BLOG

Tag: phishing

Company responsibility and compliance

I blogged a few times recently about Zoho and their issues with malicious actors abusing their platform. They asked me to post the following statement from their CEO Sridhar Vembu. Unfortunately phishing has become one of the bad side-effects of Zoho’s rapid growth over the last couple of years, especially the growth of our mail service. […]

No Comments

2018 JD Falk Award … a mailing list

It’s M3AAWG time. Even though we’re not there, I’m getting regular updates from friends and colleagues who are there. Yesterday, was the presentation of the 2018 JD Falk award. The award recognises “a particularly meritorious project undertaken by a dedicated individual or group reflecting the spirit of volunteerism and community building.” In this case, the award […]

No Comments

Complaints, contacts and consequences

Yesterday the CRM system Zoho suffered an unexpected outage when their registrar, TierraNet suspended their domain. According to TechCrunch, Zoho’s CEO says there was no notification to the company and that the company had only 3 complaints about phishing. Based on the article, even as a Zoho customer, I am fully on the registrar’s side here. Every […]

3 Comments

What is spearphishing?

As I’m writing this, I’m watching Deputy Atty General Rod Rosenstein discuss the indictments of 12 Russian military officers for hacking activities during the 2016 election cycle. One of the methods used to gain access to systems was spearphishing. I think most of us know what phishing is, sending lots of emails to a wide […]

No Comments

GDPR and Whois data

For folks who aren’t following the discussion about whois records and GDPR compliance there’s a decent summary at vice.com: What Is Going to Happen With Whois? The problem, briefly stated, is that ICANN has agreements with the thousands of domain registrars around the globe like GoDaddy or HostGator which oblige the companies to post WHOIS […]

1 Comment

Way to go Equifax

Earlier this month I wrote about how we can’t trust Equifax with our personal data. I’m not sure we can trust them with a cotton ball. Today, we discover Equifax has been sending consumers worried about their personal information leaking to the wrong site. [O]n multiple occasions over the span of weeks, the company’s official […]

No Comments

August 2017: The month in email

Hello! Hope all are keeping safe through Harvey, Irma, Katia and the aftermath. I know many people that have been affected and are currently out of their homes. I am proud to see so many of my fellow deliverability folks are helping our displaced colleagues with resources, places to stay and money to replace damaged property. Here’s a […]

No Comments

Email pranks and spoofing

Earlier today a twitter user calling himself Email Prankster released copies of email conversations with various members of the current US administration. Based on his twitter feed, and articles from BBC News and CNN, it appears that the prankster forged “friendly from” names in emails to staffers. A bunch of folks will jump on this bandwagon and start […]

4 Comments

People are the weakest link

All of the technical security in the world won’t fix the biggest security problem: people. Let’s face it, we are the weakest link. Adding more security doesn’t work, it only causes people to figure out ways to get around the security. The more secure you make something, the less secure it becomes. Why? Because when […]

No Comments

DMARC doesn't fix Phishing

Not a new thing, but a nice example just popped up in my inbox on my phone.   But FedEx solved their entire phishing problem when they published a strict p=reject DMARC record, right? This didn’t come from fedex.com. It came from another domain that looks vaguely like fedex.com – what that domain is doesn’t matter, as the […]

1 Comment