Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed


28 Apr 2011

What next for Email Service Providers? Email

It's been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events sugests all the ESPs whose clients were compromised were themselves compromised first. (That's how the crooks knew who to attack.)

The Online Trust Alliance published some guidelines, that offer mostly good advice. So what should ESPs do now?

See more ...

  posted at: 12:41 :: permanent link to this entry :: 1 comments
Stable link is

21 Apr 2011

Insecure ESP du jour: Emailvision Email
Emailvision is a bulk mail company in the suburbs of Paris, France. They are, in my experience, almost uniquely inept. Nearly all of the mail they send to my users is clearly spam, sent to addresses on stolen, scraped, or resold lists, which is pretty impressive in France, a country where selling individuals' personal information is illegal.

See more ...

  posted at: 17:52 :: permanent link to this entry :: 1 comments
Stable link is

19 Apr 2011

Holomaxx, yet again Email

When last we saw the Holomaxx case, in which a bulk mailer in Pennsylvania sued Microsoft and Yahoo in separate cases for not delivering their mail on the legally absurd theory that Microsoft and Yahoo are required to deliver mail from random spammers who claim to be CAN SPAM compliant, the judge threw the case out, but gave them the option to amend their complaint and try again.

They've refiled against Yahoo, with the main difference being that they added out of context quotations from a MAAWG document that doesn't say what Holomaxx wishes that it said. At this point, the main question is how much more of his time the judge will allow them to waste before he shuts them down for good.

Word to the Wise has a more detailed analysis and a link to the amended complaint.

  posted at: 21:20 :: permanent link to this entry :: 0 comments
Stable link is

Latest hacked ESP: Cheetahmail Email
This spam showed up in one of my user's mailboxes earlier today. It was sent from Cheetahmail, a large Email Service Provider, easily verified by checking the sending IP address It is not an ad for Adobe and the URL, which you should definitely not visit, is located in China, and shows a fake Adobe web page which invites you to download a fake Adobe Reader update which is in fact malware. The headers in the message suggest that someone used a Cheetamail client's credentials to log in and create and send this spam in large quantities. (My tiny network got four of them, three of them to spamtrap addresses.)

See more ...

  posted at: 10:17 :: permanent link to this entry :: 2 comments
Stable link is

07 Apr 2011

Anti-social networks Email
I've belonged to
LinkedIn for a long time, long enough to have collected over 500 connections, all to people I at least sort of know. It's sometimes useful. So why am I about ready to block all their mail as spam?

See more ...

  posted at: 23:12 :: permanent link to this entry :: 4 comments
Stable link is

03 Apr 2011

Report from the ICANN front lines in San Francisco ICANN

I didn't get to the San Francisico ICANN meeting, but my friend J.D. Falk did.

Don't miss Impenetrable Processes and Fool's Gold at ICANN, his report of what he found there.

  posted at: 16:25 :: permanent link to this entry :: 0 comments
Stable link is


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

It turns out you don’t need a license to hunt for spam.
62 days ago

A keen grasp of the obvious
Italian Apple Cake
620 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

My Mastodon feed

© 2005-2024 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.