Tag: phishing

Anatomy of a successful phishing attempt

Earlier this year the Exploratorium was the victim of a phishing attack. They’ve posted an article on what happened and how they discovered and dealt with the issue. But they didn’t just report on the attack, they dissected it. And, as is appropriate for a organization with a mission of education, they mapped out what they […]

No Comments

Are you (accidentally) supporting phishing

One of the themes in some of my recent talks has been how some marketers teach their customers to become victims of phishing. Typically I’m talking about how companies register domains “just for email” and then use those for bulk messages. If customers get used to mail from and they’re going to believe […]

1 Comment

November 2015: The month in email

As we head into the last month of the year, we look back at our November adventures. I spoke twice this month, first at Message Systems Insight in Monterey (my wrap-up post is here) and then with Ken Magill at the  at the 2015 All About eMail Virtual Conference & Expo (a short follow-up here, […]

No Comments

DOD breaks links in .mil clients

The Department of Defense is breaking HTML links in mail to .mil domains. This is part of the DoD’s attempt to curtail phishing. a great majority of intrusions into Pentagon networks are the result of the kind of human error that is exploited in phishing attacks, in which seemingly trustworthy e-mail links are used as attack […]


ESP attacks, again. Be wary.

There seems to be an uptick in phishing attacks that have an impact on ESPs recently. Your CEO The most critical one is targeted spear-phishing attacks that claim to be internal documents sent by senior staff within the company, e.g. from the company CEO. It’s likely that the attached documents will compromise and backdoor your […]

No Comments

Compromises and phishing and email

Earlier this month, Sendgrid reported that a customer account was compromised and used for phishing. At the time Sendgrid thought that it was only a single compromise. However, they did undertake a full investigation to make sure that their systems were secure. Today they released more information about the compromise. It wasn’t simply a customer […]

No Comments

We’re all targets

Last week, another email provider announced their systems had a security incident. Mandrill’s internal security team detected unusual activity and took the servers offline to investigate. While there’s no sign any data was compromised or servers infiltrated, Mandrill sent an email to their customers explaining the incident was due to a firewall rule change. Email […]

1 Comment

Aetna, phishing and security

We’ve just gotten home from M3AAWG and I’m catching up with a lot of the administrative stuff that’s gotten ignored while we were soaking up the tons of information from some of the smartest Internet security folks around. One of the tasks I’m working on is checking on our recent bills from our health insurance […]

No Comments

Disposable addresses

Both Steve and I have blogged about how we use tagged addresses to monitor and manage our incoming mail. This is not something unique to our system, but rather a feature that’s existed in many mail systems for a long time. Many unix systems support tagged addresses out of the box, but there are also […]


Massive new phishing run

It seems while the experts are meeting to figure out how to stop spam, the spammers are exploiting new ways to spam. This morning my mailbox had over 100 messages with either the subject “market report” or “eviction notice.” What headers I checked showed this was from a botnet, sent to dozens of addresses at […]

No Comments
  • Vague reports of Yahoo problems

    A number of people, on different forums, have been asking if anyone is seeing a higher bounce rate than usual with Yahoo. Not sure exactly what's going on here. As I understand it, folks are talking with Yahoo about it. If I hear anything more, I'll share. For now, though, if you're seeing a small increase in Yahoo bounces (or other weirdnesses) others are seeing something odd, too.No Comments

  • Responsive design just got easier at Gmail

    Today Gmail announced they are supporting media queries in Gmail and Google Inbox. This should simplify the creation of emails for multiple platforms. The full list of supported rules can be found on the Google Developer Site.No Comments

  • Brief blogging break

    Sorry about the unexpected hiatus. I picked up a cold that really made me feel fuzzy and writing was an exercise in futility. I'll be back Monday. Meanwhile, Oracle bought another ESP (Bronto) when they bought NetSuite.  No Comments