One of things I've noticed amongst the public is the confusion between the terms phishing and spoofing . The two are not synonymous. Phishing attacks generally use spoofing as a strategy but spoofing attacks are not necessarily phishing. Spoofing is impersonating...

In documentation that Microsoft is going to release shortly, they have some recommendations on how to set up your SenderID records as well as a list of frequently asked questions. I will post a link to the relevant documents when they become available...

How would a spammer get around SPF? One way is the method used by Spammer-X in his book Inside the Spam Cartel . Spammer-X is a retired spammer (so he says) and goes into a lot of the details in his book. I'll give a review when I'm done this series on...

Microsoft is shortly coming out with some documentation on SenderID and the business case for its implementation. Hopefully by now I have demonstrated its usefulness. The Purported Responsible Address has a couple of advantages when deciding to support...

Well, today I'm off to the Conference on Email and Antispam , in Mountain View, California. It's on Aug 2-3, 2007. I'm not speaking or presenting anything this, but maybe next year I'll present a topic like "How to write an antispam blog."

I've just been busy with a bunch of stuff over the past two weeks. I plan to resume to normal blogging in the near term.

Here's a round up of my random thoughts on the CEAS: 1. The stuff on image spam detection was interesting, but it's a little late. Spammers have moved on to other tricks. 2. Speaking of the stuff on image spam, the false positive rates were very high...

I'm checking our statistics on the amount of pdf spam we're seeing, and after Aug 20 (last week) it seems to have disappeared. It hasn't disappeared entirely, of course. But my spam rules that targeted this stuff have gone from a couple million hits per...