Spam

Spam / Most Viewed

CAN SPAM and Affiliate Mailer Opt-Out

Many online businesses use affiliates to drum up business. The affiliate finds a lead somewhere, passes it to the business, and gets a commission if the lead turns into a sale. Web based affiliates are relatively uncontroversial, but affiliates who advertise by e-mail are a chronic problem due to their propensity to send spam, both spam as normally defined and as defined by CAN SPAM. Is it possible to do legitimate e-mail affiliate marketing? Maybe... more

Parsing Hype From Hope: Will ENUM Spark Changes In Telecom?

In the beginning there was silence; then, silence begat communication, and communication begat more communication and, ultimately, group communication formed and begat a primordial "network" of communication that gradually and inevitably increased in effectiveness and complexity: there were only signal fires at first but, then, there were cave drawings, carrier pigeons, shouting from hill-tops, smoke from fire, lines of cannon fire, the telegraph, Alexander Graham Bell, and, finally, the network of networks known as the Internet. But, is that it? Is there not something more impressive in its impact upon communication than the Internet? What more might one desire than the dynamic wonders of the Internet, you ask? Well, what about ENUM? "E-What!?" more

Interview with United Nations Head Secretariat of WGIG

Markus Kummer, Executive Coordinator, Secretariat of the United Nations Working Group on Internet Governance, is a career diplomat, who has served as eEnvoy of the Swiss Foreign Ministry in Bern since April 2002. His main tasks include foreign policy coordination in the area of information and communication technologies, in general, and the World Summit on the Information Society (WSIS), in particular. He chaired the negotiating group that developed an agreed text on Internet governance for the WSIS Declaration of Principles and Plan of Action in December 2003... Mr Kummer says: "The time-frame is very short indeed. And the task ahead of us is daunting." more

ICANN on Closing Off Port 43

ICANN has launched three task forces on WHOIS restructuring...It sounds innocuous enough -- nobody likes spam -- but the restrictions being discussed reach further than marketers. Pushed by registrars who feel that WHOIS amounts to forced disclosure of their customer lists, the task force is seriously discussing closing off port 43's straightforward access to WHOIS information, replacing it with GIF-based barriers or similar access restrictions. more

ENUM: Mapping the E.164 Number Space into the DNS

Many communications networks are constructed for a single form of communication, and are ill suited to being used for any other form. Although the Internet is also a specialized network in terms of supporting digital communications, its relatively unique flexibility lies in its ability to digitally encode a very diverse set of communications formats, and then support their interaction over the Internet. In this way many communications networks can be mapped into an Internet application and in so doing become just another distributed application overlayed on the Internet. From this admittedly Internet-centric perspective, voice is just another Internet application. And for the growing population of Voice over IP (VoIP) users, this is indeed the case... more

ICANN Fails Consumers (Again)

In its bid to be free of U.S. government oversight ICANN is leaning on the global multistakeholder community as proof positive that its policy-making comes from the ground up. ICANN's recent response to three U.S. senators invokes the input of "end users from all over the world" as a way of explaining how the organization is driven. Regardless of the invocation of the end user (and it must be instinct) ICANN cannot seem to help reaching back and slapping that end user across the face. more

Phish-Proofing URLs in Email?

For those who've been living in an e-mail free cave for the past year, phishing has become a huge problem for banks. Every day I get dozens of urgent messages from a wide variety of banks telling me that I'd better confirm my account info pronto. ...Several people have been floating proposals to extend authentication schemes to the URLs in a mail message. A sender might declare that all of links in it are to its own domain, e.g., if the sender is bigbank.com, all of the links have to be to bigbank.com or maybe www.bigbank.com. Current path authentication schemes don't handle this, but it wouldn't be too hard to retrofit into SPF. ...So the question is, is it worth the effort to make all of the senders and URLs match up? more

Blacklists Down from Fear of DDoS

Yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a Joe-Job (A Joe-Job is essentially spam designed to look like it's coming from someone else.) earlier this week. Apparently the Joe-Jobing was enough to convince some extremely ignorant mail administrators that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They've decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers. more

Blacklisting Under Wrong Assumptions

If you analyze the relay of spam- and malware-containing email circulating on the Internet purely through your mail server logs (running the Unix command "tail"), a large proportion seem to come from Asia Pacific hosts, especially those from mainland China. Therefore, many less-experienced systems administrators have simply blocked the access from subnets of Chinese or Asian origin, effectively destroying the fabric of the Internet -- messaging. If administrators took pains to analyze these supposedly Asian spam messages by analyzing the full Internet headers, they would have realized that the Asian servers were merely used by the real spammers as open relays, or perhaps as zombie hosts previously infected with the mass mailing worms through the exploitation of operating system vulnerabilities.  more

Lessons for the Internet Governance Forum from the IETF

As Antonios Broumas has correctly observed, the Internet Governance Forum (IGF) begins life in Athens next week without the means for its participants to agree upon any substantive documents such as resolutions or declarations. Indeed, according to Nitin Desai, the Chairman of its Advisory Group, it is impossible for the IGF to make any decisions, as it "is not a decision-making body. We have no members so we have no power to make decision."... more

Huge Increase in Spam in October Email

You may have read reports that the total amount of spam is on the decline. Don't believe them. In the month of October, I saw the amount of spam in my traps here roughly double, from about 50,000 per day to 100,000/day now. In conversations with managers at both ISPs and corporate networks, I'm hearing the same thing. more

Abusive Anti-Anti-Spam Scheme a Dreadful Strategy

A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal." more

An Open Letter to Yahoo!'s Postmaster

In June 2004, Yahoo! and a number of other companies got together to announce the Anti-Spam Technical Alliance or ASTA. While it appears to have been largely silent since then, ASTA did at least publish an initial set of best practices the widespread adoption of which could possibly have had some impact on spam... The majority of these are clearly aimed at ISPs and end users, but some are either generally or specifically relevant to email providers such as Yahoo!, Google or Microsoft... The problem: Since February this year, we have been receiving a significant quantity of spam emails from Yahoo!'s servers. In addition to their transport via the Yahoo! network, all originate from email addresses in yahoo.com, yahoo.co.uk and one or two other Yahoo! domains. Every such message bears a Yahoo! DomainKeys signature... more

PIR's Anti-Abuse Policy for .ORG Offers No Due Process for Innocent Domain Registrants

PIR, the registry operator for .org, has sent notices to registrars that it is implementing an anti-abuse policy that offers no due process for innocent domain registrants... While it's good intentioned, there is great potential for innocent domain registrants to suffer harm, given the lack of appropriate safeguards, the lack of precision and open-ended definition of "abuse", the sole discretion of the registry operator to delete domains, and the general lack of due process. more

Paul Vixie in Response to Site Finder Controversy

As a domain holder myself (of vix.com), I would not have chosen ".com" for my parent domain name back in 1988 had there been a wildcard domain name [that activates Site Finder service] under ".com". The risk of someone attempting to reach me but ending up talking to someone else instead would have been seen as "too great". I am now searching for a new parent domain whose publisher will guarantee me, in perpetuity, that there will be no wildcard name as there now is in "com". more