Internet and e-mail policy and practice including Notes on Internet E-mail

←2006→ Months Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Click the comments link on any story to see comments or add your own. RSS feed

Home 28 Dec 2006 Earthquake in Asia, Spam Plummets Email An earthquake on Tueday near Taiwan caused widespread disruption to telephone and Internet networks. The quake affected an area of the sea bottom with a lot of undersea cables that broke, and since there is only a limited number of cable repair ships, it will take at least weeks to fish them up and splice them. See more ... posted at: 11:48 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/earthquake.trackback 16 Dec 2006 In the UK, it's illegal to sell sucker lists to pornographers Email In a story reported yesterday at Out-Law.com, and in the Milton Keynes local paper, Microsoft win a suit against Paul McDonald (a/k/a Gary Webb) for illegally selling e-mail addresses. See more ... posted at: 22:15 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/ukporn.trackback 12 Dec 2006 Oklahoma Anti-Spammer Loses Big in Court Email In November, Mark Mumma, who runs a little design firm at webguy.com, lost an appeal in the Fourth Federal Circuit. He'd filed suit against cruise.com and their parent Omega World Travel under CAN SPAM and an Oklahoma anti-spam law. Omega countersued for defamation. The court threw out Mumma's case, and allowed part of the defamation case to proceed. At first blush, this looks like a big win for spammers. See more ... posted at: 16:25 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/mumma.trackback We're from the Government, and We're Here to Spam You Email I was somewhat surprised to get spam last week from the United States Postal Service. It was advertising a new feature of Click-N-Ship, a web shipping service, sent to an address that I think I gave them when I signed up to try out some other online system for validating postal mail addresses. The message did not have the postal mailing address of the sender (pretty ironic, huh?) nor opt-out instructions, both of which are mandatory under CAN SPAM. Did the USPS break the law? See more ... posted at: 16:18 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/govtspam.trackback 16 Nov 2006 Dog Eats Opt-Out Requests, FTC Is Not Impressed Email Last week the Federal Trade Commission settled a lawsuit against Yesmail, a large ESP (Email Service Provider). The facts of the case are not in dispute, but their meaning is. See more ... posted at: 00:18 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/yesmail.trackback 05 Nov 2006 Huge Increase in Spam in October Email You may have read reports that the total amount of spam is on the decline. Don't believe them. In the month of October, I saw the amount of spam in my traps here roughly double, from about 50,000 per day to 100,000/day now. In conversations with managers at both ISPs and corporate networks, I'm hearing the same thing. One corporate network has gone from about 12 million spam rejects a month in June and July to 28 million in October. The very large mail systems don't publish their numbers, but they tell me informally they're seeing the same thing. So far, nobody can figure out why. Perhaps we have a new generation of zombies, so numerous that price has dropped and spammers can buy twice as many of them. But whatever it is, if anyone tells you that the worst of spam is over, they're just wrong. Update on Nov 15th: There's been yet another huge spike in spam today, even beyond last month's level. I noticed it overwhelming my modest servers, and friends at both corporate mail systems and large ISPs say they've seen it, too. We can only deal with so many doublings of the spam load before there just isn't enough hardware and software to handle it. posted at: 21:54 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/morespam.trackback 08 Oct 2006 ICANN ALAC Doesn't Like The Proposed *.travel Wildcard ICANN In case you missed it, .travel is yet another new domain intended for the travel industry. Tralliance, the shell organization that runs .travel, asked ICANN for permission to add a top level wildcard similar to the one in the obscure .museum domain, and the one that Verisign briefly added to .com as their notorious Sitefinder product. See more ... posted at: 17:34 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/travelstar.trackback 20 Sep 2006 Spamhaus Loses Court Case for $11 Million, Except They Didn't Email Reports in the press have been saying that the Spamhaus Project lost an $11 million dollar lawsuit in Chicago to mailer e360 Insight. Technically it's true, in reality, it's not. See more ... posted at: 01:42 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/shdef.trackback Abuse.net gets blacklisted Email I run a service called abuse.net that provides a contact database for people to use to report spam and other network abuse. One of the ways people can use it is to register and then forward mail through it, so that for example mail to furble.net@abuse.net is remailed to whatever the abuse contact is for furble.net. Last Friday (while I was on the way to a meeting at an undisclosed location east of Seattle) someone sent me a note telling me that mail sent through abuse.net was bouncing: See more ... posted at: 01:14 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/spamcop.trackback 10 Sep 2006 Pump and dump still works Email In July I wrote about a paper on pump and dump spam by Böhm and Holz. A more recent paper by Frieder and Zittrain takes a more detailed look and comes to the same conclusion, that pump and dump works for the spammers. See more ... posted at: 16:07 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/morepump.trackback 26 Aug 2006 How much do you think a .ORG, .BIZ, or .INFO domain costs? ICANN Whatever you think the answer is (typically about ten bucks), the answer is likely to change radically for the worse, based on new contracts that ICANN is planning to approve. On July 28th ICANN posted proposed new contracts for .ORG, .BIZ, and .INFO, for a public comment period that ends four days from now, on the 28th. There's a lot not to like about these proposed contracts, but I will concentrate here on two related particularly troublesome areas, pricing and data mining. See more ... posted at: 15:52 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/squeezem.trackback 21 Aug 2006 More on domain tasting ICANN The ICANN ALAC, of which I am a member, has been thinking about what our position should be on domain tasting. (Since we are supposed to represent the interests of at-large users, i.e., everyone other than the special insterests, feel free to add your opinions.) We started by trying to figure out what the problem is that we're worried about. There is a meaningful difference between domain monetization and domain tasting. See more ... posted at: 21:49 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/ICANN/taste.trackback 17 Aug 2006 Cameroon *.CM wildcard--it's baaack ICANN Today the wildcard is back in all but one of the CM name servers, again pointing at the same server in Canada that doesn't identify itself but has a big link farm of Overture pay-per-click links. Also, Appolinaire Noumbi, who identifies himself as the Chairman, Federation of Cameroonian Engineers, has posted a most peculiar personal page at Circle ID. I still think that it is not a fundamentally bad idea for Cameroon to take advantage of its typographic proximity to .COM, but an anonymous junk parking page is not the way to do it. posted at: 23:23 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/cameroon4.trackback 11 Aug 2006 Cameroon *.CM wildcard is gone ICANN As of this morning there's no longer a wildcard in the CM zone. Perhaps Mr. Noubi will be able to give us the background. posted at: 09:20 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/cameroon3.trackback Making DKIM More Useful with Domain Assurance Email The IETF DKIM working group has been making considerable progress, and now has a close-to-final draft. DKIM will let domains sign their mail so if you get a messge from fred@furble.net, the furble.net mail system can sign it so you can be sure it really truly is from furble.net. But unless you already happen to be familiar with furble.net, this doesn't give you any help deciding whether you want the message. This is where the new Domain Assurance Council (DAC) comes in. See more ... posted at: 01:56 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/dac.trackback 09 Aug 2006 More Developments with the *.CM wildcard ICANN As of 9 Aug, the typosquat domains at Rackspace have all stopped working. They still have entries in .CM, but the Rackspace servers to which they are delegated no longer have data for them. Wow, people actually read my blog. Also, there are some interesting comments both on my blog entry as well as on the original Circle ID message from Appolinaire Noumbi, who says he is the Chairman of the Cameroon Federation of Engineers, asking for help to understand and fix the problem. See more ... posted at: 23:55 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/cameroon2.trackback 08 Aug 2006 More top level wildcards ICANN With all of the recent excitement about *.cm, the Cameroonian wildcard that someone is using to collect vast numbers of mistyped .com addresses, I wondered how many other wildcards there were at the DNS top level. There's a total of 13. See more ... posted at: 23:12 :: permanent link to this entry :: 3 comments Trackback link is http://weblog.johnlevine.com/ICANN/morewild.trackback 06 Aug 2006 Has Your Browser Been to Cameroon Lately? ICANN A recent message on Circle ID notes that Cameroon in west Africa has added a wild card to its .CM country domain. This means that anyone who tries to type something.com into his browser and types something.cm instead will in most cases end up at the web site the wild card points to, similar to what Verisign did with their infamous Sitefinder a few years ago. (I say most, because if you type the name of an actual .cm domain, you'll end up at that domain. More about that later.) See more ... posted at: 22:59 :: permanent link to this entry :: 3 comments Trackback link is http://weblog.johnlevine.com/ICANN/cameroon.trackback 03 Aug 2006 Internet Governance for Dummies ICANN I spoke last year at the Oxford Internet Institute on Internet Governance for Dummies, trying to lay out both what on the 'net needs governing (IP addresses and domains, if you know what they are), and who governs it, mostly ICANN with a large set of supporting characters. They taped it, so you can visit the OII's web page for the talk where you can choose streaming video or downloadable MP4's. When I returned this year the OII people told me that this is one of their most popular videos. Let me know whether or not you like it. posted at: 23:33 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/igov4dum.trackback Internet Security: Legend or Myth ICANN In late June I paid a visit to the Oxford Internet Institute, where they offered me the chance to talk about whatever I wanted. This year's talk was on Internet Security: Legend or Myth. The blurb said: The Internet is sort of like a town where your local crack house can put up a front window that looks just like Boots, and teenagers can hotwire most people's cars and start playing bumper cars on the M40. Is this a place that anyone would want to visit, much less live in? What can we do about it? I thought it went pretty well, but you can watch it and decide for yourself. Visit the OII's web page for the talk where you can choose streaming video or downloadable MP4's. Free video bonus: at the beginning of the talk, Ted Nelson introduces me. posted at: 23:18 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/ICANN/legendormyth.trackback 29 Jul 2006 It's not spam because we're nice Email Here are some excerpts from an all too typical exchange I recently had with an e-mail service bureau (usually called an ESP for Email Service Provider.) It started when I sent them a boilerplate spam complaint, one of about a thousand a day I send for spam that either hits my spamtraps or gets caught in the spam filters. See more ... posted at: 21:52 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/notspam.trackback 20 Jul 2006 Another try at proof-of-work e-postage Email Another paper from the Fifth Workshop on the Economics of Information Security, (WEIS 2006) is Proof of Work can Work by Debin Liu and L, Jean Camp of Indiana University. Proof of work (p-o-w) systems are a variation on e-postage that uses computation rather than money. A mail sender solves a lengthy computational problem and presents the result with the message. The problem takes long enough that the sender can only do a modest number per time period, and so cannot send a lot of messages, thereby preventing spamming. But on a net full of zombies, proof of work doesn't work. See more ... posted at: 20:35 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/hashpow.trackback Does pump and dump spam work? Email I've been reading some of the very interesting papers from the Fifth Workshop on the Economics of Information Security, (WEIS 2006), held last month in Cambridge (UK). Rainer Boehme and Thorsten Holz's paper The Effect of Stock Spam on Financial Markets is the first analysis I have seen of pump and dump spam, and comes to the dismaying conclusion that it works. See more ... posted at: 19:35 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/pumpndump.trackback 19 Jul 2006 What's up with DKIM Email The DKIM working group in the IETF has been making good progress. We now have a draft of an overview document as well as an updated and, with any luck, final version of the threats document. The main spec for DKIM signatures seems to be close enough to done for a "last call" for complaints and comments. See more ... posted at: 00:18 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/dkimietf67.trackback 08 Jun 2006 How much money do spammers make? Email News reports say that high profile Ryan Pitylak was fined $10 million by the Texas Attorney General. A few days ago, he paid a $1M settlement to Microsoft. Since it had been widely reported that he'd made between $3M and $4M during his spamming career, that seemed like a pretty good deal for him. As I commented to the San Antonio Express, this new fine is more in line with what he did, and at least relieves him of all his ill-gotten gains. See more ... posted at: 10:47 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/pitylak.trackback 17 May 2006 Blue Security Is Kaput Email Wired reports that Blue Security shut down yesterday. It's a little hard to make sense of the explanations offered, but as best I can make out, after Blue Security's clumsy attempts to deal with a denial of service attack clobbered several other web sites, the owners appear to have pulled the plug. The investors say the technology has other uses, so we may not have heard the last of this bad idea. posted at: 02:42 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/deadblue.trackback 09 May 2006 March of the Frogs Email As I predicted last week in this blog entry on Blue Security, the Frog's fans leapt to its defense, with a blizzard of more or less interchangable outraged messages, often refuting points I never made. Oddly, very few comments appeared on the recent message that was at the top of the blog's home page, but instead on an earlier message I wrote last July. Huh? See more ... posted at: 14:02 :: permanent link to this entry :: 33 comments Trackback link is http://weblog.johnlevine.com/Email/froggers.trackback 03 May 2006 Spam defense or video game? Email The blogosphere is abuzz with stories about an allegedly titanic battle between Blue Security and some spammers. Blue Security, as you probably know, distributes a freeware program called Blue Frog that is supposed to crush spammers by hammering on their web sites with gazillions of opt out requests or something like that. For a variety of reasons, the mainstream anti-spam community has never thought much of this approach, but every criticism only leads Blue Frog's partisans to leap ever more forcefully to its defense. (See, for example, the comments on my note about them last year, and the comments that will doubtless be posted on this message, too.) This latest round made me realize that Blue Frog makes perfect sense if you think of it as a video game, or perhaps a fashion accessory, rather than as an anti-spam tool. See more ... posted at: 00:24 :: permanent link to this entry :: 23 comments Trackback link is http://weblog.johnlevine.com/Email/bluefog.trackback 02 May 2006 In Bad Taste ICANN So-called domain tasting is one of the more unpleasant developments in the domain business in the past year. Domain speculators are registering millions of domains without paying for them, in a business model not unlike running a condiment business by visiting every fast food restaurant in town and scooping up all of the ketchup packets. See more ... posted at: 00:01 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/ICANN/tasting.trackback 24 Apr 2006 Better automated abuse reporting with ARF Email Since we know we're not going to find a FUSSP any time soon, anti-spam efforts are concentrating on incremental efforts to make the current mail system, messy though it is, work better. Dealing with abuse reports is a particularly messy and labor-intensive area that desperately needs more automation. See more ... posted at: 01:01 :: permanent link to this entry :: 3 comments Trackback link is http://weblog.johnlevine.com/Email/arf.trackback 06 Apr 2006 California Frets about Goodmail Email On Monday the 3rd, California state Senator Dean Flores held a hearing of the E-Commerce, Wireless Technology, and Consumer Driven Programming committee grandly titled AOL: You Have Certified Mail, Will Paid E-mail Lead to Separate, Unequal Systems or is it the Foolproof Answer to Spam?. The senator's office said they were very eager to have me there, to the extent they offered to fly me out from New York, so since I happened to be on the way home from ICANN in New Zealand that weekend, I took a detour through Sacramento. Sen. Florez conducted the hearing, with Sens. Escutia and Torlakson sitting in briefly. Unfortunately, Sen. Bowen, who is very well informed on these topics, wasn't there. There were five panels of speakers, and I got to lead off. See more ... posted at: 22:05 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/casenate.trackback 19 Mar 2006 Google Wins an Easy One Copyright Law Last week a court in Philadelphia dismissed a 2004 case filed by Gordon Roy Parker. In the decision the judge threw out the entire case alleging copyright infringement, defamation, invasion of privacy, and a grab bag of other complaints. See more ... posted at: 14:04 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/googleparker.trackback 10 Mar 2006 Wow, that's creepy Last week I had lunch with an old friend who designs and sells video chips. He told me about an RFP they got from a large retailer. (He didn't say which one.) They want to install a grid of little cameras on the ceiling of their stores that can track people as they walk around the store, starting from when they walk in the door until they leave. The grid would be self-organizing, adjacent cameras talking to each other and handing off trackees to each other. It couldn't recognize people, although if you buy something with something other than cash, it'd know who you were from that transaction. This isn't intended for loss control (retailese for shoplifting) but more for marketing. They could, for example, rent a rack in a prominent position to a supplier, and charge them by the number of people who stop to look at it. But wait, there's more! See more ... posted at: 22:57 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/creepy.trackback 14 Feb 2006 How Bad is Goodmail? Email Goodmail Systems made a big splash last week when AOL and Yahoo announced that they will be giving preferential treatment to mail that uses Goodmail's CertifiedEmail service, claiming (implausibly) that this has something to do with stopping spam.. Since Goodmail charges senders for each message, some people see this as the end of e-mail as we know it. I have my concerns about Goodmail, but a lot of the concerns are either overblown or based on bad reporting. See more ... posted at: 14:28 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/goodmail.trackback 30 Jan 2006 Court rules for Google in cache copyright case Copyright Law In a widely noted decision, a Nevada judge has handed down a ruling in favor of Google in a case in which attorney Blake Field sued Google for copyright infringement due to Google's web page cache keeping copies of his material. Read comments by the EFF, Red Herring, and Larry Lessig's blog. I am Google's technical expert in the case, and as you might expect, I am pleased that the judge found our position, including my report and declaration, so persuasive. posted at: 02:25 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Copyright_Law/field.trackback 23 Jan 2006 More TLDs: why and how ICANN This is a joint posting; John Levine is posting it to his blog and Paul Hoffman is posting it to his blog. Susan Crawford, a new member of the ICANN board, asked about auctions and lotteries for new gTLDs. Lots of people responded in the comments, and then the two of us kind of took over. We have now stopped, and are posting here. See more ... posted at: 23:10 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/ICANN/whydom.trackback 19 Jan 2006 Reflection on new TLDs ICANN While pondering the renewal prospects for the three sponsored TLDs, .aero, .museum, and .coop, I went back and looked at the original applications for those and also for the unsponsored TLDs approved at the same time, .BIZ, .INFO, .NAME, and .PRO. Two lessons leapt out at me See more ... posted at: 02:07 :: permanent link to this entry :: 5 comments Trackback link is http://weblog.johnlevine.com/ICANN/tldreflec.trackback 18 Jan 2006 DKIM and Mailing Lists Email It's fairly straightforward to see how DKIM applies to normal mail--I send the mail, my mail system signs it, you get it, and you check the signature from my mail system. But it's a lot less clear what the best approach is for mailing lists, the discussion type that forward messages from members out to the list. See more ... posted at: 17:18 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/dkimlists.trackback 06 Jan 2006 DKIM working group chartered Email The IETF finally chartered a working group to create a DKIM standard earlier this week. See this notice which includes the text of the charter and the rather aggressive schedule: See more ... posted at: 14:25 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/dkimcharter.trackback 04 Jan 2006 The Politics of E-mail Authentication, 2006 Edition Email A student at a well-known US university wrote me and asked whether, given the huge national interest in getting the industry to unite behind (at least) one format, did I think that the FTC should've played a stronger role in pushing the industry to adopt an authentication format? See more ... posted at: 23:17 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/authpolitics.trackback

Topics Copyright Law - 8 Email - 114 ICANN - 50 My other sites Who is this guy? Airline ticket info Taughannock Networks Other blogs Spam resource (Al Iverson) The Spam Diaries (Ed Falk) Word to the Wise (Laura Atkins) Lextext (Bret Fausett) Related sites IRTF Anti-Spam Research Group Network Abuse Clearinghouse Coalition Against Unsolicited Commercial E-mail

© 2005-2008 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.