Lavabit and darkmail

The M3AAWG keynote address today was a talk from Ladar Levinson about the shut down of Lavabit mail service after receiving demands from the NSA to hand over their SSL keys.
@maawg tweeted different quotes from the session. There is a conflict between privacy and security, and these are questions we need to resolve.
Ladar talked about his potential new service called darkmail, which pushes encryption back to the user level. I think there is relevance to this, as many online services are used for political and other organizing. As someone said to me last night, some of the people using our service could be killed if we don’t protect their privacy. He wasn’t speaking of the US residents, but people in places like Ukraine or Arab countries or other places undergoing violent revolutions.
Privacy is important, how we treat privacy is important. Handing over SSL keys to governments strikes me as a big problem.

Brian Krebs wins the Mary Litynski award
So much to write about

Related Posts

M3AAWG conference next week

Next week is M3AAWG 30 in San Francisco. We’ll be there and are very excited to see the familiar faces and meet new people.
I recently had someone ask me what would I recommend to someone going to their first M3AAWG conference. My recommendation to anyone in the sender or marketer space is to go to some of the talks that are not about email delivery. Go to the sessions that talk about malware or SMS or anything other than just email delivery. For anyone in the ISP space go to a session focused on mobile or email sending. Use this time to learn about something totally different than what you do every day.
Another question I get frequently from senders is if the people from the ISPs are open to sitting down and talking with senders about the senders’ email problems. Generally, the answer is no. Most of the time, the ISP has no knowledge of who you are and what mail you’re sending, so all they can say is “send me an email with the IPs and I’ll take a look at it.” That’s it.
We’ll be in the city starting Monday afternoon, and I always enjoy meeting readers. Stop by and introduce yourself.

Read More

MAAWG: Just keeps getting better

Last week was the 22nd meeting of the Messaging Anti-Abuse Working Group (MAAWG). While I am prohibited from talking about specifics because of the closed door nature of the group, I can say I came out of the conference exhausted (as usual) and energized (perhaps not as usual).
The folks at MAAWG work hard and play even harder.
I came away from the conference feeling more optimistic about email than I have in quite a while. Not just that email is vital and vibrant but also that the bad guys may not be winning. Multiple sessions focused on botnet and crime mitigation. I was extremely impressed with some of the presenters and with the cooperation they’re getting from various private and public entities.
Overall, this conference helped me to believe that we can at least fight “the bad guys” to a draw.
I’m also impressed with the work the Sender SIG is doing to educate and inform the groups who send bulk commercial messages. With luck, the stack of documents currently being worked on will be published not long after the next MAAWG conference and I can point out all the good parts.
There are a couple specifics I can mention. One is the new list format being published by Spamhaus and SURBL to block phishing domains at the recursive resolver. I blogged about that last Thursday. The other bit is sharing a set of security resources Steve mentioned during his session.
If your organization is fighting with any messaging type abuse (email, social, etc), this is a great place to talk with people who are fighting the same sorts of behaviour. I do encourage everyone to consider joining MAAWG. Not only do you have access to some of the best minds in email, but you have the opportunit to participate in an organization actively making email, and other types of messaging, better for everyone.
(If you can’t sell the idea of a MAAWG membership to your management or you’re not sure if it’s right for you, the MAAWG directors are sometimes open to allowing people whose companies are considering joining MAAWG to attend a conference as a guest. You can contact them through the MAAWG website, or drop me a note and I’ll make sure you talk with the right folks.)
Plus, if you join before October, you can meet up with us in Paris.

Read More

Can I join…

On a post from earlier this week, John asks about joining the blocklist doc I mentioned. This is actually a document coming out of M3AAWG and you must be a member of M3AAWG to participate. If you are a member, you can log into the website and join the working group.
This document will be made available to the public once the membership and the board approves it.

Read More