ICANN has recently published a number of updates to the implementation program for new gTLDs.

One of these updates is a paper by ICANN's "auction design consultant PowerAuctions LLC". The document makes a case for an auction to be held for the "resolution of contention among competing new gTLD applicants for identical or similar strings." In other words, two (or more) applicants for ".bank", or applicants for ".bank" and ".banks."

The paper acknowledges that auctions are not the perfect answer to resolving these contentions, but says that they would be used for "tie-breaking."

The problem with this argument is that, in our imperfect world, it seems unlikely that there will be real ties to be broken. Auctions lately have become popular with one of the US federal agencies, the Federal Communications Commission, to allocate portions of the frequency spectrum, and the ICANN paper relies heavily on some academic support for them. But frequency spectrum allocation is not the same as selecting from among applicants to operate a generic Top-Level Domain registry. ICANN has a fundamental obligation to "promote the global public interest in the operational stability of the Internet. . ." (see http://icann.org/general/articles.htm)

ICANN is not a commercial operation, and it should not look at the possibly substantial proceeds of auctions as a motivating factor for a quick and easy solution to "tie-breaking."

The ICANN paper treats the new gTLDs as a "scarce resource". This is not necessarily the case, but the paper goes on to say that auctions would accomplish three things:

• Applicants whose true intentions or abilities are to serve many users would be able to justify higher bids than applicants who will serve few users;
• Applicants capable of providing high-quality service at low cost would be able to justify higher bids than low-quality, high-cost applicants; and
• Applicants who intend to develop the gTLD immediately would be able to justify higher bids than applicants whose purpose is to hold the gTLD, unused, for speculative purposes."

There is no question that it will be more difficult for ICANN to make selections of operators based on these three criteria, as opposed to holding auctions.

Despite the difficulties, ICANN's public interest obligations require it to investigate carefully and make judgments about the merits of gTLD applications, whether based on the three criteria above or other criteria, such as fostering competition and recognition of prior responsible registry management.

We Value Your Opinion: Please participate in this quick survey

More under: Policy & Regulation, Top-Level Domains

Last week American Airlines launched their Aircell wireless Internet access on a limited number of flights. It didn't take long before a few folks tried to make voice and video calls (in violation of Aircell's terms-of-service according to their PR folks), and it didn't take long before someone figured a way around their voice/video blocking efforts.

It's amazing how many times this battle gets fought. Service providers must know by now that people will find a way around their efforts to block applications. And they ought to realize that going after such users is going to create some negative publicity.

I posted some thoughts at the Enterprise 2.0 Blog. Andy Abramson and Dan York have "must read" posts as well.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband, VoIP, Wireless

Kim Zetter reporting on Wired: Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Internet Protocol, Security

With the thousands of IPv6 controlled lights dimming over the 2008 Olympics, the long march on the road to IPv6 continues as the Olympic IPv6 Workout enters history. The early objective of full commercial deployment for 2008 proved elusive and more realistic goals were set and met with success. Not wasting any time, the starting shot toward commercial deployment followed on the heels of the closing ceremony with the august 25th NDRC announcement urging the vigorous promotion of a commercial trial, increasing the number of IPv6 trial users to 500,000 by 2010 and to start mass production of IPv6 equipment. A logical next phase, indeed, as the IPv6 only CNGI has a 40 city coverage and massive bandwidth, but is still underutilized, while the old commercial IPv4 internet is sometimes bursting at the seams. Even in China it takes time to see the ISP's seriously start the transition on their commercial networks.

Exactly five years ago, in august 2003, NDRC launched the bidding process for CNGI which was deployed a year later and included all major carriers and CERnet, China's Education and Research Network. It would be prudent to assume that the new objective of 500,000 trial users by 2010 will be achieved; after all, with 210 million internet users, China pole vaulted past the USA, not to mention that China also holds the number one title in mobile with 560 million subscribers.

Does this mean that the USA is hopelessly behind in IPv6 deployment as has been so often postulated? Not so sure. Prodded more than a little bit by the DoD and DoC mandates and even more so by the 20 billion dollar of Networx contracts, all major ISP's in the USA have announced full commercial support of IPv6 by 2009-2010. The well publicised Comcast cable network IPv6 deployment, the Bechtel corporate IPv6 initiative or the Archrock sensor network products extend the effort beyond the traditional ISP environment and into the whole ecosystem.

Japan who is the undisputed leader in domestic commercial IPv6 deployment and IPv6 enabled end devices, has not yet started a real effort to translate this early advantage into successful export product lines. There is also still a chance that Europe will surprise everybody as they now offer a most competitive telecom market place. A total outsider could even surprise everybody.

The IPv6 finish line could be reached in another four years in London, let the Games continue.

Any opinions, findings, conclusions or recommendations expressed in these articles are solely those of the author and are not in any way attributable to nor reflect any existing or planned official policy or position of his employer in respect thereto.

We Value Your Opinion: Please participate in this quick survey

More under: IPv6

Aircell, the company that provides the new Gogo Internet service on some American Airlines flights, is reported to be signing another airline to its service. Aircell management expects there will be some 2,000 commercial airplanes offering Gogo by the end of next year.

Mary Hayes Weier reporting on InformationWeek: "American Airlines has installed Gogo on 15 airplanes for flights between New York and Los Angeles, Miami, and San Francisco, and Delta says it'll have Gogo available across its domestic fleet of 330 commercial jets within a year. Delta is expected to expand that service to Northwest Airlines flights if the merger of those two companies goes through as planned..." Virgin America is also reported to be placing Gogo on its flights.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband, Wireless

Following last year's report on the Unity trans-Pacific submarine cable project, research company, TeleGeography reports today that "Google is working with a consortium of carriers planning to build an intra-Asian submarine cable system. The new cable, dubbed the Southeast Asia Japan Cable (SJC), would link Unity's landing station in Japan to Guam, Hong Kong, the Philippines, Thailand and Singapore." Report further indicates that the work is still in the planning phase. 'Given the current flurry of undersea cables under construction, the SJC cable will probably not be ready for service until 2011 at the earliest,' said TeleGeography analyst Alan Mauldin.

With a few exceptions, SJC consortium and Unity are reported to have the same members which include Google, Bharti, SingTel, KDDI and Global Transit.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband

I have been thinking a lot lately on the topic of the free flow of information on the internet—what kinds of tools are available now and in the future for governments (especially repressive ones) to control content, isolate their people and keep any contrary viewpoints censored.

I had an interesting conversation with a Practice Lead from IFTF.org. The Institute for the Future (IFTF) is a California based independent, nonprofit research group with 40 years of experience in identifying emerging trends that will transform global society. We were talking about another topic and eventually veered into what kinds of things are happening now to enable potentially repressive governments to have an even stronger stranglehold on the flow of thoughts and ideas into and out of their societies. Turns out they are quite concerned about the fragmentation and control of the Internet as well. But will it be an inevitability?

Some disturbing trends I see are the rise of nationalism which seeks to venerate one form of culture while potentially isolating itself or isolating others. The word "separatist" has crept into our lexicon—think "Tamil Separatists" in Sri Lanka, "French separatists" in Quebec. This can happen geographically too. In Iraq, the cradle of civilization once marked by its multi-cultural makeup, has degenerated into a patchwork of geographic "strongholds"—Sunni and Shiite and Kurdish and on and on. Yet another example is the former multi-ethnic state of Yugoslavia, which ceased to exist as of February 2003, and is now comprised of a six nation state, yes six! The breakup has been attributed in large part to ethnic tensions and nationalism. And lastly, another trend I see, which when combined with linguistic and geographic nationalism can help repressive governments get a better stranglehold of their people is the trend towards censorship and even cyber-warfare helped of course by advances in technology. Almost every week, there is something in the news about it, saying for the most part that censoring and filtering is quite rampant, thank you very much!

So what if you put all the three trends together: rise of nationalism (both geographic and linguistic) and technical advances, you see a pattern emerge: the very same governments that are often cited for repressive controls, are the very same ones who are demanding their very own internationalized Top-Level Domain (TLD), and very soon. (See this story for instance.) The repressive governments have succeeded in clamping down on traditional media, but online content is far harder to filter, if the operations running the resolution are not within your control. It is one thing to burn the books one by one, but another to control the distribution plant. In fact the above article states the following about the possible misuse of Internationalized domain names (IDNs):

"Some in the industry have though raised concerns that it could allow the state to control more of the content in a sphere that has remained a relatively free forum for dissent at a time when traditional media have become subject to tighter control."

So—what controls or questions are we—the Internet community—putting on the process? Sadly, very little. See our letter to ICANN laying our concern. In it, we express our concerns that the rights and needs of the end-users are taken into account and that we ask the question—"Is this right for the welfare of the Internet user?"

Are we willing now to ask these tough questions and think about the implications of our actions in 10 to 20 years? Let's hope so…

We Value Your Opinion: Please participate in this quick survey

More under: Censorship, Domain Names, Internet Governance, Multilinguism, Policy & Regulation, Top-Level Domains

The Sunday Herald reported on Sunday that Best Western was struck by a trojan attack that lead to the possible compromise of about 8 million victims. There is some debate as to the extent of the breach and not a small amount of rumor going around. I'm not entirely disposed to trust corporate press releases for the facts, nor am I going to blindly accept claims of security researchers whose first call is to the PR team when discovering a problem.

That said, here is what seems to be the agreed upon facts:

• A trojan was installed on one of the machines in Best Western's booking systems which lead to a compromise of credentials for the hotel's staff. These credentials were attempted to (and probably successfully) sold to organizations with links to the Russian mafia.
• Best Western is and was Payment Card Industry Data Security Standard (PCI DSS) compliant.

Of course, PCI really only helps one piece of the security equation and compliance is not the same as security. In fact, it is usually (at best) a poor substitute and more often an excuse to stop thinking about security ("We're Compliant!" followed by self-congratulatory back slapping). The same is true with relying on encryption. Encryption can be "defeated" and the ways to do it are well-known. (For instance, here is a paper I wrote almost 4 years ago on how to do it). If you can own the endpoint of a communication, encryption is irrelevant.

As another example, remember the backup tape heists a few years ago? Attackers know it takes an excessive amount of time to crack encryption, so they target ways to avoid it. Someone had the great idea of stealing backup tapes at which point few people would have even thought to have protected those. Now it is due diligence.

That said, here are 5 areas that are likely targets in the near future (or are targets now) that you may be overlooking:

• Centralized patching systems (i.e. WSUS). If you can hijack an update server and have it distribute a malicious patch, you own every desktop in an environment. The RedHat compromise should be a wake-up call in this regard.
• Centralized configuration and management systems (i.e. Configuresoft or the like). Same as above… the machine that controls all your desktops becomes the single point of pwnership.
• Payroll. Your payroll system has salary information and identification information. In short, it has everything you need to commit tax fraud. In the US, in particular, it also has your national identification number (what is falsely called a "Social Security Number") which allows an attacker to basically jack your entire identity as well.
• Web 2.0. There have been some attempts to spread malware or spear phish using Web 2.0 technology. In as far as your organization uses Web 2.0, the more "legitimate" a message looks, the more likely a user is to click it. Web 2.0 provides a great vector to compromise an organization, especially if many of your employees use it. (Think social engineering).
• Malicious insiders. Ok, this last one is not new, but still a solid majority of attacks have at least some component of an insider attack. In some cases, simply installing a keylogger and "selling" the result is simple enough for a disgruntled employee with even a token level of access to an environment.

Will put up more info on Best Western as the situation warrants. Thoughts to the top 5 lists? What would you add or take off?

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

Your participation in this survey is very important to us. Understanding your background and professional experience will help us make this site more useful and relevant to you and other readers of CircleID.

The survey should only take a couple of minutes of your time. Please click here to start.

If there is anything else you'd like to add, please post them below using the comment form.

Thank you.

We Value Your Opinion: Please participate in this quick survey

More under:

When Kurt Pritz briefed the Generic Names Supporting Organization (GNSO) Council (and observers) in Los Angeles April 10th and 11th, the new generic Top-Level Domain (gTLD) process model flows transition through an "auction" state in two of the three paths where two or more applications existed for the same (or similar) strings. At that time Kurt, speaking for Staff, was clear that the existence of a well-defined community was not dispositive, which surprised the Council members from the Intellectual Property Constituency present who recalled coming to the opposite position at San Juan. For Staff, a well-defined community was "a pebble" to weigh in some balance, where the name-squatting speculative bidder's claims to make "better use" might prevail. The weights of pebbles and the market-cap of the "better use" claimants were not defined.

Kurt's pebble makes a cameo in The Economic Case for Auctions, as a 25% bidding credit ... offered to community-based bidders whose community is located primarily in least-developed countries, so it seems safe to assume that Chrysler LLC will simply have to offer 1.25 times the money to ICANN as a consortium which includes the governments or institutions of the Cherokee Nation of Oklahoma, the United Keetoowah Band of Cherokee Indians, and the Eastern Band of Cherokee Indians. Of course, the ICANN lobbyists for Chrysler LLC may ask for, and may obtain, a ruling on the question of whether "Indian Country" is "located primarily in least-developed countries", and as horked as the economy is in the nine districts of the CNO/UKB and the Qualla Boundary, they could be described as "inside" the United States, which could cut Chrysler LLC's overbid by a quarter.

Obviously, as the author of the original sponsored Top Level Domain (sTLD) proposal in Working Group C, for a TLD operated by and for Indians, and as the coordinator of the Indigenous Intellectual Property Constituency, one of the three original IPC constituency proposals, that's a bean of no small size wegdged way up my nose.

But that's not all, as the narrator of the Ginzu knives promotion promises, there's more. Much more.

The Executive Summary informs us that scarce resources are efficiently allocated through auctions, a claim articulated in full at page 2, para 6, through the end of page 4, while three paragraphs above the anonymous author notes that that TLDs are not a scarce resource. This may reflect a division between the anonymous authors, or a brief moment of sobriety by a single, conflicted author. There are as many potential new gTLD bid strings as there are stars on a clear night in Marina del Rey. What is (relatively) scarce is the number of bid-capable efforts, which presently numbers in the low hundreds, and the whole point of the exercise is to intelligently deal with the subset of those bidders who chose well-known strings and chose not to encumber their application, or more importantly, the legal entity with whom ICANN might contract, with a well-defined community.

The anonymous author(s) claim that value is defined by the presence, or absence, of bids. However, the World Wide Web Consortium (W3C) may offer a community identified proposal, a dispositive bid for $0 for the most sought after of all potential candidate strings ".WEB", preventing any bids, to remove ".WEB" from ICANN's GNSO policy area. The Microsoft Corporation may offer $1 more than any bid (open ascending assumed) or a year's marketing budget (sealed bid assumed), for the same ends. The real value here is defined by the capture of the rights of others or theft of some linguistic commons, and as a corollary, value is defined by replication of the unpolicied, unsponsored, COM/NET/ORG business model. ICANN is not handing out random string sausages to queued up Soviet housewives eager to go home and get on with cooking up something filling with cabbages, it is letting VeriSign and other high-cap speculators grab at a very small cloud of marques and generics, and bid price is claimed to be a sufficient surrogate for all forms of merit, all purposes, and all policies.

Worse, Microsoft could put in an application for .ETOAIN-SHRDLU or .SHAZAM, again, a bid price of $0, and bundle "free" domain names into its products and send the entire ICANN market, VeriSign's .COM franchise included, the way of the Linotype. The anonymous author(s) have completely missed the real contours of both the real ICANN market, and the real value(s) present in this market.

The three particular claims made that form the second paragraph of the Executive Summary contain assumptions that should be identified.

The first claim assumes that unit price times volume corresponds to value.

This violates the consensus of Working Group C, which established the parity of unrestricted and restricted applicants in the 2000 round. I know, I drafted the restricted text that Jonathan Weinberg worked into the working group's Oct. 23, 1999 interim report.

The second claim assumes that marginal cost corresponds to value.

This violates the consensus of Working Group A, which established the parity of prior claims and any other allocation mechanism, and which cannot sensibly be reduced, in an intellectual property regime encompassing hundreds of jurisdictions, to simple estimates of marginal cost. I know that too, because members of Working Groups A and C exchanged notes during the pendency of our respective working groups.

This too violates the consensus of Working Group C, which established the parity of policy other than the de minimus "first come, first served", assumption of the credit card industry risk, and negligence policy that defines the "unrestricted" policy model. I know that too, because, well, see above.

The third claim restates the first claim, with the odd twist that a "scarce resource" declines in value if reserved, whether by a "speculator" or a responsible intellectual property custodian, or ICANN. Is anyone certain, certain enough to commit ICANN's and scores of registries', registrars', and other applicants' resources, eight-figures sure, that the value of .WEB is less today that it was in 2000? That the value of .SPORT is greatest before the International Olympic Committee (IOC), the professional sports associations, the broadcasters and the advertisers appreciate it, now, and not ten years from now?

The remainder of the Executive Summary (paragraphs 3 and 4) are irrelevant, other than making the mildly amusing case, years late, by a bystander, that the .ORG and .NET redelegation "technical evaluations" were utter rubbish, and that in retrospect, Paul Vixie's and Carl Malmud's groups, or SWITCH, and not Hal Lubson's and Philipp Grabensee's groups, that should be operating .ORG, or that CORE/ISC and not VGRS, should be operating .NET. The author doesn't actually say that, of course, that could cause Sudden Consultant Termination Syndrome, but if ICANN can't do comparative evaluations in the future, and will be hopelessly gamed, it was hopelessly gamed and couldn't do them in the past either.

The notion that ICANN, that the ICANN stakeholders, have no interest in the policies or practices of an applicant to operate a gTLD registry, other than the applicants ability to pay—we don't need no stinkin' rules, we've got cash—is illuminating as an evaluation of ICANN as an institution. Fortunately, it's not mine.

If there is a place in the ICANN problem's allocation arena where the resources are scarce, and the policy of the bidders, as a class, of utter disinterest, other than their ability to pay, it is the allocation of single-character domains in COM, NET, and ORG. And neither Overstock, nor Oprah, propose to operate a gTLD registry, just an Second-Level Domain (SLD) of no particular import. And that is where the unsigned note belongs, and no where else.

We Value Your Opinion: Please participate in this quick survey

More under: Domain Registries, Policy & Regulation, Top-Level Domains

An exclusive report from Scotland's Sunday Herald newspaper says that an international criminal gang has managed to steal the identities of an estimated eight million guests of the Best Western hotel chain in a hacking raid that could ultimately net billions of dollars in illegal funds.

According to the report, late on Thursday night, a previously unknown Indian hacker successfully breached the IT defenses of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia. It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

Update 11/25/2008: Best Western Responds to Sunday Herald Story Claiming Security Breach

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

Britain's Government has warned that computer networks controlling electricity supplies, telecommunications and banking are under constant attack at a rate of thousands of times a day. According to reports, the cyberwar against Britain is waged by criminals and terrorists some of whom are backed by foreign stats.

"If you take the whole gamut of threats, from state-sponsored organizations to industrial espionage, private individuals and malcontents, you're talking about a remarkable number of attempted attacks on our system—I'd say in the thousands," Lord West of Spithead, the Security Minister said. "Some are spotted instantly. Others are much, much cleverer."

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Security

The Federal Communications Commission (FCC) has proposed a ban on some wireless microphones and other low-powered devices that operate in the 700-MHz band after the digital TV transition in February, next year. This is part of an attempt to clear any potential interference with the "white spaces” spectrum which will be fully available for "public safety as well as commercial wireless services".

"So almost 7 months after the start of the 700 MHz auction that produced income of $19 billion, FCC is finally getting around to kicking the wireless microphones out of the band they have sold to others for use starting in 2/09, less than 6 months from now," says Michael Marcus, radio technology and spectrum policy consultant who formerly worked at FCC. "But don't expect immediate action. The NPRM only proposes to stop legal use of channels 52-69 for wireless microphones. But since most use is already illegal the real impact is questionable. It proposes to stop approving new models and freezes all pending applications for equipment authorization, but previously approved models can be imported and sold by the thousands pending further action."

We Value Your Opinion: Please participate in this quick survey

More under: Policy & Regulation, Wireless

The Federal Communications Commission (FCC) has proposed a ban on some wireless microphones and other low-powered devices that operate in the 700-MHz band after the digital TV transition in February, next year. This is part of an attempt to clear any potential interference with the "white spaces” spectrum which will be fully available for "public safety as well as commercial wireless services".

"So almost 7 months after the start of the 700 MHz auction that produced income of $19 billion, FCC is finally getting around to kicking the wireless microphones out of the band they have sold to others for use starting in 2/09, less than 6 months from now," says Michael Marcus, radio technology and spectrum policy consultant who formerly worked at FCC. "But don't expect immediate action. The NPRM only proposes to stop legal use of channels 52-69 for wireless microphones. But since most use is already illegal the real impact is questionable. It proposes to stop approving new models and freezes all pending applications for equipment authorization, but previously approved models can be imported and sold by the thousands pending further action."

More under: Policy & Regulation, Wireless

One of China's largest ISPs has recently fallen victim to the DNS vulnerability. The security company Websense has reported that the DNS cache on the default DNS server used by the China's Netcom customers has been poisoned. The incident was first discovered on Tuesday, Aug 19th, by Websense's Beijing lab.

Webssense researchers say they have seen other DNS vulnerability attacks however decided to publicize this particular case because of its uniqueness. According to reports, hackers have only exploited one of Netcom's DNS servers in China. When China's Netcom customers mistype and enter an invalid domain name, the poisoned DNS server directs the visitor's browser to a page that contains malicious code.

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Cyberattack, DNS, Security

One of China's largest ISPs has recently fallen victim to the DNS vulnerability. The security company Websense has reported that the DNS cache on the default DNS server used by the China's Netcom customers has been poisoned. The incident was first discovered on Tuesday, Aug 19th, by Websense's Beijing lab.

Webssense researchers say they have seen other DNS vulnerability attacks however decided to publicize this particular case because of its uniqueness. According to reports, hackers have only exploited one of Netcom's DNS servers in China. When China's Netcom customers mistype and enter an invalid domain name, the poisoned DNS server directs the visitor's browser to a page that contains malicious code.

More under: Access Providers, Cyberattack, DNS, Security

Broadband competition in the US is as good as it gets in the foreseeable future and will potentially decrease according to telecom and tech regulatory analyst, Blair Levin. "There's not that much left to be disruptive," Levin said. "White spaces could be in rural areas, and a little bit in broadband, but I don't think so. Other things that people are looking to be disruptive I don't think will happen."

According to a report by Telephony, "Levin, who is rumored to be a potential candidate for an FCC [Federal Communications Commission] appointment should Barack Obama win the presidency, also made some predictions about the telecom agenda of a Democratic administration. Ubiquitous, affordable broadband will be a priority for an Obama administration, Levin said, and Obama's FCC would likely be charged to move very quickly on that agenda."

We Value Your Opinion: Please participate in this quick survey

More under: Access Providers, Broadband, Wireless

Broadband competition in the US is as good as it gets in the foreseeable future and will potentially decrease according to telecom and tech regulatory analyst, Blair Levin. "There's not that much left to be disruptive," Levin said. "White spaces could be in rural areas, and a little bit in broadband, but I don't think so. Other things that people are looking to be disruptive I don't think will happen."

According to a report by Telephony, "Levin, who is rumored to be a potential candidate for an FCC [Federal Communications Commission] appointment should Barack Obama win the presidency, also made some predictions about the telecom agenda of a Democratic administration. Ubiquitous, affordable broadband will be a priority for an Obama administration, Levin said, and Obama's FCC would likely be charged to move very quickly on that agenda."

More under: Access Providers, Broadband, Wireless

There's no denying that the fight against spam attracts a lot of crazies, both pro- and anti-spam. One of the common attributes of the anti-spam kooks is that they often think in terms of somehow taking revenge against the spammers—regardless of who else gets hurt along the way.

In 2005, that revenge came in the form of BlueFrog, a service which purported to launch what can only be called denial of service attacks against spammers' web sites. Though far from the first, this time the revenge idea proved surprisingly popular—and unsurprisingly ineffective. As usual, there was absolutely no evidence that the serious spammers even noticed. If they did, they were probably laughing.

This week, a company called SpamZa was hurriedly making a similar mistake. They took the old script kiddie trick of mailbombing a victim by signing them up for hundreds or thousands of unconfirmed opt-in lists, and turned it into a service. Anne Mitchell describes it further.

What's interesting is that this only works for what the email marketing industry calls "single-opt-in" lists: Those which allow anyone to enter any address, and then that address is automatically added without any additional confirmation or verification step. SpamZa has, ironically, proven what anti-spam activists have been saying for years: Single opt-in is not opt-in at all.

However, that does not redeem SpamZa. No matter what their disclaimers may disclaim, that service is only useful for abuse—so it should be no surprise that they've been shut down.

Read more from ZDNet, Word to the Wise, and Getting Email Delivered.

This article was originally written for Box of Meat

We Value Your Opinion: Please participate in this quick survey

More under: Cyberattack, Spam

There's no denying that the fight against spam attracts a lot of crazies, both pro- and anti-spam. One of the common attributes of the anti-spam kooks is that they often think in terms of somehow taking revenge against the spammers—regardless of who else gets hurt along the way.

In 2005, that revenge came in the form of BlueFrog, a service which purported to launch what can only be called denial of service attacks against spammers' web sites. Though far from the first, this time the revenge idea proved surprisingly popular—and unsurprisingly ineffective. As usual, there was absolutely no evidence that the serious spammers even noticed. If they did, they were probably laughing.

This week, a company called SpamZa was hurriedly making a similar mistake. They took the old script kiddie trick of mailbombing a victim by signing them up for hundreds or thousands of unconfirmed opt-in lists, and turned it into a service. Anne Mitchell describes it further.

What's interesting is that this only works for what the email marketing industry calls "single-opt-in" lists: Those which allow anyone to enter any address, and then that address is automatically added without any additional confirmation or verification step. SpamZa has, ironically, proven what anti-spam activists have been saying for years: Single opt-in is not opt-in at all.

However, that does not redeem SpamZa. No matter what their disclaimers may disclaim, that service is only useful for abuse—so it should be no surprise that they've been shut down.

Read more from ZDNet, Word to the Wise, and Getting Email Delivered.

This article was originally written for Box of Meat

More under: Cyberattack, Spam