Update: While we encourage people to write code using the PhishTank API, this specific offer is no longer valid.

We’re looking for someone to write some sample (but working) code to help test an anti-phishing database API we’ve developed and are about to release for public use (for free!). We are busy working on a ton of projects right now and rather than divert our attention to writing plugins and extensions for apps we aren’t familiar with we figured we could pay one or two of you to do it for us instead. The code will be licensed under an open-source approved license, probably the Mozilla license, or something even more open. We basically just want our API to have some example implementations when we launch it next week.

Here’s the problem: time is of the essence! We want to have something ready to go public October 2nd, which means we really want to see a test version by Friday, September 29th. This will give us enough time to work out any bugs (in your code or our API) by the morning of Monday, October 2nd. That’s only a week from today (yikes!).

I want to offer some good incentives for you, especially since time is short. Feel free to pick some or all of the following:

• $300 for a Thunderbird extension which scans an email for URLs and checks them against our API and optionally submits suspected URLs from phishing emails into our API.
• $100 for a SpamAssassin plugin which just scans an email for URLs and checks them against our API
• $100 for another equally as cool open source project like Squid Cache, per our approval via email.
• A free lunch w/ our CEO at a good restaurant if you’re willing to come into San Francisco to have it. Our CEO (me) has good taste and gets to decide what a ‘good restaurant’ is, but it’ll be good.
• A blog post saying how much you rock.
• If you really are good, we are hiring and this is a fast-track way to get through the interview process.

Since you will be one of the first to use our API it might require some back and forth with us as we tune our API. It would help if you used Yahoo IM or AIM and spoke English. Other than that, we are pretty flexible about who you are. We posted a listing at RentACoder for a Thunderbird hacker but haven’t had any bites yet which is why we’re posting here. Unless you hear from us directly (John Roberts or myself) that you are hired, we make no guarantees.

You can post general questions here on the blog but specific questions should be sent to us via email (firstname at opendns dot com will get to John or myself).

We’ve been quiet recently. Too quiet.

Seriously, all of us are focused on two large projects, each of which will see the light of day shortly. Both of these efforts won’t surprise those who have been paying close attention to some of our previous writings.

Just to add to the behind-the-scenes fun, our growth (thank you!) has accelerated some of our storage upgrade plans, since we hate falling behind in our stats processing. As noted on the system status posts [1, 2], DNS services are not affected by stats processing, deliberately — but it means our pretty graphs get stuck until we catch up.

(And, yes, London is still in progress.)

Yesterday we crossed the 4,000,000,000 (That’s four billion!) overall DNS query mark.

More importantly, we also crossed the 100,000,000 (That’s one hundred million!) DNS queries per day mark.

Check it out:

Woo Hoo!

Courtesy of Matt Marshall, I was asked to contribute an article to VentureBeat. You can read my article, “Why do we pay Internet Bad Guys?,” in its entirety over there or below. Matt has some really great stuff on VentureBeat, so go check it out!

Two weeks ago Auren wrote a dead-on post about the Black Hat Tax that really struck a chord with me. I’ve been paying the Tax for five years with my first company, EveryDNS, and for a few months now with my current start-up, OpenDNS. The problem has become much worse in the last few years. Why? Simply put, bad guys are getting paid. Moreover, the Tax is on users as much as its on businesses. Today we see phishing sites, malware and spyware sites growing at an astounding rate.

Consider the example I cite often when discussing the issue with friends: goggle.com (see image below; not providing a link, bad site), the site that might be the most insidious of all typo squatting and malware sites on the Internet. Goggle.com, an obvious typo of google.com, offers an anti-spyware product called SpyBouncer in addition to being filled with pop-up ads (nb: SpyBouncer claims the copyright on the bottom of goggle.com). The website makes a user believe that their computer is currently infected with spyware and that installing SpyBouncer will get rid of it. They say it’s free to try and the program conveniently finds spyware which it will remove for a price, of course.

Symantec and others all claim that this product is a total scam and that it neither detects nor repairs spyware with any accuracy. Thanks to the accidental traffic that lands on goggle.com by unsuspecting users, SpyBouncer has no incentive to make a good product, they can just fool a new batch of users everyday.

Why does a site like goggle.com exist? Because crime pays, but that’s hardly news. Why it doesn’t get shut down by its webhost (DataPipe) is a good question for another time. What I do want to know is… why is SpyBouncer allowed to run Google ads on its Web site (as they do on the top)? Why are these kinds of abusive software programs allowed to purchase AdWords campaigns luring even more users into this trap? Why is Revenue.net paying SpyBouncer to show ads on goggle.com? Why is Google accepting money from fraudulent advertisers which continues the cycle of malware and spyware? This is why users react so negatively to online advertising. It’s not the relevant and unoffensive advertising that they bemoan, it’s the scams and tricks the advertisers and advertising networks spread around the seedier neighborhoods of the Internet.

These kinds of abuse are pretty bad, but what bothers me more is that much of it is being facilitated by companies I respect and admire. People like Ben Edelman have done a lot of research showing the connections between companies like Yahoo and fraudulent advertising practices but that’s not enough. There are so many layers and levels of misdirection that it becomes hard to tell who is paying who and why. As the CEO of a company operating on the Internet, I’m spending money dealing with Internet bad guys who are getting paid to annoy me, my employees and my users. Everyone is wasting their time dealing with this crap while the folks in the money trail keep taking their cut and passing on the buck. When I asked my users what they thought about goggle.com I saw a nearly unanimous response of outrage and frustration. Hundreds of users spoke out on our corporate blog and on sites like Digg.com venting at the absurdity of a site like goggle.com.

It’s time that ad networks cleaned up their act and started being more transparent about fraud and abuse. It’s time security companies started fighting the causes of network abuse and not simply the symptoms. There will always be a Black Hat Tax but right now legitimate companies are making it more expensive. That has to stop.

Phones, PDAs, and every other mobile device smaller than a laptop and bigger than an iPod Shuffle needs DNS for web browsing, among other things. With speedier networks, the mobile web is getting more and more useful…and speedy DNS makes the experience better. Frankly, I had forgotten this obvious use of OpenDNS, until we started seeing our users comment on websites devoted to mobile devices.

Thanks for the reminder!

Change your mobile to OpenDNS

Today, we added instructions about how to change DNS on your mobile device, with our first entries covering Windows Mobile and Palm OS 5 (Treo).

Help us provide more details

Mobile devices are even more numerous and diverse than routers, so I’d love your help in two areas.

First: let us know which other devices most need instructions for changing to OpenDNS. Please include carriers and countries, if informative.

Second: if you’d like to write instructions to share your personal knowledge, I’d welcome the assistance. Send instructions and/or screenshots to our contact email address or link to instructions in the comments here.

Note: I’m still working out how I might expense a Sony PSP so I can write up instructions about how to use OpenDNS on this (ahem) “productivity” device.