Tag: email
-
DMARC: an imperfect solution that can make a big difference
US Senator Ron Wyden has written a letter ( pdf ) to the Department of Homeland Security, urging the US government to implement DMARC to “ensure hackers cannot send emails that impersonate federal agencies”. DMARC is an email security standard that was launched by a few major players in the field of email in 2012…
-
Will DIME eventually replace email?
Protocol has all the advantages of email, yet is orders of magnitude more secure. In the current Internet era sometimes referred to as ‘post-Snowden’, it is often said that email is broken. After all, a lot of email is still flowing over the Internet unencrypted, and even if encryption is used for email delivery, that…
-
TorrentLocker spam has DMARC enabled
Use of email authentication technique unlikely to bring any advantage. Last week, Trend Micro researcher Jon Oliver (who presented a paper on Twitter abuse at VB2014) wrote an interesting blog post about a spam campaign that was spreading the ‘TorrentLocker’ ransomware and which, unusually, was using DMARC. TorrentLocker is one of the most prominent families…
-
Praise for the unsung heroes of email
Many decent performances in VB’s latest comparative spam filter test. A decade ago, there were optimists who thought that the spam problem would soon be eradicated. At the same time, pessimists thought that spam would quickly become such a big problem that we’d all stop using email. The bad news is that the optimists were…
-
VB2014 paper: DMARC – how to use it to improve your email reputation
Terry Zink presents case study in which he describes setting a DMARC policy for Microsoft. Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘DMARC – how to use it to improve your email reputation’, by Microsoft’s Terry Zink. Email…
-
DNS cache poisoning used to steal emails
Call to use end-to-end encryption and to deploy DNSSEC. DNS is sometimes called ‘the phone book of the Internet’. If true, then it is a phone book that makes it relatively easy to be tricked into calling someone else. Whether it is through using social engineering to hijack a DNS account at a gullible registrar,…
-
Yahoo’s DMARC policy wreaks havoc among mailing lists
Collateral damage in instruction to reject emails with invalid DKIM signatures. A change in Yahoo ‘s DMARC policy has caused frustration among operators of many mailing lists and their subscribers. On its official website , DMARC is described as standardizing “how email receivers perform email authentication using the well-known SPF and DKIM mechanisms”. It was…
-
At least 99.4% of spam blocked in recent Virus Bulletin test
All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC. The results of the most recent VBSpam spam filter test show that all 18 of the solutions tested blocked at least 99.4% of all spam – although some struggled with false…