Spam

Spam / Most Viewed

SiteFinder vs. Engineers: Our Mistake Is Ignorance

We, as the Internet engineering community, have made a great mistake. Actually, it wasn't even one large mistake, but a series of small ones. Engineers are busy people, and most of us work under the constraints of the organizational entities we serve (be it ISPs, non-internet corporates, or even non-profits). Few of us have time for politics; even fewer have the desire and motivation for politics, and those of us who do try usually end up facing a brick wall of stubbornness, lack of understanding of the underlying technical issues, or just a deaf ear. more»

Objections to .XXX, Attention in High Places

Dot XXX is in for some interesting times, I fear. First the ICANN GAC chair Sharil Tarmizi is suggesting that more time be given for government and public policy feedback on .XXX. Objections certainly have started to come in from rather high places, such as from the US Department of Commerce. Personally speaking I'm inclined to be in favor of .XXX because it at least gives people in the adult entertainment industry their own online space and a stronger voice (gTLD)... more»

EFF and Its Use of Propaganda: Could Karl Rove do better? Probably

The latest post on DearAOL's blog, by EFF activist coordinator Danny O'Brien, is titled "The Shakedown Begins". In short, Danny receives email from overstock.com on an AOL mailbox -- email that he apparently paid overstock $29.95 to receive. And that email arrives with Goodmail certification that AOL recognizes and flags as such. Danny seems to think this is not the sort of email that should be certified by Goodmail, and that AOL should not suddenly turn on Goodmail certification. Suddenly? more»

Why DomainKeys is Broken

The recent testing by Gmail of DomainKeys affords an opportunity to look again at what the impact of it may be in any attempt to introduce a Domino addin to verify DomainKeys signatures. I have here a sample of an email sent from Gmail and that same email after being delivered to the in-box of a Notes/Domino user who prefers MIME. There are differences which make DomainKeys a real problem at Domino shops (and, I suspect, others). more»

Email Address Forgery

In my roles as postmaster at CAUCE (the Coalition Against Unsolicited Commercial E-mail) and abuse.net, I get a lot of baffled and outraged mail from people who have discovered that someone is sending out spam, often pornographic spam, with their return address on the From: line. "How can they do that? How do I make them stop?'' The short answers are "easily'' and "it's nearly impossible.'' more»

Report on Reaction to Zuccarini's Arrest

On September 3, 2003, United States federal law enforcement officers arrested the notorious John Zuccarini accused of allegedly creating misleading domain names to deceive children and direct them to pornographic websites. Zuccarini's arrest is the first to be made under the Truth in Domain Names Act, which took effect earlier this year prohibiting people from creating misleading domain names as a means to deceive children into viewing content that's harmful to minors, or tricking adults into clicking on obscene websites. What follows is a collection of commentaries made by experts in response to this event...
 more»

UN Global Forum on Internet Governance

More than 200 leaders from government, business and civil society attended the Global Forum on Internet Governance, held on 25 and 26 March 2004 and organized by the United Nations Information and Communication Technologies (ICT) Task Force. The forum, held at United Nations Headquarters in New York, was intended, according to a UN press release, "to contribute to worldwide consultations to prepare the ground to a future Working Group on Internet Governance to be established by Secretary-General Kofi Annan, which is to report to the second phase of the World Summit on the Information Society (Tunis, 2005)". more»

Defending Networks Against DNS Rebinding Attacks

DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more»

Comments on an IP Address Trading Market

With IPv4 addresses becoming scarcer, there has been talk that a trading market will develop. The idea is that those holding addresses they do not really need will sell them for a profit. More alarming is that there have been a few articles about how the Regional Internet Registries (RIR) are contemplating creating such a market so that they can regulate it, conceding that it will happen anyway and taking the "if you can't be 'em, join 'em" attitude. This is all a bit disturbing. Maybe I'm na├»ve, but it's a little unclear to me how an unsanctioned trading market could really operate without the RIRs at least being aware... more»

AOL and Goodmail: Two Steps Back for Email

Remember the old email hoax about Hillary Clinton pushing for email taxation? When we first heard AOL's plans for Goodmail today, we thought maybe the hoax had re-surfaced and a few industry reporters got hooked by it. But alas, this tax plan seems to be true. AOL has long held the leading standard in email whitelisting. Every email sender who cares about delivery has tried to keep their email reputation high so that they could earn placement on AOL's coveted Enhanced Whitelist. Now, AOL may be saying that those standards don't matter as much as a postage stamp when it comes to email delivery. more»

Addressing the Future Internet

What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more»

The Geography of Internet Addressing

The ITU-T has proposed a new system of country-based IP address allocations which aims to satisfy a natural demand for self-determination by countries; however, the proposal also stands to realign the Internet's frontiers onto national boundaries, with consequences which are explored here. ...we do indeed see the Internet as a single entity, and we even speak of the Internet's architecture as if there was one designer who laid out a plan and supervised its construction. But despite all appearances, the Internet landscape is indeed made up of many separate networks... This article will explore these issues, particularly in light of recent proposals to introduce new mechanisms for IP address management, a prospect which could, over time, substantially alter both the geography of the Internet, and its essential characteristics as a single cohesive network. more»

Sender Address Verification: Still a Bad Idea

A lot of spam uses fake return addresses. So back around 2000 it occurred to someone that if there were a way to validate the return addresses in mail, they could reject the stuff with bad return addresses. A straightforward way to do that is a callout, doing a partial mail transaction to see if the putative sender's mail server accepts mail to that address. This approach was popular for a few years, but due to its combination of ineffectiveness and abusiveness, it's now used only by small mail systems whose managers don't know any better. What's wrong with it? more»

We Hate Spam Except, Of Course, When It's Inconvenient to Do So

Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT. Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist... more»

10 Things Google Could Do as a Domain Name Registrar

In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more»