Email

Email / Most Commented

Stop! Don't Forward That E-mail!

Forwarding e-mail is so easy that it must be legal, right? Not everyone thinks so. Ned Snow at the University of Arkansas recently wrote A Copyright Conundrum: Protecting Email Privacy that argues that forwarding violates the sender's copyright rights, so it's not. The article is quite clever and is (as best I can tell, not being a legal historian) well researched, even if you agree with me that its conclusions are a bunch of codswallop... more

Spamhaus Policy Block List Update

Recently, I wrote about the Spamhaus Policy Block List (PBL), suggesting senders encourage their network/connectivity service providers (whomever they lease or purchase IP addresses from) to list their illegitimate email-sending IPs as a step towards improving the overall email stream on the internet. The initial PBL was seeded with listings from the Dynablock NJABL ("Not Just Another Bogus List"), which at the time of the cut-over was at more than 1.9 million entries... more

Phishing Attacks Surpass Viruses and Trojans

Phishing attacks have outnumbered emails infected with viruses and Trojan horse programs for the first time, according to security experts.

...The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs. more

Email Security an Ongoing Battle, Focus on Manageable Risk Instead

The IT industry will never eradicate security threats to email systems and organizations should take a holistic approach to securing their communication systems to the level where they believe risk is at a manageable state, according to panelists at this week's Inbox email conference in San Jose...

At a packed panel session on email accreditation and reputation, the panelist told audience members that reputation services have taken off rapidly. These services profile the sender's behavior to determine the likelihood that a message is legitimate or spam. The sender's reputation is determined based on multiple criteria then assigned to categories, or lists. more

AOL to Let Email Address Customization Based On User Domain Names

AOL is testing a program to let its members customize their AOL Mail address by using a domain name of their choice instead of the default aol.com... The move is another attempt by AOL to increase the allure of the services it provides paying customers, who have been cancelling their AOL subscriptions at an alarming rate in the past several years.

Google has been conducting a similar test on its Gmail service. more

Storing VoIP Conversation along with Email as Next Regulation

IT chiefs have been warned to prepare for the possibility of new corporate governance rules that would require them to keep records of voice-over-IP (VoIP) conversations alongside email, instant messaging and other forms of communication.

Speaking at the Symantec user event in San Francisco last week, Jeremy Burton, a senior vice-president at the security specialist, said, "Financial institutions in the US already need to keep voicemail because it is stored on disk. As soon as the regulators figure out that VoIP is a digital stream, they will probably try to force that to be kept as well." more

VoIP Used in New Phishing Scam

Small businesses and consumers aren't the only ones enjoying the cost savings of switching to VoIP. According to messaging-security company Cloudmark, phishers have begun using the technology to steal personal and financial information over the phone.

Earlier this month, Cloudmark trapped an email phishing attack in its security filters that appeared to come from a small bank in a big city and directed recipients to verify their account information by dialing the included number. (The Cloudmark user who received the email and alerted the company knew it was a phishing scam, because he's not a customer at this bank.)  more

Microsoft to Push Adoption of Sender ID at Email Summit

Microsoft Wednesday plans to promote adoption of the Sender ID email specification and introduce a new program for helping ISPs protect the integrity of email messages at the Email Authentication Summit in Chicago.

Citing research figures from MarkMonitor, Craig Spiezle, director of technology care and safety for Microsoft, said that Sender ID use among Fortune 500 companies has increased from 7% in July 2005 to 21%. About 32% of all e-mail sent is Sender ID compliant, added Spiezle, who plans to speak about the adoption of Sender ID at the summit.  more

MIT Spam Conference on Phishing as the Worst Spam Problem

At the fourth annual MIT Spam Conference held in Boston Tuesday, speakers said that while the volume of spam ebbs and flows, the nature of unwanted email is steadily becoming more dangerous...

Fresh from an IETF meeting last week, Sendmail's Chief Science Officer Eric Allman spoke about the progress being made with DomainKeys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that's wending its way through the standards body, and how it can be used to fight phishing. more

Postage is Due for Companies Sending Email

Companies will soon have to buy the electronic equivalent of a postage stamp if they want to be certain that their e-mail will be delivered to many of their customers. America Online and Yahoo, two of the world's largest providers of e-mail accounts, are about to start using a controversial system that gives preferential treatment to messages from companies that pay from 1/4 of a cent to a penny each to have them delivered. The senders must contact only people who have agreed to receive their messages, or risk being blocked entirely. more

New Study Revealing Behind the Scenes of Phishing Attacks

The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more

History of SMTP

The following excerpt is from the Free Software Magazine, March 2005 Issue, written by Kirk Strauser. To read the entire article, you may download the magazine here [PDF]. Also thanks to Yakov Shafranovich for making us aware of this publication. "Spam has existed since at least 1978, when an eager DEC sales representative sent an announcement of a product demonstration to a couple hundred recipients. The resulting outcry was sufficient to dissuade most users from repeating the experiment. This changed in the late 1990s: millions of individuals discovered the internet and signed up for inexpensive personal accounts and advertisers found a large and willing audience in this new medium." more

Something's Cooking at IETF with Email Authentication

A few months ago, Ted Hardie (AD of Applications for the IETF) informed the MARID WG in the closure announcement as follows: "Given the importance of the world-wide email and DNS systems, it is critical that IETF-sponsored experimental proposals likely to see broad deployment contain no mechanisms that would have deleterious effects on the overall system. The Area Directors intend, therefore, to request that the experimental proposals be reviewed by a focused technology directorate..." more

The FTC Authentication Summit

The Federal Trade Commission and NIST had a two-day Authentication Summit on Nov 9-10 in Washington DC. When they published their report explaining their decision not to create a National Do Not Email Registry, the FTC identified lack of e-mail authentication as one of the reasons that it wouldn't work, and the authentication summit was part of their process to get some sort of authentication going. At the time the summit was scheduled, the IETF MARID group was still active and most people expected it to endorse Microsoft's Sender-ID in some form, so the summit would have been mostly about Sender-ID. Since MARID didn't do that, the summit had a broader and more interesting agenda. more

EFF Files Brief in Support of Email Privacy

The Electronic Frontier Foundation (EFF) has submitted a friend-of-the-court brief in a case that could have a profound effect on the privacy of Internet communications. The brief argues that the decision in US v. Councilman, soon to be reheard by the full First Circuit, should be overturned. more