Internet and e-mail policy and practice
including Notes on Internet E-mail


2016
Months
SepOct
Nov Dec

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email

17 Sep 2016

The kindness of strangers, or not Email

A few days ago I was startled to get an anti-spam challenge from an Earthlink user, to whom I had not written. Challenges are a WKBA (well known bad idea) which I thought had been stamped out, but apparently not.

The plan of challenges seems simple enough; they demand that the sender does something to prove he's human that a spammer is unlikely to do. The simplest ones just ask you to respond to the challenge, the worse ones like this one have a variety of complicated hoops they expect you to jump through.

What this does, of course, is to outsource the management of your mailbox to people who probably do not share your interests.

See more ...


posted at: 20:45 :: permanent link to this entry :: 0 comments
Trackback link is https://jl.ly/Email/badchallenge.trackback

05 Sep 2016

An e-mail authorization cheat sheet Email

A friend (really) asked for advice about what to say about mail authorization to people setting up new mail systems, particularly in parts of the world where networks are relatively new and staff less experienced.

Phish targets

The first question is are you a phish target? There's two parts to this question.

See more ...


posted at: 15:17 :: permanent link to this entry :: 0 comments
Trackback link is https://jl.ly/Email/authcheat.trackback

27 Oct 2015

What's ARC? Email

DMARC is an anti-phishing technique that AOL and Yahoo repurposed last year to help them deal with the consequences of spam to (and apparently from) addresses in stolen address books. Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes, this had the unfortunate side effect of screwing up nearly every discussion list on the planet.

Last week the DMARC group published a proposal called ARC, for Authenticated Received Chain, that is intended to mitigate the damage. What is it, and how likely is it to work?

See more ...


posted at: 23:43 :: permanent link to this entry :: 1 comments
Trackback link is https://jl.ly/Email/arc1.trackback

15 Jun 2015

The cycle of e-mail security Email

Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology.

1. Invention and enthusiasm

Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great.

See more ...


posted at: 23:22 :: permanent link to this entry :: 0 comments
Trackback link is https://jl.ly/Email/cycle.trackback

11 May 2015

The theory of e-mail reputation Email
The IETF is once again wrestling with e-mail authentication and reputation, this time in the context of
DMARC, particularly the long running issue of DMARC vs. mailing lists. We have a bunch of proposals with various techniques of signing messages, asking various parties who is authorized to send what. Some of them seem workable, but a lot aren't. I have found that a few basic rules that apply to any reputation scheme make it a lot easier to evaluate whether a proposal can work.

See more ...


posted at: 00:06 :: permanent link to this entry :: 0 comments
Trackback link is https://jl.ly/Email/theoryrep.trackback

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
"Spam King" Sanford Wallace finally goes to jail
99 days ago

A keen grasp of the obvious
A little musical history
121 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2015 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.