I just got junk email … from me! It is surprisingly common for users to receive Spam email messages that appear to come from their own address (i.e. “joe@domain.com” gets a Spam email addressed so it appears to be from “joe@domain.com”). We discussed this issue tangentially in a previous posting: Bounce Back & BackScatter Spam […]
We’ll close (for now) our three part series on the state of domain-based authentication for emails by completing the story on technologies being deployed or defined to improve the security of the email ecosystem. In Part 1, we wrote about using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate the sending mail […]
Building a safer email ecosystem with DMARC In our previous post, we described two techniques for authenticating an email sender: Sender Policy Framework (SPF), IETF RFC 7208, which verifies if the sending MTA is indeed authorized to send mail on behalf of a domain; and DomainKeys Identified Mail (DKIM), IETF RFC 6376, where a domain shows “ownership” of a mail […]
Our latest “Ask Erik” question involves understanding what email headers save about secure message transport … especially when they list MAPI or HTTPS instead of TLS.
Recent reports on cyber-security threats in the healthcare sector by Verizon, Symantec and Ponemon consistently make several observations: Email-borne malware is on the rise, with such malware delivered via spam or phishing; Small-to-medium sized businesses (from all sectors) have the highest rate of email-delivered malware; Most breaches are caused by negligent employees or contractors. These […]
