It seems while the experts are meeting to figure out how to stop spam, the spammers are exploiting new ways to spam. This morning my mailbox had over 100 messages with either the subject “market report” or “eviction notice.” What headers I checked showed this was from a botnet, sent to dozens of addresses at my domains.
Target breach started from email
According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems. Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. I’m not...
Is it real or is it spam?
The wanted but unexpected email is one of the major challenges facing ISPs and filter developers. If there was never any need or desire for people to receive email from someone they don’t know, then mail clients could be locked down to only accept mail from addresses on a whitelist. It wouldn’t completely solve the spam problem, for a number of reasons, but it would lessen the...
Flush your DNS cache (again)
This time it appears that DNS for major websites, including the NY Times, has been compromised. Attackers put in DNS entries that redirected visitors to a malware site. The compromise has been fixed and the fake DNS entries corrected. However, people may still have the old data in their DNS caches and security experts are suggesting everyone flush their DNS cache to make sure the fake data is...
Address leak leads to phishing
A number of people in the industry are reporting getting phishing emails to addresses they used at DocuSign. There were initial reports of a DocuSign data breach back in December. Now it appears DocuSign is being used as a phishing target. At 8:40AM PST this morning, 1/24/2013, DocuSign became aware of new malware spam emails that are being sent as if it was coming from the DocuSign service. An...
Return Path partners with Symantec
Today Return Path announced a partnership with Symantec to improve their anti-phishing product. Return Path is incorporating the Symantec Trusted Domain List into their authentication and filtering product to help customers protect their brands. Press Release Phishing scams affect everyone, and having a brand that is used in phishing can reduce consumer trust in that brand. Protecting brands in...
AOL bounces and false positives
A number of people have been seeing an increase in AOL bounces over the last few days. Some of these are the new rejection 554/421 CON:B1 message. This is, basically, you’ve topped our thresholds, back off. The other one is a bit more interesting. The error message a lot of people are seeing is 554/421 RLY:SN. Senders should only be getting this error message when they are sending email...
Phishing and trust
Tom Sather has a great post up on the RP Email marketing blog discussing phishing. His point is that phishing lowers the overall trust in email marketing. He lists a number of things marketers should consider doing to counteract that loss of trust. I rely heavily on the use of tagged addresses to deal with phishing in my own mailbox. If an email doesn’t come to the right address, then...
I know your customers' passwords
Go to your ESP customer login page and use “View Source” to look at the HTML (under “Page” on Internet Explorer, “Tools->Web Developer” on Firefox, and “View” on Safari). Go on, I’ll wait. Search for the word autocomplete. If it says something like autocomplete=”off” then your web developers have already thought about this...
Are you ready for the next attack?
ESPs are under attack and being tested. But I’m not sure much progress in handling and responding to the attacks has been made since the Return Path warning or the Epsilon compromise. Last week a number of email marketers became aware that attacks against ESPs and senders were ongoing. The shock and surprise many people exhibited prompted my Spear Phishing post on Friday. The first round of...