Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
RSS feed
|
Home
02 Dec 2012
I have a twitter account that I hardly ever use.
I set it up a while ago when I was debugging some
tweeting scripts, such as the one that tweets new posts
to this blog, and I only use it now on the rare occasions
when I change something in the scripts.
(Feel free to follow it, but don't hold your breath.)
I've turned off all the message options for that account,
so I was somewhat surprised to get this:
See more ...
Stable link is https://jl.ly/Email/twitdead.html
30 Nov 2012
According to a
filing
with the SEC, the Department of Commerce renewed the .COM agreement for six more years.
The renewal was held up until the last minute (the old agreement expires today) due
to antitrust concerns, specifcally about pricing. The main change in the new agreement is
that Verisign is no longer allowed to increase the price above the existing $7.85, except
under some unlikely conditions such as an extremely expensive security problem, or
Verisign persuades the government that the .COM domain is no longer dominant.
See more ...
Stable link is https://jl.ly/ICANN/vrsn2012.html
29 Nov 2012
In the
previous installment we looked at
the software changes needed for mail servers to handle internationalized
mail, generally abbreviated as EAI.
When a message arrives, whether ASCII or EAI,
mail servers generally drop it into a mailbox and let the user
pick it up.
The usual ways for mail programs to pick up mail are POP3 and IMAP4.
See more ...
Stable link is https://jl.ly/Email/i18neai2.html
18 Nov 2012
About a year ago I
blogged
about
the IETF's
developing internationalized e-mail standards,
generally abbreviated as EAI.
At the IETF meeting a couple of weeks ago, EAI finally wrapped up its work,
finishing a few nitpicky but important documents describing the ways that
POP and IMAP servers handle mail with non-ASCII addresses and mailboxes.
Now that we have the specs, what happens next?
See more ...
Stable link is https://jl.ly/Email/i18neai.html
07 Oct 2012
In July, several people filed attempted class action
suits against Google,
on the peculiar theory that Gmail was spying on its own users' mail.
One of the suits was in Federal court, the other two in California state court, but
the complaints were nearly identical so we assume that they're coordinated.
Now we have a similar suit
filed in provincial court in British Columbia, Canada.
See more ...
Stable link is https://jl.ly/Internet/cangoog.html
04 Oct 2012
Google's book scanning project has been the subject of two long running lawsuits.
One of them, from a group of publishers settled today.
Articles in
Publisher's Weekly and
the New York Times
note that although the terms of the settlement are confidential, it's very unlikely
that the publishers got much more than what Google already offered.
See more ...
Stable link is https://jl.ly/Copyright_Law/goopub.html
21 Sep 2012
United Against Nuclear Iran (UANI) is an
advocacy group that, among other things, tries to isolate Iran by
pressuring businesses and organizations to stop doing business
with Iran. This week they turned their attention to ICANN and RIPE
to try to cut off Internet access to Iranian organizations. Regardless
of one's opinion about the wisdom of isolating Iran (and opinions
are far from uniform), this effort was a bad idea
in an impressive number of both technical and political ways.
See more ...
Stable link is https://jl.ly/Internet/uani.html
04 Sep 2012
Bitcoin is still the Net's favorite virtual currency, particularly for people
who believe that the gold standard was a good idea.
I see that Bitcoin has recently achieved sufficient critical mass to support
a classic Ponzi
scheme, a guy who promised absurd rates of interest, 7% per week to his "investors",
then disappeared with 500,000 of other people's Bitcoins.
At the current price of about $10/bitcoin, that's nominally $5 million,
but Bitcoin markets are so thin that in practice it's worth a lot less
unless he trickles them out over many months.
Given the general level of financial sophistication of Bitcoin users, the real question is
why it hasn't happened sooner.
Stable link is https://jl.ly/Money/bitcoinscam.html
13 Jul 2012
Last week I looked at a lawsuit filed against
Yahoo in Federal court in California, a class action claiming that Yahoo
is wiretapping their users' mail, and noted that reports said that two
other suits were filed in state court in Marin county.
See more ...
Stable link is https://jl.ly/Internet/sutton.html
Bing is Microsoft's newish search engine, whose name I am reliably
informed stands for Bing Is Not Google.
A couple of months ago, as an experiment, I put up a one page link farm
at wild.web.sp.am.
As should be apparent after about three seconds of clicking on the
links there, each page has links to 12 other pages, with the page's
host name made of three names, like http://aaron.louise.celia.web.sp.am.
The pages are generated by a small perl script and a database of
a thousand first names.
All the pages have the same IP address, although there could be
about a billion (1000 cubed, since there are three names in each
page name) possible domains.
I forgot about it until earlier this week, when the disk with
my web logs filled up.
See more ...
Stable link is https://jl.ly/Internet/sillybing.html
10 Jul 2012
Press reports say that three recently filed lawsuits
claim that Google and Yahoo are illegally spying on
the incoming mail of their webmail users. Two
of the suits, Diamond vs. Google and Sutton et al. vs. Yahoo,
are filed in Marin county court, the third, Penkava vs.
Yahoo is in Federal court in San Jose.
I only have copies of the Penkava case, since the county
court documents aren't online, but
according to press reports all three make the same
argument that the defendants are spying illegally on
incoming mail, under the California Invasion of Privacy
Act (CIPA.) So let's see how persuasive Penkava's
arguments are.
See more ...
Stable link is https://jl.ly/Internet/penkava.html
03 Jul 2012
A few days ago
I opined that if several
people want the same TLD and can't come to terms otherwise,
they should arrange a private auction. It would be an odd
sort of auction, since the buyers and sellers are the same
people, so unlike normal auctions, the goal is not
to maximize the selling price. How might it work?
See more ...
Stable link is https://jl.ly/ICANN/tldauction2.html
02 Jul 2012
Ideas is a consistently interesting program on the CBC.
On the June 11th show, host Barbara Nichol asked "Where is the Internet?"
I can say that she's an excellent interviewer because one of the people
she interviewed was me. Listen to the show, including quite a lot of that interview,
on
their web site here.
Stable link is https://jl.ly/Internet/cbcideas.html
01 Jul 2012
The process for ICANN's new TLDs says that if there are several equally
qualified applicants for a TLD, and they can't agree which one gets it,
ICANN will hold an auction to decide.
Recently some people
have suggested
that the applicants could use a private auction instead.
Well, of course.
In a situation like this, the question isn't whether there will be an auction, but
only who will keep the money.
See more ...
Stable link is https://jl.ly/ICANN/tldauction.html
25 Jun 2012
An ICANN-accredited registrar known variously as Domain
Registry of America, Domain Registry of Canada, and Brandon
James Internet is famous for sending out fake domain renewal
notices. They are physically located west of Toronto, not
far from the US border. Despite being sanctioned by both
the Federal Trade Commission
in the US and the
Competition
Bureau in Canada, they made minor adjustments to the notices, and in the latter case,
changed their name, and kept at it.
Someone asked whether they're still sending out fake domain notices.
Oh, yes, I have a stack of them about 10cm (that's four inches in the US)
high. Click on the image to see the three that arrived in today's mail.
I have long said that something is deeply broken in ICANN's registration
accreditation agreement and compliance process if they permit these
scammers to continue for a decade under ICANN's nose.
That hasn't changed either.
Stable link is https://jl.ly/ICANN/droa.html
It's coming up on the date when I'll pay back my first $10K loan of free
money, so what did my pals at Capital One do? Send me a stern note saying
I'm misusing the checks? Cut my credit limit? Heck, no, they sent me a
little booklet with more no-fee checks so I can keep going at least
through March.
Someone noted that I am not their target demographic. I guess not.
Perhaps I should call up and ask for a larger credit line, anyway.
Stable link is https://jl.ly/Money/freexmas.html
A few weeks ago
I blogged about some credit card
checks that Capital One sent, with terms that appeared to offer free
money.
I wrote myself a check for ten grand, and deposited it in the bank to
see what would happen.
See more ...
Stable link is https://jl.ly/Money/capone3.html
While flipping through the pile of advertising flyers that arrived with today's
paper, I came across this one:
See more ...
Stable link is https://jl.ly/Internet/zagatwine.html
You knew this was going to happen, but I bet you didn't expect
it quite so soon:
See more ...
Stable link is https://jl.ly/Internet/nomorev4.html
22 Jun 2012
In recent months there's been a robust and apparently well-funded debate
about the legal status of search engine results, in particular Google's
search results.
On Tuesday, Tim Wu, a well-known law professor at Columbia weighed in with
an
op-ed in the New York Times, arguing that it's silly to claim that computer software
has free speech rights.
Back in April, equally famous UCLA professor Eugene Volokh published
a paper,
funded by Google, that came to the opposite conclusion, that in some cases they do.
(Personally, I think they do to the extent the results reflect the intentions
of the humans who wrote the code.)
The reason this is a hot topic, of course, is because some people whose
web sites don't appear as high as they'd like in search results think
it's a monopolistic plot against them, and Google should be required
to present search results in a neutral way. It might be, but more likely it's not,
and the cure would be far worse than the problem.
See more ...
Stable link is https://jl.ly/Internet/searchneut.html
16 Jun 2012
Last summer I did an eight part series
on the design of the DNS.
Since people still seem to be interested in it, I collected them
into a white paper
that you can more easily archive and print.
Stable link is https://jl.ly/Internet/designwp.html
13 Jun 2012
ICANN unveiled
all the applications for new top level domains today, all 1,930 of them.
Most of them were fairly predictable, big companies applying for their own names like .IBM,
.DUPONT, .AUDI, and .HSBC.
The most applications for the same name were 13 for .APP, 11 for .INC and .HOME,
10 for .ART, 9 for .SHOP, .LLC, .BOOK, and .BLOG.
None of those claim community support so they'll have to slug it out in the
contention process.
See more ...
Stable link is https://jl.ly/ICANN/lotsa.html
07 Jun 2012
Although I'm sceptical that IPv6 will have any practical use in e-mail in the forseeable future,
it makes plenty of sense for web sites.
The web browsers on mobile phones are likely to have direct v6 connections,
but NAT or proxies for IPv4, so web sites can work better if they're
available on IPv6. Since it makes no difference at all for mail, my
advice is to work on v6 for your web sites and forget it for mail.
(If you run a large ISP, IPv6 makes sense for internal POP, IMAP,
and SUBMIT
servers, but if you run a large ISP, you already knew that.)
Taking my own advice, this blog has been available via IPv6 for
the better part of a year. Did anyone notice?
Stable link is https://jl.ly/Internet/ipv6.html
25 May 2012
DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have
gathered a great deal of expertise running them.
Over the next decade or two mail will probably move to IPv6.
How will running IPv6 DNSBLs differ from IPv4?
There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted
IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make
some extrapolations from the IPv4 experience.
Existing IPv4 DNSBLs tend to fall into three categories, exemplified by the Spamhaus
SBL, PBL, and XBL.
The PBL (Policy Block List) includes ranges of addresses that shouldn't be sending
mail directly, either because they're retail customers who are supposed to use
their providers' mail servers, or they're assigned to equipment that should send
no mail at all.
Each entry is a range of addresses.
List maintenance is manual; network managers can and often do add ranges of their
own addresses, and Spamhaus adds ranges that they've determined are appropriate.
In some cases, it's possible to de-list an individual address to poke a hole in
a PBL range and allow mail out.
The SBL is managed manually, and lists ranges of IP addresses that based on historical
evidence are likely to send predominantly or entirely spam.
Some SBL entries are single IP addresses, while others list entire networks that
are controlled by criminals.
The XBL lists individual IP addresses of hosts that have been observed
sending 'bot spam or other mechanical indications that they are likely to send
spam but no legitimate mail. Listings are added automatically, and are
removed automatically some time after the IP stops sending spam. It's usually
possible to remove an entry manually, although not an unlimited number of times.
How do these map into a world of IPv6 mail?
See more ...
Stable link is https://jl.ly/Email/v6blsrv.html
02 May 2012
This morning I was in federal court in Philadelphia before Judge
Stewart R. Dalzell for what is probably the
last chapter of the Sili Neutraceuticals story.
Brian McDaid was a chiropractor who ran an affiliate spam scheme in 2005-2006
for Hoodia and other weight loss nostrums.
See more ...
Stable link is https://jl.ly/Email/mcdaid.html
31 Mar 2012
I opined about a year ago that DNS blacklists wouldn't work for
mail that runs over IPv6 rather than IPv4.
The reason is that IPv6 has such a huge range of addresses that spammers can easily send
every message from a unique IP address, which means that recipient systems will fire
off a unique set of DNSBL queries for every message, which will swamp DNS caches, since
they won't be able to reuse cached results from previous queries like they can for
IPv4 mail.
Now I'm much less sure this will be a problem, because it's not clear that DNSBL
results benefit from caches now.
See more ...
Stable link is https://jl.ly/Email/v6blre.html
05 Mar 2012
Courtesy forwards have been a standard feature of e-mail systems about
as long as there have been e-mail systems. A user moves or changes jobs
or something, and rather than just closing the account, the mail system
forwards all the mail to the user's new address. Or a user with multiple
addresses forwards them all to one place to be able to read all the
mail together. Since forwarding is very
cheap, it's quite common for forwards to persist for many years.
Unfortunately, forwarding is yet another thing that spam has screwed
up. If you just forward all the mail that arrives at a typical address,
most of what you'll be forwarding is spam.
From the point of view of the system you're forwarding to, you're the one
sending the spam, and they're likely to block you.
Fortuately, there are some ways to mitigate the damage.
See more ...
Stable link is https://jl.ly/Email/forward.html
18 Feb 2012
This, uh, fell off a truck. I cannot vouch for its authenticity.
> Who wants to answer this one?
Oh, what the heck, tell him about it.
::---- snip ----
See more ...
Stable link is https://jl.ly/Email/traps.html
07 Feb 2012
It shouldn't be a big surprise to hear that phishing is a big problem for banks.
Criminals send email pretending to be a bank, and set up web sites that look
a lot like a bank.
One reason that phishing is possible is that e-mail has no built in security,
so that if a mail message comes in purporting to be from, say,
accounts@bankofamerica.com, there's no easy way to tell whether the
message is really from bankofamerica.com, or from a crook.
Mail authentication schemes like DKIM and
the new dmarc.org group use cryptographic
signatures to help authenticate mail and prove that it really is from who
it purports to be from.
So, if the mail can authenticate the sender, the phishing problem goes
away, right?
See more ...
Stable link is https://jl.ly/Internet/porf.html
02 Feb 2012
The trade press
is
abuzz today with reports about a security breach at Verisign. While a security breach
at the company that runs .COM, .NET, and does the mechanical parts of managing the DNS
root is interesting, this shouldn't be news, at least, not now.
Since Verisign is a public company, they file a financial report called a 10-Q with
the SEC every quarter. According to
the
SEC's web site, Verisign filed their 10-Q for June through September 2011 on October 28th.
where it's been available to the public ever since.
See more ...
Stable link is https://jl.ly/Internet/vrsnbreach.html
28 Jan 2012
My mail server has a lot of spamtraps. They come from various sources, but
one of the most prolific is bad addresses in personal domains. Several of
my users have their own domains, such as my own johnlevine.com, in which they
use a handful of addresses. Those addresses tend either to be people's first
names, for individual mailboxes, or else the names of companies. If I did
business with Verizon (which I do not) I might give them an address like
verizon@johnlevine.com.
All those domains get mail to lots of other addresses, which is 100% spam.
The made up addresses are largely dictionary attacks, which is obvious
when I see sequential spam to barry@, betsy@, and bruno@. Some of them
are company addresses that leaked to spammers before the companies went
out of business years ago. And some are just mysteries.
See more ...
Stable link is https://jl.ly/Email/stale.html
22 Jan 2012
Fortinet is a security
appliance company in California. One of the services they offer to their thousands
of customers is spam filtering, nothing odd about that.
But I was rather startled to see this block at the top of an otherwise ordinary
Russian language spam that arrived here from a poorly secured mail server
in Malaysia
See more ...
Stable link is https://jl.ly/Email/fortigard.html
08 Jan 2012
The upcoming Windows 8
will
include
new features to Reset or Refresh your computer.
Reset wipes out your entire disk and restores it to they way it
was when the computer was new, Refresh keeps some files and settings, but
wipes and restores everything else.
Given the propensity of Windows machines to become overrun with malware,
rogue toolbars, cramware, and other unwanted annoyances, a way to get rid
of it all quickly seems like a great idea. But ...
See more ...
Stable link is https://jl.ly/Internet/ms8.html
|
Topics
My other sites
Who is this guy?
Airline ticket info
Taughannock Networks
Other blogs
CAUCE It turns out you don’t need a license to hunt for spam. 206 days ago
A keen grasp of the obvious Italian Apple Cake 764 days ago
Related sites
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse
My
Mastodon feed
|