Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Ever since I heard of the new generic Top-Level Domains (gTLDs), I wondered whether they would be prone to abuse. For example, Microsoft might want to register www.microsoft.microsoft, or Sony might want to register www.sony. But isn't this opening up the floodgates for spammers to register their own domains and squat on them? Why couldn't a spammer register www.cit.ibank? They could then send phishing messages and fool people into clicking very legitimate looking domains. But I don't think this will be a problem. more
Last week the DMA announced with considerable fanfare that their members should all use e-mail authentication. DMA members send a lot of bulk e-mail, but not much that would be considered spam by any normal metric. (Altria's Gevalia Kaffee is one of the few exceptions.) Their main problem is their legitimate bulk mail, sent in large quantities from fixed sources, getting caught by ISPs spam filters. That happens to be one problem for which path authentication schemes like SPF and Sender ID are useful, since they make it easier to add known fixed source mailers to a recipient ISP's whitelist, and that's just what AOL and probably other big ISPs use it for. While the DMA may be implying that this is a virtuous move, in reality it's something that their members are doing anyway for straightforward business purposes. more
Mainsleaze is nerdy slang for spam sent by large, well-known, otherwise reputable organizations. Although the volume of mainsleaze is dwarfed by the volume of spam for fake drugs, account phishes, and Nigerian 419 fraud, it causes work for mail managers far out of proportion to its volume... The problem with mainsleaze is that it is generally mixed in with mail that the recipients asked for, and there's no way to tell the difference mechanically. more
If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more
In 2010 the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the Internet industry as a whole lost a great friend and supporter, Mary Litynski. Her dedication, excellence, perseverance and tireless work behind the scenes of M3AAWG helped make the organization the success that it is today. Through this award, M3AAWG seeks to bring attention to the remarkable work that is done far from the public eye over a significant period of time... more
Zango, a company that used to be called 180 solutions, has a long history of making and distributing spyware. (See the Wikipedia article for their sordid history.) Not surprisingly, anti-spyware vendors routinely list Zango's software as what's tactfully called "potentially unwanted". Zango has tried to sue their way out of the doghouse by filing suit against anti-spyware vendors. In a widely reported decision last week, Seattle judge John Coghenour crisply rejected Zango's case, finding that federal law gives Kaspersky complete immunity against Zango's complaint... more
Canada's Anti-Spam Law, CASL, is now a done deal. Last Thursday, Treasury Board of Canada President (and champion of CASL) Tony Clement approved Industry Canada regulations in their final form. Today, Minister of Industry the Honourable James Moore announced CASL will come into force in July 1, 2014. more
Many companies have the occasional "oops" where they send email they probably shouldn't have. This can often cause a decrease in reputation and subsequent delivery problems. Some companies rush to fix things by changing domains. Brand new domains, those registered less than 30 days, have really bad reputations. Blame the spammers and scammers who exploited a loophole and sent tons of untraceable spam from newly registered domains that they then abandoned without paying for them. more
Here is a list of the most viewed news and blog postings that were featured on CircleID in 2008... Best wishes for 2009 and Happy New Year from all of us here at CircleID. more
The 2004 criminal spam case against large-scale spammer Jeremy Jaynes, which I've covered in several previous blog entries, appears to have come to an ignominious end with the state supreme court throwing out the law under which he was convicted. The Virginia anti-spam law was one of the first in the country with criminal provisions, but it failed due to the way that First Amendment cases are treated differently from all other cases. more
There's no denying that the fight against spam attracts a lot of crazies, both pro- and anti-spam. One of the common attributes of the anti-spam kooks is that they often think in terms of somehow taking revenge against the spammers -- regardless of who else gets hurt along the way. In 2005, that revenge came in the form of BlueFrog, a service which purported to launch what can only be called denial of service attacks against spammers' web sites... This week, a company called SpamZa was hurriedly making a similar mistake... more
I have often remarked that any fool can run a DNS-Based Blacklist (DNSBL) and many fools do so. Since approximately nobody uses the incompetently run black lists, they don't matter. Unfortunately, using a DNSBL requires equally little expertise, which becomes a problem when an operator wants to shut down a list. When someone sets up a mail server (which we'll call an MTA for Mail Transfer Agent), one of the tasks is to configure the anti-spam features, which invariably involves using DNSBLs. more
Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation. more
Back in 2003, there was a race to pass spam legislation. California was on the verge of passing legislation that marketers disdained. Thus marketers pressed for federal spam legislation which would preempt state spam legislation. The Can Spam Act of 2003 did just that... mostly. "Mostly" is where litigation lives. According to the Can Spam Act preemption-exception... more
A couple of weeks ago, I read an article on Yahoo that some outfit in Russia claimed to have broken Yahoo's CAPTCHA for creation of new email accounts. Another blogger wrote that it was unlikely that the spamming outfit had achieved 100% success at breaking the CAPTCHA. Yet, in the past couple of weeks, I have noticed something that would seem to confirm the theory... more
A World-Renowned Source for Internet Developments. Serving Since 2002.