BLOG

Monthly Archives: September 2014

Spamcop mail changes

Spamcop is shutting down it’s email service. While anyone could report spam using Spamcop, the system also provided users email addresses behind the Spamcop filters. This shut down should have no major impact on senders. Email addresses in use will still be accepting email, but that mail will simply be forwarded to another address, instead […]

No Comments

DMARC and report size limits

I just saw an interesting observation on the dmarc-discuss mailing list. Apparently some of the larger providers who are implementing DMARC for inbound email may not be handling some of the grubbier corners of the spec perfectly. That’s not surprising at all – early adopters tend to deploy code that implements early versions of the […]

1 Comment

What about the bots?

M3AAWG published a letter to the FCC addressing the implementation of CSRIC III Cybersecurity Best Practices (pdf link) The takeaway is that of the ISPs that contribute data to M3AAWG (37M+ users), over 99% of infected users receive notification that they are infected. I hear from senders occasionally that they are not the problem, bots […]

No Comments

B2B email filtering

I’ve written about B2B filtering in the past, but I don’t blog too much about corporate filtering overall. The reason for this is that the corporate landscape is a lot broader and less consistent than the consumer space. That makes it much more difficult to tell senders how to handle corporate filtering, because each corporation […]

1 Comment

Alice and Bob and PGP Keys

Last week Alice and Bob showed how to cryptographically sign messages so that the recipient can be sure that the message came from the purported sender and hasn’t been forged by a third party. They can only do that if they can securely retrieve the senders public key – which means they need to retrieve […]

No Comments

Think you know about deliverability?

Check out the tweets from my AMA webinar sponsored by Message Systems today. Thanks to the AMA and Message Systems for having me.

2 Comments

Reminder: AMA webinar

Today is the last day to sign up for the AMA webinar hosted by MessageSystems and listen to me talk about the future of deliverability. I hope to see you there!

No Comments

Alice and Bob Sign Messages

Alice and Bob can send messages privately via a nosy postman, but how does Bob know that a message he receives is really from Alice, rather than from the postman pretending to be Alice? If they’re using symmetric-key encryption, and Bob is sure that he was talking to Alice when they exchanged keys, then he already knows […]

No Comments

Who’s publishing DMARC?

DMARC is a way for a domain owner to say “If you see this domain in a From: header and it’s not been sent straight from us, please don’t deliver the mail”. If a domain is only used for bulk and transactional mail, it can mitigate a subset of phishing attacks without causing too many […]

4 Comments

Cryptography with Alice and Bob

Untrusted Communication Channels This is a story about Alice and Bob. Alice wants to send a private message to Bob, and the only easy way they have to communicate is via postal mail. Unfortunately, Alice is pretty sure that the postman is reading the mail she sends. That makes Alice sad, so she decides to find […]

8 Comments

Archives