There's a lot of chatter about a recent study purporting to show that 29.1% of internet users has bought something from spam. As ITWire reported, "Marshal were not only interested in how many people were purchasing from a spam source, but also what goods and services they were buying. Perhaps less surprisingly this revealed that sex and drugs sell well online." But at downloadsquad, Lee Mathews discovered the shocking truth: "the survey only involved 600 people." more
Last September the Virginia Supreme Court issued a surprise ruling that reversed its previous decision and threw out the state’s anti-spam law on First Amendment grounds. The Commonwealth made a last ditch appeal to the US Supreme Court, which I predicted they’d be unlikely to accept. I guessed right... more
Chad White wrote an article for MediaPost about best practices which parallels a lot of thinking I've been doing about how the email marketing industry treats best practices. After several conversations recently about "best practices," I'm convinced that the term is now meaningless. It's been bastardized in the same way that the definition of "spam" has shifted to the point that it has very different meanings to different groups of people. more
Way back in 1995, Wired reporter Simson Garfinkel gave Jeff Slaton the name "Spam King." Less than a year later, Sanford Wallace earned the title -- and soon had to share it (and his upstream provider) with Walt Rines. Others have come and gone; Sanford and Walt reappear every few years, together or separately, only to be sued away again... it seems as if any spammer noticed by law enforcement is immediately crowned "the Spam King," even when there are multiple such crownings happening at the same time. more
A court in Illinois rejected a motion to dismiss case filed by defendants in a class action brought on behalf of plaintiffs who received SMS spam marketing for an animated film called "Robots". The court's ruling is not surprising, given the other cases which have come to a similar conclusion. more
I'm sure many of you are familiar with the targeted ESP phishing attack that has been ongoing for almost a year now and has led to multiple known ESP system breaches. Return Path was recently a victim of this same attack... In short, a relatively small list of our clients' email addresses was taken from us, meaning those addresses are now the targets of the phishing campaign that are intended to compromise those client systems. more
From time to time, we see unenlightened comments about the efficacy of laws in the fight against spam. "Laws won't stop spam" being the most common. No, they won't. What laws do is dissuade some people from undertaking shoddy mailing practices or even outright spam campaigns. Laws don't stop murder, rape and robbery either, but for those un-dissuaded who undertake such heinous crimes, we, as a society, have laws for punitive effect. They pay the price society exacts for their actions. C-28 will attenuate spam in Canada, and help us to fight spam internationally. more
Yesterday I talked about how I'm hearing warnings of a coming paradigm shift in the email industry. While these changes will affect all senders, Email Service Providers (ESPs) in particular are going to need to change how they interact with both ISPs and their customers. Currently, ESPs are able to act as "routine conveyers." The traffic going across their network is generated by their customers and the ESP only handles technical issues. more
This morning M3AAWG announced the creation of the J.D. Falk award to recognize and honor people like J.D. who work to make the Internet safer for all users... J.D. was a legend in the abuse prevention world when I first started learning about spam and abuse prevention back in the late 90's. more
Last week I blogged about the way that lots of otherwise legitimate companies leak e-mail addresses to spammers. Here's a few more thoughts. One person asked how I knew that these were leaks, and not dictionary attacks, since the addresses I use are fairly obvious, the name of an often well known company @ my domain. It's a reasonable question, but the answer is simple... more
About a week ago, I posted that Australia was getting ISPs to boot infected computers off of their network. I commented on whether or not this was a good policy. However, there was one thing in that article that I wanted to comment on but didn't... more
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable... It's often said that there are too many different organizations working on the overlapping areas of abuse, trust, and related issues. I believe the collaborative approach MAAWG has chosen will bridge these gaps. more
As my recent series of posts has indicated, I am seeing a lot of future changes in the email industry. What do I think we can look forward to in email in 2010? ...In the realm of real authentication, the protocol most are using is is DKIM. While people will probably continue to publish SPF records (and Microsoft will continue to cling to the hope it becomes widespread) its relevance will continue to decrease. more
Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more
Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more
A World-Renowned Source for Internet Developments. Serving Since 2002.