|
|
|
Click the comments link on any story to see comments or add your own.
|
29 Dec 2005
posted at: 19:14 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/ICANN/stldrenew.trackback
posted at: 15:45 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/ftcreport.trackback 25 Dec 2005
We're taking a few days off for the holiday. Until then, we wish a joyous holiday season to our readers in the religious and/or cultural mode(s) you may choose to embrace, and we'll be back next week. The Queen's Annual Message to the Commonwealth is well worth reading, whether or not you're a Commonwealth citizen (we're not) for its heartfelt thoughts about what Christmas means at the end of this difficult year. posted at: 00:01 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/xmas05.trackback 12 Dec 2005
posted at: 01:24 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/edirp.trackback 02 Dec 2005
posted at: 13:01 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/ICANN/alacboard.trackback 30 Nov 2005
In one of the more peculiar developments at this week's ICANN meeting, the ICANN board took the contentious .XXX domain off the agenda for the board meeting at the end of the week. Multiple sources say that the European Union threatened to withdraw all of their delegates to the Government Advisory Committee if the board didn't do so. But Stuart Lawley, head of the ICM Registry that is proposing .XXX has told me that he spoke privately to the EU delegates, all of whom told him that they have no objection to .XXX, but are using the domain as a hostage in an argument with ICANN about ICANN's processes and the accuracy of information provided by ICANN to the EU. posted at: 19:19 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/ICANN/euxxx.trackback 29 Nov 2005
Update: The court denied the TRO request, saying that CFIT "has not shown that the need for immediate relief is clear." Instead the judge treated the request as notice for preliminary injunction, with papers to be served by December 5th, and a hearing on February 10th. Yesterday, two separate suits to stop the settlement were filed by newly created organizations, Coalition for ICANN Transparency and World Association of Domain Name Developers. I'm reading the complaints and will post an analysis when I have a chance. posted at: 15:05 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/suit.trackback 20 Nov 2005
posted at: 11:30 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/moshou.trackback 17 Nov 2005
posted at: 03:01 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/wsis.trackback 16 Nov 2005
The Knowledge@Wharton newsletter published by the Wharton School at the University of Pennsylvania has an interesting article on the Google Print cases. Professor Kevin Werbach offers a fine capsule summary of the case: "Google is clearly going out on a limb with respect to copyright. The limb may well hold, which I think would be the better result as a matter of public policy. On the other hand, the limb could easily break. The courts will decide." They also excerpt an interview with Pat Schroder, president of the AAP which filed the second case: "snippet" isn't a legal term and could evolve from meaning a sentence to meaning a complete chapter. I read that to say that what Google is doing is OK, and even though there's no evidence that they plan to do anything else, we need to stop them just because of what they might do. I hope the judge has enough sense to recognize a cloud of smoke when he or she sees it. posted at: 22:36 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/wharton.trackback 06 Nov 2005
An article in CNET reports that Google hasn't resumed scanning library books. They say it's ``an operational thing'' and confirm that when they do resume, they'll be scanning older books rather than those that are still in print. posted at: 23:41 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/googlenotresume.trackback 02 Nov 2005
posted at: 23:25 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/settlementlist.trackback 01 Nov 2005
posted at: 14:56 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/googleresume.trackback 31 Oct 2005
posted at: 10:03 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/googleprint.trackback 30 Oct 2005
Google has a new service called Google Print for Libraries. They've made a deal with five large libraries to scan in most of their books to create an index along the lines of Google's web index. Predictably, the Authors' Guild has filed a suit to try to make them stop. There's a variety of issues involved, some of which I'll try to address in subsequent messages, but once you cut through the bombast, the crux of the issue is that they think they deserve to be paid.posted at: 23:58 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/tollbooth.trackback
posted at: 22:30 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/dmaauth.trackback 25 Oct 2005
posted at: 15:00 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/verisignroot.trackback
posted at: 12:00 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/verisignsettlement.trackback 08 Oct 2005
posted at: 23:54 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/calspampra.trackback
posted at: 23:34 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/civilphish.trackback 01 Oct 2005
posted at: 00:32 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/barge.trackback 24 Sep 2005
posted at: 22:43 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/braver.trackback 06 Sep 2005
Blue Security was scheduled to give a talk on the 4th at TAUSEC, the Security and Computer Forensics Forum at Tel-Aviv University in Israel. This would have been an excellent chance for Blue Security's developers, who work nearby in Herzliya Pituach, to describe what they accomplished to a knowledgable audience. Unforunately, they cancelled at the last minute with no explanation. Oh, well. posted at: 22:09 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/nobluefrog.trackback 28 Aug 2005
posted at: 00:17 :: permanent link to this entry :: 3 comments Trackback link is http://weblog.johnlevine.com/Email/notspfrfc.trackback 24 Aug 2005
Sending pornography to children is really bad, right? Then making it illegal to e-mail porn to children is a great idea, right? Nope. An article in USA Today describes the perverse effects of new laws in Michigan and Utah. Both laws make it illegal to send ads to minors for things that minors aren't allowed to buy, with serious legal penalties if you do. Both have established opt-out lists on which parents can list addresses used by their children, and mailers can pay to have their lists scrubbed against the opt-out lists. Both states use a new scrubbing service run by Unspam, LLC, run by Matthew Prince who also runs the interesting Project Honeypot. The scrubbing service's website is coy about the cost of scrubbing, but the Utah regulations prescribe a fee of 1/2 cent per address and Michigan allows up to 3 cents per address. Even 1/2 cent is a significant tax on senders, and 3 cents/address is probably more than the entire cost of sending a large email campaign. Both state laws say you have to scrub and pay the ``email tax'' every 30 days to keep your lists clear of opted out addresses.posted at: 23:58 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/utahmich.trackback 16 Aug 2005
In August 2005, the full U.S. Court of Appeals for the 1st Circuit issued its long awaited decision in the U.S. v. Councilman case. This case has an extremely peculiar set of facts and a peculiar history to match, and although I agree with the court's decision, I'm not too encouraged by the history of the case. Everyone apparently agreed to the facts of the case, but see the update at the end of this article: Brad Councilman was an executive at a company called Interloc which ran an online service for used bookstores, which among other things provided the stores with e-mail accounts. (Interloc is long gone, merged into the larger Alibris.) In 1998 Councilman allegedly decided to do a little surrepetitious market research by adjusting the procmail script that delivered the stores' e-mail to make copies of mail from Amazon.com in a mailbox that Councilman and other Interloc employees read, and they did indeed copy and read thousands of messages. Councilman was in the unusual position of being both an ISP for these stores and their competitor. In 2001, Councilman was indicted for violating the Wiretap Act, by intercepting electronic communications, namely the e-mail from Amazon. Councilman's lawyers came up with a clever defense arguing that what he did wasn't against the law.posted at: 02:57 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/councilman.trackback 31 Jul 2005
MAAWG is the Messaging Anti-Abuse Working group. It was started by Openwave, a vendor that sells e-mail hardware and software to large ISPs and originally consisted only of Openwave customers, but has evolved into an active forum in which large ISPs and software vendors exchange notes on anti-spam and other anti-abuse activities. Members now include nearly every large ISP including AOL, Earthlink, Yahoo, Comcast and Verizon is a member, along with ESPs like Doubleclick, Bigfoot, and Checkfree, and vendors like Ciscom, Ironport, Messagelabs, Kelkea/Trend, and Habeas. They've also been quietly active in codifying best practices and working on some small but useful standards like a common abuse reporting format. Earlier in July their technical committee quietly released an evaluationn of SPF and Sender-ID. Although it is worded very tactfully, the message is clear from phrases like; While MAAWG neither endorses nor discourages the use of SPF or Sender ID, the technical committee's findings highlight real-world risks to the delivery of legitimate e-mail when the specifications are implemented. At about the same time, Earthlink equally quietly removed the SPF records they'd been publishing for at least a year. That was particularly surprising because SPF originator Meng Wong had been working with Earthlink to get their SPF set up. If Meng can't make SPF work, who can? I particularly look forward to see what happens in November when Hotmail says they will start showing a yellow warning box (the Big Yellow Box Of Death, or BYBOD to the cognoscenti) on any incoming mail that doesn't pass Sender-ID. With no SPF records at all, Earthlink's mail won't pass Sender-ID, and will, we assume, be 100% BYBOD compatible. Will Hotmail blink and add their own synthetic SPF records for Earthlink? Will Earthlink publish SPF records that only Hotmail can see (and if they do, how could we tell?) Should be interesting. (Claimer: most of MAAWG's members are companies that pay a substantial membership fee, but they also have a few invited individual members, including me.) posted at: 23:57 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/nospf.trackback 24 Jul 2005
A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal."Before they started their current scheme they contacted every anti-spam organization around, including CAUCE where I'm a board member, trying to find someone who would sponsor their scheme. Everyone including CAUCE said no. Since they announced their plan as a separate company, it is my understanding that at least two and maybe three web hosts have booted them off due to their abusive plans. posted at: 20:32 :: permanent link to this entry :: 27 comments Trackback link is http://weblog.johnlevine.com/Email/bluefrog.trackback 14 Jul 2005
Last month, Microsoft's Hotmail decided to check Sender-ID on all of its incoming mail, and display a warning box for messages where the Sender-ID said they came from the wrong place. This provoked widespread sceptical responses (including one here.) They further said that in November, they'll even show the warning box for mail with no Sender-ID info at all and perhaps move it into the junk mailbox. This aggressive move was surprisingly out of character for Hotmail, and we couldn't figure out why they were making a move that in all likelihood will route lots of real mail to the spam folder and leave 100% Sender-ID compliant phishes in the inbox. But one extra bit of info makes it all clear. Remember when Bill Gates said that the spam problem would be solved in two years? Well, that was in January 2004, and the time will run out pretty soon. If they shoot the Sender-ID magic bullet in November, all the spam will be dead by the end of January, right? I can hardly wait. posted at: 11:16 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/billg2yr.trackback 12 Jul 2005
The second annual Conference on Email and Spam will happen at Stanford University next week, 21-22 July. I'm on the program committee, and the quality of the accepted papers is pleasantly high. I'm speaking on Experience with Greylisting and no, I didn't review my own paper. If you're interested in both what people are doing to understand spam and what they're doing to fight it, this conference is by far the best place to learn about them and meet the people involved. The conference registration is limited, but they still have space available. Visit their web site to see the list of papers and to register. posted at: 12:15 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/ceas05.trackback 30 Jun 2005
posted at: 11:55 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/spfrfc.trackback 26 Jun 2005
Here we have a piece of mail purportedly from MBNA (a large credit card bank headquartered in an impressively large and anonymous building in Wilmington DE that I walked past a few weeks ago) about a utility bill that perhaps is available in their system for me to pay. Again the only thing I changed was to turn the target address to xxx@yyy.com. All of the X- headers were in the original mail. Clues:
posted at: 12:29 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/phish2.trackback 23 Jun 2005
Phishing is a big problem, and banks have given us lots of advice like don't click on links in e-mail messages and watch for mail from fake sources. So take a look at this message that I got earlier this year and tell me whether it's real or a phish. (I already know the answer. This is a thought experiment.) Clues:
posted at: 23:09 :: permanent link to this entry :: 3 comments Trackback link is http://weblog.johnlevine.com/Email/phish1.trackback 19 Jun 2005
Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT. Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist, and he wrote a portentous web page about it, called The Destiny of Blacklists with quotes like "This is, strictly speaking, terrorism." Nobody, including Spamhaus, thinks that Graham is a spammer. Does this mean that Spamhaus has gone rogue? Well, no.posted at: 00:53 :: permanent link to this entry :: 9 comments Trackback link is http://weblog.johnlevine.com/Email/paulgraham.trackback 18 Jun 2005
Sender-ID is Microsoft's entry in the anti-spam technology sweepstakes. It's a scheme developed during last year's MARID fiasco in which their earlier Caller ID propsal and Meng Weng Wong's SPF were merged, sort of. Microsoft's patent claims and the details of the patent license they offered so severely distracted MARID that the merits or lack thereof of Sender-ID didn't get much attention. Now, Microsoft's Hotmail, which also handles the mail for MSN users, says that they will shortly be checking Sender-ID on all mail to Hotmail and will show a yellow warning box on all mail that doesn't pass. What should senders do? Ironically, for most senders, the best answer is nothing.posted at: 22:23 :: permanent link to this entry :: 5 comments Trackback link is http://weblog.johnlevine.com/Email/hotmailsenderid.trackback 17 Jun 2005
posted at: 17:50 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/conferences0507.trackback 12 Jun 2005
We have upgraded our weblog software to allow readers to leave comments. To read comments on a story or leave your own, click on the small comments link at the bottom of each story. When you leave a comment, you must provide a valid e-mail address to which it will mail a message with a confirmation URL. Your address won't be displayed with the comment unless you check a box that explicitly permits it. (No, we won't add it to a spam list, either.) This avoids the noxious problem of blog spam, large irrelevant comments containing links to sleazy web sites that want to increase their search engine ranking. If you know what a trackback is, an inter-blog crossreference, they should work, too. posted at: 22:20 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/blogcomments.trackback 18 May 2005
Industry Canada, the part of the Canadian government roughly equivalent to the U.S. Commerce Department, has had a task force on spam working for the past year or so. I was invited to participate as an unofficial member, since I'm not a Canadian. Yesterday, it wrapped up its work and published its report (aussi disponsible en français) to the government. It's quite good, and has a set of 22 recommendations.posted at: 23:30 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/canada.trackback 30 Apr 2005
Adware is a variety of spyware that shows ads on your computer, nominally in exchange for letting you use a program like KaZaA. Programs like Eudora and Opera that show their own ads when they're running aren't usually considered adware; typical adware pops up ads on web browsers in addition to or instead of existing ads. Often they watch the URLs and try to show ads related to the URL, so if you visited a web site for contact lenses, adware would pop up an ad for a competitor that's paid the adware company to do so. Unfortunately, for a variety of reasons, adware is inherently abusive.posted at: 12:09 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/adware.trackback 31 Mar 2005
For those who've been living in an e-mail free cave for the past year, phishing has become a huge problem for banks. Every day I get dozens of urgent messages from a wide variety of banks telling me that I'd better confirm my account info pronto. Early bank phishes were pretty clumsy, but the crooks have gotten better at it and current phishes can look very authentic. See this archive of recent phishes at antiphishing.org for some examples. A very common trick is the fake link, in which the link you think you're clicking on isn't the one you're really clicking on, like this:posted at: 23:30 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/urls.trackback 18 Feb 2005
According to this interesting article in the Seattle Post-Intelligencer, Richard Clarke, security adviser to four presidents from Reagan to GW Bush, thinks so: SAN FRANCISCO -- Don't expect Richard Clarke to rely on Microsoft Corp.'s anti-virus or anti-spyware programs to protect his own computer. "Given their record in the security area, I don't know why anybody would buy from them," the former White House cybersecurity and counterterrorism adviser said yesterday, when asked for his thoughts on Microsoft's forthcoming line of security software. ... He oughta know. I wouldn't disagree. posted at: 00:43 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/clarke.trackback 23 Jan 2005
Brian McWilliams, author of the pulp favorite Spam Kings (which I must I admit I tech edited), has a new article in Salon called How Microsoft is losing the war on spam. He interviewed me by e-mail during the research on the article, and here's what I said. 1. Given the amount of spam being sent through Trojaned Windows proxies, do you think it's accurate to say that Microsoft is indirectly responsible for much of the spam problem today?Definitely. posted at: 00:37 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/msspam.trackback 11 Jan 2005
I got a letter the other day from AOL postmaster Carl Hutzler, about how the Internet community could get rid of spam, if it really wanted to. With his permission, here are some excerpts. Spam is a completely solvable problem. And it does not take finding every Richter, Jaynes, Bridger, etc to do it (although it certainly is part of the solution). In fact it does not take email identity technologies either (although these are certainly needed and part of the solution). The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers. This is just security and every admin/network operator has to deal with it. We just have a lot of providers not bothering to care. We need message providers to implement better security on their networks and take responsibility for their networks being sources of spam. The number of ISPs who don't even authenticate their members is frankly appalling (just for starters). AOL has implemented the solution to stop spam on our system. We do not send it any more. We even published the solution in the ASTA [the Anti-Spam Technical Alliance, a group of the largest ISPs] technical document. We are again trying to get the info to other messaging providers via the MAAWG.org group. But no one wanted to listen to one ISP. So we had to apply the set of solutions for every other ISP around the planet for them! 1) The port 25 blocking we do for them (via pattern matches on their dynamic space or getting their actual dynamic IP space from them if their regex set-up is not thought out well) 2) Our Second Received Line rate limits which put reasonable controls on the amount of mail an end user can send through their ISPs mail server. This is why AOL reported our spam is almost eliminated. Yes, I said it, eliminated. I get so little spam on my AOL business account (the one that has 20 pages of google results, countless newsgroup hits, etc). I think I have gotten 10 spams total in my inbox over the last month and many of them go to the spam folder where they should be. Just think how different everyone's spam problem could be if ISPs did a few of these things, and more simply, took responsibility for their customers/networks. Spam would be gone. But no one else is reporting success like this? Why? Because every other ISP is building better and better filters to help their system fend of the spam. But the sources of spam are still there and spammers can keep sending till their hearts content until we stop them at the source.
Why do we all keep building better filters? Because it helps us instead of helping others. And its easy as most of these are shrink wrapped software or services that are easy to apply. Good for Postini and Brightmail and spamassasin, but not a solution, just a bandaid. Why do people do this and never try solving the problem? Security for our networks and messaging platforms is much harder to implement, and likely most importantly, it does not help the ISP stop spam inbound to its network usually. So no one does it. What we need is for providers to do BOTH. You have to implement better filters to survive (we sure do), but we all also have to fix our sources of spam that clog other networks. Eventually as providers do BOTH actions, the problem will go away and everyone will be able to remove the BANDAIDS from the spam wound as we won't need filters and blacklists as much in the future. A Funny example If a spammer had a T1 line provided by [a large network], we all would be up in arms that the network is all of a sudden a blackhat ISP hosting known spammers on the Spamhaus ROKSO list, etc, etc. But the fact that that network and many other ISPs are hosting spammers via trojaned and zombied customers and have no security on their network to prevent this situation or manage it at least, does not seem to bother us (messaging providers) as much as it should. Well shame on us. If you want less spam, then can we all commit to manage our systems better? Carl then went on to comment on a large web hosting company, which will remain nameless both to protect the guilty and because many other web hosts are just as bad. They have been spamming the be-jesus out of AOL for months now because they have customers who run insecure formmail and other CGIs. When will these premier hosting companies write a program to find them before the spammers and prevent customers from installing these open relays (cgi scripts) on their network? When will these companies monitor their scomp [AOL's automated spam reporting] complaints and take them off the air without my team having to constantly call them? When will they stop telling their customer service reps to blame AOL for delivery issues their customers are seeing when they can't mail to AOL because we have temporarily blocked them for the 15th time in 2 months? Should anyone be allowed to operate an email system? Perhaps not. Or perhaps we will find a group of ISPs that band together to create a second email system on top of the current one for email providers that know how to control their networks. And the other people will be on another system, the old one filled with spam. Everything that Carl says is, largely self-evidently, true. What do we have to do to persuade networks that dealing with their own spam problem, even at significant short term cost, is better for the net and themselves than limping along as we do now? posted at: 00:19 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/carl.trackback 10 Jan 2005
[This doesn't have much to do with e-mail, at least not until the big phone companies take over the Internet market in the US and impose their own Bell-shaped policies on it. So sue me.] I wish the FCC would revisit the key issue of essential facilities, the bits of the telephone infrastructure that everyone needs to use and nobody can afford to duplicate. The other day I read a most interesting little book Lessons from Deregulation, by Alfred Kahn, the architect of airline deregulation in the 1980s. It was published a year ago and is available either as a printed book or as a PDF. Executive summary: he still thinks deregulation is swell. The first half of the book is about airline deregulation, the second half is about telecom deregulation. I found Kahn's analysis of airline deregulation quite persuasive, not surprising since he was in charge of it. The analysis of telecom was much less persuasive. Kahn has been firmly on the side of the Bells in just about every disagreement. He argues, not unreasonably, that forcing competitors to rent facilities to each other below cost, as many state regulators have done, is no way to create a competitive market, and he thinks that cable and wireless will create true competition, but it seemed to me he was missing something critical. What struck me at the end of the book is how completely opposite the outcomes of the two deregulations have been. In the airline industry, the old incumbents are all in dreadful shape, being walloped by nimble new entrants. In the telecom industry, after a flurry of competition aided by dot.com free money and regulatory pushing, the incumbents are crushing the new entrants and are well on their way to establishing a cozy geographically divided duopoly. What's the difference? The old-line incumbent airlines (IALs from now on) certainly had their share of both self-inflicted and external injuries, but the old-line phone companies (ILECs, incumbent local exchange carriers, in telecom-ese) did plenty of dumb things, too. The critical difference is that the ILECs owned the essential facilities, and the IALs didn't. In the airline industry, the essential facilities are airports and air traffic control. Airports are owned by various government agencies and paid for by user fees. ATC has always been Federal and is more or less paid for by ticket taxes. Imagine a world where the IALs owned the airports. You want to add a route to Dallas? Too bad, American owns one airport, Braniff (which is still in business due to its duopoly profits) owns the other, and neither is willing to sell landing and gate slots at a price anyone else can afford. For a while, the CAB required them to sell Unbundled Flight Elements (UFEs) at a set price, but the IALs all moaned and groaned about how unfair the prices were. Remarkably, despite claims that the UFE prices were below their own costs, none of the IALs ever took advantage of the UFE bargains to invade each other's territory. When the new entrants complained to the Civil Aviation Board that the legacy airports gave the IALs a stranglehold on access to passengers, the CAB said that rapidly changing technology would level the playing field, citing as an an example a helicopter service between a parking lot in Philadelphia and an abandoned shopping center in southeast Washington DC. Besides, the IALs are promising to roll out personal jet packs, (FTTP, for Flying To The Premises), although a few soreheads pointed out they'd been promising them since the early 1990s and to date they were only available in the financial districts of New York and San Francisco. Well, enough of that. Nothing like that could ever happen, could it? I'm hardly the first to advocate separating the ILECs into regulated wire companies and unregulated switch companies, but the more I see of the telecom landscape, the more I believe that we'll never have real competition so long as one party owns a facility that nobody else can afford to replicate. The ILECs have a century of practice assigning costs to infrastructure to show how expensive it is, and they're never going to give anyone else a fair price so long as they can sell it to themselves for funny money. posted at: 23:50 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/airport.trackback 02 Jan 2005
The CAN SPAM Act of 2003 went into effect a year ago on Jan 1, 2004. As of that date, spam suddenly stopped, e-mail was once again easy and pleasant to use, and Internet users had one less problem to worry about. Oh, that didn't happen? What went wrong? There are a few good things about CAN SPAM. It made some arguably fraudulent practices specifically illegal, and set per-spam statutory damages. That allowed a variety of lawsuits such as the one where an Iowa ISP won a billion dollar default judgement against a Florida spammer. It also explicitly ratified ISPs authority to set and enforce their own stricter policies about e-mail. But overall, CAN SPAM's weaknesses outweigh its benefits. The biggest problem with CAN SPAM is that it doesn't actually forbid spam, for any normal definition of spam. So long as mail doesn't involve fraudulent elements, and contains specified contact and opt-out information, it's 100% legal until the recipient begs the sender to stop. This has set an extremely low floor for mailers to meet, and far too many now argue that since they comply with CAN SPAM they must be OK. I've gotten spam from the National Council of Churches, who really should know better, to addresses that were clearly scraped from my church's web site and added to the NCC's list without asking permission. When I complained, they pompously assured me that they complied with the letter and spirit of CAN SPAM, an utterly vacuous claim since CAN SPAM says nothing at all about non-commercial e-mail. (The obvious counter-argument is that if they didn't comply with CAN SPAM, they're be criminals, but they evidently don't see it that way.) Another problem is that the remedies are cumbersome, since they require filing in Federal court, so they're likely to be useful only to medium and large businesses who get a lot of spam and can bundle many similar complaints into one case. CAN SPAM wiped out a lot of more stringent state laws, but even so, the remaining state laws are at least as useful as CAN SPAM. For example, the criminal conviction of large-scale spammer Jeremy Jaynes was under the Virginia state law, not CAN SPAM. What does this all portend for the future? A surprising press release from AOL reported that the amount of inbound spam at AOL dropped by 22% compared to a year ago. Other ISPs reported no such drop, so we can only speculate about the causes, but my speculation would be about one part spam filtering, which AOL does well, and four parts legal threats, both the Jaynes criminal case and several civil cases they've filed in the past year. Spammers may turn away from large ISPs and aim more at smaller domains who are less likely to have the resources to sue them. Tune in again next year and find out. posted at: 23:06 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/canspam.trackback |
Topics
My other sitesOther blogsWord
to the Wise
Related sitesCoalition Against Unsolicited Commercial E-mail
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
© 2005-2009 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will
not give, sell, or otherwise transfer addresses maintained by this
website to any other party for the purposes of initiating, or enabling
others to initiate, electronic mail messages.
![[Valid RSS]](http://www.taugh.com/valid-rss.png "Validate my RSS feed"){kind=small}