English
Deutsch
Español
Français
Português/Brasil
Italiano
Jul
28
Rate Limiting with Sender Score
A number of our ISP partners have been using the Sender Score to inform their rate limiting algorithm, permitting IPs with a higher score to send at a higher rate, while those with lower scores are restricted to lower rates of delivery attempts. Here’s some code which should allow anyone to use this same technique.
Tell me more
Categories: How-To View Comments
Mar
1
Comcast’s Impressive System for Notifying Infected Users
As one of the world’s largest access providers, our partner Comcast has put a ton of thought into developing a notification system for their users. Their motivation is clear, and close to the heart of anyone working in security for end user systems: “to advise the user that their computer is infected with malware, that their security is at severe risk and/or has already been compromised, and that it is recommended that they take immediate, corrective action NOW.”
Tell me more
Categories: Explanation How-To Standards View Comments
Jan
6
Don’t Make It Easy For The Phishers
There’s no such thing as a Final Ultimate Solution to the Spam Problem, or a Final Ultimate Solution to the Phish Problem. What works is security in layers — and more layers, and more layers, and more layers. Yet in the search for that FUSSP or FUSPP, some of the simpler, lower layers have been skipped over.
One of these, believe it or not, is email authentication.
Tell me more
Categories: Explanation How-To View Comments
Sep
7
How to Evaluate & Compare Anti-Spam Products
Hey, you! Yeah, you with the ethernet cable. Get in here and look at all this spam. What do you mean you can’t do anything?! Didn’t we buy one of those anti-spam thingers in 2002? Oh fine, I’ll approve an upgrade, but you can only choose one thing — make sure it’s the best. Otherwise, you’re fired. What was your name again?
Tell me more
Categories: How-To News View Comments
Apr
1
Email Best Practices Matter, No Matter Who You Are
If you haven’t followed Return Path through the length of our existence you may not know that our original business was an Email Change of Address service. This is a consumer service in which we facilitated re-connection of email relationships after an individual had moved to a new email service – the email equivalent of the United States Postal Service change of address form for when you move to a new house or apartment. It’s a pretty cool idea, which is why we recently sold it to Fresh Address, who will keep it running. You should give it a try.
In the process of running the service for more than eight years we acquired over 20 million customer records. In compliance with our privacy policy as part of the sale we sent a Change of Control Notice to these customers. The notice informed our customers of the new ownership, and gave them the opportunity to opt-out of the service before the data was sent to Fresh Address.
All of the email addresses were collected using the double opt-in method, however it had been quite a while since many of these customers had been sent email from Return Path. In many cases, it had been years. Yes, not routinely mailing our customers flies in the face of good email hygiene best practices – the practices we regularly recommend to our clients. We see the irony. But the Change of Control Notice is a promise we’d made to these customers in our privacy policy, and it’s required by the law in some jurisdictions, so we had to send the email.
So now what do we do? …
Categories: Commentary How-To View Comments
Sep
22
Before You Get Famous Protect Your Email Account
By now, you have likely heard about Alaska Governor Sarah Palin having joined the redoubtable ranks of famous people like Paris Hilton and Chester Charlie Bennington (the lead singer of Linkin Park) whose email accounts have been hacked.
Like the Alaskan tundra, the Internet can be a scary, cold, dangerous place. But if the proper precautions are taken, risk of obvious dangers can be reduced significantly. So, whether you’ve been thrust into the spotlight recently or not, we’d like to nominate the following precautions and hope they get your vote …
Categories: How-To View Comments
Jul
17
Case Study: Web 2.0 Runs on Email
CEO & Chairman
It’s fashionable in many circles to toll the death knell for email. Part of the reason for that is the rise of Web 2.0 – blogging, social networking, and other methods of interaction that supposedly make email obsolete.
The funny thing is, Web 2.0 tends to rely pretty heavily on email. All those LinkedIn and Facebook emails are the things that drive huge amounts of activity on the sites.
Take Twitter as another example. While Twitter has successfully created a whole new communication method (complete with the verb “to Twitter” and the noun “tweet”) a large number of their new members come through email. Specifically they come from peer-initiated email, aka forward to a friend email. Unfortunately for them, a lot of that email was being blocked or junked. This is a common problem for any company that has email forwarding on their site.
Fortunately for Twitter …
Categories: How-To Research View Comments
Jan
22
Are Spammers Spoofing Your Newsletter?
You may have heard recently about spammers sending out scads of their usual garbage with topical subject lines referring to the Chinese satellite issue, or the terrible storms taking place in Europe. These messages are actually Trojans intending to infect unwitting recipients. This is a typical social engineering trick to garner better open rates, a variance on subject lines like “About the meeting today” or “Dont understand, hope u can help.”
But now, spammers have discovered a new tactic that has serious implications for the sender community. According to Symantec, spammers are now forging email to look like it is coming from the publishers of legitimate newsletters and email streams. Just as phishing has hampered financial services move into email, this type of spam will have serious negative impact on legitimate senders caught up in this deception.
There are a few steps you can take to mitigate any damage …
Categories: Commentary How-To View Comments
Jan
19
Senders Can Take Action against Zombies & Botnets: Join the Spamhaus Policy Block List
Last week I wrote about how the sender community needs to be engaged and involved in the fight against spam. In particular, anyone who cares about the future of email needs to be very concerned about spammers who use “zombie” computers to send their messages.
Many senders wonder what action steps they can take to help in this fight. Well, today Spamhaus launched a new Policy Block List that is intended to be a compendium of legitimate IP addresses. Want to help the global fight on zombies and botnets? Join the list.
The Spamhaus PBL is pretty simple. …
Categories: Explanation How-To View Comments
Mar
9
Implementing Email Authentication: A Primer
Chief Privacy Officer
One of the most basic elements of our work at Return Path is ensuring that clients use best practices in their email delivery processes. A common recommendation we give is to implement email authentication. Email authentication has two primary benefits: It stymies forgery of email messages and allows senders to build a positive reputation with receivers based upon their mailing behavior. Yet many companies, particularly small ones, have never heard of email authentication — and those who have heard of it have not yet initiated a project to implement it.
How does email authentication work? The most common schemes today — SPF, SenderID, and DomainKeys…
Categories: Explanation How-To View Comments