BLOG

Monthly Archives: April 2011

Defending against the hackers of 1995

Passwords are convenient for the end user, but it’s too easy to lose control of them. People share them with other people. People write them down, where they can be read. People send them in email, and that email is easily intercepted. People’s web browsers store the passwords, so they can log in automatically. Worst […]

1 Comment

What is Two Factor Authentication?

Two factor authentication, or the snappy acronym 2FA, is something that you’re going to be hearing a lot about over the next year or so, both for use by ESP employees (in an attempt to reduce the risks of data theft) and by ESP customers (attempting to reduce the chance of an account being misused […]

1 Comment

Auto-acks don’t create a contract

From Eric Goldman’s blog Acknowledging Receipt of an Email Doesn’t Form a Contract–Stebbins v. Wal-Mart. I know a number of people who have tried the “if you do X, we will have a contract” trick and it’s nice to see the courts pointing out how silly this is.

No Comments

Security framework document published

The Online Trust Alliance has published a security framework for ESPs. Overall, I think it’s a useful starting point. I don’t agree with all of their suggestions. Some of them are expensive and provide little increase in security. While others decrease security, like the suggestion to force regular password changes. I think the most important […]

No Comments

Setting expectations at the point of sale

In my consulting, I emphasize that senders must set recipient expectations correctly. Receiver sites spend a lot of time listening to their users and design filters to let wanted and expected mail through. Senders that treat recipients as partners in their success usually have much better email delivery than those senders that treat recipients as […]

No Comments

You’ve got to be kidding me

Earlier this week I received an email to a work address I retired 4 or 5 years ago. The from and subject lines alone were enough to make me laugh and decide I had to blog about this particular spammer. From:     TargetRight Marketing <> Subject:     Webinar: Top 10 Mistakes to Avoid When Renting […]

1 Comment

You can’t always get what you want

It’s a problem anyone who has done any delivery work has faced. There’s a client who is having blocklist problems or ISP delivery problems and they won’t pay any attention to what you say. They insist that you talk to the blocklist or the ISP or hand over contacts directly so they can “dialog with” […]

1 Comment

Holomaxx status

Just for completeness sake, Holomaxx did also file an  amended complaint against Microsoft. Same sloppy legal work, they left in all the stuff about Return Path even though Return Path has been dropped from the suit. They point to a MAAWG document as a objective industry standard when the MAAWG document was merely a record […]

9 Comments

Amendment is futile, part 2

When Yahoo filed for dismissal of the Holomaxx complaint, they ended the motion with “Amendment would be futile in this case.” The judge granted Yahoo’s motion but did grant Holomaxx leave to amend. Holomaxx filed an amended complaint earlier this month. The judge referenced a couple specific deficiencies of Holomaxx’s claims in his dismissal. Holomaxx […]

3 Comments

Another security problem

I had hoped to move away from security blogging this week and focus on some other issues. But today I see that both CAUCE and John Levine are reporting that there is malware spam coming from a Cheetahmail customer. Looking at what they shared, it may be that Cheetahmail has not been compromised directly. Given […]

1 Comment
  • AOL compromise

    Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn't provided any information as of yet as to what is going on.4 Comments


  • ReturnPath on DMARC+Yahoo

    Over at ReturnPath Christine has an excellent non-technical summary of the DMARC+Yahoo situation, along with some solid recommendations for what actions you might take to avoid the operational problems it can cause.No Comments


  • AOL problems

    Lots of people are reporting ongoing (RTR:GE) messages from AOL today.  This indicates the AOL mail servers are having problems and can't accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren't functioning as well as they should be and so AOL can't accept all the mail thrown at them. These types of blocks resolve themselves. 1 Comment


Archives