Internet and e-mail policy and practice including Notes on Internet E-mail

←2005→ Months Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Click the comments link on any story to see comments or add your own. RSS feed

Home 30 Jun 2005 IETF publishes RFCs on SPF and Sender ID Email A recent press release from the Internet Society reports that the IETF will shortly publish specifications of SPF and Sender-ID in the RFC series. What does this mean for the future? Not much. See more ... posted at: 11:55 :: permanent link to this entry :: 1 comments Trackback link is http://weblog.johnlevine.com/Email/spfrfc.trackback 26 Jun 2005 Phish or Phair, part II Email Here we have a piece of mail purportedly from MBNA (a large credit card bank headquartered in an impressively large and anonymous building in Wilmington DE that I walked past a few weeks ago) about a utility bill that perhaps is available in their system for me to pay. Again the only thing I changed was to turn the target address to xxx@yyy.com. All of the X- headers were in the original mail. Clues: Comes from customercenter.net which is not MBNA Has a lot of dubious 10.x.x.x received headers referring to Checkfree which isn't MBNA, either Has amateurish looking X- headers Body has Javascript to concoct a URL that you're supposed to click on URL links to mbnanetaccess.com. Is that really MBNA? Bill is from NYSEG which is indeed the local electric company, but anyone who looked at my WHOIS info would know that. See more ... posted at: 12:29 :: permanent link to this entry :: 2 comments Trackback link is http://weblog.johnlevine.com/Email/phish2.trackback 23 Jun 2005 Phish or Phair? Email Phishing is a big problem, and banks have given us lots of advice like don't click on links in e-mail messages and watch for mail from fake sources. So take a look at this message that I got earlier this year and tell me whether it's real or a phish. (I already know the answer. This is a thought experiment.) Clues: Helo with nonexistent domain name unrelated to the bank Actual IP has no rDNS, SWIP is to some company with no visible connection to the bank Return address is in securesuiteemail.com, a domain unrelated to the bank Return address domain is at Yahoo domains with a yahoo.com contact, a mailing address in Israel, and a bogus phone number Headers include "Comment: Unauthenticated sender" HTML contents include URLs that they encourage you to click through, that don't match the ones in the text part and are not in the bank's domain or any domain in the header, rather they're at bankofamerica.vbv.cyota.com So tell me, if you found this in your mailbox, would you believe that it's a genuine communication from the Bank of America credit card department? See more ... posted at: 23:09 :: permanent link to this entry :: 3 comments Trackback link is http://weblog.johnlevine.com/Email/phish1.trackback 19 Jun 2005 We hate spam except, of course, when it's inconvenient to do so Email Paul Graham is a smart guy who popularized naive Bayesian spam filtering in 2002 with A Plan for Spam and has organized a series of informal spam conferences at MIT. Earlier this month he was shocked and horrified to discover that his web site, hosted at Yahoo where he used to work, had appeared on the widely used Spamhaus blacklist, and he wrote a portentous web page about it, called The Destiny of Blacklists with quotes like "This is, strictly speaking, terrorism." Nobody, including Spamhaus, thinks that Graham is a spammer. Does this mean that Spamhaus has gone rogue? Well, no. See more ... posted at: 00:53 :: permanent link to this entry :: 9 comments Trackback link is http://weblog.johnlevine.com/Email/paulgraham.trackback 18 Jun 2005 Microsoft's Hotmail demands Sender-ID, backlash to follow Email Sender-ID is Microsoft's entry in the anti-spam technology sweepstakes. It's a scheme developed during last year's MARID fiasco in which their earlier Caller ID propsal and Meng Weng Wong's SPF were merged, sort of. Microsoft's patent claims and the details of the patent license they offered so severely distracted MARID that the merits or lack thereof of Sender-ID didn't get much attention. Now, Microsoft's Hotmail, which also handles the mail for MSN users, says that they will shortly be checking Sender-ID on all mail to Hotmail and will show a yellow warning box on all mail that doesn't pass. What should senders do? Ironically, for most senders, the best answer is nothing. See more ... posted at: 22:23 :: permanent link to this entry :: 5 comments Trackback link is http://weblog.johnlevine.com/Email/hotmailsenderid.trackback 17 Jun 2005 Upcoming conferences and speaking events Email July is a busy month, with five events. International Telecommunications Union WSIS Thematic Meeting on Cybersecurity, 28 June-1 July, Geneva CH Planning to speak on Limits of technical anti-spam approaches at first day spam session Oxford Internet Institute, Oxford UK, 4 July Speaking to a predominantly academic audience on Internet Governance for Dummies. European Conference on IT Management, Leadership and Governance, University of Reading UK, 7 July Speaking to a predominantly academic audience on Internet Governance for Dummies. ICANN meeting, Luxembourg, 10-15 July 2005 Participating as member of the At-Large Advisory Committee (ALAC) Second annual Conference on Email and Spam, Stanford University, 21-22 July Speaking on Experience with Greylisting. posted at: 17:50 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/conferences0507.trackback 12 Jun 2005 Readers can now leave comments Email We have upgraded our weblog software to allow readers to leave comments. To read comments on a story or leave your own, click on the small comments link at the bottom of each story. When you leave a comment, you must provide a valid e-mail address to which it will mail a message with a confirmation URL. Your address won't be displayed with the comment unless you check a box that explicitly permits it. (No, we won't add it to a spam list, either.) This avoids the noxious problem of blog spam, large irrelevant comments containing links to sleazy web sites that want to increase their search engine ranking. If you know what a trackback is, an inter-blog crossreference, they should work, too. posted at: 22:20 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/blogcomments.trackback

Topics Copyright Law - 8 Email - 114 ICANN - 50 My other sites Who is this guy? Airline ticket info Taughannock Networks Other blogs Spam resource (Al Iverson) The Spam Diaries (Ed Falk) Word to the Wise (Laura Atkins) Lextext (Bret Fausett) Related sites IRTF Anti-Spam Research Group Network Abuse Clearinghouse Coalition Against Unsolicited Commercial E-mail

© 2005-2008 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.