A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. more
Recently, a couple of anti-spam (or at least email security related) bloggers have written some articles about IPv6 and the challenges that the email industry faces regarding it. John Levine, who has written numerous RFCs and a couple of books about spam fighting, writes the following in his article "A Politically Incorrect Guide to IPv6, part III". more
Josh Baer, former VP of Datran Media and current CEO of OtherInBox has been floating an idea at the DMA's Email Experience Council and a few other places, and recently got some traction in Ken Magill's Magill Report. What Josh is proposing is to create the technical means by which a Sender can decide when email 'expires' and is automatically removed from a recipient's inbox, either by deletion, or perhaps archiving (in the case of Gmail). This would supposedly help the end-user, by removing marketing offers that are no longer available. Why this idea shouldn't happen... more
The Anti-Spam Research Group (ASRG) published a draft for an Overview of Email DNSBL Best Practices. We can take a step back and review paragraph 2.2.5 (Conflict of Interest)... Some DNSBLs used for blocking/negative reputation have had a practice of requiring fees or donations to charities from the listee for delisting. It is generally considered entirely appropriate for a DNSBL to charge for access to it by its users -- the definition of a commercial DNSBL. more
It's easy to look at Amazon SES and sigh. Thousands of low-end customers sending mail from a shared IP pool? Amazon already knows that trick never works! Just one spammer will ruin the reputation of those IP addresses, resulting in ongoing delivery problems for everyone who uses the service. It is possible that Amazon can build the systems and human processes to keep spammers out; certainly sounds like they want to. more
Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
Internationalized domain names (IDNs) have been available to Internet users for many years, but this year the first fully non-Latin IDN domains have become enabled by ICANN and country-code top-level domain registries. The recent success of the launch of Russia's .?? (.rf) ccTLD shows that there is an enormous demand for domain names in Internet users' native languages. more
It's been a long time coming, but Canada has an anti-spam law, and one, which sets a new world standard, and a tough, but fair, opt-in protocol for everyone in North America who sends commercial email and other electronic messages. Yesterday, The Canadian Senate voted to accept Bill C-28, and today, December 15, at 13:00 eastern, it will be given Royal Asset of the Governor General of Canada, His Excellency the Right Honourable David Johnston. more
Remember when Gmail launched in 2004, and everyone said it was going to kill Hotmail, Yahoo!, and AOL? Six years later, and this chart shows pretty clearly that while gmail has grown, only AOL's pageviews have fallen. The rest have held fairly steady. So what's everyone freaking out about? more
Chad White wrote an article for MediaPost about best practices which parallels a lot of thinking I've been doing about how the email marketing industry treats best practices. After several conversations recently about "best practices," I'm convinced that the term is now meaningless. It's been bastardized in the same way that the definition of "spam" has shifted to the point that it has very different meanings to different groups of people. more
Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia. His daughter was recently released, according to Joseph Menn's recent article on Boing Boin, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations. The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity. more
For several months I have been working with the Spamhaus project on a whitelist, which we announced to the public this week. While this is hardly the first mail whitelist, our goals are somewhat different from other whitelists. Think of e-mail as ranging from inky black to pearly white... more
When a user of a large mail system such as AOL, Yahoo, or Hotmail reports a message as junk or spam, one of the things the system does is to look at the source of the message and see if the source is one that has a feedback loop (FBL) agreement with the mail system. If so, it sends a copy of the message back to the source, so they can take appropriate action, for some version of appropriate. For several years, ARF, Abuse Reporting Format, has been the de-facto standard form that large mail systems use to exchange FBL reports about user mail complaints. more
Just when you thought making phone calls couldn't get any cheaper, along comes last week's news from Google about their latest iteration of Google Voice. There have been several steps along the way for Google to get to this point, and there are a host of reasons why this news is of interest to service providers of all stripes. I often write about how certain technologies and disruptive forces change the business of being a service provider, and this is but the latest example. more
In a relatively short time, the phrase "in the cloud" has become a term of art when talking about the internet. A quick Google search shows nearly a million uses of the phrase in the past month, a 3x increase from the same period in 2009. But, what does it actually mean to have your web site, your software, your data, or anything else "in the cloud?" "In the cloud" is derived from "cloud computing," which in turn is just a new term for distributed computing, where data-crunching tasks are spread across a variety of different physical processing units. This was common in mainframes in the 1960s, and later the idea of distributing processing across cheap PCs running Linux became popular in the 1990s. more
A World-Renowned Source for Internet Developments. Serving Since 2002.