Tagphishing

Alt-text and phishing warnings

For a long time one of the “best practices” for links in html content has been to avoid having anything that looks like a URL or hostname in the visible content of the link, as ISP phishing filters are very, very suspicious of links that seem to mislead recipients about where the link goes to. They’re a very common pattern in phishing emails. /* This is bad: */ <a href="">>...

ESP being phished is a Black Friday cataclysm

There is currently a phishing attack against a major ESP. The mail came through what I presume was a compromised account hosted at one of the providers. It’s just as possible this was a domain set up for the sole purpose of phishing, though. The underlying attack is pretty good. They took the ESP compliance notification email and changed a couple of the links to point to their phishing page...

DMARC doesn’t fix phishing

Over the last few weeks I’ve had a lot of discussions with folks about DMARC and the very slow adoption. A big upsurge and multiple Facebook discussions were triggered by the ZDNet article DMARCs abysmal adoption explains why email spoofing is still a thing. There are a lot of reasons DMARC’s adoption has been slow, and I’m working on a more comprehensive discussion. But one of...

Google Suspicious Link Warnings

A number of folks in the sender space are reporting intermittent “This link may be suspicious” warnings on their emails. I first heard about it a few weeks ago from some clients. One wasn’t sure what was going on, the other found a bunch of malware uploaded into their customer accounts. At least 3 people have mentioned it today. One of them asked on Mailop, and the couple Google...

Phishing and authentication

This morning I got a rather suspicious message from a colleague on LinkedIn. I asked around and it seems other folks got the same message and were equally confused. I didn’t click the link because that seemed risky. A few hours later one of the folks I had talked to mentioned that the person’s entire profile was gone. Likewise, the above message disappeared from my messages tab...

What’s a suspicious domain?

The question came up on slack and I started bullet pointing what would make a domain suspicious. Seemed like a reasonable blog post. In no particular order, some features that make a domain suspicious to spam filters. Domain is used in… … mail users complain about … mail users delete without reading … mail sent in bulk through the ISP (example: Censorship, Email and...

Thinking about filters

Much of the current deliverability advice focuses on a few key ideas: Authenticate your mail with SPF, DKIM and DMARC Use a dedicated IP. Monitor delivery. Clean your data. All of these things are absolutely things you should be doing, but senders can do all these things and still have cruddy delivery. These things are great and can help your mail deliver better. But they’re not enough to...

Company responsibility and compliance

I blogged a few times recently about Zoho and their issues with malicious actors abusing their platform. They asked me to post the following statement from their CEO Sridhar Vembu. Unfortunately phishing has become one of the bad side-effects of Zoho’s rapid growth over the last couple of years, especially the growth of our mail service. Since Zoho Mail offers the most generous free...

2018 JD Falk Award … a mailing list

It’s M3AAWG time. Even though we’re not there, I’m getting regular updates from friends and colleagues who are there. Yesterday, was the presentation of the 2018 JD Falk award. The award recognises “a particularly meritorious project undertaken by a dedicated individual or group reflecting the spirit of volunteerism and community building.” In this case, the award...

Complaints, contacts and consequences

Yesterday the CRM system Zoho suffered an unexpected outage when their registrar, TierraNet suspended their domain. According to TechCrunch, Zoho’s CEO says there was no notification to the company and that the company had only 3 complaints about phishing. Based on the article, even as a Zoho customer, I am fully on the registrar’s side here. Every company, absolutely every company...

Recent Posts

Archives

Follow Us