Recent Posts

Smart email

This week I received an email from a vendor we purchased software from 6 months ago. And it was exactly 6 months to the day of our original purchase I received an email basically reminding me of what I purchased and asking me to update my contact information.

The Real Story

We’ve heard this story before.

Someone gives an email address to a company. That company sends them email via an ESP for several years.
Hackers break in to the ESP and steal a bunch of email addresses.
The original address owner starts getting targeted and random spam to that email address.
Read More

MAAWG: Just keeps getting better

Last week was the 22nd meeting of the Messaging Anti-Abuse Working Group (MAAWG). While I am prohibited from talking about specifics because of the closed door nature of the group, I can say I came out of the conference exhausted (as usual) and energized (perhaps not as usual).
The folks at MAAWG work hard and play even harder.
I came away from the conference feeling more optimistic about email than I have in quite a while. Not just that email is vital and vibrant but also that the bad guys may not be winning. Multiple sessions focused on botnet and crime mitigation. I was extremely impressed with some of the presenters and with the cooperation they’re getting from various private and public entities.
Overall, this conference helped me to believe that we can at least fight “the bad guys” to a draw.
I’m also impressed with the work the Sender SIG is doing to educate and inform the groups who send bulk commercial messages. With luck, the stack of documents currently being worked on will be published not long after the next MAAWG conference and I can point out all the good parts.
There are a couple specifics I can mention. One is the new list format being published by Spamhaus and SURBL to block phishing domains at the recursive resolver. I blogged about that last Thursday. The other bit is sharing a set of security resources Steve mentioned during his session.
If your organization is fighting with any messaging type abuse (email, social, etc), this is a great place to talk with people who are fighting the same sorts of behaviour. I do encourage everyone to consider joining MAAWG. Not only do you have access to some of the best minds in email, but you have the opportunit to participate in an organization actively making email, and other types of messaging, better for everyone.
(If you can’t sell the idea of a MAAWG membership to your management or you’re not sure if it’s right for you, the MAAWG directors are sometimes open to allowing people whose companies are considering joining MAAWG to attend a conference as a guest. You can contact them through the MAAWG website, or drop me a note and I’ll make sure you talk with the right folks.)
Plus, if you join before October, you can meet up with us in Paris.

e360 and the appeals court

Oral arguments in Spamhaus’ appeal were held last week. Mickey blogged about it on Thursday. I heard from him and a bunch of the Spamhaus folks about it at MAAWG, but was busy enough that I didn’t get a chance to listen to it. Mickey is not exaggerating on how badly the judges, particularly Judge Posner, beat up on e360’s lawyer. More quotes are available at Appeals judges berate spammer for “ridiculous,” “incompetent” litigation.

New blocklisting process

There is a new type of blocking designed to interrupt the ability of users to click and visit phishing sites.
DNS Response Policy Zones allows companies running recursive resolvers to create a zone that will not resolve specific domains. This is a second layer of filtering, if a spammer manages to get an email with a malicious link into the inbox then the ISP can still protect the user from becoming a victim from the scam. For more detailed information about RPZ, check out the helpful slides published by ISC.
Two blocklists announced this morning that they were publishing lists in RPZ format so ISPs can import the data into their DNS recursive resolver. SURBL is currently offering their list as RPZ. Spamhaus is currently running a beta for the DBL in a RPZ format. If you’re a current DBL user, talk to Spamhaus about checking out their new format.

Spam lawsuit guide

Mailchimp has released a guide to spam lawsuits with advice on how to not be a target.
I had the pleasure of meeting some of the Mailchimp legal staff last year when I was down there to do on-site training for their abuse desk employees. I was quite impressed with them and their understanding of privacy and email issues.

New security focused services

Steve’s been busy this week working on some new products.
You can see the first at Did Company Leak? This is a neat little hack that looks at social media reports to see if a there are reports of leaks, breaches or hacks and gives you a list of tweets that reference them. And, yes, I did really receive spam to two addresses stolen from iContact customers today.

Prepping for MAAWG

The June MAAWG meeting is next week. Both of us are working on various projects, documents and announcements for the meeting. This means light blogging, although we’ll post public announcements as they come out.
If you’re going to MAAWG be sure to stop by and say hi!

Gmail reports spear phishing attack

No one, it seems, is immune from account compromise attempts. Today Google reported they had identified a systemic campaign to compromise Gmail accounts belonging to “senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”
Google offers a number of solutions for users, including the ability to add 2 factor authentication to your Gmail account. I strongly recommend anyone who uses Gmail to do this.
This isn’t a security blog, but email is one of the major vectors used to infect machines. We’ve seen numerous break ins targeting email senders and ESPs, resulting in customer and recipient data being stolen and then used for spam. Everyone who uses email needs to be aware of the risks and maintain their email account integrity. Be careful clicking links in emails. Be careful opening webpages. Keep your antivirus software up to date.
Everyone is a target.

Marketing or spamming?

A friend of mine sent me a copy of an email she received, asking if I’d ever heard of this particular sender. It seems a B2B lead generation company was sending her an email telling her AOL was blocking their mail and they had stopped delivery. All she needed to do was click a link to reactivate her subscription.
The mail copy and the website spends an awful lot of time talking about how their mail is accidentally blocked by ISPs and businesses.