Internet and e-mail policy and practice
including Notes on Internet E-mail


2016
Months
Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home

20 Dec 2016

DMARC and message wrapping Email

I have groused at length about the damage that anti-phishing technique DMARC does to e-mail discussion lists. For at least two years list managers and list software developers have been trying to figure out what to do about it. The group that brought us DMARC is working on an un-DMARC-ing scheme called ARC, which will likely help somewhat, but ARC isn't ready yet, and due to ARC's complexity it's likely that there will be many medium or small mail systems that enforce DMARC and can't or won't use ARC.

The Internet Engineering Task Force, which writes technical standards for the Internet, works primarily through discussion lists, and the pain from DMARC has gotten to the point where we may do something about it. So we've been doing some experiments.

See more ...


posted at: 00:03 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/wrapme.html

30 Sep 2016

One-click unsubscription Email

Unsubscribing from mailing lists is hard. How many times have you seen a message "please remove me from this list," followed by two or three more pointing out that the instructions are in the footer of every message, followed by three or four more asking people to not send their replies to the whole list (all sent to the whole list, of course,) perhaps with a final message by the list manager saying she's dealt with it?

For marketing broadcast lists, it's even worse because there's no list to write to. Messages are supposed to have an unsubscribe link (required by law in most places) which usually works except when it doesn't, or it leads to a web page making incomprehensible demands ("click here unless you want not to be removed only from this sender's mail") so for a lot of users it's easier just to click the junk button until the messages go away.

See more ...


posted at: 14:03 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/oneclick.html

20 Sep 2016

The kindness of strangers, or not Email

A few days ago I was startled to get an anti-spam challenge from an Earthlink user, to whom I had not written. Challenges are a WKBA (well known bad idea) which I thought had been stamped out, but apparently not.

The plan of challenges seems simple enough; they demand that the sender does something to prove he's human that a spammer is unlikely to do. The simplest ones just ask you to respond to the challenge, the worse ones like this one have a variety of complicated hoops they expect you to jump through.

What this does, of course, is to outsource the management of your mailbox to people who probably do not share your interests.

See more ...


posted at: 14:38 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/badchallenge.html

05 Sep 2016

An e-mail authorization cheat sheet Email

A friend (really) asked for advice about what to say about mail authorization to people setting up new mail systems, particularly in parts of the world where networks are relatively new and staff less experienced.

Phish targets

The first question is are you a phish target? There's two parts to this question.

See more ...


posted at: 15:17 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Email/authcheat.html

31 Jul 2016

Almost free domains for almost everyone ICANN
The latest ICANN domain auction brought the auction proceeds piggy bank to about $240 million. The application fees for the new gTLD round were $361 million of which, at the
end of March, they'd spent $227 million, and their very conservative estimate is that at the end of the process they'll have spent $289 million. If you add the numbers from the private auctions to the ones for the ICANN auctions, it's as much or more than the application costs. These suggest a much better way to pay for the next round.

See more ...


posted at: 13:10 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/cheapauction.html

29 Jul 2016

Holy Petunias! Auction for .web ends at $135 million ICANN

Domain Name Wire is reporting that the the winning bid in the auction for .WEB was $135,000,000.

Assuming they're right (which they probably are,) that brings the total web auction piggy bank to over $230 million, more than twice what it was two days ago.

At the Helsinki meeting there was already a lot of interest in the process to decide how the money is distributed, but now there'll be twice as much.


posted at: 11:31 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/holypetunias.html

23 Jul 2016

It's auction time again ICANN

This week ICANN will auction off .WEB or .WEBS. There are seven live applications for .WEB and one for .WEBS.

The string contention process decided that the two names are so similar that they'll only assign one of them, so all eight applications are in one auction. (The same string contention process decided that .ACCOUNTANT and .ACCOUNTANTS are both allowed, as are .AUTO and .AUTOS and .BM and .BMS and .COUPON and .COUPONS and .FAN and .FANS and .GIFT and .GIFTS and .LOAN and .LOANS and .ML and .MLS and .NEW and .NEWS and .REVIEW and .REVIEWS and .SA and .SAS and .SB and .SBS and .TV and .TVS and .WATCH and .WATCHES and .WORK and .WORKS, but I guess the Web is special.)

There are some deep pocketed bidders in this round including Google, Donuts, web.com which owns Network Solutions and a lot of other web properties, and Schlund which owns the largest web hoster 1&1. Google paid $25 million for .APP and GMO paid $41 million for .SHOP. It's hard to see how .WEB would be worth less than either of those unless bidder fatigue sets in.

So stay tuned and we'll shortly know how much more will be added to the $104 million already in the Giant Pile of Auction Money.


posted at: 12:38 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/webauc.html

10 Jun 2016

Do you know who your registrar is? ICANN

A guy I know passed along this e-mail sent to one of his customers. They assumed it was a phish, since they didn't recognize the domain name in the link, but couldn't figure out what the goal of the phish was.

They even checked the list of ICANN registrars, and nope, registrar.eu wasn't on the list.

Nonetheless, this mail was real, and if the recipient had ignored it, his domain would have been suspended. What's going on?

Dear domain name owner,
*Your action is required to prevent domain suspension*
This verification e-mail is triggered because your e-mail address is used in the owner contact of
a domain registration and this e-mail address was not verified before or we have received
information that this e-mail address might not be in use anymore.
As we did not receive affirmative response on our last e-mail, we send you a final reminder.
Please note that your domain name(s) may be suspended if the e-mail address is not confirmed.  The
domain name registration policy of ICANN requires that a valid and working e-mail address is
provided with each domain registration.
To verify this requirement, we kindly request you to confirm the accuracy of your e-mail address
by clicking the link below:
 http://icann-verification.registrar.eu/?email=xxx@yyy&authCode=123456

See more ...


posted at: 23:48 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/regmail.html

02 May 2016

Are blockchains the most expensive database ever invented? Money
One of the oft-made claims about Bitcoin and its blockchain transaction ledger is that they make transactions really cheap, so you can pay someone anywhere in the world for free, or close to it. But when you look closer, is that really true? Not by a long shot.

See more ...


posted at: 14:22 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Money/bitexpensive.html

02 Mar 2016

Three reasons why Apple didn't have to unlock a phone Internet

The US government is demanding Apple unlock iPhones in about a dozen cases beside the San Bernardino one. In a strikingly similar case, Judge James Orenstein in Brooklyn rejected the government's request for three separate reasons. In the decision the judge refers several times to the San Bernardino case, and it is clear he expects this decision to be an important precedent for that one.

In June 2014 the government arrested Jun Feng in Queens NY on drug charges and confiscated his iPhone 5S. Over a year later, in July 2015 got a warrant to search the phone and found that it was locked. In October they filed a proposed order under the 1789 All Writs Act (AWA) to have Apple unlock the phone. It appears that Apple initially cooperated and suggested some of the language in the proposed order, but if so they changed their minds and opposed it.

See more ...


posted at: 11:51 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/nyapple.html

28 Jan 2016

Now we're talking about some serious money ICANN

ICANN has now published the results of the auction for .SHOP, an eye-popping $41,501,000.

This pushes the ICANN's auction pot over $100 million. That's a lot of money. There are eighteen more name contention sets that are on hold for various reasons, of which a few such as .WEB look likely to generate even more money once the hold issues are resolved.

See more ...


posted at: 11:37 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/ICANN/100mil.html

02 Jan 2016

A free DNS conformance test suite Internet
The Domain Name System is now over 25 years old. Since the publication of RFCs 1034 and 1035 in 1987, there have been over 100 RFC documents published that extend and clarify the original DNS specs. Although the basic design of the DNS hasn't changed, its definition is now extremely complex, enough so that it's a challenging task to tell whether a DNS package correctly implements the specs.

See more ...


posted at: 22:22 :: permanent link to this entry :: 0 comments
Stable link is https://jl.ly/Internet/dnsconform.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
The Criminals Behind WannaCry
129 days ago

A keen grasp of the obvious
Live from the collander-cam
30 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2015 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.