Recent Posts

Target breach started from email

According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems.
Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. I’m not sure if there really is an attack vector where a vendor can get access through Ariba to the internal systems of the customers. However, my experience with Ariba has been frustrating and problematic, so I’ll be happy to believe their security is as broken as their email.
Email is a great way to interact with people and companies. It’s great for growing communities and businesses. But it is also a way for attackers to get access to your computer and the websites you interact with. Protect yourself, and your company, by running security software. And, please, don’t open attachments or click on links in emails and provide usernames and passwords.

LinkedIn shuts down Intro product

Intro was the LinkedIn product that created an email proxy where all email users sent went through LinkedIn servers. This week LinkedIn announced it is discontinuing the product. They promise to find new ways to worm their way into the inbox, but intercepting and modifying user mail doesn’t seem to have been a successful business model.

Engagement, it's not what you might think

Most delivery experts will tell you that ISPs measure recipient engagement as a part of their delivery. That’s absolutely true, but I think there’s a language difference that makes it hard for senders to understand what we mean by engagement.
ISPs, and other filtering companies, profile their user base. They know, for instance, who logs in and checks mail every day. They know who checks mail every 20 seconds. They know who gets a lot of spam. They know who hasn’t logged in for months. They know who accurately marks mail as spam and who is sloppy with the this-is-spam button. They know if certain recipients get the same mail, it’s likely to be spam.
Engagement at the ISPs is more about the recipient engaging with their email address and the mail in their mailbox then it is about the recipient engaging with specific emails.

More on Newsmax and spam to political lists

Things are getting stranger and stranger with Newsmax and the politicians they’re managing lists for. Earlier this week, recipients on Scott Brown’s list received emails with the subject line “5 Signs You’ll Get Alzheimer’s Disease.” The advertisement was for products and information from Dr. Blaylock, a contributor to Newsmax Health. Scott Brown told the political reporter at WMUR in New Hampshire that he did not authorize this email was cutting ties with Newsmax
Newsmax contacted me after I posted about unexpected email to the Herman Cain mailing list. They wanted to make it clear to me that their mailings were all double opt-in and that they adhered to all best practices. They also said that select advertisers were allowed to put ads in the body of messages from the politician to their supporters.
It seems, though, that may not be the whole truth. After I received the message from Newsmax, I signed up on caintv.com to see if they really were using double opt-in. While it is very possible that Mr. Cain was using double opt-in during the campaign, he isn’t any longer. I started receiving emails immediately, with neither a welcome message or a confirmation message.
In the case of Scott Brown’s list, the advertisement wasn’t from an outside advertiser, the advertisement was for a Newsmax columnist. And the ad wasn’t in the body of a message to supporters, it was the message to supporters. Mr. Brown has this to say about his likeness and mailing list being used by Newsmax.

Contacting an ISP that doesn't have a postmaster page

How do you contact an ISP about a block that doesn’t have a postmaster page? While there’s no one answer, I do have some suggestions.
Start by contacting the postmaster@ or abuse@ addresses. For smaller ISPs, the same people handling outbound abuse are the people handling inbound filtering.
When you contact them have the following:

Problems with Yahoo FBL

There are a couple problems I’ve been alerted to with the Yahoo FBL today.
The first comes from Michael Ellis and is about broken FBL reporting at Yahoo.

Cloudmark posted their Global Spam Threat Report for 2013.

Cloudmark Annual Global Messaging Threat Report. Nothing too surprising here, but useful for anyone in the email space to check out.

Update on Herman Cain advertising male enhancement drugs

Shawn Studer from newsmax.com contacted me today with a statement about the Herman Cain mailing list.

Does email have a guarantee of delivery?

A client asked me earlier this week what SLAs ISPs provided for email delivery. The short answer is that there isn’t a SLA and that the only guarantee is that the email will get there when it gets there.
But as I was mentioning this to Steve, he pointed out that there was a recent change in the RFCs for email. In both RFC 821/2 and RFC 2821/2 (the original email related RFCs and the update in the early 2000’s) the RFCs stated that once a receiving MTA accepted an email that that MTA was required to either delivery the mail or generate an asynchronous bounce. While this isn’t a standard SLA, it does mean that a 2xy response after DATA meant the email would either be delivered to the user or be sent back to the sender. Despite the RFC requirements some receivers would still drop mail on the floor for various reasons, sometimes intentionally and sometimes not.
RFC 5321/2, the current SMTP standard, still says that once a server accepts the mail it must not lose that mail ‘for frivolous reasons.’ The RFC goes on to admit, though, that in recent years, SMTP servers are under a range of attacks and dropping mail on the floor is not frivolous in those cases.

Repurposing addresses

Multiple news sources are reporting that Herman Cain, republican presidential hopeful from 2012. Maddow on Herman Cain’s new business model. Apparently, his email address list is for rent by just about anyone, including companies selling cures for erectile dysfunction.