ArchiveSeptember 2014

Spamcop mail changes

Spamcop is shutting down it’s email service. While anyone could report spam using Spamcop, the system also provided users email addresses behind the Spamcop filters. This shut down should have no major impact on senders. Email addresses in use will still be accepting email, but that mail will simply be forwarded to another address, instead of users being able to access it through POP or...

DMARC and report size limits

I just saw an interesting observation on the dmarc-discuss mailing list. Apparently some of the larger providers who are implementing DMARC for inbound email may not be handling some of the grubbier corners of the spec perfectly. That’s not surprising at all – early adopters tend to deploy code that implements early versions of the draft specification – but I can see this...

What about the bots?

M3AAWG published a letter to the FCC addressing the implementation of CSRIC III Cybersecurity Best Practices (pdf link) The takeaway is that of the ISPs that contribute data to M3AAWG (37M+ users), over 99% of infected users receive notification that they are infected. I hear from senders occasionally that they are not the problem, bots are the problem and why isn’t anyone addressing bots...

B2B email filtering

I’ve written about B2B filtering in the past, but I don’t blog too much about corporate filtering overall. The reason for this is that the corporate landscape is a lot broader and less consistent than the consumer space. That makes it much more difficult to tell senders how to handle corporate filtering, because each corporation is different. But as I think I about it, I realize...

Alice and Bob and PGP Keys

Last week Alice and Bob showed how to cryptographically sign messages so that the recipient can be sure that the message came from the purported sender and hasn’t been forged by a third party. They can only do that if they can securely retrieve the senders public key – which means they need to retrieve it from the actual sender, rather than an impostor, and be sure it’s not...

Reminder: AMA webinar

Today is the last day to sign up for the AMA webinar hosted by MessageSystems and listen to me talk about the future of deliverability.
I hope to see you there!

Alice and Bob Sign Messages

Alice and Bob can send messages privately via a nosy postman, but how does Bob know that a message he receives is really from Alice, rather than from the postman pretending to be Alice? If they’re using symmetric-key encryption, and Bob is sure that he was talking to Alice when they exchanged keys, then he already knows that the mail is from Alice – as only he and Alice have the keys...

Who's publishing DMARC?

DMARC is a way for a domain owner to say “If you see this domain in a From: header and it’s not been sent straight from us, please don’t deliver the mail”. If a domain is only used for bulk and transactional mail, it can mitigate a subset of phishing attacks without causing too many problems for legitimate email. In other cases, it can cause significant problems. Some of...

Cryptography with Alice and Bob

Untrusted Communication Channels This is a story about Alice and Bob. Alice wants to send a private message to Bob, and the only easy way they have to communicate is via postal mail. Unfortunately, Alice is pretty sure that the postman is reading the mail she sends. That makes Alice sad, so she decides to find a way to send messages to Bob without anyone else being able to read them. Symmetric...

Recent Posts

Archives

Follow Us