Over the last year or so we’ve been hearing some concerns about some of the blacklisting policies and decisions at Trend Micro / MAPS. One common thread is that the ESP customers being listed aren’t the sort of sender who you’d expect to be a significant source of abuse. Real companies, gathering addresses from signup forms on their website. Not spammers who buy lists, or who...
There are a several approaches to authenticating email, and the different authentication methods have a lot of different settings to choose from (sometimes because they’re useful, other times just because they were designed by committee). It’s nice that they have that flexibility for the complex situations that might benefit from them, but almost all the time you just want to choose a...
Providing tagged email addresses to vendors is fascinating, and at the same time disturbing. It lets me track what a particular email address is used for, but also to see where and when they’ve leaked to spammers. I’d really like to know who leaked an email address, and when. All my inbound mail is sorted into “spam” and “not-spam” by a combination of...
Any time you put a URL in mail you send out, you’re sharing the reputation of everyone who uses URLs with that hostname. So if other people send unwanted email that has the same URL in it that can cause your mail to be blocked or sent to the bulk folder. That has a bunch of implications. If you run an affiliate programme where your affiliates use your URLs then spam sent by your affiliates...
URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things: Make a URL shorter Track clicks on the URL Hide the destination URL Making URLs shorter was their original role, and it’s why they’re so common in media where the raw URL is visible to the recipient – instant messaging, twitter and other microblogs, and in plain text email where the “real” URL...
We’ve heard this story before. Someone gives an email address to a company. That company sends them email via an ESP for several years. Hackers break in to the ESP and steal a bunch of email addresses. The original address owner starts getting targeted and random spam to that email address. The reality is rarely quite that simple. Here’s my version of this story. The names have been...
I often find myself having to analyze volumes of email, looking for common factors, source addresses, URLs and so on as part of some “forensics” work, analyzing leaked emails or received spam for use as evidence in a case. For large volumes of mail where I might want to dig down in a lot of detail or generate graphical or statistical reports I tend to use Abacus to slurp in and...
This morning, someone asked an interesting question. Last time I worked with the actual HTML design of emails (a long time ago), <head> was not really needed. Is this still true for the most part? Any reason why you still want to include <head> + meta, title tags in emails nowadays? There are several bits of information in the <head> part of an HTML document that can affect the...
Passwords are convenient for the end user, but it’s too easy to lose control of them. People share them with other people. People write them down, where they can be read. People send them in email, and that email is easily intercepted. People’s web browsers store the passwords, so they can log in automatically. Worst of all, perhaps, people tend to use the same username and password...
Two factor authentication, or the snappy acronym 2FA, is something that you’re going to be hearing a lot about over the next year or so, both for use by ESP employees (in an attempt to reduce the risks of data theft) and by ESP customers (attempting to reduce the chance of an account being misused to send spam). What is Authentication? In computer security terms authentication is proving...
RSS - Posts