One of the big trends this year is spear phishing. These are phish attacks that are frequently (though not always) against high profile users. The purpose of these attacks is to steal sensitive data or get elevation of privilege inside the service by exploiting a software vulnerability within the user's computer that transmits usernames and passwords back to the phisher. more»
The chart in this post shows the amount of inbound mail that we see, both spam and non-spam, over the past three and a half years. You can see in the above that the amount of good mail that we see has continued to increase over time. This is because of an increased customer base, not because the total amount of good mail worldwide has gone up... However, the amount of spam has plummeted from 23,000 in mid 2010 to 5000 now, a drop of over 75%. The contrast couldn't be starker -- spammers are not spamming as much anymore. It almost looks like the battle against spam is almost over. What's still left to do? more»
I visited Judge Fogel's courtroom this morning to listen to the oral motions in the Holomaxx cases. This is a general impression, based on my notes. Nothing here is to be taken as direct quotes from any participant. Any errors are solely my own. With that disclaimer in mind, let's go. more»
The best part is ... this isn't one of those 'now that I've got your attention' tricks, like one of those old "free beer" posters; there really is a ton of stuff happening above the 49th parallel this summer. To begin with, as a precursor to Canada's Anti-spam Law coming into effect later this year, the Office of the Privacy Commissioner, the Canadian Radio-television Telecommunications Commission, and Industry Canada have all issued regulations, the latter two in draft form with an RFC. more»
Last week, Synacor joined other major mailbox providers by introducing a complaint feedback loop service -- powered by ReturnPath. This increases the number of public complaint feedback loops available today across the internet. more»
As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more»
URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things... Making URLs shorter was their original role, and it's why they're so common in media where the raw URL is visible to the recipient -- instant messaging, twitter and other microblogs, and in plain text email where the "real" URL won't fit on a single line. From the moment they were invented they've been used to trick people to click on links to pages they'd rather not visit... more»
Since its launch in October, 2004 Project Honey Pot has made some interesting progress in their war against spam email. The project is a distributed system used to identify spammers and spambots operating across the Internet. To put it simply, Project Honey Pot lays millions of traps around the Internet (66,393,293 as of this writing) baited with specific email addresses that are configured to forward received emails to the Project Honey Pot system. Since these are not email addresses used by real individuals virtually every email received is positively identified as spam. more»
Ever since I heard of the new generic Top-Level Domains (gTLDs), I wondered whether they would be prone to abuse. For example, Microsoft might want to register www.microsoft.microsoft, or Sony might want to register www.sony. But isn't this opening up the floodgates for spammers to register their own domains and squat on them? Why couldn't a spammer register www.cit.ibank? They could then send phishing messages and fool people into clicking very legitimate looking domains. But I don't think this will be a problem. more»
Gradually it seems the word is spreading about a new blocking methodology to interrupt the ability of end users to click and visit phishing sites - thereby having their personal information/credentials at risk. This is the DNS Response Policy Zones. DNS RPZs allows companies that run recursive resolvers to create a zone that will not resolve specific domains. more»
