July 2008
65 posts
CircleID: Is Anti-Virus Dead? →
experts agree:
users will click anything
anti-virus is no longer sufficient
John Bambenek explains why.
Morrison & Foerster: Japanese New Anti-Spam Law →
“The New Anti-Spam Law applies to all commercial email sent to or from Japan by for-profit groups or individuals engaged in business (“Senders”). Accordingly, the rules described in this Alert are applicable to any Sender who sends commercial email to recipients in Japan, regardless of where the...
WOOT '08: Towards Systematic Evaluation of the... →
“Modifying a bot in order to evade a detection method may result in a less useful botnet; to explore this, we identify aspects of botnets that impact their revenue-generating capability.”
by Elizabeth Stinson and John C. Mitchell, Stanford University
WOOT '08: There is No Free Phish: An Analysis of... →
“In this paper, we study in detail the kits distributed for free in underground circles and those obtained by crawling live phishing sites. We notice that phishing kits often contain backdoors that send the entered information to third parties. We conclude that phishing kits target two classes of victims: the gullible users from whom they extort valuable information and the unexperienced...
io9: Weird Tales: A Spam-Based Writing Contest... →
Weird Tales magazine is sponsoring a flash fiction contest, based on spam randomness. Click through for details.
TMCnet: Report: 80 Percent of All E-mail Comes... →
more details here and here
Comcast has a postmaster site →
(via emailkarma)
John Levine: Why we'll never replace SMTP →
John explains (again) why replacing SMTP wouldn’t fix the spam problem
8 tags
If thou be'st as poor for a subject as he's for a...
Way back in 1995, Wired reporter Simson Garfinkel gave Jeff Slaton the name “Spam King.” Less than a year later, Sanford Wallace earned the title — and soon had to share it (and his upstream provider) with Walt Rines. Others have come and gone; Sanford and Walt reappear every few years, together or separately, only to be sued away again.
In 2004, Brian McWilliams’ book...
Direct: Despicable Media Watch: Charlie Demerjian... →
Ken Magill roundly lambasts a reporter who apparently didn’t realize that muderering his wife and children was far more despicable than Eddie Davidson’s earlier crimes.
(via spam resource)
(see also: CAUCE’s reaction)
PC World: The Tale of Two Busted Spammers →
Jeremy Kirk tracks down two spam senders, and finds that they both fit into what we might consider the “well-meaning but clueless marketer” category — they didn’t set out to be criminals, and they honestly think they aren’t spammers.
Wired: California Man's Computer Used to Send Bomb... →
Botnet researchers have been predicting this for years, and now it appears to have happened: an innocent person’s computer was infected, and used by terrorists to warn of a bomb attack which killed 45 people.
And it’s a safe bet that’ll happen again.
Welcome to the future.
(via fergdawg)
CircleID: Click Fraud, Botnets and Parked Domains... →
Dancho Danchev describes how domain squatting is increasing, rather than decreasing, to support click fraud via botnets — and major brands are paying for it.
OnlyOnce: Why Do People Behave Like Jackasses... →
Matt Blumberg describes his (and his wife’s) recent unsubscribe-related interaction with someone who can only be politely described as a jackass.
(via spam resource, where Al Iverson provides additional color)
United States Patent Application: Dynamic... →
Yahoo! has filed an interesting patent regarding using “robots” to detect & respond to bad traffic.
(via seobythesea)
Denver Post: Spam, spam, spam, spam →
A Colorado anti-spam law, passed last Spring, is in effect — but they aren’t getting enough reports to pursue.
Spamhaus Blog: Spam, Malware and FTP cracks →
Spamhaus explains the true, nefarious purpose behind the recent spam with funny news-related subject lines
The Email Wars: It Does Not Look Good →
Dylan’s latest series of posts will explore whether ESPs actually follow the best practices they preach. This should be fun to watch (from a safe distance)….
Denver Post: Missing 'spam king' [Eddie Davidson]... →
“Stop assuming that systems are secure unless demonstrated insecure; start...”
– security superstar Bruce Schneier, writing for Wired (quoted by fergdawg)
New York Times Blog: Goodmail Is Back Trying to... →
this article is mostly just a reminder that Goodmail is still around, but the comments are quite interesting.
Eclectical Engineering: Can “pretend bounces” hide... →
short answer: no.
AP: Study: Online banking possibly dicier than... →
“…even the most security-conscious Web surfers could find themselves the victims of identity theft because they’ve been conditioned to ignore potential clues about whether the banking site they’re visiting is real….”
The study focused on banks, but the same issues exist on many other sites too.
Why does this matter to deliverability folks? The article...
Seattle Post-Intelligencer: 'Spam King' [Robert... →
‘Soloway — composed and smartly attired in a conservative suit and muted tie — told [Judge] Pechman: “I take full responsibility for everything I’ve done. I am sorry for all the people that got the e-mails.”
Pechman asked Soloway why he continued with his spamming after another judge in a civil lawsuit enjoined him from continuing.
Soloway spoke frankly....
spamnation: 85,000 →
“A company called Javelin Marketing has posted a press release in which they claim that an email list vendor sold them a 100,000 address mailing list with an 85% bounce rate. According to Javelin, the list cost them $14,000 and the massive wave of non-deliverables led to their email hosting service canceling their account.”
This is one of the oldest email marketing scams, yet ...
TechRepublic: End users more vulnerable to spear... →
“Spear phishing” is where a phisher targets a particular company or organization, rather than their customers — often using inside knowledge.
It’s not just corporations: MailChannels describes a recent spear phishing attack aimed at a university.
26%, but who cares?
The Email Wars chomps some numbers on email use by real users, concluding that marketers need to “[u]nderstand who your market is and act accordingly” — while Seth Godin, who regularly gives the same advice, explains why the online market doesn’t care about advertisers.
Wireless Week: CTIA Rallies Against Spam, But... →
“Wireless carriers already block up to 200 million texts per month but many times the senders cannot be located and brought to justice without government help, the industry lobbyist group said.”
Twitter Notices "Invasion of the Spammers" →
Twitter appears to finally be getting serious about the twinned challenges of improving deliverability and no longer being a vector for spam, following what will surely prove to be a common pattern among social networks.
SC Magazine US: Cybersecurity and the presidential... →
Barack Obama said (among other things) “I’ll declare our cyber-infrastructure a strategic asset, and appoint a national cyber adviser who will report directly to me. We’ll coordinate efforts across the federal government, implement a truly national cyber-security policy, and tighten standards to secure information – from the networks that power the federal government, to the...
Network World: Romainian authorities arrest... →
“…the suspects were accused of stealing identities online, in apparent phishing or auction-fraud schemes, and that they had taken US$640,000 from non-Romanians. Several U.S. Web sites, including eBay, were targets of the fraud…”
(via circleid)
Economic Times: Ybrant Digital to buy Scott... →
“…a Hyderabad-based digital marketing solutions firm is mounting a bid to acquire ‘Spam King’ Scott Richter’s Media Breakaway for about $100 million…”
Washington Post Security Fix: Site Redirects... →
a new study shows that URL redirectors — often used to track outgoing links from blogs, email, or other sites — continue to be a major security hole
Terry Zink's Anti-spam Blog: The problem of... →
Terry Zink wraps up his series on backscatter with a good list of ways to avoid scattering back
CAUCE North America: Good news from three spam... →
Plagiarism Today: Spotting Spam Blogs →
a primer on ways to detect spam blogs (splogs)
The Guardian: Lessons from the bloody war on spam →
Cory Doctorow recaps the progression of the war on spam, and compares it to the continuing failures of the war on copyright infringement.
Bump bump bump.... →
another one bites the dust…
Teens herald the death of email →
Yet another article tracking the diversification of online messaging platforms yet describing it as the impending doom of email.
Personally, I think email became a victim of its own success and was used for lots of purposes that it didn’t really suit well. And now that there are other platforms that suit those other purposes better, email is returning to the uses for which it is best...
CircleID: Anti-Phishing and Hong Kong →
James Seng doesn’t like the APWG’s request for TLD registries to work with them to take down phishing sites, so he suggests an alternative based on HKIRC’s existing process.
Getting Email Delivered: How the Email... →
Anne Mitchell explains that her “…expectations for honourable behaviour among our colleagues and competitors are not always met,” giving a few examples of questionable claims made by questionable salespeople.
All of this just confuses people who truly do need help — and that’s a damn shame. But there aren’t any independent testing services with enough clue to...
Sky News: Crackdown On Junk Mail Email Spam And... →
UK Information Commissioner report “…recommends making it easier for the public to keep track of who holds personal information about them…” and “…massive fines against companies or government bodies which breach privacy rules.”
ARF in relation to the AOL FBL →
On the open abuse-feedback-report discussion list, Steve Atkins explains (again) the best practices for dealing with AOL’s policy of redacting the recipient address in feedback loop messages, and why it’s not an ARF standards issue.
MailChimp: Warning signs your client is spamming →
The folks at MailChimp have published a wonderful guide for how to tell, as an ESP or marketing agency or similar, whether your client’s bad practices are going to ruin your business.
CircleID: An Astonishing Collaboration →
An obviously relieved Dan Kaminsky describes the recent collaborative process to fix a big DNS bug before any bad guys could discover it.
Have you updated your nameserver software in the last few weeks? If not, it’s time. Dan writes:
It’s a bug in many platforms
It’s the exact same bug in many platforms (design bugs, they are a pain)
After an enormous and secret effort,...
Let the Meat-Boxing Begin!
Ut oh, we’ve got comments now! Just click on the “comments” link at the bottom of any article, and it’ll bring you to an article-specific page with a bright, shiny, lightly moderated comments & discussion area. You can even write pseudonymously if you prefer.
Thanks to Michael at IntenseDebate for his assistance with getting this working.
J.D.
John Levine: Yes, you really have a zombie on your... →
Steve Champeon explains the difference between the simple open relays of years past or the reputation problems that many email marketers face today, and the all-too-common situation of having a zombie on your network spewing spam.
The Industry Standard: Web companies organize... →
“The companies — from Microsoft to Cisco to AT&T — are all releasing patches today or in the next few days to eliminate the major [DNS] vulnerability, which was discovered early this year….”
(via circleid)