Matthew Elvey on CircleID

Home
Blogs
Latest Recently Discussed Most Discussed Most Viewed
News
Latest Recently Discussed Most Discussed Most Viewed
Industry
Latest Most Viewed Leaderboard Participants: .CO Internet .INFO .ORG, Public Internet Registry Afilias Architelos ARI Registry Services BlueCat Networks CentralNic Cloud Registry DotConnectAfrica dotMobi Dyn Inc. Hostway MarkMonitor Neustar Minds + Machines Nixu Software RegistryPro Sedari Verisign
Community
Recently Featured Most Featured Most Active Most Read Recent Members Top 100 Leaderboard Alphabetical View Random View Recent Comments

No Image

Matthew Elvey

Joined on September 28, 2003
Total Post Views: 0


	About


	Send Message


	RSS

http://www.elvey.com/it

Comments

Monster.com Response to Security Breach Unacceptable

Comment posted Jan 29, 2009 5:56 am PST — by Matthew Elvey
You're complaining about 72 hours! When TD Ameritrade was broken into, it took them 2 YEARS (over 17,000 hours) to notify their 6.3 million customers that a database containing their SOCIAL SECURITY NUMBERS and ACCOUNT BALANCES among other things, had…

Apple Finally Patches DNS Flaw

Comment posted Aug 06, 2008 5:14 am PDT — by Matthew Elvey
Correction; when not on WiFi, my iPhone uses 209.183.54.151, AKA bthinetdns.mycingular.net, which doxpara says is OK.

Comment posted Aug 05, 2008 7:09 pm PDT — by Matthew Elvey
Not to mention that the iPhone includes BIND code and it hasn't been patched at all. (The "Legal" section includes bind license terms.) I haven't seen that mentioned anywhere. At least the doxpara.com test says the name server my iPhone…

On Comcast and Net Neutrality: Shouting Fire in a Theater

Comment posted Mar 03, 2008 10:31 am PST — by Matthew Elvey
Campbell, your post seems to have a fair bit of misinformation. Here's one example quickly verifiable. You say DSL is $40 + 20 / month. Umm… AT&T;is selling dsl for $10/month (not including 20/month or so for the phone line). …

Take Down Order by California Court Raises Issues of Censorship and Free Speech

Comment posted Feb 29, 2008 4:03 pm PST — by Matthew Elvey
Just submitted to David Ulevitch's opendns.org: Please make wikileaks.org work for your customers, and issue a press release about doing so! See New York Times article and/or http://88.80.13.160/wiki/Wikileaks David, I hope you'll see this and respond here with your thoughts.

Ameritrade Leaks User Information Yet Again, Blames Hacker X

Comment posted Sep 25, 2007 12:04 am PDT — by Matthew Elvey
"pump-n-dump spam to tagged email addresses ... given only to Ameritrade" was news in '05. Yeah, I was just rereading a John Levine nanae post about spam traceable to Ameritrade which shows they knew about the problem in '05. Ameritrade…

P2P: Boon, Boondoggle, or Bandwidth Hog?

Comment posted Aug 23, 2007 9:15 pm PDT — by Matthew Elvey
P2P services are inherently scalable? No, they're not, though they are much easier to provide cheaply in high volume, and many are scalable. "Some early P2P implementations of Gnutella had scaling issues." - http://en.wikipedia.org/wiki/Scalability You're confabulating 'inexpensive' and 'scalable'. If…

The Cold-War Fight Against Domaining Continues

Comment posted Aug 11, 2007 10:17 pm PDT — by Matthew Elvey
Sure seems like a Tulip craze to me - or worse: I'm wondering if there are a lot of SHAM domain name sales going on. I came across http://dnjournal.com/domainsales.htm this morning and looked at the websites hosted on the domains…

New Report Warns Against "DNS Forgery Pharming" on BIND 9

Comment posted Jul 31, 2007 5:20 am PDT — by Matthew Elvey
This issue makes me worry much more about the huge number of root certificates that ship with the major browsers and OSes. Why do I need to have 50 root certificates? Seems like it would be better to get rid…

Registerfly Victims Are Really Stuck Now

Comment posted Jul 26, 2007 12:15 am PDT — by Matthew Elvey
Would a big judgment against ICANN be a deterrent against it screwing up again? Not AFAICT. No one would feel a significant negative impact. It just means domain prices will go up. There is no accountability. So no one will…

Opt-In Permission for Mailing Lists: Is It Enough?

Comment posted Jul 02, 2007 2:04 am PDT — by Matthew Elvey
Every argument I've ever heard against COI boils down to 'we don't want to verify our lists'. And I've heard that from bosses and customers, and I sympathize, but I've learned from being hard and soft about it. Given spamhaus'…

Comment posted Jun 28, 2007 1:45 am PDT — by Matthew Elvey
Good point, Ale. Expanding on that : Most people in the anti-spam space are still amazingly shortsighted. There's as much mail getting past my filters as ever - the filters get better, and the spammers tactics advance. But implementing short-sighted…

Oklahoma Spammer Fighter Loses Even Worse

Comment posted Jun 15, 2007 8:56 am PDT — by Matthew Elvey
Yes, CAN SPAM act says that mailers have to provide a working opt-out process. CAN SPAM does not say that recipients can't invent an opt-out process and demand that mailers use it. It is silent on that topic. IMO, Mummas…

Comment posted Jun 12, 2007 7:32 pm PDT — by Matthew Elvey
The best way I can answer that is to mention the mortgage spammer who insisted I'd opted into their spew and went so far as to provide me and their ISP with a piece of paper claiming I'd been to…

Comment posted Jun 12, 2007 6:11 pm PDT — by Matthew Elvey
Sorry, I misspoke when I said "If every biz in the US did what Cruise.com did, we’d all die of a thousand^4 cuts"; please strike that. I'd search my logs for spam from cruise.com, but I'm not sure what to…

Comment posted Jun 12, 2007 5:57 pm PDT — by Matthew Elvey
Except that he did file and unsubscribe request. He pointed them to optoutbydomain.com. Seems pretty obvious to me. From a technical standpoint, unsubscribing by doing this is an unsubscribe request for his email address that wouldn't be a problem for…

Comment posted Jun 12, 2007 5:49 am PDT — by Matthew Elvey
Sure, Mark Mumma was intemperate, but, well, in terms of right and wrong, I see things pretty clearly: Cruise.com sent Mumma UBE (i.e. spam). Mumma unsubscribed. Cruise.com refused to heed his unsubscribe request, and instead spammed him. They did this…

Vint Cerf Speaking Candidly as ICANN Chairmanship Ends

Comment posted Jun 05, 2007 3:04 pm PDT — by Matthew Elvey
Umm… you failed to post a working link. Here they are: YouTube Google Video ICANN is supposed to look after the “security and stability” of the Internet… but they wouldn't even approve .mail. And there are more domains with bogus…

Geographic Implications of DNS Infrastructure Distribution

Comment posted May 04, 2007 9:11 pm PDT — by Matthew Elvey
Great stuff, Steve. Minor nit: .MIL and .US aren't hosted in their home country? Common sense and Page 18 of your paper seem to contradict that.

Web Server Botnets and Server Farms as Attack Platforms

Comment posted Feb 15, 2007 11:36 pm PST — by Matthew Elvey
Thanks for not sugar-coating things and updating us on the state of the art. Here's how I've dealt with two similar issues, as you asked: I had an unpleasant experience when a system I help manage was infected via a…

OpenDNS: It's Not SiteFinder for Obvious Reasons

Comment posted Jan 02, 2007 10:24 pm PST — by Matthew Elvey
Mark, I think my point still stands: OpenDNS isn't making any commitments to do the right thing or anything at all, and there's a lot they could potentially get away with. Let me clarify my constructive criticism: I would like…

Comment posted Jan 01, 2007 4:12 am PST — by Matthew Elvey
I'd be up for proposing to switch my users to opendns if I had some assurances about what I was switching them to. http://www.opendns.com/terms/ doesn't give me any, and doesn't give me the warm fuzzy feeling. There's no date on…

Map of the Internet: The IPv4 Space of 2006

Comment posted Dec 26, 2006 9:55 am PST — by Matthew Elvey
3.0.0.0/8 was "sold" to GE? Domains were once free; IPs were too, or is my memory fuzzy?

Making DKIM More Useful with Domain Assurance Email

Comment posted Aug 12, 2006 10:42 pm PDT — by Matthew Elvey
Great job on VBR so far! 1)It would be nice to see it extended soon to include semantics for non-e-mail messages, such as IMs, wiki-edits, blog comments like this one, SMS, forum & USENET posts, VoIP, and could readily be…

Another Try at Proof-of-Work e-Postage Email

Comment posted Aug 12, 2006 10:18 pm PDT — by Matthew Elvey
Not only can Grandma still send email, as you've conceded, John, but existing improvements besides the one in this paper mean that her emails to her grandchildren don't require her PC to compute a hash. http://www.fussp.info/Topic21.html Bill: It's not clear…

Comment posted Aug 02, 2006 8:12 pm PDT — by Matthew Elvey
Finished the (not even half decently proofread) paper. Grandma can still send mail! Grandma's PC will just have to do a 6 min. POW to send each spam or other new-recipient email.

Comment posted Aug 02, 2006 2:14 am PDT — by Matthew Elvey
Good analysis, John. Let's explore that 'spammers adapt' scenario a bit more. While clearly it's not a perfect solution, that's an unreasonably high bar to set. Let's follow through and see what happens when spammers try to send from the…

Phishing Moving to the Web Channel

Comment posted Jul 23, 2006 9:18 pm PDT — by Matthew Elvey
An anti-abuse system that assigns a reputation to a data source is likely to be usable for any kind of spam, not just email spam. For example, blacklists and whitelists are are already widely used to combat wiki and blog…

Your Whois Search May Be Monitored by Third Parties

Comment posted Jul 23, 2006 8:40 pm PDT — by Matthew Elvey
It seems CNET has disabled it's domain name search feature. The link is broken, and clicking on the Web hosting directories and tool: "Domain name search" that's currently here redirects to cnet's home page as well; other links on their…

Why ICANN Nominating Committee Has Difficulty Finding Directors

Comment posted May 30, 2006 7:22 am PDT — by Matthew Elvey
Given ICANN's budget, it seems that even generous salaries and Notes for the Board and related staff would be expenses so small as to be immaterial. ICANN can't agree to implement even basic honoraria or groupware tools (other than mailing…

Black Frog: Next Generation Botnet, No Generation Spam Fighting

Comment posted May 30, 2006 6:54 am PDT — by Matthew Elvey
Gadi, thanks for sharing your insights. I hope you won't take this the wrong way, and I know about some of the good anti-abuse work you do, but can you provide verifiable evidence of your claims, e.g. that Blue Security…

Should the Government Prepare a Preemptive Cyber-Attack?

Comment posted Feb 16, 2006 8:19 am PST — by Matthew Elvey
What do you mean by "Should"? Is it possible? Ethical? A good idea? I can think of a couple highly effective offensive cyber-attack strategies the US could use in a war with another country. Given that the US doesn't care…

The Politics of Email Authentication, 2006 Edition

Comment posted Jan 19, 2006 11:37 pm PST — by Matthew Elvey
John: Great post. Yes, the reputation database piece is key. I've been thinking about some ways to do reputation right, and in way that will make it feasible for large and small legitimate mail sources to maintain a good reputation. …

The Problem With Wikis

Comment posted Jan 04, 2006 8:48 pm PST — by Matthew Elvey
IMO, most of the reasonable schemes for fighting email spam are equally applicable to fighting wikispam: - DNSBLs, e.g. URIBLs - Content-based filtering - Statistical filtering - Authentication and Reputation (A&R;) - Cost-Based systems, e.g. bonds - Heuristic filtering, e.g.…

How to Listen to the Individual Internet User

Comment posted Jan 04, 2006 8:15 am PST — by Matthew Elvey
ICANN has all the legitimacy of The Party in Orwell's '1984', for all the reasons Danny so eloquently expressed. It spends large sums of money doing things contrary to public interest. You are just beating your head against the wall…

Europe is to the US Controlled GPS as Europe is to the US Controlled DNS Root?

Comment posted Dec 31, 2005 6:51 pm PST — by Matthew Elvey
The GPS system was designed by and is controlled by the DoD and can be used by anyone, free of charge. So the news reports I've heard, which claimed that Galileo would help the EU financially, make no sense. It…

What Legal Framework for Online Identity?

Comment posted Nov 10, 2005 9:22 pm PST — by Matthew Elvey
I've spent a lot of time thinking about online identity. David Chaum has written extensively, (and brilliantly) describing ways to provide irrefutable evidence of, e.g. citizenship or the right to drive, while preserving anonymity. In my anti-spam work, authentication and…

You Paid to Join; You Can Leave Anytime

Comment posted Nov 09, 2005 12:44 am PST — by Matthew Elvey
As long as we're discussing the USA being able to call all the shots: 1)To what extent has this improved today? I understand that there are lots of peering points around the word, but I'd say at least half of…

DMA Requires Email Authentication, Do We Care?

Comment posted Nov 09, 2005 12:10 am PST — by Matthew Elvey
I'm happy to see them promote Email Authentication, but it's not a big deal because it's not a hard requirement. Plus, there's no effective enforcement mechanism. The DMA is just saying that members SHOULD (not MUST) use Email Authentication, in…

Time to Play Offense

Comment posted Sep 09, 2005 8:42 pm PDT — by Matthew Elvey
I wonder if there is any malware out there that only attacks, or avoids attacking, IPs based on the believed location of the IP. It would be exceedingly easy. I believe malware already exists that only attacks allocated IP space.…

Comment posted Sep 09, 2005 8:35 pm PDT — by Matthew Elvey
Interesting stuff. Certainly sounds like a mess; reminds me of two recent issues: 1) the American who rotted in Iraqi jail for around 2 months because no one in the military was willing to make a decision. (Interviewed on one…

So You Think You're Safe from DNS Cache Poisoning?

Comment posted Aug 25, 2005 11:18 pm PDT — by Matthew Elvey
Looking at the DNS software a few ISP servers claim to be running didn't give me a warm fuzzy feeling. Is it appropriate to probe and publicize a wall of shame/list of vulnerable servers? I think so. The bad guys…

SPF Loses Mindshare

Comment posted Aug 13, 2005 4:11 am PDT — by Matthew Elvey
wayne: SPF3 (like CSV) still seems to be orders of magnitude easier to deploy than SPF*. SPF works well (ignoring the forwarding, security, etc. problems for the moment) if every legitimate domain appearing in a MAIL FROM has an appropriate…

Comment posted Aug 11, 2005 7:55 am PDT — by Matthew Elvey
Golding: There are alternatives to SPF that are better and 'ready to go'. Even my hybrid draft from last September is better than today's SPF: http://elvey.com/draft-ietf-marid-spf3-00.txt ...not that I'm terribly proud of it, but I do know that Google's gmail…

Address Policies

Comment posted Aug 01, 2005 6:49 pm PDT — by Matthew Elvey
In case it wasn't clear: I agree that the RIRs are both relatively and absolutely well-run. I think it's appropriate to assume the line has been crossed into deliberate falsehood, and then figure out how to go from there. Recent…

Sitting Around the Domain Table

Comment posted Jun 14, 2005 3:39 pm PDT — by Matthew Elvey
Bodyguards for Bob? With the number of customers he has*, and with the many positions he boldly takes (taking one is controversial and the norm is not to), I'm not surprised. (He's ticked me off with some of them, even…

The Philosophical Case for Expanding the Domain Name Space

Comment posted Jun 14, 2005 3:22 pm PDT — by Matthew Elvey
NAME RECOGNITION Philosophically, the only 'purpose' of most new TLDs (e.g. .name, .aero, .pro, .coop) is simply to create a domain with a different favoritism bent from the current set. I think there should be fewer new TLDs than there…

Port 25 Blocking, or Fix SMTP and Leave Port 25 Alone for the Sake of Spam?

Comment posted May 16, 2005 8:36 pm PDT — by Matthew Elvey
John said: "I have yet to see a response which says, these are serious issues." Response from whom? I certainly said this on spf-discuss: http://www.gossamer-threads.com/lists/spf/discuss/19008?do=post_view_threaded#19008 the draft has gross flaws. I wonder how "Bruce" would handle the "nightmare scenario" I…

Address Policies

Comment posted May 14, 2005 11:08 pm PDT — by Matthew Elvey
Great introduction. It would seem that the critical issue that Zhao's proposal intends to address is one of *allegedly* poorly run RIRs. It would seem that the critical issue of the proposal is the consequences of the incentive for policy…

The Accountable Net: Who Should Be Accountable?

Comment posted May 03, 2005 8:02 pm PDT — by Matthew Elvey
Esther, I noticed that the ICANN NomCom is open for recommendations for a bunch of posts*. Are there any folks here that you'd recommend for the posts? That you'd like to see in the posts (an interestingly different question!) ICANN's…

Port 25 Blocking, or Fix SMTP and Leave Port 25 Alone for the Sake of Spam?

Comment posted May 03, 2005 7:47 pm PDT — by Matthew Elvey
I'd like to challenge John's two criticisms of CSV: 1)It doesn't take into account SOHO users. 2)A significant fraction of mail servers don't HELO/EHLO properly. aren't valid. Consider one user of elvey.com, my dad. He mainly sends email from 4…

Comment posted Apr 23, 2005 7:34 pm PDT — by Matthew Elvey
I no longer support SPF either. For my lastname domain, instead of simply removing the SPF records, I put in some interesting active commentary - slowly resolving records*. For customers, I did what you did - removed the SPF records.…

Reaction to VeriSign's New 36-Hour Deadline

Comment posted Oct 04, 2003 6:55 pm PDT — by Matthew Elvey
Having read the competing proposals from various organizations, and based on rich experience with Verisign (including visiting the very secure offices where they manage the GTLDs) I am confident that there are several other groups that could take over management…

ICANN and DOC Announce New Three-Year Agreement

Comment posted Sep 28, 2003 6:31 am PDT — by Matthew Elvey
No editorial? Here's mine: This is a sad day. They've done nothing meaninful re. VeriSlime's many transgressions, of which the *.com grab is but one. They never pressure registrars to terminate domains with blatantly false contact info used by spammers. …

Fight Spam With the DNS, Not the CIA

Comment posted Sep 28, 2003 6:16 am PDT — by Matthew Elvey
Some of the more advanced RMX-style systems should have legs. Please acknowledge that there are some that are better than yours, and endorse the best one, so we can get to a consensus and get it broadly implemented. The system…

Topic Interests

DNS, Domain Names, IP Addressing, Spam, Security, ICANN, Email, Top-Level Domains, Policy & Regulation, Registry Services, Cyberattack, Internet Protocol, Cybercrime, IPv6, Enum, Regional Registries, Cybersquatting, Censorship, Internet Governance, Web, Law, Privacy, Multilinguism, P2P, Telecom, Whois, Malware, Broadband, Net Neutrality, Access Providers, VoIP

Recent Blogs

There are no featured blogs by this member yet. View More

Popular Posts

There are no featured blogs by this member yet.

Managed Hosting by
Hostway

DNS Services by
UltraDNS

Sections: Home | Featured Blogs | News Briefs | Industry Updates | Topics | Community
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use

Copyright © 2002-2012 CircleID. Iomemo Inc. All rights reserved unless where otherwise noted.
Local Time: Sunday, February 12, 2012 04:12 AM PST – Page Load: 0.4302 Sec.