Recent Posts

Good morning DMARC

• steve
• Oct 14, 2018

• Industry

I’m thinking I may need to deploy DMARC report automation sooner rather than later.

Company responsibility and compliance

• laura
• Oct 12, 2018

• Best Practices

I blogged a few times recently about Zoho and their issues with malicious actors abusing their platform. They asked me to post the following statement from their CEO Sridhar Vembu.

2018 JD Falk Award … a mailing list

• laura
• Oct 10, 2018

• Industry

It’s M³AAWG time. Even though we’re not there, I’m getting regular updates from friends and colleagues who are there. Yesterday, was the presentation of the 2018 JD Falk award. The award recognises “a particularly meritorious project undertaken by a dedicated individual or group reflecting the spirit of volunteerism and community building.” In this case, the award went to a group of people on the “BEC mailing list.”

Fun with spam filters

• laura
• Oct 9, 2018

• Industry

I recently had a challenging travel experience in the Netherlands, trying to get from Schipol airport to a conference I was speaking at. As part of my attempt to get out of the airport, I installed UBER on my phone. There were some challenges with getting UBER to authorise my phone number, so I tried linking it to my Gmail account.

All filters are not equal

• laura
• Oct 8, 2018

• Industry

Many questions about delivery problems often assume that there is one standard email filter and the rules are the same across all of them. Unfortunately, this isn’t really the case.

DNS Flag Day

• steve
• Oct 5, 2018

• Technical

There are quite a lot of broken DNS servers out there. I’m sure that’s no surprise to you, but some of them might be yours. And you might not notice that until your domains stop working early next year.

Zoho, phishing and who’s next?

• laura
• Oct 4, 2018

• Industry

ZDnet reports that Zoho’s problems with phishing aren’t over. Their report states that Zoho is being used as a pipeline to exfiltrate data from phished accounts.

Schroedinger’s email

• laura
• Oct 3, 2018

• Industry

The riskiest email to send is that very first email. It’s a blank slate. Even if you’re sending confirmation messages, you don’t really know anything about how this email is going to affect your reputation.

Evolution of policy

• laura
• Oct 1, 2018

• Industry

Last week, I talked about policy, using some different blocklist policies as examples. In that post I talked about how important it is that policy evolve. One example of that is how we’ve been evolving policy related to companies that get listed on Purchased Lists and ESPs. Who is listed has evolved over time, and we’re actually looking at some policy changes right now.

Security Truths

• laura
• Sep 27, 2018

• Industry

Being in infosec for so long takes its toll. I've come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don't seem to be any exceptions, and it gets depressing.

Read More