The (Possible) Future of International Spam Laws
The (Possible) Future of International Spam Laws By J.D. Falk
After more than a decade of fits and starts, fear and doubt, lies and lobbying, legislative attention towards spam now seems to arrive in regular waves. Our friend Dennis Dayman reports on deliverability.com that a new law has taken effect in Israel, requiring (in short) opt-in -- and so according to the International Herald Tribune, Israeli marketers were rushing to re-confirm questionable subscriptions before the deadline this past Monday. In Canada, Internet law expert Michael Geist lambasted his government for continuing to fail to pass any anti-spam legislation, four years after he and the National Task Force on Spam -- which also included our own Neil Schwartzman -- strongly urged them to take immediate action. And this week at the Internet Governance Forum in Hyderabad, I've heard representatives from more than a dozen governments from all over the world discussing not whether "cyber crime" legislation is necessary, but rather how it should be formulated to fit their local legal standards and culture.
McColo and the Difficulty of Fighting Spam
CAUCE's own Ray Everett-Church writes:
It may be a truism that “little things mean a lot,” but in the world of spam, flipping a single switch can have huge consequences that span the globe.
We saw that concept reinforced this past week when McColo Corp., an Internet hosting firm based in San Jose, Calif., had its Internet connection shut off by its upstream connectivity providers on suspicion that McColo was serving as a command and control center for various spamming “bot net” operations as well as a base of operations for various other unsavory activities.
Of course everyone, even McColo, is innocent until proven guilty. But in the days following the disconnection, global spam volumes have reportedly dropped by nearly two-thirds. I suppose it could be a coincidence...
Read the rest here.
Monday, October 6. 2008
It may be a truism that “little things mean a lot,” but in the world of spam, flipping a single switch can have huge consequences that span the globe.
We saw that concept reinforced this past week when McColo Corp., an Internet hosting firm based in San Jose, Calif., had its Internet connection shut off by its upstream connectivity providers on suspicion that McColo was serving as a command and control center for various spamming “bot net” operations as well as a base of operations for various other unsavory activities.
Of course everyone, even McColo, is innocent until proven guilty. But in the days following the disconnection, global spam volumes have reportedly dropped by nearly two-thirds. I suppose it could be a coincidence...
Read the rest here.
Defined tags for this entry: California, criminal activity, email, mccolo, Media, north america, perspective, security fix, spam, spam gangs, United States, world
The Root of All Email
This week, the Internet Engineering Task Force (IETF) published a number of what they call "RFCs," which originally meant "Requests for Comment" -- the standards documents which specify the technical underpinnings of the internet. Two of these, numbered 5321 and 5322, replace earlier documents defining the very core of internet email. On the surface, each of these seem surprisingly simple; one aims "...to transfer mail reliably and efficiently," while the other defines itself as "...a definition of what message content format is to be passed between systems." Yet without general industry-wide acceptance of (and compliance with) these standards, internet email simply would not exist.
This week also marks ten years since the death of Jon Postel, who arguably had more influence over the creation of the internet than any other single person. One of Jon's most enduring recommendations is to "be conservative in what you send and liberal in what you receive," which Vint Cerf (who had only slightly less influence over the early internet), described as "...a reminder that in a multi-stakeholder world, accommodation and understanding can go a long way towards reaching consensus or, failing that, at least toleration of choices that might not be at the top of everyone's list."
This philosophy is the root of all email, from the earliest standards discussions to the latest theories of authentication, reputation, and deliverability.
Thursday, July 24. 2008
This week also marks ten years since the death of Jon Postel, who arguably had more influence over the creation of the internet than any other single person. One of Jon's most enduring recommendations is to "be conservative in what you send and liberal in what you receive," which Vint Cerf (who had only slightly less influence over the early internet), described as "...a reminder that in a multi-stakeholder world, accommodation and understanding can go a long way towards reaching consensus or, failing that, at least toleration of choices that might not be at the top of everyone's list."
This philosophy is the root of all email, from the earliest standards discussions to the latest theories of authentication, reputation, and deliverability.
Eddie Davidson
When doing a job that you love it is natural enough to immerse oneself, to become somewhat myopic, about the relative importance and meaning of one’s work, but every once in a while context is thrust forward, rending fantasy and reverie aside, leaving one faced with a reality of what really matters.
Such are the sad events surrounding the murder-suicide that ended convicted spammer Eddie Davidson’s life today. For further details on the situation, please follow this link.
CAUCE extends our sympathies to the friends and families of the victims of this needless tragedy.
Tuesday, April 1. 2008
Such are the sad events surrounding the murder-suicide that ended convicted spammer Eddie Davidson’s life today. For further details on the situation, please follow this link.
CAUCE extends our sympathies to the friends and families of the victims of this needless tragedy.
Trust in Email Begins with Authentication
As most CAUCE supporters already know, forging From: or other commonly seen email headers is trivially easy. It's one of the most frustrating oversights in the creation of Internet email technology -- though of course that's only obvious in hindsight; it was just fine for the pre-Internet networks of the late 1970s and early-mid 1980s.
Since then, things have changed -- and the most interesting recent technological advancements in email have been in the realm of sender authentication, which encompasses ways to verify that the apparent sender of a message actually is the entity which sent it. Before you can answer the question "can I trust this message," you have to ask "who sent it?" -- but before authentication, there was often no way to know for sure.
The first authentication technology to catch the interest of the industry was Meng Wong's SPF, which also formed the basis for Microsoft's SenderID. In parallel, Yahoo! developed DomainKeys, which has now evolved into DKIM. All of these are free to use, though some have licensing requirements or patents which may prevent derivative works.
Having what looks like four entirely different technologies may seem confusing, and marketing tactics from some of the organizations involved certainly haven't helped. Luckily, our friends at the Messaging Anti-Abuse Working Group have published a new white paper, Trust in Email Begins with Authentication, which should help to clarify things. It provides a much-needed substantive overview of the authentication methods and practices currently in use, without inappropriate bias or attempts at coercion.
CAUCE hopes that this effort will raise the level of debate within the email industry, and lead to faster adoption of authentication technologies. Sender authentication will not, obviously, solve spam -- it has very little to do with spam, in fact -- but curtailing the bad guys' ability to send messages that look like they're from your bank or other trusted institution will certainly help.
[Some CAUCE Board members -- including the author of this article -- contributed to the MAAWG document, and are regular attendees of MAAWG events.]
Since then, things have changed -- and the most interesting recent technological advancements in email have been in the realm of sender authentication, which encompasses ways to verify that the apparent sender of a message actually is the entity which sent it. Before you can answer the question "can I trust this message," you have to ask "who sent it?" -- but before authentication, there was often no way to know for sure.
The first authentication technology to catch the interest of the industry was Meng Wong's SPF, which also formed the basis for Microsoft's SenderID. In parallel, Yahoo! developed DomainKeys, which has now evolved into DKIM. All of these are free to use, though some have licensing requirements or patents which may prevent derivative works.
Having what looks like four entirely different technologies may seem confusing, and marketing tactics from some of the organizations involved certainly haven't helped. Luckily, our friends at the Messaging Anti-Abuse Working Group have published a new white paper, Trust in Email Begins with Authentication, which should help to clarify things. It provides a much-needed substantive overview of the authentication methods and practices currently in use, without inappropriate bias or attempts at coercion.
CAUCE hopes that this effort will raise the level of debate within the email industry, and lead to faster adoption of authentication technologies. Sender authentication will not, obviously, solve spam -- it has very little to do with spam, in fact -- but curtailing the bad guys' ability to send messages that look like they're from your bank or other trusted institution will certainly help.
[Some CAUCE Board members -- including the author of this article -- contributed to the MAAWG document, and are regular attendees of MAAWG events.]
