2018 JD Falk Award … a mailing list

It’s M3AAWG time. Even though we’re not there, I’m getting regular updates from friends and colleagues who are there. Yesterday, was the presentation of the 2018 JD Falk award. The award recognises “a particularly meritorious project undertaken by a dedicated individual or group reflecting the spirit of volunteerism and community building.” In this case, the award went to a group of people on the “BEC mailing list.”

BEC stands for Business Email Compromise (I had to look it up, now you don’t have to). According to  M3AAWG:

The Business Email Compromise List deals with a broad assortment of criminal activity and deceptive emails, often described as “Nigerian” schemes, that use phishing and fake social media activities to attract victims. By sharing information and expertise, they have blocked spoofed emails and malware; tracked real estate, romance, IRS, W2 and lottery schemes; and identified the money “mules” used to transfer illicit funds. BEC fraud accounts for more than $12 billion in losses globally and threatens users in 150 countries, according to the FBI’s IC3 (Internet Crime Complaint Center).

Congratulations to all the participants who work tirelessly to make the internet safer for businesses and consumers.

The group does have a video describing some of what they do.

I’m sure almost every field has these types of small, private, invite only lists that allow diverse groups of experts to collaborate and share information in a (mostly) secure environment. In many cases, this is good. Groups of smart, concerned people step up and collaborate to catch criminals and prevent bad behaviour. They do so because it’s the right thing to do. They’re not looking for praise or public adulation. Participation is often simply because this thing is a problem and they have the knowledge and ability to help solve the problem.

Fun with spam filters
Company responsibility and compliance

Related Posts

2016 J.D. Falk Award

André Leduc received the 2016 J.D. Falk award this week at the Paris meeting of M3AAWG. He was recognized for spearheading two distinct projects.
The first was the Operation Safety Net – Best Practices to Address Online, Mobile, and Telephony Threats  This 76 page report was written by global security experts. One of the major goals of the report was to discuss security in language accessible to policy makers and management. The report, newly updated in 2015, is available at the M3AAWG website. Making technical language accessible is, to my mind, one of the most important parts of getting security recommendations implemented.
In addition to his work in making security recommendations accessible, André was the lead architect behind the Canadian Anti-Spam Legislation. This legislation has greatly reduced the amount of spam received by Canadians. According to Leduc, CASL has improved permission practices by senders outside of Canada.
Congratulations to André.

Read More

October 2016: The Month in Email

We’ve returned from London, where I spoke at the Email Innovations Summit and enjoyed a bit of vacation. My wrap-up post also mentions an article I wrote for the Only Influencers site, which looks at questions I get asked frequently: “Why does spam make it to the inbox and our legitimate marketing email doesn’t? Should we just copy their tactics?”
Parliament2ForBlog
In industry news, Yahoo caught our attention for two surprising moves: disabling forwarding and — much more disturbing — creating software for intelligence agencies to search customer email.
Some legal updates this month: The Second Court of Appeals upheld an earlier ruling that companies are in fact liable for the activities of their affiliates, including spam and fraudulent claims. This is important, as we often see spammers and cybercriminals use affiliates to distance themselves from these activities. We also saw another fine assessed for a violation of CASL, and noted with appreciation the transparency and thoughtful process that the Canadian Radio-television and Telecommunications Commission (CRTC) demonstrates in explaining their actions.
Another excellent report is the one created by the Exploratorium to explain their recent experience with being phished. It’s a good piece to share with your organization, in that it reminds us that these cybercriminals are exploiting not just our technology but our trust-based connections to our friends and colleagues. It’s important to raise awareness about social engineering as a part of information security. And speaking of email security, we were delighted to note that André Leduc received the 2016 J.D. Falk award this month at M3AAWG for his excellent work on this topic. It’s a fitting legacy to our friend, J.D., who died five years ago this month. We miss him.
Finally, we’d be remiss in observing Halloween without a post about zombies. Feel free to read it aloud in your spookiest voice.

Read More

Yahoo disabled forwarding

Al posted about this over on his blog earlier this week. Yahoo has disabled the ability to forward email from one Yahoo account to an email account on a different system.
There is, of course, all sorts of speculation as to why forwarding has been disabled including speculation this has to do with holding on to accounts during the Verizon purchase. It’s certainly possible this is the case.
However, forwarding email is hard. Forwarding email on a large scale can result in spam blocks and delivery problems. It’s such an issue M3AAWG published a forwarding best practices document. It’s possible that Yahoo is making some changes on the back end to better implement the best practice recommendations. I don’t know, but it’s possible that Yahoo is telling the truth that they’re improving technology.

Read More