SOPA / PIPA

I’ve not mentioned anything about the Stop Online Piracy Act (SOPA) and it’s companion bill the Protect Intellectual Property Act (PIPA) that are currently making their ways through Congress. Both bills put a lot of obligation on the ISPs to stop bad traffic on the Internet. Unfortunately, it seems no one writing the bill asked anyone with technical or operational experience for input. Many of the obligations are going to significantly impact ISP functioning and will probably degrade service for users.
The Messaging Anti-Abuse Working Group sent a letter to congress yesterday (PDF link), outlining the issues with SOPA and PIPA. I found it explained the bills and the flaws much better than many other summaries.

Related Posts

MAAWG and email appending

In today’s Magill Report Ken says:

The only surprise in the Messaging Anti-Abuse Working Group’s statement last week condemning email appending was that it didn’t publish one sooner.
However, MAAWG’s implication that email appending can’t be accomplished without spamming is nonsense.

Read More

Vetting customers

MAAWG has published a BCP for vetting new customers. This is the culmination of much work by a lot of people.
One of the best things about the document is the discussion of how spammers attempt to hide their identity. All too often I’ve been called in by ESPs to help them identify how a spammer got on their network and where their process failed. As filtering gets better at blocking spam, spammers are spending more and more time trying to steal good reputations to get their unwanted mail through.
Providers who follow these rules may still find themselves with spammers as customers, but the spammers will have to work harder to get on clean networks.

Read More

MAAWG: Just keeps getting better

Last week was the 22nd meeting of the Messaging Anti-Abuse Working Group (MAAWG). While I am prohibited from talking about specifics because of the closed door nature of the group, I can say I came out of the conference exhausted (as usual) and energized (perhaps not as usual).
The folks at MAAWG work hard and play even harder.
I came away from the conference feeling more optimistic about email than I have in quite a while. Not just that email is vital and vibrant but also that the bad guys may not be winning. Multiple sessions focused on botnet and crime mitigation. I was extremely impressed with some of the presenters and with the cooperation they’re getting from various private and public entities.
Overall, this conference helped me to believe that we can at least fight “the bad guys” to a draw.
I’m also impressed with the work the Sender SIG is doing to educate and inform the groups who send bulk commercial messages. With luck, the stack of documents currently being worked on will be published not long after the next MAAWG conference and I can point out all the good parts.
There are a couple specifics I can mention. One is the new list format being published by Spamhaus and SURBL to block phishing domains at the recursive resolver. I blogged about that last Thursday. The other bit is sharing a set of security resources Steve mentioned during his session.
If your organization is fighting with any messaging type abuse (email, social, etc), this is a great place to talk with people who are fighting the same sorts of behaviour. I do encourage everyone to consider joining MAAWG. Not only do you have access to some of the best minds in email, but you have the opportunit to participate in an organization actively making email, and other types of messaging, better for everyone.
(If you can’t sell the idea of a MAAWG membership to your management or you’re not sure if it’s right for you, the MAAWG directors are sometimes open to allowing people whose companies are considering joining MAAWG to attend a conference as a guest. You can contact them through the MAAWG website, or drop me a note and I’ll make sure you talk with the right folks.)
Plus, if you join before October, you can meet up with us in Paris.

Read More