Site Finder

Thu Oct 16 19:23:41 UTC 2003

At 4:07 PM +0100 10/16/03, Ray Bellis wrote:
>Quoting Rusty Lewis from
>http://verisign.com/corporate/news/2003/pr_20031007b.html?sl=070804
>
>"We will continue to take feedback from both Internet users and the
>technical community on how we can ensure that the service is available
>for the many Internet users who clearly like it."

Verisign is trying to move this argument into a question of what best 
serves the end-user.  They are doing this because the public 
understands that, and because they know they can't win the question 
of what best serves the infrastructure providers.  We're the ones who 
have to pay to make changes to deal with things they break.

I happen to think that the issue of serving end-users is irrelevant 
to the decision.  But if they want to make it, then I think it is 
important that we make it clear to people what the *real* statistics 
are--not the ones that Verisign is carefully manipulating.

Keep in mind, when you see Verisign pushing user services, that the 
majority of the "benefit" they are providing is to users who already 
got that benefit from other companies.  You don't get credit for 
providing a service when you just stole the customers from someone 
else.  Especially when your technique for providing the service 
breaks other services.

>"84 percent of Internet users who have tried Site Finder said that 
>they preferred the service to receiving an error message."

If you look at IE market share (I've seen IE6 listed at 55-70%, IE5 
at 13-32% and I believe both redirect NXDOMAIN errors, correct me if 
I'm wrong), and also figure in the AOL users, it appears that 
conservatively 75% of all users already had a SiteFinder-like 
service.  They weren't seeing "an error message" and the above survey 
question is irrelevant.  They were seeing Microsoft's or AOL's web 
pages.**

So, of the twenty million typos Verisign reports per day, only five 
million are "new" users, the rest they temporarily hijacked from 
Microsoft and AOL. And according to the Alexa stats reported on 
Cyberlaw, only 20% of the visitors actually used the service.  So the 
number of new customers benefiting from Verisign's service is at most 
one million per day.  Nothing to sneeze at, but a far cry from twenty 
million.

On the other hand, they claim that 68% of the connection attempts 
were from web browsers.  If I've done my math correctly, that implies 
a total of 38.8 million connections, with (based on Versign's stats) 
5.2 million email connections and 5.5 million connections from other 
applications.  It is of course, hard to judge how many users, ISPs 
and companies were inconvenienced by those 10+ million misdirected 
connections, but it doesn't look to me like the cost/benefit ratio is 
nearly as big as Verisign is claiming.

Finally, since I'm on stats.  Verisign is claiming that 3% of spam is 
dealt with by blocking bad domains.  In the first place, that's 
nothing to sneeze at.  Although Verisign claims that major spam 
filtering companies (they didn't ask us, so I guess that puts us in 
our place :-) don't rely on that service, the fact of the matter is 
that major ISPs do.  A 5 second test shows that AOL uses it as a 
technique to bat away spam at the MAIL FROM line.  And we all know 
that the sooner you can keep spam out, the better off you are.  So, 
just using Verisign's stats, that means that AOL had to do additional 
spam filtering on 60 million messages a day (3% of 2 billion, which I 
believe is their current daily number).  I don't know about you, but 
given the choice of turning away 60 million messages at the MAIL 
FROM, or accepting them and then filtering them, I know which I'll 
choose.  I question the 3% number though.  Others have reported that 
bad domains account for 11%.  Spam percentages are notorious in 
varying greatly from site to site, but when I looked at 
somewhere.com's email from 04/2002 to 03/2003 I see 1.5 million 
messages rejected due to bad domains.  That's 17% of the messages we 
rejected for that period.

** And I'm quite sure they'll go back to seeing browser-specific 
pages when new browsers are released.  In fact it seems likely to me 
that *all* browser manufacturers are going to start providing similar 
services, now that Verisign's pointed out how lucrative it is.  If 
web browsers start eating up Verisign market share, the question of 
countermeasures gets very interesting.  Will they go quietly, or will 
we suffer through a fight?
-- 
Kee Hinckley
http://www.messagefire.com/         Next Generation Spam Defense
http://commons.somewhere.com/buzz/  Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.