Domain industry news

2011 was an interesting year for IPv4: in February 2011, the Internet Assigned Numbers Authority (IANA) handed out their last free IPv4 address blocks to the Regional Internet Registries (RIRs).

In April 2011, the APNIC (the Regional Internet Registry for the Asia Pacific region) started allocating from its last /8. At the RIPE NCC we did not see a big jump in IPv4 address allocations in 2011, as anticipated by some observers.

The image below shows the total amount of IPv4 address space allocated each year (calculated as /16s on the y axis). You can see that in 2011 there was a drop in the amount of IPv4 address space from the previous year, bringing it down to the level of 2008 and 2009. There was no big run on the remaining IPv4 addresses.

Note that this does not correspond with the number of requests. Especially the number of requests for /21s increased in 2011 (you can find more on this in the background article on RIPE Labs).

IPv4 is certainly running out, but there is no great rush for the last addresses as feared by some. It was all pretty much "business as usual". As we've said in the past, predicting exactly when the RIPE NCC will run out of IPv4 address space is difficult. We cannot anticipate the size of requests we'll receive.

For more information and more statistics, please refer to IPv4 Allocation Statistics in 2011 on RIPE Labs.

Written by Daniel Karrenberg, Chief Scientist at the RIPE NCC

Follow CircleID on Twitter

More under: IP Addressing, Regional Registries

The trade press is abuzz today with reports about a security breach at Verisign. While a security breach at the company that runs .COM, .NET, and does the mechanical parts of managing the DNS root is interesting, this shouldn't be news, at least, not now.

Since Verisign is a public company, they file a financial report called a 10-Q with the SEC every quarter. According to the SEC's web site, Verisign filed their 10-Q for June through September 2011 on October 28th. where it's been available to the public ever since.
Like every other 10-Q, it has a Risk Factors section which lists all the reasons that the company might fail, so don't sue us. Normally those sections are pretty routine, key employees might quit, customers might desert us, key contracts might not be renewed, that sort of stuff. But this 10-Q contained this bit:

We experienced security breaches in the corporate network in 2010 which were not sufficiently reported to Management.

In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System ("DNS") network. Information stored on the compromised corporate systems was exfiltrated. The Company's information security group was aware of the attacks shortly after the time of their occurrence and the group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks. However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information. In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future. The occurrences of the attacks were not sufficiently reported to the Company's management at the time they occurred for the purpose of assessing any disclosure requirements. Management was informed of the incident in September 2011 and, following the review, the Company's management concluded that our disclosure controls and procedures are effective. However, the Company has implemented reporting line and escalation organization changes, procedures and processes to strengthen the Company's disclosure controls and procedures in this area.

Apparently nobody got around to reading it until today, at least nobody who understands the business well enough to know what it means.

All the press reports I've seen just regurgitate that paragraph, adding a few quotes from people close to Verisign who all said they didn't know about it either, and security types who told us that it's an enormous big deal. (Now that you've read the paragraph, you're as qualified to pontificate as anyone.)

Personally, I don't know if it's an enormous big deal or not. Risk factor sections tend to be written as pessimistically as possible, so you can skip over the parts about they cannot assure you and so forth. One thing I do know is that it happened over a year ago, so if anything significant happened as a result, and Verisign knew about it, they'd have told us about that, too, on the principle that you release all your bad news at once. So this means that either it really was just a minor network breach, or the evil consequences are so deep and subtle that we may not know about them for years and years, if ever. I'd tend toward the former, but then, I'm not a Verisign stockholder.

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Cyberattack, DNS, Security

"Facebook reported in its SEC filing that it owns 'network equipment' valued at $1.016 billion at the close of 2011," reports Rich Miller of Data Center Knowledge. "The number reflects the expense of rapidly building a massive Internet infrastructure, including Facebook's shift from buying vendor gear and leasing data centers to building its own servers, racks and custom data centers."
Facebook Constructing New Data Center - Located 62 miles south of the Arctic Cicle, Lulea. Facility consists of three 300,000 square feet server buildings; scheduled for completion by 2014.

Photo above shows Facebook's first outside the U.S. data center currently being built on the edge of the Arctic Circle. The northern Swedish city of Lulea chosen for the data center is partly because of the cold climate — crucial for keeping the servers cool — and access to renewable energy from nearby hydropower facilities, according to the company.

Image below is a visualization of Facebook's social graph of 500 million back in 2010 created by intern Paul Butler.
Facebook 'Friendship Visualisation' shows pairs of friends between the world's cities based on company's 500 million user base in 2010. Facebook's current user base at the time of its SEC filing is reported to be over 800 million.(Click to Enlarge)

Follow CircleID on Twitter

More under: Data Center

"More than two months after authorities shut down a massive Internet traffic hijacking scheme (link), the malicious software that powered the criminal network is still running on computers at half of the Fortune 500 companies, and on PCs at nearly 50 percent of all federal government agencies, new research shows," reports Brian Krebs. ... "Internet Identity, a Tacoma, Wash. company that sells security services, found evidence of at least one DNSChanger infection in computers at half of all Fortune 500 firms, and 27 out of 55 major government entities."

Follow CircleID on Twitter

More under: Cybercrime, DNS, Malware, Security

ICANN has started its historic and controversial program to expand the number of generic Top-Level Domains (gTLDs). This essay outlines the factors needed for the program to create economic value, warns against a cognitive trap that complicates selection of a new gTLD and considers the value contribution of the registries. I will not go into relevant macro measures, but I examine the problems associated with the popular measure of simply counting the number of registrations.

The key to understanding the program's economic impact is to follow the theories of economist Paul Romer and look at how the rearrangement of resources creates value. ICANN's program increases the supply of resources that registries have for creating value. Value creation by registries can come from: (1) introducing new TLD signals for things like location, community, and social responsibility (for example, .nyc for New York City, .music to signal community, and .green to signal environmental corporate responsibility); (2) combining information, such as in the .tel model, which provides contact information for the companies using the gTLD; and (3) introducing a gTLD that competes with .com.

Given the new resources provided by ICANN, the burden now lies on the registries to innovate. But they have to be careful of cognitive biases in choosing among the gTLDs. For example, a registry that chooses the proposed .music should ask itself, "Is there value in .music?" The temptation is to ask the far easier "Do we love music?" Not the same thing, but studies show that we often answer an easier question instead of a harder and more relevant one, and that we'll do so without noticing the swap. (For details on cognitive error traps, see Daniel Kahneman, Thinking, Fast and Slow. I have warned against cognitive biases in gTLD value estimation and in domain name appraisals.) Another trap is reliance on the popularity of key words in social media, an approach that flopped with the recent failure to predict the success of presidential candidates.

Remember, there is no easy way to measure new gTLD value creation. The domain name industry has focused on registrations, but that's because they are easily measured and the information is publicly available. Number of registrations does provide a viable measure of a registry's profits, but the registrations may be defensive by brand owners rather than value creating. (For a discussion of alternative measures, see "The Economics of Well-Being” by Justin Fox, HBR January-February 2012.)

New signals and combinations of information, á la .tel, can be value adding for established companies as well as new ones. But switching costs will probably keep most com-branded companies from making the jump. So new companies may converge on a new gTLD that competes with .com while existing companies will more than likely register their brands under a large number of the new gTLDs as a defensive measure. Put all the registrations together and there will be enough revenues for the com-alternative gTLD to be viable.

One reason for gravitating to a com-alternative gTLD is that new companies might feel constrained by the unavailability of desired .com names and thus have a motive to find reasonable alternatives. (See Why Dominant Companies Are Vulnerable by Kyle B. Murray and Gerald Häubl, Sloan Management Review December 2011.) This is especially true because emerging brand owners don't have to acquire any new skills in order to adopt a new gTLD.

Written by Alex Tajirian, CEO at DomainMart

Follow CircleID on Twitter

More under: Domain Names, ICANN, Top-Level Domains

John Stankey, President and CEO, AT&T: "Data consumption right now is growing 40% a year."40%, not 92%-120%. "Data consumption right now is growing 40% a year," John Stankey of AT&T told investors and his CEO Randall Stephenson confirmed on the investor call. That's far less than the 92% predicted by Cisco's VNI model or the FCC's 120% to 2012 and 90% to 2013 figure in the "spectrum crunch" analysis. AT&T is easily a third of the U.S. mobile Internet and growing market share; there's no reason to think the result will be very different when we have data from others.

With growth rates less than half of the predictions, a data-driven FCC and Congress has no reason to rush to bad policy. Wireless technology is rapidly moving to sharing spectrum, whether in-building small cells, WiFi, White Spaces, Shared RAN or tools of what the engineers are calling hetnets — heterogenous networks. The last thing policymakers should do is tie up more spectrum for exclusive use; shared spectrum often yields three to ten times as much capacity.

Bad compromises on the video spectrum are unnecessary because plenty of spectrum is unused. That includes the 20 MHz that M2Z would be building out today if Julius hadn't blocked them; the 20 MHz the cable companies are sitting on and want to sell to Verizon; and the 30 MHz or so Stankey identifies as fallow at AT&T.

40% growth is still substantial, but wireless technology is improving at a breathtaking pace. LTE has about 10x the capacity of 2.5G and 4x the capacity of 3G. LTE Advanced, deploying beginning 2013 at Verizon, is designed for 10x the capacity of LTE. Putting more spectrum to use would be great, but let's do it right.

Wireless speeds are actually going up dramatically, with AT&T delivering 2-5 megabits to most of the country and Verizon's LTE delivering 5-12 megabits to 2/3rds of the population. Verizon is ahead of schedule to bring 5 megabits+ to 92% of the country in 2013 and 96-98% in 2015-2016. AT&T and Sprint have raised capex to catch up. 80%+ of the U.S. will have a 5 megabit offering in 2013-2014, 90%+ by 2015 or sooner. That's without any additional spectrum.

Today's wireless networks are designed to be shared: towers, WiFi, White Spaces, DAS and small cells all working together. The best engineers in the world are working on RAN sharing, SON, hetnets, 8x8 MIMO and techniques I'm writing about in my next book, Gigabit Wireless. AT&T in fact is one of the world leaders in DAS, WiFi and femtos and behind the scenes a key thought leader. There's wonderfully exciting stuff I'll be doing my best to translate for non-engineers.

Takeaway: The future is sharing the airwaves so let's get the policy right.

Written by Dave Burstein, Editor, DSL Prime

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile, Policy & Regulation, Telecom, White Space, Wireless

"Internet protocols simply aren't adequate for the changes in hardware and network use that will come up in a decade or so," says Professor Dave Farber who was recently interviewed by Andy Oram.

"Dave predicts that computers will be equipped with optical connections instead of pins for networking, and the volume of data transmitted will overwhelm routers, which at best have mixed optical/electrical switching," writes Oram. "Sensor networks, smart electrical grids, and medical applications with genetic information could all increase network loads to terabits per second. When routers evolve to handle terabit-per-second rates, packet-switching protocols will become obsolete. The speed of light is constant, so we'll have to rethink the fundamentals of digital networking."

Follow CircleID on Twitter

More under: Broadband, Internet Protocol, Web

A consortium of companies including Google, Microsoft, Facebook and Paypal have announced that they were collaborating and coming up with a new protocol known as DMARC — the Domain-based Message Authentication, Reporting and Conformance.

What is DMARC?

This is very much a summary of DMARC in a nutshell (I will probably write an article about this in the future), but from the website:

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes — such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

When I first heard about DMARC, I said to myself "Self, why do we need another email authentication protocol?" The answer is that DMARC is not another protocol but instead leverages existing email authentication protocols and provides feedback to the spoofed domain.

SPF already provides a way to say: "If this message fails an SPF check, discard the message." It's called a Hard Fail. However, not all hard fails are illegitimate (there are significant false positives with SPF). DKIM, in itself, doesn't provide a way to discard a message if it fails an authentication check. This makes it less useful in securing the Internet (i.e., it is a barrier to adoption).

Besides which, what happens if an SPF check asses but a DKIM check doesn't? And if one of them fails, who should you tell? DMARC provides a mechanism that says: "If one of these checks fails, discard the message." But furthermore, it also provides a way to tell the responsible party that the message failed a check. For example, if security@paypal.com fails a DMARC check (either through SPF or DKIM), the email receiver can send the message to an email address that says "Hey, this message failed an SPF check. Was it legitimate or not?" If it is a false positive (perhaps a new server brought online), Paypal can add it to its SPF check. If it's a phishing message, Paypal can investigate to have the website taken down.

The strength of DMARC is that it is a stronger way to protect a brand from being abused; receivers can discard spoofed messages and senders can figure out just who, exactly, is sending mail as them.

The weak point of DMARC is, unfortunately, the weak point of SPF and DKIM — spammers and phishers don't need to spoof a domain in order to fool users into taking action. If a spammer sends mail from security@paypal.com.yakzas.com (a fictitious domain), many users just see that first part (paypal.com) without being more aware that there is more to the message.

And if a phisher signs up for a cloud service that issues temporary credentials, they can create the account paypale.onmicrosoft.com and send spam from there to avoid IP reputation blocking (and to the spammer that is abusing our Office 365 service, we know what you're doing, you jackass) while hijacking the reputation of another brand in the From address.

The strength of DMARC is not so much that it combats phishing but that if a good domain is authenticated, mail user agents (like Gmail, Hotmail, Outlook, etc) can highlight that the sender is a trusted sender and highlight it in blue or put a little icon beside it. Since users use visual clues to make heuristic decisions, the lack of a trusted symbol can train people to be suspicious.

Anyhow, it's nice to see that the authentication/validation protocols are consolidating.

Written by Terry Zink, Program Manager

Follow CircleID on Twitter

More under: Email, Spam

Wout de Natris writes: At a speech during the Security and Defense Agenda meeting on 30 January Vice-President of the European Commission, Neelie Kroes, showed how the Commission envisions public-private cooperation on cyber security.

Remarks by Kroes:

"The Internet does not belong to any one group, but attacks on it affect every group. So let's work together, all sectors, all levels, public and private, national, international and European. So that we can safeguard the security of the systems that increasingly underpin our lives, today and in the future."

"In tomorrow's world, if the Internet is not secured, nothing will be."

Full statement published here.

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Internet Governance, Malware, Policy & Regulation, Security

In the past three years, Akamai has seen 2,000% increase in the number of DDoS attack incidents investigated on behalf of its customers. The latest State of the Internet report released today by Akamai also identifies top countries from which this observed attack traffic originates, as well as the top ports targeted by these attacks.

From the report: During the third quarter of 2011, Akamai observed attack traffic originating from 195 unique countries/regions, up from 192 in the second quarter. After making its first appearance in the top 10 list in recent memory in the second quarter, Indonesia vaulted to the top of the list this quarter, generating 14% of observed attack traffic. Myanmar, which had suddenly appeared at the top of the list in the prior two quarters, disappeared from the list just as suddenly in the third quarter, potentially indicating that the attack traffic that had been observed originating from the country has either been shut down, or is now coming from other places. With Myanmar dropping out of the top 10 list, South korea moved into it, more than tripling its observed level of attack traffic, responsible for 3.8% in the third quarter. In addition to South korea and Indonesia, Taiwan, China, India, and Egypt were all responsible for higher percentages of attack traffic as compared to the prior quarter.
Attack Traffic – Top Originating Countries

Follow CircleID on Twitter

More under: Cyberattack, Security

Danny Sullivan has been the go-to guy for understanding the world of search for over 15 years. This week he published a really good story on Google Plus Your World. A group of engineers have launched a site called Focus on the User that shows exactly how the new Google service could be including other social media content listings besides only Google Plus, but is not.

Google Plus is of course Google's entry into the social network battle, and the service recently announced over 90 million users. Just this month Google has started inserting social media content from Google Plus listings (when available) into the search engine response pages (SERPs) on Google. However, other major sources of social media content — Facebook, Twitter — are not included.

Danny does a great job of laying out why this is overly preferential, and doesn't deliver the best search result. The engineers from Facebook, Twitter and MySpace behind Focus on the User have developed a bookmarklet called, "Don't Be Evil, get it?" that you can add to your browser to pull more comprehensive social media listings into your personalized search results.

Danny makes a strong case this improves current search results. He provides lots of screenshots like the one below. It's important to note that the bookmarklet is using Google's own algorithmic rankings for these revised SERPs.

Danny also includes the other side of the story. Sites like Facebook and Twitter do not license their content to be crawled, so why should Google include this content?

"Google, in particular its executive chairman Eric Schmidt, has argued that it doesn't have all the data it needs to include other social services in the way it does for Google Plus. The failure to reach a deal with Facebook; the failure to renew a deal with Twitter, these have prevented the social signals it needs from being used, Google has said."

What the Focus on the User group has done is clearly demonstrated that Google could have included other content if it wanted. And to my read Danny has made a convincing argument that Google SHOULD do this, because it delivers the highest quality search results back to the user.

If legal concerns are really what is holding Google back, the company should challenge Facebook and Twitter to allow them to use the same inputs Focus on the User has accessed via the bookmarklet. If those companies refuse, then publicize that decision.

I've installed the Focus on the User tool and I'm doing my own comparisons. If anyone out there is already using it, please drop a comment with your impressions.

Written by Christopher Parente, High Tech Public Relations

Follow CircleID on Twitter

More under: Policy & Regulation, Web

Recently ICANN (Internet Corporation for Assigned Names and Numbers) published a report on inaccurate registration data in her own databases. Now the question is presented to the world how can we mitigate this problem? There seems to be a very easy solution.

Why register?

The question to this answer seems simple. To know who has registered with an organisation. This makes it possible to contact the registered person or organisation, to send bills and to discuss policy with the members.

The rationale of unreachable registrations

This one completely goes by me. ICANN distributes IP resources at the highest level that are on principle scarce: domain names and IP addresses and sets policy around the distribution of these resources. So it seems to be in the utmost interest of ICANN to have an accurate database. Over the past years it has been shown over and over again, that accuracy was not a priority of ICANN, even against her existing policies.

There does not seem to be a rationale for this lapses in registration measures. ICANN in the end loses money as she provides a service, but is most likely not paid for this service. Next to that it is not good for ICANN's image, as government and LEA reactions have shown over the past years. It could even become a threat to ICANN's very existence.

Cyber crime and enforcement

With the coming of cyber crime, spam and botnets, law enforcement agencies of different back ground became interested in Whois data and were very much frustrated when they found data not to be accurate. (And vetting and revocation mechanisms not being in place.) Whois data is a primary source at the start of investigations. So if these are false this makes investigations harder, not impossible.

Inaccurate data

What can be reasons that data is inaccurate? There can be several reasons. To give a few examples. Someone forgot to change the data after a move of the office, contact person, a merger, bank account, a company stopped its activities, etc. In the meantime the IP resources are still used as they were meant to, but from an unknown address.

A second reason could be that free speech advocates want to have a chance to hide their identity behind a so called proxy registration. This way they are safe from prosecution in their home country. Usually this is supported by western governments.

A third reason can be criminal intent. A person or group of persons uses the IP resources for personal gain through illegal activities. They never intended to provide accurate data. From a society point of view this is an activity that preferably is stopped as fast as possible.

What to do about it?

We are discussing unreachable registered companies. It looks quite simple to me. ICANN has many ways to reach out to these companies and does so. Everyone concerned gets one year to alter the data. As soon as someone complies, the data is submitted to the Whois database, after being vetted by ICANN.

All that have not updated their registration on time -and one year is a very lenient time frame- are de-registered by ICANN and where possible their IP resources taken away.

Legit after claims

If ICANN makes sure there's a good procedure to follow for legit claims after the de-registration that come in anyway, I'm sure this procedure will work. Criminals usually do not show up and try to find new ways to proceed their business.

Vetting of all new registrations

When ICANN makes sure new applicants are vetted before being admitted and an ongoing checking procedure of existing members is put in place, I'm convinced that the Internet will become a safer place for all concerned. Also, she becomes an example for policy at lower level IP resource organisations by setting a standard. It makes one avenue on the Internet harder to reach for criminals.

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Follow CircleID on Twitter

More under: Cybercrime, Domain Names, ICANN, Internet Governance, IP Addressing, Policy & Regulation, Whois

Openreach, the lead deployment arm of BT, has issued an announcement asking residents and landlords of apartment blocks to join a pilot project that will eventually bring broadband download speeds of up to 300Mbps to residents.

"Participants will gain access to Openreach’s Fibre to the Premises (FTTP) technology which delivers super-fast broadband speeds," says Openreach. "End users will initially have access to downstream speeds of up to 100Mb/s but these will rise to give users the option of up to 300Mb/s in the spring of this year, the fastest commercially available speeds in the UK for a residential connection. Upstream speeds will also be the fastest in the UK."

Follow CircleID on Twitter

More under: Access Providers, Broadband

In November 2011, a group of "friends of ICANN" from various countries sent a letter to the Chair of ICANN's Board, expressing concern about the process used previously, and suggesting improvements.

Towards the end of 2011, the ICANN Board set up a Search Committee, chaired by George Sadowsky, and some significant improvements have been integrated into the selection process:

• In the previous round, in 2008-09, some members of the Board had self-appointed themselves to form a Search Committee, which began consultations many weeks before a Board resolution even established it. This time, proper process has been respected.

• In its previous incarnation, the Search Committee had chosen an external consultant without any semblance of a competitive bid, which was odd at a time when the whole of ICANN was gearing up to reaffirm its commitments, including being able to escape "capture" resulting from any conflict of interest. This time, the firm was selected through a call for tenders.

• In 2008-09, responsibilities were blurred between the Search Committee and the consulting firm, each doing a bit of the other's job. This time, applications from candidates are received solely by the consulting firm, which does all the vetting, due process and pre-selection, in (we are told) an independent fashion.

• Transparency has improved; for example, the profile of the CEO job was posted, and the ICANN community invited to review it.

• Previously, the job of CEO had not been advertised other than on the ICANN website, in spite of strong demands by some Board members who remarked that a lack of adequate international publicity weakened the corporation's transparency and reputation. This time, an ad was placed in a world-class weekly, attracting much attention.

In the 2nd letter to the Chair of the Board, 2 questions were raised about the way the ad was run in The Economist:

• Why was ICANN not referred to, simply, as a "not-for-profit" organization?

• Why was the usual "multi-stakeholder organization" description dropped?

Do these two notable departures from long-standing and widely accepted definitions imply that ICANN is considering a change in its identity? In his reply, the Chair of the Board answers these points.

The 2nd letter from these "friends of ICANN", and the reply from the Chair of the Board, can be viewed in full here.

Written by Jean-Jacques Subrenat, Ambassador (ret.)

Follow CircleID on Twitter

More under: ICANN

My mail server has a lot of spamtraps. They come from various sources, but one of the most prolific is bad addresses in personal domains. Several of my users have their own domains, such as my own johnlevine.com, in which they use a handful of addresses. Those addresses tend either to be people's first names, for individual mailboxes, or else the names of companies. If I did business with Verizon (which I do not) I might give them an address like verizon@johnlevine.com. All those domains get mail to lots of other addresses, which is 100% spam.

The made up addresses are largely dictionary attacks, which is obvious when I see sequential spam to barry@, betsy@, and bruno@. Some of them are company addresses that leaked to spammers before the companies went out of business years ago. And some are just mysteries.

My friend Bob Frankston has had his own vanity domain since 1992, which gets a lot of spam to spamtrap addresses. I automatically diagnose and send off abuse reports for a lot of it. Today I got a hand written response to one of them from a database marketing company in Florida. It said, in part:

This email resolves to a master record for [a name and address of a guy in Pennsylvania].

If [that address] had changed their mind about receiving emails, we diligently suppress/remove opt outs. However, I do not see that email in our suppression, opt out, or feedback loops.

That wasn't too surprising, I've gotten other mail to that spamtrap from other spammers who gave me the same guy in Pennsylvania, who has no relation to Bob, and it's barely possible that someone could have scribbled something on a postcard that might have been mistranscribed as the spamtrap address, although the name of the alleged subscriber has no visible connection to the spamtrap address either. It's certainly plausible that once someone had the bad info, they sold it to lots of other marketers.

But two things jumped out at me. The first is the date, 2002. They've been spamming this address for ten years. Since it is a spamtrap, it has never responded, never ordered anything, never "opened" a message (ESP-speak for fetching the URLs in the message.) But they keep pumping out the mail anyway. The competent ESPs I know all purge their lists of dead addresses eventually, certainly in a lot less than ten years.

The other is the inability to imagine that every address in their crummy database isn't a live potential customer. This address never "changed their mind" because it doesn't have a mind. It's a spamtrap. It sends no mail, and it won't opt out because it never opted in.

I wish this situation were atypical, but it's not. If the putatively legitimate e-mail marketing industry wanted to understand why they've earned such a poor reputation, it wouldn't be hard to figure out.

Fun fact: Bob's last name happens to be the name of a town in Australia. Someone there has misconfigured one of their systems to send status reports with personal information about their clients to yet another made up address in Bob's domain, which I expect is totally illegal under Australian privacy law. I haven't been able to stop that, either.

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Spam

In a blog post today, Michael Geist writes: "The reverberations from the SOPA fight continue to be felt in the U.S. and elsewhere (mounting Canadian concern that Bill C-11 could be amended to adopt SOPA-like rules), but it is the Anti-Counterfeiting Trade Agreement that has captured increasing attention this week. Several months after the majority of ACTA participants signed the agreement, most European Union countries formally signed the agreement yesterday (notable exclusions include Germany, the Netherlands, Estonia, Cyprus and Slovakia). This has generated a flurry of furious protest..."

Follow CircleID on Twitter

More under: Access Providers, Censorship, Internet Governance, Law, Policy & Regulation

There has been a lot of recent discussions and questions about reputation, content and delivery of email. I started to answer some of them, and then realized there weren't any basic reference documents I could refer to when explaining the interaction. So I decided to write some.

This post is about IP address reputation with some background on why IPs are so important and why ISPs focus so heavily on the sending IP.

Why IP addresses?

ISPs built reputation around IP addresses because it was one bit of data that malicious senders / spammers couldn't forge. The connecting IP is a fundamental part of the network transaction and if you forge an IP then SMTP can't work. Because that was the reliable data they had to work with, that's what they used. Even now, when there are other kinds of data, the IP address is still the first thing the receiving MTA sees.

What is IP reputation?

IP reputation can best be summed up as "past performance is an indicator of future results." In other words if recipients responded well to mail from an IP address in the past, then they're likely to respond well to new mail from that IP address.

How is IP reputation measured?

While each spam filtering company and ISP have their own ways of calculating the reputation of an IP address, there are some similarities in what they measure.

• How many non-existent email addresses is this IP attempting to deliver to?
• How many abandoned email addresses is this IP attempting to deliver to?
• How many "known bad" email addresses (spamtraps) is this IP attempting to deliver to?
• How many recipients complain about receiving this mail?
• How many recipients complain about not receiving this mail?
• How respectful of my resources is this IP?
• Does this IP keep connections open for long periods of time?
• Does this IP retry deliveries too aggressively?
• Does this IP stop mailing addresses after receiving a "user unknown" message?
• Is this IP address configured as if the associated machine was infected by a virus?
• Is this IP address listed on blocklists we use?
• That is by no means an exhaustive list of what ISPs measure. If they can measure it they've tried. If the measurement helps them separate spam mail from not-spam mail then they're using it.

How fast does IP reputation change?

IP reputation is often measured over multiple time periods. ISPs can look at a 1 day, 7 day, 30 day and 90 day reputation. A good analogy is stock prices. Prices can be very volatile in the short term, but more consistent over the long term. A single bad day, where one or more reputation measurements go bad, may affect delivery that day or the next day but won't damage an overall good reputation. Likewise, a few days of improved mail may not be sufficient to counter months of poor reputation.

How is IP reputation used?

Mail from IPs with a high reputation is accepted faster and at a higher rate than mail from IPs with a lower or unknown reputation. IP reputation can also influence whether mail is delivered to the inbox or the bulk folder.

Key IP Reputation takeaways

• IP reputation is about how recipients react to mail from that IP. Happy, content recipients turn into good delivery.
• Brief changes (for good or bad) don't necessarily ruin delivery over the long term.
• Steady improvements will result in improved reputation.
• It may takes as much time to change a reputation in one direction or another as it took to establish the reputation in the first place.

Written by Laura Atkins, Founding partner of anti-spam consultancy & software firm Word to the Wise

Follow CircleID on Twitter

More under: Email, IP Addressing, Spam

Map Showing NORDUnet's 2011 completion of network expansion by taking a third connection to the US in production.
(Click to Enlarge)NORDUnet, the R&E network connecting the Nordic countries has recently undertaken a brilliant Internet peering strategy that will have global significant ramifications for supporting research and education around the world.

NORDUnet is now emerging as one of the world's first "GREN"s — Global Research and Education Network. NORDUnet is extending their network infrastructure to multiple points of presence throughout the USA and Europe to interconnect to major Internet Exchange Points (IXPs). This will allow them to negotiate as a Tier 1 Internet service provider and exchange traffic with other global commercial Tier 1 Internet transit providers. NORDUnet is also playing a global leadership role by extending this service offering, on a shared cost basis, to NRENs such as SURFnet (Netherlands), PIONIER (Poland) and perhaps others.

Many network operators ask why they should build an extensive peering network when transit prices are only marginally more expensive than peering (and still dropping)? The NORDUnet engineering team are one of the first to understand that Internet peering is not about cost comparison between peering and transit pricing.

Most universities (as well as consumers and business) have a fixed budget for Internet connectivity. So regardless of traffic volumes they can only spend so much money for Internet transit. As result many institutions cap traffic volumes to commercial transit providers. But peering traffic is done on a settlement free basis and therefore traffic volumes are not linearly related to cost. Many NRENs have discovered that content peering traffic has a huge benefit for their connected institutions in stabilizing costs without restricting use of the network. On some NRENs, content peering traffic is now 90% of their overall traffic volume. By connecting to the major IXPs in the USA, NORDUnet can eliminate purchase of virtually all transit traffic. Traffic volumes are expected to immediately jump because now institutions will not have to cap formerly transit traffic.

This arrangement will have a huge benefit for the research community as more and more computational research is done on commercial clouds in the US. NORDUnet realizes, that despite concerns about US Patriot Act, researchers are voting with their wallets and using commercial cloud providers and value added cloud providers in the US. Many research disciplines, especially genomics and bio-informatics are being increasingly dependent on commercial application providers, because they have the necessary tools critical to their research. Numerous bioinformatics companies, like SoftGenetics, DNAStar, DNAnexus and NextBio, have sprung up to as they have found life sciences a fertile market for products that handle large amounts of information. Access to these commercial organizations through the commercial Internet or Open Lightpath Exchanges is essential for the future of research.

This initiative by NORDUNet will have profound implications for the future of the Internet and data intensive science. The obvious next step after exchanging peering traffic is also to use this links for dynamic lightpaths and virtual networks for large data flows. It is no surprise that networks like NORDUNet and SURFnet are also leading the developments of dynamic optical networking through GLIF. The other important development is for other NRENs to build similar global links and exchange peering routes so collectively they can represent themselves as a global Tier 1 and finally eliminate the archaic telco business models that currently dominate the Internet. This will significant benefits for those NRENs who are deploying community IXPs and can extend the benefits of content peering to community anchors and support community broadband developments.

Peering traffic also goes hand in hand with dynamic optical networks and GOLEs. Some NRENs are under pressure by some large institutions threatening to leave. Some institutions think that by directly connecting to a GOLE and purchasing commercial Internet for the balance of their traffic is all they need for R&E connectivity But peering dramatically changes the balance as it is a service and business model that is not available from commercial providers. The cost savings are dramatic for the connected institution and it does not cripple researchers accessing commercial research services such as clouds because of traffic caps.

Once again, NRENs and GRENs are demonstrating their important role in redefining the critical role of the Internet and creating new opportunities for the global informational economy. Kudos to NORDUnet.

Written by Bill St. Arnaud , Green IT Networking Consultant

Follow CircleID on Twitter

More under: Access Providers, Broadband

As part of its efforts to speed up the delivery of web content, Google has proposed changes to Transmission Control Protocol (TCP), "the workhorse of the Internet." Yuchung Cheng who works on the transport layer at Google writes:

"To deliver content effectively, Web browsers typically open several dozen parallel TCP connections ahead of making actual requests. This strategy overcomes inherent TCP limitations but results in high latency in many situations and is not scalable. Our research shows that the key to reducing latency is saving round trips. We’re experimenting with several improvements to TCP."

Cheng believes the current transport layer badly needs an overhaul to catch up with other (networking) technologies. Read more.

Follow CircleID on Twitter

More under: Internet Protocol, Web

The Stop Online Piracy Act (SOPA) and its defeat call attention to a delicious irony in public discourse on Internet governance. Even those who don't want the Internet to be an exception from traditional forms of regulation and law are forced to admit that something new and exceptional must be done to bring it under control, such as massive departures from traditional concepts of territorially bounded sovereignty through the use of in rem jurisdiction. Reinforcing the irony, these attempts by the anti-exceptionalists to subordinate the Internet to established institutions immediately locks them into conflict with a highly mobilized, highly transnational community of Internet users and service providers who vow to resist those controls. The resistance comes precisely because the mobilized community believes that the controls cannot be applied to the Internet without threatening to fundamentally alter its status as an open, innovative and — dare we say it — exceptional space. In other words, we are all Internet exceptionalists now.

You know that the anti-exceptionalists have raised the white flag of surrender when they are forced to whine that the thousands of web publishers who went dark are "abusing their power” — thus admitting that a critical mass of Western society's eyes are turned toward the Internet and that the people who occupy and publish and interact in that globalized space constitute enough of a cohesive community to collectively turn against those who threaten them.

It doesn't matter whether one is on the pro-control or anti-control side of the spectrum; governing the internet forces a choice upon one: either go for new and unprecedented forms of technical intervention and transnational political cooperation, or go for some kind of ratification and institutionalization of the Internet's special status as a zone for the free flow of information and a diminished role for territorial government and traditional informational property rights.

Mind you, one needn't be a cyber-utopian to be an Internet exceptionalist. In other words, you don't have to believe that the Internet will by its very nature make politics fair and democratic and that the good guys will always win. SOPA or some equivalent could rise again, in some other form. Some key actors could be bought off with some concessions in the new legislation. The mobilized community's resolve could weaken over time, as it grows accustomed to things. We need to be heedful of Benkler's warning that as the networked environment resists control, there will be strong pressures to suck ever more of it into the law enforcement vortex. But surely, after 15 years of these battles (starting, roughly, with the CDA mobilization of 1996) we can dismiss these jaded admonitions that Internet regulation is just business as usual. If the Internet stops being an exception, we will have no one but ourselves to blame.

Written by Milton Mueller, Professor, Syracuse University School of Information Studies

Follow CircleID on Twitter

More under: Censorship, Internet Governance, Law, Policy & Regulation