Site Finder
Kee Hinckley
nazgul at somewhere.com
Thu Oct 16 19:23:41 UTC 2003
At 4:07 PM +0100 10/16/03, Ray Bellis wrote:
>Quoting Rusty Lewis from
>http://verisign.com/corporate/news/2003/pr_20031007b.html?sl=070804
>
>"We will continue to take feedback from both Internet users and the
>technical community on how we can ensure that the service is available
>for the many Internet users who clearly like it."
Verisign is trying to move this argument into a question of what best
serves the end-user. They are doing this because the public
understands that, and because they know they can't win the question
of what best serves the infrastructure providers. We're the ones who
have to pay to make changes to deal with things they break.
I happen to think that the issue of serving end-users is irrelevant
to the decision. But if they want to make it, then I think it is
important that we make it clear to people what the *real* statistics
are--not the ones that Verisign is carefully manipulating.
Keep in mind, when you see Verisign pushing user services, that the
majority of the "benefit" they are providing is to users who already
got that benefit from other companies. You don't get credit for
providing a service when you just stole the customers from someone
else. Especially when your technique for providing the service
breaks other services.
>"84 percent of Internet users who have tried Site Finder said that
>they preferred the service to receiving an error message."
If you look at IE market share (I've seen IE6 listed at 55-70%, IE5
at 13-32% and I believe both redirect NXDOMAIN errors, correct me if
I'm wrong), and also figure in the AOL users, it appears that
conservatively 75% of all users already had a SiteFinder-like
service. They weren't seeing "an error message" and the above survey
question is irrelevant. They were seeing Microsoft's or AOL's web
pages.**
So, of the twenty million typos Verisign reports per day, only five
million are "new" users, the rest they temporarily hijacked from
Microsoft and AOL. And according to the Alexa stats reported on
Cyberlaw, only 20% of the visitors actually used the service. So the
number of new customers benefiting from Verisign's service is at most
one million per day. Nothing to sneeze at, but a far cry from twenty
million.
On the other hand, they claim that 68% of the connection attempts
were from web browsers. If I've done my math correctly, that implies
a total of 38.8 million connections, with (based on Versign's stats)
5.2 million email connections and 5.5 million connections from other
applications. It is of course, hard to judge how many users, ISPs
and companies were inconvenienced by those 10+ million misdirected
connections, but it doesn't look to me like the cost/benefit ratio is
nearly as big as Verisign is claiming.
Finally, since I'm on stats. Verisign is claiming that 3% of spam is
dealt with by blocking bad domains. In the first place, that's
nothing to sneeze at. Although Verisign claims that major spam
filtering companies (they didn't ask us, so I guess that puts us in
our place :-) don't rely on that service, the fact of the matter is
that major ISPs do. A 5 second test shows that AOL uses it as a
technique to bat away spam at the MAIL FROM line. And we all know
that the sooner you can keep spam out, the better off you are. So,
just using Verisign's stats, that means that AOL had to do additional
spam filtering on 60 million messages a day (3% of 2 billion, which I
believe is their current daily number). I don't know about you, but
given the choice of turning away 60 million messages at the MAIL
FROM, or accepting them and then filtering them, I know which I'll
choose. I question the 3% number though. Others have reported that
bad domains account for 11%. Spam percentages are notorious in
varying greatly from site to site, but when I looked at
somewhere.com's email from 04/2002 to 03/2003 I see 1.5 million
messages rejected due to bad domains. That's 17% of the messages we
rejected for that period.
** And I'm quite sure they'll go back to seeing browser-specific
pages when new browsers are released. In fact it seems likely to me
that *all* browser manufacturers are going to start providing similar
services, now that Verisign's pointed out how lucrative it is. If
web browsers start eating up Verisign market share, the question of
countermeasures gets very interesting. Will they go quietly, or will
we suffer through a fight?
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
More information about the NANOG
mailing list