BLOG

Author: steve

Spam-infused Mai-Tai

Happy Labor Day! Celebrate it with the perfect email-themed cocktail – a spam-infused Mai Tai, served in the traditional glass. A speciality of the Duck Inn in Chicago, it’s made from a fat-washed dark rum: Slice Spam thin and lay the slices onto a small sheet pan. Cover with 5oz of melted lard. Bake at 250 degrees […]

No Comments

Mandatory TLS is coming

Well, not exactly mandatory but Chrome will start labeling any text or email form field on a non-TLS page as “NOT SECURE”. Chrome 62 will be released as stable some time around October 24th. If you want to avoid the customer support overhead then, regardless of whether any of the information on a form is […]

No Comments

Maybe they’re just not that into you?

In April of last year I created a new twitter account. I can’t remember exactly why, but it was a throwaway created to look at some aspect of how twitter interacts with new accounts. As part of the account creation process I gave Twitter an email address. They sent me a confirmation message right away: I […]

No Comments

Local-part Semantics

An email address has two main parts. The local-part is the bit before the @-sign and the domain is the bit after it. Loosely, the domain part tells SMTP how to get an email to the destination mailserver while the local part tells that server whose mailbox to put it in. I’m just looking at the local part today, the […]

1 Comment

TLS certificates and CAA records

Transport Layer Security (TLS) is what gives you the little padlock in your browser bar. Some people still call it SSL, but TLS has been around for 18 years –  it’s time to move on. TLS provides two things. One is encryption of traffic as it goes across the wire, the other is a cryptographic […]

1 Comment

FTC solicits CAN-SPAM feedback

The FTC (US Federal Trade Commission) is soliciting comments on CAN-SPAM legislation: A. General Issues 1. Is there a continuing need for the Rule? Why or why not? 2. What benefits has the Rule provided to consumers? What evidence supports the asserted benefits? 3. What modifications, if any, should be made to the Rule to […]

No Comments

DMARC doesn’t fix Phishing

Not a new thing, but a nice example just popped up in my inbox on my phone.   But FedEx solved their entire phishing problem when they published a strict p=reject DMARC record, right? This didn’t come from fedex.com. It came from another domain that looks vaguely like fedex.com – what that domain is doesn’t matter, as the […]

1 Comment

Final migration of Verizon email addresses to AOL

AOL were kind enough to share some details about the shutdown of the Verizon mail system and the migration of @verizon.net email address to the AOL mail service: What is the cut-over date for the verizon.net MX record? The cut-over date for the mx record for verizon.net to to be handled by AOL is June […]

3 Comments

Are they using DKIM?

It’s easy to tell if a domain is using SPF – look up the TXT record for the domain and see if any of them begin with “v=spf1”. If one does, they’re using SPF. If none do, they’re not. (If more than one does? They’re publishing invalid SPF.) AOL are publishing SPF. Geocities aren’t. For DKIM […]

3 Comments

Protocol-relative URLs in email

When you link to an external resource – an image, a javascript file, some css style – from a web page you do so with a URL, usually something like “https://example.com/blahblah.css” or “http://example.com/blahblah.css”. The world is beginning to go all https, all the time, but until recently good practice was to make a web page available […]

1 Comment

Archives