Tagphishing

New blocklisting process

There is a new type of blocking designed to interrupt the ability of users to click and visit phishing sites. DNS Response Policy Zones allows companies running recursive resolvers to create a zone that will not resolve specific domains. This is a second layer of filtering, if a spammer manages to get an email with a malicious link into the inbox then the ISP can still protect the user from...

Epsilon: Calm and Cool Tempered

Stefano over at emailmarketingblog.it translated our blog post about Epsilon into Italian: Epsilon e la sicurezza dei dati sensibili: calma e sangue freddo.

Epsilon – Keep Calm and Carry On

There’s been a lot of media coverage and online discussion about the Epsilon data breach, and how it should be a big wake-up call to email recipients to change their behavior. There’s also been a lot of panic and finger-pointing within the email industry about What Must Be Done In The Future. Most of the “you must do X in response to the data loss” suggestions are coming...

Real. Or. Phish?

After Epsilon lost a bunch of customer lists last week, I’ve been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen – not least because it’ll be interesting to see where this data ends up. Yesterday I got mail from Marriott, telling me that “unauthorized third party gained access to a number of Epsilon’s accounts...

Time for a real security response

I’ve seen a number of people and blogs address the recent breaches at some large ESPs make recommendations on how to fix things. Most of them are so far from right they’re not even wrong. One group is pointing at consumers and insisting consumers be taught to secure their machines. But consumers weren’t compromised here. Another group is pointing to senders and insisting senders...

Targeted attacks via email – phishing for WoW gold

You’re going to be seeing a lot of discussion about email addresses stolen from ESPs in the next few days, if you haven’t already. There are a lot of interesting things to discuss about that from an email perspective – from “Why two factor authentication isn’t a magic bullet.” to “And this is why corporate spam folders can be a major security risk.”...

Authentication and phishing

Yahoo announced today that they are releasing the Yahoo! Mail Anti-Phishing Platform (YMAP) that will help protect their users from phishing. They have a similar project in place for eBay and PayPal mail, but this will extend to a broader range of companies. [W]e’re beefing up Yahoo! Mail’s SpamGuard by adding more security measures that make it much harder for phishers to get to your mailbox...

Phishing protection

Last week Return Path announced a new service: Domain Assurance. This service allows companies who send only authenticated email to protect their brand from phishing attacks. Participating ISPs will reject unauthenticated email from domains participating in this program. Once the sender has ensured that all their email is being authenticated, they can add their domains and sub-domains to the...

Email attacks

Ken has an article up today about the ongoing attacks against ESPs and email marketers. In it he says: Someone in permission-based email marketing should have sounded the alarm about the wedding-photo attacks months before Blumberg did. The attacks were being talked about on at least 2 different private lists. One made up primarily of email marketers and most of them didn’t seem to take it...

Domain Assurance by Return Path

As often happens during MAAWG, email companies are announcing new products. One of the interesting ones is the new Domain Assurance product from Return Path. Domain Assurance […] first audit[s] a company’s email streams to be sure authentication has been properly implemented. Then, the company’s domains are added to a registry. Participating ISPs can check the registry and block...

Recent Posts

Archives

Follow Us