Well, I read the indictment (available here from Spamhaus.) It's a long litany of criminal behavior, primarily pump and dump stock fraud of a long list of penny stocks from the US and China. Ralsky is described as the "chief executive officer and overall leader" of the scheme... The thing that strikes me about this indictment is that although it includes a lot of CAN SPAM charges, everything Ralsky and Co. did was already illegal under conventional fraud and computer tampering laws. more
The DKIM standard has been out for two years now, and we're starting to see some adoption by large mail systems, but there's still a lot of misunderstanding about what DKIM does and doesn't do... Any a mail system can add a signatures to the messages it handles, and spammers can sign their mail, too. A DKIM signature contains, stripped down to its basics, the domain of the signer and a checksum of the message. more
Neil Schwartzman writes to report: "Ken Magill covers the current rake fight on the IRTF's Anti-Spam Research Group mailing list concerning anti-spam DNS Blacklist, or Blocklist, (DNSBL) operators charging for delistings, that is well worth a read, he has quotes from many experts and leaders in the industry who are decidedly against the practice." more
When it comes to the problem of outbound spam, one of the experiences that I have, and this was reaffirmed at TechEd, is that the number one source of compromised accounts are educational institutions. That is to say, whenever we have an outbound spam problem and have to hunt down where it is coming from, the highest number of these accounts are phished accounts/credentials from users at an educational institution. Why is this? Why does so much spam originate from universities? more
Over the last year the world has been virtually buried under news items describing hacks, insecure websites, servers and scada systems, etc. Each and every time people seem to be amazed and exclaim "How is this possible?" Politicians ask questions, there is a short lived uproar and soon after the world continues its business as usual. Till the next incident. In this blog post I take a step back and try to look at the cyber security issue from this angle... more
There are a number of things that make a responsible Email Service Provider (ESP), including setting and enforcing standards higher than those set by the ISPs. One of the responsible ESPs is Mailchimp. (Full disclaimer, I do consult for Mailchimp.) This ESP focuses on businesses with small to medium sized lists. They screen new customers for source of permission as well as mail content. more
McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009. more
Phishing researcher Gary Warner's always interesting blog offers some fresh perspective on clicking links on emails, as the crux of the phishing problem. Gary writes: "There is a saying 'if you give a man a fish, he'll eat for a day, but if you teach a man to fish, he can feed himself for a lifetime.' In the case of the Epsilon email breach the saying might be 'if you teach a man to be phished, he'll be a victim for a lifetime.' In order to illustrate my point, let's look at a few of the security flaws in the business model of email-based marketing, using Epsilon Interactive and their communications as some examples." more
Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more
The Messaging Anti-Abuse Working Group (MAAWG), of which Return Path (my employer) is a very active participant, met recently in Heidelberg, Germany. Among other exciting projects, they finished two new best practices documents which have been lauded in the press as a big step towards stopping botnet spam... more
CAUCE just posted a blog entry about C-27; we will be speaking to the Industry, Science, and Technology committee reviewing the bill this afternoon. The meeting will be webcast starting at 15:30 eastern... more
Spam levels have increased by 5.1% since last month, reaching heights of 90.4%, according to latest report from Symantec's MessageLabs Intelligence... The majority of this increase in spam in May was comprised of messages with very little content other than a subject line and valid hyperlink, says the report. "Each hyperlink pointed to a different active profile on one of a number of major social networking environments. The profiles were likely created using random names and automated CAPTCHA-breaking tools. Moreover, the emails were sent from valid webmail hosting providers, which means they were not spoofed, as has been the case in the past for these types of domains." more
Josh Baer, former VP of Datran Media and current CEO of OtherInBox has been floating an idea at the DMA's Email Experience Council and a few other places, and recently got some traction in Ken Magill's Magill Report. What Josh is proposing is to create the technical means by which a Sender can decide when email 'expires' and is automatically removed from a recipient's inbox, either by deletion, or perhaps archiving (in the case of Gmail). This would supposedly help the end-user, by removing marketing offers that are no longer available. Why this idea shouldn't happen... more
Do Out of Office alerts these days serve a purpose anymore? They seem to work well a decade ago when you were really out of the office and your computer sat under your desk and you couldn't check email till you got to it. Today, we as an industry and as individuals now have laptops, iPads, Smartphones, Wifi, WiMAX, etc. keeping us 100% of the time on the Internet at one time or another. And you know we all at one point throughout our days whether or not on vacation or after 5 PM check email as part of our everyday lives. more
While the news will not be terribly surprising to CircleID readers, Google's latest report on the status of spam and 2009 predictions posted today, might be of particular interest due to the company's shear email processing volume at 2 billion enterprise email connections per day (drawn from company owned Postini Message Security network)... more
A World-Renowned Source for Internet Developments. Serving Since 2002.