Email

Blogs

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

The Security Problem with HTML Email

Purists have long objected to HTML email on aesthetic grounds. On functional grounds, it tempts too many sites to put essential content in embedded (or worse yet, remote) images, thus making the messages not findable via search. For these reasons, among others, Matt Blaze remarked that "I've long thought HTML email is the work of the devil". But there are inherent security problems, too (and that, of course, is some of what Matt was referring to). Why? more

I Never Signed Up for This! Privacy Implications of Email Tracking

What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you've read the email, and which device you used to read it. But in a new paper we find that privacy risks of email tracking extend far beyond senders knowing when emails are viewed. Opening an email can trigger requests to tens of third parties, and many of these requests contain your email address. more

Why I Want a .PAYPAL New gTLD

I use Paypal, and I am quite satisfied with how it helps me with my business: it is still a little hard to use, and I don't use all functions of the tool, but it is not so expensive, it is fast and efficient, and Paypal does not send so many emails. In one word, Paypal rocks... The only problem that I have with Paypal is the number of fake emails that I receive. Of course, I easily identify them as they come in and luckily, G Suite (Gmail) does an excellent job at blocking all spam and phishing. more

Email Marketer's Dilemma: Disappearing Domains

On May 31, British broadband provider EE discontinued service for a number of email domains: Orange.net, Orangehome.co.uk, Wanadoo.co.uk, Freeserve.co.uk, Fsbusiness.co.uk, Fslife.co.uk, Fsmail.net, Fsworld.co.uk, and Fsnet.co.uk. These domains were acquired by EE as part of multiple mergers and acquisitions. On their help page, EE explains that the proliferation of free email services with advanced functionality has led to a decrease in email usage at these domains. more

Universal Acceptance of New Top-Level Domains Reloaded

One challenge for all new top-level domains (TLDs) is the so-called Universal Acceptance. Universal Acceptance is a phenomenon as old as TLDs exist and may strike at many occasions... The effect when universal acceptance hits you is that you cannot send or receive email, get error messages or even worse when it looks like everything works but it does not and you do not even get a notification. more

One-Click Unsubscription

Unsubscribing from mailing lists is hard. How many times have you seen a message "please remove me from this list," followed by two or three more pointing out that the instructions are in the footer of every message, followed by three or four more asking people to not send their replies to the whole list (all sent to the whole list, of course,) perhaps with a final message by the list manager saying she's dealt with it? For marketing broadcast lists, it's even worse because there's no list to write to. more

How a Plaintiff Was Undeceived and Lost at Spam Litigation - What Nobody Told You About!

Back in 2003, there was a race to pass spam legislation. California was on the verge of passing legislation that marketers disdained. Thus marketers pressed for federal spam legislation which would preempt state spam legislation. The Can Spam Act of 2003 did just that... mostly. "Mostly" is where litigation lives. According to the Can Spam Act preemption-exception... more

CircleID's Top 10 Posts of 2016

The new year is upon us and it's time for our annual look at CircleID's most popular posts of the past year and highlighting those that received the most attention. Congratulations to all the 2016 participants and best wishes to all in the new year. more

DMARC and Message Wrapping

I have groused at length about the damage that anti-phishing technique DMARC does to e-mail discussion lists. For at least two years list managers and list software developers have been trying to figure out what to do about it. The group that brought us DMARC is working on an un-DMARC-ing scheme called ARC, which will likely help somewhat, but ARC isn't ready yet, and due to ARC's complexity, it's likely that there will be many medium or small mail systems that enforce DMARC and can't or won't use ARC. more

Interest in Cloud-Based Email Infrastructure Grows by 35% in 3rd Quarter of 2016

Cloud-based interest in email infrastructure trended up this past quarter. Port25, a Message Systems Company, tracks cloud-based interest (CBIs) among large volume senders based on evaluation and purchase requests received, in conjunction with overall site engagement. In Q3, CBIs on Port25's website grew by 34.97% over Q2, to a total of 48.2% of unique evaluation and purchase requests. more

Yahoo Collaborating With US Intelligence Agencies

It was revealed yesterday that Yahoo has been scanning people's email for the federal government. This activity was, apparently, authorized by Yahoo CEO Marissa Meyer but not the former CSO Alex Stamos. Mr. Stamos left Yahoo in June 2015. He also publicly disagreed with the director of the NSA back in February 2015 about the NSA having access to encrypted data. more

One-Click Unsubscription

Unsubscribing from mailing lists is hard. How many times have you seen a message "please remove me from this list," followed by two or three more pointing out that the instructions are in the footer of every message, followed by three or four more asking people to not send their replies to the whole list (all sent to the whole list, of course,) perhaps with a final message by the list manager saying she's dealt with it? more

The Kindness of Strangers, or Not

A few days ago I was startled to get an anti-spam challenge from an Earthlink user, to whom I had not written. Challenges are a WKBA (well known bad idea) which I thought had been stamped out, but apparently not. The plan of challenges seems simple enough; they demand that the sender does something to prove he's human that a spammer is unlikely to do. more

News Briefs

Google Launcheds Advanced Protection Program for "High-Risk" Users

Cyberattack on UK Parliament Halts Email Access

Bell Canada Discloses Loss of 1.9 Million Email Addresses to Hacker, Says No Relation to WannaCry

Study Finds $9.8B Opportunity In Universal Acceptance of All New Generic and Internationalized TLDs

Encrypted Email Sign Ups Have Doubled Since Trump Victory, Says PortonMail

NIST Publishes Guide for DNS-Based Email Security, Draft Open for Public Comments

DNC Emails Hacked Using Fake Gmail Login Forms

Massive Cyberattack Aimed at Flooding .Gov Email Inboxes With Subscription Requests

Nearly 1 Million IP Addresses Used by Attackers on a Single Target

Corporate Email Phishing Scams Result in $3.1B Loss, Near 1300% Increase in 18 Months

IPv6 Will Change the Face of Email Filtering, Says Report

Security Firm Recovers Over 272 Million Stolen Credentials from a Collector

U.S. House of Representatives Passes H.R. 699, the Email Privacy Act

Internet Infrastructure Coalition (i2Coalition) Joins M3AAWG to Reduce Hosting Industry Abuse

In Memory of Ray Tomlinson, April 23, 1941 - March 5, 2016

Email More Secure Today Than Two Years Ago, Research Suggests

Group Working on Securing Email Using DNS

Dave Crocker and John Levine Discuss Current Dealings With Spam (Video)

FBI Pushing Plans to Force Surveillance Backdoors on Social Networks, VoIP, and Email Providers

Iran Blocks HTTPS, 30 Million Reported Losing Email Access

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection