Internet and e-mail policy and practice including Notes on Internet E-mail

←2005→ Months Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Click the comments link on any story to see comments or add your own. RSS feed

Home 31 Jul 2005 SPF loses mindshare Email MAAWG is the Messaging Anti-Abuse Working group. It was started by Openwave, a vendor that sells e-mail hardware and software to large ISPs and originally consisted only of Openwave customers, but has evolved into an active forum in which large ISPs and software vendors exchange notes on anti-spam and other anti-abuse activities. Members now include nearly every large ISP including AOL, Earthlink, Yahoo, Comcast and Verizon is a member, along with ESPs like Doubleclick, Bigfoot, and Checkfree, and vendors like Ciscom, Ironport, Messagelabs, Kelkea/Trend, and Habeas. They've also been quietly active in codifying best practices and working on some small but useful standards like a common abuse reporting format. Earlier in July their technical committee quietly released an evaluationn of SPF and Sender-ID. Although it is worded very tactfully, the message is clear from phrases like; While MAAWG neither endorses nor discourages the use of SPF or Sender ID, the technical committee's findings highlight real-world risks to the delivery of legitimate e-mail when the specifications are implemented. At about the same time, Earthlink equally quietly removed the SPF records they'd been publishing for at least a year. That was particularly surprising because SPF originator Meng Wong had been working with Earthlink to get their SPF set up. If Meng can't make SPF work, who can? I particularly look forward to see what happens in November when Hotmail says they will start showing a yellow warning box (the Big Yellow Box Of Death, or BYBOD to the cognoscenti) on any incoming mail that doesn't pass Sender-ID. With no SPF records at all, Earthlink's mail won't pass Sender-ID, and will, we assume, be 100% BYBOD compatible. Will Hotmail blink and add their own synthetic SPF records for Earthlink? Will Earthlink publish SPF records that only Hotmail can see (and if they do, how could we tell?) Should be interesting. (Claimer: most of MAAWG's members are companies that pay a substantial membership fee, but they also have a few invited individual members, including me.) posted at: 23:57 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/nospf.trackback 24 Jul 2005 Blue Security's anti-anti-spam scheme Email A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal." Before they started their current scheme they contacted every anti-spam organization around, including CAUCE where I'm a board member, trying to find someone who would sponsor their scheme. Everyone including CAUCE said no. Since they announced their plan as a separate company, it is my understanding that at least two and maybe three web hosts have booted them off due to their abusive plans. See more ... posted at: 20:32 :: permanent link to this entry :: 27 comments Trackback link is http://weblog.johnlevine.com/Email/bluefrog.trackback 14 Jul 2005 Oh, that explains it Email Last month, Microsoft's Hotmail decided to check Sender-ID on all of its incoming mail, and display a warning box for messages where the Sender-ID said they came from the wrong place. This provoked widespread sceptical responses (including one here.) They further said that in November, they'll even show the warning box for mail with no Sender-ID info at all and perhaps move it into the junk mailbox. This aggressive move was surprisingly out of character for Hotmail, and we couldn't figure out why they were making a move that in all likelihood will route lots of real mail to the spam folder and leave 100% Sender-ID compliant phishes in the inbox. But one extra bit of info makes it all clear. Remember when Bill Gates said that the spam problem would be solved in two years? Well, that was in January 2004, and the time will run out pretty soon. If they shoot the Sender-ID magic bullet in November, all the spam will be dead by the end of January, right? I can hardly wait. posted at: 11:16 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/billg2yr.trackback 12 Jul 2005 The CEAS conference Email The second annual Conference on Email and Spam will happen at Stanford University next week, 21-22 July. I'm on the program committee, and the quality of the accepted papers is pleasantly high. I'm speaking on Experience with Greylisting and no, I didn't review my own paper. If you're interested in both what people are doing to understand spam and what they're doing to fight it, this conference is by far the best place to learn about them and meet the people involved. The conference registration is limited, but they still have space available. Visit their web site to see the list of papers and to register. posted at: 12:15 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/ceas05.trackback

Topics Copyright Law - 8 Email - 114 ICANN - 50 My other sites Who is this guy? Airline ticket info Taughannock Networks Other blogs Spam resource (Al Iverson) The Spam Diaries (Ed Falk) Word to the Wise (Laura Atkins) Lextext (Bret Fausett) Related sites IRTF Anti-Spam Research Group Network Abuse Clearinghouse Coalition Against Unsolicited Commercial E-mail

© 2005-2008 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.