Well, it has been quite a while since first the Hong Kong OFTA (in 2004) and then CITB (in 2006) issued requests for public comment about a proposed UEM (Unsolicited Electronic Messaging) bill to be introduced in Hong Kong, for the purpose of regulating unsolicited email, telephone and fax solicitations. We're a large (worldwide) provider of email and spam filtering - but we're based in Hong Kong, and any regulation there naturally gets tracked by us rather more actively than laws elsewhere. We sent in our responses to both these agencies... The bill is becoming law now - and most of it looks good... There's one major fly in the ointment though... more
Secretary-General Kofi Annan announced today the members of the United Nations Working Group on Internet Governance, which is to prepare the ground for a decision on this contentious issue by the second phase of the World Summit on the Information Society in 2005. The establishment of the Working Group was requested by the first phase of the Summit, held in Geneva last December. At that time, countries agreed to continue the dialogue on the management of the Internet, at both the technical and policy levels. more
1. Many jurisdictions already have laws which cover abuse of computer systems and networks -- and spam is of course abuse. These laws are only sporadically enforced, however, usually when a sufficiently visible/powerful entity is the aggrieved party. Adding more laws (a) is redundant and (b) does not increase enforcement. 2. Laws are only enforced as law enforcement has resources available. Spam/abuse is not a high priority unless a sufficiently visible/powerful entity makes it so, and those cases are rare. more
While several news stories are reporting that Sender-ID has been killed, that is not entirely true. While Sender-ID in its current form is dead because of Purported Responsible Address (PRA), the compromise version with MAILFROM and PRA scopes is not. Also, the co-chairs want to stay away from any other alternative algorithms that do RFC2822 checking because of possible Intellectual Property Rights (IPR) claims by Microsoft on that as well. Andrew Newton, one of two co-chairs of the working group, wrote in an email today to the group's discussion forum... more
This morning I was forwarded a link to the Business2.0 article on domainer Kevin Ham about a half-dozen times and one sent the reddit comment thread on it (titled "This guy is a piece of s**t") and I had to chuckle and replied "I see Techno-Pinkos are out in full force". Some of the comments are just classicly clueless: "He's just a parasite. Someone gaming the system for their own financial ends without providing a useful service to anyone, and making it worse for many." ...Newsflash: Speculation is any time you choose one path, good or service over another in the hopes that you will do better... more
Several anti-spam companies talk about spam volumes in terms of a percentage of all inbound mail. Outsourced anti-spam services such as BlackSpider and Postini are currently quoting spam volumes in the 70%-85% range, having steadily grown over the last two+ years. That's nice, but it's actually hard to grasp what that means in absolute terms. more
Recently, I entered my domain name in a "WHOIS" database query to test the results of the database by using WHOIS on a number of domain name registrar websites. WHOIS is a database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names. I was astonished to find... more
A recent study by researchers at the Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Super Computer Center (SDSC) revealed that a staggering 98% of the global Internet queries to one of the main root servers, at the heart of the Internet, were unnecessary. This analysis was conducted on data collected October 4, 2002 from the 'F' root server located in Palo Alto, California.
The findings of the study were originally presented to the North American Network Operators' Group (NANOG) on October 2002 and later discussed with Richard A. Clarke, chairman of the President's Critical Infrastructure Protection Board and Special Advisor to the U.S. President for Cyber Space Security. more
Until a few weeks ago, almost everyone in the Internet governance circus seemed to ignore the very existence of WSIS. After it popped up on international newspapers, however, things have been changing; and suddenly, I have started noticing plenty of negative reactions, on the lines of "we don't need WSIS, we don't need the UN, we don't need governments, we don't need internationalization - just go away from our network". However, I often find that these reactions are based on fundamental misunderstandings of the issues at stake; so please let me offer a different perspective. more
Some email discussion lists were all atwitter yesterday, as Sourcefire's open-source anti-virus engine ClamAV version 0.94.x reached its end-of-life. Rather than simply phase this geriatric version out the development team put to halt instances of V0.94 in production yesterday, April 15, 2010. In other words, the ClamAV developers caused version .94 to stop working entirely, and, depending upon the implementation, that meant email to systems using ClamAV also stopped flowing. more
There's been a lot of noise this week since the news broke about AOL and Goodmail, so I thought I'd take the opportunity to change the direction of the dialog a little bit. First, there are two main issues here, and I think it's healthy to separate them and address them separately. One issue is the merits of an email stamp system like the one Goodmail is proposing, relative to other methods of improving and ensuring email deliverability. The second issue -- and the one that got me started earlier this week - is the question of AOL making usage of Goodmail stamps a mandatory event, replacing its enhanced whitelist. more
While people may debate the death of email, there is no question that many email servers are already overloaded with spam. Current spam solutions are beginning to address the problem, but so far they all suffer from the arms race issue - as fast as we come up with new ways to fight spam, spammers are finding new ways to deliver it to us. While the functionality of email will certainly continue, the current system must change. When the change comes, it will deliver the future of email to Microsoft. more
Hong Kong domains are the most dangerous in the world; this little factoid from a recent McAfee report generated quite a bit of media coverage, and even made TIME magazine's top stories list. But all is not as it seems, and aspects of the report may have been out of date before the report was even published. McAfee's study seems to be based on a year's worth of data, and last year was a particularly bad year for the Hong Kong domain, thanks to a gang of botnet spammers registering thousands of domains under the .hk ccTLD. These domains were most likely registered using stolen credit cards... more
While Canada was dragging the chain when it came to introducing anti-spam legislation, it is now making up for lost time. Ottawa's new law -- expected to be operational early this year -- has severe fines for violations and is viewed by some as too tough. Known as CASL, the new law aims to crack down on spammers and mailing list companies but in doing so, tightly regulates the way businesses can market to prospective customers via email and online. more
The majority of spam -- as much as 80 per cent of all unsolicited marketing messages sent -- now emanates from residential ISP networks and home user PCs. This is due to the proliferation of spam trojans, bits of surreptitious malware code embedded in residential subscriber PCs by worms and spyware programs. Worm attacks are growing in frequency because they provide a fast means of infecting a vast number of computers with spam trojans in a very short period of time. It's no surprise that many service providers report an upsurge in spam traffic immediately following a worm attack. more