Email

Email / Featured Blogs

End-to-End Email Encryption - This Time For Sure?

Mar 17, 2015

Phil Zimmerman's Pretty Good Privacy (PGP) and its offspring have been encrypting and decrypting email for almost 25 years -- but require enough knowledge and determination to use them that adoption has never taken off outside the technoscenti. Now initiatives from several quarters aim to fix that -- but will it all "just work," and will end users adopt it even if it does?

Who Is Sending Email As Your Company?

Jan 16, 2015

You might expect that the IT department or security team knows who's sending email using your company's domains. But for a variety of reasons these groups are often unaware of many legitimate senders -- not to mention all the bad actors. Fortunately you can get a more complete view by using DMARC's reporting features. How does it happen? Product teams managing a new product launch or customer survey hire marketing consultants and Email Service Providers (ESP)...

When DNSBLs Go Bad

Jan 14, 2015

I have often remarked that any fool can run a DNS-Based Blacklist (DNSBL) and many fools do so. Since approximately nobody uses the incompetently run black lists, they don't matter. Unfortunately, using a DNSBL requires equally little expertise, which becomes a problem when an operator wants to shut down a list. When someone sets up a mail server (which we'll call an MTA for Mail Transfer Agent), one of the tasks is to configure the anti-spam features, which invariably involves using DNSBLs.

Email Vendors: Time to Build in DMARC

Dec 17, 2014

DMARC is extremely useful, yet I've heard some vendors are putting their implementations on hold because of the IETF DMARC working group. You really shouldn't wait though -- it's been in wide use for nearly three years, enterprises are looking at DMARC for B2B traffic, and the working group charter is limited in it's scope for changes. Let's compare this to a similar situation in the past.

The EFF and Hanlon’s Razor

Nov 13, 2014

The EFF has just posted a shallower than usual deeplink alleging an "email encryption downgrade attack" by ISPs intent on eavesdropping on their customers. They, along with VPN provider Golden Frog, have additionally complained to the FCC reporting this. Here, they've just noticed something that's common across several hotel / airport wifi networks...

A Look at the Origins of Network Email

Sep 03, 2014

The history of long distance communication is a fascinating, and huge, subject. I'm going to focus just on the history of network email -- otherwise I'm going to get distracted by AUTODIN and semaphore and facsimile and all sorts of other telegraphy. Electronic messaging between users on the same timesharing computer was developed fairly soon after time-sharing computer systems were available, beginning around 1965 -- including both instant messaging and mail.

Call for Nominations: M3AAWG J. D. Falk Award Seeks Stewards of a Better Online World

Aug 06, 2014

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them.

Gmail Now Supports Internationalized Domain Names

Aug 05, 2014

If your first language isn't English and you don't use the Latin character set you can and will run into barriers. While Internationalized Domain Names (IDNs) i.e. domain names where either the left of the dot, the right of the dot or the entire string is in characters other than Latin ones, do exist and have existed for a number of years not all services work well with them.

Dealing With DMARC

Jun 04, 2014

DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has 'From:' addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's own mail systems. If the mail is phish or spam, that's good, but when it's mailing lists or a newspaper's mail-an-article, it's no so good.

Universal Acceptance of All TLDs Now!

May 19, 2014

Universal acceptance of top level domains hasn't really meant much to most Internet users up until now. As long as .COM was basically the default TLD, there wasn't much of an issue. No longer. With 263 delegated strings (according to ICANN's May 12, 2014 statistics) adding to the existing 22 gTLDs that were already live on the net after the 2004 round of Internet namespace expansion, the problem of universal acceptance gets very real.

Industry Updates

Probing an Active Digital Trail of Iranian Hackers

Given a Malicious Email Address, What Can You Discover with Maltego’s WhoisXML API Transforms?

Come April, Nothing Is Certain Except Phishing and Taxes

Business Email Compromise Attacks: The Big Phishing Scam That’s Easily Missed

  • By CSC
  • Nov 20, 2020

MarkMonitor Releases New gTLD Quarterly Report for Q3 2020

Addressing Business Email Compromise in the Time of Coronavirus with Email Validation

Using Email Validation Tools to Stop Malspam Campaigns in Their Tracks

Fight Against Phishing: Email Address Verification as a Cybersecurity Process

The Need for Email Address Verification in Light of Subpoena-Themed Phishing Attacks

Common Threats That Can Be Overcome by Email Verification

Why Suspicious Email Addresses Must be Verified

5 Reasons Why Businesses Must Do Email Verification

IP Geolocation: How to Locate and Stop Phishing Threats

How the Best IP Geolocation API Can Support Cybersecurity Efforts

Port25 Announces Release of PowerMTA V4.5r5

View More