BLOG

Author: steve

Check your abuse addresses

Even if you have excellent policies and an effective, empowered enforcement team you can still have technical problems that can cause you to drop abuse mail, and so lose the opportunity to get a bad actor off your network before they damage your reputation further. It’s not quite as simple as “We’re seeing email in […]

No Comments

Your idea will not work. Here is why it won’t work.

Matthew Green reminded me of an old bit of spam lore. It’s a canned response to someone’s New and Awesome and entirely unoriginal Final Ultimate Solution to the Spam Problem. It originated on the news.admin.net-abuse.email newsgroup, I think, maybe twenty years ago? While one or two details have changed it’s still applicable to most of […]

2 Comments

The Problem With Affiliates (2)

On Friday I mentioned spam coming from a BarkBox affiliate programme. The original email is here. It’s not terribly exciting, it’s rather typical spam of the sort sent by professional spammers. It’s validly DKIM and SPF authenticated, and DMARC-aligned. It includes invisible white-on-white padding text so that it doesn’t look like image-only spam to naive […]

1 Comment

The Problem With Affiliates

If I see BarkBox I think Spam. That’s because, despite their marketing team effort, facebook and banner ad budget, the main place I see them advertised is via spam in my mailbox. It’s not even good spam. There’s quite a lot of it. Most of it looks much the same, other than the spammer randomizing […]

2 Comments

Reading RFCs

We mention RFCs quite a lot, both explicitly (RFC 6376 is the specification for DKIM) and implicitly (the 822.From aka bounce address aka return path). And we have local copies of a bunch of them to make them easy to refer to (SMTP, MIME, Carrier Pigeons …). They use quite a lot of jargon and […]

No Comments

Minimal DMARC

The intent of DMARC is to cause emails to silently vanish. Ideally deploying DMARC would cause all malicious email that uses your domain in the From address, but which has absolutely nothing to with you to vanish, while still allowing all email you send, including mail that was sent through third parties or forwarded, to […]

2 Comments

List the world!

We often say that a blacklist has “listed the world” when it shuts down ungracefully. What exactly does that mean, and why does it happen? Blacklists are queried by sending a DNS lookup for an A record, just the same as you’d find the address of a domain for opening a webpage there. The IP […]

3 Comments

SpamCannibal is dead

The SpamCannibal blacklist – one that didn’t affect your email too much but which would panic users who found it on one of the “check all the blacklists!” websites – has gone away. It was silently abandoned by the operator at some point in the past year and the domain registration has finally expired. It’s […]

1 Comment

#GDPR

Twitter has some opinions on #GDPR. — @rianjohnson (Yes, the director of The Last Jedi) Finds deserted island a message in a bottle washes onto the beach *opens bottle* We’ve updated our Privacy Policy — Marques Brownlee (@MKBHD) May 24, 2018 Happy #GDPR day! #gdprjokes pic.twitter.com/2SVisxIuRY — lukestevens (@lukestevens) May 24, 2018 just got a […]

No Comments

EFAIL PGP / S/MIME "flaw" ?

There’s going to be a lot of hype today about something the security researchers who found it are calling “EFAIL”. Interviews, commemorative T-Shirts, press tours, hype. The technical details are interesting, but the un-hyped end-user advice would probably be “If you’re using a mail client that’s got bugs in it’s MIME handling, and you’ve configured it […]

No Comments