John Levine on CircleID

Comments

Google's Free Public DNS Load Tops VeriSign, Raising Dot-Com Contract Tender Question

Comment posted Feb 15, 2012 4:00 pm PST — by John Levine
Yeah, we did that kind of stuff when I was getting my economics B.A. To rephrase my previous comment, when you're in a hole, stop digging. If you know a reasonable model for the behavior of a DNS cache, particularly…

Comment posted Feb 15, 2012 3:37 pm PST — by John Levine
In a perfect world, .COM registrations would cost $100, of which $3 would be for Verisign, and $97 to pay ICANN staff to go on vacation and not come back.

Comment posted Feb 15, 2012 3:26 pm PST — by John Levine
<quote>I'm sure stochastic calculus or pricing mortgage-backed securities and other fixed-income derivatives is a bit more involved than DNS technicalities.</quote> Hi. I've written code that financial software uses to do IRR and bond pricing, the kind of stuff you probably…

Comment posted Feb 15, 2012 5:23 am PST — by John Levine
Google's recursive resolver is really quite different from Verisign's registry. Nonetheless, it's painfully obvious that Verisign is overcharging for .COM. The .COM and .NET domains use the exact same everything, .NET is $2 cheaper, and I haven't heard them complain…

How Frequently Do Botnets Reuse IP Addresses?

Comment posted Feb 13, 2012 5:02 pm PST — by John Levine
Did you look and see whether listings on botnet BLs, notably the CBL, affect botnet reuse? I've always assumed that botnets look and see where they're blocked, so they can sell "fresh" bots for more money, but never had enough…

World Notices That Verisign Said Three Months Ago That They Had a Security Breach Two Years Ago

Comment posted Feb 03, 2012 2:58 pm PST — by John Levine
you forgot "the three month old SEC filing"

Trademarking .generics - the .bank Fiasco!

Comment posted Jan 27, 2012 4:43 pm PST — by John Levine
You can't just apply for a trademark on any random string. You have to be using it in commerce or have a concrete plan to do so. I don't see that the applicant had anything other than a hope that…

Comment posted Jan 25, 2012 3:09 pm PST — by John Levine
While it was clearly a mistake to grant .BANK, why should the USPTO spend any effort whatsoever to solve ICANN's problems? ICANN made a fundamental mistake over a decade ago to allow the trademark lawyers to have a defacto veto…

Is Africa Ready for a dotAfrica gTLD Future?

Comment posted Nov 05, 2011 4:11 pm PDT — by John Levine
I don't disagree that capacity building in Africa is a good idea. But it's absurd to waste half a million dollars on a vanity TLD. How about spending that money on community web sites, the local infrastructure so community members…

Comment posted Nov 04, 2011 2:55 pm PDT — by John Levine
The .ASIA domain, which you have probably never heard of, has 195,000 registrations for a continent that is home to close to 4 billion people. Many, perhaps most, of the domains are just parked by domain speculators, including over 14,000…

The Mainsleaze Blog

Comment posted Oct 21, 2011 5:05 pm PDT — by John Levine
All an "opt-in protocol" would accomplish would be to add an extra level of argument in front of the judge about whether they implemented it right, whether the logs are real (you do know that spammers fake opt-in logs all…

Email in the World's Languages - Part III

Comment posted Jul 13, 2011 11:10 am PDT — by John Levine
1) in China and Japan, very soon. In western Europe and North America, hard to say 2) It's hard to tell from what's on their web site. It looks like punycoding the mailbox, which as I noted has technical problems…

New gTLD Applicants Must Reduce Cognitive Biases

Comment posted Jul 10, 2011 7:52 pm PDT — by John Levine
The only new TLDs that have gotten big enough to be viable based on registrations are .BIZ, .INFO, and maybe .MOBI. That is, cynical clones of .COM and .ORG for people who missed the good names the first time around,…

Top-Level Domains and Search

Comment posted Jul 06, 2011 2:24 pm PDT — by John Levine
ICANN has already created industry specific TLDs, .AERO, .TRAVEL, .JOBS, .MUSEUM, and of course .XXX. Do you find a lot of airline, travel, personnel, museum, and porn sites in those domains? Neither do I.

Searching Under Lampposts with DKIM

Comment posted Jun 24, 2011 10:56 pm PDT — by John Levine
What Murray said

Comment posted Jun 23, 2011 2:41 pm PDT — by John Levine
Hi, Doug. Nobody had to persuade me that it is not a good idea to go down this rathole. Your entire argument starts from the false assumption that a signed spam message would have a good reputation that an added…

Comment posted Jun 22, 2011 12:21 am PDT — by John Levine
Bad Doug! Bad!

US Laws Remain Set to Govern Upcoming Multilingual Internet via New gTLDs

Comment posted Jun 13, 2011 4:13 pm PDT — by John Levine
ICANN is a California not-for-profit corporation subject to both California and United States law. Despite a decade of wishful thinking and fantasy plans to the contrary, that's not going to change. Deal with it.

New ICANN Requirements for New gTLDs Are Irrelevant

Comment posted Jun 09, 2011 3:45 pm PDT — by John Levine
I'm impressed at the admission here that the primary, maybe the only, reason to add thousands of new TLDs is to enable yet more domain speculation.

The gTLD Boondoggle

Comment posted Jun 01, 2011 1:57 pm PDT — by John Levine
Having been to both Sydney NSW and Sydney NS, I can tell you that only one of them has the Marconi National Historic Site, where the first long distance data transmission happened, and it ain't the one in oz. The…

Comment posted May 31, 2011 8:04 pm PDT — by John Levine
The really, really easy argument against what I would say is a short-term perspective over new TLDs is this: with a global naming network and Internet use becoming almost invisibly meshed into our lives, why would the dot-com dominance remain…

Comment posted May 31, 2011 8:00 pm PDT — by John Levine
You should let it go, stop find reasons to stick with a pre-ordained negative assessment and start applying critical thought to the issues that will arrive with the coming reality. You're quite right. It's clear that there is no hope…

Comment posted May 30, 2011 5:53 pm PDT — by John Levine
I agree — designing a process to verify the identity of a business isn't rocket science. Too bad the HSTLD crowd went for the cheap gimmick instead.

Comment posted May 30, 2011 4:58 am PDT — by John Levine
Like I said, I see no user demand for non-ASCII gTLDs. Other than in the US, most businesses use their ccTLD, even in countries that speak English and French, where .COM is a reasonable option. In the UK it's .co.uk,…

IP Blocklists, Email, and IPv6

Comment posted Apr 20, 2011 5:27 pm PDT — by John Levine
If spammers hop from IP to IP, as seems likely in an IPv6 world, just the queries to find out that the IPs don't have rDNS will blow out DNS caches. Managing IPv6 mail is a difficult problem, and few…

ICANN Approves .XXX Again

Comment posted Mar 23, 2011 12:07 am PDT — by John Levine
I must say, the desperate creativity that people use to try and explain away the failure of sTLDs is impressive. There are 40,000 co-ops just in the United States, where the standard term for a co-op is "a co-op". (I…

IP Blocklists, Email, and IPv6

Comment posted Mar 03, 2011 6:49 pm PST — by John Levine
If you depend on Spamhaus (or any other external service), you should buy a susbscription. They only cut off people who don't pay and exceed rather generous query limits. Gandi has occasionally rate limited my WHOIS queries (I do them…

Comment posted Mar 03, 2011 6:21 pm PST — by John Levine
Having written what I think is the only peer-reviewed paper on Greylisting (in the CEAS conference a few years ago), I agree that it still works surprisingly well, but it's no substitute for a well run BL. Spamhaus users report…

Comment posted Mar 02, 2011 10:38 pm PST — by John Levine
Even if you plan to do whitelists, there's still a huge problem with DNS caches due to the vast size of the v6 address space. I've been looking at different ways to publish DNSxLs in the DNS that don't require…

IPv6 and Transitional Myths

Comment posted Nov 25, 2010 6:11 pm PST — by John Levine
Well, that would certainly be the pessimal approach. If I were an ISP, given a choice between forcing everyone to switch to the uncertain reachability of IPv6, or get my customers to renumber to use the space I've got more…

Comment posted Nov 24, 2010 7:31 pm PST — by John Levine
Approximately half of the allocated IPv4 space has never been announced or routed. This tells me that once the free(ish) IPv4 space runs out, there will be a market, but the prices won't be particularly high unless you want a…

A New Internet Extension Can Compete with .COM

Comment posted Nov 05, 2010 9:04 pm PDT — by John Levine
In view of the feeble acceptance of .AERO, .TRAVEL, .JOBS, .COOP, and particularly .MUSEUM, why would anyone expect .law, .music, or .sports to do any better? Fifteen years ago, it was sort of kind of plausible that TLDs might work…

Comment posted Nov 05, 2010 7:38 pm PDT — by John Levine
is that they've always said they would, and they think they can make $100M doing so. The fact that we've survived the past decade with an essentially static set of TLDs should make it clear that whatever problem new TLDs…

Landing Sites, Internet's Achilles Heel of the Internet?

Comment posted Oct 26, 2010 12:17 am PDT — by John Levine
I happen to be familiar with the landing sites for several of the cables that land in New Jersey. TAT-9 and TAT-11 cross Long Beach Island, a narrow barrier island full of summer homes, a block south of our house,…

United States Is the Most Bot-Infected Country. Right?

Comment posted Oct 17, 2010 10:31 pm PDT — by John Levine
Correct me if I'm wrong, but doesn't this exclude anyone who hasn't configured his or her computer to use Windows Update? You may have just discovered that the US has a relatively low level of pirated software, and a high…

The Spamhaus Whitelist

Comment posted Oct 16, 2010 7:08 pm PDT — by John Levine
Does a local part of postmaster or info in the "From" header indicate that? No, of course not. If you could tell staff mail or transactions from spam with a mechanical test, you wouldn't need a whitelist, you could just…

Could .NAME be the Killer App ENUM is Waiting For?

Comment posted Sep 21, 2010 10:39 pm PDT — by John Levine
I have great news for you — you don't have to wait, you can do that right now. Just install any softphone on your computer, or Skype. Or for that matter, there's probably a device on your desk with a…

Comment posted Sep 21, 2010 2:03 am PDT — by John Levine
Hmmn. I'd think it was pretty obvious that I was referring to IP claims on numbers. I don't much care whether TLDs offer numeric 2LDs, e.g. the famous email address up@3.am, but I have no sympathy to people who claim…

Comment posted Sep 18, 2010 5:42 pm PDT — by John Levine
I'm in the camp that ICANN Top-Level Domains (TLDs) are businesses that should be allowed to evolve from their original charter to increase their viability in the marketplace. I'm in the camp that it's not ICANN's job to enable everyone's…

MOPO - The Latest Speed Bump on ICANN's New gTLD Superhighway

Comment posted Sep 12, 2010 9:40 pm PDT — by John Levine
Hmmn, once again this appears to be a response to something other than what I wrote. ICANN's main problem is that for all the blizzard of structures and councils and acronyms, its actions are rightly perceived as capricious and corrupt,…

Comment posted Sep 12, 2010 8:36 pm PDT — by John Levine
The standard is nothing more than the ICANN Directors exercising their business judgment as set forth under California Corporate law This would be the same business judgement that gave us four flip flops on .XXX and almost a lawsuit? Somehow,…

Comment posted Sep 12, 2010 6:09 pm PDT — by John Levine
Mike P. at least has a pragmatic solution to the train wreck Surely you're kidding. Lobby, logroll, and/or bribe the board until you get 10 votes is not a solution to anything other than ensuring full employment of lobbyists. Having…

Comment posted Sep 12, 2010 1:57 pm PDT — by John Levine
Yes, really, I did. One rule for all gTLD With or without your proposal, it's still No rule for all gTLD, and an endless political and legal free for all. I really don't think that lobbying the board until 10…

Comment posted Sep 12, 2010 4:15 am PDT — by John Levine
The .XXX fiasco reminded us, among other things, that even when ICANN nominally has a process, they'll ignore it if they think it didn't give the right result. (Rod Beckstrom used the euphemism "business judgement.") With MOPO, there isn't even…

ARF is Now an IETF Standard

Comment posted Sep 10, 2010 2:43 pm PDT — by John Levine
The differences between the draft and the RFC are tiny, bump the version number to 1 and take out some options that nobody uses. As far as who uses it, just about everyone other than Hotmail. AOL, Comcast, Yahoo, and…

Dot-Jobs Expansion Worries Job-Site Operators

Comment posted Aug 21, 2010 4:15 pm PDT — by John Levine
This is the same race to the bottom we've seen in .AERO, .TRAVEL, and other sTLDs that nobody really wanted in the first place.

Sender Address Verification: Still a Bad Idea

Comment posted Mar 14, 2010 2:12 pm PDT — by John Levine
To abuse a famous quote, this must be a meaning of "simple tweak" with which I am not familiar.

Comment posted Mar 13, 2010 5:25 pm PST — by John Levine
Getting a large number of COI confirmations for forged subscriptions is indeed very annoying, although unlike non-COI lists at least it's only one confirmation per list. If you have in mind some tweak to the mail system that will prevent…

Comment posted Mar 12, 2010 7:51 pm PST — by John Levine
Yes, it's possible to mailbomb someone by forging subscriptions. It's happened to me, many times. But since that mailbomb is mail TO the victim, rather than mail pretending to be FROM the victim, non of this ywo year old message…

Creditor Can Execute Against Domain Name Where Registry is Located: Office Depot v. Zuccarini

Comment posted Mar 03, 2010 3:12 pm PST — by John Levine
I was under the impression that case law in Virginia, where .ORG lives, treated domain registrations more like leases, unlike California. Is that still true?

How Not to Develop Public Policy

Comment posted Jan 07, 2010 5:01 pm PST — by John Levine
ICANN has tied itself in knots since the day it was born trying to satisfy the trademark crowd's fear that someone, somewhere, might utter their name without permission, or do something that might cost them money to deal with. The…

A Thought About Not-Quite-ASCII Top Level Domains

Comment posted Nov 19, 2009 9:01 pm PST — by John Levine
Each of the three languages is the ISO 639 national language for the country in question, so it looks like they're all eligible to me.

Comment posted Nov 19, 2009 6:37 pm PST — by John Levine
I didn't pick Serbia at random. Although their preferred character set is Cyrillic, Serbian is nearly identical to Croatian which is written in Roman characters, and everyone in Serbia can read them without difficulty. (For example, the Serbian edition of…

How Do You Do Secure Bank Transactions on the Internet?

Comment posted Nov 13, 2009 3:04 pm PST — by John Levine
As far as I know, the customers who have lost large amounts are all businesses at this point, but the transaction stealing trojans in Europe affect individuals. I agree, the trick is to find something that is adequately secure that…

The Tempest in the TLD Teapot

Comment posted Nov 12, 2009 11:20 pm PST — by John Levine
Like I said, VRSN's technical management has been fine. I am no more thrilled by sitefinder and other political shenanigans than anyone else, but a thousand more little domains limping along won't change their political influence over ICANN. As far…

Comment posted Nov 09, 2009 5:48 pm PST — by John Levine
You're certainly technically correct that the IDN TLD could be run by someone other than the incumbent registry for the ccTLD, but since they're both approved by the same government agency it seems rather unlikely that anyone who wasn't allowed…

Google's Simple Home Page Now Patented

Comment posted Sep 05, 2009 5:55 am PDT — by John Levine
Not a utility patent. Design patents basically cover the aesthetics of a thing, not its function. The difference is important.

Helping Banks Fight Phishing and Account Fraud, Whether They Like It or Not

Comment posted Aug 24, 2009 11:54 pm PDT — by John Levine
This case has nothing to do with Rock Phish or fake bank web sites. Didn't you even look at the complaint?

Why Can't We Make the Internet Secure?

Comment posted Aug 14, 2009 7:55 pm PDT — by John Levine
I happen to have a single rotor Enigma here that I bought at Bletchley Park. Assuming you also have one, I'll send along a suitable response. Note that he designed the electromechanical Bombe, not the electronic Colossus. Also. WW I…

Comment posted Aug 10, 2009 3:07 pm PDT — by John Levine
People certainly prefer to be more free, but they also prefer not to be hit over the head and robbed whenever they walk down the street. We're finding that the current Internet has become unpleasantly close to a mugger's paradise.…

Comment posted Aug 10, 2009 4:24 am PDT — by John Levine
I don't understand why you think I was referring to split horizon DNS, which has been around for about a decade and has never presented a security issue.

Accepting New Top-Level Domains As Suffix-Less Cyber Brands

Comment posted Aug 02, 2009 6:22 pm PDT — by John Levine
If companies can't be bothered to spend the $100 or so that a company.jobs domain costs, it seems rather unlikely that they'll spend the $185,000 that job.company would cost. At this point I'm mostly surprised that the lawsuits to stop…

Comment posted Aug 02, 2009 11:47 am PDT — by John Levine
or thinking of applying for a job, job dot IBM You can already type ibm.jobs or microsoft.jobs, but nobody does. (Try it.) Users don't know about or use the new domains we've already got, so the more I think about…

DNS, My God It's Full of Stars...

Comment posted Jul 17, 2009 5:20 pm PDT — by John Levine
Open the DNS bay door, Hal.

How Unconscionable is the Profit That Verisign Makes from Its Registry?

Comment posted Jul 13, 2009 9:51 am PDT — by John Levine
Keeping in mind that we're all just waving our hands here, I agree that the read-only part of running a TLD, serving the DNS zone, probably scales no worse than linearly. On the other hand, the read-write part, the provisioning…

Fight Phishing With Branding

Comment posted Jun 13, 2009 2:02 pm PDT — by John Levine
You're quite right that yet another race to the bottom would be a poor idea. But I also don't think there's any need to brand all mail--it's only important for organizations that are likely to be phished. I also don't…

Comment posted Jun 12, 2009 10:18 pm PDT — by John Levine
I've sat next to people from the EFF who say that anyone should be able to register a domain with no identification. They'd probably be OK with a promise from the anonymous registrants not to use their domain for business,…

Comment posted Jun 10, 2009 8:39 pm PDT — by John Levine
I agree that the registrar race to the bottom was an unfortunate mistake, but I don't see any realistic hope of putting that genie back in the bottle and getting registrars to know their customers. Partly that's because of ICANN's…

DKIM for Discussion Lists

Comment posted Jun 03, 2009 9:12 am PDT — by John Levine
I did the same thing for majordomo2, and it was similarly easy. I don't bother to put in an authentication-results header since the list software has plenty of logs in the unlikely event that I need to track how a…

IPv6 and LTE, the Not So Long Term Evolution?

Comment posted Jun 01, 2009 11:14 pm PDT — by John Levine
Since I didn't say any of that, I don't see how I can argue about it. But don't forget to get your flu shot.

Comment posted Jun 01, 2009 9:25 pm PDT — by John Levine
I would like nothing more than to to hear a persuasive, internally coherent argument for how and why this won't happen, Well, gee, you posit an extreme worst case scenario and dismiss any disagreements. Who can argue with that? Maybe…

Comment posted May 31, 2009 10:59 pm PDT — by John Levine
can you think of any other Internet service input that is both indispensable/non-substitutable and also obtainable exclusively from an incumbent competitor? Off the top of my head, real estate for the office, and (in the short run at least) staff,…

Comment posted May 31, 2009 8:16 pm PDT — by John Levine
John does this mean that you're expecting the Internet services market to become permanently closed to new entrants once all IPv4 is distributed? Of course not. It means they'll have to buy v4 space just like they buy everything else…

Comment posted May 31, 2009 2:58 pm PDT — by John Levine
The alternative to v6 is NAT and v4. For about 99.99% of mobile users, it makes no difference whether they're behind a NAT. Switching to v6 has costs, setting up a bunch of NATs (one per million customers, say) has…

ICA to ICANN: The IRT Must Open Up Or Be Stripped of Official Status and Support

Comment posted Apr 29, 2009 4:59 pm PDT — by John Levine
Frank Fowlie as ICANN Ombudsman acts independently of the organization I realize that's the theory. Unfortunately, I can report from direct experience that the reality is very different.

Comment posted Apr 23, 2009 11:53 am PDT — by John Levine
I also hope he surprises us all and rises to the occasion, but particularly in view of his shameful treatment of Ed Hasbrouck who also asked him to make ICANN follow their own rules, don't hold your breath.

Comment posted Apr 22, 2009 8:04 pm PDT — by John Levine
Frank is an egregious apologist for ICANN's staff and board, which isn't surprising considering who pays his salary. He's never issued a decision against them and never will. Unfortunately, history has shown that the most effective way to get ICANN's…

IGP: ICANN Gets "Securitized"

Comment posted Apr 03, 2009 11:24 pm PDT — by John Levine
It just makes explicit what we all know the situation has been along.

Searching for Truth in DKIM: Part 2 of 5

Comment posted Mar 13, 2009 3:10 pm PDT — by John Levine
ADSP says (give or take some minor theological arguments currently underway) that all mail from foo.com is signed by d=foo.com, which suggests that mail without that signature is likely to be bogus. It doesn't say anything about other signatures; if…

Sender Address Verification: Still a Bad Idea

Comment posted Mar 01, 2009 10:14 am PST — by John Levine
I am the owner of Junk Email Filter and we filter spam for about 4000 domains, and we actually use sender callout verification. There's a famous quote from Upton Sinclair that applies here.

ICANN Blows $4.6 Million In Stock Market

Comment posted Feb 10, 2009 11:51 pm PST — by John Levine
the very turbulent economic global climate has had/will have an adverse effect on the performance of long term investments and ICANN, Nominet and others will be no different in this respect. Quite right. That's why it is shockingly incompetent for…

Comment posted Feb 10, 2009 10:27 pm PST — by John Levine
Hiring independent investment advisors is a reasonable thing to do so long as you give them reasonable instructions, which in this case would have been "invest this for capital preservation", not "invest this for long term growth." A proper investment…

Comment posted Feb 06, 2009 5:31 pm PST — by John Levine
We have a very similar arrangement in .uk. It is not best practice to keep reserves purely as cash. Well, OK. I see that Nominet had about £11M in investments as of Sept 2007, the most recent report on its…

Comment posted Feb 06, 2009 12:27 pm PST — by John Levine
It is not best practice to keep reserves purely as cash. Sigh. Once again you are confusing an emergency reserve with an endowment. See previous discussion. I agree that it is a very open question whether ICANN realistically needs so…

Comment posted Feb 05, 2009 7:34 pm PST — by John Levine
Hi, Kevin. Thanks for your condescending yet impressively ill-informed comments. I am frankly astonished that ICANN's CFO can't tell the difference between a reserve and an endowment, and if you don't get it at this point, I doubt that anyone…

Comment posted Feb 04, 2009 7:18 pm PST — by John Levine
They said they had an investment policy, and they tossed around words like "prudent", but other than a line in the annual report, they never said what the policy was. In retrospect it appears they don't understand what prudent investment…

Comment posted Feb 04, 2009 7:16 pm PST — by John Levine
You're right, the decline is what you'd expect for someone who was 1/3 in stock and 2/3 in bonds. But reserves shouldn't be in stock in the first place, they should be in cash, because they're reserves. Even if ICANN…

That Letter to ICANN from the NTIA

Comment posted Jan 24, 2009 5:51 pm PST — by John Levine
The NTIA can chastise ICANN, but they have a pretty blunt instrument with which to do so. Don't forget that three of the root servers are operated by the US government, and many more by organizations with more interest in…

Spam Fighting: Lessons from Jack Bauer?

Comment posted Jan 14, 2009 5:43 pm PST — by John Levine
This guy made zone transfers in order to map the internal network and then he went and attacked the network using this information. He used proxies to try to hide his identity and defied a court order. David did do…

Comment posted Jan 14, 2009 3:04 pm PST — by John Levine
This is not "anti-spam activities," this is hacking into a private network and committing computer crimes. Yes, that's the ridiculous misinterpretation of Ritz' perfectly normal actions that the court was bamboozled into accepting. The parties in this case both have…

Comment posted Jan 13, 2009 11:15 pm PST — by John Levine
See this CircleID post from a year ago: http://www.circleid.com/posts/811611_david_ritz_court_spam/

Comment posted Jan 13, 2009 8:22 pm PST — by John Levine
Regardless of what you might think about vigilante anti-spam techniques, the Ritz case was a travesty of justice. The "advanced" technique that the judge was bamboozled into interpreting as a malicious attack was an ordinary DNS zone transfer request, something…

ICANN Sets the Schedule to Kill Domain Tasting

Comment posted Dec 19, 2008 9:50 am PST — by John Levine
Thanks, I've corrected the original article at http://weblog.johnlevine.com/ICANN/lasttaste.html

ICANN Responsible for Domain Name Trademark Mess

Comment posted Nov 28, 2008 9:53 pm PST — by John Levine
I am wondering if people sometimes, like me, judge an essay only by its title? Don't worry, we read the whole thing before responding that your argument is ridiculous.

Facebook Wins $800M Against Spammer. So What?

Comment posted Nov 27, 2008 4:34 pm PST — by John Levine
A friend who is familar with Canadian law points out that the defendant is in Quebec, where the rules are surprisingly different from the rest of Canada. See my updated blog post. http://weblog.johnlevine.com/Email/facespam.html

How Fast is Internet Traffic Growing?

Comment posted Nov 27, 2008 12:00 pm PST — by John Levine
I talked to Andy Odlyzko yesterday, who stands by his models. Also if you read the press release from "Switch and Data", it actually says PAIX traffic has grown by 112% in the past year versus a 65% global Internet…

Facebook Wins $800M Against Spammer. So What?

Comment posted Nov 25, 2008 6:01 pm PST — by John Levine
But the defendant was in Montreal the whole time. How does a US court have jurisdiction over him?

ICANN Responsible for Domain Name Trademark Mess

Comment posted Nov 22, 2008 7:08 pm PST — by John Levine
It is ICANN's responsibility to make sure domain names do not infringe on trademarks. It is ICANN's job to manage the DNS root. Trademark owners can take care of themselves. If there is any complaint to make about ICANN's relationship…

Users Don't Like Forwarded Spam

Comment posted Oct 15, 2008 6:23 pm PDT — by John Levine
AOL doesn't do anything special with forwarded mail, and if you forward a lot of spam to AOL, you have the same problems as if you forward it to other large ISPs. (Don't argue, I know the postmaster.) Really, the…

Cluck, Cluck... ICANN and Contract Compliance Enforcement

Comment posted Oct 14, 2008 7:30 pm PDT — by John Levine
Having a process is better than not having a process, but having a process is not the same as having an effective process, or having adequate results. The compliance newsletter reports lots of registrars cancelled for non-compliance, although for most…

Comment posted Oct 14, 2008 12:44 pm PDT — by John Levine
It's true, ICANN's compliance is a lot better than it used to be, but since it used to be nonexistent, that's faint praise. And if Joker got their breach letter in September rather than October, so it was two years…

How Much Do You Think a .ORG, .BIZ, or .INFO Domain Costs?

Comment posted Jul 21, 2008 12:04 pm PDT — by John Levine
The .info registry sometimes drops their wholesale price below the normal $6.15. In this case, you're looking at a Godaddy reseller. Godaddy routinely offers domains below cost as a loss leader, then makes it up with hosting and other add-on…

Why New TLDs Don't Matter

Comment posted Jul 11, 2008 3:40 am PDT — by John Levine
If you say so, I can believe that it is of some use to have .maori.nz, although I expect that maori.org would have been as good. So what about .maori would make it worth NZD $130,000 as opposed to the…

Comment posted Jul 10, 2008 6:03 am PDT — by John Levine
Your example of companies advertising search terms in Japan just reinforces the point. You may not like it, but it's the way that the Net is going. By the way, I do agree that the only possible hope to make…

Comment posted Jul 10, 2008 6:00 am PDT — by John Levine
I believe that .info and .biz make money, but the rest of them are pretty dubious. Do you even know how many registrations they have? There are, for example, about 6000 names in .pro, and 14,000 in .coop. There are…

Comment posted Jul 08, 2008 11:34 pm PDT — by John Levine
It's true, by default you get the browser vendor's favorite search engine. Changing IE to a different search is pretty easy, a couple of clicks on the icon in the search box, while changing Google is just barely possible (albeit…

A Case of Mistaken Identity

Comment posted May 21, 2008 11:39 am PDT — by John Levine
Aviram Jenik said: I'm betting you'll have to start getting used to one email address, though. I used to create usernames like: aviram-servicename@mydomain.com but then when I had to login I couldn't remember what I put as the 'servicename' and…

Comment posted May 19, 2008 5:49 pm PDT — by John Levine
Does anyone still have only one e-mail address? I give a different (real) one to every web site that asks for one, so I can tell who's leaking what. On the other hand, I've certainly also gotten my share of…

A Patent for SiteFinder-Like Resolution

Comment posted May 08, 2008 10:46 am PDT — by John Levine
Indeed it uses a DNS wildcard in one of the examples (and a sloppy one at that, since the figure is missing the labels), but as I presume you're aware, what matters is the claims, which indeed say nothing about…

Comment posted May 08, 2008 2:12 am PDT — by John Levine
Why do I get the impression that nobody pontificating on this patent has actually read it? It's number 7,337,910, available at uspto.gov. It was filed in 2001 and, looking at the examples, was intended for the .CC ccTLD. The patent…

The Anti-Phishing Consumer Protection Act of 2008

Comment posted Mar 06, 2008 9:26 pm PST — by John Levine
.pH said: John Levine says: Please read the paragraph after that one. It’s only illegal if you use the name to mislead people. Sigh. If you're not willing to read the bill, why are you complaining about it?

Comment posted Mar 06, 2008 9:02 pm PST — by John Levine
Egad, John B and I agree. Alertthe media!

Comment posted Mar 06, 2008 8:51 pm PST — by John Levine
paul g said: The bill would make it unlawful if the domain name was identical or confusingly similar to the name or brand name of a government office, nonprofit organization, business or other entity. Please read the paragraph after that…

The Front Running Class Action Suit

Comment posted Feb 28, 2008 12:18 am PST — by John Levine
Dan Campbell said: Wouldn't the class in the action be other registrars A court would be unlikely to certify them as a class. The point of a class is that it's impractical to identify all of the individual plaintiffs, but…

Comment posted Feb 27, 2008 7:17 pm PST — by John Levine
Sigh. Make that aiding and abetting fraudulent concealment. The fraudulent concealment charge seems extremely weak on its own, but that's for another message I'll post shortly.

Comment posted Feb 27, 2008 7:14 pm PST — by John Levine
I don't purport to be a lawyer, but I'm pretty sure that if I were a lawyer, I would know that clause 5.10 precludes third parties from suing for violations of the RAA, which has nothing to do with the…

Domain Tasting to Go Away for Real This Time

Comment posted Feb 05, 2008 3:58 pm PST — by John Levine
Oops, you're quite right. I should stop blogging at 1:00 AM. But Suresh's point is well taken. Marchex has yet to be more than marginally profitable, and has lost money in the first three quarters of 2007, so it'll be…

Comment posted Feb 05, 2008 3:50 pm PST — by John Levine
Well, there's the problem. No doubt the current link farm on cameras.com brings in lots of revenue from the suckers who foolishly hoped that cameras.com might have some actual information about cameras. As I said before, this won't stop without…

Comment posted Feb 05, 2008 2:57 am PST — by John Levine
John Berryhill said: To be clear, the [ $180M domain name portfolio ] purchase was by a public company, and if there is "puffery" in an SEC disclosure statement, someone is going to jail. http://www.secinfo.com/d14D5a.1658z.htm Oh, right, I'd forgotten about…

Comment posted Feb 04, 2008 12:02 am PST — by John Levine
Gary is quite definitely confusing domain tasting and domain squatting. They are not the same thing at all. Domain tasting is registering huge numbers of more or less random names of at best marginal value, typically variants on famous names,…

Comment posted Feb 02, 2008 4:16 pm PST — by John Levine
It seems extremely unlikely. When PIR added their restocking fee, the tasting dried up. It's pretty obvious that the gross margins for registries are gross indeed, since we've never heard a peep out of Verisign about the several million daily…

Comment posted Jan 30, 2008 2:30 pm PST — by John Levine
Gary Osbourne said: I fail to see what all the positive fuss is about. Ok, so there's no more domain tasting (or less anyway, see PIR's Org. attempt) This changes the economics by orders of magnitude. The papers in the…

More on Dell's Anti-Tasting Suit

Comment posted Dec 13, 2007 6:55 pm PST — by John Levine
Dell's complaint had a typical laundry list of trademark related charges, including cybersquatting and counterfeiting. There's one new case document, a response from the defendant, which I'll blog at http://weblog.johnlevine.com in a few minutes.

Comment posted Dec 04, 2007 6:53 pm PST — by John Levine
Hmmn, I was unaware that ICANN's registration policies forced you to use Dell's computers. Is there a clause in the RAA that I missed? If I choose to buy a Dell computer and use all their shovelware, it may not…

More on WHOIS Privacy

Comment posted Sep 11, 2007 1:32 pm PDT — by John Levine
Yes, WIPO is a bunch of hypocrites and there's a lot of bogus whois info. We all know that. The point I've been making over and over, which I really do not think is particularly subtle or complex, is that…

Comment posted Sep 08, 2007 4:46 am PDT — by John Levine
When I thought up the registrar/registry split in 1996, I anticipated correctly that registrars would bundle domains with other stuff, but I didn't foresee the race to the bottom that's given us razor thin margins and registrars whose entire business…

Comment posted Sep 05, 2007 2:46 am PDT — by John Levine
Jeez, guys, can't you just read what I wrote? I entirely agree that more accurate WHOIS data would require actual work costing actual money. But unilaterally making WHOIS worse, with no benefits to WHOIS users, just isn't going to happen.…

Spamhaus Appeal: They Win on Substance

Comment posted Sep 05, 2007 2:32 am PDT — by John Levine
As I said, the appeals court reminded the trial court that E360 has to documenthis damages, which he hasn't. Having read the affidavit (it's not hard to find, you know, you don't have to speculate), the largest chunk of damages,…

Registerfly Victims Are Really Stuck Now

Comment posted Jul 26, 2007 2:39 am PDT — by John Levine
This case is going nowhere. The case documents in PACER are all about choice of venue, since the case was filed in North Carolina, but Registerfly was (is?) in Florida, eNom is in Washington, and ICANN is in California.

Squeegee Domains

Comment posted Jul 06, 2007 1:25 am PDT — by John Levine
It is well known that search engines, browsers and ISP's are redirecting user typos to their own pages. That may well be the case in the domain speculators' alternate reality. Here in the regular reality, if I type, say, bermduda…

Comment posted Jul 06, 2007 12:01 am PDT — by John Levine
Tia Wood said: Can you define ... Not in a way that would apply in the domain speculators' alternate reality, so I won't try.

Comment posted Jul 05, 2007 11:34 pm PDT — by John Levine
Tia Wood said: John Levine, you do realize that Microsoft, Yahoo, etc are actually the biggest cybersquatting "squeegee men", correct? There is a bizarre alternate reality inhabited by spammers in which Microsoft sends more spam than anyone else, users welcome…

Comment posted Jun 27, 2007 2:12 pm PDT — by John Levine
Adam Strong said: However, instead of resorting to name calling ... ... the techno-pinkos would like ... My, we're touchier than ever. Well, anyway, if I were king of the Internet, I'd solve the typosquat problem by persuading Google and…

Comment posted Jun 26, 2007 10:38 pm PDT — by John Levine
Well, when I type "stocks" into my copy of Firefox, I get an error message saying that it can't find stocks. Sounds like you have the Yahoo toolbar installed, so you chose to use whatever defaults your toolbar provides. It…

Comment posted Jun 26, 2007 3:27 pm PDT — by John Levine
My goodness, the domainers sure are sensitive to any reference to the value-subtracted nature of what they do. I've been registering domains since about 1990. (Look at the date on iecc.com, which was not my first domain.) I have all…

Comment posted Jun 25, 2007 4:26 pm PDT — by John Levine
Thanks, I couldn't ask for a better example of self-serving babble. In case anyone didn't notice, he changed the topic from typosquats to domain speculators, implicitly agreeing that there's no defense for typosquat squeegee domains. I don't have much sympathy…

Oklahoma Spammer Fighter Loses Even Worse

Comment posted Jun 13, 2007 5:58 pm PDT — by John Levine
I would think this would be obvious, but in the U.S., courts are charged with enforcing actual laws, rather than imaginary laws that we might wish had been passed instead. The highly imperfect CAN SPAM act says that mailers have…

Comment posted Jun 12, 2007 6:27 pm PDT — by John Levine
Except that he did file and unsubscribe request. He pointed them to optoutbydomain.com. Seems pretty obvious to me. Aw, come on. Imagine for a moment that you are an ESP. Some guy calls you on the phone and rants at…

Comment posted Jun 12, 2007 11:48 am PDT — by John Levine
Except that's not what happened. Mumma didn't unsubscribe, he called them up and ranted at them, refusing to tell them what address he wanted them to stop mailing. CAN SPAM is quite clear that a mailer can provide any reasonable…

IETF Has Approved DKIM, DomainKeys Identified Mail

Comment posted May 24, 2007 12:13 am PDT — by John Levine
FYI, it's official. You can read the RFC at ftp://ftp.rfc-editor.org/in-notes/rfc4871.txt

Splitting the Root: It's Too Late

Comment posted Apr 08, 2007 9:47 pm PDT — by John Levine
Karl's viewpoint is quite reasonable. Other people have noted that it's somewhat common for ISPs to FTP copies of the IANA root zone and run their own local root servers, which works fine. Assuming that ICANN ever unties its IDN…

Comment posted Apr 07, 2007 2:55 am PDT — by John Levine
Yes, it's mirrored from my blog where the entry's date was accidentally reset when I restored it from a backup. It's still as true now as it was then, though.

ICANN Asked to Adopt Specific TLD for Banks

Comment posted Mar 31, 2007 6:28 pm PDT — by John Levine
Users basically don't understand domains names. If there were a .bank TLD, you could advertise whatever.bank until you're blue in in the face and people will still type in whatever.bank.com or bank.whatever.com or bank.cm. As Paul Hoffman's recent note points…

An Alternative to .XXX: IANA Adult Port Assignments

Comment posted Mar 18, 2007 3:31 am PDT — by John Levine
No, it's ports above 1024. I'm referring to what TCP software on actual computers actually does. Every TCP connection requires a port number at both ends, and the normal approach in TCP software is to for the client end of…

Comment posted Mar 18, 2007 12:59 am PDT — by John Levine
This is a terrible idea for mostly technical reasons. There's only about a thousand port numbers that can be used by net services. (Port numbers are a 16 bit field, but numbers above 1024 are traditionally available for dynamic allocation…

More Top-Level Domain Wildcards

Comment posted Feb 24, 2007 11:05 pm PST — by John Levine
You're confusing browser hacks with TLDs. There is no .hp domain, nor is there a .art domain. (I'm not guessing, I just FTP'ed a copy of the root zone file to be sure nobody's playing games with it.) Many browsers…

Huge Increase in Spam in October Email

Comment posted Jan 12, 2007 11:12 pm PST — by John Levine
People have been sending out faux bills like that for at least a decade. Have you ever heard of someone collecting? Or a spammer stopping because of one?

Nation of Cameroon Typo-Squats the Entire .com Space

Comment posted Aug 18, 2006 1:36 pm PDT — by John Levine
My, aren't we snarky this morning. I presume most people can tell the difference between a national government and a private business, so I won't belabor the irrelevance of what Google's owners do. But I will point out that the…

Comment posted Aug 18, 2006 5:28 am PDT — by John Levine
We all know what the FAQ on the wildcard page says. But I'm not sure how much of it I believe. Your estimate of $10M/yr for the clickthroughs is plausible, but what we don't know is how much if any…

Another Try at Proof-of-Work e-Postage Email

Comment posted Aug 12, 2006 10:39 pm PDT — by John Levine
When you talk about the ISP's server, you're missing the point. The ISP has no more idea than anyone else what mail from Grandma's PC is real and what is bot spam. You're conceding that the ISP is going to…

More Top-Level Domain Wildcards

Comment posted Aug 09, 2006 4:18 pm PDT — by John Levine
For the *.cn and *.tw wildcards, someone noted on my blog that they resolve for IDN (non-ASCII) names, which I verified. Each leads to the respective registry.

Nation of Cameroon Typo-Squats the Entire .com Space

Comment posted Aug 09, 2006 3:18 am PDT — by John Levine
I poked around looking for more TLD wildcards, and found quite a few of them.

Comment posted Aug 07, 2006 2:53 pm PDT — by John Levine
With respect to Ram's comment, it's just an A record that points to a web server, so any other attempted connection with fail. They published SPF -all records to discourage people from sending or receiving mail, for whatever good that…

Comment posted Aug 07, 2006 3:53 am PDT — by John Levine
I poked around the .cm TLD and found some interesting stuff which I wrote up in this blog entry.

Another Try at Proof-of-Work e-Postage Email

Comment posted Aug 02, 2006 8:44 pm PDT — by John Levine
Well, that will give Grandma plenty of time to wait on hold when she calls to complain.

Comment posted Aug 02, 2006 2:27 am PDT — by John Levine
The situation I forsee is that a spammer hijacks Grandma's computer, then Grandma can't send mail any more. She never sent much in the first place, now she can't send any at all. Or more likely it's not Grandma, it's…

In Bad Taste

Comment posted May 11, 2006 5:12 pm PDT — by John Levine
Bob Parsons of Godaddy suggested making the 25 cent ICANN fee non-refundable, which would do the same thing and avoid giving the registries an incentive to encourage tasting churn. I don't see how registries can impose a restocking fee without…

Comment posted May 04, 2006 12:54 am PDT — by John Levine
Uh, no, the registries didn't create it. Surely you read the second and seventh paragraphs of the article you're responding to.

Comment posted May 03, 2006 11:21 pm PDT — by John Levine
Last week I had dinner with one of the execs at the .ORG registry, and he told me quite vehemently that it's costing them significant real money to handle all the speculative registrations and cancellations. That's not surprising—you build your…

The Politics of Email Authentication, 2006 Edition

Comment posted Jan 18, 2006 8:00 pm PST — by John Levine
There's two somewhat separate reasons not to waste any effort on SPF. One is that it's considerably harder to get SPF right, even for simple configurations, than it looks. I was talking to someone at Godaddy a while ago that…

Comment posted Jan 06, 2006 7:39 pm PST — by John Levine
DKIM provides multiple "selectors" per domain for multiple keys. If the .name registry wanted to give each user his own selector for mail signing, they could do that, allowing them to cancel the selectors for people who misused them. If…

Splitting the Root: It's Too Late

Comment posted Jan 04, 2006 11:28 pm PST — by John Levine
Ask 100 Internet users if they were aware that the same exact domain name brings back multiple responses, based on where they are physically located. Care to guess how many are aware of that? Oh, you mean like when I…

Comment posted Jan 04, 2006 8:55 pm PST — by John Levine
Disclosure is fine, but if you rounded up a hundred typical Internet users from Egypt and China and asked them if they'd rather use the local root or the ICANN/IANA root, the response from at least 98 of them would…

Time to Renew .coop, .museum, and .aero ICANN

Comment posted Jan 02, 2006 8:09 pm PST — by John Levine
If you say there are 10K registrations, I believe you since you presumably registered most of them. So I pointed my browser at www.expedia.travel, and I got an Encirca page, not Expedia. I tried www.orbitz.travel and got the same Encirca…

Comment posted Jan 01, 2006 11:14 pm PST — by John Levine
Since you can't buy a .travel domain until tomorrow, doesn't it seem a little bit premature to claim "tens of thousands" sold? There are definitely tens of thousands of geographic place names reserved, but that's meaningless, since there's no reason…

Splitting the Root: It's Too Late

Comment posted Dec 04, 2005 1:20 am PST — by John Levine
I don't understand this comment at all. If I had noted that ICANN's IDN dithering had led to a split root in a cheery and upbeat way, what difference would that make? If Afilias has added IDNs to .INFO, that's…

DMA Requires Email Authentication, Do We Care?

Comment posted Nov 09, 2005 12:46 am PST — by John Levine
It's true, the DMA's membership list is secret, but it's not hard to get a pretty good idea who their members are. Membership is expensive enough that shadowy little companies are extremely unlikely to join, even if there were some…

ICANN Gets the Root Zone, Too

Comment posted Oct 30, 2005 2:28 am PST — by John Levine
I don't know why the myth of "A" being special continues to be perpetrated, either, but I also don't understand why you're bringing it up. The question at issue is who creates the root zone, not how it's distributed. When…

Welcome to the Root, .MOBI

Comment posted Oct 29, 2005 5:03 am PDT — by John Levine
.MOBI is a most interesting experiment. Once the big players get established, they plan to throw it open to individual registrants. There's a whole bunch of rules about what's supposed to go in .MOBI, mostly requiring that it work from…

Verisign Gets .COM Forever, But ICANN Gets a Lobbyist

Comment posted Oct 27, 2005 8:37 pm PDT — by John Levine
Yes indeed, they are recurring annual fees. You can prepay up to 10 years at the current rate. As others have pointed out, Tucows informally offered to run .COM with a $2 fee, and Afilias in the .NET tender offered…

Comment posted Oct 25, 2005 9:17 pm PDT — by John Levine
Oh, look at that. Section 7.2(e) keeps the existing Variable Registry-Level Fee at 15 cents plus a per registrar fee which doubtless adds up to the 25 cents. So you're right, ICANN will be tripling the fee to 75 cents…

Abusive Anti-Anti-Spam Scheme a Dreadful Strategy

Comment posted Sep 10, 2005 1:28 pm PDT — by John Levine
Now I'm completely confused by Comrade Lee's comments. There is a private right of action in the junk fax law, and it works. There is no PROA in a CAN SPAM and it doesn't work. I agree that we haven't…

Comment posted Sep 01, 2005 8:15 pm PDT — by John Levine
Re Mr Craig's question, the quote I cited from BS's web site seems pretty clear to me. Despite all the smoke and mirrors, it's basically intended as a DOS attack. I haven't seen any noticable change in the amount of…

Maybe the IETF Won't Publish SPF and Sender-ID as Experimental RFCs After All

Comment posted Aug 26, 2005 6:05 pm PDT — by John Levine
I thank William for confirming all of my important points. In MARID they did invent a 2.0 record, but at the same time they decided to fall back to SPF1. As far as Microsoft saying no, a headline saying "Microsoft…

Comment posted Aug 26, 2005 2:45 am PDT — by John Levine
My, aren't we touchy. I expect that if Wayne had numbers that supported his arguments, he would tell us what they are, so I'll let people draw their own conclusions.

SPF Loses Mindshare

Comment posted Aug 03, 2005 4:51 am PDT — by John Levine
Confidential to Wayne: yes, we know who was on the committee at MAAWG who wrote the whitepaper. They're writing about their actual experience testing it at large ISPs, at least one of which hired Meng to help them do it,…

Comment posted Aug 03, 2005 4:45 am PDT — by John Levine
Nobody's waiting for a perfect solution; we're waiting for a solution that doesn't cause more problems than it solves. SPF and Sender-ID have been grossly oversold. If you already have a list of domains from which you know you want…

Abusive Anti-Anti-Spam Scheme a Dreadful Strategy

Comment posted Jul 30, 2005 1:21 am PDT — by John Levine
The real answer is that an illegal DOS is whatever a court says it is, but having looked at a lot of computer crime laws, I'd have to say that intention counts for a lot. As I noted in my…

Comment posted Jul 27, 2005 2:16 am PDT — by John Levine
I think Tim is asking about my blog at http://weblog.taugh.com from which this article is mirrored. As the comment form there says: Note: all comments require an email address so we can send a confirmation to verify that it was…

We Hate Spam Except, Of Course, When It's Inconvenient to Do So

Comment posted Jul 01, 2005 7:56 am PDT — by John Levine
Paul is correct that there is a minor error in my note. It should have said the IP "where Textileshop collects their orders" rather than "where Textileshop's web site lives." Re their moving, since Paul would evidently rather complain than…

Comment posted Jun 28, 2005 7:59 am PDT — by John Levine
Right. So why aren't you pushing your buddies at Yahoo to get rid of high profile, well documented spammers? They need only enforce their AUP.

Comment posted Jun 21, 2005 6:12 pm PDT — by John Levine
See the comments on the original copy of this story at http://weblog.taugh.com/ and follow the link to Spamhaus in the story itself for more info on what Spamhaus blocked. Since textileshop has been hopping around, it's the address of the…

Topic Interests

Security, Spam, Email, Privacy, Internet Protocol, Law, IP Addressing, Cybercrime, DNS, Domain Names, Registry Services, Top-Level Domains, ICANN, DNS Security, Regional Registries, Multilinguism, Censorship, Net Neutrality, Access Providers, Internet Governance, Web, Policy & Regulation, VoIP, Telecom, Whois, P2P, Malware, Cybersquatting, Cyberattack, IPv6, Mobile, Broadband, Wireless, Enum

John Levine

Comments

Topic Interests

Recent Blogs

Popular Posts