Monthly Archives: September 2016

IANA Transition Confirmed: US Governement to Handover IANA Contract to ICANN at Midnight

United States District Court for the Southern District of Texas Galveston Division has denied plaintiffs motion for a temporary restraining order thus allowing IANA transition to proceed as planned.

— “A federal judge in the Southern District of Texas on Friday denied a last-ditch request for an injunction against the long-awaited shift of oversight of the Internet’s address book from the U.S. Department of Commerce to a non-profit organization,” reports Elizabeth Weise in the USA Today: “U.S. Senator Brian Schatz (D-Hawaii), ranking member of the Senate Subcommittee on Communications, Technology, Innovation, and the Internet, said he was pleased the request, which he termed “baseless,” had been denied.”

“The most significant change in the internet’s functioning for a generation will happen tonight at midnight,” reports Kieren McCarthy in the Register: “At 12.01am Washington DC time, the US government will walk away from the IANA contract, which has defined how the internet has grown and been structured for nearly 20 years, and hand it over to non-profit organization ICANN.”

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation

Continue reading

Posted in circleid | Tagged , , | Comments Off on IANA Transition Confirmed: US Governement to Handover IANA Contract to ICANN at Midnight

Restraining Order Filed by US States’ Attorneys in the Final Hours of IANA Transition

With less than 24 hours to go before the historic contractual relationship between the US government and ICANN is set to expire, a motion hearing is expected to be held today based on a lawsuit filed in federal court in Texas by four states’ attorneys generals which could lead to NTIA facing the possibility of a temporary injunction.

— Texas Attorney General Ken Paxton along with Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt, and Nevada Attorney General Adam Paul Laxalt have filed the lawsuit in Texas in U.S. District Court Southern District of Texas, Galveston Division. The “Plaintiff States” are seeking declaratory and injunctive relief against the National Telecommunications and Information Administration (NTIA); the United States of America; the United States Department of Commerce; the Secretary of Commerce; and the Assistant Secretary for Communications and Information.

But “attempt to enjoin the IANA transfer is baseless,” says law professor Michael Froomkin: “The APA claim is bogus. I think they lack standing for the property claim. The property claim is also meritless, as the government is not giving away any property it “owns”. The US is letting go of a contractual right to veto alterations to the data in a computer file (the root zone file) held on a privately owned machine. There is no intellectual property right because the contents of the file are in the public domain, and US law would not recognize this as a compilation copyright. What’s at issue in the IANA transfer is the loss of the US government’s right to veto authoritative changes to the file, not to own the contents.”

“The transition is not ‘giving the Internet away,’ neither to foreign governments nor to ICANN,” says Milton Meller, Professor at Georgia Institute of Technology School of Public Policy: “It is giving the Internet to the people — the people who use it, operate its infrastructure and run its services. The people of the Internet — the ‘global multi-stakeholder community’ to which the Commerce Department referred in March 2014 when it kicked off the stewardship transition — are not confined to the United States. They are everywhere. If freedom entails the right to self-governance, then the transition promotes and advances it.”

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation

Continue reading

Posted in circleid | Tagged , , | Comments Off on Restraining Order Filed by US States’ Attorneys in the Final Hours of IANA Transition

One-Click Unsubscription

Unsubscribing from mailing lists is hard. How many times have you seen a message “please remove me from this list,” followed by two or three more pointing out that the instructions are in the footer of every message, followed by three or four more asking people to not send their replies to the whole list (all sent to the whole list, of course,) perhaps with a final message by the list manager saying she’s dealt with it?

For marketing broadcast lists, it’s even worse because there’s no list to write to. Messages are supposed to have an unsubscribe link (required by law in most places) which usually works except when it doesn’t, or it leads to a web page making incomprehensible demands (“click here unless you want not to be removed only from this sender’s mail”) so for a lot of users it’s easier just to click the junk button until the messages go away.

Mail system managers know that users aren’t very good at unsubscribing, so they’ve invented some ad-hoc ways of dealing with it. Many large mail systems have feedback loops (FBLs) which let mail senders register their ranges of IP addresses or in Yahoo’s case DKIM signatures, so the sender or perhaps sender’s network gets a report when a recipient marks a message as junk. When the sender is a bulk mailer, they generally try to handle the report as an unsubscribe request.

While FBLs are great for finding when an ISP customer is compromised and starts spamming, they’re not so great as a substitute for unsubscriptions. One reason is that even though there’s a standard format called ARF (see RFC 5965) for sending FBL reports, each mail system includes slightly different details, so the original mail sender needs to try and parse out enough from the report to identify the list and the subscriber. Many mail systems redact their ARF reports on advice of their lawyers, and the redaction is often so severe that it can be impossible to tell who to unsubscribe from what. AOL’s reports are so redacted that the only way I can figure out who to unsubscribe is to take the transaction ID in a Received: header of the reported message and manually match it up with my outgoing mail logs. And Gmail doesn’t provide individual FBL reports at all, only aggregate data.

The obvious solution to this problem is the List-Unsubscribe: header that has been a standard since 1998 (see RFC 2369). It can contain an e-mail address with subject line, or a web URL or both. When a user clicks the junk button, the system could simulate a click on the URL, or send mail to the e-mail address, and in theory they’re off the list. The practice is not so simple.

The problem with the click is that a lot of anti-spam systems automatically follow all the URLs in the message to see if they lead to malicious sites, and there’s no way for the target of the URL to mechanically tell a request from a spam filter from a click by a live user. It’s quite reasonable for spam filters to do this: Imagine a bad guy sending deliberately uninteresting spam with a fake unsubscribe link leading to his malware site.

As a result, the unsubscribe link usually leads to a web page with a confirmation button that the malware checkers won’t click but a live person will. The confirmation page may also ask what address to remove. While there have been attempts to parse the web pages and figure out what to fill out and what to click next, they don’t work very well since the confirmation buttons vary all over the place. Unsubscribing by mail works at small scale, but operators of large mail systems like Gmail and Yahoo have told me that they are so big compared to most other mail systems that what seems to them like a moderate amount of automated mail can easily overwhelm recipient systems.

To solve this problem, a few people at Gmail, AOL, Optivo (the bulk e-mail part of the German post office) and I have come up with an automatic one-click unsubscribe scheme. The goal is to allow automatic unsubscribes as an option for the junk button — when the user clicks junk, a little window asks whether to unsubscribe too.

One-click unsubscribe uses an https POST action rather than the simpler GET. POST is intended for actions that change something, as opposed to GET which is just supposed to retrieve data. Anti-spam and malware checkers do GETs, not POSTs. (We know not everyone follows these rules, but they’re how the web is supposed to work and usually does.)

We’ve defined a new message header List-Unsubscribe-Post: used in combination with List-Unsubscribe:. The POST action goes to the URL in the List-Unsubcribe: header, using the contents of the List-Unsubscribe-Post: as the body of the request, analogous to the form fields in a POST generated by a web form. This is intended to be easy for the mail senders to implement; most web servers can handle GET and POST in the same code, typically providing a parameter to the code to say which one it is, and passing in the fields from the POST. If it’s a GET, it returns the confirmation form, but if it’s a one-click POST, it just does it.

This one-click design avoids the redaction issue, since the user asked for the unsubscription, and the request goes directly to the link in the message, not an address intuited from IP addresses or DKIM signatures. The point of the FBL ARF redaction is in case the intuiting guessed wrong and the message went back to someone other than the sender, but there’s no guessing here.

One-click should be useful in some other situations, too, notably when a mailbox has been closed or abandoned, so the recipient system wants to unsubscribe it from everything. Several large mail systems have said they plan to implement one-click as part of their junk buttons, so with any luck, it’ll soon be helping senders send less mail the recipients don’t want.

The current draft spec is here.

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Email

Continue reading

Posted in circleid | Tagged | Comments Off on One-Click Unsubscription

Is it evil? A year of email controversies

Private email servers, DNC emails, hacked Yahoo accounts — we take a look back at recent email drama and what it says about the technology. Continue reading

Posted in marketplace | Comments Off on Is it evil? A year of email controversies

What do you have for $100 ?

Over the summer we did a couple of posts that allowed readers to post their best name and what they had for sale for $2,500 or less. With this post tell everyone what you got for $100, I know it’s not a lot and no one should expect anything premium. Just a fun way to […]

The post What do you have for $100 ? appeared first on

Continue reading

Posted in thedomains | Tagged | Comments Off on What do you have for $100 ?