Spam

Spam / Most Viewed

Email Address Forgery

In my roles as postmaster at CAUCE (the Coalition Against Unsolicited Commercial E-mail) and abuse.net, I get a lot of baffled and outraged mail from people who have discovered that someone is sending out spam, often pornographic spam, with their return address on the From: line. "How can they do that? How do I make them stop?'' The short answers are "easily'' and "it's nearly impossible.'' more

10 Things Google Could Do as a Domain Name Registrar

In the absence of any formal announcements, news of Google being accredited by ICANN as a domain name registrar, spread fast in the media today after it was first reported by Bret Fausett on Lextext -- see Google is a Registrar. The company has since mentioned that "Google became a domain name registrar to learn more about the Internet's domain name system," and that it has no plans to sell any domain names at the moment. However, speculations on what Google could do as an accredited registrar are far and wide. Here are ten, listed in no particular order... more

Internet Drug Traffic, Service Providers and Intellectual Property

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. more

The Geography of Internet Addressing

The ITU-T has proposed a new system of country-based IP address allocations which aims to satisfy a natural demand for self-determination by countries; however, the proposal also stands to realign the Internet's frontiers onto national boundaries, with consequences which are explored here. ...we do indeed see the Internet as a single entity, and we even speak of the Internet's architecture as if there was one designer who laid out a plan and supervised its construction. But despite all appearances, the Internet landscape is indeed made up of many separate networks... This article will explore these issues, particularly in light of recent proposals to introduce new mechanisms for IP address management, a prospect which could, over time, substantially alter both the geography of the Internet, and its essential characteristics as a single cohesive network. more

Earthquake in Asia, Spam Plummets

An earthquake on Tuesday near Taiwan caused widespread disruption to telephone and Internet networks. The quake affected an area of the sea bottom with a lot of undersea cables that broke, and since there is only a limited number of cable repair ships, it will take at least weeks to fish them up and splice them. more

The Site Finder Report: Dr. Stephen Crocker, Chair of the Committee

As an advisory committee, our focus is to give ICANN and the community our best advice regarding security and stability issues for the domain name system and the addressing system. We are not a standards, regulatory, judicial or enforcement body; those functions belong elsewhere. As we all know, VeriSign is in the process of suing ICANN on a number of matters, including ICANN's response to their registry change last September. Although VeriSign now contends that a number of us on the committee are "Site Finder co-conspirators" the next steps are really up to the ICANN board, the ICANN staff and the many members of the technical and operating community who run the domain name system. I'll be happy to interact with the members of the community here on CircleID as time permits. more

Most Abusive Domain Registrations are Preventable

As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more

Hotmail Running Its Own SMTP Variation

Companies sensible to effective delivery of email to all free email services may have noticed problems with deliveries to Hotmail addresses. Despite the SMTP dialog ending with a successful "250" return code, recipients don't see the message. In their Guidelines, MSN require thorough compliance with IETF standards. However, it seems they have their own interpretation about provisions for Delivery Status Notifications, a.k.a. bounces, that servers must send after they have accepted responsibility for delivering the message... more

How Spammers Get Around SPF

Sender Policy Framework (SPF) stops novice spammers but not the professionals, says Spammer-X, a retired spammer who has gone into a lot of the details in his book, "Inside the Spam Cartel". The best way to beat SPF is to join it... First, Joe Spammer rents a dedicated spam host in a spammer-friendly location, like China. Next, he registers 100 domain names, and each domain is registered under a fake name and address. Next, DNS entries for each of the hosts are set up, including a valid pointer record (PTR), an MX record and reverse DNS entries for each domain... more

Internet to ITU: Stay Away from My Network

An ITU document entitled "Beyond Internet Governance" crossed my desk earlier this week. Given that I had absolutely nothing better to do, I decided to give it a read. The audacity of the ITU Secretariat is nothing less than shocking. It has been a long while since I read such a self-serving, narrow-minded and inaccurate document. The backbone of the ITU's contention rests on the premise that something called the Next Generation Network and the contention that this network will act as one big bug fix for all the problems created by current inter-networking technology. more

We Hate Spam Except, Of Course, When It's Inconvenient to Do So

Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT. Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist... more

DKIM for Discussion Lists

There's a pernicious meme floating around that DomainKeys Identified Mail (DKIM) doesn't work with discussion lists, particularly those hosted on common open source software packages like MailMan. It's particularly odd to see this claim after I set it up successfully on a stock Debian server in less than half an hour, just a few weeks ago. Here's how it can, should, and does work. more

Recent WHOIS Report Overlooking Fundamental Issue?

Each Task Force recently published a report posted on ICANN's website on recommendations for modifications or improvements to WHOIS. The Task Force recommendations include proposals ranging from a recommendation to notify those who may be included in the database of the possible uses of WHOIS data to one that recommends ICANN offer the Internet community "tiered access" to serve as a vague mechanism to balance privacy against the needs of public access. Too many of the recommendations seem to be framed by those who view Internet users with hostility, such as the recommendation to punish domain name users when a domain name is cancelled or suspended for "false contact data," by canceling all other registrations with identical contact data. more

Privacy Alert: Watch Out For FOISA

This morning, at 10 am in 2141 Rayburn, the Subcommittee on Courts, the Internet, and Intellectual Property is holding a hearing on "Internet Domain Name Fraud -- New Criminal and Civil Enforcement Tools." At that hearing, the Subcommittee will be considering a new Whois bill creating new penalties for people who provide false data when registering a domain name. We need to raise our collective eyebrows at this bill (which was suddenly dropped the evening before this hearing). The title of the bill is the "Fraudulent Online Identity Sanctions Act." (FOISA) more

Phishers Now Targeting Domain Registrars

This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants (domain owners). Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars. Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam. It's not known precisely why phishers are after domain registration information, but the possibilities are chilling... more