Architect, Antispam and Compliance
Joined on June 21, 2004 – India
Total Post Views: 337,369
***The comments I post on circleid are my own, personal point of view. Unless explicitly stated, they do not under any circumstances represent any official statement by, or viewpoint of my employer***
Suresh Ramasubramanian provides strategic vision and leadership on antispam and cybersecurity, and is currently Architect, Antispam and Compliance at IBM's LotusLive iNotes division.
Previous jobs include eight years as Head, Antispam at Outblaze, a Hong Kong based messaging provider with over 40 million users, whose messaging assets were acquired by IBM in 2009.
Before that, Suresh worked on the Security and Abuse desk at Juno.com (now United Online) for a brief period of time, and then worked at a regional Indian ISP, BPL Innovision.
Suresh has been actively lobbying for realistic solutions at technological, legislative and policy levels to spam since 1998. He is coordinator of anti-spam NGO APCAUCE, and serves as Fellowships Chair for APRICOT, the largest network operators conference in the asiapac region.
He has worked on a field research project on cybersecurity for developing countries for the ITU, in association with the Malaysian Communications and Multimedia Commission, and has earlier written research papers on spam for the OECD Anti-Spam Toolkit and for UNDP/APDIP.
He has given well-received talks and keynote speeches on spam around the world at conferences organized by the OECD and ITU, as well as at industry events like MAAWG.
He has been a regular media spokesman on these issues, being widely interviewed and quoted over the past several years in publications including the Wall Street Journal, the New York Times, Foreign Policy Magazine, Businessweek, the Washington Post, Wired and PC Magazine.
Businessweek magazine profiled Suresh as #19 in its 2002 list of top 25 e-business professionals.
Except where otherwise noted, all postings by Suresh Ramasubramanian on CircleID are licensed under a Creative Commons License.
The EFF has just posted a shallower than usual deeplink alleging an "email encryption downgrade attack" by ISPs intent on eavesdropping on their customers. They, along with VPN provider Golden Frog, have additionally complained to the FCC reporting this. Here, they've just noticed something that's common across several hotel / airport wifi networks... more»
After the botched burglary at the Watergate Apartments, every scam and scandal that hit the headlines became a 'gate' -- Irangate, Contragate, you name it. The Heartbleed bug is possibly the closest thing to Watergate that this generation of computer security had seen till the past few days -- an exploit in a component that is "just there" -- something you utterly rely on to be there and perform its duties, and give very little thought to how secure (or rather, insecure) it might be. So, fittingly, every such catastrophic bug in an ubiquitous component is now a 'bleed'. more»
The background is of course quite interesting, given how soon it has followed Microsoft's seizure of several domains belonging to Dynamic DNS provider no-ip.com for alleged complicity in hosting trojan RAT gangs, a couple of days after which the domains were subsequently returned -- without public comment -- to Vitalwerks, the operator of No-IP. This is by no means a new tactic for Microsoft, who has carried out successful seizures of various domains over the past two or three years. more»
This is the African Union Commission's formal objection, through the ICANN GAC Early Warning Process, to the DotConnectAfrica Trust's amended application 1-1165-42560 for the .africa TLD. Here, it objects to the DCA .africa bid as not having the requisite government support for a Geographic name, and further characterizes DCA's bid as an "Unwarranted Interference and Intrusion" more»
I will first begin this post by emphasizing that this article is entirely my personal viewpoint and not to be considered as endorsed by or a viewpoint of my employer or any other organization that I am affiliated with. Neither is this to be considered an indictment of the sterling work (which I personally value very highly) that several people in Microsoft are doing against cybercrime. Microsoft's takedown of 3322.org to disrupt the Nitol botnet is partial and will, at best, have a temporary effect on the botnet itself... more»
Forbes just published this article that's being shared all over my facebook friends feed. I left a comment on the article that I've copied and pasted here, as it is just about long enough to qualify as a CircleID post by itself... The problem is that peering isn't always settlement free -- and even if it is, if and only if there's an equitable amount of traffic exchanged between two ISPs. And then there's transit, where you pay another network to carry your packets for you. more»
The Times of India recently interviewed India's Minister of State for Communications and IT, Sachin Pilot, on Internet Governance. Titled "'Internet's governance can't be limited to one geography'", the article started off with an amazing assertion by the minister... While this interview is a fairly standard restatement of the position some Governments (including India) have about governmental control of Internet Governance, it is sadly apparent that the minister unfortunately doesn't appear to understand what the root servers are, or how they work. more»
This is, of course, about the recent NYT article that showcases the results of Prof Stefan Savage and his colleagues from UCSD/Berkeley. As my good friend and longtime volunteer at CAUCE, Ed Falk, points out, this is a great find, but hardly a FUSSP. The nice thing about the fight against bots and spammers is these little victories people on "our" side keep having in an endless series of skirmishes and battles... more»
This is a followup to Wout de Natris' as usual excellent piece on the Enisa botnet report -- pointing out the current state of mobile malware and asking some questions I started off answering in a comment but it grew to a length where I thought it'd be better off in its own post. Going through previous iterations of Mikko's presentations on mobile malware is a fascinating exercise. more»
This is a reply to Susan Crawford's circleid article "Comcast v. FCC - "Ancillary Jurisdiction" Has to Be Ancillary to Something". I started writing a reply to her article, adding some comments I had and also reminding her that she'd predicted this herself, in an earlier circleid article, but it turned out long enough that I decided to submit it as a circleid post instead. On the whole, the facts agree with this CNET article. This court decision was correct, and expected... more»
The press, the blogosphere, CircleID - everybody has been discussing Craig Mundie's comment on the need for an "Internet Driver's License". Most of the reaction has been from privacy advocates fearing that this is simply another way to kill anonymity on the Internet. Oh well... that's the usual set of reactions. Now... the fun part is, a driver's license also shows that you have the competence to drive... more»
As a follow up to Susan Brenner's Networks and Nationalization and my comment there, I will go further in this post and talk about the "cyberwar" and "offense" aspects of her article. I think I made this point elsewhere as well... but before getting into a war, it'd be a brilliant idea to actually know that you can win. Cyberwarfare is the sort of game where you don't really need to be a huge government with the largest standing army in the world and sophisticated weaponry in order to win... more»
Today, in response to "It’s The Internet Stupid", Richard Bennett highlights (on the IP List) something I've noticed even among other advocates of 'Net Neutrality' (and how I've come to detest the term after its widespread and misguided overuse). Legislating against the concepts of Deep Packet Inspection (DPI) or other preferential treatment of packets is not the brightest thing to do. I've seen others draw analogies to gun control using the 'guns don't kill people' argument... more»
This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux. more»
Hong Kong domains are the most dangerous in the world; this little factoid from a recent McAfee report generated quite a bit of media coverage, and even made TIME magazine's top stories list. But all is not as it seems, and aspects of the report may have been out of date before the report was even published. McAfee's study seems to be based on a year's worth of data, and last year was a particularly bad year for the Hong Kong domain, thanks to a gang of botnet spammers registering thousands of domains under the .hk ccTLD. These domains were most likely registered using stolen credit cards... more»
According to a recent article in Domain Name Wire, "shares of domain name company Tucows are down over 15% in early trading after announcing earnings." Elliot Noss, President and CEO of Tucows, says: "We delivered solid financial performance in the second quarter, which benefited from the sale of a block of 2,500 domain names from our portfolio." more»
Well, it has been quite a while since first the Hong Kong OFTA (in 2004) and then CITB (in 2006) issued requests for public comment about a proposed UEM (Unsolicited Electronic Messaging) bill to be introduced in Hong Kong, for the purpose of regulating unsolicited email, telephone and fax solicitations. We're a large (worldwide) provider of email and spam filtering - but we're based in Hong Kong, and any regulation there naturally gets tracked by us rather more actively than laws elsewhere. We sent in our responses to both these agencies... The bill is becoming law now - and most of it looks good... There's one major fly in the ointment though... more»
The latest post on DearAOL's blog, by EFF activist coordinator Danny O'Brien, is titled "The Shakedown Begins". In short, Danny receives email from overstock.com on an AOL mailbox -- email that he apparently paid overstock $29.95 to receive. And that email arrives with Goodmail certification that AOL recognizes and flags as such. Danny seems to think this is not the sort of email that should be certified by Goodmail, and that AOL should not suddenly turn on Goodmail certification. Suddenly? more»
Cindy's piece on the EFF website seems to be a bit of a pastiche, with elements taken out of various articles (some outright wrong, some merely misinformed) that have been doing the rounds of the media for quite a while now about Goodmail. She started off comparing AOL and Goodmail with the old email hoax about congress taxing email. That same line was used in a CircleID post by Matt Blumberg, CEO & Chairman of Returnpath... Various other quotes from different places - Richard Cox from Spamhaus on CNN for example. However a lot of the quotes in those articles are being based on wrong or out of context assumptions, starting with one that goes "AOL is going to remove all its existing whitelists and force people to use Goodmail". more»
Dot XXX is in for some interesting times, I fear. First the ICANN GAC chair Sharil Tarmizi is suggesting that more time be given for government and public policy feedback on .XXX. Objections certainly have started to come in from rather high places, such as from the US Department of Commerce. Personally speaking I'm inclined to be in favor of .XXX because it at least gives people in the adult entertainment industry their own online space and a stronger voice (gTLD)... more»
My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers. "Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere..." more»
Larry Seltzer wrote an interesting article for eWeek, on port 25 blocking, the reasons why it was being advocated, and how it would stop spam. This quoted an excellent paper by Joe St.Sauver, that raised several technically valid and true corollaries that have to be kept in mind when blocking port 25 -- "cough syrup for lung cancer" would be a key phrase... Now, George Ou has just posted an article on ZDNET that disagrees with Larry's article, makes several points that are commonly cited when criticizing port 25 blocking, but then puts forward the astonishing, and completely wrong, suggestion, that worldwide SPF records are going to be a cure all for this problem. Here is my reply to him... more»