Tag: email
-
We are more ready for IPv6 email than we may think
In email security circles, IPv6 is the elephant in the room. While the transition from IPv4 to IPv6 is a relatively smooth affair for most of the Internet, and few people will have noticed that a large part of Internet traffic is currently using IPv6, email is still lagging behind: RIPE, Europe’s Regional Internet Registry,…
-
Expired domain led to SpamCannibal’s blacklist eating the whole world
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender’s IP address (and sometimes their domain) is listed as a known spammer. As the name suggests, a DNS blacklist is queried over DNS: to do a lookup for the IP address 1.2.3.4…
-
Expired domain led to SpamCannibal’s blacklist eating the whole world
The first line of defence in many a spam filter is to query one or more DNS blacklists to see if the sender’s IP address (and sometimes their domain) is listed as a known spammer. As the name suggests, a DNS blacklist is queried over DNS: to do a lookup for the IP address 1.2.3.4…
-
Netflix issue shows email verification really does matter
In the email security community, the use of confirmed opt-in has long been a recommended practice: an email address given to you can’t be used until the account owner has confirmed (by clicking a link in or replying to a confirmation email) that they do indeed own that email address. When email service provider Mailchimp…
-
Netflix issue shows email verification really does matter
In the email security community, the use of confirmed opt-in has long been a recommended practice: an email address given to you can’t be used until the account owner has confirmed (by clicking a link in or replying to a confirmation email) that they do indeed own that email address. When email service provider Mailchimp…
-
Facebook helps you determine whether emails really came from its servers
There are many good reasons to criticize Facebook for its collecting of our personal data, but the company also deserves credit for being at the forefront when it comes to online security. The company has long had a generous bug bounty program , can send PGP-encrypted notifications, and has even set up a .onion version…
-
Facebook helps you determine whether emails really came from its servers
There are many good reasons to criticize Facebook for its collecting of our personal data, but the company also deserves credit for being at the forefront when it comes to online security. The company has long had a generous bug bounty program , can send PGP-encrypted notifications, and has even set up a .onion version…
-
ROPEMAKER email exploit is of limited practical use
Researchers at Mimecast have published details ( pdf ) of an email exploit they call ‘ROPEMAKER’ (short for ‘Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky’), which allows an email sender with malicious intentions to modify the appearance of an email after it has been delivered. The idea is rather simple: a lot of…
-
ROPEMAKER email exploit is of limited practical use
Researchers at Mimecast have published details ( pdf ) of an email exploit they call ‘ROPEMAKER’ (short for ‘Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky’), which allows an email sender with malicious intentions to modify the appearance of an email after it has been delivered. The idea is rather simple: a lot of…
-
DMARC: an imperfect solution that can make a big difference
US Senator Ron Wyden has written a letter ( pdf ) to the Department of Homeland Security, urging the US government to implement DMARC to “ensure hackers cannot send emails that impersonate federal agencies”. DMARC is an email security standard that was launched by a few major players in the field of email in 2012…