Last week, I talked about policy, using some different blocklist policies as examples. In that post I talked about how important it is that policy evolve. One example of that is how we’ve been evolving policy related to companies that get listed on Purchased Lists and ESPs. Who is listed has evolved over time, and we’re actually looking at some policy changes right now. Listing policy...
Being in infosec for so long takes its toll. I've come to the conclusion that if you give a data point to a company, they will eventually sell it, leak it, lose it or get hacked and relieved of it. There really don't seem to be any exceptions, and it gets depressing.— briankrebs (@briankrebs) September 26, 2018
A particular blocklist, once again, listed a major ESP this week. Their justification is “this is our policy.” Which is true, it is their policy to list under these circumstances. That doesn’t make it a good policy, or even an effective policy. It’s simply a policy. Crafting policies Crafting good policy starts with the question “what is the desired outcome in this...
Yesterday the CRM system Zoho suffered an unexpected outage when their registrar, TierraNet suspended their domain. According to TechCrunch, Zoho’s CEO says there was no notification to the company and that the company had only 3 complaints about phishing. Based on the article, even as a Zoho customer, I am fully on the registrar’s side here. Every company, absolutely every company...
We’ve landed in Dublin and are back at work. Blogging will pick up as I get back into the swing of things. I’ll be speaking on a panel at the Selligent user conference in Amsterdam tomorrow and in London on Thursday. If you’re a Selligent customer, introduce yourself and say hi! Speaking of being on panels, I heard recently that some folks were adding conference speakers to...
We’ve been blogging here about email for 11 years now. My first post was published August 29, 2007. In that time, we’ve published more than 2300 posts, and written probably millions of words. For years we have blogged multiple times a week. This summer we’ve not kept up our normal posting schedule. We’ve been a little busy with non-email stuff. We’ve spent this...
The answer is almost certainly yes, but there are definitely cases where it the answer is no. If you’re using your own domains for the return path and/or the d= value then you can set up postmaster tools for those domains. If you’re using a domain managed by the ESP, or a subdomain where the ESP manages the DNS, you may need your ESP to publish the correct key in DNS to authenticate...
Matthew Green reminded me of an old bit of spam lore. It’s a canned response to someone’s New and Awesome and entirely unoriginal Final Ultimate Solution to the Spam Problem. It originated on the news.admin.net-abuse.email newsgroup, I think, maybe twenty years ago? While one or two details have changed it’s still applicable to most of the current generation of under-researched...
If I see BarkBox I think Spam. That’s because, despite their marketing team effort, facebook and banner ad budget, the main place I see them advertised is via spam in my mailbox. It’s not even good spam. There’s quite a lot of it. Most of it looks much the same, other than the spammer randomizing colours. This one looks better than the black on cyan version, or any of the other...
A few weeks ago we took a drive down I5 to attend a service at Bakersfield National Cemetery. Amid the acres and acres of almond farms there were patches of black from recent grassfires. Typical but boring California landscape. Wildfires are a hugely destructive but continual threat in California. Growing up on the east coast, I never really understood wildfires. How can acres and acres and...
RSS - Posts