Neil Schwartzman

Neil Schwartzman

Executive Director, The Coalition Against unsolicited Commercial Email - CAUCE
Joined on September 15, 2003
Total Post Views: 1,200,120

About

Neil Schwartzman is the Executive Director of the Coalition Against unsolicited Commercial Email (CAUCE). He was active with many anti-abuse organizations, like MAAWG.org, APWG.org, but is gradually giving it up to do some other cool creative things.

Except where otherwise noted, all postings by Neil Schwartzman on CircleID are licensed under a Creative Commons License.

Featured Blogs

JD Falk – a Decade Afterwards

I can still hear it. ‘Hee hee’. That’s good. We all have unique laughs, but few are distinctive. Fewer yet belly the true nature of the human being issuing them. British insult comedian Jimmy Carr has one such laugh, a tri-tone ‘dah dah DUH,’ rising on the third expulsion. It has a bell-like quality, ringing, embodying the deft touch that Don Rickles had of insulting while loving, something Carr has mastered. It lets you know that despite him having just said something shocking and horrid, he is laughing with, never at, reassuring the target, ‘all is well.’ more

Measuring Abuse: How Much COVID-Related Abuse Is There, Really?

Like measuring COVID's impact, so too measuring the impact of COVID-related abuse on the Internet is difficult, there are those that would foolishly dismiss the danger entirely, others over-state the problem, perhaps to prompt sales of tools and services. The amount and type of abuse varies from network to network, and to declare everything is fine based on one world-view you believe to be ubiquitous, or that the sky is falling based upon another, extrapolated to 'everybody else' is simply poor analysis. more

RIP Don Blumenthal

It is with a heavy heart that we note the passing of a dear friend, colleague and member of the CAUCE board of directors, Don Blumenthal, on September 28, 2019, in Ann Arbor, Michigan. He was 67. Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous 'Spam Fridge,' the repository of junk email maintained by the Federal Trade Commission (FTC). more

A Trebuchet Defence in the Age of the Augmented Reality Cyberwarrior

I've been ruminating on this for a while, this follow-up that was a decade in the offing. My article Trench Warfare in the Age of The Laser-Guided Missile from January 2007 did pretty good in terms of views since I wrote it. Less so in terms of how well the ideas aged or didn't, but that's the nature of the beast. Everything gets worse, and simultaneously, better, and so here we are: Using embarrassingly ancient approaches to next-generation threats. Plus ça change. more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

WHOIS: How Could I Have Been So Blind?

A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more

Loudmouths Wanted for ICANN WHOIS Replacement Work

TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more

Internet Governance Forum Publishes BPs on Regulation and Mitigation of Unsolicited Communications

The IGF this morning published a number of reports, including the aforementioned one, at the URL provided, titled 'IGF 2015 Best Practice Forum Regulation and mitigation of unsolicited communications.' The reports can be found in the included URLs on the IGF Website. more

Call for Nominations: M3AAWG J. D. Falk Award Seeks Stewards of a Better Online World

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them.  more

Net Neutrality? Give Me a Break

As my learned friend John Levine has noted, rightly, any policy that anyone has come up with thus far regarding net neutrality is based upon a Telco model. Now, think about that for a second. A telephone call costs pretty much the same if you whisper or shout. It costs the same if you make a quick phone-call or you yack for hours. These days, even long distance is trivially inexpensive, because the capacity to carry the world's phone-calls is well beyond any foreseeable demand. There is huge headroom. more

Canada’s Anti-Spam Law Coming Into Force July 01, 2014

Canada's Anti-Spam Law, CASL, is now a done deal. Last Thursday, Treasury Board of Canada President (and champion of CASL) Tony Clement approved Industry Canada regulations in their final form. Today, Minister of Industry the Honourable James Moore announced CASL will come into force in July 1, 2014. more

2014 M3AAWG Mary Litynski Award Nominations Now Being Accepted

In 2010 the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the Internet industry as a whole lost a great friend and supporter, Mary Litynski. Her dedication, excellence, perseverance and tireless work behind the scenes of M3AAWG helped make the organization the success that it is today. Through this award, M3AAWG seeks to bring attention to the remarkable work that is done far from the public eye over a significant period of time... more

The Sexist Men In Tech Need to Grow Up, Now

These days, I've seen many breathless posts about how 'we' "need" to encourage girls to study math so eventually they become computer or other sorts of geeks. Personally, I don't think technology is the only valuable thing in the world; writing, music, and the rest of the arts, medicine, human relations, politics, and so on are pretty important things too, and let's face it content was, is, and will always be king. That said if men continue to act like jerks, it is no wonder women will go into anything but technology. more

Polish CERT Polska and NASK Pull the Plug On .pl TLD On Malicious Registrar, Domain Silver

Today we publish an overview of domains registered through Domain Silver, Inc, a registrar operating in the .pl domain. This Registrar started operating in May 2012. Since that time, the CERT Polska team started to observe a large increase in the amount of malicious domains registered in .pl and to receive many complaints concerning domains registered through Domain Silver. more

The Spamhaus Distributed Denial of Service - How Big a Deal Was It?

If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more

How to Donate Safely to Charity

Please share this post. After a tragedy, many of us want to donate to funds and charities to show our support for a community. However, scam charities immediately pop up, looking to steal your well intentioned donations. There are at least 30 newly-registered domains over the past 48 hours related to the tragic shootings at the Sandy Hook elementary school in Connecticut: Most, if not all are scams and rip-offs. How then, to donate so that your funds make it to the deserving victims? more

Raspberries! Botnet Spam Just Got a Whole Lot More Dangerous

Many have heard of botnets, but for those that aren't certain what they are: Botnets are armies of hacked zombie computers that have malware on them, and send spam email at the command of operators anywhere in the world. They can also be told to deploy denial of service attacks, by all hitting the homepage of a given company, or attacking the DNS server or a service or country. more

Five Countries are Considering Anti-Spam Laws

The international press is alight with reports of various countries considering privacy and anti-spam legislation. It appears that many countries have arrived at the logical conclusion that after years of supposed 'self regulation'; some marketers must be brought to heel by way of regulation and law, to stop abusive practices. more

Hot Legal Action in Canada!

The best part is ... this isn't one of those 'now that I've got your attention' tricks, like one of those old "free beer" posters; there really is a ton of stuff happening above the 49th parallel this summer. To begin with, as a precursor to Canada's Anti-spam Law coming into effect later this year, the Office of the Privacy Commissioner, the Canadian Radio-television Telecommunications Commission, and Industry Canada have all issued regulations, the latter two in draft form with an RFC. more

Facts & Tips for Consumers About the Epsilon Breach

There has been a lot of talk, blogging, tweeting and press reportage about the Epsilon breach, but little in the way of concrete information to consumers as to where they stand, if their personal information (PII) such as their name and email address has been lost to criminals. The CAUCE Board of Directors have developed the following FAQ that provides facts and guidance for those affected by the breach. more

The Epsilon Phishing Model

Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more

Why the Fukushima Analogy Was Apt

A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more

Epsilon Interactive Breach the Fukushima of the Email Industry

A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. more

Mooning the Porn Stars

Steve DelBianco did a great job of discussing the rocky relationship between ICANN's Government Advisory Committee (GAC) and the Board of Directors, in his piece entitled ".XXX Exposes the Naked Truth for ICANN". I've been keeping an eye on the adult industry press to see what their reaction is to the .XXX debacle. But before we start, let's get something out of the way. more

No False-Starts, Do-Overs, or Mulligans for Email

Josh Baer, former VP of Datran Media and current CEO of OtherInBox has been floating an idea at the DMA's Email Experience Council and a few other places, and recently got some traction in Ken Magill's Magill Report. What Josh is proposing is to create the technical means by which a Sender can decide when email 'expires' and is automatically removed from a recipient's inbox, either by deletion, or perhaps archiving (in the case of Gmail). This would supposedly help the end-user, by removing marketing offers that are no longer available. Why this idea shouldn't happen... more

Wikileaks DDoS of Spamhaus: Political Activism at Its Dumbest

A week ago, Paul Vixie wrote a thoughtful piece on the morality of DDos, for both sides of the equation of the Wikileaks issues. In it he summarizes things nicely: "Denial of service is not merely a peaceful protest meant to garner attention for a cause. Denial of service is forcible and it is injurious. It is not like any form of civil disobedience, but rather it is criminal behaviour more like looting." Well said, Paul... more

Canada’s Anti-spam Bill C-28 is the Law of the Land

It's been a long time coming, but Canada has an anti-spam law, and one, which sets a new world standard, and a tough, but fair, opt-in protocol for everyone in North America who sends commercial email and other electronic messages. Yesterday, The Canadian Senate voted to accept Bill C-28, and today, December 15, at 13:00 eastern, it will be given Royal Asset of the Governor General of Canada, His Excellency the Right Honourable David Johnston. more

New Fear, Uncertainty and Doubt about Canada’s Anti-Spam Bill C-28

From time to time, we see unenlightened comments about the efficacy of laws in the fight against spam. "Laws won't stop spam" being the most common. No, they won't. What laws do is dissuade some people from undertaking shoddy mailing practices or even outright spam campaigns. Laws don't stop murder, rape and robbery either, but for those un-dissuaded who undertake such heinous crimes, we, as a society, have laws for punitive effect. They pay the price society exacts for their actions. C-28 will attenuate spam in Canada, and help us to fight spam internationally. more

Kidnapping, Theft and Rape Are Not “Cyber” Crimes

Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia. His daughter was recently released, according to Joseph Menn's recent article on Boing Boin, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations. The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity. more

Using Facebook for Verisimilitude? For real?

I recently became aware of the new pay-by-mobile phone service Venmo.com. "Pay friends with your phone, skip the ATM, Settle up on meals, rent, bills and drinks" ... Venmo are using Facebook connect as a way of verifying user identities, at least that is what they claim. more

ClamAV and the Case of the Missing Mail

Some email discussion lists were all atwitter yesterday, as Sourcefire's open-source anti-virus engine ClamAV version 0.94.x reached its end-of-life. Rather than simply phase this geriatric version out the development team put to halt instances of V0.94 in production yesterday, April 15, 2010. In other words, the ClamAV developers caused version .94 to stop working entirely, and, depending upon the implementation, that meant email to systems using ClamAV also stopped flowing. more

Email User Safety At Risk - MAAWG Consumer Survey 2010

The 2010 version of the now-annual Messaging Anti-abuse Working Group (MAAWG) 'Email Security Awareness and Usage Report' was released yesterday. While un-belied by the title, the vernacular name might get a bit more attention: "The MAAWG Consumer Email Survey". ... Consumers were surveyed in North America and across Europe with variety of questions from computer expertise and savvy, to their preferences of email. more

Helping Haiti: The Email Community Response

It is inconceivable that anyone within viewing distance of a television or computer screen this week doesn't know about the disaster in Haiti. As of this writing, 50,000 bodies have been collected from the streets of Port-au-Prince. Millions of people, a number our brains simply aren't equipped to deal with, are now homeless. Help is needed now, and will be, for a very long time. more

Last Decade in Spam

CAUCE, the Coalition Against Unsolicited Commercial Email, has looked back at the notable events of the last decade in our industry. Each year/link in the post explodes to a discrete blog entry with a month-by-month break-out of notable events. more

I Don’t Give Damn About My Bad Reputation - Joan Jett

Two friends of mine wrote pieces today about reputation, one about email, the other about real-life stuff. I think they are strangely, tangentially yet inextricably linked. Laura Atkins, email specialist and part-time meteorologist at Word to the Wise aggregated a series of posts about a storm gathering on the email front. Receivers and filter-makers are up in arms about the crappy mail streams they see coming to them from ESPs, email service companies providing sending services for clients of various pedigrees. more

Email’s Not Dead, Neither is Spam

Over the past few years, we have seen a plethora of over-hyped articles in the popular press and blogosphere crowing wrong-headedly about how 'email is dead'. Social networks like Facebook and Twitter, new and as-yet unproven technologies are the supposed death-knell for our old reliable friend, e-mail. I wrote about the rumours of email's death being exaggerated back in 2007 in response to such inanity. Since then, we've seen such a cornucopia of silliness of the 'Such & such is killing email' variety that Mark Brownlow compiled a bunch of articles, and their rebuttals at his excellent site... more

Bill C-27: Historic Canadian Anti-spam Legislation Battered, But Still Unbeaten

As readers of CircleID have seen, there has been a lot of activity (for example, Michael Geist's "Canadian Marketing Association Attacks Anti-Spam Bill"), as the final votes of C-27 grow nearer. The history towards getting a spam law passed in Canada has been a long one. For years, CAUCE encouraged legislators to undertake this important work... Fast forward a few years, and a few governments, and suddenly we have a law tabled in the House of Commons... more

Deliverability Emergencies from the ISP Side of the Desk

I recently read an interesting blog post over at Word to the Wise, about Delivery Emergencies. Laura Atkins makes the point that many email emergencies are a result of poor planning, or an error on the part of the sender... Fortunately, most people grow out of their college fraternity phase, and the same applies to most email senders. As folks become aware of industry standards and best common practices, they adapt their mailing paradigms to what is expected of them by receivers, and recipients. more

Everything You Ever Wanted to Know About Canadian Anti-Spam Bill C-27

CAUCE just posted a blog entry about C-27; we will be speaking to the Industry, Science, and Technology committee reviewing the bill this afternoon. The meeting will be webcast starting at 15:30 eastern... more

Canadian Spam Law Update

As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more

Commentary on the FTC Spam Summit

The following speech was prepared with the intention of using portions of it during the FTC Spam Summit, but CAUCE was not given the opportunity to participate due to time constraints... "I am here today to question. Yesterday we heard how the tenor of the discussion about spam became more mature. How, in the period of time that has elapsed since the last summit, things have developed as an industry. That may be true, but I question if the discussion at hand here this week is truly a big tent effort. I see few anti-spammers here..." more

Opt-In Permission for Mailing Lists: Is It Enough?

For some time now I have contended that Confirmed Opt-in, 'COI' is dead, or at the very least on life support. It certainly is not a major factor in the continued relation between sender and receiver; that relies far more heavily on the ongoing and historical reputation of the mailer and the mail stream. Proof of permission doesn't scale; end-users complain all the time, but it is rare if not impossible for a receiving site to request proof when an end-user complains, then the receiver complains to the sender, and the sender says that permission was actually in place. Much more commonly, the sender unsubscribes the address and moves on, permission or not, since the subscriber doesn't want the mail any more. But then, I recently had two eye-opening experiences... more

Spamhaus Policy Block List Update

Recently, I wrote about the Spamhaus Policy Block List (PBL), suggesting senders encourage their network/connectivity service providers (whomever they lease or purchase IP addresses from) to list their illegitimate email-sending IPs as a step towards improving the overall email stream on the internet. The initial PBL was seeded with listings from the Dynablock NJABL ("Not Just Another Bogus List"), which at the time of the cut-over was at more than 1.9 million entries... more

Trench Warfare in the Age of The Laser-Guided Missile

The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety. If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost... Of late, much has been said in the popular and computer press about a vector that is annoying, but hardly critical in nature: 'Image spam'. Spammers have jumped on the new technology of 'image-only' payloads, which morph one pixel per message, rendering them unique, and traditional check-sum blocking strategies ineffective... Fortunately this fraudulent stock-touting scheme leaves a paper trail that has allowed for some successful prosecutions in the latter half of the year. Stock spamming, while popular at present time is likely to decline as legal actions increase... more