Any time you put a URL in mail you send out, you’re sharing the reputation of everyone who uses URLs with that hostname. So if other people send unwanted email that has the same URL in it that can cause your mail to be blocked or sent to the bulk folder. That has a bunch of implications. If you run an affiliate programme where your affiliates use your URLs then spam sent by your affiliates...
URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things: Make a URL shorter Track clicks on the URL Hide the destination URL Making URLs shorter was their original role, and it’s why they’re so common in media where the raw URL is visible to the recipient – instant messaging, twitter and other microblogs, and in plain text email where the “real” URL...
We’ve heard this story before. Someone gives an email address to a company. That company sends them email via an ESP for several years. Hackers break in to the ESP and steal a bunch of email addresses. The original address owner starts getting targeted and random spam to that email address. The reality is rarely quite that simple. Here’s my version of this story. The names have been...
I often find myself having to analyze volumes of email, looking for common factors, source addresses, URLs and so on as part of some “forensics” work, analyzing leaked emails or received spam for use as evidence in a case. For large volumes of mail where I might want to dig down in a lot of detail or generate graphical or statistical reports I tend to use Abacus to slurp in and...
This morning, someone asked an interesting question. Last time I worked with the actual HTML design of emails (a long time ago), <head> was not really needed. Is this still true for the most part? Any reason why you still want to include <head> + meta, title tags in emails nowadays? There are several bits of information in the <head> part of an HTML document that can affect the...
Passwords are convenient for the end user, but it’s too easy to lose control of them. People share them with other people. People write them down, where they can be read. People send them in email, and that email is easily intercepted. People’s web browsers store the passwords, so they can log in automatically. Worst of all, perhaps, people tend to use the same username and password...
Two factor authentication, or the snappy acronym 2FA, is something that you’re going to be hearing a lot about over the next year or so, both for use by ESP employees (in an attempt to reduce the risks of data theft) and by ESP customers (attempting to reduce the chance of an account being misused to send spam). What is Authentication? In computer security terms authentication is proving...
Stefano over at emailmarketingblog.it translated our blog post about Epsilon into Italian: Epsilon e la sicurezza dei dati sensibili: calma e sangue freddo.
There’s been a lot of media coverage and online discussion about the Epsilon data breach, and how it should be a big wake-up call to email recipients to change their behavior. There’s also been a lot of panic and finger-pointing within the email industry about What Must Be Done In The Future. Most of the “you must do X in response to the data loss” suggestions are coming...
After Epsilon lost a bunch of customer lists last week, I’ve been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen – not least because it’ll be interesting to see where this data ends up. Yesterday I got mail from Marriott, telling me that “unauthorized third party gained access to a number of Epsilon’s accounts...
RSS - Posts