English
Deutsch
Español
Français
Português/Brasil
Nov
19
“Delivered” Depends On Context
When an email sending system reports that a message has been ‘delivered,’ that may not be an accurate portrayal of the final destination of the message. To understand why that is, and why ‘delivered’ has been the term of art for so long, we just need to look at the email delivery process.
Tell me more
Categories: Explanation View Comments
Aug
31
What’s an FBL?
In spite of the best efforts of anti-spam staff, end users — the account holders, recipients of email — still receive spam. And users want to complain about it, preferably to someone who’ll do something to make it stop. So, somewhere in the later 1990s, mailbox providers created an easy way to complain directly to them.
Tell me more
Categories: Explanation View Comments
Jul
7
The Other Side of Security
The Denver edition of Security BSides took place a few weeks ago in a garage turned art gallery on the far end of Denver’s emerging Santa Fe Arts District, right on the border between historic working-class neighborhoods and a rambling wasteland of building supply warehouses.
The nearly all-male crowd, dressed in jeans and black t-shirts or IT casual, started the morning with bagels and copious amounts of strong, dark Daz Bog coffee while discussing other computer security and hacking conferences they’d been to, or were planning to attend. Two full kegs from local favorite Breckenridge Brewery arrived shortly after noon.
BSides started last year as an alternative alongside DEFCON, RSA, and other big security events, and follows the loose “un-conference” model popularized by BarCamps a few years ago. As one of the BSides regulars explained, “this isn’t some square-ass, like, sit around, don’t talk to people thing.”
The presentation I enjoyed most was
Tell me more
Categories: News View Comments
May
3
Lacking a Common Language
Human communication takes many forms, from the dense poetry of Shakespeare’s plays to the rigorous precision of IETF documents to the false apologies conveyed by emoticons. Metaphors seem like the greatest thing since sliced bread, while verbal puns can creep up on the unwary like a faux queue in arrears. But at the end of the day, when all is said and done, like a bull in a china shop, inaccurate cliches and colloquialisms can actually impede communication — particularly technical communication.
Some of the terms I see floating around the industry are silly and annoying, but …
Categories: Commentary Research View Comments
Mar
31
Debating Standards While the Sun Shines
The IETF — the Internet Engineering Task Force — is, simply put, the standards body for the internet. As a body, they’ve been responsible for nearly every technical protocol that makes the internet work, from TCP/IP and SMTP to more recent developments like IPv6 and OAuth.
It was a beautiful week to be in Anaheim, even in the ring of hotels surrounding Disneyland — temperatures above 70 degrees F., clear blue Southern California skies, while more than a foot of snow landed on Denver. But the 1,200 attendees of the IETF’s 77th meeting spent most of their time inside fluorescent-lit meeting rooms, engaged in deep engineering debates.
IETF is kind of the opposite of TED, that famous gathering of fast-talking deep thinkers. It still involves some of the smartest people in the world, but …
Categories: News Standards View Comments
Feb
25
Whitelistin’ Ain’t Easy
Whitelists exist because spam filters exist. They are the exception policy, the safety valve. But beyond that simple truism, there are a lot of differences.
Because there’s so much spam, filters have to rely on patterns derived from similarities between known spam messages. When a message matches the pattern, the filter notices and does something: reject it, put it in a spam folder, et cetera. Messages that don’t match the pattern sail on through.
Similarly, if the message’s source — usually tracked by IP address — matches the pattern, all messages from that source are noticed by the filter. This could be as specific as a single IP address, or could be a range of IP addresses. When a filter’s pattern is broad, it catches a lot of spam. But it may also catch some non-spam messages; this is what’s called a “false positive.” To avoid those, you could (and probably will) improve the filters over time — but by the time you find out, the damage is already done. In the meantime, you need a whitelist.
Most mail system administrators will whitelist their own network infrastructure; it’s under their control (or under the control of someone nearby), so if any problems come up they can fix them. Also, it’s generally a bad idea to block mail from your boss.
Next you’ll want to whitelist companies and organizations you and your users frequently interact with. Do a quick mental inventory: how many is that? Did you remember your payroll company, your health insurance benefits broker, your local pizza delivery joint? What about the company your local pizza joint outsourced their email to — how many other companies do does that company send for? Do they all deserve a free pass around your spam filters?
Pretty soon, managing exceptions to your filters becomes more complicated, more time-consuming, than managing the filters in the first place. And then the phone rings: some company you’ve never heard of, asking to be whitelisted so they can send their newsletter to a VP you’ve never even met — but you’ve heard she thinks it’s easy (and fun) to replace technical staff like you. Or maybe you work for an ISP, and the frat boy on the phone insists that hundreds of your users are just begging for this email. You can’t call every single user in the middle of the night to ask if that’s true. How do you decide?
Tell me more
Categories: Commentary View Comments
Jan
28
SpamAssasin Rarely Misses
SpamAssassin is, by any measure, the most popular open source spam filtering software. It has won numerous awards, and has been incorporated into many commercial filtering appliances. On Tuesday, the SpamAssassin developers announced version 3.3.0, their first major update since 2007.
SpamAssassin was born in 2001, when Justin Mason (who is still involved in the project) rewrote & updated an earlier open-source filtering script. At present it primarily consists of a set of message tests of varying complexity, each analyzing portions of the headers or body and adding to or subtracting from the resulting spam score.
Categories: News Return Path View Comments
Jan
12
Easiest Prediction Ever: Spam Will Suck in 2010
Hey there, fellow spam fighters. Read this quick, because any second now all those infected machines that were powered down over the holidays will boot up, get fresh orders from their bot masters, and start sending spam again. Most of ‘em already have.
We’ve published a bunch of predictions recently, because that’s apparently the cool thing to do. Here are our thoughts on how those same trends (plus a few more) will affect you, the spam fighter, as you work to reduce how much unwanted crap your users see in their inboxes.
Email Still Isn’t Dead
You’ve seen the stats: Facebook and Twitter aren’t replacing email, they’re sending email. This will continue in 2010, and become more complex now that Facebook wants application developers to ask users for their email addresses in order to send them notifications them directly.
Categories: Commentary View Comments
Dec
21
There Never Was a Time Before Permission
Think about what you were doing on the Internet fifteen years ago, as 1994 rolled over to 1995. The Mosaic browser was brand new; Netscape 1.0 shipped that December. Windows 95 hadn’t been released. Bill Clinton was still considered a hip, young president. And me? I was already dealing with spam.
Some people may try to tell you that spam started in the seventies, but that’s just shoddy research. Up until the mid-nineties, there were maybe a handful of misguided marketers sending out spam‚ email or otherwise, each year. It wasn’t anything like we’ve got today, and it wasn’t a big deal because they were always slapped down quick. The early Internet had an Acceptable Use Policy which basically forbade all commercial activity, and violating it meant you lost access.
But within just a few years, it all changed. The last vestiges of the non-commercial Internet were replaced by paid access, which led to the expectation that if you paid your bills on time you could do whatever you damn well pleased. Mom & Pop dial-up ISPs were borged into a few corporate conglomerates, yet neither had ever imagined they’d have to deal with any email activity worse than the occasional chain letter.
Categories: Commentary View Comments
Dec
17
MAAWG, IETF, and BITS
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable.
MAAWG is comprised of ISPs, technology vendors including Return Path, ESPs, and a small but growing number of big brands, all interested in talking about email spam and other abuses of messaging systems. Some of their published documents include the Senders Best Communications Practices, which could be called the deliverability bible, and Message Sender Reputation Concepts and Common Practices, the best publicly available resource for understanding reputation systems like Sender Score.
Categories: News View Comments