Recent Posts

DOD breaks links in .mil clients

DataSecurity_IllustrationThe Department of Defense is breaking HTML links in mail to .mil domains. This is part of the DoD’s attempt to curtail phishing.

Read More

Filter complexity

URLBlockingForBlogDuring the Q&A last week, I mentioned an example of a type of filter trying to demonstrate how complex the filters are. There was some confusion about what I was saying, so I thought I’d write a blog post explaining this.

Read More

Thanks for the great session

I had a great time answering questions at the 2015 All About eMail Virtual Conference & Expo today. Thanks so much to everyone who participated and asked questions. They were great and I’m sorry we didn’t have more time.
I did get some questions on twitter (@wise_laura) afterwards. One was about an example I gave to explain how filters are complex. There have been rumors going around recently that Gmail is filtering mail with more than 3 URLs in it. Let me just say right now THIS IS NOT TRUE emails with more than 3 URLs in them are being delivered just fine to Gmail.
There is a situation involving the number (and type) of URLs that I think are a useful example of the filter complexity happening at some places, like Gmail. I started working on it, but don’t quite have time to finish it today, but will keep working on and it should go up in the next day or so.
Thanks again to everyone who joined the session. You asked some great questions and I had fun answering them.
 

Read More

All About Email: Q & A session tomorrow

virtualShow_forblogLive! Tomorrow! the 2015 All About eMail Virtual Conference & Expo12:30 Eastern, 9:30 Pacific. Come hear Ken ask me about email and contribute your own questions!
Want to ask about spamtraps? Purchased lists? How about engagement? Just want to listen to what myths other people are interested in asking about? Come and listen.
 

Read More

ESP attacks, again. Be wary.

There seems to be an uptick in phishing attacks that have an impact on ESPs recently.
Your CEO
The most critical one is targeted spear-phishing attacks that claim to be internal documents sent by senior staff within the company, e.g. from the company CEO.
It’s likely that the attached documents will compromise and backdoor your machine, and from their most of your internal network, using an infected document to load a remote administration tool (RAT) such as Netwire.
Be very, very wary of document attachments, especially in generic looking emails that you weren’t expecting, from senior people. Making sure your antivirus signatures are up to date is a great idea, but nothing will protect you as effectively as not opening the infected documents.
Your domain registrar
The other campaign I’m aware of is emails that claim to be abuse reports from registrars (e.g. opensrs, tucows, etc) aimed at domain registration contacts, claiming that a domain has been suspended and that the recipient should click on a link to “download a copy of complaints received”.
e.g.

Read More

SPF debugging

Someone mentioned on a mailing list that mail “from” intuit.com was being filed in the gmail spam folder, with the warning “Our systems couldn’t verify that this message was really sent by intuit.com“. That warning means that Gmail thinks it may be phishing mail. Given they’re a well-known financial services organization, I’m sure there is a lot of phishing mail claiming to be from them.
But I’d expect that a company the size of Intuit would be authenticating their mail, and that Gmail should be able to use that authentication to know that the mail wasn’t a phish.
Clearly something is broken somewhere. Lets take a look.
Looking at the headers, the mail was being sent from Salesforce, and (despite Salesforce offering DKIM) it wasn’t DKIM signed by anyone. So … look at SPF.
SPF passes:

Read More

October 2015: The month in email

When you spend most of your day working on email and spam issues, it starts to cross into all aspects of your life. In October, I was amused by authors who find names in spam, SMTP-related t-shirts on camping trips, and spam that makes you laugh. Maybe I need a vacation?
We were quite busy with conference presentations and client work this month, but took time to note the things that captured our attention, as always. We highlighted a few things we enjoyed reading around the web: Brian Krebs’ Reddit AMA, the results of Jan Schaumann’s survey on ethics in internet operations, and a great post on Usenet from Joe St. Sauver.
In industry news, we covered a few glitches that are worth noting, in case you missed them: Yahoo FBL confirmation emails, Google postmaster tools, Network Solutions email, and weird Lashback listings. Even though these have mostly been resolved, it’s useful to keep track of the types and frequency of these sorts of issues, as they can significantly impact your deliverability and may be useful as your clients or business stakeholders raise questions about campaign performance.
Steve contributed a few key technical posts this month, including a short post on IPv6 authentication issues, following up on the issues he outlined back in July. He also noted Gmail’s upcoming move to DMARC p=reject, which is notable for the ways they are are looking to mitigate risks with their ARC proposal.  Finally, he wrote that it’s worth looking at false positives every now and then, as it can reveal interesting patterns in the ESP landscape.
Finally, a good suggestion from the best practices file: engagement through confirming user names, and a not-so-good plan for an app that’s sure to invite abuse and harassment.

Read More

Deliverability, email and lessons learned from Insight2015

biohazardmailDeliverability is a challenge, I think everyone who has ever tried to send bulk mail will acknowledge that. There are a lot of reasons for this. One of the big reasons is that there are bad players who spend a lot of time trying to get around filters. And a lot of these people are sending very bad mail. Phishing. Spear Phishing. Viruses. Malware.
Email is a prime vector for a lot of criminals.
A lot of deliverability discussions really gloss over the dangers, though. We don’t often think about it, because we’re not sending bad mail. But we still have to go through the same filters that ask: Is this message safe?
Security was a big deal at the recent Sparkpost / MessageSystems conference.

Read More

Deliverability at Yahoo

We have multiple measures of deliverability. Ones that we don’t even let in the door, and then we have ones that customers indicated that they don’t want to be delivered.

Read More

Insight 2015 and upcoming talks

In about an hour I will be heading down to Monterey to give a talk at the MessageSystems Insight 2015 conference.
I really wanted to go to the whole conference, as I’ve heard great things about previous ones. It just didn’t work with my schedule. I’ll be around this afternoon and tomorrow morning, though. So if you’re there, do drop by and say Hi!
If you’re not at Insight, but are interested in hearing me speak, you can join us on November 12 at the 2015 All About eMail Virtual Conference & Expo. Ken Magill will be interviewing me about email and delivery. The session is also very open to audience questions, so come with some of your own.

Read More
Categories
Tags