Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment Re:no sympathy (Score 1) 170

However, I would think that there is something else wrong afoot.. Some of the biggest verified opt-in lists never seem to appear on any reputation list, why would this be happening to this person. I think more data is needed. Possibly, they aren't following Best Practices for email operators, eg some other funky thing like improperly configured emails, DNS, 'rwhois' or no URL associated with the domain they are using..

Comment Comes down to the desire of anonymity vs contact (Score 1) 81

This was/is a big issue at every conference, where of course the focus is always placed on 'policing' agencies wanting to know who operates an IP Address, however the concept is a lot greater than that. And of course, there is a perception that even at the highest levels (the Board) there is a lot of pressure by hosting companies who want to accomodate the customers who wish anonymity. The fact is that an IP Address or domain is/are Public lookup , and if you want to have an IP address/domain that is available to the public, you should post some public identity. This is used for a lot more than simply policing. Eg, various reputation services, auditing systems, and legitimate network operators who need to be able to identify the operator. Already, there are policies in place in theory to require this information; we already have tools and policies to do this, the problem that we hear is enforcement, and a mandate to take action during enforcement. There is a lot of finger pointing on this issue even amongst ARIN/ICANN officials and board members. And far too many times we see abusive behavior from 'Privacy Protected' holders of Public information. Now, it can be that the line on how much information about the holder should be publicized, but the operator/organization information at least MUST be provided, and the upstream providers should have a way to validate this information. And this has to be bigger than just ICANN/ARIN. We talk to operators who blatantly state that they do not collect information, and do NOT monitor activity on their networks, because they are concerned that if they 'know' about what is going on, they can be held responsible. Some protection must be given upstream providers, registrars etc, but on the basis they are diligent on getting information of the holders of public resources they assign.

Comment Re:spammers (Score 1) 241

Actually, it isn't just a few thousand, there are /17's used primarily for spamming.. And I don't think anyone is against the idea of IPv6 in general, but we do have to point out that so many people don't even know how to deal with IPv4 space correctly. IPv6 is great for 'clients' however there is lots of justification to keep server to server communications using IPv4. Just take a loot at the complexity and size of dealing with things like IPTables or RBL's needed to hold lists of attackers.. IPv6 opens up the potential attackers by the same number of scale as compared to IPv4. Thats why this time around a lot of technologies will have to be rethought before they can be effectively used in an IPv6 environment.

Comment Re:LinkedIn has just confirmed the breach (Score 1) 271

Oh, this looks fun.. Now we can expect another round of phishing emails for LinkedIn. "These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link." Yep, click on this link from yoru trusted service, honest it is them.. and not a link to a page that asks your for your information so we can match it to the information we have on hand.. oh, and don't worry.. clicking on this will not install a virus/trojan that will get all the rest of your passwords...

Submission + - Should SpamRats! charge for access to it's RBL? (

Linuxmagic writes: "We have a dilemna that we could use some SlashDot readers input in. We have had open access to our RBL for some time, and given the effectiveness of it, it is not surprising that we get more users all the time. Being a company that is founded on open principles as much as possible, the idea of some 'give back' has always been appealing to us, but now that we find more and more cases of people making money on our data collection efforts, some abusers of the priveleges, and just the sheer volume of demand, we are considering should we go the way many other RBL's have, and start charging in some way for access to the data. We are a business after all, and the more people use it, the more resources we should assign to it. We originally built it to solve our own needs, and our MagicMail deployments make for a great data collection grid, but keeping it available does cost us. We would like to get feedback from users, on whether we should commoditize this data, charge only commercial operators, change the way we distribute it, or simply put a small fee on it for everyone. Comments?"

Comment Re:Meh (Score 1) 151

Have you read the new proposed 'anti-spam' legislation planned for Canada? Basically it opens a whole that a truck can drive through for email marketers, while making normal B2B emailings risky for the small independant business person.

Comment Re:The root of the problem (Score 1) 74

We need to find a way of dealing with the root causes of the problem; filtering and the like is like sweeping up rat droppings, what you really need is to get rid of the rats

Hehe.., over 100 Million detected already.. But the part comes when IPv6 rolls down the Pipe!

Comment So they wait until people complain, is that right? (Score 1) 71

What ever happened to being responsible for what leaves your network? Recipients, and even email operators often simply give up reporting abuse, as traditionally the success of reporting to abuse departments has been very low. And isn't this a little like closing the barn door after the cow is gone? A simple stolen credit card, and 24 hours head start, boy are we in trouble with that kind of power. And the idea of 'opt-in' or 'permission' based according to current anti spam legislation is so loose, and untraceable that it is laughable. Pity the legitimate users who wish to use EC2 for email, won't take before the only way for users to protect themselves will be to block the source. The email marketers are shooting themselves in the foot, and this sets the stage for some nice legal action. The idea of the sanctity of a users mailbox will have to prevail, and hopefully it will happen before people resort to radical solutions like 'blacklist unknown senders' or stop using email for communication. Just like you have the right to decide who can enter your home, you can decide who can send to your email box, but when it reaches abusive levels from a single source, this has always resulted in drastic measures. At least we hope they force a header 'X-EC2-BULK-EMAIL' ;)

Comment Re:You can't compete with root. (Score 1) 276

The 'trusted' part is probably the root (excuse the pun) of the idea in the first place. Just because it is non-profit, doesn't mean it is immune from outside forces, sometimes political, in all senses of the word. There are many that question some of the decisions that are made, for all kinds of reasons, and the questions become doubt, which breed mistrust.. and so on. Even it's handling on who gets the ever shrinking IPv4 space is highly controversial.

Slashdot Top Deals

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman