Email

Blogs

RIP Don Blumenthal

It is with a heavy heart that we note the passing of a dear friend, colleague and member of the CAUCE board of directors, Don Blumenthal, on September 28, 2019, in Ann Arbor, Michigan. He was 67. Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous 'Spam Fridge,' the repository of junk email maintained by the Federal Trade Commission (FTC). more

Spam Is Never Timely Nor Relevant

One of the ongoing recommendations to improve deliverability is to send email that is timely and relevant to the recipient. The idea being that if you send mail a recipient wants, they're more likely to interact with it in a way that signals to the mailbox provider that the message is wanted. The baseline for that, at least whenever I've talked about timely and relevant, is that the recipient asked for mail from you in the first place. more

How Domain Data Helps Thwart BEC Fraud

It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more

Business Email Compromised (BEC) Scams Explode Under the GDPR Implementation

Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more

What Does It Mean to Deploy DMARC?

The IETF's DMARC working group is thinking about a maintenance update to the DMARC spec, fixing bits that are unclear and perhaps changing it where what mail servers do doesn't exactly agree with what it says. Someone noted that a lot of mailers claim to have "deployed DMARC," and it's not at all clear what that really means. ... I've suggested that we could write a DMARC deployment guide that describes the parts of DMARC, the ways they interact and in what sequence it's useful to deploy them. If you'd find that useful, leave a comment. more

Spamtraps Are Overblown… by Senders

One of the fascinating parts of my job is seeing how different groups in email have radically disparate points of view. A current example is how much value senders put on spamtraps compared to ISPs and filtering companies. I understand why this is. In all too many cases, when a sender asks why they're mail is going to bulk or being blocked, the answer is "you're hitting spamtraps." The thing is, spamtraps are almost never the only reason mail is being blocked. more

Who Played a Major Role in Advancing the Internet? Nominations Open for 2019 Internet Hall of Fame

Do you know someone who has played a major role in the development and advancement of the Internet? Now is the time to recognize their contribution. Nominate them for the 2019 Internet Hall of Fame. With more than 100 inductees, the Internet Hall of Fame celebrates Internet pioneers and innovators who have pushed the boundaries to bring the Internet to life and make it an essential resource for billions of people today. more

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

GDPR PII Time-Bomb? Kill it With Fire!

Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more

The Security Problem with HTML Email

Purists have long objected to HTML email on aesthetic grounds. On functional grounds, it tempts too many sites to put essential content in embedded (or worse yet, remote) images, thus making the messages not findable via search. For these reasons, among others, Matt Blaze remarked that "I've long thought HTML email is the work of the devil". But there are inherent security problems, too (and that, of course, is some of what Matt was referring to). Why? more

I Never Signed Up for This! Privacy Implications of Email Tracking

What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you've read the email, and which device you used to read it. But in a new paper we find that privacy risks of email tracking extend far beyond senders knowing when emails are viewed. Opening an email can trigger requests to tens of third parties, and many of these requests contain your email address. more

Why I Want a .PAYPAL New gTLD

I use Paypal, and I am quite satisfied with how it helps me with my business: it is still a little hard to use, and I don't use all functions of the tool, but it is not so expensive, it is fast and efficient, and Paypal does not send so many emails. In one word, Paypal rocks... The only problem that I have with Paypal is the number of fake emails that I receive. Of course, I easily identify them as they come in and luckily, G Suite (Gmail) does an excellent job at blocking all spam and phishing. more

Email Marketer's Dilemma: Disappearing Domains

On May 31, British broadband provider EE discontinued service for a number of email domains: Orange.net, Orangehome.co.uk, Wanadoo.co.uk, Freeserve.co.uk, Fsbusiness.co.uk, Fslife.co.uk, Fsmail.net, Fsworld.co.uk, and Fsnet.co.uk. These domains were acquired by EE as part of multiple mergers and acquisitions. On their help page, EE explains that the proliferation of free email services with advanced functionality has led to a decrease in email usage at these domains. more

Universal Acceptance of New Top-Level Domains Reloaded

One challenge for all new top-level domains (TLDs) is the so-called Universal Acceptance. Universal Acceptance is a phenomenon as old as TLDs exist and may strike at many occasions... The effect when universal acceptance hits you is that you cannot send or receive email, get error messages or even worse when it looks like everything works but it does not and you do not even get a notification. more

One-Click Unsubscription

Unsubscribing from mailing lists is hard. How many times have you seen a message "please remove me from this list," followed by two or three more pointing out that the instructions are in the footer of every message, followed by three or four more asking people to not send their replies to the whole list (all sent to the whole list, of course,) perhaps with a final message by the list manager saying she's dealt with it? For marketing broadcast lists, it's even worse because there's no list to write to. more

News Briefs

281 Arrested Worldwide by US Federal Authorities in Connection With Business Email Compromise Scheme

Phishing Attacks Targeting Executives Now Top Cybersecurity Insurance Claims, Says AIG

Phishers Increasingly Targeting SaaS and Webmail Services, APWG Reports

Gmail Is Blocking 100 Million More Spam Messages Every Day With AI, Says Google

Former ICANN Security VP Joins CAUCE Board of Directors

Criminals Using New Phishing Techniques to Hide from Victims and Investigators, Reports APWG

Strange Email Used to Inform Marriott Customers About the Massive Data Breach

Most Government Domains in the US Have Adopted Email Authentication Program to Prevent Fake Emails

Google Launcheds Advanced Protection Program for "High-Risk" Users

Cyberattack on UK Parliament Halts Email Access

Bell Canada Discloses Loss of 1.9 Million Email Addresses to Hacker, Says No Relation to WannaCry

Study Finds $9.8B Opportunity In Universal Acceptance of All New Generic and Internationalized TLDs

Encrypted Email Sign Ups Have Doubled Since Trump Victory, Says PortonMail

NIST Publishes Guide for DNS-Based Email Security, Draft Open for Public Comments

DNC Emails Hacked Using Fake Gmail Login Forms

Massive Cyberattack Aimed at Flooding .Gov Email Inboxes With Subscription Requests

Nearly 1 Million IP Addresses Used by Attackers on a Single Target

Corporate Email Phishing Scams Result in $3.1B Loss, Near 1300% Increase in 18 Months

IPv6 Will Change the Face of Email Filtering, Says Report

Security Firm Recovers Over 272 Million Stolen Credentials from a Collector

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection