When you click on a link in your mail, where does it go? Are you sure? HTTP Redirects In most bulk mail sent the links in the mail aren’t the same as the page the recipients browser ends up at when they click on it. Instead, the link in the mail goes to a “click tracker” run by the ESP that records that that recipient clicked on this link in this email, then redirects the...
Using SSL TLS to protect data in transit and authenticate servers you contacted originally required specialized software, complex configuration and expensive and complicated to require certificates. The need for specialized software is long since gone. Pretty much every web server and mail server will support SSL out of the box. Basic server configuration is now pretty simple – give the...
There seems to be an uptick in phishing attacks that have an impact on ESPs recently. Your CEO The most critical one is targeted spear-phishing attacks that claim to be internal documents sent by senior staff within the company, e.g. from the company CEO. It’s likely that the attached documents will compromise and backdoor your machine, and from their most of your internal network, using an...
Someone mentioned on a mailing list that mail “from” intuit.com was being filed in the gmail spam folder, with the warning “Our systems couldn’t verify that this message was really sent by intuit.com“. That warning means that Gmail thinks it may be phishing mail. Given they’re a well-known financial services organization, I’m sure there is a lot of...
We have multiple measures of deliverability. Ones that we don’t even let in the door, and then we have ones that customers indicated that they don’t want to be delivered.
– Jeff Bonforte, Senior VP Communications, Yahoo Mail
Read a little more about Yahoo and spam over at Tech Insider, or listen to the podcast at codebreaker.codes.
As a break from writing unit tests this morning I took a few minutes to go through my Mail.app junk folder, looking for false positives for mail delivered over the past six weeks. We don’t do any connection level rejection here, so any mail sent to me gets delivered somewhere. Anything that looks like malware gets dumped in one folder and never read, anything that scores a ridiculously high...
DMARC.org announced this morning that Gmail will be moving to publishing a p=reject DMARC record in June of next year, much the same as Yahoo and AOL have. Unlike Yahoo and AOL, Gmail are giving those who will be affected plenty of time to prepare for any issues, and have waited until there are some potential ways to mitigate problems in the development pipeline. The ARC proposal, mentioned in...
According to twitter and mailop Network Solutions is having issues with inbound mail, with both TCP level disconnections and 451 deferrals. @annaciamp @netsolcares We're seeing email from our servers to netsol queuing up, consistently since 9:51 am (U.S. Central) — Frank Bulk (@frankbulk) October 14, 2015 Down Detector and other reports suggest it’s been an issue since about 8am...
Over on the Farsight Security blog Joe St. Sauver talks about some of the early days of online abuse, on usenet. Laura and I were on the periphery of early usenet abuse, mostly as users, but Usenet (and IRC) around then were the places we both started with email abuse.
I just saw a post over on the mailop mailing list where someone had been bitten by some of the IPv6 email issues I discussed a couple of months ago. They have dual-stack smarthosts – meaning that their smarthosts have both IPv4 and IPv6 addresses, and will choose one or the other to send mail over. Some domains they send to use Office 365 and opted-in to receiving mail over IPv6, so their...
RSS - Posts