Officially Compromised Privacy

The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information's owner. In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information's owner, there should be serious concern about the degree of privacy that is meaningfully possible. more»

Internet Society's New Policy Brief Series Provides Concise Information On Critical Internet Issues

Have you ever wanted to quickly find out information on key Internet policy issues from an Internet Society perspective? Have you wished you could more easily understand topics such as net neutrality or Internet privacy? This year, the Internet Society has taken on a number of initiatives to help fill a need identified by our community to make Internet Governance easier to understand and to have more information available that can be used to inform policymakers and other stakeholders about key Internet issues. more»

Are Botnets Really the Spam Problem?

Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more»

Managing (in)Security Through Regulation: A Key Phase for Nation States

Not so long ago, the notion of introducing laws and other regulatory responses to address cyber security issues was regarded with significant hesitation by governments and policy makers. To some extent, this hesitation may well have stemmed from a general perception by those who do not work directly in the field that the world of cyber security is somewhat of a 'dark art'. More recently, however, there has been a substantial shift in this attitude, with proposals to regulate a range of cyber security related matters becoming increasingly numerous. more»

The Cycle of E-Mail Security

Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology... Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great. more»

Rodney Joffe Wins a Well-Deserved Mary Litynski Award

Every year M3AAWG gives an award for lifetime work in fighting abuse and making the Internet a better place. Yesterday at its Dublin meeting they awarded it to Rodney Joffe, who has been quietly working for over 20 years. I can't imagine anyone who deserves it more. more»

Deadline of April 10 to Apply For CARIS Workshop on Coordinating Response to Internet Attacks

You have just a couple of days to either complete a survey or submit a paper to join the "Coordinating Attack Response at Internet Scale (CARIS)" Workshop happening on June 19, 2015, in Berlin, Germany... If you are interested in helping improve the overall security and resilience of the Internet through increased communication between the groups responding to the large-scale attacks happening on the Internet every day, I would strongly encourage you to apply! more»

Coordinating Attack Response at Internet Scale

How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won't survive for long as the network of networks grows ever larger. But it's not just the technology, it's also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create. more»

Who Is Sending Email As Your Company?

You might expect that the IT department or security team knows who's sending email using your company's domains. But for a variety of reasons these groups are often unaware of many legitimate senders -- not to mention all the bad actors. Fortunately you can get a more complete view by using DMARC's reporting features. How does it happen? Product teams managing a new product launch or customer survey hire marketing consultants and Email Service Providers (ESP)... more»

When DNSBLs Go Bad

I have often remarked that any fool can run a DNS-Based Blacklist (DNSBL) and many fools do so. Since approximately nobody uses the incompetently run black lists, they don't matter. Unfortunately, using a DNSBL requires equally little expertise, which becomes a problem when an operator wants to shut down a list. When someone sets up a mail server (which we'll call an MTA for Mail Transfer Agent), one of the tasks is to configure the anti-spam features, which invariably involves using DNSBLs. more»

The EFF and Hanlon's Razor

The EFF has just posted a shallower than usual deeplink alleging an "email encryption downgrade attack" by ISPs intent on eavesdropping on their customers. They, along with VPN provider Golden Frog, have additionally complained to the FCC reporting this. Here, they've just noticed something that's common across several hotel / airport wifi networks... more»

Some Observations from NANOG 62

NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting. .. One of the more memorable sides in this presentation was a reference to "map" drawn by Charles Minard in 1869 describing the statistics relating to the Napoleonic military campaign in Russia, and the subsequent retreat. more»

Call for Nominations: M3AAWG J. D. Falk Award Seeks Stewards of a Better Online World

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them.  more»

Snowshoe Spam: What It Is, and How Not to Look Like You Send It

Have you ever found yourself blocked by a snowshoe spam filter or listed on a snowshoe blacklist? Or perhaps you've been told that one of your mailing practices makes you look like a snowshoe spammer? If so, you're probably wondering what snowshoe spam is, what you're doing to earn this reputation and what you should be doing differently. Here's a brief overview of the history of snowshoe and some suggestions on how to avoid being mistaken for a snowshoe spammer. more»

Fine Grained Mail Filtering With IPv6

One of the hottest topics in the email biz these days (insofar as any topic is hot) is how we will deal with mail on IPv6 networks. On existing IPv4 networks, one of the most effective anti-spam techniques is DNSBLs, blackists (or blocklists) that list IP addresses that send only or mostly spam, or whose owners have stated that they shouldn't be sending mail at all. DNSBLs are among the cheapest of anti-spam techniques since they can be applied to incoming mail connections without having to receive or filter spam. more»

News Briefs

Plentyoffish Media Inc. Fined $48,000 for Alleged Violation of Canada's Anti-Spam Law

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Canadian Regulator CRTC Issues $1.1 Million Penalty to Compu-Finder for Spamming

Spam-Friendly Registrar 'Dynamic Dolphin' Shuttered by ICANN

Arrest Made in Connection to Spamhaus DDoS Case

Massive Spam and Malware Campaign Following Boston Tragedy

Largest DDoS Attack To Date Aimed at Spamhaus Effects Global Internet Traffic

Google Removes All Sites Under .CO.CC Over Security Concerns

Happy Canada Day from the CRTC

Researchers Use Social Graphs to Detect Spammers, Attackers

CAUCE Director Neil Schwartzman Wins Prestigious MAAWG Award

Research Detects Spammers Using Fake URL-Shortening Services

Garth Bruen Discussing Whois, DNSSEC and Domain Security

More Targeted Phishing, Spam and Mobile Attacks; IBM Reports 150K Security Events Per Second

New Anti-phishing Initiative Introduced by Yahoo!

Microsoft, Federal Agencies Take Down Rustock Botnet

Google to Let Users Block Sites Based on Domain Names

Conflict Over Efforts to Develop a Best-Practices Document for Blacklist Operators

Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile

Google, Microsoft, Others Join Obama to Fight Phony Pharmacies

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection