CAUCE

Announcing CAUCE

2013-05-09T12:00:00-04:00

Archive.org has the following press release announcing the formation of CAUCE. Happy birthday to us!

Internet, May 9, 1997--The Coalition Against Unsolicited Commercial Email (CAUCE) announced today that it is calling for a legal ban on unsolicited Email advertising. CAUCE has drafted an amendment to the federal law that bans unsolicited fax advertisements, to extend it to cover unsolicited Email advertising on the same terms. The proposal would give Email users control of the kinds of advertising they are willing to accept in their mailboxes, whether they prefer to shut it off completely, or ask for more. The junk fax law (more formally, portions of 47 USC 227), provides that businesses may offer goods and services in fax messages only if the recipient has asked for the information or has a previous business relationship with the company. Recipients may ask to be taken off mailing lists at any time. Violation can result in a civil penalty of $500 per message, or more in the case of clearly willful violation or failure to provide a valid return fax number. Extending the same terms to Email should work equally well, according to CAUCE. The arguments against junk Email and junk fax are very similar. Cost shifting to the recipient and denial of service are two of the most important. For example, many Email users and mailing lists have a daily limit on traffic, so UCE can displace other traffic and prevent it getting through. "Starting from an existing law has several important advantages," said CAUCE co-founder Edward Cherlin. "We have a law that has worked well, that covers a very similar problem, and that has passed a constitutional challenge in court. The only thing really wrong with the junk fax law from our point of view is that so few people know it exists, so junk fax still continues on a small scale. That makes education the number two priority for us, behind getting the law passed." The CAUCE Web site at http://www.cauce.org is an important part of the organization's education campaign. It offers information about UCE and the proposed amendment, a FAQ (Frequently Asked Questions) page, and a sign-up page where visitors can join CAUCE to receive a newsletter on Spam issues, or register their support for the proposal. Electronic signatures will be sorted and delivered to the appropriate Senators and Representatives. The site also explains why other proposed solutions to UCE don't work, and how UCE harms other businesses. Because of UCE, many people are unwilling to deal with any online business. In particular it is impossible to create anything like a complete Internet Email directory service, since it would be used to generate mailing lists. "We're not against commerce on-line. We're just against paying to receive junk mail. It's time-consuming to deal with, and it's incredibly costly - a cost which has to be passed on by the Internet Service Provider (ISP) to their subscribers." said CAUCE member John Mozena. The Coalition Against UCE (Unsolicited Commercial Email) was founded by Scott Hazen Mueller, Vice President for Engineering for Whole Earth Networks, Edward Cherlin, Vice President for Business Development of NewbieNet, a free educational service for novice Internet users, and Doug Muth, a UNIX system administrator. The lobbying effort in Washington is led by Ray Everett-Church, a contractor with various ISPs on computer security issues. For more information on the Coalition and its lobbying efforts, visit its Web home page at http://www.cauce.org. The CAUCE Web site explains the Spam problem, gives the text of the current law prohibiting junk faxes and the proposed amendment, and answers common questions about the proposal. More information on UCE, or "spam", can be found at http://spam.abuse.net/spam. The current text of 47 USC 227 is available at http://www.law.cornell.edu/uscode/47/227.html. More information on CAUCE can be found at http://www.cauce.org. For more information on the coalition and its lobbying efforts, contact: Scott Hazen Mueller Phone: (415) xxx xxxx E-Mail: scott@zorch.sf-bay.org Edward Cherlin Phone: (916) xxx xxxx E-mail: cherlin@newbie.net. WWW: http://www.newbie.net/Newbie_Pages/new39.html Ray Everett-Church Phone: 202 xxx xxxx E-mail: everett@everett.org

How to wreck a top level domain with spam

2013-05-06T16:10:11-04:00

The .PW domain is assigned to the tiny island nation of Palau, but they've rented it to a company that's rebranded it as "Professional Web" and signed up thouands of registrants, offering low prices and little oversight. Unsurprisingly, spammers flocked to the domain, with predictably bad results.

CAUCE president John Levine blogged about it, with a followup.

Boston Marathon Scams

2013-04-16T11:34:55-04:00

Don't Be Scammed

Predictably, within hours of the tragic bombings yesterday that took place in Boston, scam domains in their hundreds, and fake social media pages began to spring up. To profit from a tragedy is contemptible, and CAUCE officers are doing their level best to ensure these domains are blocked, and taken down as quickly as possible.

Like you, we all mourn those who had their lives taken from them in Boston, and stand with those who were injured and affected by these vile deeds.

If you want to contribute in some way, please donate blood or money to the Red Cross. Go directly to their website here : http://www.redcross.org/news/press-release/Red-Cross-Statement-on-Boston-Marathon-Explosions

The Spamhaus Distributed Denial of Service – How Big A Deal was it?

2013-03-29T18:26:27-04:00

If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks.

Al Iverson over at Spamresource has a great round-up of the news, if you didn't manage to catch this item, go check it out, then come on back, we'll wait ...

Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers, who happen to be some of the biggest sites and services on the Internet. Spamhaus notes they protect as many as 1.7 billion email accounts.

Some reasonable criticism was aimed at the New York Times, the BBC and Cloudflare for being a little hyperbolic in their headlines, and sure, it was a bit Chicken Little-like, the sky wasn't falling and the Internet didn't collapse.

But don't let the critics fools you, this was a bullet we all dodged.

For one, were Spamhaus to be taken offline, their effectiveness in filtering spam and malware would rapidly decay, due to the rate at which their blocklists need to be updated. The XBL anti-botnet feed and the SBL list both have many additions and deletions every day. These services are used to protect mail servers and networks against the most malicious criminal traffic. If they go down, a lot of major sites would have trouble staying up, or become massively infected with malware.

There are also a ton of small email systems that use the Spamhaus lists as a key part of their mail filtering (for free as it turns out). Were those lookups prevented, or tampered with, those systems would buckle under the load of spam that they dispense with ease thanks to Spamhaus.

To put it into perspective, somewhere between 80% & 90% of all email is spam, and thats the stuff Spamhaus helps filter. So it doesn't take a Rocket Scientist to figure out that if filters go out, so do the email systems, in short order. AOL's Postmaster famously said, at an FTC Spam Summit a decade ago, before the inception of massive botnets, that were their filtering to be taken offline, it would take 10 minutes for their email systems to crash.

Due to some poorly researched media reports (hello, Wolf Blitzer!), there is a perception that this is a fight between two legitimate entities, Spamhaus and Stophaus; some press outlets and bloggers have given equal time to the criminals (we use that word advisedly, there is an ongoing investigation by law enforcement in at least five countries to bring these people to justice). Nothing could be further from the truth. The attackers are a group of organized criminals, end of story. There is nothing to be celebrated in Spamhaus taking it on the chin, unless you want email systems and networks on the Internet to stop working.

So yeah. this was a big deal.

Postscript: There were some reports early on in the attack that some of the Spamhaus feeds may have been hijacked. There is no indication that that is ongoing.

Dennis Dayman is a Distinguished Fellow of the Ponemon Institute

2013-03-22T16:48:29-04:00

CAUCE Board member Dennis Dayman announces he was just named a Distinguished Fellow by the Ponemon Institute, a research center dedicated to privacy, data protection and information security policies.

Ponemon Institute Fellows represent some of the top privacy and security strategists in the world, associated with many of the leading brands in this space. The organization helps provide both the private and public sectors with a clearer understanding of the trends, perceptions and potential threats that will affect the collection, management and safeguarding of personal and confidential information. Ponemon Distinguished Fellows are nominated and selected by their peers. http://www.ponemon.org/ponemon-institute-fellows

Congratulations, Dennis!