Network operators rely on guidance from IP address experts because not all IP addresses used on the Internet are the same. The "reputation" of email senders is especially important because some are malicious users of the system. But identifying "senders" based on their email addresses or the individual IP address of a user presents issues that are unnecessarily complex. more
It is with great sadness that we announce the passing of Jesse David (J.D.) Falk, a highly regarded and long time contributor to CircleID. more
One of my pet peeves is the headline "n %" of email is spam, it is inherently misleading, and conveys no useful data. I guess it makes for great newspaper headlines then! On our servers looking at one email address for 4 hours, we saw 208 attempted connections for SMTP traffic referring to this email address. ...One can't measure spam in relation to the amount of genuine email, because the amount of genuine email is not connected to the amount of spam... more
Yesterday Goodmail sent out mail to all their customers announcing they are ceasing operations and taking all their token generators offline as of 5pm pacific on February 8th. While this is a bit of a surprise on one level, I'm not that shocked. Ken Magill mentioned in August that Goodmail was on the sales block and rumors have been circulating for weeks about significant changes coming to Goodmail. ... Despite the free service, people at some of those ESPs told me they were having difficulty getting customers to adopt Goodmail. more
This month I thought I could feel smug, deploying Postfix, with greylisting (Postgrey), and the Spamhaus block list (SBL-XBL) has reduced the volume of unsolicited bulk commercial email one of our servers was delivering to our clients by 98.99%. Alas greylisting is a flawed remedy, it merely requires the spambots to act more like email servers and it will fail, and eventually they will... more
Hi! My name is spamfighter. I investigate spam and phish in a post-GDPR dystopia. Recently, I invented Fire, to save you millions of €uros. One day, my Boss suggested I automate some of my processes. I, for one, welcome our Robot Overlords (and a happy boss), but I can be exacting about the tools I use. Perhaps not to the degree of the infamous Van Halen 'no brown M&M's' contractual clause but I have no patience for poorly-designed software, and truly dislike typing when... more
The new year is upon us and it's time for our annual look at CircleID's most popular posts of the past year and highlighting those that received the most attention. Congratulations to all the 2016 participants and best wishes to all in the new year. more
Has your organization recently received an email claiming to be from NABP's Internet Drug Outlet Identification Program (IDOI)? If so, it is possible that someone is trying to trick you. The NABP IDOI team's email account has recently been illegally "spoofed" by unaffiliated persons or organizations. Email spoofing involves the forgery of an email header so that the email appears to have originated from someone other than the actual source. more
With the closure of IETF's MARID group a month ago, many of us have left Microsoft's Sender-ID standard for the dead. After being rejected by the Apache Foundation and the Debian Project over licensing issues, and causing the closure of MARID for some of the same issues (in addition to already long running technical ones), some thought that Microsoft may have just buried it and gone on to better things like IETF's new MAILSIG group (in formation). But just like the ghost of Hamlet's father it just refuses to die and now it looks like it is coming back to life in a new reincarnation... more
Cindy's piece on the EFF website seems to be a bit of a pastiche, with elements taken out of various articles (some outright wrong, some merely misinformed) that have been doing the rounds of the media for quite a while now about Goodmail. She started off comparing AOL and Goodmail with the old email hoax about congress taxing email. That same line was used in a CircleID post by Matt Blumberg, CEO & Chairman of Returnpath... Various other quotes from different places - Richard Cox from Spamhaus on CNN for example. However a lot of the quotes in those articles are being based on wrong or out of context assumptions, starting with one that goes "AOL is going to remove all its existing whitelists and force people to use Goodmail". more
Apparently, at this stage, it is only a proposed ruling. But I am no lawyer. This story has been discussed before, when Spamhaus, which is located in the UK, was sued in the US by a spammer. They refused to come before the court as "they do no business in Illinois, and are located in the UK...After this court ruling, Spamhaus.org was under a DDoS attack, in my opinion for the purpose of preventing users from reaching the information it provided about the court ruling. This was done along-side a Joe Job, sending fake email appearing to come from Spamhaus's CEO... more
Internationalized domain names (IDNs) have been available to Internet users for many years, but this year the first fully non-Latin IDN domains have become enabled by ICANN and country-code top-level domain registries. The recent success of the launch of Russia's .?? (.rf) ccTLD shows that there is an enormous demand for domain names in Internet users' native languages. more
When I was employed, I ran my own mail server and my own BlackBerry Enterprise Server, and I had things tuned pretty much exactly as I wanted them. My incoming mail got some custom processing that looked the sender's address up in my address book and assigned the message a category... I was a very happy email user. Now that I'm on my own, I've decided not to run my own server and all that software, and I've switched to Gmail and the T-Mobile BlackBerry server... Surprisingly, though, I'm mostly still happy... more
The North American Network Operators Group (NANOG) conference, a gathering of Internet Service Provider (ISP) engineers and vendors convenes three times a year for mostly technical conversation along with social networking. The recent NANOG conference in Reston Virginia saw some unusually direct talk about Spam and the ISPs that tolerate it from America Online's Postmaster, Charles Stiles. more
Without commenting on the particulars as they relate to Goodmail -- especially since I am on the advisory board for Habeas, a competitor -- let me note that public discussion is largely missing the nature of the current Internet mail realities and the nature of the ways we can deal with them. There are two articles in the current issue of the Internet Protocol Journal, of which I wrote one, that provide some useful background about this reality. Simply put, Internet mail needs to sustain spontaneous communications... more