-
Blogs
-
News
-
Industry
-
Community
-
Topics
It shouldn't be a big surprise to hear that phishing is a big problem for banks. Criminals send email pretending to be a bank, and set up web sites that look a lot like a bank. One reason that phishing is possible is that e-mail has no built in security, so that if a mail message comes in purporting to be from, say, accounts@bankofamerica.com, there's no easy way to tell whether the message is really from bankofamerica.com, or from a crook. more»
There has been a lot of recent discussions and questions about reputation, content and delivery of email. I started to answer some of them, and then realized there weren't any basic reference documents I could refer to when explaining the interaction. So I decided to write some. This post is about IP address reputation with some background on why IPs are so important and why ISPs focus so heavily on the sending IP. more»
While Canada was dragging the chain when it came to introducing anti-spam legislation, it is now making up for lost time. Ottawa's new law -- expected to be operational early this year -- has severe fines for violations and is viewed by some as too tough. Known as CASL, the new law aims to crack down on spammers and mailing list companies but in doing so, tightly regulates the way businesses can market to prospective customers via email and online. more»
In my last post I blogged about greylisting, a well-known anti-spam technique for rejecting spam sent by botnets. When a mail server receives a an attempt to deliver mail from an IP address that's never sent mail before, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail senders always retry, badly written spamware often doesn't. I found that even though everyone knows about greylisting, about 2/3 of IPs don't successfully retry. more»
Since November of last year we have been discussing the problem of illicit and illegal online pharmacy support by ICANN-accredited Registrars. In several articles and direct contact with the Registrars we have tirelessly tried to convey the seriousness of this problem, many listened, some did not... With the background information already known, the case presented here is much more specific and concerns EvaPharmacy, which was until recently, the world's largest online criminal pharmacy network. more»
There's a pernicious meme floating around that DomainKeys Identified Mail (DKIM) doesn't work with discussion lists, particularly those hosted on common open source software packages like MailMan. It's particularly odd to see this claim after I set it up successfully on a stock Debian server in less than half an hour, just a few weeks ago. Here's how it can, should, and does work. more»
The best part is ... this isn't one of those 'now that I've got your attention' tricks, like one of those old "free beer" posters; there really is a ton of stuff happening above the 49th parallel this summer. To begin with, as a precursor to Canada's Anti-spam Law coming into effect later this year, the Office of the Privacy Commissioner, the Canadian Radio-television Telecommunications Commission, and Industry Canada have all issued regulations, the latter two in draft form with an RFC. more»
In our last instalments we discussed the various ways to encode non-ASCII character sets, of which UTF-8 is the winner, and some complex approaches that tried to make UTF-8 mail backward compatible with ASCII mail. After years of experiments, the perhaps surprising consensus is that if you're going to do international mail, you just do it. more»
As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more»
Email is a complex service and email abuse adds confusing deceptions. Worse, like postal mail and even telephone service, Internet mail is inherently open, flexible and even anonymous, making things much easier for abusers. Bad actors hide their true identity and their true purpose. Most other communication tools for users also are also quite open, and problems with email are being replicated elsewhere, such as instant messaging and social media. more»
In Taking Back The DNS I described new technology in ISC BIND as of Version 9.8.0 that allows a recursive server operator to import DNS filtering rules in what ISC hopes will become the standard interchange format for DNS policy information. Later I had to decry the possible use of this technology for mandated content blocking such as might soon be the law of the land in my country. I'm a guest at MAAWG this week in San Francisco and one of the most useful hallway discussions I've been in so far was about the Spamhaus DROP list. more»
I'm a guest at the MAAWG conference in San Francisco this week and several people have now mentioned to me the problem and the opportunity of anti-spam e-mail filtering for IPv6. Tomorrow is World IPv6 Day but since a bunch of the pieces have clicked together in my head I'll post this a day early. more»
As new Top-Level Domains (TLDs) are launched, the industry mustn't overlook the customer experience. A key question is this: Will the software applications we all use, recognize the new TLDs and know what to do with them in a timely fashion? Think email and even form-fill applications. I speak from experience here. In 2006 when we launched the .MOBI TLD, there were arguably only a handful of .MOBI email addresses in existence. To my dismay, I found that often emails sent only from my .MOBI account were not being received at the other end... more»
Anyone who has been watching the technology industry for more than a couple of years quickly learns to recognize FUD: Fear, Uncertainty and Doubt. FUD is (apparently) widely believed to be an effective marketing technique, especially when it comes to security, privacy, or scarcity. But the FUD often falls flat. Scarcity, in particular, is rare on the internet -- even rarer than privacy or security. There's constant FUD about scarcity of bandwidth, but the pipes get upgraded. Attempts to impose artificial scarcity through paywalls or other devices inevitably fail in the face of free alternatives. Even the scarcity of IPv4 addresses, which have indeed run out at the top, hasn't affected end users at the bottom yet -- and probably won't, for a long time. more»
At the ENISA presentation on her botnet report at eco in Cologne, 9 and 10 March, one of the slots was dedicated to threats to the mobile environment. The message I was supposed to come home with was: we can still count the numbers of mobile viruses manually, <600; the problem will never be the same as on a fixed network as traffic is monitored and metered: We detect it straight away. We are studying the problem seriously. Are mobile operators really prepared for what is coming? more»
