Internet and e-mail policy and practice
including Notes on Internet E-mail


2014
Months
Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home

31 Dec 2014

Spamhaus tells us that botnets are getting worse Internet
The Spamhaus Project just published a long article about the botnets they've been watching during 2014. As this chart shows, we're not making any progress. (Yellow bars are bot controllers on compromised hosts, red bars are dedicated controllers.)

See more ...


posted at: 18:07 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/sh2014.html

30 Dec 2014

Dave Crocker and I try and figure out if we've solved the spam problem yet. Email

Dave Crocker, author of many of the standards documents that e-mail depends on, and I were at the M3AAWG meeting in Brussels in June when they asked us to step into an impromptu video studio and talk about how e-mail has changed over the past several decades, and whether we're winning the war on spam.

If you want to skip the muzak in the intro, we start talking at :48.


posted at: 21:37 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/m3aawgvideo.html

17 Dec 2014

Thirty-three million and counting ICANN
Two weeks ago I
blogged about ICANN's astonishingly lucrative domain auctions. At that time, they'd raised $26.7 million. Now, two auctions later, they're up to about $33 million.

See more ...


posted at: 22:37 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/ICANN/33mil.html

What would you do with $50 million? ICANN
ICANN got over 1900 applications for new TLDs, and several hundred of those applications were from different people who wanted the same names. Since everything about the new TLDs is complicated, the rules for handling name conflicts are complicated.

See more ...


posted at: 22:36 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/50mil.html

13 Dec 2014

Can big companies stop being hacked? Internet

The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations.

Systems are so complex that nobody understands them

This week
Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? No, they were doing exactly what they'd been programmed to do.

See more ...


posted at: 16:00 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/hopeless.html

10 Dec 2014

No ICANN transition until 2017, and probably not then either ICANN

The current US Congress isn't very good at getting things done, which means that they delay even their most essential activities to the last minute. One of the more essential of their activities is appropriating the money to run the government, so in keeping with recent practice, a continuing resolution to fund the government through next year was published yesterday (Tuesday), two full days before the previous resolution runs out and the government would shut down.

Congressmen often attach riders to these "must pass" bills that they could never pass separately. This resolution has a rider on page 214 that says:

(a) None of the funds made available by this Act may be used to relinquish the responsibility of the National Telecommunications and Information Administration during fiscal year 2015 with respect to Internet domain name system functions, including responsibility with respect to the authoritative root zone file and the Internet Assigned Numbers Authority functions.
(b) Subsection (a) of this section shall expire on September 30, 2015.
Some observers have argued that this is no big deal, the transition probably wouldn't be ready until next September anyway, it can go ahead then. They are wrong. It will be a long, long time until the NTIA lets go of ICANN.

See more ...


posted at: 23:14 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/trans2017.html

13 Nov 2014

Does spam filtering require insecure mail? Email
A
press release from the EFF complains that some Internet service providers are preventing their users from sending mail over a private encrypted channel, which is bad. While a few ISPs do that, the story is more complex.

See more ...


posted at: 00:01 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/tlsfilter.html

31 Oct 2014

Different kinds of spam Email

Someone was asking who has the largest set of spamtraps; I opined that nobody knows, since the people will the biggest ones don't discuss the details. Also, it's not a very useful metric. There are spammers who only send to specific large ISPS, so, say, Google would know all about them, and other people wouldn't see them at all.

Also, different kinds of spamtraps get different kinds of spam. I have three general kinds:

  • Addresses that were never valid, typically invented by broken scrapeware that grabbed message IDs or mangled addresses from web sites
  • Abandoned addresses and domains, that may have been valid a decade or more ago, but only get spam now
  • A depressingly large number of addresses given to well-known companies who then leaked them to spammers.

I also get a fair amount to real addresses that aren't spamtraps, but that are caught by filters or by hand.

I haven't analyzed the spam profiles in detail but they're clearly different. For example, one ESP doesn't appear on most people's spam radar, but they send me a great deal of spam (relative to my overall modest volume.) That appears to be because they have a lot of poor quality lists with repurposed addresses, from senders booted from more selective ESPs, and they're constantly hitting role addresses that aren't spamtraps, but should never be on anyone's lists.


posted at: 00:03 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/spamflavor.html

13 Oct 2014

ICANN WHOIS Compliance -- legend or myth? ICANN

Every once in a while, when I come across a domain whose WHOIS is particularly bad, I send it in to ICANN's WDPRS reporting system. So here is the entire entry for the domain ename.net:

Domain Name : ename.net
Registrant :
kongdejing
Domain Name Server :
dns1.iidns.com
dns2.iidns.com
dns3.iidns.com
dns4.iidns.com
dns5.iidns.com
dns6.iidns.com
查看完整whois请到:http://whois.ename.net/ename.net
For more information,please go to: http://whois.ename.net/ename.net
(If you visit that web site, it's not much more informative, other than saying that the registrant is ENAME TECHNOLOGY CO., LTD.)

See more ...


posted at: 15:18 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/ICANN/ename.html

11 Oct 2014

Now there's a business opportunity ICANN

I see that Afilias has reserved SLAVE.BLACK as a premium domain, presumably to be auctioned to the highest bidder. I'm trying to figure out what the business model is.

(Some names, including a lot of offensive words, are permanently reserved by ICANN, but this isn't one of them.)

Domain Name:SLAVE.BLACK
Domain ID: D53146846-LRMS
Creation Date: 2014-07-17T15:32:41Z
Updated Date: 2014-09-15T20:32:11Z
Registry Expiry Date: 2015-07-17T15:32:41Z
Sponsoring Registrar:Afilias (R720-LRMS)
Sponsoring Registrar IANA ID: 9999
WHOIS Server:
Referral URL:
Domain Status: inactive
Registrant ID:BLACK-Premium
Registrant Name:Afilias Limited
Registrant Organization:Afilias Limited
Registrant Street: 2 La Touche House
Registrant Street: IFSC
Registrant City:Dublin
Registrant State/Province:n/a
Registrant Postal Code:n/a
Registrant Country:IE
Registrant Phone:+1.2157065700
Registrant Phone Ext:
Registrant Fax: +1.2157065701
Registrant Fax Ext:
Registrant Email:support@afilias.info

posted at: 13:47 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/ICANN/blkopp.html

08 Oct 2014

How can we do spam filtering on mail we can't read? Email
For reasons that should be obvious, a lot of people are thinking about ways to make e-mail more secure, and harder to spy on. The most likely scenario is an improved version of PGP or S/MIME, two existing encrypted mail systems, that let people publish their encryption key, which correspondents use to encrypt mail so that only the recipient can read it. While this is a significant improvement in privacy, it has the problem that spam filters at the ISP can't read the mail either.

See more ...


posted at: 23:36 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/cryptospam.html

10 Sep 2014

The replacement for WHOIS is surprisingly close ICANN
About a year ago I
blogged about the IETF WEIRDS working group which was working on a more modern replacement for the hoary WHOIS service. At the time I said it was making surprising progress. Perhaps less surprisingly, the progress has been quite slow, but WEIRDS seems to be close to finishing its work.

See more ...


posted at: 14:20 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/ICANN/weirds14.html

31 Jul 2014

More on Why Iran is not going to lose the .IR domain ICANN
Earlier this month I wrote about some
ill considered legal moves by an attorney who imagined that ICANN could be forced to turn over the .IR domain in a long running case against the Iranian government.

See more ...


posted at: 00:49 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/irtld2.html

16 Jul 2014

The mail forwarding threat model Email
The recent
DMARC kerfluffle has brought new attention to mail forwarders that send mail on behalf of other people. We've been giving a lot of thought to ways to tell nice forwarders from nasty ones, so that mail systems can deliver mail from the nice ones and filter the nasty ones. It occurs to me that there are several scenarios for the way that forwarders work, so I've collected them in a little chart.

See more ...


posted at: 19:43 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/fwdthreat.html

06 Jul 2014

Why Iran is not going to lose the .IR domain ICANN

Press reports say:

A United States court on Tuesday effectively awarded a group of American and Israeli victims of Iranian terror the rights to the .ir domain, the suffix used to identify Iranian websites, along with all of Iran's IP addresses.
While the court and the lawsuit are real, it is extremely unlikely that .IR is going anywhere.

See more ...


posted at: 17:15 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/irtld.html

26 Jun 2014

What the Aereo decision actually said Copyright Law

Aereo is (was?) a system with a large array of tiny TV antennas, each of which is assigned to a customer who can pick a channel and record it on a remote DVR system and/or stream it through the Internet. TV networks claimed they had to pay for retransmission like a CATV system. The Supreme Court decided yesterday in the networks' favor.

I'm not a constitutional law scholar, but I play one on the net, so ...

See more ...


posted at: 22:02 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/Copyright_Law/aereo.html

03 Jun 2014

Dealing with DMARC Email

DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has From: addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's own mail systems. If the mail is phish or spam, that's good, but when it's mailing lists or a newspaper's mail-an-article, it's no so good.

The mailing list community has been gnashing its teeth for the past month trying to figure out the least bad ways to deal with the problem.

To keep track of all the ways of avoiding or limiting the damage, I've made a page on the ASRG wiki. (The ASRG is gone, but the wiki lives on.)

If I've missed anything, let me know and I'll update it.


posted at: 23:26 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/undmarc.html

24 May 2014

Why do we accept $10 security on $1,000,000 data? Internet

Last week we heard of yet another egregious security breach at an online provider, as crooks made off with the names, address, and birth dates of eBay users, along with encrypted passwords. They suggest you change your password, which is likely a good idea, and you better also change every other place you used the same password. But that's not much help since you can't change your name, address, and birth date, which are ever so handy for phishing and identity theft.

There is plenty not to like about the way that eBay handled it, but a more important question is why we tolerate big allegedly sophisticated companies treating our personal information so casually.

See more ...


posted at: 23:06 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/Internet/badsec.html

17 May 2014

AOL has a security hole, and it's our problem Email
Two weeks ago I wrote about
Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty.

See more ...


posted at: 17:31 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/Email/aoldmarc.html

28 Apr 2014

A helpful tip for AOL users Email
AOL finally
confirmed today that crooks have stolen credentials and address books from some large number of AOL users. (They say 2%, but that's only the ones they know about so far.) So we suggest you take some routine security precautions.

See more ...


posted at: 21:57 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/aolchange.html

19 Apr 2014

Open Source software is the worst kind except for all of the others Internet

Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd.

A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. The problem is that writing and testing cryptographic software is really, really hard.

See more ...


posted at: 09:45 :: permanent link to this entry :: 3 comments
Stable link is https://jl.ly/Internet/openssl.html

The Authors Guild Enters a Parallel Reality Copyright Law

I used to say to our audiences: "It is difficult to get a man to understand something when his salary depends on his not understanding it!"
- Upton Sinclair, I, Candidate for Governor: And how I Got Licked, (1935), p. 109
In November, the Authors Guild suffered a
crushing defeat in their long running suit against Google's book scanning project, with a broad decision agreeing with Google that the scans are protected by fair use. Not surprisingly, they're making a last ditch appeal to the Second Circuit. While I see no realistic chance of them winning, not least because Judge Chin who wrote that decision is now a well respected member of the court to which they are appealing, it's always interesting to see how they think they'll get the court to reverse. Having read their brief, all I can say is, it's really strange.

See more ...


posted at: 09:44 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Copyright_Law/agaltrel.html

07 Apr 2014

Yahoo addresses a security problem by breaking every mailing list in the world Email
DMARC is what one might call an emerging e-mail security scheme. It's emerging pretty fast, since many of the largest mail systems in the world have already implemented it, including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo.

See more ...


posted at: 21:21 :: permanent link to this entry :: 9 comments
Stable link is https://jl.ly/Email/yahoobomb.html

26 Mar 2014

A little whois help ICANN
For a long time, the easiest way to look up the WHOIS information for a domain has been to use whois-servers.net, which has kept a list of a lot of WHOIS servers that you can look up in the DNS. To look up something in, say blah.tld you point your WHOIS program at blah.whois-servers.net. Many open source WHOIS clients will do that automatically, or with a flag. But with all the new TLDs added every week, they're falling behind.

See more ...


posted at: 00:08 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/ICANN/wsspam.html

19 Mar 2014

New TLD update ICANN
Here's a chart showing the ten largest new TLDs and the number of domains in each one, going back five days. It's updated every day around 3 AM New York time, so visit early and often.

See more ...


posted at: 23:07 :: permanent link to this entry :: 6 comments
Stable link is https://jl.ly/ICANN/newchart.html

16 Mar 2014

How are ICANN's new TLDs doing? ICANN
ICANN has now accepted several hundred new top level domains (TLDs) and some of them are now open for general registration. I have sized up for zone file access, so I can download daily snapshots of most of the active zones, and I'm making daily counts of the number of names in each zone.

See more ...


posted at: 13:52 :: permanent link to this entry :: 2 comments
Stable link is https://jl.ly/ICANN/newsize.html

15 Mar 2014

The Name Collision Conference Internet
Earlier this week Verisign sponsored a two day conference on name collisions in the DNS. Despite the very short time frame in which it was organized, only a month from announcement to meeting, there were some very good presentations. I'll just hit some highlights here; all of the papers and slides are on their web site at
namecollisions.net.

See more ...


posted at: 13:06 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/collide.html

08 Mar 2014

Peter Pan Coin Money

Code is Law - Larry Lessig
MtGox finally collapsed, although for a reason I didn't anticipate: software bugs. Something called "transaction malleability" allowed crooked MtGox users to trick MtGox into believing that their withdrawals hadn't worked, so MtGox reissued them. This continued over about three years, during which time the crooks stole about 700,000 bitcoins from the wallet where MtGox kept most of its customers' deposits without them noticing.

See more ...


posted at: 16:30 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Money/bitfatal.html

31 Jan 2014

A Cross of Bitcoins Money
One of the great divisions in the US (it's #2, with #1 being slavery and race) is between the creditor class, historically eastern bankers and industrialists, and the debtor class, historically western farmers. The creditors want hard money, no inflation, and preferably deflation. The debtors want cheap money, to make it easier to pay their loans.

See more ...


posted at: 22:51 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Money/bitcross.html

23 Jan 2014

Fine grained mail filtering with IPv6 Email

One of the hottest topics in the email biz these days (insofar as any topic is hot) is how we will deal with mail on IPv6 networks. On existing IPv4 networks, one of the most effective anti-spam techniques is DNSBLs, blackists (or blocklists) that list IP addresses that send only or mostly spam, or whose owners have stated that they shouldn't be sending mail at all. DNSBLs are among the cheapest of anti-spam techniques since they can be applied to incoming mail connections without having to receive or filter spam. On my system about 85% of incoming IPv4 mail connections are handled by DNSBLS, and I gather that number is pretty typical.

On IPv6, DNSBLs can't work the same way.

See more ...


posted at: 00:22 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/v6fun.html

01 Jan 2014

A few more thoughts on Bitcoin Money

In no parrticular order:

Anonymous frictionless transactions are not new and are not very interesting

See more ...


posted at: 20:40 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Money/bitmore.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
The Criminals Behind WannaCry
162 days ago

A keen grasp of the obvious
Live from the collander-cam
63 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2015 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.