With the final Industry Committee review of C-27, Canada's anti-spam legislation, set for Monday afternoon, lobby groups have been increasing the pressure all week in an effort to water down many of the bill's key protections. Yesterday, the Canadian Marketing Association chimed in with an emergency bulletin to its members calling on them to lobby for changes to the bill. While the CMA was very supportive of the bill when it appeared before the committee in June, it now wants to kill the core protection in C-27 - a requirement for express opt-in consent. more
Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. On another blog, they were commenting that various experts were claiming that this is the case. more
I recently read an interesting blog post over at Word to the Wise, about Delivery Emergencies. Laura Atkins makes the point that many email emergencies are a result of poor planning, or an error on the part of the sender... Fortunately, most people grow out of their college fraternity phase, and the same applies to most email senders. As folks become aware of industry standards and best common practices, they adapt their mailing paradigms to what is expected of them by receivers, and recipients. more
Oh, Internet. You had such potential when you were born — darling of the research community, supported by the wealthiest military the world has ever known. And you married well, into a powerful merchant family. Why are you so lost? Is it a midlife crisis? You were born, some say, 40 years ago this week in a lab at UCLA — one of ARPA's many children. It wasn't until nearly two months later that you first spoke, transmitting the letters "L" and "O" before crashing... more
A recent survey of US companies conducted by Proofpoint has found companies increasingly concerned over data leaks via emplyee misuse of email, blogs, social networks, multimedia channels and text messages. From the report: "[A]s more US companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound email (38 percent, up from 29 percent in 2008). The pain of data leakage has become so acute in 2009 that more US companies report they employ staff whose primary or exclusive job is to monitor the content of outbound email (33 percent, up from 15 percent in 2008)." more
The recent launch of Google Wave generated a lot of attention, and for good reason. It's recently crossed my path in a few different settings, and while the news is still fresh, there is a lot here for service providers to be thinking about. At a high level, Wave is Google's entry into the real time collaboration space, and being Web-based, is poised to disrupt the status quo, not just for vendors, but service providers as well. more
Average level of spam in the second quarter of 2009 has risen by 53 percent, as compared to the first quarter of this year, according to latest report from Google's email security and archiving services group, Postini. The report foresees unpredictable pattern of drops and spikes for the rest of the year... more
Spam levels have increased by 5.1% since last month, reaching heights of 90.4%, according to latest report from Symantec's MessageLabs Intelligence... The majority of this increase in spam in May was comprised of messages with very little content other than a subject line and valid hyperlink, says the report. "Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the emails were sent from valid webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains." more
The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more
Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more
Throughout this series of articles we've been talking about DKIM, and what a valid DKIM signature actually means. .. What this means for senders (of any type) is that with DKIM, you’re protected. On the internet, your domain name is a statement of your brand identity – so by signing messages with DKIM, you can finally, irrevocably tie those messages to your brand. more
Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more
Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication [PDF], which explains that authentication (DKIM) is “[a] safe means of identifying a participant-such as an author or an operator of an email service” while reputation is a “means of assessing their trustworthiness.”
more
When I was employed, I ran my own mail server and my own BlackBerry Enterprise Server, and I had things tuned pretty much exactly as I wanted them. My incoming mail got some custom processing that looked the sender's address up in my address book and assigned the message a category... I was a very happy email user. Now that I'm on my own, I've decided not to run my own server and all that software, and I've switched to Gmail and the T-Mobile BlackBerry server... Surprisingly, though, I'm mostly still happy... more
While the news will not be terribly surprising to CircleID readers, Google's latest report on the status of spam and 2009 predictions posted today, might be of particular interest due to the company's shear email processing volume at 2 billion enterprise email connections per day (drawn from company owned Postini Message Security network)... more
A World-Renowned Source for Internet Developments. Serving Since 2002.