Monthly Archives: April 2011

Security, security, security

James Hoddinott posts, over on the Cloudmark blog, about another arrest associated with hackers infecting machines with a trojan that steals personal information. There are so many security risks out there, and these messages have been hammered home recently. Home users are at risk from trojans, some spread by spam and some spread by advertising […]

No Comments

Big botnet takedown

The Department of Justice and the FBI took aggressive action against the Coreflood botnet this week. They not only seized domain names and some hardware, they also received permission to actively respond to infected machines. This TRO allows the government to intercept and respond to infected computers. This essentially cuts off the botnet at it’s […]

1 Comment

Feedback loops

There are a lot of different perspectives on Feedback Loops (FBLs) and “this is spam” buttons across the email industry. Some people think FBLs are the best thing since sliced bread and can’t figure out why more ISPs don’t offer them. These people use use the data to clean addresses off their lists, lower complaints […]


Filtering adjustments at Hotmail

I’ve been seeing a lot of discussion on various fora recently about increased delivery issues at Hotmail. Some senders are seeing more deferrals, some senders are seeing more mail in the bulk folder. Some senders aren’t seeing any changes. This leads me to believe that Hotmail made some adjustments to their filtering recently. Given some […]


Epsilon: Calm and Cool Tempered

Stefano over at translated our blog post about Epsilon into Italian: Epsilon e la sicurezza dei dati sensibili: calma e sangue freddo.

No Comments

Epsilon – Keep Calm and Carry On

There’s been a lot of media coverage and online discussion about the Epsilon data breach, and how it should be a big wake-up call to email recipients to change their behavior. There’s also been a lot of panic and finger-pointing within the email industry about What Must Be Done In The Future. Most of the […]


Real. Or. Phish? Part 2

Steve mentioned the email he received yesterday from one of the companies that was compromised by the Epsilon attack and how difficult it was to determine if this was a real email from Marriott or a phish. It’s not just over email where the companies are doing badly. Citibank appears to be attempting to notify […]

1 Comment

Real. Or. Phish?

After Epsilon lost a bunch of customer lists last week, I’ve been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen – not least because it’ll be interesting to see where this data ends up. Yesterday I got mail from Marriott, telling me […]


The weakest link

Last week there was a rather detailed post on the attack at RSA. It is well worth a read because I think many of the techniques employed in the RSA attacks have been or will be employed against ESPs. Early in the article, the author asks a question. These companies deploy any imaginable combination of […]


Time for a real security response

I’ve seen a number of people and blogs address the recent breaches at some large ESPs make recommendations on how to fix things. Most of them are so far from right they’re not even wrong. One group is pointing at consumers and insisting consumers be taught to secure their machines. But consumers weren’t compromised here. […]