BLOG

Monthly Archives: September 2014

Spamcop mail changes

Spamcop is shutting down it’s email service. While anyone could report spam using Spamcop, the system also provided users email addresses behind the Spamcop filters. This shut down should have no major impact on senders. Email addresses in use will still be accepting email, but that mail will simply be forwarded to another address, instead […]

No Comments

DMARC and report size limits

I just saw an interesting observation on the dmarc-discuss mailing list. Apparently some of the larger providers who are implementing DMARC for inbound email may not be handling some of the grubbier corners of the spec perfectly. That’s not surprising at all – early adopters tend to deploy code that implements early versions of the […]

1 Comment

What about the bots?

M3AAWG published a letter to the FCC addressing the implementation of CSRIC III Cybersecurity Best Practices (pdf link) The takeaway is that of the ISPs that contribute data to M3AAWG (37M+ users), over 99% of infected users receive notification that they are infected. I hear from senders occasionally that they are not the problem, bots […]

No Comments

B2B email filtering

I’ve written about B2B filtering in the past, but I don’t blog too much about corporate filtering overall. The reason for this is that the corporate landscape is a lot broader and less consistent than the consumer space. That makes it much more difficult to tell senders how to handle corporate filtering, because each corporation […]

1 Comment

Alice and Bob and PGP Keys

Last week Alice and Bob showed how to cryptographically sign messages so that the recipient can be sure that the message came from the purported sender and hasn’t been forged by a third party. They can only do that if they can securely retrieve the senders public key – which means they need to retrieve […]

No Comments

Think you know about deliverability?

Check out the tweets from my AMA webinar sponsored by Message Systems today. Thanks to the AMA and Message Systems for having me.

2 Comments

Reminder: AMA webinar

Today is the last day to sign up for the AMA webinar hosted by MessageSystems and listen to me talk about the future of deliverability. I hope to see you there!

No Comments

Alice and Bob Sign Messages

Alice and Bob can send messages privately via a nosy postman, but how does Bob know that a message he receives is really from Alice, rather than from the postman pretending to be Alice? If they’re using symmetric-key encryption, and Bob is sure that he was talking to Alice when they exchanged keys, then he already knows […]

No Comments

Who’s publishing DMARC?

DMARC is a way for a domain owner to say “If you see this domain in a From: header and it’s not been sent straight from us, please don’t deliver the mail”. If a domain is only used for bulk and transactional mail, it can mitigate a subset of phishing attacks without causing too many […]

4 Comments

Cryptography with Alice and Bob

Untrusted Communication Channels This is a story about Alice and Bob. Alice wants to send a private message to Bob, and the only easy way they have to communicate is via postal mail. Unfortunately, Alice is pretty sure that the postman is reading the mail she sends. That makes Alice sad, so she decides to find […]

8 Comments
  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments


  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment


  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments


Archives