TO:comments@icann.org
CC:abuse@verisign.com
Subject: Verisign Domain Name Hijacking
To whom it concerns:
I am sure you are aware that Verisign has taken it upon itself recently
to rewire the entire.com and.net portion of the internet in order to
drive bogus traffic to a pay-per-click search portal. This portal is
owned and operated by Verisign and is located at
http://sitefinder.verisign.com/.
This behavior is unacceptable and is causing chaos for network
administrators. It is breaking antispam software. It is also causing
people to transmit personal and confidential information if they happen
to misspell the domain name to which they are logging onto.
Please invoke your authority over Verisign and force them to stop
hijacking traffic for profit. I would also recommend a heavy financial
penalty be applied to Verisign for this unethical behavior, equal to at
least 1,000 times the profit they have generated with this advertising
venture.
What I was theorizing was something that installs a fully functional SMTP server that sends mail directly from an infected machine. It doesn't use the ISP or any relaying SMTP server.
Still, ISPs blocking the port would help quite a bit with the problems already present. I would hope that ISPs would have an option to reopen the port for certain customers if they needed it and agree to keep themselves secured.
Absolutely agreed. Most people have no reason to talk to a foreign SMTP server, but some of us do. I have a web site and a mail server that I pay quite a bit of money for each month. My host has had to open alternate ports on the mail servers for customers with ISPs that block them without permission.
I would be happy with port 25 blocked by default with an option to turn it off for specific customers. However, what's to stop a trojan from installing an SMTP server that uses something other than port 25? Not being argumentative, just curious.
Lovely. This from the same asshat company that sent a threatening letter to the Mozilla Phoenix project because they were under the mistaken impression they own the word "phoenix" and tried to include an adware module in their Award BIOS. Why am I not the least bit surprised?
Send that same letter to every manufacturer of PCs on Earth. Pheonix doesn't sell to you, they sell to them. Pheonix could give a shit if you don't like it. All that matters is that PC makers buy it. Send the letters where they'll matter most.
If those PC makers receive enough letters to make them worry about their bottom line, hopefully they will either 1.) offer PCs without this shit, or 2.) never ever remove the option to disable it.
Gateway already doesn't like all this anti-copy, consumer hostile bullshit. Remember their "Rip, Burn, Respect" ad campaign? So at least one company does remember the concept of making the customer happy.
I already make a point of insisting that people who send me.DOC files resend them in a vendor-neutral format -- even though I am running windows!
What is a "vendor-neutral format" that is acceptable? text? rich text? html?
At the moment, I tend to send things in plain text to friends/family/coworkers, but if I'm sending to someone else, I'll transfer it to Works 2000 WP (came with a previous computer:) ) and save it as Word '97-2000 compatible.doc.
I'm downloading Open Office as I write this (64 bloody MB!), and I'll install it to see what all the fuss is about. So which format should I use for the best compatibility?
I send out a newsletter every week (usually). To subscribe, you must volunteer your address to a form on the site. When the confirmation request comes, it includes a hyperlink that combines my web site, your email address, and a unique md5 hash. Until you click that link, you receive nothing further from me. If no one clicks it, the address is erased 3 days later.
If you want to come off the list, it has a link at the bottom that does that automatically. You can also send an email to unsubscribe@ and I'll doublecheck that the address is removed before the next mailing.
It's a clean list with very few bounces. I usually get swamped with morons using autoresponders, but only a few bounces. The one time it landed me on a blacklist, it was because some asshat signed up for the express purpose of reporting it to Spamcop.
I don't understand why someone who wants to put out a legitimate newsletter can't make potential subscribers confirm when their address is signed up. It's just asking for abuse otherwise.
The point is that the MPAA (and now RIAA, Microsoft, etc.) make it a point in assuming that their customer base is a part of their problem. Fine. Then I won't be a part of their customer base. End of story.
Excellent point. If you weren't already at 5 points, I'd mod you up instead of replying.
I have known many friends who felt very torn whether to buy an album by an artist they liked-- if they buy it, they are lining the pockets of an insdustry they felt betrayed by, but they still wanted to support their artists.
Understandable. However, it is a misconception that the creators of the content make money from CD sales. Except for a few very well know and very well off individuals, artists make most of their money from concert sales. They generate interest in those concerts when people listen to their music, regardless of how their fans come across that music.
If you want to support your artists, buy concert tickets, not CDs.
I disagree - unless they don't know what they're doing. (...) If so, you have a severe misunderstanding of SMTP, and I urge you to read the applicable RFCs to better your admin skills.
Lovely. Someone else with an attitude problem.
Just out of curiosity, why do you feel the need to be rude and insulting because you (mistakenly) believe you've caught me in an error?
Do you believe that if it comes from your ISP's mail server, that it has to come from their domain too?
No, I understand that, but some ISPs do not and should read those RFCs themselves. If the "FROM" address is not the ISP's domain, some ISP's block it. This is a spam prevention method, and it's one of the more useless and idiotic I've ever heard of.
There is also the matter of some admins who set their mail servers to rDNS the IP address of the SMTP server, and bounce it if it doesn't match the domain in the "FROM".
I have a valid reason to use port 25 as an end user on my home connection. I have a business to run and need no interference from an ISP to whom I pay $65 a month for unlimited access. I am not the exception to a rule. There are plenty of other business and web site owners that also need their ISP to stay out of their way and let them get on with business.
If you can't see the need for a business man to mail business partners from his business address using the mail server he pays for, then I'll not stress your intellect any further.
In the meantime, you really should seek some assistance for your social problems. Reacting like a petulant child when your mistakes are pointed out to you is not healthy. Have a good day.
Because it is is a home account, albeit satellite, not dialup or dsl.
Sorry, let me slow down and explain this in simple terms.
I connect to the mail server provided by my web host from my home. I do this by utilizing port 25, which is what the poster you replied to suggested be blocked. If my port 25 is blocked, I can't talk to my email server without circumventing the ISP's block.
I was correcting your mistaken comment that "Realistically, regular corporate workstations and home DSL/Cable/Dial-Up users should have no reason to talk directly to a foreign SMTP server in the first place." I do have a perfectly valid reason for talking to a "foreign" SMTP server.
If this is how you react to someone pointing out a mistake, you really should see someone about anger management. All that stress isn't healthy.
My, aren't we in a mood tonight? Mommy tuck you in wrong and you woke up on the wrong side of the bed this morning? Or is this how you always react when someone points out an error, by trying to distract from your error with juvenile behavior? Does that ever work?
Had you paid attention to what I said, you would have noticed I mentioned a web host. I would be hard pressed to serve the site to my 15,000 visitors a day off a DSL line. That host has already had to open one port so customers can send email through the mail servers they pay monthly fees on, even if their ISP has blocked port 25.
Realistically, regular corporate workstations and home DSL/Cable/Dial-Up users should have no reason to talk directly to a foreign SMTP server in the first place.
That is incorrect. Web site owners often use the mail server associated with their domain(s) to send and receive email. When I send email to a business partner, I would prefer they see it come from my web site's domain, not my ISP's.
If my ISP did this, I would just switch to the alternate port number my web host has set up for just that event. When/if they block that port also, I will ask them if the dubious benefit of blocking that port makes up for the $780 they would have made from my account that year when I choose another ISP.
Please, try not to put your foot in your mouth...
Either you are deliberately being an ass, or you have missed the blazingly obvious. He wasn't referring to modern Scotland/England. He was referring to the past 5 or 6 centuries, in which English monarchs have sent invading armies north repeatedly to crush the Scots.
I don't know how history played out on your planet, but on our's, the English treated the Scots (and the Welsh, and the Irish) quite poorly in the past.
Presumably, you would make your newsletter less spammish, so that 8000 email filters don't classify it as spam or unsure and DDoS/check your site.
Sorry, but I'm not censoring myself to compensate for the failure of someone else's software. I don't go on about mortages or viagra, but it's HTML, it does have one ad (which pays for my site's hosting bill), and it tends to be fairly long. Spam filters regularly misidentify it as spam.
My newsletter does not look spammish, spam tries to look newsletterish (is that a word?) to get around the filters.
For that matter, how do I deal with these filters attacking my site when some other newsletter links to it?
Again, this will only be applied to messages that have been classified as spam by the fairly accurate filters that Paul Graham talks about.
Correct me if I've misunderstood the article, but I thought the whole point (well maybe half the point) in fetching the page was to examine the contents of the page to see if it looked like spam? If it's not checking the page, then how will it know the difference?
Just hope you don't get linked to by any non opt-in "newsletters".
Sorry, that is unacceptable. My site is fairly well-known on the internet and receives a lot of attention. I shouldn't be forced to fend off a DDoS attack because someone links me.
What do I do when I piss off Ronnie Scelson and he links to every individual page on my site and spams 100,000,000 people with them?
In the meantime, what do you do if you piss off someone who sends out 100000000 emails containing every individual page on your site in an HTML IFRAME element? Or repeatedly includes pictures on your server in the email?
Good point.
I can't see how the idea of "attack filters" does anything but discredit the whole idea
You mean the idea of "attack filters"?
Sorry. Bad grammar there.
I meant it will discredit any software that participates in these attacks when innocent web sites are brought down.
Take that a step further. Most newsletters (and yes, spam also) have a link to click to automatically remove the recipient from the mailing list. Anyone running these filters will end up removing themselves from newsletters they have subscribed to.
What am I supposed to do for my own newsletter? Remove the unsubscribe option? Wait... doesn't that make me a spammer if I do that?
When my newsletter (confirmed Opt-in for the NANAE people who may be reading) goes out every Tuesday and 8,000 people open it, how am I supposed to deal with these filters DDoSing my site? For that matter, how do I deal with these filters attacking my site when some other newsletter links to it? What do I do when I piss off Ronnie Scelson and he links to every individual page on my site and spams 100,000,000 people with them?
Links are more likely to be found in legitimate email than in spam. We're going to whitelist every single existing domain on Earth, and then remove the bad ones? Do you have any idea how large that list would be and how long it would take to download it to compare with the domains found linked in an email?
Let's say this idea becomes used widely. It will be used as a weapon by the spammers themselves.
1.) Pay-per-click links sent in mass mailings. Spammer gets paid for every link clicked. I'm sure some of the advertisers will get wise, but there will be plenty who just sign the checks without looking deeper.
2.) Ronnie Scelson or Alan Ralsky get pissed at someone who owns a web site (SPEWS perhaps), and send the address to several hundred million people.
For the ISP sysadmins reading, you think it's bad when 20,000 spams land on your mail server? How are you going to like it when each of those 20,000 spams produce 3 or 4 (or 30 or 40) HTTP requests?
Sorry, bad idea. I can't see how the idea of "attack filters" does anything but discredit the whole idea, especially after thousands of perfectly innocent web sites are knocked offline by the sort of malicious software being advocating, or when spammers inevitably abuse it.
He was talking about 2-way satellite internet. It's advertised (falsely) as 128kbps max up. On a VERY good day, I might get 60-70kbps up. Usually it is 20-45kbps.
Download, on the other hand, is an ungodly 6,000 kbps if I'm doing a multithreaded download using a DL manager.
I'd more than happily trade 5Mb down for the advertised 128kbps up. The latency and piss poor upload are a MAJOR pain in the ass, especially for me. I run several web sites and I'm constantly in my FTP client (slow as hell over satellite) uploading files (also slow as hell over satellite).
I pay $64.99/month for that and bend over for it willingly because it's the only damned alternative to 24kbps dialup out here in the boonies.
Slashdot Mirror
Someone with worse typos than my own. :D
Now who the hell modded this guy flamebait? If you disagree with him, say so. Don't use up a mod point for that.
TO:comments@icann.org
CC:abuse@verisign.com
Subject: Verisign Domain Name Hijacking
To whom it concerns:
I am sure you are aware that Verisign has taken it upon itself recently .com and .net portion of the internet in order to
to rewire the entire
drive bogus traffic to a pay-per-click search portal. This portal is
owned and operated by Verisign and is located at
http://sitefinder.verisign.com/.
This behavior is unacceptable and is causing chaos for network
administrators. It is breaking antispam software. It is also causing
people to transmit personal and confidential information if they happen
to misspell the domain name to which they are logging onto.
Please invoke your authority over Verisign and force them to stop
hijacking traffic for profit. I would also recommend a heavy financial
penalty be applied to Verisign for this unethical behavior, equal to at
least 1,000 times the profit they have generated with this advertising
venture.
Thank you very much.
--
Mike Healan
http://www.spywareinfo.com
Ahhhh..... OK, I understand that much at least.
What I was theorizing was something that installs a fully functional SMTP server that sends mail directly from an infected machine. It doesn't use the ISP or any relaying SMTP server.
Still, ISPs blocking the port would help quite a bit with the problems already present. I would hope that ISPs would have an option to reopen the port for certain customers if they needed it and agree to keep themselves secured.
Absolutely agreed. Most people have no reason to talk to a foreign SMTP server, but some of us do. I have a web site and a mail server that I pay quite a bit of money for each month. My host has had to open alternate ports on the mail servers for customers with ISPs that block them without permission.
I would be happy with port 25 blocked by default with an option to turn it off for specific customers. However, what's to stop a trojan from installing an SMTP server that uses something other than port 25? Not being argumentative, just curious.
Lovely. This from the same asshat company that sent a threatening letter to the Mozilla Phoenix project because they were under the mistaken impression they own the word "phoenix" and tried to include an adware module in their Award BIOS. Why am I not the least bit surprised?
Send that same letter to every manufacturer of PCs on Earth. Pheonix doesn't sell to you, they sell to them. Pheonix could give a shit if you don't like it. All that matters is that PC makers buy it. Send the letters where they'll matter most.
If those PC makers receive enough letters to make them worry about their bottom line, hopefully they will either 1.) offer PCs without this shit, or 2.) never ever remove the option to disable it.
Gateway already doesn't like all this anti-copy, consumer hostile bullshit. Remember their "Rip, Burn, Respect" ad campaign? So at least one company does remember the concept of making the customer happy.
For those interested, I contacted nycfashiongirl's attorney and asked how to help pay her legal fees. He sent this information. I'm going to send $50.
Please note that donations are not tax deductible.
McDonough Client Trust Acct. f/b/a Jane Doe
McDonough Holland PC
555 Capitol Mall
Sacramento, CA 95814.
Sorry. By "someone else", I meant to other companies that are no doubt running Word and would wonder why I'm sending them text files.
What is a "vendor-neutral format" that is acceptable? text? rich text? html?
At the moment, I tend to send things in plain text to friends/family/coworkers, but if I'm sending to someone else, I'll transfer it to Works 2000 WP (came with a previous computer :) ) and save it as Word '97-2000 compatible .doc.
I'm downloading Open Office as I write this (64 bloody MB!), and I'll install it to see what all the fuss is about. So which format should I use for the best compatibility?
Agreed.
I send out a newsletter every week (usually). To subscribe, you must volunteer your address to a form on the site. When the confirmation request comes, it includes a hyperlink that combines my web site, your email address, and a unique md5 hash. Until you click that link, you receive nothing further from me. If no one clicks it, the address is erased 3 days later.
If you want to come off the list, it has a link at the bottom that does that automatically. You can also send an email to unsubscribe@ and I'll doublecheck that the address is removed before the next mailing.
It's a clean list with very few bounces. I usually get swamped with morons using autoresponders, but only a few bounces. The one time it landed me on a blacklist, it was because some asshat signed up for the express purpose of reporting it to Spamcop.
I don't understand why someone who wants to put out a legitimate newsletter can't make potential subscribers confirm when their address is signed up. It's just asking for abuse otherwise.
The point is that the MPAA (and now RIAA, Microsoft, etc.) make it a point in assuming that their customer base is a part of their problem. Fine. Then I won't be a part of their customer base. End of story.
Excellent point. If you weren't already at 5 points, I'd mod you up instead of replying.
I have known many friends who felt very torn whether to buy an album by an artist they liked-- if they buy it, they are lining the pockets of an insdustry they felt betrayed by, but they still wanted to support their artists.
Understandable. However, it is a misconception that the creators of the content make money from CD sales. Except for a few very well know and very well off individuals, artists make most of their money from concert sales. They generate interest in those concerts when people listen to their music, regardless of how their fans come across that music.
If you want to support your artists, buy concert tickets, not CDs.
stop drinking coffee and send all the money to them instead
Never!
You can have my intravenous coffee drip when you pull it from my cold, dead arm!
I disagree - unless they don't know what they're doing. (...) If so, you have a severe misunderstanding of SMTP, and I urge you to read the applicable RFCs to better your admin skills.
Lovely. Someone else with an attitude problem.
Just out of curiosity, why do you feel the need to be rude and insulting because you (mistakenly) believe you've caught me in an error?
Do you believe that if it comes from your ISP's mail server, that it has to come from their domain too?
No, I understand that, but some ISPs do not and should read those RFCs themselves. If the "FROM" address is not the ISP's domain, some ISP's block it. This is a spam prevention method, and it's one of the more useless and idiotic I've ever heard of.
There is also the matter of some admins who set their mail servers to rDNS the IP address of the SMTP server, and bounce it if it doesn't match the domain in the "FROM".
I have a valid reason to use port 25 as an end user on my home connection. I have a business to run and need no interference from an ISP to whom I pay $65 a month for unlimited access. I am not the exception to a rule. There are plenty of other business and web site owners that also need their ISP to stay out of their way and let them get on with business.
If you can't see the need for a business man to mail business partners from his business address using the mail server he pays for, then I'll not stress your intellect any further.
In the meantime, you really should seek some assistance for your social problems. Reacting like a petulant child when your mistakes are pointed out to you is not healthy. Have a good day.
http://www.google.com/search?q=stress+reduction+th erapy
Because it is is a home account, albeit satellite, not dialup or dsl.
Sorry, let me slow down and explain this in simple terms.
I connect to the mail server provided by my web host from my home. I do this by utilizing port 25, which is what the poster you replied to suggested be blocked. If my port 25 is blocked, I can't talk to my email server without circumventing the ISP's block.
I was correcting your mistaken comment that "Realistically, regular corporate workstations and home DSL/Cable/Dial-Up users should have no reason to talk directly to a foreign SMTP server in the first place." I do have a perfectly valid reason for talking to a "foreign" SMTP server.
If this is how you react to someone pointing out a mistake, you really should see someone about anger management. All that stress isn't healthy.
My, aren't we in a mood tonight? Mommy tuck you in wrong and you woke up on the wrong side of the bed this morning? Or is this how you always react when someone points out an error, by trying to distract from your error with juvenile behavior? Does that ever work?
Had you paid attention to what I said, you would have noticed I mentioned a web host. I would be hard pressed to serve the site to my 15,000 visitors a day off a DSL line. That host has already had to open one port so customers can send email through the mail servers they pay monthly fees on, even if their ISP has blocked port 25.
That is incorrect. Web site owners often use the mail server associated with their domain(s) to send and receive email. When I send email to a business partner, I would prefer they see it come from my web site's domain, not my ISP's.
If my ISP did this, I would just switch to the alternate port number my web host has set up for just that event. When/if they block that port also, I will ask them if the dubious benefit of blocking that port makes up for the $780 they would have made from my account that year when I choose another ISP.
Please, try not to put your foot in your mouth... Either you are deliberately being an ass, or you have missed the blazingly obvious. He wasn't referring to modern Scotland/England. He was referring to the past 5 or 6 centuries, in which English monarchs have sent invading armies north repeatedly to crush the Scots. I don't know how history played out on your planet, but on our's, the English treated the Scots (and the Welsh, and the Irish) quite poorly in the past.
http://www.spywareinfo.com/articles/hijacked/
The newsletter is http://www.spywareinfo.net. The site itself is http://www.spywareinfo.com.
Presumably, you would make your newsletter less spammish, so that 8000 email filters don't classify it as spam or unsure and DDoS/check your site.
Sorry, but I'm not censoring myself to compensate for the failure of someone else's software. I don't go on about mortages or viagra, but it's HTML, it does have one ad (which pays for my site's hosting bill), and it tends to be fairly long. Spam filters regularly misidentify it as spam.
My newsletter does not look spammish, spam tries to look newsletterish (is that a word?) to get around the filters.
For that matter, how do I deal with these filters attacking my site when some other newsletter links to it?
Again, this will only be applied to messages that have been classified as spam by the fairly accurate filters that Paul Graham talks about.
Correct me if I've misunderstood the article, but I thought the whole point (well maybe half the point) in fetching the page was to examine the contents of the page to see if it looked like spam? If it's not checking the page, then how will it know the difference?
Just hope you don't get linked to by any non opt-in "newsletters".
Sorry, that is unacceptable. My site is fairly well-known on the internet and receives a lot of attention. I shouldn't be forced to fend off a DDoS attack because someone links me.
What do I do when I piss off Ronnie Scelson and he links to every individual page on my site and spams 100,000,000 people with them?
In the meantime, what do you do if you piss off someone who sends out 100000000 emails containing every individual page on your site in an HTML IFRAME element? Or repeatedly includes pictures on your server in the email?
Good point.
I can't see how the idea of "attack filters" does anything but discredit the whole idea
You mean the idea of "attack filters"?
Sorry. Bad grammar there.
I meant it will discredit any software that participates in these attacks when innocent web sites are brought down.
Take that a step further. Most newsletters (and yes, spam also) have a link to click to automatically remove the recipient from the mailing list. Anyone running these filters will end up removing themselves from newsletters they have subscribed to.
What am I supposed to do for my own newsletter? Remove the unsubscribe option? Wait... doesn't that make me a spammer if I do that?
When my newsletter (confirmed Opt-in for the NANAE people who may be reading) goes out every Tuesday and 8,000 people open it, how am I supposed to deal with these filters DDoSing my site? For that matter, how do I deal with these filters attacking my site when some other newsletter links to it? What do I do when I piss off Ronnie Scelson and he links to every individual page on my site and spams 100,000,000 people with them?
Links are more likely to be found in legitimate email than in spam. We're going to whitelist every single existing domain on Earth, and then remove the bad ones? Do you have any idea how large that list would be and how long it would take to download it to compare with the domains found linked in an email?
Let's say this idea becomes used widely. It will be used as a weapon by the spammers themselves.
1.) Pay-per-click links sent in mass mailings. Spammer gets paid for every link clicked. I'm sure some of the advertisers will get wise, but there will be plenty who just sign the checks without looking deeper.
2.) Ronnie Scelson or Alan Ralsky get pissed at someone who owns a web site (SPEWS perhaps), and send the address to several hundred million people.
For the ISP sysadmins reading, you think it's bad when 20,000 spams land on your mail server? How are you going to like it when each of those 20,000 spams produce 3 or 4 (or 30 or 40) HTTP requests?
Sorry, bad idea. I can't see how the idea of "attack filters" does anything but discredit the whole idea, especially after thousands of perfectly innocent web sites are knocked offline by the sort of malicious software being advocating, or when spammers inevitably abuse it.
He was talking about 2-way satellite internet. It's advertised (falsely) as 128kbps max up. On a VERY good day, I might get 60-70kbps up. Usually it is 20-45kbps. Download, on the other hand, is an ungodly 6,000 kbps if I'm doing a multithreaded download using a DL manager. I'd more than happily trade 5Mb down for the advertised 128kbps up. The latency and piss poor upload are a MAJOR pain in the ass, especially for me. I run several web sites and I'm constantly in my FTP client (slow as hell over satellite) uploading files (also slow as hell over satellite). I pay $64.99/month for that and bend over for it willingly because it's the only damned alternative to 24kbps dialup out here in the boonies.
Or it would be if I'd had the sense to check that link first :/
Wrong story