Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed


02 Dec 2012

Tweeting to raise the dead Email
I have a twitter account that I hardly ever use. I set it up a while ago when I was debugging some tweeting scripts, such as the one that tweets new posts to this blog, and I only use it now on the rare occasions when I change something in the scripts. (Feel free to follow it, but don't hold your breath.) I've turned off all the message options for that account, so I was somewhat surprised to get this:

See more ...

  posted at: 13:01 :: permanent link to this entry :: 2 comments
Stable link is

30 Nov 2012

Verisign dodges a bullet, gets to keep .COM pricing ICANN

According to a filing with the SEC, the Department of Commerce renewed the .COM agreement for six more years.

The renewal was held up until the last minute (the old agreement expires today) due to antitrust concerns, specifcally about pricing. The main change in the new agreement is that Verisign is no longer allowed to increase the price above the existing $7.85, except under some unlikely conditions such as an extremely expensive security problem, or Verisign persuades the government that the .COM domain is no longer dominant.

See more ...

  posted at: 16:56 :: permanent link to this entry :: 0 comments
Stable link is

29 Nov 2012

Making multi-language mail work (Part II) Email
In the
previous installment we looked at the software changes needed for mail servers to handle internationalized mail, generally abbreviated as EAI. When a message arrives, whether ASCII or EAI, mail servers generally drop it into a mailbox and let the user pick it up. The usual ways for mail programs to pick up mail are POP3 and IMAP4.

See more ...

  posted at: 12:18 :: permanent link to this entry :: 0 comments
Stable link is

18 Nov 2012

Making multi-language mail work Email
About a year ago I
blogged about the IETF's developing internationalized e-mail standards, generally abbreviated as EAI. At the IETF meeting a couple of weeks ago, EAI finally wrapped up its work, finishing a few nitpicky but important documents describing the ways that POP and IMAP servers handle mail with non-ASCII addresses and mailboxes. Now that we have the specs, what happens next?

See more ...

  posted at: 08:15 :: permanent link to this entry :: 0 comments
Stable link is

07 Oct 2012

A copycat Canadian privacy suit against Gmail Internet

In July, several people filed attempted class action suits against Google, on the peculiar theory that Gmail was spying on its own users' mail. One of the suits was in Federal court, the other two in California state court, but the complaints were nearly identical so we assume that they're coordinated.

Now we have a similar suit filed in provincial court in British Columbia, Canada.

See more ...

  posted at: 00:48 :: permanent link to this entry :: 1 comments
Stable link is

04 Oct 2012

Publishers settle with Google Copyright Law

Google's book scanning project has been the subject of two long running lawsuits. One of them, from a group of publishers settled today.

Articles in Publisher's Weekly and the New York Times note that although the terms of the settlement are confidential, it's very unlikely that the publishers got much more than what Google already offered.

See more ...

  posted at: 17:57 :: permanent link to this entry :: 0 comments
Stable link is

21 Sep 2012

Unclear on the concept, sanctions edition Internet
United Against Nuclear Iran (UANI) is an advocacy group that, among other things, tries to isolate Iran by pressuring businesses and organizations to stop doing business with Iran. This week they turned their attention to ICANN and RIPE to try to cut off Internet access to Iranian organizations. Regardless of one's opinion about the wisdom of isolating Iran (and opinions are far from uniform), this effort was a bad idea in an impressive number of both technical and political ways.

See more ...

  posted at: 02:23 :: permanent link to this entry :: 1 comments
Stable link is

04 Sep 2012

Bitcoin grows up Money

Bitcoin is still the Net's favorite virtual currency, particularly for people who believe that the gold standard was a good idea. I see that Bitcoin has recently achieved sufficient critical mass to support a classic Ponzi scheme, a guy who promised absurd rates of interest, 7% per week to his "investors", then disappeared with 500,000 of other people's Bitcoins. At the current price of about $10/bitcoin, that's nominally $5 million, but Bitcoin markets are so thin that in practice it's worth a lot less unless he trickles them out over many months.

Given the general level of financial sophistication of Bitcoin users, the real question is why it hasn't happened sooner.

  posted at: 03:53 :: permanent link to this entry :: 0 comments
Stable link is

13 Jul 2012

Update on mail privacy lawsuits Internet
Last week I looked at
a lawsuit filed against Yahoo in Federal court in California, a class action claiming that Yahoo is wiretapping their users' mail, and noted that reports said that two other suits were filed in state court in Marin county.

See more ...

  posted at: 23:19 :: permanent link to this entry :: 0 comments
Stable link is

Silly Bing Internet

Bing is Microsoft's newish search engine, whose name I am reliably informed stands for Bing Is Not Google.

A couple of months ago, as an experiment, I put up a one page link farm at As should be apparent after about three seconds of clicking on the links there, each page has links to 12 other pages, with the page's host name made of three names, like The pages are generated by a small perl script and a database of a thousand first names. All the pages have the same IP address, although there could be about a billion (1000 cubed, since there are three names in each page name) possible domains. I forgot about it until earlier this week, when the disk with my web logs filled up.

See more ...

  posted at: 01:26 :: permanent link to this entry :: 1 comments
Stable link is

10 Jul 2012

Three more ill-advised lawsuits against mail providers Internet

Press reports say that three recently filed lawsuits claim that Google and Yahoo are illegally spying on the incoming mail of their webmail users. Two of the suits, Diamond vs. Google and Sutton et al. vs. Yahoo, are filed in Marin county court, the third, Penkava vs. Yahoo is in Federal court in San Jose.

I only have copies of the Penkava case, since the county court documents aren't online, but according to press reports all three make the same argument that the defendants are spying illegally on incoming mail, under the California Invasion of Privacy Act (CIPA.) So let's see how persuasive Penkava's arguments are.

See more ...

  posted at: 11:26 :: permanent link to this entry :: 2 comments
Stable link is

03 Jul 2012

Of course there will be an auction, part 2 ICANN
A few days ago
I opined that if several people want the same TLD and can't come to terms otherwise, they should arrange a private auction. It would be an odd sort of auction, since the buyers and sellers are the same people, so unlike normal auctions, the goal is not to maximize the selling price. How might it work?

See more ...

  posted at: 01:33 :: permanent link to this entry :: 0 comments
Stable link is

02 Jul 2012

CBC Ideas asks "Where is the Internet?" Internet

Ideas is a consistently interesting program on the CBC. On the June 11th show, host Barbara Nichol asked "Where is the Internet?"

I can say that she's an excellent interviewer because one of the people she interviewed was me. Listen to the show, including quite a lot of that interview, on their web site here.

  posted at: 11:15 :: permanent link to this entry :: 0 comments
Stable link is

01 Jul 2012

Of course there will be an auction ICANN
The process for ICANN's new TLDs says that if there are several equally qualified applicants for a TLD, and they can't agree which one gets it, ICANN will hold an auction to decide. Recently some people
have suggested that the applicants could use a private auction instead. Well, of course. In a situation like this, the question isn't whether there will be an auction, but only who will keep the money.

See more ...

  posted at: 14:32 :: permanent link to this entry :: 1 comments
Stable link is

25 Jun 2012

Domain Registry of America is still at it ICANN

An ICANN-accredited registrar known variously as Domain Registry of America, Domain Registry of Canada, and Brandon James Internet is famous for sending out fake domain renewal notices. They are physically located west of Toronto, not far from the US border. Despite being sanctioned by both the Federal Trade Commission in the US and the Competition Bureau in Canada, they made minor adjustments to the notices, and in the latter case, changed their name, and kept at it.

Someone asked whether they're still sending out fake domain notices. Oh, yes, I have a stack of them about 10cm (that's four inches in the US) high. Click on the image to see the three that arrived in today's mail.

I have long said that something is deeply broken in ICANN's registration accreditation agreement and compliance process if they permit these scammers to continue for a decade under ICANN's nose. That hasn't changed either.

  posted at: 19:54 :: permanent link to this entry :: 2 comments
Stable link is

Free Money: the Christmas Update Money

It's coming up on the date when I'll pay back my first $10K loan of free money, so what did my pals at Capital One do? Send me a stern note saying I'm misusing the checks? Cut my credit limit? Heck, no, they sent me a little booklet with more no-fee checks so I can keep going at least through March.

Someone noted that I am not their target demographic. I guess not. Perhaps I should call up and ask for a larger credit line, anyway.

  posted at: 19:32 :: permanent link to this entry :: 1 comments
Stable link is

Free money update Money
A few weeks ago
I blogged about some credit card checks that Capital One sent, with terms that appeared to offer free money. I wrote myself a check for ten grand, and deposited it in the bank to see what would happen.

See more ...

  posted at: 19:32 :: permanent link to this entry :: 6 comments
Stable link is

Google Booze? Internet
While flipping through the pile of advertising flyers that arrived with today's paper, I came across this one:

See more ...

  posted at: 19:30 :: permanent link to this entry :: 0 comments
Stable link is

IPV4 is no longer available in New York Internet
You knew this was going to happen, but I bet you didn't expect it quite so soon:

See more ...

  posted at: 19:27 :: permanent link to this entry :: 2 comments
Stable link is

22 Jun 2012

On search neutrality Internet

In recent months there's been a robust and apparently well-funded debate about the legal status of search engine results, in particular Google's search results. On Tuesday, Tim Wu, a well-known law professor at Columbia weighed in with an op-ed in the New York Times, arguing that it's silly to claim that computer software has free speech rights. Back in April, equally famous UCLA professor Eugene Volokh published a paper, funded by Google, that came to the opposite conclusion, that in some cases they do. (Personally, I think they do to the extent the results reflect the intentions of the humans who wrote the code.)

The reason this is a hot topic, of course, is because some people whose web sites don't appear as high as they'd like in search results think it's a monopolistic plot against them, and Google should be required to present search results in a neutral way. It might be, but more likely it's not, and the cure would be far worse than the problem.

See more ...

  posted at: 00:31 :: permanent link to this entry :: 0 comments
Stable link is

16 Jun 2012

White paper on the design of the domain name system Internet

Last summer I did an eight part series on the design of the DNS. Since people still seem to be interested in it, I collected them into a white paper that you can more easily archive and print.

  posted at: 21:51 :: permanent link to this entry :: 0 comments
Stable link is

13 Jun 2012

Wow, that's a lot of applications ICANN
ICANN unveiled
all the applications for new top level domains today, all 1,930 of them. Most of them were fairly predictable, big companies applying for their own names like .IBM, .DUPONT, .AUDI, and .HSBC. The most applications for the same name were 13 for .APP, 11 for .INC and .HOME, 10 for .ART, 9 for .SHOP, .LLC, .BOOK, and .BLOG. None of those claim community support so they'll have to slug it out in the contention process.

See more ...

  posted at: 15:39 :: permanent link to this entry :: 0 comments
Stable link is

07 Jun 2012

IPv6 in the wild Internet

Although I'm sceptical that IPv6 will have any practical use in e-mail in the forseeable future, it makes plenty of sense for web sites. The web browsers on mobile phones are likely to have direct v6 connections, but NAT or proxies for IPv4, so web sites can work better if they're available on IPv6. Since it makes no difference at all for mail, my advice is to work on v6 for your web sites and forget it for mail. (If you run a large ISP, IPv6 makes sense for internal POP, IMAP, and SUBMIT servers, but if you run a large ISP, you already knew that.)

Taking my own advice, this blog has been available via IPv6 for the better part of a year. Did anyone notice?

  posted at: 05:32 :: permanent link to this entry :: 2 comments
Stable link is

25 May 2012

Running DNSBLs in an IPv6 world Email

DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have gathered a great deal of expertise running them. Over the next decade or two mail will probably move to IPv6. How will running IPv6 DNSBLs differ from IPv4? There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make some extrapolations from the IPv4 experience. Existing IPv4 DNSBLs tend to fall into three categories, exemplified by the Spamhaus SBL, PBL, and XBL.

The PBL (Policy Block List) includes ranges of addresses that shouldn't be sending mail directly, either because they're retail customers who are supposed to use their providers' mail servers, or they're assigned to equipment that should send no mail at all. Each entry is a range of addresses. List maintenance is manual; network managers can and often do add ranges of their own addresses, and Spamhaus adds ranges that they've determined are appropriate. In some cases, it's possible to de-list an individual address to poke a hole in a PBL range and allow mail out.

The SBL is managed manually, and lists ranges of IP addresses that based on historical evidence are likely to send predominantly or entirely spam. Some SBL entries are single IP addresses, while others list entire networks that are controlled by criminals.

The XBL lists individual IP addresses of hosts that have been observed sending 'bot spam or other mechanical indications that they are likely to send spam but no legitimate mail. Listings are added automatically, and are removed automatically some time after the IP stops sending spam. It's usually possible to remove an entry manually, although not an unlimited number of times.

How do these map into a world of IPv6 mail?

See more ...

  posted at: 16:55 :: permanent link to this entry :: 2 comments
Stable link is

02 May 2012

Brian McDaid of Sili Neutraceuticals sentenced to prison Email
This morning I was in federal court in Philadelphia before Judge Stewart R. Dalzell for what is probably the last chapter of the Sili Neutraceuticals story. Brian McDaid was a chiropractor who ran an affiliate spam scheme in 2005-2006 for Hoodia and other weight loss nostrums.

See more ...

  posted at: 12:50 :: permanent link to this entry :: 1 comments
Stable link is

31 Mar 2012

IPv6 DNS blacklists reconsidered Email

I opined about a year ago that DNS blacklists wouldn't work for mail that runs over IPv6 rather than IPv4. The reason is that IPv6 has such a huge range of addresses that spammers can easily send every message from a unique IP address, which means that recipient systems will fire off a unique set of DNSBL queries for every message, which will swamp DNS caches, since they won't be able to reuse cached results from previous queries like they can for IPv4 mail.

Now I'm much less sure this will be a problem, because it's not clear that DNSBL results benefit from caches now.

See more ...

  posted at: 16:01 :: permanent link to this entry :: 2 comments
Stable link is

05 Mar 2012

Forwarding mail for your users Email

Courtesy forwards have been a standard feature of e-mail systems about as long as there have been e-mail systems. A user moves or changes jobs or something, and rather than just closing the account, the mail system forwards all the mail to the user's new address. Or a user with multiple addresses forwards them all to one place to be able to read all the mail together. Since forwarding is very cheap, it's quite common for forwards to persist for many years.

Unfortunately, forwarding is yet another thing that spam has screwed up. If you just forward all the mail that arrives at a typical address, most of what you'll be forwarding is spam. From the point of view of the system you're forwarding to, you're the one sending the spam, and they're likely to block you.

Fortuately, there are some ways to mitigate the damage.

See more ...

  posted at: 21:06 :: permanent link to this entry :: 0 comments
Stable link is

18 Feb 2012

How spamtraps work, maybe Email

This, uh, fell off a truck. I cannot vouch for its authenticity.

> Who wants to answer this one?
Oh, what the heck, tell him about it.
::---- snip ----

See more ...

  posted at: 15:15 :: permanent link to this entry :: 1 comments
Stable link is

07 Feb 2012

Phish or Fair? Internet
It shouldn't be a big surprise to hear that phishing is a big problem for banks. Criminals send email pretending to be a bank, and set up web sites that look a lot like a bank. One reason that phishing is possible is that e-mail has no built in security, so that if a mail message comes in purporting to be from, say,, there's no easy way to tell whether the message is really from, or from a crook. Mail authentication schemes like
DKIM and the new group use cryptographic signatures to help authenticate mail and prove that it really is from who it purports to be from. So, if the mail can authenticate the sender, the phishing problem goes away, right?

See more ...

  posted at: 02:36 :: permanent link to this entry :: 1 comments
Stable link is

02 Feb 2012

World notices that Verisign said three months ago that they had a security breach two years ago Internet

The trade press is abuzz today with reports about a security breach at Verisign. While a security breach at the company that runs .COM, .NET, and does the mechanical parts of managing the DNS root is interesting, this shouldn't be news, at least, not now.

Since Verisign is a public company, they file a financial report called a 10-Q with the SEC every quarter. According to the SEC's web site, Verisign filed their 10-Q for June through September 2011 on October 28th. where it's been available to the public ever since.

See more ...

  posted at: 20:45 :: permanent link to this entry :: 1 comments
Stable link is

28 Jan 2012

The state of mail database marketing Email

My mail server has a lot of spamtraps. They come from various sources, but one of the most prolific is bad addresses in personal domains. Several of my users have their own domains, such as my own, in which they use a handful of addresses. Those addresses tend either to be people's first names, for individual mailboxes, or else the names of companies. If I did business with Verizon (which I do not) I might give them an address like All those domains get mail to lots of other addresses, which is 100% spam.

The made up addresses are largely dictionary attacks, which is obvious when I see sequential spam to barry@, betsy@, and bruno@. Some of them are company addresses that leaked to spammers before the companies went out of business years ago. And some are just mysteries.

See more ...

  posted at: 19:48 :: permanent link to this entry :: 0 comments
Stable link is

22 Jan 2012

No, I'm not offering to tune your spam filters for free Email
Fortinet is a security appliance company in California. One of the services they offer to their thousands of customers is spam filtering, nothing odd about that. But I was rather startled to see this block at the top of an otherwise ordinary Russian language spam that arrived here from a poorly secured mail server in Malaysia

See more ...

  posted at: 20:28 :: permanent link to this entry :: 0 comments
Stable link is

08 Jan 2012

Reset, Refresh, Reinfect? Internet
The upcoming Windows 8
will include new features to Reset or Refresh your computer. Reset wipes out your entire disk and restores it to they way it was when the computer was new, Refresh keeps some files and settings, but wipes and restores everything else. Given the propensity of Windows machines to become overrun with malware, rogue toolbars, cramware, and other unwanted annoyances, a way to get rid of it all quickly seems like a great idea. But ...

See more ...

  posted at: 00:47 :: permanent link to this entry :: 0 comments
Stable link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

It turns out you don’t need a license to hunt for spam.
112 days ago

A keen grasp of the obvious
Italian Apple Cake
670 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

My Mastodon feed

© 2005-2024 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.