Email

Email / Most Commented

Storing VoIP Conversation along with Email as Next Regulation

IT chiefs have been warned to prepare for the possibility of new corporate governance rules that would require them to keep records of voice-over-IP (VoIP) conversations alongside email, instant messaging and other forms of communication.

Speaking at the Symantec user event in San Francisco last week, Jeremy Burton, a senior vice-president at the security specialist, said, "Financial institutions in the US already need to keep voicemail because it is stored on disk. As soon as the regulators figure out that VoIP is a digital stream, they will probably try to force that to be kept as well." more

VoIP Used in New Phishing Scam

Small businesses and consumers aren't the only ones enjoying the cost savings of switching to VoIP. According to messaging-security company Cloudmark, phishers have begun using the technology to steal personal and financial information over the phone.

Earlier this month, Cloudmark trapped an email phishing attack in its security filters that appeared to come from a small bank in a big city and directed recipients to verify their account information by dialing the included number. (The Cloudmark user who received the email and alerted the company knew it was a phishing scam, because he's not a customer at this bank.)  more

Microsoft to Push Adoption of Sender ID at Email Summit

Microsoft Wednesday plans to promote adoption of the Sender ID email specification and introduce a new program for helping ISPs protect the integrity of email messages at the Email Authentication Summit in Chicago.

Citing research figures from MarkMonitor, Craig Spiezle, director of technology care and safety for Microsoft, said that Sender ID use among Fortune 500 companies has increased from 7% in July 2005 to 21%. About 32% of all e-mail sent is Sender ID compliant, added Spiezle, who plans to speak about the adoption of Sender ID at the summit.  more

MIT Spam Conference on Phishing as the Worst Spam Problem

At the fourth annual MIT Spam Conference held in Boston Tuesday, speakers said that while the volume of spam ebbs and flows, the nature of unwanted email is steadily becoming more dangerous...

Fresh from an IETF meeting last week, Sendmail's Chief Science Officer Eric Allman spoke about the progress being made with DomainKeys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that's wending its way through the standards body, and how it can be used to fight phishing. more

Postage is Due for Companies Sending Email

Companies will soon have to buy the electronic equivalent of a postage stamp if they want to be certain that their e-mail will be delivered to many of their customers. America Online and Yahoo, two of the world's largest providers of e-mail accounts, are about to start using a controversial system that gives preferential treatment to messages from companies that pay from 1/4 of a cent to a penny each to have them delivered. The senders must contact only people who have agreed to receive their messages, or risk being blocked entirely. more

New Study Revealing Behind the Scenes of Phishing Attacks

The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more

History of SMTP

The following excerpt is from the Free Software Magazine, March 2005 Issue, written by Kirk Strauser. To read the entire article, you may download the magazine here [PDF]. Also thanks to Yakov Shafranovich for making us aware of this publication. "Spam has existed since at least 1978, when an eager DEC sales representative sent an announcement of a product demonstration to a couple hundred recipients. The resulting outcry was sufficient to dissuade most users from repeating the experiment. This changed in the late 1990s: millions of individuals discovered the internet and signed up for inexpensive personal accounts and advertisers found a large and willing audience in this new medium." more

Something's Cooking at IETF with Email Authentication

A few months ago, Ted Hardie (AD of Applications for the IETF) informed the MARID WG in the closure announcement as follows: "Given the importance of the world-wide email and DNS systems, it is critical that IETF-sponsored experimental proposals likely to see broad deployment contain no mechanisms that would have deleterious effects on the overall system. The Area Directors intend, therefore, to request that the experimental proposals be reviewed by a focused technology directorate..." more

The FTC Authentication Summit

The Federal Trade Commission and NIST had a two-day Authentication Summit on Nov 9-10 in Washington DC. When they published their report explaining their decision not to create a National Do Not Email Registry, the FTC identified lack of e-mail authentication as one of the reasons that it wouldn't work, and the authentication summit was part of their process to get some sort of authentication going. At the time the summit was scheduled, the IETF MARID group was still active and most people expected it to endorse Microsoft's Sender-ID in some form, so the summit would have been mostly about Sender-ID. Since MARID didn't do that, the summit had a broader and more interesting agenda. more

EFF Files Brief in Support of Email Privacy

The Electronic Frontier Foundation (EFF) has submitted a friend-of-the-court brief in a case that could have a profound effect on the privacy of Internet communications. The brief argues that the decision in US v. Councilman, soon to be reheard by the full First Circuit, should be overturned. more

The Rumors of Sender ID's Demise Are Exaggerated

While several news stories are reporting that Sender-ID has been killed, that is not entirely true. While Sender-ID in its current form is dead because of Purported Responsible Address (PRA), the compromise version with MAILFROM and PRA scopes is not. Also, the co-chairs want to stay away from any other alternative algorithms that do RFC2822 checking because of possible Intellectual Property Rights (IPR) claims by Microsoft on that as well. Andrew Newton, one of two co-chairs of the working group, wrote in an email today to the group's discussion forum... more

Email, Privacy, and Engagement

After they finished the tenth installment of their enormous multi-volume history, The Story of Civilization, Will and Ariel Durant wrote a set of thirteen essays entitled The Lessons of History. I happened to pick up this volume yesterday; it's both slim and sweeping. The Durants loved history, and wanted to show their readership what waves and tensions and trends they perceived. It's not a great book, but it's an undeniably forceful one. One essay discusses the essential moral characteristics of individuals, listing six traits and providing "positive" and "negative" descriptions of ways in which people act. more