We’ve known for a while that AOL email infrastructure is going to be merging with Yahoo’s, but apparently it’s happening sooner than anyone expected. The MXes for aol.com will be migrated to Yahoo infrastructure around February 1st. Reading between the lines I expect that this isn’t a flag day, and much of the rest of the AOL email infrastructure will be in use for a while...
When we say that you might just be sending too much email and fatiguing or annoying the recipient into unsubscribing or hitting spam, this is the sort of thing we mean. Three emails (to the same email address) in four minutes might be a bit much. If you can’t combine the content you want to send into a single personalized email, maybe spread deliveries out a bit? Or even not send all of it...
For some reason otherwise legitimate ESPs have over the years picked up a habit of obfuscating who they are. I don’t mean those cases where they use a customers subdomain for their infrastructure or bounce address. If the customer is Harper Collins then mail “from” @bounce.e.harpercollins.com sent from a server claiming to be mail3871.e.harpercollins.com isn’t unreasonable...
If you follow any infosec sources you’ve probably already heard a lot about Meltdown and Spectre, Kaiser and KPTI. If not, you’ve probably seen headlines like Major flaw in millions of Intel chips revealed or Intel sells off for a second day as massive security exploit shakes the stock. What is it? These are all about a cluster of related security issues that exploit features shared...
I just got some mail claiming to be from “Bank of America <secure@bofasecure.com>”. It passes SPF: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=185.235.176.160; helo=bofasecure.com; It passes DKIM: Authentication-Results: mx.wordtothewise.com (amavisd-new); dkim=pass (1024-bit key) header.d=bofasecure.com The visible RFC 822 From address is strictly...
We often want to know whether two hostnames are controlled by the same person, or not. One case for that is cookie privacy in web browsers. We want pages at www.blighty.com and images.blighty.com and blighty.com to all be able to set and read cookies for each other – so a user only needs to log in once for pages or images on all of them to work well together. So we allow all of them to...
There are a bunch of online communities – mailing lists, Slack channels, etc. – where “people who do email” interact. Some of them are open to anyone to subscribe, some of them are semi-private and require an invitation, others are closed and only available by invitation and yet others are associated with trade associations and only open to their members. Many of them...
The US National Cybersecurity Assessments & Technical Services Team have issued a mandate on web and email security, including TLS+HSTS for web servers, and STARTTLS+SPF+DKIM+DMARC for email. It’s … pretty decent for a brief, public requirements doc. It’s compatible with a prudent rollout of email authentication. Set up a centralized reporting repository for DMARC failure...
We just bought some new desks, to replace the old ones that date back to the days of CRT monitors. The supplier we bought them from, Autonomous, did a nice set of triggered sends throughout the sales process – “we’ve received your order”, “we’ve shipped your order”, “your order has been delivered”. That’s not rocket science – you...
RSS - Posts