Email

Email / Featured Blogs

9 Thoughts on Stepping Up Spam and Malware Enforcement

In a tweet, EU commissioner for the Information Society Neelie Kroes congratulates OPTA on the spam fine for the golf ball printing company Backsound. Since 2004 the Dutch OPTA is the number one spam and malware fighter of the EU with a total of €1.9 million in fines. It made me ask two question to myself: How come that we seldom hear of other spam fines in the EU? And can the EU change this in any way?

Facts & Tips for Consumers About the Epsilon Breach

There has been a lot of talk, blogging, tweeting and press reportage about the Epsilon breach, but little in the way of concrete information to consumers as to where they stand, if their personal information (PII) such as their name and email address has been lost to criminals. The CAUCE Board of Directors have developed the following FAQ that provides facts and guidance for those affected by the breach.

Real. Or. Phish?

After Epsilon lost a bunch of customer lists, I've been keeping an eye open to see if any of the vendors I work with had any of my email addresses stolen -- not least because it'll be interesting to see where this data ends up. Recently I got mail from Marriott, telling me that "unauthorized third party gained access to a number of Epsilon's accounts including Marriott's email list."...

The Epsilon Phishing Model

Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples."

ESP Compromises and Their Lack of Security

Over at Word to the Wise, Laura Atkins has a post up where she talks about the real problem with ESPs and their lack of internal security procedures which resulted in the breach of many thousands of email addresses (especially Epsilon). However, Atkins isn't only criticizing ESP's lack of security but also the industry's response wherein they have suggested countermeasures that are irrelevant to the problem.

Why the Fukushima Analogy Was Apt

A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why.

Epsilon Interactive Breach the Fukushima of the Email Industry

A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen.

Digging Through the Problem of IPv6 and Email - Part 3

One idea to make the problem of mail more manageable is to restrict the address space that is allowed to send mail. In an ideal world, we'd restrict where mail mail servers could send mail from. So, if we say that the number of individual mail servers in the world will probably never exceed 32 million (not unreasonable), or 2^25, then what if the 25 least significant bits were reserved for mail servers?

Digging Through the Problem of IPv6 and Email - Part 2

We have seen that spammers already possess the ability to hop around IP addresses quickly. They do this because once an IP gets blocked, it is no longer useful to them. There are only so many places they can hide, though - 4.2 billion places they can hide. However, in IPv6, if they are able to do the same pattern of sending out mail and hopping around IP addresses the same way they do in IPv4, then there is virtually unlimited space they can hide in.

Digging Through the Problem of IPv6 and Email - Part 1

Recently, a couple of anti-spam (or at least email security related) bloggers have written some articles about IPv6 and the challenges that the email industry faces regarding it. John Levine, who has written numerous RFCs and a couple of books about spam fighting, writes the following in his article "A Politically Incorrect Guide to IPv6, part III".