Internet pioneer, Ray Tomlinson has passed away. He died at his home yesterday morning from a suspected heart attack at the age of 74. While best known as the creator of the email messaging system, Tomlinson made tremendous contributions to the field of computing science, evolution of the Internet, and ultimately how the world communicates today. more
Last month I attended the 36th annual M3AAWG conference in San Francisco, where esteemed members of the online messaging and anti-abuse community come together to make the Internet a safer and more secure environment. The sending community is highly influential especially among Email Service Providers (ESPs) and truly dominated the two-macro conversations that I participated in. These conversations have the industry in somewhat of a transition. more
The IGF this morning published a number of reports, including the aforementioned one, at the URL provided, titled 'IGF 2015 Best Practice Forum Regulation and mitigation of unsolicited communications.' The reports can be found in the included URLs on the IGF Website. more
Google in partnership with the University of Michigan and the University of Illinois, has published the results of a multi-year study that measured how email security has evolved since 2013. Although Gmail was the foundation of the research, insights from the study are believed to be applicable to email more broadly. more
DMARC is an anti-phishing technique that AOL and Yahoo repurposed last year to help them deal with the consequences of spam to (and apparently from) addresses in stolen address books. Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes, this had the unfortunate side effect of screwing up nearly every discussion list on the planet. Last week the DMARC group published a proposal called ARC, for Authenticated Received Chain, that is intended to mitigate the damage. What is it, and how likely is it to work? more
Every year M3AAWG gives an award for lifetime work in fighting abuse and making the Internet a better place. Yesterday at its Dublin meeting they awarded it to Rodney Joffe, who has been quietly working for over 20 years. I can't imagine anyone who deserves it more. more
Facebook just announced support for PGP, an encrypted email standard, for email from them to you. It's an interesting move on many levels, albeit one that raises some interesting questions. The answers, and Facebook's possible follow-on moves, are even more interesting. The first question, of course, is why Facebook has done this. It will only appeal to a very small minority of users. Using encrypted email is not easy. more
I am excited to announce the recent release of the industry first Best Common Practices document for Cloud and Hosting providers for addressing abuse issues that was created by M3AAWG and the i2Coalition. M3AAWG has been collaborating with the Best Practices Working Group of the i2Coalition over the past 2 years to discuss ways to solve malicious activity within hosting and cloud ecosystems. more
You might expect that the IT department or security team knows who's sending email using your company's domains. But for a variety of reasons these groups are often unaware of many legitimate senders -- not to mention all the bad actors. Fortunately you can get a more complete view by using DMARC's reporting features. How does it happen? Product teams managing a new product launch or customer survey hire marketing consultants and Email Service Providers (ESP)... more
During the M3AAWG meeting in Brussels earlier this year, Dave Crocker and John Levine were asked to step into an impromptu video studio and talk about how email has changed over the past several decades and whether we are any closer to resolving the spam problem. more
The history of long distance communication is a fascinating, and huge, subject. I'm going to focus just on the history of network email -- otherwise I'm going to get distracted by AUTODIN and semaphore and facsimile and all sorts of other telegraphy. Electronic messaging between users on the same timesharing computer was developed fairly soon after time-sharing computer systems were available, beginning around 1965 -- including both instant messaging and mail. more
Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them. more
If your first language isn't English and you don't use the Latin character set you can and will run into barriers. While Internationalized Domain Names (IDNs) i.e. domain names where either the left of the dot, the right of the dot or the entire string is in characters other than Latin ones, do exist and have existed for a number of years not all services work well with them. more
DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has 'From:' addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's own mail systems. If the mail is phish or spam, that's good, but when it's mailing lists or a newspaper's mail-an-article, it's no so good. more
Universal acceptance of top level domains hasn't really meant much to most Internet users up until now. As long as .COM was basically the default TLD, there wasn't much of an issue. No longer. With 263 delegated strings (according to ICANN's May 12, 2014 statistics) adding to the existing 22 gTLDs that were already live on the net after the 2004 round of Internet namespace expansion, the problem of universal acceptance gets very real. more
A World-Renowned Source for Internet Developments. Serving Since 2002.