Recent Posts

Phishing evolves beyond DMARC

The phishing attack against Sendgrid is still going on. Most of the mail and the websites are being hosted on Linode. I’ve still not gotten to see what one of the sites looks like, as Linode is getting the sites down before I click on the links.

Read More

Alt-text and phishing warnings

For a long time one of the “best practices” for links in html content has been to avoid having anything that looks like a URL or hostname in the visible content of the link, as ISP phishing filters are very, very suspicious of links that seem to mislead recipients about where the link goes to. They’re a very common pattern in phishing emails.

Read More

Myths about spamtraps

The nice folks at Kickbox asked me what I thought the biggest myths about spamtraps were. I said:

Read More

The internet is different in the EU

One of the interesting things about moving to the EU is experiencing the internet where GDPR is a thing. We get asked permission for everything. Including if we want shopping cart updates.

Read More

ESP being phished is a Black Friday cataclysm

There is currently a phishing attack against a major ESP. The mail came through what I presume was a compromised account hosted at one of the providers. It’s just as possible this was a domain set up for the sole purpose of phishing, though.

Read More

CAN SPAM says I can!

the word spam with a checkmark next to it.

Saw a new disclaimer on mail sent to an address harvested off our website today:

Read More

Identifying domains that don’t accept or send email

A couple folks have asked me recently about MX records that they don’t understand. These records consist of a single . or they contain localhost or they are 127.0.0.1.

Read More

Mentally modelling filters

When we talk about filters, we often think there is one filter. But, in many cases there are multiple stages of filters, each examining mail in a different way.

Read More

Purging to prevent spamtraps

Someone recently asked when they should purge addresses to remove spamtraps. To my mind this is actually the wrong question. Purging addresses that don’t engage is rarely about spamtraps, it’s about your overall communication processes.

Read More

Microsoft and SmartScreen

There was another thread on mailop today about email filtering. This one was about Microsoft and SmartScreen. After watching a bunch of folks make lots of comments about what SmartScreen was, and get it wrong, I waded in.

Read More
Tags