At 4:07 PM +0100 10/16/03, Ray Bellis wrote:
Quoting Rusty Lewis from
http://verisign.com/corporate/news/2003/pr_20031007b.html?sl=070804

"We will continue to take feedback from both Internet users and the
technical community on how we can ensure that the service is available
for the many Internet users who clearly like it."

Verisign is trying to move this argument into a question of what best serves the end-user. They are doing this because the public understands that, and because they know they can't win the question of what best serves the infrastructure providers. We're the ones who have to pay to make changes to deal with things they break.


I happen to think that the issue of serving end-users is irrelevant to the decision. But if they want to make it, then I think it is important that we make it clear to people what the *real* statistics are--not the ones that Verisign is carefully manipulating.

Keep in mind, when you see Verisign pushing user services, that the majority of the "benefit" they are providing is to users who already got that benefit from other companies. You don't get credit for providing a service when you just stole the customers from someone else. Especially when your technique for providing the service breaks other services.

"84 percent of Internet users who have tried Site Finder said that they preferred the service to receiving an error message."

If you look at IE market share (I've seen IE6 listed at 55-70%, IE5 at 13-32% and I believe both redirect NXDOMAIN errors, correct me if I'm wrong), and also figure in the AOL users, it appears that conservatively 75% of all users already had a SiteFinder-like service. They weren't seeing "an error message" and the above survey question is irrelevant. They were seeing Microsoft's or AOL's web pages.**


So, of the twenty million typos Verisign reports per day, only five million are "new" users, the rest they temporarily hijacked from Microsoft and AOL. And according to the Alexa stats reported on Cyberlaw, only 20% of the visitors actually used the service. So the number of new customers benefiting from Verisign's service is at most one million per day. Nothing to sneeze at, but a far cry from twenty million.

On the other hand, they claim that 68% of the connection attempts were from web browsers. If I've done my math correctly, that implies a total of 38.8 million connections, with (based on Versign's stats) 5.2 million email connections and 5.5 million connections from other applications. It is of course, hard to judge how many users, ISPs and companies were inconvenienced by those 10+ million misdirected connections, but it doesn't look to me like the cost/benefit ratio is nearly as big as Verisign is claiming.

Finally, since I'm on stats. Verisign is claiming that 3% of spam is dealt with by blocking bad domains. In the first place, that's nothing to sneeze at. Although Verisign claims that major spam filtering companies (they didn't ask us, so I guess that puts us in our place :-) don't rely on that service, the fact of the matter is that major ISPs do. A 5 second test shows that AOL uses it as a technique to bat away spam at the MAIL FROM line. And we all know that the sooner you can keep spam out, the better off you are. So, just using Verisign's stats, that means that AOL had to do additional spam filtering on 60 million messages a day (3% of 2 billion, which I believe is their current daily number). I don't know about you, but given the choice of turning away 60 million messages at the MAIL FROM, or accepting them and then filtering them, I know which I'll choose. I question the 3% number though. Others have reported that bad domains account for 11%. Spam percentages are notorious in varying greatly from site to site, but when I looked at somewhere.com's email from 04/2002 to 03/2003 I see 1.5 million messages rejected due to bad domains. That's 17% of the messages we rejected for that period.


** And I'm quite sure they'll go back to seeing browser-specific pages when new browsers are released. In fact it seems likely to me that *all* browser manufacturers are going to start providing similar services, now that Verisign's pointed out how lucrative it is. If web browsers start eating up Verisign market share, the question of countermeasures gets very interesting. Will they go quietly, or will we suffer through a fight?
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society


I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

Reply via email to