Last week, I talked about policy, using some different blocklist policies as examples. In that post I talked about how important it is that policy evolve. One example of that is how we’ve been evolving policy related to companies that get listed on Purchased Lists and ESPs. Who is listed has evolved over time, and we’re actually looking at some policy changes right now. Listing policy...
Being in infosec for so long takes its toll. I've come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don't seem to be any exceptions, and it gets depressing.— briankrebs (@briankrebs) September 26, 2018
A particular blocklist, once again, listed a major ESP this week. Their justification is “this is our policy.” Which is true, it is their policy to list under these circumstances. That doesn’t make it a good policy, or even an effective policy. It’s simply a policy. Crafting policies Crafting good policy starts with the question “what is the desired outcome in this...
Yesterday the CRM system Zoho suffered an unexpected outage when their registrar, TierraNet suspended their domain. According to TechCrunch, Zoho’s CEO says there was no notification to the company and that the company had only 3 complaints about phishing. Based on the article, even as a Zoho customer, I am fully on the registrar’s side here. Every company, absolutely every company...
We’ve landed in Dublin and are back at work. Blogging will pick up as I get back into the swing of things. I’ll be speaking on a panel at the Selligent user conference in Amsterdam tomorrow and in London on Thursday. If you’re a Selligent customer, introduce yourself and say hi! Speaking of being on panels, I heard recently that some folks were adding conference speakers to...
We’ve been blogging here about email for 11 years now. My first post was published August 29, 2007. In that time, we’ve published more than 2300 posts, and written probably millions of words. For years we have blogged multiple times a week. This summer we’ve not kept up our normal posting schedule. We’ve been a little busy with non-email stuff. We’ve spent this...
Even if you have excellent policies and an effective, empowered enforcement team you can still have technical problems that can cause you to drop abuse mail, and so lose the opportunity to get a bad actor off your network before they damage your reputation further. It’s not quite as simple as “We’re seeing email in our abuse ticketing system, so everything must be fine.”...
The answer is almost certainly yes, but there are definitely cases where it the answer is no. If you’re using your own domains for the return path and/or the d= value then you can set up postmaster tools for those domains. If you’re using a domain managed by the ESP, or a subdomain where the ESP manages the DNS, you may need your ESP to publish the correct key in DNS to authenticate...
Matthew Green reminded me of an old bit of spam lore. It’s a canned response to someone’s New and Awesome and entirely unoriginal Final Ultimate Solution to the Spam Problem. It originated on the news.admin.net-abuse.email newsgroup, I think, maybe twenty years ago? While one or two details have changed it’s still applicable to most of the current generation of under-researched...
On Friday I mentioned spam coming from a BarkBox affiliate programme. The original email is here. It’s not terribly exciting, it’s rather typical spam of the sort sent by professional spammers. It’s validly DKIM and SPF authenticated, and DMARC-aligned. It includes invisible white-on-white padding text so that it doesn’t look like image-only spam to naive filters (using...
RSS - Posts