BLOG

Category: Technical

Spam, campaign statistics and red flag URLs

It’s not often spammers send me their campaign statistics, but on Tuesday one did. The spam came “from” news@udemy.com, used udemy.com in the HELO and message-ids and, sure enough, was advertising udemy.com:   Received: from udemy.com (unknown [198.20.115.217]) by … From: Udemy <news@udemy.com> Subject: The Photoshop Secret – Master Adobe Photoshop like a Pro! Message-ID: <20160706031012.1E35F28A6B081174@udemy.com> […]

No Comments

More on ARC

ARC – Authenticated Received Chain – is a way for email forwarders to mitigate the problems caused by users sending mail from domains with DMARC p=reject. It allows a forwarder to record the DKIM authentication as they receive a mail, then “tunnel” that authentication on to the final recipient. If the final recipient trusts the […]

No Comments

Google drops obsolete crypto

Google is disabling support for email sent using version 3 of SSL or using the RC4 cypher. They’re both very old – SSLv3 was obsoleted by TLS1.0 in 1999, and RC4 is nearly thirty years old and while it’s aged better than some cyphers there are multiple attacks against it and it’s been replaced with more recent […]

No Comments

DMARC p=reject

Mail.ru is switching to p=reject. This means that you should special-case mail.ru wherever … Actually, no. Time to change that script. If you operate an ESP or develop mailing list software you should be checking whether the email address that is being used in the From: address of email you’re sending is in a domain […]

1 Comment

Foundation: A toolkit for designing responsive emails

Zurb announced today version 2 of “Foundation for Email”, a full stack for designing content for responsive email. It looks rather nice, with features a modern web developer might look for when working on email content. It has many of the things you’d expect a web design stack to have. It support SASS for styling, […]

1 Comment

Optimize your SPF records

I talked on Monday about the SPF rule of ten and how it made it difficult for companies to use multiple services that send email on their behalf. Today I’m going to look at how to fix things, by shrinking bloated SPF records. This is mostly aimed at those services who send email on their […]

1 Comment

SPF: The rule of ten

Some mechanisms and modifiers (collectively, “terms”) cause DNS queries at the time of evaluation, and some do not. The following terms cause DNS queries: the “include”, “a”, “mx”, “ptr”, and “exists” mechanisms, and the “redirect” modifier. SPF implementations MUST limit the total number of those terms to 10 during SPF evaluation, to avoid unreasonable load […]

No Comments

Mutt: Mailbox power tool

“All mail clients suck. This one just sucks less.” Mutt is a commandline mail client that’s been in use and been actively developed for about two decades. It’s considered by many to be the most powerful mail client available, particularly for handling large volumes of email. It’s weaknesses include poor rich text handling and desktop […]

4 Comments

Following the SMTP rules

An old blog post from 2013, that’s still relevant today. “Blocked for Bot-like Behavior” An ESP asked about this error message from Hotmail and what to do about it. “Bot-like” behaviour usually means the sending server is doing something that bots also do. It’s not always that they’re spamming, often it’s a technical issue. But […]

2 Comments

Clickthrough forensics

When you click on a link in your mail, where does it go? Are you sure? HTTP Redirects In most bulk mail sent the links in the mail aren’t the same as the page the recipients browser ends up at when they click on it. Instead, the link in the mail goes to a “click […]

2 Comments

Archives