|
Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
RSS feed
|
Home :: Email
17 Sep 2016
A few days ago I was startled to get an anti-spam challenge from an
Earthlink user, to whom I had not written.
Challenges are a WKBA (well known bad idea) which I thought had been
stamped out, but apparently not.
The plan of challenges seems simple enough; they demand that the
sender does something to prove he's human that a spammer is
unlikely to do.
The simplest ones just ask you to respond to the challenge, the
worse ones like this one have a variety of complicated hoops they
expect you to jump through.
What this does, of course, is to outsource the management of your
mailbox to people who probably do not share your interests.
See more ...
Trackback link is https://jl.ly/Email/badchallenge.trackback
05 Sep 2016
A friend (really) asked for advice about what to say about mail authorization
to people setting up new mail systems, particularly in parts of the world where
networks are relatively new and staff less experienced.
Phish targets
The first question is are you a phish target?
There's two parts to this question.
See more ...
Trackback link is https://jl.ly/Email/authcheat.trackback
27 Oct 2015
DMARC is an anti-phishing technique that AOL and Yahoo
repurposed last year to help them deal
with the consequences of spam to (and apparently from) addresses in
stolen address books.
Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes,
this had the unfortunate side effect of screwing up nearly every discussion list
on the planet.
Last week the DMARC group published a proposal called ARC, for
Authenticated Received Chain, that is intended to mitigate the
damage. What is it, and how likely is it to work?
See more ...
Trackback link is https://jl.ly/Email/arc1.trackback
15 Jun 2015
Stepping back from the
DMARC arguments, it occurs
to me that there is a predictable cycle with every new e-mail security technology.
1. Invention and enthusiasm
Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or
(this month's mini-fiasco) PGP in DANE.
Each scheme has a model of the way that mail works.
For some subset of e-mail, the model works great, for other mail it works less great.
See more ...
Trackback link is https://jl.ly/Email/cycle.trackback
11 May 2015
The IETF is once again wrestling with e-mail authentication and reputation,
this time in the context of DMARC,
particularly the long running issue of DMARC vs. mailing lists.
We have a bunch of proposals with various techniques of signing messages,
asking various parties who is authorized to send what.
Some of them seem workable, but a lot aren't.
I have found that a few basic rules that apply to any reputation scheme
make it a lot easier to evaluate
whether a proposal can work.
See more ...
Trackback link is https://jl.ly/Email/theoryrep.trackback
|
Topics
My other sites
Who is this guy?
Airline ticket info
Taughannock Networks
Other blogs
CAUCE
"Spam King" Sanford Wallace finally goes to jail
99 days ago
A keen grasp of the obvious
A little musical history
121 days ago
Related sites
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse
|
