BLOG

Author: steve

Compromising a Mail Client

Your entire work life is in your work mail client. All the people you communicate with – co-workers, friends, family, vendors, customers, colleagues. Every email you send. Every email you receive. Any files you attach or receive. If someone can compromise your mail client, they can see all that. They can save copies of all […]

3 Comments

Everything leaks eventually

We have a role address we use to receive support requests from users of our Abacus ticketing system - they’re typically abuse or security desk administrators at ISPs or ESPs, inside corporate firewalls and protected by multiple layers of security and malware protection. We’ve been using it since around 1997, so we’ve had a good, spam-free run, […]

5 Comments

SORBS – back soon

If you’ve tried to get an address delisted from SORBS this week you’ll have found that their site is degraded, and there’s no way to request delisting. They’ve been dealing with some very nasty database / hardware problems and while they’re fixing those the externally visible SORBS services are running in a read-only mode (where […]

4 Comments

On Discovery and Email

If you’re involved in any sort of civil legal action in the US Courts – whether that be claims of patent violation, defamation, sexual harassment or anything else – there’s a point in the pre-trial process where the opposing lawyers can request information from you, and also from any third-parties they believe may have useful […]

No Comments

Ad-hoc analysis

I often pull emails into a database to analyze them, but sometimes I want something simpler. Emails are typically stored in one of two ways: mbox format, where an entire mailbox is stored in a single file, and maildir format, where a mailbox is a directory with one file in it for each email. My […]

No Comments

New top level domains

ICANN have signed agreements for four new top level domains, all internationalized domains from the 2o12 applications for new TLDs. They are شبكة (“network” or maybe “web” in arabic), 游戏 (“game” in chinese), онлайн and сайт (“online” and “website” in russian). It’ll take a while for the registries to ramp up their infrastructure, but you might start seeing […]

No Comments

Know what you’re promising, and keep your promises

Although we can’t always provide a personal response to your complaint, we do investigate all reports. Please don’t interpret a lack of response as a lack of action taken. If we find that a customer is violating our policies, we will take make sure they stop the violating activity. That’s the response I had when […]

No Comments

What is a dot-zero listing?

Some email blacklists focus solely on allowing their users to block mail from problematic sources. Others aim to reduce the amount of bad mail sent and prefer senders clean up their practices, rather than just blocking them wholesale. The Spamhaus SBL is one of the second type, using listings both to block mail permanently from […]

9 Comments

DKIM and DomainKeys, Spam and Ham

I’ve been preaching “DKIM is great! DomainKeys is obsolete, get rid of it!” for several years now. I thought I’d take a look at my mailbox and see who was using authentication. I’ve divided this into “Ham” and “Spam”. Spam is, well, all the spam I’ve received over the past couple of years. Ham is […]

2 Comments

DNS, SERVFAIL, firewalls and Microsoft

When you look up a host name, a mailserver or anything else there are three types of reply you can get. The way they’re described varies from tool to tool, but they’re most commonly referred to using the messages dig returns – NXDOMAIN, NOERROR and SERVFAIL. NXDOMAIN is the simplest – it means that there’s no […]

3 Comments
  • AOL compromise

    Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn't provided any information as of yet as to what is going on.4 Comments


  • ReturnPath on DMARC+Yahoo

    Over at ReturnPath Christine has an excellent non-technical summary of the DMARC+Yahoo situation, along with some solid recommendations for what actions you might take to avoid the operational problems it can cause.No Comments


  • AOL problems

    Lots of people are reporting ongoing (RTR:GE) messages from AOL today.  This indicates the AOL mail servers are having problems and can't accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren't functioning as well as they should be and so AOL can't accept all the mail thrown at them. These types of blocks resolve themselves. 1 Comment


Archives