BLOG

Author: steve

Spam, campaign statistics and red flag URLs

It’s not often spammers send me their campaign statistics, but on Tuesday one did. The spam came “from” news@udemy.com, used udemy.com in the HELO and message-ids and, sure enough, was advertising udemy.com:   Received: from udemy.com (unknown [198.20.115.217]) by … From: Udemy <news@udemy.com> Subject: The Photoshop Secret – Master Adobe Photoshop like a Pro! Message-ID: <20160706031012.1E35F28A6B081174@udemy.com> […]

No Comments

About the Hillary Clinton email server thing…

I was going to say something about the issue with Hillary Clinton using an email server provided by her own staff for some of her email traffic, rather than one provided by her employer, but @LaneWinree already wrote pretty much what I’d have written, just better than I would have done. So, I guarantee this is exactly […]

19 Comments

Comodo, TLS certificates and business ethics

We run a lot of our own infrastructure at Word to the Wise. Our email and web presence runs on our own hardware, in our own cabinet in our own network space. Partly that’s because we’re all from very technical backgrounds, and can run them in a way that’s better suited to our needs than […]

2 Comments

Domain transparency

An email I received this morning got me thinking about how your domain name is one of the main ways you identify yourself if you’re sending email. We talk about domain reputation quite a lot – DKIM and SPF let a sender volunteer a domain name as a unique identifier for recipients to use to […]

3 Comments

Gmail / Apps authentication issues

I’ve seen several reports of unexpected rejections for unauthenticated email to Google over IPv6 today. Unauthenticated mail over IPv6 is a bad idea, but Google usually spam folders it rather than rejecting it. The Gmail status dashboard is reporting an issue “Some messages sent to consumer Gmail accounts are being rejected due to authentication enforcement” so something […]

No Comments

More on ARC

ARC – Authenticated Received Chain – is a way for email forwarders to mitigate the problems caused by users sending mail from domains with DMARC p=reject. It allows a forwarder to record the DKIM authentication as they receive a mail, then “tunnel” that authentication on to the final recipient. If the final recipient trusts the […]

No Comments

SHOUTY CAPS!!!

Over at Meh Glenn Fleishman has put together a fascinating two-parter on the history of using ALL CAPS for emphasis. And SHOUTING. CAPITAL CRIMES, PART 1 : SHOUT, SHOUT, LET IT ALL OUT CAPITAL CRIMES, Part 2: Usenet has no CHILL  

No Comments

Google drops obsolete crypto

Google is disabling support for email sent using version 3 of SSL or using the RC4 cypher. They’re both very old – SSLv3 was obsoleted by TLS1.0 in 1999, and RC4 is nearly thirty years old and while it’s aged better than some cyphers there are multiple attacks against it and it’s been replaced with more recent […]

No Comments

Hotmail having a bad day

Hotmail seems to be having a bad day, responding to a lot of delivery attempts with “554 Transaction failed” responses. It’s not you, it’s them. They’re aware of the issue.

No Comments

Don’t mess with my email

One thing we tell clients is that people consider their mailbox a very personal space. They’re offended when people invade that personal space without permission, sometimes to an extent that doesn’t seem proportional to the scale of the offense. And we advise senders who have been invited into the inbox to treat it with respect. […]

No Comments

Archives