Tools aren’t a luxury

I was on the phone with a colleague recently. They were talking about collecting a bit of data over the weekend and mentioned how great it was they had the tools to be able to do this. Coincidentally, another colleague mentioned that when the subscription bombing happened they were able to react quickly because they had a decent tool chain. I’ve also been working with some clients who are dealing with compliance issues but don’t have the tools they need.

Internal tools, particularly those for deliverability and compliance, are seen as luxuries. They’re not that necessary and they’ll get done when there is time. This attitude is wrong.

Look at how ESPs responded to the subscription bombing problem. Some of them had good tools in place and were able to address the problem and limit the damage within hours of understanding the problem. Others needed to cobble together tools and access to even get a handle on the issue. It took them much longer to get delisted.

One of the bigger complaints I hear from colleagues is they don’t have tools they need. Now, I’m not saying that every deliverability and compliance team needs their own developer, although some do. But they do need access to internal dev resources so they can build up a suite of tools they can use to address emergent threats.

Related Posts

Zoho, phishing and who’s next?

ZDnet reports that Zoho’s problems with phishing aren’t over. Their report states that Zoho is being used as a pipeline to exfiltrate data from phished accounts.

Read More

Spamhaus DBL

Over the last few months I’ve gotten an increasing number of questions about the Spamhaus DBL. So it’s probably time to do a blog post about it.

Read More

Microsoft using Spamhaus Lists

An on the ball reader sent me a note today showing a bounce message indicating microsoft was rejecting mail due to a Spamhaus Blocklist Listing.
5.7.1 Client host [10.10.10.10] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (S3130). [VE1EUR03FT043.eop-EUR03.prod.protection.outlook.com]
The IP in question is listed on the CSS, which means at a minimum Microsoft is using the SBL. I expect they’re actually using the ZEN list. ZEN provides a single lookup for 3 different lists: the SBL, XBL and PBL. The XBL is a list of virus infected machines and the PBL is a list of IPs that the IP owners state shouldn’t be sending email. Both of these lists are generally safe to use. If MS is using the SBL, it’s very likely they’re using the other two as well.
 

Read More