Recent Posts

e360 and the appeals court

Oral arguments in Spamhaus’ appeal were held last week. Mickey blogged about it on Thursday. I heard from him and a bunch of the Spamhaus folks about it at MAAWG, but was busy enough that I didn’t get a chance to listen to it. Mickey is not exaggerating on how badly the judges, particularly Judge Posner, beat up on e360’s lawyer. More quotes are available at Appeals judges berate spammer for “ridiculous,” “incompetent” litigation.

New blocklisting process

There is a new type of blocking designed to interrupt the ability of users to click and visit phishing sites.
DNS Response Policy Zones allows companies running recursive resolvers to create a zone that will not resolve specific domains. This is a second layer of filtering, if a spammer manages to get an email with a malicious link into the inbox then the ISP can still protect the user from becoming a victim from the scam. For more detailed information about RPZ, check out the helpful slides published by ISC.
Two blocklists announced this morning that they were publishing lists in RPZ format so ISPs can import the data into their DNS recursive resolver. SURBL is currently offering their list as RPZ. Spamhaus is currently running a beta for the DBL in a RPZ format. If you’re a current DBL user, talk to Spamhaus about checking out their new format.

Spam lawsuit guide

Mailchimp has released a guide to spam lawsuits with advice on how to not be a target.
I had the pleasure of meeting some of the Mailchimp legal staff last year when I was down there to do on-site training for their abuse desk employees. I was quite impressed with them and their understanding of privacy and email issues.

New security focused services

Steve’s been busy this week working on some new products.
You can see the first at Did Company Leak? This is a neat little hack that looks at social media reports to see if a there are reports of leaks, breaches or hacks and gives you a list of tweets that reference them. And, yes, I did really receive spam to two addresses stolen from iContact customers today.

Prepping for MAAWG

The June MAAWG meeting is next week. Both of us are working on various projects, documents and announcements for the meeting. This means light blogging, although we’ll post public announcements as they come out.
If you’re going to MAAWG be sure to stop by and say hi!

Gmail reports spear phishing attack

No one, it seems, is immune from account compromise attempts. Today Google reported they had identified a systemic campaign to compromise Gmail accounts belonging to “senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
Google offers a number of solutions for users, including the ability to add 2 factor authentication to your Gmail account. I strongly recommend anyone who uses Gmail to do this.
This isn’t a security blog, but email is one of the major vectors used to infect machines. We’ve seen numerous break ins targeting email senders and ESPs, resulting in customer and recipient data being stolen and then used for spam. Everyone who uses email needs to be aware of the risks and maintain their email account integrity. Be careful clicking links in emails. Be careful opening webpages. Keep your antivirus software up to date.
Everyone is a target.

Marketing or spamming?

A friend of mine sent me a copy of an email she received, asking if I’d ever heard of this particular sender. It seems a B2B lead generation company was sending her an email telling her AOL was blocking their mail and they had stopped delivery. All she needed to do was click a link to reactivate her subscription.
The mail copy and the website spends an awful lot of time talking about how their mail is accidentally blocked by ISPs and businesses.

First spam to Epsilon leaked address

This morning I received the first two spams to the address of mine that was compromised during the Epsilon compromise back in April. Actually, I received two of them. One was the “standard” Adobe phish email. The other was similar but referenced Limewire instead of Adobe.

End of quarter spam

There has been a plethora of big brand companies doing stupid stuff with marketing recently. I can only figure it’s end of quarter and everyone is looking to pump up their numbers as fast as possible.
I talked about Millenium hotels sending me with an utterly irrelevant ad earlier this week.
@Yahoomail direct message spammed all their twitter followers with an ad for something related to the new Yahoo mail product.
Anyone watching my twitter feed yesterday probably noticed me complaining about spam from Dell.
All of these things are just examples of sloppy marketing. In Dell’s case it’s even worse because they sent me multiple copies of the spam to different addresses. Two copies of the same “SHOP NOW!” email to different addresses, one of which has never been given to Dell.
Mail to the first address is unquestionably spam and I did send in a complaint to Dell’s ESP. That address is never used to sign up for anything. I did try clicking on the “update your subscription” link in the footer and Dell’s website helpfully told me that address was not on their mailing lists. Looks like Dell bought a list.
The second address is one that was involved with the purchase of software from Dell last July. This is the first non-transactional mail sent to that address. I can’t necessarily call the email spam as I did give it to Dell during the course of a transaction. However, Dell could have done a lot better in managing our “relationship” than they did.
Dell collected my email address as part of a transaction in July 2010. They did not start sending marketing mail to this address until May 2011. While Dell is a major brand and most people would recognize the name and may be a little less inclined to hit “this is spam” waiting 10 months between a purchase and regular mailings is a bad idea. People who don’t use tagged addresses may forget they gave the sender an email address and automatically send in a spam complaint.
Sitting on an address for 10 months means Dell really should have done a welcome series, or even just a single welcome email, to ease the transition from no mail to regular mail. But, no, they just send me an email advertising their sales.
We’ve been Dell customers for quite a while, and all of our purchases have been enterprise grade hardware or software to run on those servers. We’ve never purchased anything remotely like office computers. But the sales flyer was for desktops, printers and monitors. Dell knows what I purchased from there, so why are they sending me ads for things I’ve never bought?
We have our own Dell sales rep, and my only involvement in the transaction is source of payment. Adding me to a product list really feels like spam.
Then there was the email itself. The “update your subscription” link was broken and told me I wasn’t subscribed to their list. I mentioned it to Steve and he pointed out that particular link had been broken “forever.” How long has it been since anyone inside of Dell has checked that their footer links work?
What is Dell up to? Who knows. But they unarguably are sending mail to addresses that never opted in. And even if you consider an email giving during a purchase process their handling of that particular address was appalling and in violation of almost every good practice out there.

Buying lists

The problem with buying lists is that you never know which consumers are already on your list and you risk spamming current subscribers.