During the Black Hat DC 2008 security conference, security researchers urged companies and political organizations to put more effort into registering mis-typed versions of their primary domain names. In addition to protecting visitors to websites, this is also to prevent emails from accidentally leaking out... As part of an investigation, researchers from Symantec registered 124 domains consisting of common misspellings of the primary domains of candidates in the U.S. presidential election. As reported, in a strictly controlled experiment, a mail server was used to count the number of email messages sent to the misspelled domains, finding 1,121 connection attempts from 12 distinct IP addresses in a 24-hour period. more»
European spam networks have pumped out more unsolicited email than those in the U.S. for the third month in a row, according to security vendor Symantec. This movement is called a "significant shift" in spam trends as, historically, compromised U.S. computers have been used to send spam, and many spammers have been U.S.-based. Security experts suspect gangs are taking advantage of the increasing European broadband market. more»
With Google's recent Postini addition, it now reports to be processing email for more than 35,000 businesses and 12 million end users, and blocking around 1 billion messages per day... "We saw a peak of activity in October 2007 where volume was a 263 percent increase from September 2006 and Postini blocked 47 billion spam messages, more than 320 Terabytes of spam (now that's a lot of spam). The average unprotected email user would have received 32,000 spam messages in their in-boxes so far this year. Talk about lost productivity. In fact, Nucleus research estimates unchecked spam can cost a company up to $742 per user." more»
The study, based on an analysis of more than one billion daily email messages sent to its more than 50,000 customers worldwide, found a staggering percentage of all email sent in 2007 was spam, increasing from an estimated 85 to 90 percent of email in 2006. From the report: "This growing proportion is even more significant when compared to 2004, when the federal CAN-SPAM Act, which set parameters for sending unsolicited email and defined penalties for spammers, went into effect. At that time spam was 70 percent of all email. In 2001, spam accounted for only five percent of email messages." more»
New research recently released by Dimension Data suggests that email usage has surpassed telephony as communication tool of choice in the workplace. The research surveyed 390 IT managers and 524 enterprise users across 13 countries in the United States, Asia Pacific and Europe, Middle East and Africa. According to the research, 100% of the end-users surveyed use e-mail, followed by fixed-line telephony (80%), mobile telephony (76%) and instant messaging (66%). more»
A Microsoft Patent application has just been published that goes into intricate detail about anti-phishing "predictive model" technology incorporated into Outlook and Outlook Express or providable to third-party providers. The app is entitled "Finding phishing sites." The Patent literature is arguably the most thorough description of how Microsoft email software attempts to find phish email. more»
Computer scientists, Geoff Voelker and Stefan Savage, from UC San Diego have found striking differences between the infrastructure used to distribute spam and the infrastructure used to host the online scams advertised in these unwanted email messages. This discovery is believed to help aid in the fight to reduce spam volume and shut down illegal online businesses and malware sites. While hundreds or thousands of compromised computers may be used to relay spam to users, most scams are hosted by individual Web servers. more»
A Brooklyn man has pleaded guilty today for sending spam emails to over 1.2 million AOL subscribers in a scheme that foiled the Internet company's spam-filtering system. Reuters reports: "Adam Vitale, 26, pleaded guilty in federal court in Manhattan to breaking anti-spam laws. He was caught making a deal with a government informant that sent spam e-mails advertising a computer security program in return for 50 percent of the product's profits, prosecutors said." more»
There has been unofficial announcement today that Internet Engineering Task Force (IETF) has approved DomainKeys Identified Mail (DKIM) as a proposed Internet standard, RFC 4871. ...A diverse number of organization have been reported to have played a role on moving the DKIM proposal forward including: Cisco, IBM, Earthlink, Microsoft, Spamhaus, Google, PayPal as well as FTC and the National Institute of Standards and Technology (NIST). more»
Phishing attacks have outnumbered emails infected with viruses and Trojan horse programs for the first time, according to security experts.
...The difference in the ratio of phishing to virus attacks is partly due to virus attacks becoming more targeted and no longer occurring as one large outbreak. This includes the recent Storm Worm and Warezov attacks, according to MessageLabs. more»
The IT industry will never eradicate security threats to email systems and organizations should take a holistic approach to securing their communication systems to the level where they believe risk is at a manageable state, according to panelists at this week's Inbox email conference in San Jose...
At a packed panel session on email accreditation and reputation, the panelist told audience members that reputation services have taken off rapidly. These services profile the sender's behavior to determine the likelihood that a message is legitimate or spam. The sender's reputation is determined based on multiple criteria then assigned to categories, or lists. more»
AOL is testing a program to let its members customize their AOL Mail address by using a domain name of their choice instead of the default aol.com... The move is another attempt by AOL to increase the allure of the services it provides paying customers, who have been cancelling their AOL subscriptions at an alarming rate in the past several years.
Google has been conducting a similar test on its Gmail service. more»
IT chiefs have been warned to prepare for the possibility of new corporate governance rules that would require them to keep records of voice-over-IP (VoIP) conversations alongside email, instant messaging and other forms of communication.
Speaking at the Symantec user event in San Francisco last week, Jeremy Burton, a senior vice-president at the security specialist, said, "Financial institutions in the US already need to keep voicemail because it is stored on disk. As soon as the regulators figure out that VoIP is a digital stream, they will probably try to force that to be kept as well." more»
Small businesses and consumers aren't the only ones enjoying the cost savings of switching to VoIP. According to messaging-security company Cloudmark, phishers have begun using the technology to steal personal and financial information over the phone.
Earlier this month, Cloudmark trapped an email phishing attack in its security filters that appeared to come from a small bank in a big city and directed recipients to verify their account information by dialing the included number. (The Cloudmark user who received the email and alerted the company knew it was a phishing scam, because he's not a customer at this bank.) more»
Microsoft Wednesday plans to promote adoption of the Sender ID email specification and introduce a new program for helping ISPs protect the integrity of email messages at the Email Authentication Summit in Chicago.
Citing research figures from MarkMonitor, Craig Spiezle, director of technology care and safety for Microsoft, said that Sender ID use among Fortune 500 companies has increased from 7% in July 2005 to 21%. About 32% of all e-mail sent is Sender ID compliant, added Spiezle, who plans to speak about the adoption of Sender ID at the summit. more»