Spam

Spam / Recently Commented

Accountability, Transparency, and… Consistency?

ICANN Compliance now has two conflicting answers on record concerning the enforceability of RAA 378 on WHOIS inaccuracy. This is a topic of extreme importance and one we are trying to get to the bottom of. ...inconsistency needs to be resolved as it directly impacts the current RAA negotiations and certainly before new gTLDs are deployed. more

Spammers' Aid Program

A couple of months ago, Microsoft Sweden launched a program called Spammers' Aid. This is a program (created and provided by Microsoft?) that is designed to help spammers reform their ways. The idea is that since spam is continually decreasing in email and spammers are finding it more and more difficult to get their mail delivered into the inbox, why not use the skills they acquired while spamming (sales and marketing, tech skills) and apply it for good? This program teaches them how. more

WHOIS Review and Beyond 3.7.8

We have posted our support of the WHOIS Policy Review Team Report with two important comments. First, on page 79 of the report it is confirmed that the RAA is unenforceable on WHOIS inaccuracy (we wrote about this while at the last ICANN meeting) because the language of RAA 3.7.8 has no enforcement provision. It is now time for ICANN to confirm this problem officially.  more

Interoperability Testing Event for DMARC Email Anti-Spoofing Specification

At the end of January, the DMARC (Domain-based Message Authentication, Reporting & Conformance) specification was publicly announced and resulted in widespread media coverage, blog posts and discussion. Since that time various individuals and organizations have been working on writing code for DMARC validators and report parsers. The dmarc-discuss list has been fairly active as various questions and issues have been raised and clarified. Now it is time to see how well the various implementations play together in live testing. more

Running DNSBLs in an IPv6 World

DNS blacklists for IPv4 addresses are now nearly 15 years old, and DNSBL operators have gathered a great deal of expertise running them. Over the next decade or two mail will probably move to IPv6. How will running IPv6 DNSBLs differ from IPv4? There aren't any significant IPv6 DNSBLs yet since there isn't significant unwanted IPv6 mail traffic yet (or significant wanted traffic, for that matter), but we can make some extrapolations from the IPv4 experience. more

Spam from Mobile Networks? Who Woulda Thought…

Mobile networks aren't usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are. This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren't known to be sources of spam (at least not yet). What's really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it's permissible, are the culprits more

IPv6 DNS Blacklists Reconsidered

I opined about a year ago that DNS blacklists wouldn't work for mail that runs over IPv6 rather than IPv4. The reason is that IPv6 has such a huge range of addresses that spammers can easily send every message from a unique IP address, which means that recipient systems will fire off a unique set of DNSBL queries for every message... Now I'm much less sure this will be a problem... more

Most Abusive Domain Registrations are Preventable

As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more

Good Study by UCSD on Economic Realities of Spam and Profit Motives

I recently had a chance to read a report titled, "Show Me the Money: Characterizing Spam-advertised Revenue" produced as a joint effort from the University of California, San Diego (UCSD), International Computer Science Institute, and UC Berkeley by Chris Kanich, Nicholas Weaver, Damon McCoy, Tristan Halvorson, Christian Kreibich, Kirill Levchenko, Vern Paxson, Geoffrey M. Voelker and Stefan Savage. I also had a chance to hear Chris Kanich speak about the topic - Show Me The Money! This post contains my notes with some photos taken from that report. more

How Spam Has Damaged Mail Forwarding - And Ways to Get Around It

Courtesy forwards have been a standard feature of e-mail systems about as long as there have been e-mail systems. A user moves or changes jobs or something, and rather than just closing the account, the mail system forwards all the mail to the user's new address. Or a user with multiple addresses forwards them all to one place to be able to read all the mail together. Since forwarding is very cheap, it's quite common for forwards to persist for many years. Unfortunately, forwarding is yet another thing that spam has screwed up. more

How Frequently Do Botnets Reuse IP Addresses?

I wonder how much botnets reuse IP addresses. Do they infect a system and spam, get blocked, discard the IP and move onto the next (new) one? This means that they have a nearly unlimited supply of IP addresses. Or do they infect a system and spam, get blocked, and then let it go dormant only to awaken it some time later? I decided to take a look. more

IP Address Reputation Primer

There has been a lot of recent discussions and questions about reputation, content and delivery of email. I started to answer some of them, and then realized there weren't any basic reference documents I could refer to when explaining the interaction. So I decided to write some. This post is about IP address reputation with some background on why IPs are so important and why ISPs focus so heavily on the sending IP. more

Implications of Canada's CASL - Toughest Anti-Spam Law the World Has Ever Seen

While Canada was dragging the chain when it came to introducing anti-spam legislation, it is now making up for lost time. Ottawa's new law -- expected to be operational early this year -- has severe fines for violations and is viewed by some as too tough. Known as CASL, the new law aims to crack down on spammers and mailing list companies but in doing so, tightly regulates the way businesses can market to prospective customers via email and online. more

IBM Predicts the Future for 2016 and It Includes No Spam

IBM published a video where it predicts what the world will look like in 2016 (see bottom of this post for the link). It includes the following five predictions. I want to start with the last one -- that junk mail (i.e., spam) will disappear. You'll need to watch the video to get the nuances of the prediction, but IBM says that in five years, Junk Mail will become a thing of the past. more

Antispam Law Draws Backlash

I was reading in the Canadian Lawyer Mag that businesses in Canada are now coming to grips with the Canadian Antispam law that was passed last year. Canada's antispam law is much tougher than most jurisdictions. Aside from the penalties of the law, which are steep, what differentiates it the most from the US law is that Canada's law is an opt-in law; marketers who send commercial email must be able to demonstrate that they received consent in writing in order to market to people. As expected, people who are most affected by the law - marketers - are upset about the lack of wriggle room and how it could affect their business. more