Internet and e-mail policy and practice
including Notes on Internet E-mail


2014
Months
Oct
Nov Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed

Add to My Yahoo!

Subscribe with Bloglines


[Valid RSS]

Home :: Email

08 Oct 2014

How can we do spam filtering on mail we can't read? Email
For reasons that should be obvious, a lot of people are thinking about ways to make e-mail more secure, and harder to spy on. The most likely scenario is an improved version of PGP or S/MIME, two existing encrypted mail systems, that let people publish their encryption key, which correspondents use to encrypt mail so that only the recipient can read it. While this is a significant improvement in privacy, it has the problem that spam filters at the ISP can't read the mail either.

See more ...


posted at: 23:36 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/cryptospam.trackback

16 Jul 2014

The mail forwarding threat model Email
The recent
DMARC kerfluffle has brought new attention to mail forwarders that send mail on behalf of other people. We've been giving a lot of thought to ways to tell nice forwarders from nasty ones, so that mail systems can deliver mail from the nice ones and filter the nasty ones. It occurs to me that there are several scenarios for the way that forwarders work, so I've collected them in a little chart.

See more ...


posted at: 19:42 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/fwdthreat.trackback

03 Jun 2014

Dealing with DMARC Email

DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has From: addresses at aol.com or yahoo.com, but wasn't sent from AOL or Yahoo's own mail systems. If the mail is phish or spam, that's good, but when it's mailing lists or a newspaper's mail-an-article, it's no so good.

The mailing list community has been gnashing its teeth for the past month trying to figure out the least bad ways to deal with the problem.

To keep track of all the ways of avoiding or limiting the damage, I've made a page on the ASRG wiki. (The ASRG is gone, but the wiki lives on.)

If I've missed anything, let me know and I'll update it.


posted at: 23:26 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/undmarc.trackback

28 Apr 2014

A helpful tip for AOL users Email
AOL finally
confirmed today that crooks have stolen credentials and address books from some large number of AOL users. (They say 2%, but that's only the ones they know about so far.) So we suggest you take some routine security precautions.

See more ...


posted at: 21:57 :: permanent link to this entry :: 0 comments
Trackback link is http://jl.ly/Email/aolchange.trackback

23 Apr 2014

AOL has a security hole, and it's our problem Email
Two weeks ago I wrote about
Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty.

See more ...


posted at: 23:33 :: permanent link to this entry :: 1 comments
Trackback link is http://jl.ly/Email/aoldmarc.trackback

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
CASL Comes into Force
116 days ago

A keen grasp of the obvious
Progress in e-mail
37 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2014 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.