Matthew Green reminded me of an old bit of spam lore. It’s a canned response to someone’s New and Awesome and entirely unoriginal Final Ultimate Solution to the Spam Problem. It originated on the news.admin.net-abuse.email newsgroup, I think, maybe twenty years ago? While one or two details have changed it’s still applicable to most of the current generation of under-researched...
On Friday I mentioned spam coming from a BarkBox affiliate programme. The original email is here. It’s not terribly exciting, it’s rather typical spam of the sort sent by professional spammers. It’s validly DKIM and SPF authenticated, and DMARC-aligned. It includes invisible white-on-white padding text so that it doesn’t look like image-only spam to naive filters (using...
If I see BarkBox I think Spam. That’s because, despite their marketing team effort, facebook and banner ad budget, the main place I see them advertised is via spam in my mailbox. It’s not even good spam. There’s quite a lot of it. Most of it looks much the same, other than the spammer randomizing colours. This one looks better than the black on cyan version, or any of the other...
We mention RFCs quite a lot, both explicitly (RFC 6376 is the specification for DKIM) and implicitly (the 822.From aka bounce address aka return path). And we have local copies of a bunch of them to make them easy to refer to (SMTP, MIME, Carrier Pigeons …). They use quite a lot of jargon and implicit information and metadata that’s not really explained terribly clearly anywhere...
A few weeks ago we took a drive down I5 to attend a service at Bakersfield National Cemetery. Amid the acres and acres of almond farms there were patches of black from recent grassfires. Typical but boring California landscape. Wildfires are a hugely destructive but continual threat in California. Growing up on the east coast, I never really understood wildfires. How can acres and acres and...
An on the ball reader sent me a note today showing a bounce message indicating microsoft was rejecting mail due to a Spamhaus Blocklist Listing. 5.7.1 Client host [10.10.10.10] blocked using Spamhaus. To request removal from this list see (S3130). [VE1EUR03FT043.eop-EUR03.prod.protection.outlook.com] The IP in question is listed on the CSS, which means at a minimum Microsoft is using the SBL. I...
The intent of DMARC is to cause emails to silently vanish. Ideally deploying DMARC would cause all malicious email that uses your domain in the From address, but which has absolutely nothing to with you to vanish, while still allowing all email you send, including mail that was sent through third parties or forwarded, to be delivered. For some organizations you can get really close to that ideal...
But, unfortunately, some senders don’t actually think unsubscribe means stop sending mail. Today, for instance, the nice folks at The Container Store sent me an email with an “important update to my POP! account” Yes, that’s an address I gave them. But I don’t have any record of setting up an account. I was on their mailing list for all of 4 emails back in November...
In the deliverability space we talk about permission and consent a lot. All too often, though, consent is taken not given. Marketers and senders assume they have permission to send email, while the recipient is left expecting no email. There are different ways that companies assume permission. A favorite is to hide the permission deep in the terms and conditions or in the privacy policy. This is...
As I’m writing this, I’m watching Deputy Atty General Rod Rosenstein discuss the indictments of 12 Russian military officers for hacking activities during the 2016 election cycle. One of the methods used to gain access to systems was spearphishing. I think most of us know what phishing is, sending lots of emails to a wide range of people in an attempt to collect some credentials...
RSS - Posts