The Monday HELO — July 18, 2011

This week: hackers in your voicemail, hackers in your email, hackers trying to get in, and keeping Google’s party private.

Welcome (after a brief hiatus) to the twelfth edition of The Monday HELO, in which Melinda Plemel synopsizes some of the most interesting recent happenings in email technology and messaging abuse.

Tell me more

Categories: Commentary News View Comments

What Ever Happened to ADSP?

Many mailbox providers are concerned about liability and expectations: they know they’ll be blamed by their users and even by senders when a senders’ ADSP policy leads to a legitimate (but unsigned) message being discarded. They’re also concerned that they’ll be expected to provide technical support for every mail operator who wants to use ADSP. Similarly, those same mail operators — whether senders of bulk marketing email, enterprise Exchange administrators, or mailbox providers themselves — are worried that there may be mail streams that aren’t applying DKIM correctly, or aren’t authenticating at all.

Tell me more

Categories: Explanation Standards View Comments

Don’t Make It Easy For The Phishers

There’s no such thing as a Final Ultimate Solution to the Spam Problem, or a Final Ultimate Solution to the Phish Problem. What works is security in layers — and more layers, and more layers, and more layers. Yet in the search for that FUSSP or FUSPP, some of the simpler, lower layers have been skipped over.

One of these, believe it or not, is email authentication.

Tell me more

Categories: Explanation How-To View Comments

Where Every Phisher Knows Your Name

Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it’s legitimate. Though not new, spear phishing has been increasing. It’s clear that the criminals’ techniques have evolved beyond technology-only attacks, and thus so must our protections and our paranoia.

Tell me more

Categories: Explanation View Comments

At Work, or On Call? Thank You.

Return Path sincerely thanks all of the abuse and postmaster staff, system and network administrators, security staff, CERTs, fraud analysts and law enforcement personnel who are at work or on call during this holiday season.

What are you doing to keep from falling asleep between alerts?

Tell me more

Categories: Commentary View Comments

Security Alert: Phishing Attack Update

Yesterday, we updated on our report around the targeted ESP phishing attack that has been ongoing for almost a year now and has led to multiple known ESP system breaches. Our original post is here, and yesterday’s post is here. …

Tell me more

Categories: News Return Path View Comments

Security Alert: Update on ESP Phishing Attack

As you saw from our blog post yesterday, we have become aware of a serious phishing attack aimed in part specifically at ESPs, some direct mailers, and other sites. Since the time of our posting and into late evening yesterday …

Tell me more

Categories: News Return Path View Comments

Security Alert: Phishing Attack Aimed at ESPs

Below is a note we sent to our Email Service Provider (ESP) partners this morning alerting them to a spear phishing campaign targeting ESPs. Spear phishing attacks are targeted and effective, with tremendous potential to damage corporate security.

Tell me more

Categories: News View Comments

ZeuS Malware Has Retired, Worse Than Before

Spam content and approaches have evolved over times – bad guys were initially willing to sell fake body-enlargement pills to con you out of your money; now, rather than wait for sales to occur, they just dip directly into your bank account. So, what do you do?

Tell me more

Categories: Commentary Explanation View Comments

Who Are Domain Names For?

Big brands are effectively required to register their trademark in every gTLD and ccTLD they can, because most users are completely unaware of gTLDs and ccTLDs.

Tell me more

Categories: Commentary View Comments