Box of Meat

Clinton Herald: Kramer wins another spam judgment; more than $236 million

Tue, 07 Oct 2008 14:13:22 -0600

Clinton Herald: Kramer wins another spam judgment; more than $236 million: “Robert W. Kramer III, owner and operator of CIS Internet Services, received the $236,480,660 judgment against two individual defendants….”

Network World: CAN-SPAM: What went wrong?

Tue, 07 Oct 2008 14:12:02 -0600

Network World: CAN-SPAM: What went wrong?: “Failure of law to deter spammers shows limits of U.S. legislation in a world of global cybercrime”

CircleID: Inside a Managed Spam Service

Tue, 07 Oct 2008 13:53:10 -0600

CircleID: Inside a Managed Spam Service: A spammer uses simple tricks like stuffing Cc and Bcc to improve their throughput via a managed spam service — in order to undersell that same service.

DNSBL Resource: Shutting Down Blacklists

Tue, 07 Oct 2008 11:01:17 -0600

DNSBL Resource: Shutting Down Blacklists: “… if you use DNSBLs on your mailserver, you need to pay attention…” to this article by Al Iverson.

Return Path: The Root of All Email

Mon, 06 Oct 2008 11:27:40 -0600

Return Path: The Root of All Email: J.D. explains how Jon Postel’s most common quote
“…is the root of all email, from the earliest standards discussions to the latest theories of authentication, reputation, and deliverability.”

Consumerist: 7 Stupid Online Security Mistakes You're Probably Making

Sat, 04 Oct 2008 10:53:27 -0600

Consumerist: 7 Stupid Online Security Mistakes You're Probably Making

Stay Safe Online: National Cyber Security Awareness Month

Thu, 02 Oct 2008 11:53:06 -0600

Stay Safe Online: National Cyber Security Awareness Month:

“October 20008 will be the fifth year of Cyber Security Awareness Month.”

That’s a direct quote, complete with typo & grammatical errors. *sigh*

Washington Post Security Fix: New Federal Law Targets ID Theft, Cybercrime

Thu, 02 Oct 2008 11:37:06 -0600

Washington Post Security Fix: New Federal Law Targets ID Theft, Cybercrime: “President Bush last week signed into law a bill that seeks to make it easier for prosecutors to go after cybercrooks, while ensuring that identity theft victims are compensated for their time and trouble when convicted identity thieves are forced to cough up ill-gotten gains.”

Boing Boing: John Hodgman in BBtv's SPAMasterpiece Theater

Thu, 02 Oct 2008 11:33:37 -0600

Boing Boing: John Hodgman in BBtv's SPAMasterpiece Theater: ‘…the debut installment of Boing Boing tv’s SPAMASTERPIECE THEATER, which Hodgman himself describes as the dramatization of “true tale[s] of romance, adventure, infamy, and low-cost prescription drugs, all culled from the reams of actual, unsolicited emails, received here by us and people like you — what we call SPAM.”’

MX Logic: Spam Survey

Thu, 02 Oct 2008 11:25:42 -0600

MX Logic: Spam Survey: anti-spam vendor MX Logic is conducting a somewhat amusing survey on peoples’ attitudes about spam

OUT-LAW.COM: Liberal Democrats broke privacy laws with 250,000 calls

Thu, 02 Oct 2008 11:23:29 -0600

OUT-LAW.COM: Liberal Democrats broke privacy laws with 250,000 calls:

“The Liberal Democrats broke anti-spam laws by placing 250,000 automated telephone calls last week without prior consent, according to the UK’s privacy chief. If the party continues placing such calls, it has been warned that it could face prosecution.”

(via legalbrief)

TheHill.com: House limits constituent e-mails to prevent crash

Wed, 01 Oct 2008 10:36:47 -0600

TheHill.com: House limits constituent e-mails to prevent crash:

“The [U.S. House of Representatives] is limiting e-mails from the public to prevent its websites from crashing due to the enormous amount of mail being submitted on the financial bailout bill.”

At Word to the Wise, Laura Atkins reminds us that “This is similar to what some ISPs have to do under periods of peak load.”

It’s a technique (actually a variety of techniques) generally called “rate limiting” or “traffic shaping,” described fairly well by Desmond Liao in this article (MailChannels often talks like they think they invented these techniques, but, um, they didn’t. They do talk more openly about it than the ISPs who’ve been doing it for years, though.)

Spam Wars: Riding the Coattails of Credibility

Wed, 01 Oct 2008 10:26:30 -0600

Spam Wars: Riding the Coattails of Credibility: Danny Goodman discusses pharmacy spam which “borrowed” an opt-out link & CAN-SPAM statement from a legitimate message.

Google Webmaster Central: Keeping comment spam off your site and away from users

Tue, 30 Sep 2008 17:30:59 -0600

Google Webmaster Central: Keeping comment spam off your site and away from users:

Jason Morrison shares some tips on avoiding comment spam — all of which can help with other web form attacks, too.

(via DirectNews)

Washington Post Security Fix: Microsoft, Washington State Sue Scareware Purveyors

Tue, 30 Sep 2008 17:27:40 -0600

Washington Post Security Fix: Microsoft, Washington State Sue Scareware Purveyors:

“Microsoft Corp. and the state of Washington this week filed lawsuits against a slew of…scam artists who use fake security alerts to frighten consumers into paying for worthless computer security software.”

Finally!

Freedom to Tinker: Popular Websites Vulnerable to Cross-Site Request Forgery Attacks

Tue, 30 Sep 2008 17:26:10 -0600

Freedom to Tinker: Popular Websites Vulnerable to Cross-Site Request Forgery Attacks:

“We found four major vulnerabilities on four different sites. These vulnerabilities include what we believe is the first [Cross-Site Request Forgery] vulnerability that allows the transfer of funds from a financial institution. We contacted all the sites involved and gave them ample time to correct these issues. Three of these sites have fixed the vulnerabilities listed below, one has not.”

(via fergdawg)

Terry Zink: Stopping bots from abusing webmail

Mon, 29 Sep 2008 14:19:27 -0600

Terry Zink: Stopping bots from abusing webmail: some interesting ideas, and some surprisingly antagonistic comments

Guardian (AP): Congress sending child porn bills to president

Mon, 29 Sep 2008 14:17:14 -0600

Guardian (AP): Congress sending child porn bills to president:

“Currently, Internet service providers are required to report child pornography to the National Center for Missing and Exploited Children. The legislation would expand those companies with reporting obligations to include search engines such as Google and Yahoo!, social networking sites such as Facebook and MySpace, domain name registrars and wireless phone carriers.”

(via DomainNews, via fergdawg)

This would be the first time that domain registrars have been asked to pay attention to domain owners’ illegal activities. Perhaps other crimes will follow….

Deliverability.com: FBL Mantra

Mon, 29 Sep 2008 14:11:17 -0600

Deliverability.com: FBL Mantra: “My good friends in the industry have really stepped up to share their knowledge to those who are new to the delivery/email job and in many cases to those who are interested in what the deliverability people do everyday….”

Not Always Right: And We Wonder Who Clicks On Spam, Part 2

Mon, 29 Sep 2008 14:01:34 -0600

Not Always Right: And We Wonder Who Clicks On Spam, Part 2:

PEBCAK (or is it?)

(also: part 1)