Featured Blogs


History of SMTP

The following excerpt is from the Free Software Magazine, March 2005 Issue, written by Kirk Strauser. To read the entire article, you may download the magazine here [PDF]. Also thanks to Yakov Shafranovich for making us aware of this publication. "Spam has existed since at least 1978, when an eager DEC sales representative sent an announcement of a product demonstration to a couple hundred recipients. The resulting outcry was sufficient to dissuade most users from repeating the experiment. This changed in the late 1990s: millions of individuals discovered the internet and signed up for inexpensive personal accounts and advertisers found a large and willing audience in this new medium." more

CENTR Statement on IDN Homograph Attacks

Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more

Whither WGIG?

Now, I don't like the word "whither" any more than you do. But this Reuters article was circulating yesterday and it seemed to call for a "whither." It's a short story, so let's do a close reading. "A U.N.-sponsored panel aims to settle a long-running tug of war for control of the Internet by July and propose solutions to problems such as cyber crime and email spam, panel leaders said on Monday." We're going to decide what "internet governance" is by July?  more

Domain Name Dispute Cases Increased by 6.6% in 2004

In its February 18, 2005 press release, WIPO has reported filing an average of 3.4 UDRP and UDRP-based cases per calendar day in 2004, bringing the total number of cases received in 2004 to 1,179 -- an increase of 79 cases (or 6.6%) as compared to 2003. Also mentioned in the report is a 37 percent increase in ccTLDs cases over the previous year. Listed below are a number of additional facts and figures reported... more

Spam Volume Redux

Several anti-spam companies talk about spam volumes in terms of a percentage of all inbound mail. Outsourced anti-spam services such as BlackSpider and Postini are currently quoting spam volumes in the 70%-85% range, having steadily grown over the last two+ years. That's nice, but it's actually hard to grasp what that means in absolute terms. more

IDN Spoofing Solutions With Balance

Last week's tizzy about IDN (Internationalized Domain Name) spoofing was an interesting exercise in watching how people react to the unknown. The nearly-universal response to the problem that had been described in detail many years ago was "turn off IDNs" instead of "assume that the people who created IDNs knew about this, so let's do some research." The following is based on my thoughts this week. For those of you who are not familiar with my earlier work, I'm one of the authors of the IDN standards... more

Controlling Cyber Dissidents?

Blogging is not only a well-established element of pop culture, it has become a tremendously influential communications mechanism. As early as March 2002, an article in Wired discussed the blogging "revolution" and declared that blogging "could be to words what Napster was to music - except this time, it'll really work." more

NTIA Nixes Privacy Protection in Whois

Many registrars have gotten complacent about reforming the Whois-Privacy relationship. After all, they can sell additional privacy protection to their subscribers for an extra $5-10. Seems like a perfect "market oriented" interim solution, as the so-called "bottom up" policy development process of ICANN figures out how to provide tiered access. Not so fast. more

IDN and Homographs Spoofing

There is a published spoofing attack using homographs IDN. By using a Cyrillic SMALL LETTER A (U+430), Securnia is able to pretend to be http://www.paypal.com/. Actually this is well-documented in RFC 3490 under the Security Consideration: "To help prevent confusion between characters that are visually similar, it is suggested that implementations provide visual indications where a domain name contains multiple scripts. Such mechanisms can also be used to show when a name contains a mixture of simplified and traditional Chinese characters, or to distinguish zero and one from O and l..." more

A Postitive Look at DENIC's .Net Bid

The outcome of the .Net rebid process will involve the security, stability and diversity of management of the Internet's critical infrastructure. As well, the rebid process introduces competitive forces that will flow through to users in the form of cost savings and improved service levels. DENIC has submitted a bid that is consistent with the goals and interests of the Internet community and is the only proponent that has done so. Let us consider the following factors and assess the alignment of the bids with the goals and interests for the Internet community. more

10 Things Google Could Do as a Domain Name Registrar

In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more

Looking at .Net Bids

ICANN is now seeking public comments regarding the .net bids. Unlike before, I am not going to offend one friend or another by siding with one proposal over another. They are all qualified and experienced registry operators. Instead, I will make some general observations. 1. None of the Revenue and Pricing Model (i.e. Section 4) about the bids are available to public... more

How to Stop Spam

I got a letter the other day from AOL postmaster Carl Hutzler, about how the Internet community could get rid of spam, if it really wanted to. With his permission, here are some excerpts. "Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution)." more

The .net Top Level Domain and Cross-Coupled Failures

The .net Top Level Domain (TLD) contains the names of the main group of DNS root servers as well as the names of the servers for several other large TLDs, such as .com, .org, .arpa and .mil. Most of the focus about the .net redelegation has concerned the quality of the registration systems. But that is a minor matter next to the quality of the name server operation.  more

Something's Cooking at IETF with Email Authentication

A few months ago, Ted Hardie (AD of Applications for the IETF) informed the MARID WG in the closure announcement as follows: "Given the importance of the world-wide email and DNS systems, it is critical that IETF-sponsored experimental proposals likely to see broad deployment contain no mechanisms that would have deleterious effects on the overall system. The Area Directors intend, therefore, to request that the experimental proposals be reviewed by a focused technology directorate..." more

Latest Blogs

Recently Discussed

Most Discussed – Last 30 Days

Most Viewed – Last 30 Days



Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Mobile Internet

Sponsored byAfilias

Domain Names

Sponsored byVerisign