Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

  • Terry Zink: Security Talk

    New spam rules of engagement finally starting to sink in

    • 6 Comments
    Having been a spam fighter for over two years, and having watched spam evolve very quickly over the previous six months, it is now sinking in to me that the methodology in which we used to use to fight spam is no longer valid. Whereas before we had a...
  • Terry Zink: Security Talk

    Sender authentication part 19: How spammers evade SPF

    • 6 Comments
    How would a spammer get around SPF? One way is the method used by Spammer-X in his book Inside the Spam Cartel . Spammer-X is a retired spammer (so he says) and goes into a lot of the details in his book. I'll give a review when I'm done this series on...
  • Terry Zink: Security Talk

    Sender Authentication part 1: The basics of sending email

    • 6 Comments
    This is my first post in my series on email authentication. In order to understand how to authenticate the sender of an email, we need to understand how email works. I remember back in my 4th year of university when we learned how to send "fake" email...
  • Terry Zink: Security Talk

    Sender authentication part 7: Shortcomings of SPF

    • 6 Comments
    SPF is a method of authenticating the envelope sender's domain with the IP that transmitted the message to the receiving mail server.  It is quite useful for preventing spoofing but it has its shortcomings: 1. SPF adoption has been slow. As I alluded...
  • Terry Zink: Security Talk

    Stopping bots from abusing webmail

    • 6 Comments
    One of the problems of bots is that they sign up for free webmail accounts (like Hotmail, Yahoo or Gmail) and then use them to send out spam.  These services will throttle their outbound mail, that is, cut off the sender if they exceed a certain...
  • Terry Zink: Security Talk

    Spam filters and foreign spam, part 3 - ASCII

    • 6 Comments
    If everyone spoke English, and spammers only sent spam from bots, spam filtering would have a relatively simple task (relatively speaking, of course). But, that simply isn't reality. The biggest shift in spamming over the past 18 months or so is the use...
  • Terry Zink: Security Talk

    Why change the FP metrics?

    • 6 Comments
    In the comments in my other post on the other side of accurate metrics, a fellow blogger writes the following: In my experience every vendor who quotes a FP figure bases it on the total number of inbound messages (including those that get 5xx-rejected...
  • Terry Zink: Security Talk

    Why does all popular software become bloated?

    • 6 Comments
    Over the weekend, I read an articled entitled Superior Alternatives to Crappy Windows Software .  This is not to suggest that Windows is crappy, but that there are applications that run on Windows that are lousy.  There are a lot of points that...
  • Terry Zink: Security Talk

    The problem of backscatter, part 3 - Legitimate bounces

    • 6 Comments
    When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. There are a few kinds of bounce notifications that a mail server can send: Recipient...
  • Terry Zink: Security Talk

    The problem of backscatter, part 18 - Wrapping it up

    • 6 Comments
    Backscatter spam is annoying.  It's tough to filter because the contents of it can fool content filters and can also fool end users. Indeed, if your content filter could recognize an NDR and ignore the parts that typically occur in NDRs, you could...
  • Terry Zink: Security Talk

    The advantages of being a PM

    • 6 Comments
    Here at Microsoft, we quite regularly see people rotating in and out of various divisions.  A new person will join and another person will leave.  Recently we had another anti-spam manager join the group.  Since I've been in the antispam...
  • Terry Zink: Security Talk

    The Council of Elrond

    • 5 Comments
    A couple of weeks ago, the Financial Times ran an article entitled "Secret War on Web Crooks Revealed."  Here's an excerpt: The people who run the world's internet systems are a rather secretive bunch.  Three times a year, senior technical...
  • Terry Zink: Security Talk

    The other half of accurate metrics

    • 5 Comments
    Referring back to my previous post on accurate metrics referring to spam-in-the-inbox, spam is one side while false positives are the other. Whereas we measure spam as a proportion of what the user sees, we can measure false positives as a proportion...
  • Terry Zink: Security Talk

    The Relative Performance Index

    • 5 Comments
    I’m so good sometimes I amaze even myself. I like to play around with metrics and measurements. For the longest time, this was difficult to do because I was unsure of how to determine our non-spam. Well, a couple of months ago I devised a system...
  • Terry Zink: Security Talk

    Why send spam over TLS?

    • 5 Comments
    In my previous post, I noted that rustock had started sending us a whole pile of spam over the TLS protocol.  The question now is why do it at all?  I mentioned in my post that this is clever behavior and one of my readers posted in a comment...
  • Terry Zink: Security Talk

    Spam level hits 94%... but you heard it here first

    • 5 Comments
    I see on Spamroll that they came across an article on techweb that lets us know that spam hit 94% of all email traffic in December. I don't want to brag (oh, wait, yes I do), but I reported in this post the following on December 27: Approximately 6% of...
  • Terry Zink: Security Talk

    SPAM vs spam

    • 5 Comments
    I notice quite often that when people refer to spam (either inside our company or on the outside), they often say "SPAM." This has often confused me because as far as I know, SPAM is not an acronym and doesn't stand for anything, it's only slang for Unsolicited...
  • Terry Zink: Security Talk

    Strong passwords fine, but not necessarily necessary

    • 5 Comments
    Randall Stross, writing for the New York Times last week, has a good article up about the necessity of strong passwords.  For those of us in the security industry, when we say “strong passwords” what we mean is one that has a lot of characters (usually...
  • Terry Zink: Security Talk

    Sender authentication part 8: Best-Guess SPF

    • 5 Comments
    I've had a document sitting on my shelf (ie, the window-sill 10 feet away from my desk) for about 6 months now just waiting to be read. It's entitled Sender Repuration in a Large Webmail Service. It's by Bradley Taylor, at Google, and is available to...
  • Terry Zink: Security Talk

    Sender ID is pretty effective, but on the other hand, so am I

    • 5 Comments
    I read the following article that Microsoft's Sender ID hits new milestone for stopping spam . In the article, Microsoft has announced that their Sender ID spam filtering technology has blocked over 3.8 billion spam messages. It goes on to say that Microsoft...
  • Terry Zink: Security Talk

    Sender authentication part 29: Some DomainKeys examples

    • 5 Comments
    Let's plow through a few real life examples. Here's an actual DomainKey Signature: Example 1 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.au; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version...
  • Terry Zink: Security Talk

    Sender authentication part 12: Some examples of SPF

    • 5 Comments
    Now that we've plowed our way through SPF, including the syntax (I can't believe I took the time to do it, but if I ever go into a university and have to teach it I guess I should know it), let's take a look at some real life examples of domains that...
  • Terry Zink: Security Talk

    Sender authentication part 18: More hazards

    • 5 Comments
    The other hazard I'd like to look at with regards to SPF and SenderID is the issue of newsletters, or more specifically, bulk emailers. Bulk emailers have a long and checkered history of using questionable email practises. They put in lots of advertising...
  • Terry Zink: Security Talk

    Some stats and figures on DKIM and SPF

    • 5 Comments
    Did you ever wonder how many organizations out there are signing their mail with DKIM?  Or how many organizations rely on SPF as a tool to validate their inbound mail? Well, I’ve wondered as well.  DKIM supposedly is getting more popular, but...
  • Terry Zink: Security Talk

    Six steps to sending email over IPv6 – my Internet Draft

    • 5 Comments
    A couple of weeks ago, I published my first Internet Draft to the Internet Engineering Task Force (IETF).  Today, I updated it, making it version 2 (but named version 01.txt).  It is titled Recommendations for the use of whitelists for email...
Page 4 of 47 (1,168 items) «23456»