Dyn appreciates the opportunity to comment on the Internet Corporation for Assigned Names and Numbers (ICANN) Cross-Community Working Group on Enhancing ICANN Accountability (CCWG-Accountability, henceforth “CCWG”) second Draft Report (henceforth, “the report”). Dyn thanks the CCWG and its participants for its enormous work to date, and for its important contribution to the issue of ICANN accountability.

Dyn appreciates that this round of effort is to have been, to a large extent, driven by the needs of the possible transition of the Internet Assigned Numbers Authority (IANA) stewardship transition away from the United States Government (under the terms of an agreement with the National Telecommunications and Information Administration, or NTIA). Dyn is, in general, supportive of that transition, and believes it should happen. Dyn also understands that the draft is supposed to contain the minimum accountability changes necessary to achieve the goals of that transition. That is why the IANA Transition Coordination Group’s transition proposal is dependent on the report. Because of that dependency, Dyn has some reservations about the report, and believes it could use significant enhancement. Therefore, Dyn provides the following answers to the questions asked by the CCWG:

Do you agree that the CCWG-Accountability proposal enhances ICANN’s accountability?
No, Dyn does not. Details below.

Are there elements of this proposal that would prevent you from approving it transmission to Chartering Organizations?
Yes, there are. Details below.

Does this proposal meet the requirements set forward by the CWG-Stewardship?
It appears to, but in doing so it destabilizes the system that has been operating for about 15 years. Details below.

It is not possible to construct an accountability and enforcement system that cannot be attacked or (worse) taken over by sufficiently interested parties. The remedy for that risk has ever been, and remains, sufficient participation by a broad base of interested parties such that taking over the system is too hard to do discreetly, and too brazen to do in public. That remedy is what the multi-stakeholder approach to governance is all about. Dyn is sorry to conclude that the report’s recommendations are not, in Dyn’s opinion, adequately supportive of that multi-stakeholder approach. In theory, the report is supportive exactly as one would like. In practice, however, it narrows the base of participation in unacceptable ways.

The biggest problem, in Dyn’s assessment, is the Community Mechanism as Sole Member Model (henceforth, “the sole-member model”). There is much to be admired in this proposal. The sole-member model nicely evades the problem of incorporating all the various stakeholder groups of the ICANN community under California (or any other national or state) law. At the same time, it delivers the many benefits of membership-type public benefit corporations under California law. The benefit of this approach is not something Dyn criticises lightly.

Yet, the approach does not solve the underlying problem. Organizations and groups that could not see their way to becoming legal persons under California law cannot realistically, either, be unincorporated associations subject to the same law. The problem is not merely the mechanism of recognition; it is instead the very legitimacy of some state or national law to regulate the terms of participation in these decision-making procedures. The upshot of this is effectively recognized in the report, where the likely participants in the sole-member mechanism are outlined: many of those most urgently needed to ensure global legitimacy of the approach are not listed as likely participants. Important groups of stakeholders, including national governments and large swathes of the technical community, appear to be unwilling to join this model. The report disposes of this issue by noting that existing constituencies in ICANN could signal their participation later. But if the point of the change in governance model is supposed to be that accountability is improved prior to the IANA transition, it is very hard to see a way it is achieved by narrowing participation in that governance at the outset.

Worse, while the report claims it can support changes to the power arrangements by creation of new SOs or ACs, such changes would be subject to veto by the existing SOs and ACs. SOs and ACs have an institutional incentive to oppose such additions, so given the new accountability proposals it is hard to see how such a new SO or AC would ever get created in the case of a divided community. In the case of a community that is already functioning, it is hard to see how the new mechanism offers any improvement from the existing ICANN Board arrangement. So, the report either recommends something that does not actually solve a problem anyone has, or else it creates more opportunity for ICANN’s corporate interest to drift away from the interests of the Internet as a whole. Neither result seems to provide advantage.

Worse yet, the report admits that, while its mechanism for improved accountability depends entirely on ACs and SOs (some of which are declining to participate), it has not studied the accountability mechanisms within those ACs and SOs. The sole-member model is designed to replace an accountability mechanism that exists but that is admittedly flawed. All of the ICANN Board can be replaced in time, but only on the order of years; otherwise, the Board has to defend itself in public but can decline to change its mind even in the face of strong community opposition. But the new model provides less accountability: the Board can be replaced at any time, but by a small group of interested constituencies whose own accountability mechanisms are not understood.

The report’s answer to that ununderstood accountability is to study it later, after the IANA transition. But this brings us to the worst part of all the sole-member model: the first implementation has to be perfect, because it will be impossible to change once it is implemented. Any change that could be needed would need to be expressed in new ICANN bylaws. But the sole member will be, after it is put in place, the one agent that could foil any such bylaw change. Replacing the flawed but working ICANN, including its entire corporate structure and its governance, with a new model that has not been tried but whose details all must be perfect on the first try is simply too risky.

There are other, more peripheral concerns with the report that Dyn could accept, with or in some cases without minor modifications. It seems the CCWG wants to wander into some issues where the relevance to ICANN is at least obscure. The mission statements that are to be enshrined as Fundamental Bylaws seem over-broad and look to be an effort to make ICANN more central to the Internet than it ever should be. ICANN has only two jobs: to make policy for the DNS root zone and to perform the IANA functions (perhaps by an affiliate). It is odd to see ICANN’s powers being strictly enumerated in its Mission while yet having Core Values that extend to the entire Internet. It is jarring that the document seems to want to make ICANN into a sort of mini-government, complete with legislative, executive, and judicial branches. Finally, it is really hard to see why the various appeal and reconsideration functions cannot be streamlined into a single mechanism that ordinary humans could understand. Dyn understands, however, that the perfect should not be the enemy of the good, and that consensus often means that nobody thinks the answer is just right, so we might otherwise be willing to live with these flaws.

But the sole member model as currently proposed is a danger to the Internet. It moves accountability from a Board (and Board selection mechanism) that is far from perfect in design into a much narrower portion of the Internet community; and a portion whose accountability measures are little understood. The report’s proposal, if implemented as outlined, will be impossible to change if there are any problems with it, because the new mechanism is precisely designed to foil bylaw changes that would be needed to fix it. It would be no improvement in accountability at all to create an unaccountable organization that cannot be removed.

It would be much better to find ways that would allow the effective exercise of community power over the ICANN Board, and leave the existing ICANN structure intact. If there were shorter Board appointments, or if the community could recall Board members at any time with some sufficient threshold, the effective power to make the Board act in line with community will would be achieved, even if the community did not get the legal powers of enforcement the report seeks. Dyn urges the CCWG to consider such smaller reforms as could be undertaken to provide that effective power without throwing away the existing organization structure or needing a mechanism that must be perfect at creation.


Source: Domain Registration

Speakers include AOL co-founder Steve Case who will be in town during his “Rise of the Rest” tour, State of the Internet author David Belson and more

Manchester, NH (September 10, 2015) — Steve Case, co-founder of AOL, CEO of Revolution, and one of America’s most iconic entrepreneurs – who will be visiting Manchester during his national Rise of the Rest tour, David Belson, author of Akamai’s State of the Internet Report and Doug Madory, the person dubbed by the Washington Post as “The man who can see the Internet” will headline Dyn’s free TechToberFest event the company announced today. They will join a roster of some of the brightest minds in technology on Thursday, October 1 in Manchester to discuss a variety of Internet trends including cloud load balancing, cyber security, net neutrality, Internet performance and global outages.

“The Internet has become the driving force behind commerce, communication and content,” said Jeremy Hitchcock, Dyn CEO. “Conversations that impact the performance and the governance of the Internet are important to all of us. We wanted to bring those conversations to our guests so we can all play an active role in shaping the future of the Internet. I am thrilled by the line up we have secured.”

The Lineup

Steve Case is one of America’s best-known and most accomplished entrepreneurs and philanthropists, and a pioneer in making the Internet part of everyday life. Steve co-founded America Online (AOL) in 1985. It was the first internet company to go public and among the best performing stocks of the 1990s. As Chairman and CEO of Revolution, a Washington, D.C.-based investment firm, Steve partners with visionary entrepreneurs across the U.S. His “Rise of the Rest” initiative is an effort to showcase – and invest in – entrepreneurs in emerging startup ecosystems including Manchester, NH on October 1.

David Belson is Akamai‘s Senior Director of Industry & Data Intelligence, responsible for strategic competitive intelligence and analysis. He is well known within the cloud industry for authoring Akamai’s quarterly State of the Internet report, which is a resource cited by media outlets around the globe.

Doug Madory is the Director of Internet Analysis at Dyn where he works on Internet infrastructure analysis projects. Doug has been profiled in both the Washington Post and Business Insider and his analysis is instrumental in breaking news stories.

Other speakers include:

  • Michael Farrell, Cybersecurity Editor at the Christian Science Monitor
  • Kathleen Moriarty, IETF Security Area Director and Global Lead Security Architect at EMC
  • Professor Sean Smith, Research Director of Dartmouth College’s Institute for Security, Technology, and Society
  • Dr. Chase Cunningham, Cyber Threat Intelligence Lead at Firehost
  • Tim Fernholz, reporter at Quartz
  • Andrew Sullivan, Dyn Fellow and Chair of the Internet Architecture Board

A full agenda of the day’s festivities can be found here. The event is open to the public but seating is limited. To register visit http://dyn.com/connect/.

About Dyn
Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.

Dyn is the leading Internet Performance provider to the most visited web properties in the world, as measured by the Alexa 500. Dyn delivers more brand loyalty, customer satisfaction, and increased sales from startups to Global 2000 companies and businesses in between. Dyn is Internet Performance. Delivered. Visit dyn.com for more info on how Dyn delivers.

Dyn Media Contact
Brendan Mangus | bmangus@dyn.com | 603-296-1529


Source: Domain Registration

Speakers include AOL co-founder Steve Case who will be in town during his “Rise of the Rest” tour, State of the Internet author David Belson and more

Manchester, NH (September 10, 2015) — Steve Case, co-founder of AOL, CEO of Revolution, and one of America’s most iconic entrepreneurs – who will be visiting Manchester during his national Rise of the Rest tour, David Belson, author of Akamai’s State of the Internet Report and Doug Madory, the person dubbed by the Washington Post as “The man who can see the Internet” will headline Dyn’s free TechToberFest event the company announced today. They will join a roster of some of the brightest minds in technology on Thursday, October 1 in Manchester to discuss a variety of Internet trends including cloud load balancing, cyber security, net neutrality, Internet performance and global outages.

“The Internet has become the driving force behind commerce, communication and content,” said Jeremy Hitchcock, Dyn CEO. “Conversations that impact the performance and the governance of the Internet are important to all of us. We wanted to bring those conversations to our guests so we can all play an active role in shaping the future of the Internet. I am thrilled by the line up we have secured.”

The Lineup

Steve Case is one of America’s best-known and most accomplished entrepreneurs and philanthropists, and a pioneer in making the Internet part of everyday life. Steve co-founded America Online (AOL) in 1985. It was the first internet company to go public and among the best performing stocks of the 1990s. As Chairman and CEO of Revolution, a Washington, D.C.-based investment firm, Steve partners with visionary entrepreneurs across the U.S. His “Rise of the Rest” initiative is an effort to showcase – and invest in – entrepreneurs in emerging startup ecosystems including Manchester, NH on October 1.

David Belson is Akamai‘s Senior Director of Industry & Data Intelligence, responsible for strategic competitive intelligence and analysis. He is well known within the cloud industry for authoring Akamai’s quarterly State of the Internet report, which is a resource cited by media outlets around the globe.

Doug Madory is the Director of Internet Analysis at Dyn where he works on Internet infrastructure analysis projects. Doug has been profiled in both the Washington Post and Business Insider and his analysis is instrumental in breaking news stories.

Other speakers include:

  • Michael Farrell, Cybersecurity Editor at the Christian Science Monitor
  • Kathleen Moriarty, IETF Security Area Director and Global Lead Security Architect at EMC
  • Professor Sean Smith, Research Director of Dartmouth College’s Institute for Security, Technology, and Society
  • Dr. Chase Cunningham, Cyber Threat Intelligence Lead at Firehost
  • Tim Fernholz, reporter at Quartz
  • Andrew Sullivan, Dyn Fellow and Chair of the Internet Architecture Board

A full agenda of the day’s festivities can be found here. The event is open to the public but seating is limited. To register visit http://dyn.com/connect/.

About Dyn
Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.

Dyn is the leading Internet Performance provider to the most visited web properties in the world, as measured by the Alexa 500. Dyn delivers more brand loyalty, customer satisfaction, and increased sales from startups to Global 2000 companies and businesses in between. Dyn is Internet Performance. Delivered. Visit dyn.com for more info on how Dyn delivers.

Dyn Media Contact
Brendan Mangus | bmangus@dyn.com | 603-296-1529


Source: Domain Registration

Over the past few months, Dyn has been interviewing customers in our key verticals as well as analysts focused on those markets. It’s an initiative similar to the Dyn Customer Advisory Board – to better understand our customers’ challenges and to ensure that we’re continually developing the right mix of solutions and services to address their challenges.

One of the learnings that’s come out of those sessions is that our customers face many common issues when it comes to their online infrastructure. The need for “elasticity” — dynamically scaling for peak traffic periods — is a challenge we heard repeatedly across several verticals – including Adtech; Retail and eCommerce; Media & Entertainment; and Travel & Hospitality.

Scaling Up to Address Demand Spikes

Most online businesses have peak traffic periods. For Dyn Media & Entertainment customers it might be a sports event like the World Cup or Olympics causing the traffic surge, or it could be a breaking news story. For Dyn Adtech customers like AppNexus, it could be a successful marketing campaign.

For Dyn Retail and Travel customers like HotelPlanner.com, it could be due to the holiday season, or a unique sale like Amazon’s recent Prime Day. Sometimes social media is the impetus behind unplanned surges in traffic, Ellen DeGeneres’ “selfie” at the 2014 Academy Awards was retweeted more than two million times within minutes after it was posted, something that no one at Twitter could have anticipated.

Spikes can even occur daily. One of the biggest users of Internet bandwidth is Dyn customer Netflix, which has significant spikes in demand during peak viewing periods of 7 p.m. to midnight, but relatively little demand in the early morning.

Having the capability to scale up to address demand spikes — especially unplanned demand spikes — is something that all companies need. An unexpected surge of traffic might seem like a good thing at face value, but it’s a problem for any company that doesn’t have the infrastructure to support it.

Scaling Down is as Important as Scaling Up

But it’s not just the ability to scale up that’s important; companies also need to be able to scale down when demand is lower. Otherwise, you’re wasting money on unused infrastructure and capacity.

The dilemma is that in an on-demand world, you can’t afford to wait to increase capacity to accommodate greater customer demand. But it also means that when you’re not using that capacity anymore, you need to turn it down really quickly.

To accommodate planned and unplanned traffic surges, many companies want to leverage a combination of public, private, and hybrid clouds to expand and contract infrastructure as necessary.

Leveraging Clouds for Elastic Scalability

The challenge is to determine what infrastructure and applications to host where. What are the appropriate loads to put on public clouds versus private clouds versus hybrid clouds? What parts of your infrastructure may need to scale suddenly? How can you separate your sensitive assets that need to be kept securely?

It’s difficult to know the answer to those questions, and it’s where Dyn’s Internet Intelligence solution comes in with the insight needed to leverage cloud services to effectively expand and contract your infrastructure. With Internet Intelligence you get neutral, unbiased, vendor-agnostic information on the best providers for your scalability needs, including critical information on:

  • How do cloud providers compare in terms of performance and regional delivery?
  • What’s the right mix of on-premises, cloud and hybrid to best serve my customers?
  • Am I getting the most cost-effective use of my infrastructure to handle demand spikes?

Another Dyn solution to explore is Traffic Management. While cloud providers can elastically scale your hosting environment, databases, and other parts of your online infrastructure, you also need to make sure your DNS is up to the task, and that you have a provider with unparalleled DNS domain expertise and extreme system scalability.
Combine Dyn’s Traffic Management with your elastic cloud services to ensure you can scale up and down as needed, while containing costs across your entire infrastructure.

How to handle peak traffic periods without over provisioning can be one of the most critical decisions that an online business will make. Make sure you have the insight, intelligence, and tools you need to leverage clouds for elastic scalability. To learn more about our Internet Intelligence and Traffic Management solutions — and Dyn’s full Internet Performance suite — please contact me or any Dyn representative.


Source: Domain Registration

This post is part of a series where Dyn CMO, Kyle York, who has led go-to-market, brand, and growth strategy since 2008, delves into the most influential prospect, customer, and partner meetings that shaped Dyn’s Internet Performance vision.

It was my first business trip at Dyn. It was March of 2009 and, then Sales guy, Brian Brady (now Director of Business Development) and I were hopping from meeting to meeting in the tech capital of the world, San Francisco—a seemingly different world from our off-the-grid headquarters in New Hampshire.

I remember it like it was yesterday. We met with Wikia, Adroll, Revision3, Digg and Change.org. But our our biggest meeting, and inspiration for this post, was with France-founded Truveo, which had been acquired by AOL and would become the search platform for AOL.video.com.

Back in 2009, cloud-based Managed DNS was relatively new in deployment and market adoption. Notably, the anycast method for answering queries was straight up innovation of the protocol. Our tagline was ‘Uptime is the Bottom Line’ so availability was critical for DNS, but lowest DNS latency was becoming the battleground.

Important Present Day Sidenote: We’re still somewhat stuck in a time warp and the industry is getting this wrong. Availability and speed in DNS alone are table stakes—of course it should be available, fast, and consistent—BUT, the entire online infrastructure performance of your site or app is what matters. With complementary monitoring, data, and Internet Intelligence coupled with Traffic Management via Managed DNS, there is now a viable and robust control plane for web properties to scale on top of. Dyn is in the leading position. My point: a bigger value proposition is at play in holistic Internet Performance and the buyer needs a solution, not a point or niche product implemented.

Now on to my story. We walk into the office off Market Street and meet our contact and first engineer, Arnaud Mauvais, at the door. He was obsessed (and still is!) with performance, especially internationally. As we walked by the first row of cubes and offices he says, “You see those four guys? They are PHDs in data science. Their job is to remove 5-10ms of latency off our application performance each year.”

I turned to Brian and smiled. We had our pitch. Truveo was leveraging our basic Unicast DNS network (think of it as old reliable—basic, but not transformative, robust, or feature complete). With an upgrade to our global anycast Managed DNS platform and leveraging our advanced features, they would shave off about 20-300ms depending upon location of the end user globally (and coupled with our planned additions of global data centers).

Imagine walking into that slam dunk. He just tossed a lob that became the hallmark of our customer value proposition and sales pitch for the next year.

“You see those four PHDs you just pointed out? You can save $1M in salaries, put them on some more complex new challenges, or figure out how to improve algorithms with the found time. Upgrade from our basic offering and we’ll speed up your app, ensure uptime, and protect your reputation, plan for disaster (Active Failover), help with server load balancing (Traffic Director), save you money (do you need those guys?!), and prepare Truveo for scale. What do you think? We’re talking thousands per month to make this happen and a relatively painless implementation.”

Blank stare. Thinking. “Sounds great. Tell me more.” He upgraded into a solid annualized contract the next week and was a happy client until the AOL buyout.

lessonlearnedThe lesson we learned that day was the need for the timely, relevant hook in every prospect or customer meeting. The moment you can tie your solution to the challenges and needs of the customer, in real time, your value proposition becomes undeniable. Oh, and don’t let a customer acquisition by an Internet titan stall a relationship, double down.


Source: Domain Registration

If you have been following along with the past few posts, I’m sure you are now logging all things DNS.

You are chewing through your internal resolver query logs, reviewing your authoritative DNS logs, and on your way to understanding what is requesting your domain and what domains systems under your supervision are requesting from the DNS. Depending on the resolvers you use or how you are collecting your DNS query data; you might be wondering why some of the query names look garbled. Who is going to GoOgLe.CoM? Surely no one is mistyping all of these domains on purpose! So what is going on here?

On traditional domain names, the DNS matches names without regard to case, this is why when you type Google.com into your web browser or code your application to make API calls to WhatsApp.com, both of these names resolve without issue. Back in March of 2008, a draft was put forward as part of the DNS Operations working groupto increase DNS security. The goal of the draft—”Use of Bit 0x20 in DNS Labels to Improve Transaction Identity”—was to help increase the entropy beyond source port randomization by randomizing the case of the question name. So instead of always asking for www.dyn.com requests might be made for WWW.DYN.COM, wWw.DyN.CoM, www.DYN.CoM etc. The longer the domain name the more entropy is possible! But why do we need more entropy?

2008 was a popular year for the DNS as it was the year of the so-called “Kaminsky Attack”. This attack (which, it should be noted, was long-previously described by others—it was named after Kaminsky because he produced a compelling demonstration of it) allowed an attacker to inject a phony answer to a DNS query. There was a lot of attention at the time—heck it even made its way to the Wall Street Journal (warning: PayWall). The DNS has widespread deployment (it is part of practically every computer on the Internet) and making systemic changes to the entire distributed name resolution system is a challenge.The most impactful mitigations might be those which are incremental and require minimal change to the protocol and the supporting software ecosystem.

It is important to note that nameservers only accept responses to pending queries. The question someone seeking to exploit such the system is “How does a nameserver know a response is expected and what steps does it take to verify this response?” The response will arrive on the same port it was sent from otherwise it would be dropped by the operating system’s networking stack. This consideration is what made Dan Bernstein’s suggestion of source port randomization so effective, as it added yet another thing an attacker needed to account for. Aside from the source port the resolver currently relies on a Transaction ID ( TXID ), a 16-bit random number in the identification field as one of the main means of verifying a response is for a specific question. Given that a Pentium 100 was specced at being able to generate 100,000 guesses a second, sending a packet with every possible transaction id is a trivial task for modern hardware.

One of the other steps in the process is “bailiwick checking”. If we want to find addresses associated to example.com, normally we first ask a recursive server, the distributed caching layer of the DNS. If the cache is empty the recursive will then ask the root nameservers who can provide it with a referral to .com. The root hands back a list of nameservers for .com we then proceed to query the .com top level domain (TLD) nameservers to find out where we can find example.com. .com may hand back the NS records for the domian ns1.example.com and ns2.example.com which would leave things at a stand still. This stalemate is broken by glue records which are required when you set the nameservers of a domain name to a hostname under the domain name itself. If the response were to also contain an A record for anythingbutexample.com it would be ignored because it is outside of the domain in the question, or out of bailiwick.

Recursive-Query

Assuming the port matches, the response will be passed to the name resolution process which will then verify that the question section in the reply matches the question that was originally asked. This is where use of the bit 0x20 improves transaction identity as someone seeking to spoof a response would need to know how the domain name case was randomized. This effectively encodes one random bit per ASCII letter, this means its additional complexity to spoof is directly proportional to the length of the qname, example:

WWW.DYN.COM 111 111 111
wWw.DyN.CoM 101 101 101
www.DYN.CoM 000 111 101

After reading this you may have a number of questions. How many DNS resolvers have implemented use of bit 0x20 in DNS labels? What percentage of recursive resolvers in the wild are making use of and verifying bit 0x20 in DNS labels? How many of your customers are using these resolvers? These are all great questions as they help expand your mental model of the complexities inherent in the collective global DNS infrastructure. As you seek to answer them for your infrastructure let us know what you find out by tweeting to us @Dyn!


Source: Domain Registration

New eBook Outlines Steps to Optimize Internet Performance in the Cloud

Manchester, NH (September 1, 2015) — Dyn, the worldwide leader in Internet Performance, today published the Dummies Guide to Internet Performance, the definitive educational guide for businesses to optimize Internet speed, security, availability and reachability in the cloud and increase revenues and ROI.

The full eBook, which was authored by Lawrence Miller, MBA, CISSP, a business and IT leader with 25 years experience, can be downloaded for free here.

Internet Performance is an approach to improve the availability, security, speed, and cost-efficiencies of your Internet infrastructure to fuel revenue growth by providing insight into Internet conditions so you can respond effectively to changing Internet dynamics to meet customer expectations.

While most companies focus on how they connect to the Internet, they also need to look at how customers connect to them. Customers don’t view connection issues as an Internet issue, but as a company’s website’s issue. Internet outages, DNS issues, and connectivity issues affect uptime and speed. Cables, connections, peering relationships and protocols all make up the Internet, and all of these have multiple points of failure. With an Internet Performance approach, you can constantly monitor the Internet, looking for problems and opportunities that affect your business and adapt in real-time to make the Internet a competitive edge for your business.

“In today’s dynamic business environment, every business is truly a global business and the Internet can be among your company’s most competitive advantages if leveraged to full effect,” said Matt Toy, SVP, Customer Experience at Dyn. “We hope the Dummies Guide helps business executives to better understand how to fully utilize the Internet to optimize and expand their business and unleash the power of Internet Performance.”

Dyn’s Internet Performance solutions help companies monitor, control and optimize their online infrastructure for an exceptional end-user experience. Dyn continuously monitors Internet Performance using a global sensor network of real-time probes so businesses have real-time visibility and insights into their Internet infrastructure.

“Internet Performance should be a key consideration for any company invested in doing business online,” Miller wrote. “Having insights into your cloud infrastructure, measuring performance and mitigating risks help companies increase sales, build and protect brand loyalty and reputation and generate greater ROI.”

To download the free eBook, please click here. To learn more about Dyn’s Internet Performance offerings visit www.dyn.com.

About Dyn

Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.

Dyn is the leading Internet Performance provider to the most visited web properties in the world, as measured by the Alexa 500. Dyn delivers more brand loyalty, customer satisfaction, and increased sales from startups to Global 2000 companies and businesses in between. Dyn is Internet Performance. Delivered. Visit dyn.com for more info on how Dyn delivers.

Dyn Media Contact
Brendan Mangus | bmangus@dyn.com | 603-296-1529


Source: Domain Registration

New eBook Outlines Steps to Optimize Internet Performance in the Cloud

Manchester, NH (September 1, 2015) — Dyn, the worldwide leader in Internet Performance, today published the Dummies Guide to Internet Performance, the definitive educational guide for businesses to optimize Internet speed, security, availability and reachability in the cloud and increase revenues and ROI.

The full eBook, which was authored by Lawrence Miller, MBA, CISSP, a business and IT leader with 25 years experience, can be downloaded for free here.

Internet Performance is an approach to improve the availability, security, speed, and cost-efficiencies of your Internet infrastructure to fuel revenue growth by providing insight into Internet conditions so you can respond effectively to changing Internet dynamics to meet customer expectations.

While most companies focus on how they connect to the Internet, they also need to look at how customers connect to them. Customers don’t view connection issues as an Internet issue, but as a company’s website’s issue. Internet outages, DNS issues, and connectivity issues affect uptime and speed. Cables, connections, peering relationships and protocols all make up the Internet, and all of these have multiple points of failure. With an Internet Performance approach, you can constantly monitor the Internet, looking for problems and opportunities that affect your business and adapt in real-time to make the Internet a competitive edge for your business.

“In today’s dynamic business environment, every business is truly a global business and the Internet can be among your company’s most competitive advantages if leveraged to full effect,” said Matt Toy, SVP, Customer Experience at Dyn. “We hope the Dummies Guide helps business executives to better understand how to fully utilize the Internet to optimize and expand their business and unleash the power of Internet Performance.”

Dyn’s Internet Performance solutions help companies monitor, control and optimize their online infrastructure for an exceptional end-user experience. Dyn continuously monitors Internet Performance using a global sensor network of real-time probes so businesses have real-time visibility and insights into their Internet infrastructure.

“Internet Performance should be a key consideration for any company invested in doing business online,” Miller wrote. “Having insights into your cloud infrastructure, measuring performance and mitigating risks help companies increase sales, build and protect brand loyalty and reputation and generate greater ROI.”

To download the free eBook, please click here. To learn more about Dyn’s Internet Performance offerings visit www.dyn.com.

About Dyn

Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.

Dyn is the leading Internet Performance provider to the most visited web properties in the world, as measured by the Alexa 500. Dyn delivers more brand loyalty, customer satisfaction, and increased sales from startups to Global 2000 companies and businesses in between. Dyn is Internet Performance. Delivered. Visit dyn.com for more info on how Dyn delivers.

Dyn Media Contact
Brendan Mangus | bmangus@dyn.com | 603-296-1529

You know email authentication is big news when you hear about a lack of it on Good Morning America.

The latest email-driven phishing scam involves E-ZPass, the rather innocuous driving utility designed to help motorists avoid slowing down at highway toll booths.

With thousands and thousands of drivers in 14 states, you can imagine that E-ZPass sends out a lot of transactional email (updates to personal info, updates to billing info, recharges, etc). As the majority of those emails are transactional, they don’t require a lot of thought or engagement.

E-ZPass Phishing Scam

Image: Capitol National Bank

But if you were to get an email that says you have a toll violation or need an account replenishment, you might click through pretty quickly. And if you’re like most of the human race — busy with no patience to spend a lot of time dealing with stuff like this — you probably would pay little mind to clicking a link, entering in some additional info, and going along your way.

But E-ZPass consumers (and even some non-consumers) in seven states and territories have reported emails that look like official E-ZPass emails that are claiming unpaid fees and account violations.

As you might suspect at this point, they’re phishing emails, designed by those trying to trick a small percentage of people into blindly clicking and handing over some key information.

You might be thinking, “Meh, why should they care?” Say you’re E-ZPass and you have to contact users for actual issues in the future. Say those users have heard about this scam in passing, and just assume everything they get from E-ZPass is bad. More of that email gets deleted, customer service calls and inquiries go up, and the costs of a phishing attack get bigger and bigger.

So how did we get here?

Trying to scam people via email isn’t anything new and if you haven’t got an email from a Nigerian prince offering his fortune to you, you’re in the minority. Targeting senior citizens and those that simply don’t know any better, the scam is simple: develop an email that looks like an official company email, include some kind of threatening message or non-ignorable call-to-action, entice the user to click, take them to a phisher-built branded website, get some financial information, and boom: the nightmare begins.

Even as the bigger companies and brands have got smarter about email authentication (the security process in which a company can verify what email comes from them, thus helping prevent those trying to imitate them), that hasn’t deterred the nefarious side of the email world. Rather, those wanting to watch the world burn are simply are moving down the ladder and targeting midsize companies like E-ZPass.

How can companies prevent phishing attacks that involve their brand?

1 – Send all bulk and transactional email through a reputable sender.

Of course, I’d suggest us, but if you’re sending significant amounts of email, just send with someone that has deliverability experts that can help answer questions.

2 – Implement an SPF record on your domain record.

Here’s a how-to that we use, but essentially, your IT team is adding a TXT record to your domain records that verifies that email sent on your domain’s behalf through email service providers, Salesforce, etc is legitimate. Only you have access to make updates to your domain record, so you can see why this is a good way to validate email being sent on behalf of your domain.

3 – Implement DKIM.

This is another form of email authentication that involves a signature that is placed in the header of your email using a private key to encrypt it and a public key that is placed in DNS of the sending domain to decrypt it.

If that has you confused, here’s what happens in simple terms. The receiving mailbox provider (say Yahoo) gets these emails and breaks down the hash to verify what it’s telling them. If a bad guy has intercepted these emails and changed anything at all, the email won’t be decoded, and the email won’t be delivered. Through this process, the sending domain is validated. Success!

From DKIM.org: “Receivers who successfully validate a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behavior.” Best yet, DKIM is also easy to implement. For information’s sake, here’s how set up works in our portal.

4 – Implement DMARC.

Evolving in the past few years, DMARC is another form of email authentication that helps standardize consistencies for both email senders and email receivers. It’s all about security and reliability, and is key in helping to prevent phishing attacks.

Even though it’s relatively young, it took just one year for half of the top 20 sending domains to publish a DMARC policy and 70% of those domains asserted a policy that directed email receivers to take action against unauthenticated email messages. Again, any reputable email sender should be able to help you implement your own DMARC policy. If not, you’re with the wrong sender.

No matter who you send from, implementing email authentication like SPF, DKIM, and DMARC should be easy and well worth your time.

Hey, it could be worse. You could be dealing with E-ZPass’ headaches right about now.

You know email authentication is big news when you hear about a lack of it on Good Morning America.

The latest email-driven phishing scam involves E-ZPass, the rather innocuous driving utility designed to help motorists avoid slowing down at highway toll booths.

With thousands and thousands of drivers in 14 states, you can imagine that E-ZPass sends out a lot of transactional email (updates to personal info, updates to billing info, recharges, etc). As the majority of those emails are transactional, they don’t require a lot of thought or engagement.

E-ZPass Phishing Scam

Image: Capitol National Bank

But if you were to get an email that says you have a toll violation or need an account replenishment, you might click through pretty quickly. And if you’re like most of the human race — busy with no patience to spend a lot of time dealing with stuff like this — you probably would pay little mind to clicking a link, entering in some additional info, and going along your way.

But E-ZPass consumers (and even some non-consumers) in seven states and territories have reported emails that look like official E-ZPass emails that are claiming unpaid fees and account violations.

As you might suspect at this point, they’re phishing emails, designed by those trying to trick a small percentage of people into blindly clicking and handing over some key information.

You might be thinking, “Meh, why should they care?” Say you’re E-ZPass and you have to contact users for actual issues in the future. Say those users have heard about this scam in passing, and just assume everything they get from E-ZPass is bad. More of that email gets deleted, customer service calls and inquiries go up, and the costs of a phishing attack get bigger and bigger.

So how did we get here?

Trying to scam people via email isn’t anything new and if you haven’t got an email from a Nigerian prince offering his fortune to you, you’re in the minority. Targeting senior citizens and those that simply don’t know any better, the scam is simple: develop an email that looks like an official company email, include some kind of threatening message or non-ignorable call-to-action, entice the user to click, take them to a phisher-built branded website, get some financial information, and boom: the nightmare begins.

Even as the bigger companies and brands have got smarter about email authentication (the security process in which a company can verify what email comes from them, thus helping prevent those trying to imitate them), that hasn’t deterred the nefarious side of the email world. Rather, those wanting to watch the world burn are simply are moving down the ladder and targeting midsize companies like E-ZPass.

How can companies prevent phishing attacks that involve their brand?

1 – Send all bulk and transactional email through a reputable sender.

Of course, I’d suggest us, but if you’re sending significant amounts of email, just send with someone that has deliverability experts that can help answer questions.

2 – Implement an SPF record on your domain record.

Here’s a how-to that we use, but essentially, your IT team is adding a TXT record to your domain records that verifies that email sent on your domain’s behalf through email service providers, Salesforce, etc is legitimate. Only you have access to make updates to your domain record, so you can see why this is a good way to validate email being sent on behalf of your domain.

3 – Implement DKIM.

This is another form of email authentication that involves a signature that is placed in the header of your email using a private key to encrypt it and a public key that is placed in DNS of the sending domain to decrypt it.

If that has you confused, here’s what happens in simple terms. The receiving mailbox provider (say Yahoo) gets these emails and breaks down the hash to verify what it’s telling them. If a bad guy has intercepted these emails and changed anything at all, the email won’t be decoded, and the email won’t be delivered. Through this process, the sending domain is validated. Success!

From DKIM.org: “Receivers who successfully validate a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behavior.” Best yet, DKIM is also easy to implement. For information’s sake, here’s how set up works in our portal.

4 – Implement DMARC.

Evolving in the past few years, DMARC is another form of email authentication that helps standardize consistencies for both email senders and email receivers. It’s all about security and reliability, and is key in helping to prevent phishing attacks.

Even though it’s relatively young, it took just one year for half of the top 20 sending domains to publish a DMARC policy and 70% of those domains asserted a policy that directed email receivers to take action against unauthenticated email messages. Again, any reputable email sender should be able to help you implement your own DMARC policy. If not, you’re with the wrong sender.

No matter who you send from, implementing email authentication like SPF, DKIM, and DMARC should be easy and well worth your time.

Hey, it could be worse. You could be dealing with E-ZPass’ headaches right about now.