Thoughts About "Protection Against BIND"

Imagine my surprise upon reading a BBC article which identified ISC BIND as the top security vulnerability to UNIX systems. At ISC, we have striven for a decade to repair BIND's reputation, and by all accounts we have made great progress. "What could this be about," I wondered, as I scanned the BBC article for more details. It turns out that BBC was merely parroting what it had been told by SANS. OK, let's see what SANS has to say... more»

Moving Target: Spammer Using Over 1000 Home Computers as DNS

Some individual appears to have hijacked more than a 1,000 home computers starting in late June or early July and has been installing a new Trojan Horse program on them. The Trojan allows this person to run a number of small websites on the hijacked home computers. These websites consists of only a few web pages and apparently produce income by directing sign-ups to for-pay porn websites through affiliate programs. Spam emails messages get visitors to come to the small websites.

To make it more difficult for these websites to be shut down, a single home computer is used for only 10 minutes to host a site. After 10 minutes, the IP address of the website is changed to a different home computer... more»

Fight Spam With the DNS, Not the CIA

It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.

MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
 more»

Objections to .XXX, Attention in High Places

Dot XXX is in for some interesting times, I fear. First the ICANN GAC chair Sharil Tarmizi is suggesting that more time be given for government and public policy feedback on .XXX. Objections certainly have started to come in from rather high places, such as from the US Department of Commerce. Personally speaking I'm inclined to be in favor of .XXX because it at least gives people in the adult entertainment industry their own online space and a stronger voice (gTLD)... more»

Twenty Myths and Truths About IPv6 and the US IPv6 Transition

After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn't include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows. more»

Email Address Forgery

In my roles as postmaster at CAUCE (the Coalition Against Unsolicited Commercial E-mail) and abuse.net, I get a lot of baffled and outraged mail from people who have discovered that someone is sending out spam, often pornographic spam, with their return address on the From: line. "How can they do that? How do I make them stop?'' The short answers are "easily'' and "it's nearly impossible.'' more»

Report on Reaction to Zuccarini's Arrest

On September 3, 2003, United States federal law enforcement officers arrested the notorious John Zuccarini accused of allegedly creating misleading domain names to deceive children and direct them to pornographic websites. Zuccarini's arrest is the first to be made under the Truth in Domain Names Act, which took effect earlier this year prohibiting people from creating misleading domain names as a means to deceive children into viewing content that's harmful to minors, or tricking adults into clicking on obscene websites. What follows is a collection of commentaries made around the net and by experts in response to this event...
 more»

Live Nude Domain Names

ICANN announced recently that it has begun negotiations with an applicant for another 'sponsored' (non-open) top level domain, .XXX. There has been a fair amount of coverage, for and against. My initial reaction is (with the proviso that the public information to assess these things is always insufficient): .XXX seems plausible for what it is but it isn't what many probably think it is. ...that's the key to understanding this. This TLD is intended to be a trade association and is not a form of regulation. more»

The Future of Some Email May Not Use Email

Paul McNamara quotes me extensively in this piece on the EFF protest of Goodmail. When I say "the EFF has lost its mind", i really mean "the EFF has lost its way". In the early days, the EFF was about preventing the government from ruining the Internet commons, and preventing the government from putting walls on the frontier. These days, the EFF is more about preventing companies who have no power to regulate from doing things the EFF doesn't like. That is a huge change, and one that makes the EFF much less worthy of support... more»

Why DomainKeys is Broken

The recent testing by Gmail of DomainKeys affords an opportunity to look again at what the impact of it may be in any attempt to introduce a Domino addin to verify DomainKeys signatures. I have here a sample of an email sent from Gmail and that same email after being delivered to the in-box of a Notes/Domino user who prefers MIME. There are differences which make DomainKeys a real problem at Domino shops (and, I suspect, others). more»

AOL and Goodmail: Two Steps Back for Email

Remember the old email hoax about Hillary Clinton pushing for email taxation? When we first heard AOL's plans for Goodmail today, we thought maybe the hoax had re-surfaced and a few industry reporters got hooked by it. But alas, this tax plan seems to be true. AOL has long held the leading standard in email whitelisting. Every email sender who cares about delivery has tried to keep their email reputation high so that they could earn placement on AOL's coveted Enhanced Whitelist. Now, AOL may be saying that those standards don't matter as much as a postage stamp when it comes to email delivery. more»

Hypertext Mail Protocol (a.k.a. Stub Email): A Proposal

Back in the days of dial-up modems and transfer speeds measured in hundreds of bits per second, unwanted email messages were actually felt as a significant dent in our personal pocketbooks. As increases in transfer speeds outpaced increases in spam traffic, the hundreds of unwanted emails we received per week became more of a nuisance than a serious financial threat. Today sophisticated spam filters offered by all major email providers keep us from seeing hundreds of unwanted emails on a daily basis, and relatively infrequently allow unwanted messages to reach our coveted Inboxes. So, to some degree, the spam problem has been mitigated. But this "mitigation" requires multiple layers of protection and enormous amounts of continually-applied effort. more»

10 Things Google Could Do as a Domain Name Registrar

In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more»

The Site Finder Report: Dr. Stephen Crocker, Chair of the Committee

As an advisory committee, our focus is to give ICANN and the community our best advice regarding security and stability issues for the domain name system and the addressing system. We are not a standards, regulatory, judicial or enforcement body; those functions belong elsewhere. As we all know, VeriSign is in the process of suing ICANN on a number of matters, including ICANN's response to their registry change last September. Although VeriSign now contends that a number of us on the committee are "Site Finder co-conspirators" the next steps are really up to the ICANN board, the ICANN staff and the many members of the technical and operating community who run the domain name system. I'll be happy to interact with the members of the community here on CircleID as time permits. more»

Wall Street Journal Article on Whois Privacy

Today's Wall Street Journal discusses the fight over Whois privacy. The article on the front page of the Marketplace section starts by discussing how the American Red Cross and eBay use the Whois database to track down scammers: "Last fall, in the wake of Hurricane Katrina, the American Red Cross used an Internet database called "Whois" that lists names and numbers of Web-site owners to shut down dozens of unauthorized Web sites that were soliciting money under the Red Cross logo. Online marketplace eBay Inc. says its investigators use Whois hundreds of times a day..." more»