.g., WWW.STATE.NY.US. The place names were cities, towns, counties, and such, with reasonable abbreviations allowed such as NYC.NY.US.posted at: 22:46 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/commreg.trackback 16 Jun 2011
I've been watching at the excitement build in the domain community, where a lot of people seem to believe that at next month's Singapore meeting, by golly, this time ICANN will really truly open the floodgates and start adding lots of new TLDs. I have my doubts, because there's still significant issues with the GAC and the US Government and ICANN hasn't yet grasped the fact that governments do not defer to NGOs, but let's back up a little and ask whether this is a good idea. I see four arguments in favor of new TLDs:
posted at: 19:19 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/ICANN/boondoggle.trackback 03 Jun 2011
Bitcoin, for anyone who's not up on their techno-trends, is this year's hot trendy digital payment system. Its main claim to fame is that it is peer-to-peer, not depending on a central bank to issue or validate the "coins", actually blobs of cryptographically signed bits. This makes it both fairly anonymous and hard to manipulate (at least in the ways that real money is manipulated), making it a darling of anarcho-libertarians. A lot of people have opined on its merits, most notably this Quora message. I took a look at the design of Bitcoin, which is credited to "Satoshi Nakamoto". Nobody seems to know who he is (or who they are), but he definitely knows his crypto. As a piece of cryptographic software design, it's quite clever. As a system you might want to use to pay for stuff, it's hopeless.posted at: 10:11 :: permanent link to this entry :: 9 comments Trackback link is http://jl.ly/Money/bitcoin.trackback 01 Jun 2011
For many years, the Cornell Legal Information Institute (LII) has been a premier source of reference information about laws in the US and elsewhere. It's been around so long that in its early days, they wrote the first Windows web browser, Cello, so non-Unix users could get to the site. One day last year, LII director Tom Bruce and I were talking over breakfast, and noted that there was no authoritative online source of legal information about spam and e-mail, something that the LII and CAUCE are, together, uniquely qualified to create. The Inbox Project is a new section of the LII web site, meeting that need.posted at: 23:00 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/inbox.trackback 15 May 2011
posted at: 21:27 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Internet/ipmoney.trackback 28 Apr 2011
It's been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events sugests all the ESPs whose clients were compromised were themselves compromised first. (That's how the crooks knew who to attack.) The Online Trust Alliance published some guidelines, that offer mostly good advice. So what should ESPs do now?posted at: 12:41 :: permanent link to this entry :: 1 comments Trackback link is http://jl.ly/Email/espnext.trackback 21 Apr 2011
posted at: 17:52 :: permanent link to this entry :: 1 comments Trackback link is http://jl.ly/Email/emailvis.trackback 19 Apr 2011
When last we saw the Holomaxx case, in which a bulk mailer in Pennsylvania sued Microsoft and Yahoo in separate cases for not delivering their mail on the legally absurd theory that Microsoft and Yahoo are required to deliver mail from random spammers who claim to be CAN SPAM compliant, the judge threw the case out, but gave them the option to amend their complaint and try again. They've refiled against Yahoo, with the main difference being that they added out of context quotations from a MAAWG document that doesn't say what Holomaxx wishes that it said. At this point, the main question is how much more of his time the judge will allow them to waste before he shuts them down for good. Word to the Wise has a more detailed analysis and a link to the amended complaint. posted at: 21:20 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/holo4.trackback
posted at: 10:17 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/Email/chspam.trackback 07 Apr 2011
posted at: 23:12 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/Email/linkspam.trackback 03 Apr 2011
I didn't get to the San Francisico ICANN meeting, but my friend J.D. Falk did. Don't miss Impenetrable Processes and Fool's Gold at ICANN, his report of what he found there. posted at: 16:25 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/ICANN/jdsf.trackback 24 Mar 2011
posted at: 09:57 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Copyright_Law/googrej.trackback 19 Mar 2011
posted at: 01:40 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/ICANN/xxx11.trackback 05 Mar 2011
posted at: 11:56 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/Internet/anony.trackback 02 Mar 2011
In two previous messages we looked at the question of how hard it will be to get IPv4 address space once the original supply runs out, and how much v4 address space people really need. Today we look at e-mail and IPv6. Of all the applications on the net, mail is probably the one that is least affected by NAT, and will be the least affected by running out of v4 addresses. For one thing, mail doesn't need a whole lot of IP addresses. You can easily put 10,000 users behind mail servers on a single IP, and even a giant mail system is unlikely to need more than a few hundred IPs. (For example, all of Hotmail's inbound servers sit behind 24 IPs.) So even if you had to go buy addresses for your v4 mail servers, you wouldn't have to buy very many.posted at: 18:45 :: permanent link to this entry :: 7 comments Trackback link is http://jl.ly/Internet/v6incor3.trackback 13 Feb 2011
For a very long time, predating the birth of ICANN, there's been a running battle about what should be required when one registers domain names. To oversimplify quite a lot, one side sees domain names as an essential component of free speech, so anyone should be able to register any domain without limit, the other notes that they're primarily used for commercial purposes and they enable quite a lot of mischief, so the more control, the better. This has led to endless skirmishes about the WHOIS service, one side wanting to abolish it or make it as hard as possible to get info about registrants, the other wanting ICANN to enforce the widely ignored rules that every domain is supposed to have accurate contact info. Back in 1995, before the current shape of the net was clear, the domains as speech argument sort of made sense. It wasn't clear how dominant the web would be, and search engines weren't widely available, so many people still thought that the DNS would be used as the Internet's directory, an approach that top-level domains like .MUSEUM and .TRAVEL tried with a total lack of success. But it's not 1995 any more.posted at: 00:47 :: permanent link to this entry :: 3 comments Trackback link is http://jl.ly/ICANN/not95.trackback 12 Jan 2011
posted at: 21:56 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/spamford2.trackback 09 Jan 2011
Every day we get mail with text like this at the bottom: This E-mail and any of its attachments may contain [big company] proprietary information, which is privileged, confidential, or subject to copyright belonging to [big company]. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.Why do people put those tags on their mail? And do they mean anything? I can't answer the first question, but the answer to the second is definitely No. posted at: 11:00 :: permanent link to this entry :: 2 comments Trackback link is http://jl.ly/Internet/confid.trackback 08 Jan 2011
On Dec 23, Yahoo responded to the silly Holomaxx lawsuit. Their analysis agrees with mine: every claim is wrong, and the suit has no merit at all. This doesn't mean that I'm a brilliant legal analyst. It just means that the issues are obvious. Laura at Word to the Wise goes through the response and we all agree, they have no case. posted at: 19:38 :: permanent link to this entry :: 0 comments Trackback link is http://jl.ly/Email/holohoo.trackback 03 Jan 2011
posted at: 21:19 :: permanent link to this entry :: 1 comments Trackback link is http://jl.ly/Email/divorcemail.trackback |
Topics
My other sitesOther blogsCAUCE A keen grasp of the obvious Related sitesCoalition Against Unsolicited Commercial E-mail
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
© 2005-2013 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will
not give, sell, or otherwise transfer addresses maintained by this
website to any other party for the purposes of initiating, or enabling
others to initiate, electronic mail messages.
![[Valid RSS]](http://www.taugh.com/valid-rss.png "Validate my RSS feed"){kind=small}