Email

Noteworthy

Blogs

Logjam, Openssl and Email Deliverability

RHEL6/Centos6 (and presumably RHEL7/Centos7) machines with the latest openssl packages now refuse SSL connections with DH keys shorter than 768 bits. Consider RHEL6 sendmail operating as a client, sending mail out to a target server. If the target server advertises STARTTLS, sendmail will try to negotiate a secure connection. This negotiation uses openssl, which will now refuse to connect to mail servers that have 512 bit DH keys. The maillog will contain entries with "reject=403 4.7.0 TLS handshake failed". more»

The Cycle of E-Mail Security

Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology... Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great. more»

Rodney Joffe Wins a Well-Deserved Mary Litynski Award

Every year M3AAWG gives an award for lifetime work in fighting abuse and making the Internet a better place. Yesterday at its Dublin meeting they awarded it to Rodney Joffe, who has been quietly working for over 20 years. I can't imagine anyone who deserves it more. more»

Facebook and PGP

Facebook just announced support for PGP, an encrypted email standard, for email from them to you. It's an interesting move on many levels, albeit one that raises some interesting questions. The answers, and Facebook's possible follow-on moves, are even more interesting. The first question, of course, is why Facebook has done this. It will only appeal to a very small minority of users. Using encrypted email is not easy. more»

M3AAWG & i2Coalition Collaborate on Best Practices on Anti-Abuse in Hosting & Cloud Environments

I am excited to announce the recent release of the industry first Best Common Practices document for Cloud and Hosting providers for addressing abuse issues that was created by M3AAWG and the i2Coalition. M3AAWG has been collaborating with the Best Practices Working Group of the i2Coalition over the past 2 years to discuss ways to solve malicious activity within hosting and cloud ecosystems.  more»

End-to-End Email Encryption - This Time For Sure?

Phil Zimmerman's Pretty Good Privacy (PGP) and its offspring have been encrypting and decrypting email for almost 25 years -- but require enough knowledge and determination to use them that adoption has never taken off outside the technoscenti. Now initiatives from several quarters aim to fix that -- but will it all "just work," and will end users adopt it even if it does? more»

Who Is Sending Email As Your Company?

You might expect that the IT department or security team knows who's sending email using your company's domains. But for a variety of reasons these groups are often unaware of many legitimate senders -- not to mention all the bad actors. Fortunately you can get a more complete view by using DMARC's reporting features. How does it happen? Product teams managing a new product launch or customer survey hire marketing consultants and Email Service Providers (ESP)... more»

When DNSBLs Go Bad

I have often remarked that any fool can run a DNS-Based Blacklist (DNSBL) and many fools do so. Since approximately nobody uses the incompetently run black lists, they don't matter. Unfortunately, using a DNSBL requires equally little expertise, which becomes a problem when an operator wants to shut down a list. When someone sets up a mail server (which we'll call an MTA for Mail Transfer Agent), one of the tasks is to configure the anti-spam features, which invariably involves using DNSBLs. more»

Email Vendors: Time to Build in DMARC

DMARC is extremely useful, yet I've heard some vendors are putting their implementations on hold because of the IETF DMARC working group. You really shouldn't wait though -- it's been in wide use for nearly three years, enterprises are looking at DMARC for B2B traffic, and the working group charter is limited in it's scope for changes. Let's compare this to a similar situation in the past. more»

The EFF and Hanlon's Razor

The EFF has just posted a shallower than usual deeplink alleging an "email encryption downgrade attack" by ISPs intent on eavesdropping on their customers. They, along with VPN provider Golden Frog, have additionally complained to the FCC reporting this. Here, they've just noticed something that's common across several hotel / airport wifi networks... more»

A Look at the Origins of Network Email

The history of long distance communication is a fascinating, and huge, subject. I'm going to focus just on the history of network email -- otherwise I'm going to get distracted by AUTODIN and semaphore and facsimile and all sorts of other telegraphy. Electronic messaging between users on the same timesharing computer was developed fairly soon after time-sharing computer systems were available, beginning around 1965 -- including both instant messaging and mail. more»

Call for Nominations: M3AAWG J. D. Falk Award Seeks Stewards of a Better Online World

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them.  more»

Gmail Now Supports Internationalized Domain Names

If your first language isn't English and you don't use the Latin character set you can and will run into barriers. While Internationalized Domain Names (IDNs) i.e. domain names where either the left of the dot, the right of the dot or the entire string is in characters other than Latin ones, do exist and have existed for a number of years not all services work well with them. more»

Dealing With DMARC

DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has 'From:' addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's own mail systems. If the mail is phish or spam, that's good, but when it's mailing lists or a newspaper's mail-an-article, it's no so good. more»

Universal Acceptance of All TLDs Now!

Universal acceptance of top level domains hasn't really meant much to most Internet users up until now. As long as .COM was basically the default TLD, there wasn't much of an issue. No longer. With 263 delegated strings (according to ICANN's May 12, 2014 statistics) adding to the existing 22 gTLDs that were already live on the net after the 2004 round of Internet namespace expansion, the problem of universal acceptance gets very real. more»

News Briefs

Dave Crocker and John Levine Discuss Current Dealings With Spam (Video)

FBI Pushing Plans to Force Surveillance Backdoors on Social Networks, VoIP, and Email Providers

Iran Blocks HTTPS, 30 Million Reported Losing Email Access

Happy Canada Day from the CRTC

Chinese Newspaper Warns Google Against Playing a Risky Political Game

New Anti-phishing Initiative Introduced by Yahoo!

Google: China Interfering with Gmail and Attempting to Conceal the Act

Microsoft, Federal Agencies Take Down Rustock Botnet

Conflict Over Efforts to Develop a Best-Practices Document for Blacklist Operators

Canadian "Fighting Internet and Wireless Spam Act" Introduced Into the House of Commons

Spamhaus Uncovers Fake DNSBL: nszones.com

German High Court Says No to Retaining Telecom, Email Data for Tracking Criminal Networks

A Word of Warning About Your Haiti Charity Donations

Addressing Search Engine, Website, and Provider Accountability for Illicit Online Drug Sales

Project Honey Pot: 1 Billion Spammers Served

C-27 Canada's Electronic Commerce Protection Act passes Committee Review

The Phishing Scams That Affected Users of Hotmail, Gmail and Yahoo! is Spreading

One Third of Companies Employing Staff to Monitor Content of Outbound Email, According to Survey

Spam Bouncing Back to Original Levels Despite Major Shutdowns

Spam Now Over 90% of All Email, Increasing Volumes Involve Social Networking Sites

Most Viewed

Most Commented

Port25 Updates – Sponsor

Case Study: Emergency Response Systems Rely on Timely Messaging Through PowerMTA

Boasting delivery rates of over 5MM messages per hour, eAlert from MIS Sciences is United States' leading emergency alert notification system. An extremely reliable and flexible system was key for handling the delivery of several million high-priority messages each day. ›››

Port25 Announces Next Major Release of Its Email Delivery Solution, PowerMTA

Port25 separates itself further from the competition with the release of PowerMTA v4.5, and one of the noteworthy options in this release is Scheduled Delivery Control. ›››

Case Study: How PowerMTA Transparent Deliverability Metrics Paves Way for Email Service Provider

Communicator Corporation is an ESP with a different approach to email delivery. Unlike other ESPs, they allow each client to take ownership of their deliverability, which helps clients understand and appreciate that delivery is not just something for which their ESP is responsible. ›››

Case Study: MailChimp Achieves Efficient Execution and Reliability with PowerMTA

With over 5 million users, and delivering over 16 billion emails per month, MailChimp is one of the most highly regarded Email Service Providers, especially among those focused on small and medium sized businesses. ›››

Case Study: Emma Swaps Its SMTP Infrastructure for PowerMTA to Handle Growing Mail Volume

A major obstacle that drove Emma to consider PowerMTA was an expected forthcoming collision between mail volumes that had risen to 375M messages/ month, and its 10-year-old, home-grown PHP-based system. ›››

Case Study: Email Service Provider GetResponse Scales with PowerMTA

With expansion on the horizon, email marketing company gets more out of its hardware to meet growing demand. GetResponse CEO, Simon Grabowski, says PowerMTA's features remove barriers that prevented the company from offering customers a high level of service without growing pains. ›››

Case Study: How PowerMTA Helped Forfront With Its Growing Message Volume

UK-based email marketing solutions provider Forfront is a private company that serves over 1000 users sending 120 million emails per month. ›››

Industry Updates

Participants – Random Selection