BLOG

Author: steve

Organizational Domain

We often want to know whether two hostnames are controlled by the same person, or not. One case for that is cookie privacy in web browsers. We want pages at www.blighty.com and images.blighty.com and blighty.com to all be able to set and read cookies for each other – so a user only needs to log […]

No Comments

Interacting in professional fora

There are a bunch of online communities – mailing lists, Slack channels, etc. – where “people who do email” interact. Some of them are open to anyone to subscribe, some of them are semi-private and require an invitation, others are closed and only available by invitation and yet others are associated with trade associations and […]

1 Comment

The feds are deploying DMARC

The US National Cybersecurity Assessments & Technical Services Team have issued a mandate on web and email security, including TLS+HSTS for web servers, and STARTTLS+SPF+DKIM+DMARC for email. It’s … pretty decent for a brief, public requirements doc. It’s compatible with a prudent rollout of email authentication. Set up a centralized reporting repository for DMARC failure and aggregate […]

No Comments

Sometimes less is more

We just bought some new desks, to replace the old ones that date back to the days of CRT monitors. The supplier we bought them from, Autonomous, did a nice set of triggered sends throughout the sales process – “we’ve received your order”, “we’ve shipped your order”, “your order has been delivered”. That’s not rocket […]

No Comments

Spam-infused Mai-Tai

Happy Labor Day! Celebrate it with the perfect email-themed cocktail – a spam-infused Mai Tai, served in the traditional glass. A speciality of the Duck Inn in Chicago, it’s made from a fat-washed dark rum: Slice Spam thin and lay the slices onto a small sheet pan. Cover with 5oz of melted lard. Bake at 250 degrees […]

No Comments

Mandatory TLS is coming

Well, not exactly mandatory but Chrome will start labeling any text or email form field on a non-TLS page as “NOT SECURE”. Chrome 62 will be released as stable some time around October 24th. If you want to avoid the customer support overhead then, regardless of whether any of the information on a form is […]

No Comments

Maybe they’re just not that into you?

In April of last year I created a new twitter account. I can’t remember exactly why, but it was a throwaway created to look at some aspect of how twitter interacts with new accounts. As part of the account creation process I gave Twitter an email address. They sent me a confirmation message right away: I […]

No Comments

Local-part Semantics

An email address has two main parts. The local-part is the bit before the @-sign and the domain is the bit after it. Loosely, the domain part tells SMTP how to get an email to the destination mailserver while the local part tells that server whose mailbox to put it in. I’m just looking at the local part today, the […]

1 Comment

TLS certificates and CAA records

Transport Layer Security (TLS) is what gives you the little padlock in your browser bar. Some people still call it SSL, but TLS has been around for 18 years –  it’s time to move on. TLS provides two things. One is encryption of traffic as it goes across the wire, the other is a cryptographic […]

1 Comment

FTC solicits CAN-SPAM feedback

The FTC (US Federal Trade Commission) is soliciting comments on CAN-SPAM legislation: A. General Issues 1. Is there a continuing need for the Rule? Why or why not? 2. What benefits has the Rule provided to consumers? What evidence supports the asserted benefits? 3. What modifications, if any, should be made to the Rule to […]

No Comments

Archives