Email

Blogs

Dealing With DMARC

DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has 'From:' addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's own mail systems. If the mail is phish or spam, that's good, but when it's mailing lists or a newspaper's mail-an-article, it's no so good. more»

Universal Acceptance of All TLDs Now!

Universal acceptance of top level domains hasn't really meant much to most Internet users up until now. As long as .COM was basically the default TLD, there wasn't much of an issue. No longer. With 263 delegated strings (according to ICANN's May 12, 2014 statistics) adding to the existing 22 gTLDs that were already live on the net after the 2004 round of Internet namespace expansion, the problem of universal acceptance gets very real. more»

AOL Has a Security Hole, and It's Our Problem

Two weeks ago I wrote about Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty. Yahoo used an emerging system called DMARC, which was intended to fight phishing of often forged domains like paypal.com. A domain owner can publish a DMARC "reject" policy which, oversimplifying a little, tells the world that if mail with their name on the 'From:' line didn't come from their servers, it's not from them so you should reject it. more»

Yahoo Addresses a Security Problem by Breaking Every Mailing List in the World

DMARC is what one might call an emerging e-mail security scheme. It's emerging pretty fast, since many of the largest mail systems in the world have already implemented it, including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo. DMARC lets a domain owner make assertions about mail that has their domain in the address on the 'From:' line. It lets the owner assert that mail will have a DKIM signature with the same domain, or an envelope return (bounce) address in the same domain that will pass SPF validation. more»

Fine Grained Mail Filtering With IPv6

One of the hottest topics in the email biz these days (insofar as any topic is hot) is how we will deal with mail on IPv6 networks. On existing IPv4 networks, one of the most effective anti-spam techniques is DNSBLs, blackists (or blocklists) that list IP addresses that send only or mostly spam, or whose owners have stated that they shouldn't be sending mail at all. DNSBLs are among the cheapest of anti-spam techniques since they can be applied to incoming mail connections without having to receive or filter spam. more»

The Naive Arrogance of FUSSPs

Everyone who's been in the e-mail biz long enough knows the term FUSSP, Final Ultimate Solution to the Spam Problem, as described in a checklist from Vern Schryver and a form response that's been floating around the net for a decade. FUSSPs fall into two general categories, bad ideas that won't go away, and reasonable ideas that are oversold. more»

2014 M3AAWG Mary Litynski Award Nominations Now Being Accepted

In 2010 the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the Internet industry as a whole lost a great friend and supporter, Mary Litynski. Her dedication, excellence, perseverance and tireless work behind the scenes of M3AAWG helped make the organization the success that it is today. Through this award, M3AAWG seeks to bring attention to the remarkable work that is done far from the public eye over a significant period of time... more»

The Death of IP Based Reputation

Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation. more»

Different Focus on Spam Needed

It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that the global volume of spam has come down a lot since its peak in late 2008. At the same time, despite some recent small decreases, the catch rates of spam filters remain generally high... A world in which email can be used without spam filters is a distant utopia. Yet, the decline of spam volumes and the continuing success (recent glitches aside) of filters have two important consequences. more»

The Spamhaus Distributed Denial of Service - How Big a Deal Was It?

If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more»

Making Multi-Language Mail Work (Part 3)

In the previous installments we looked at software changes in mail servers, and in the software that lets user mail programs pick up mail. What has to change in the user mail programs? ... The first and most obvious is that users have to be able to enter the addresses. more»

Making Multi-Language Mail Work (Part 2)

In the previous instalment we looked at the software changes needed for mail servers to handle internationalized mail, generally abbreviated as EAI. When a message arrives, whether ASCII or EAI, mail servers generally drop it into a mailbox and let the user pick it up. The usual ways for mail programs to pick up mail are POP3 and IMAP4. more»

Making Multi-Language Mail Work (Part 1)

Mail software consists of a large number of cooperating pieces, described in RFC 5598. A user composes a message with a Mail User Agent (MUA), which passes it to a Mail Submission Agent (MSA), which in turn usually passes it to a sequence of Mail Transfer Agents (MTAs), which eventually hand it to a Mail Delivery Agent (MDA) to place it in the user's mail store. If the recipient user doesn't read mail on the same computer with the mail store (as is usually the case these days) POP or IMAP transfers the mail to the recipient's MUA. more»

A Simpler Approach to an Email Deliverability Metric

The term Email Deliverability is used to describe how well a mail flow can reach its intended recipients. This has become a cornerstone concept when discussing quality metrics in the email industry and as such, it is important to understand how to measure it. Email Deliverability is considered to be affected by a mythical metric, the reputation of the sender, which is a measure of that sender behavior over time -- and the reactions of the recipients to his messages. more»

A Copycat Canadian Privacy Suit Against Gmail

In July, several people filed attempted class action suits against Google, on the peculiar theory that Gmail was spying on its own users' mail. One of the suits was in Federal court, the other two in California state court, but the complaints were nearly identical so we assume that they're coordinated.Now we have a similar suit filed in provincial court in British Columbia, Canada. more»

News Briefs

FBI Pushing Plans to Force Surveillance Backdoors on Social Networks, VoIP, and Email Providers

Iran Blocks HTTPS, 30 Million Reported Losing Email Access

Happy Canada Day from the CRTC

Chinese Newspaper Warns Google Against Playing a Risky Political Game

New Anti-phishing Initiative Introduced by Yahoo!

Google: China Interfering with Gmail and Attempting to Conceal the Act

Microsoft, Federal Agencies Take Down Rustock Botnet

Conflict Over Efforts to Develop a Best-Practices Document for Blacklist Operators

Canadian "Fighting Internet and Wireless Spam Act" Introduced Into the House of Commons

Spamhaus Uncovers Fake DNSBL: nszones.com

German High Court Says No to Retaining Telecom, Email Data for Tracking Criminal Networks

A Word of Warning About Your Haiti Charity Donations

Addressing Search Engine, Website, and Provider Accountability for Illicit Online Drug Sales

Project Honey Pot: 1 Billion Spammers Served

C-27 Canada's Electronic Commerce Protection Act passes Committee Review

The Phishing Scams That Affected Users of Hotmail, Gmail and Yahoo! is Spreading

One Third of Companies Employing Staff to Monitor Content of Outbound Email, According to Survey

Spam Bouncing Back to Original Levels Despite Major Shutdowns

Spam Now Over 90% of All Email, Increasing Volumes Involve Social Networking Sites

US Military Shopping for Email Defense System to Scan 50 Million Inbound Messages a Day

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection