Two weeks ago I wrote about Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty. Yahoo used an emerging system called DMARC, which was intended to fight phishing of often forged domains like paypal.com. A domain owner can publish a DMARC "reject" policy which, oversimplifying a little, tells the world that if mail with their name on the 'From:' line didn't come from their servers, it's not from them so you should reject it. more
In 2010 the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the Internet industry as a whole lost a great friend and supporter, Mary Litynski. Her dedication, excellence, perseverance and tireless work behind the scenes of M3AAWG helped make the organization the success that it is today. Through this award, M3AAWG seeks to bring attention to the remarkable work that is done far from the public eye over a significant period of time... more
In the previous installments we looked at software changes in mail servers, and in the software that lets user mail programs pick up mail. What has to change in the user mail programs? ... The first and most obvious is that users have to be able to enter the addresses. more
In the previous instalment we looked at the software changes needed for mail servers to handle internationalized mail, generally abbreviated as EAI. When a message arrives, whether ASCII or EAI, mail servers generally drop it into a mailbox and let the user pick it up. The usual ways for mail programs to pick up mail are POP3 and IMAP4. more
The term Email Deliverability is used to describe how well a mail flow can reach its intended recipients. This has become a cornerstone concept when discussing quality metrics in the email industry and as such, it is important to understand how to measure it. Email Deliverability is considered to be affected by a mythical metric, the reputation of the sender, which is a measure of that sender behavior over time -- and the reactions of the recipients to his messages. more
In July, several people filed attempted class action suits against Google, on the peculiar theory that Gmail was spying on its own users' mail. One of the suits was in Federal court, the other two in California state court, but the complaints were nearly identical so we assume that they're coordinated.Now we have a similar suit filed in provincial court in British Columbia, Canada. more
US presidential candidate Mitt Romney will likely be reconsidering his email passwords after his online email account was reportedly hacked. A hacker claims to have accessed Romney's Hotmail and Dropbox accounts after guessing the answer to the Republican candidate's 'favourite pet' security question. It's suspected Romney used the same password for more than one account. more
Declan McCullagh reporting in CNET: "The FBI is asking Internet companies not to oppose a controversial proposal that would require the firms, including Microsoft, Facebook, Yahoo, and Google, to build in backdoors for government surveillance. In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities..." more
There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure? DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. more
As unusual as it may be for a lawyer to speak at a IETF meeting, Ian Walden gave a lecture on Data Protection Directives and updates thereof. He said they affect some 90 jurisdictions. A difference between email addresses and cookies - the latter are the main subject of the January 2012 update of the directives - is that after more than a decade of enforcement, specific browser extensions may allow users to browse what cookies they have, while no record states whom they conferred their email addresses to. more
Return Path published their most recent Global Deliverability report this morning. It shows that inbox placement of mail has decreased 6% in the second half of 2011. This decrease is the largest decrease Return Path has seen in their years of doing this report... Filters are getting more sophisticated. This means they're not relying on simply IP reputation for inbox delivery any longer. more
A lot of people are fascinated by the news story that Anonymous managed to listen to a conference call between the FBI and Scotland Yard. Some of the interest is due to marvel that two such sophisticated organizations could be had, some is due to schadenfreude, and some is probably despair: if the bad guys can get at these folks, is anyone safe? more
A consortium of companies including Google, Microsoft, Facebook and Paypal have announced that they were collaborating and coming up with a new protocol known as DMARC -- the Domain-based Message Authentication, Reporting and Conformance. What is DMARC? more
In a presentation EU Commissioner Viviane Reding gave a preview of the new Privacy regulation her DG is preparing. As she states, privacy rules need to be brought up to date and harmonized. With all 27 member states having the same rules and tools to enforce, a company only will deal with one privacy commissioner... So, what if we, for the sake of this blog, take this initiative towards spam and cyber crime. What would this do to spam enforcement? more
For email usage, abuse reporting requires cooperation between senders and receivers. That's why RFC 5965 specified a standard format for it. However, Wikipedia lists only 18 feedback providers today. It is often said that the number of legitimate mailbox providers in the world is rather small, possibly some hundreds of thousands, but certainly more than that. more
A World-Renowned Source for Internet Developments. Serving Since 2002.