This is my first post to this blog and probably a good time to introduce myself as one of the developers here at OpenDNS. I do a lot of work on Domain Tagging, and in the past few weeks have made a bunch of changes that make Domain Tagging faster than ever. That means domains get verified faster, added to categories faster and blocked faster.

I’d also like to welcome 7 new moderators we brought onboard this week. We’re really happy to have them help out, and I’m sure they’re also excited to be a part of the moderator community. So welcome guys, you’re a huge asset to a great community!

The Domain Tagging system has been a huge success for us, and for everyone who uses it. Here’s a few numbers to illustrate:

31: The number of categories the system had when we launched in late February.

53: The number of categories in the Domain Tagging system today.

15,000: The number of decided domains in the “Proxy/Anonymizer” category.

Note: This number doesn’t even include the domains from St. Bernard, which number in the millions.

418,701: The number of decided domains system-wide.

903,536: Number of domains submitted to Domain Tagging (so close to a milestone…)

4 Million: The number of Internet users whose experience is made safer by Domain Tagging.

Have a great weekend!

We just launched a subtle new feature for all OpenDNS account holders (it’s free) that helps protect against a class of DNS vulnerabilities known as DNS Rebinding attacks. In short, these attacks take advantage of design flaws or weaknesses in how some Internet applications (notably web browsers) cache DNS data so that internal network resources can be accessed by external servers regardless of firewall settings.

This can happen because the browser (or similarly exploitable vector) acts as a conduit between the private internal resource and the external server. In plain English this means that some bad guy on the Internet can access your home access point, wireless access point, internal file server or any other networked device on your network just by getting you to load some javascript on a webpage.

While this might seem like a browser issue, it’s fundamentally a DNS issue. This is why OpenDNS created what will become a new class of filtering tools called Suspicious Response Filters.

These new filters are different from the filtering options we’ve offered to date in one important way. Rather than filtering based on the DNS question being asked (eg, “Where is foo.com?”) these filters inspect the DNS reply before we send it back to you (eg, “Does this reply point to an internal resource?”). Like most of our features, this is an industry first. No other major DNS software or service offers anything like this.

When I started OpenDNS I often told people one of my main goals was to design a global DNS service that empowered people to let the good DNS in and keep the bad DNS out, for whatever definition of good and bad they had. This feature gets us one step closer to delivering on that promise.

The feature is turned off by default, but I encourage everyone to go into your account and turn it on. Those of you with domains that point to private address space legitimately (to your intranet, for example) should also visit the domain whitelist page and whitelist your domain. Naturally, any domain in your whitelist will not have its responses filtered in any way and will be explicitly allowed.

This morning we launched a new service that will undoubtedly change the way budget-conscious network operators and IT administrators filter Web content. The system that powers the service is inspired by the success of PhishTank, our anti-phishing site, and works in a similar way. By leveraging the intelligence of our community (all of you) and our global network of servers we can provide a level Web content filtering that is robust and effective. And, like everything else we do here, we’re offering this for free.

Here’s how our game-changing system works:

People add Web sites to our system and tag them with a category. For example YouTube.com would be appropriately tagged “video sharing” and MySpace.com would be appropriately tagged “Social Networks.” Other users come along and verify the accuracy of the submitters tag by voting. Once a site crosses a predetermined threshold of votes, it gets added into the category in the OpenDNS system. All this adding and voting happens on our new Community Site - if you haven’t yet seen it, stop by and cast a few votes. Every day this system will get more and more comprehensive, thanks to the help of 100s of 1000s of IT folks who have accounts with us and the millions of OpenDNS users.

You probably already understand why this is far superior to the way security companies categorize sites and deliver filtering services, but allow me to explain briefly the three main reasons our service is better:

• It’s more comprehensive. Our system has tens of thousands of people like you submitting and verifying the accuracy of Web sites’ inclusion in categories. This is in stark contrast to the handful of people employed for this job by security companies.
• It’s faster moving. New Web sites and changes to existing Web sites are constantly being published to the Internet. Other Web content filtering tools update only once nightly, or even less frequently, and therefore fail to catch and categorize everything right away. OpenDNS has the advantage of tens of thousands of people adding and tagging sites at any given time, so users benefit from real-time updates.
• It’s free to use. No longer are you forced to pay top dollar to security companies simply to protect your networks.

Log in to your dashboard now and you’ll see the new filtering categories available to you, and know it will get better and more thorough with time. We launched with just over 30 categories, but if you have a need to block a category not represented in our system let us know and we’ll be happy to accommodate.

Finally, this service (like everything else we offer) is optional and can be enabled in your free OpenDNS account. Let us know if you have any feedback, about any part of the system or how it works. We built this for you.

OpenDNS is for everyone. And by everyone, I mean everyone; moms, dads, kids, nerds, jocks, etc. We recently found out that our use of a CAPTCHA meant we were excluding blind and visually impaired people from using portions of our service. Thanks to some quick coding by Cory, we had an audio version of the CAPTCHA launched to solve the problem.

I was surprised at how easy it was to implement and I’d encourage anyone who uses a CAPTCHA to consider offering an audio alternative. There is a huge population of Internet-savvy blind and visual impaired users on the Internet who are well worth your time and effort to accommodate. If you want help with doing this on your site, we’d be happy to show you how we did it.

OpenDNS U is a webinar series we’re kicking off next week. We rounded up all the questions you’ve asked us over the past several months and designed a series of webinars to address them. The entire series is designed squarely with you in mind.

The first one, hosted by CEO David Ulevitch, is happening next Wednesday, January 30, at 11 a.m. PST. The topic is one we know lots of you will excited about “Using OpenDNS stats to your advantage: How to understand and act on statistical data about your network.” Here’s a more thorough description:

Your OpenDNS statistics are rich with data that can help you spot problems before they become headaches. Attend this 30 minute webinar and learn how to block hosts from your stats dashboard, adjust timescales to see trends emerge over time, filter lists based on domains, and much more!

We like our webinars short and sweet, so all of them will be just 30 minutes in length.

Invite friends and register here.