BLOG

Yearly Archives: 2018

Your idea will not work. Here is why it won’t work.

Matthew Green reminded me of an old bit of spam lore. It’s a canned response to someone’s New and Awesome and entirely unoriginal Final Ultimate Solution to the Spam Problem. It originated on the news.admin.net-abuse.email newsgroup, I think, maybe twenty years ago? While one or two details have changed it’s still applicable to most of […]

2 Comments

The Problem With Affiliates (2)

On Friday I mentioned spam coming from a BarkBox affiliate programme. The original email is here. It’s not terribly exciting, it’s rather typical spam of the sort sent by professional spammers. It’s validly DKIM and SPF authenticated, and DMARC-aligned. It includes invisible white-on-white padding text so that it doesn’t look like image-only spam to naive […]

1 Comment

The Problem With Affiliates

If I see BarkBox I think Spam. That’s because, despite their marketing team effort, facebook and banner ad budget, the main place I see them advertised is via spam in my mailbox. It’s not even good spam. There’s quite a lot of it. Most of it looks much the same, other than the spammer randomizing […]

2 Comments

Reading RFCs

We mention RFCs quite a lot, both explicitly (RFC 6376 is the specification for DKIM) and implicitly (the 822.From aka bounce address aka return path). And we have local copies of a bunch of them to make them easy to refer to (SMTP, MIME, Carrier Pigeons …). They use quite a lot of jargon and […]

No Comments

Wildfires and deliverability

A few weeks ago we took a drive down I5 to attend a service at Bakersfield National Cemetery. Amid the acres and acres of almond farms there were patches of black from recent grassfires. Typical but boring California landscape. Wildfires are a hugely destructive but continual threat in California. Growing up on the east coast, I […]

1 Comment

Microsoft using Spamhaus Lists

An on the ball reader sent me a note today showing a bounce message indicating microsoft was rejecting mail due to a Spamhaus Blocklist Listing. 5.7.1 Client host [10.10.10.10] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (S3130). [VE1EUR03FT043.eop-EUR03.prod.protection.outlook.com] The IP in question is listed on the CSS, which means at a […]

No Comments

Minimal DMARC

The intent of DMARC is to cause emails to silently vanish. Ideally deploying DMARC would cause all malicious email that uses your domain in the From address, but which has absolutely nothing to with you to vanish, while still allowing all email you send, including mail that was sent through third parties or forwarded, to […]

2 Comments

Unsubscribe means unsubscribe

But, unfortunately, some senders don’t actually think unsubscribe means stop sending mail. Today, for instance, the nice folks at The Container Store sent me an email with an “important update to my POP! account” Yes, that’s an address I gave them. But I don’t have any record of setting up an account. I was on […]

No Comments

Consent must be informed

In the deliverability space we talk about permission and consent a lot. All too often, though, consent is taken not given. Marketers and senders assume they have permission to send email, while the recipient is left expecting no email. There are different ways that companies assume permission. A favorite is to hide the permission deep […]

No Comments

What is spearphishing?

As I’m writing this, I’m watching Deputy Atty General Rod Rosenstein discuss the indictments of 12 Russian military officers for hacking activities during the 2016 election cycle. One of the methods used to gain access to systems was spearphishing. I think most of us know what phishing is, sending lots of emails to a wide […]

No Comments