When did you check your security last?

A few years ago security and breach protection was all the topic of the day in the email space. There were some high profile break ins at ESPs and data companies and everyone was looking at their security. Companies were vocal and public about their security enhancements. Many in the email industry even used the term “advanced persistent threats.”
Security seems to have taken a back seat to Yahoo releasing user names, and Gmail introducing tabs in the inbox and all the myriad of tiny details that we feel we have some control over.
But security still should be at the forefront of our minds. Just today Adobe announced a major compromise resulting in both a customer information leak and a source code theft.
It serves as a reminder to all of us that security threats are ongoing and we cannot become complacent.

Related Posts

How long is your DKIM key?

While we were at M3AAWG, Wired published an article talking about how simple it was to crack DKIM keys. I didn’t post about it at the time because it didn’t really seem like news. DKIM keys smaller than 1024 are vulnerable and not secure and the DKIM spec does not recommend using keys smaller than 1024. When I asked the DKIM-people-who-would-know they did tell me that the news was that the keys had been cracked and used in the wild to spoof email.
Fair enough.
If you are signing with DKIM, use a key 1024 or longer. Anything shorter and your risk having the key cracked and your mail fraudulently signed.
This morning M3AAWG published recommendations on keeping DKIM keys secure.

Read More

What blogs are you reading besides mine?

It’s been a week. A very, very long week. Which means that at 4 on a Friday I’m grasping at straws for something interesting to write about. So I do what I do when I’m out of ideas, I look through the email related blogs I’m subscribed to.
A bunch of them are still active, but there’s a good dozen or so that haven’t been updated in months. I realize I’m getting most of my current news from Twitter (or, Facebook) not from my actual RSS feeds.
So what email / marketing / delivery / internet security related blogs are people reading these days? What should I add to my list to keep up to date on the pulse of the email industry?
EDIT: apparently the Akismet filter I use went berserk with the multiple links in comments. I think I’ve pulled everything they caught incorrectly. If you tried to post and it’s not showing, drop me an email at the obvious place.

Read More

Lavabit shuts down

Lavabit is a secure mail system. Today their CEO announced he was shutting down the service immediately.

Read More