For some reason otherwise legitimate ESPs have over the years picked up a habit of obfuscating who they are. I don’t mean those cases where they use a customers subdomain for their infrastructure or bounce address. If the customer is Harper Collins then mail “from” @bounce.e.harpercollins.com sent from a server claiming to be mail3871.e.harpercollins.com isn’t unreasonable...
If you follow any infosec sources you’ve probably already heard a lot about Meltdown and Spectre, Kaiser and KPTI. If not, you’ve probably seen headlines like Major flaw in millions of Intel chips revealed or Intel sells off for a second day as massive security exploit shakes the stock. What is it? These are all about a cluster of related security issues that exploit features shared...
One of the client projects I’m working on includes doing a lot of research on MXs, including some classification work. Part of the work involves identifying the company running the MX. Many of the times this is obvious; mail.protection.outlook.com is office365, for instance. There are other cases where the connection between the MX and the host company is not as obvious. That’s where...
This is the time of year when everyone starts posting their predictions for the coming year. Despite over a decade of blogging and close to 2500 blog posts, I have’t consistently written prediction articles here. Many years I don’t see big changes on the horizon, so there’s not a lot to comment on. Incremental changes are status quo, nothing earth shattering there. But...
I just got some mail claiming to be from “Bank of America <secure@bofasecure.com>”. It passes SPF: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=185.235.176.160; helo=bofasecure.com; It passes DKIM: Authentication-Results: mx.wordtothewise.com (amavisd-new); dkim=pass (1024-bit key) header.d=bofasecure.com The visible RFC 822 From address is strictly...
We often want to know whether two hostnames are controlled by the same person, or not. One case for that is cookie privacy in web browsers. We want pages at www.blighty.com and images.blighty.com and blighty.com to all be able to set and read cookies for each other – so a user only needs to log in once for pages or images on all of them to work well together. So we allow all of them to...
We’re in the thick of the busiest time of the year for email. It’s been so busy, in fact, that we’ve seen some slowdowns and delivery issues across the email universe. It may be worth thinking about alternate strategies for end of year promotions beyond Black Friday and Cyber Monday. I was delighted to chat with Julia Angwin for her ProPublica piece on subscription bombing and abuse prevention...
[#INFOGRAPHIC] Email marketing trends 2018
It’s always an honor to be asked to provide quotes and thoughts with experts in the field. Sometimes the day to day gives me tunnel vision, but things like this give me the opportunity to think more globally. Hands down, though, the best part is seeing the final product and hearing what other folks have to say.
Go check out the full infographic.
A security researcher has identified a rendering flaw that allows for “perfect” phishing emails. From his website: Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC...
It is increasingly clear that successful email marketing programs measure and emphasize deliverability. No longer is deliverability the crisis management team called when everything breaks. They’re part and parcel of an effective email marketing team. Today I watched a bit of the EIS livestream where acquisition marketers were discussing their processes. Everyone of them talked about things...
RSS - Posts