OTA joins the ISOC

The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella.
“The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.

Related Posts

Security, safety and the cavalry

In some ways it’s been really hard to focus on email for the last few months. There are so many more important issues in the world. Terrorism, Brexit, the US elections compromised by a foreign government, nuclear threats from multiple countries, the repeal of ACA, mass deportations and ICE raids here in the US.  I find myself thinking about what to blog. Then I glance at the news and wonder if there’s any value in another blog post about deliverability.
Generally I’ve tried to keep politics and world events mostly off the blog. But sometimes events are such that I need to talk about them.
Last October I had the chance to speak at the Email Innovations Summit in London. Steve and I took the chance to spend some time doing tourist things in London – including a photo walk along the Thames.

As an American I’m always a little surprised by the security in London. I grew up a few miles outside of DC. I could talk about prohibited airspace and security measures before I was 10. London is so much more open than even the DC of my youth. The surprise there is that London has been a much bigger target and attacked more than any city in the US.
The last few times we were in London I noticed a bit more visible security. In 2013 it was armed security walking through Tube stations. Last year it was Underground trains that were one long car. They were a bit weird and visually disconcerting. The part that really made me think, though, was this was a way to stop people hiding explosives between cars and to facilitate evacuations if something happened.
Last night Steve and I were talking and I mentioned the attack in London didn’t seem like terrorism to me. And it didn’t, not really. He then pointed out that explosives and guns are difficult to come by in the UK and this was classic terrorism. Oh. Sometimes our cultural differences come out in the strangest places.
Thinking about bigger issues like this make it hard to focus on email. There’s a regularly shared joke in deliverability, “There’s no such thing as a deliverability emergency.” And there isn’t, not really. Yes, even if a whole range of IPs is listed on Spamhaus, it’s still not an emergency and there’s no fast response team to deal with it.
There are abuse issues that are higher stakes than getting to the inbox. Child abuse materials. Harassment. Privacy issues. Terror threats. Every online services company, particularly the social media companies, have to deal with these kinds of things. Many of them are dealing poorly. Others have employees who are doing their best, but lack the tools, support, and training to do it well. Many companies don’t understand why they need to police their customer base.
The reality is, though, that abuse on the net (as opposed to abuse of the net) is a huge issue that needs to be dealt with. These are not small issues. The Internet is global and there’s no internet police. Law enforcement in different jurisdictions have to work together with technology experts to address crime and harassment on the internet.
It may surprise you to hear that the people who create spam filters and try and protect your inbox are the same people who fight crime on the internet. Spam and email are a vital part of online crime, so it falls on the abuse team to work with and educate law enforcement about tracing the source of email. The people you never see in ops, and abuse and support are vital to protecting folks online.
During the closing talk at MAAWG the chair was discussing how we can protect our online spaces. He stated “There is no cavalry; no second wave. It’s us or no one.” That’s a huge thing. My friends and colleagues are the people who stand protecting users online. It feels like a huge burden, but it’s something we can do to make the world a better and safer place.
 
 

Read More

October 2016: The Month in Email

We’ve returned from London, where I spoke at the Email Innovations Summit and enjoyed a bit of vacation. My wrap-up post also mentions an article I wrote for the Only Influencers site, which looks at questions I get asked frequently: “Why does spam make it to the inbox and our legitimate marketing email doesn’t? Should we just copy their tactics?”
Parliament2ForBlog
In industry news, Yahoo caught our attention for two surprising moves: disabling forwarding and — much more disturbing — creating software for intelligence agencies to search customer email.
Some legal updates this month: The Second Court of Appeals upheld an earlier ruling that companies are in fact liable for the activities of their affiliates, including spam and fraudulent claims. This is important, as we often see spammers and cybercriminals use affiliates to distance themselves from these activities. We also saw another fine assessed for a violation of CASL, and noted with appreciation the transparency and thoughtful process that the Canadian Radio-television and Telecommunications Commission (CRTC) demonstrates in explaining their actions.
Another excellent report is the one created by the Exploratorium to explain their recent experience with being phished. It’s a good piece to share with your organization, in that it reminds us that these cybercriminals are exploiting not just our technology but our trust-based connections to our friends and colleagues. It’s important to raise awareness about social engineering as a part of information security. And speaking of email security, we were delighted to note that André Leduc received the 2016 J.D. Falk award this month at M3AAWG for his excellent work on this topic. It’s a fitting legacy to our friend, J.D., who died five years ago this month. We miss him.
Finally, we’d be remiss in observing Halloween without a post about zombies. Feel free to read it aloud in your spookiest voice.

Read More

November 2016: The Month In Email

Happy December! Between #blackfriday, #cybermonday & #givingtuesday, pretty much everyone in the US has just survived a week of email from every brand and organization they’ve ever interacted with. Phew.
TurkeysforBlog
Is this still the best strategy for most senders? Maybe. But it’s always important to be adaptable and continue to evaluate and evolve your strategy as you move through the year.
As always, I continue to think about evolving our own strategies, and how we might best support senders and ESPs. One of the challenges we face when we talk to senders with deliverability questions is that so many of our answers fall into a nebulous “it depends” zone. We’re trying to articulate new ways to explain that to people, and to help them understand that the choices and details they specify at each point of their strategic planning and tactical execution have ramifications on their delivery. While “it depends” is still a correct answer, I’m going to try to avoid it going forward, and instead focus on exploring those choices and details with senders to help them improve deliverability.
In our community of deliverability and anti-abuse professionals, we are — as you’d expect — quite sensitive to unsolicited email that targets our industry. When an email circulates, even what seems like a reasonably well-thought-out email, it occasionally does not land well. Worse still are the various email-related product and service providers who try to legitimize B2B sales messaging as if it is something other than spam.
The takeaway from these discussions for senders is, as always: know your audience. This post about research from Litmus on millennials and spam is a great example of the kinds of things you might consider as you get to know your audience and how they prefer to communicate.
We also had a presidential election this month, one that made much of issues related to email, and it will be interesting to see how the candidates and parties use the email data they collected going forward.
In industry and security news, we saw over a million Google accounts breached by Android malware. We also saw some of the ramifications of a wildcard DNS entry from a domain name expiration — it’s an interesting “how things work” post if you’re curious. In other “how things work” news, we noted some of the recent changes AOL made to its FBL.
I answered an Ask Laura question about dedicated IP pools, and I have a few more queued up as well. As always, we want to know what questions are on the minds of our readers, so please feel free to send them over!

Read More