With Edward Snowden’s revelations about government snooping into our private email, some technically-minded folks have considered setting up their own mail server in the hopes of staying clear of prying eyes. Is this a good idea? Probably not. And here’s why. Setting up a secure email server takes a great deal of expertise and effort. You need to master a variety of protocols, from DKIM and SPF, to TLS. You also need to build a capable spam filtering system to protect yourself from email-borne offers and malware, and you need to contend with the nightmare of outbound delivery and IP blacklisting. When you’ve done all this, you also need to make sure the server is constantly kept up to date with the latest security patches, lest a global network of well funded state-level hackers gain access to your box to snoop – which is precisely what you’re trying to avoid. […]
Spamhaus, the world’s leading IP reputation advisory service, today released an analysis of an ongoing spamming issue at IBM’s SoftLayer web hosting subsidiary. According to Spamhaus, spammers have been targeting weak security measures at SoftLayer to obtain large numbers of IP addresses from which to send spam targeting Brazilian recipients. As a result of the spamming activity, Spamhaus has listed several hundred IP addresses owned by the provider under the common heading “Massive source of malware-distribution spam”. Spammers routinely target web hosting providers like SoftLayer in an effort to obtain new resources from which to send spam campaigns. As Spamhaus and other IP reputation outfits block the offending IP addresses, spammers are hard at work exploiting any weaknesses in the provider’s security posture to obtain more. In the present situation, according to Spamhaus, the provider is not doing enough to get ahead of the problem. In Spamhaus’ own words: We […]
Updated October 1, 10:40am Pacific In May 2013, Facebook published a detailed survey of TLS encryption usage by the world’s email servers. That survey indicated that about 37% of mail servers (as measured by IP address) did not at the time advertise the availability of TLS encryption for protecting the privacy of email sessions and data. Fast forward to September, 2015 and the picture is improved, but not as much as we would have hoped. Analyzing email traffic sent to a diverse set of over 17,000 25,000 Internet email servers during a two hour twelve hour period on September 30, we found that TLS encryption is now advertised by 72% of mail servers (28% do not advertise it). This implies that the TLS encryption hold-outs have been reduced from 37% to 27% – an improvement of about a third in two years. That’s not a bad improvement, but it’s less […]
Unless you use end-to-end encryption such as PGP, the contents of your email message may be revealed to or even silently modified by sophisticated attackers with access to Internet backbone traffic. To prevent eavesdropping and modification, Internet engineers developed the Transport Layer Security (TLS) protocol, which email servers use to encrypt and protect email while it transits the Internet from server to server. Edward Snowden’s revelations in 2013 about government snooping prompted large email providers such as Microsoft® Outlook.com and Yahoo! to implement TLS so that servers sending email to the servers can encrypt messages during transmission. After a lengthy period of implementation and testing, about 67% of mail servers in a broad survey now support TLS. To ensure the privacy of our customers’ email messages, MailChannels Cloud now automatically encrypts connections to receiving mail servers that support the TLS protocol. In combination with our existing client-side TLS support, this […]
Fetching this Google search URL provides a listing of random Uber trips that were somehow indexed by the search giant’s spider: www.google.com/?q=site:trip.uber.com: Credit for this discovery goes to Mikko Hypponen of security firm F-Secure. Searching for stuff on https://t.co/HXxwZnnWAW gets you information like this. pic.twitter.com/lfQlbN806W — Mikko Hypponen (@mikko) September 2, 2015 Update (4:54pm PDT) Uber appears to have fixed the problem by amending robots.txt to explicitly deny all indexing of trip.uber.com.
Spammers thrive on two things: large lists of victims (i.e. email addresses), and data to exploit them with. The recent breach of the cheaters’ dating web site Ashley Madison provides both, and in great quantity. Spammers have wasted no time in exploiting these victims with a variety of new campaigns. Cloudmark reported on a blackmailing scheme recently, in which spammers target Ashley Madison users with a threat to reveal their participation in the site to family members unless a bribe is paid. Not to be out-done, we searched our own logs and discovered an entirely different type of scam: a new web site, ashleymadison-repair.com, which fraudulently promotes a removal service that can purportedly remove all traces that someone participated in Ashley Madison. The site even provides a helpful price table with a schedule of the specific services they offer: We have noticed a significant up-tick in email subjects mentioning Ashley […]
Next week, we will release an entirely redesigned and updated web console that we think will delight our users. As part of the redesign, the MailChannels SMTP Relay Service is being rebranded as “MailChannels Cloud” – the old name was too long, and didn’t reflect many of the powerful capabilities we’ve been building. We’ve worked hard over the last quarter to improve the user experience (UX) of the web console, taking into account feedback from our customers. One of the first things you will notice when you sign in to the redesigned console is a new vertical navigation system along the left side of each page. This puts relevant links directly where you need them at all times, making it easy to find your way around the console interface. You’ll find many of the same pages you’ve become accustomed to using every day, plus some new sections to help you […]
Email feedback loops (FBLs) allow email receivers to tell a sending network about the complaints their users are generating about email originating from the sending network. By tuning in to FBL data, sending networks can identify problematic email traffic originating from their IP address space, such as spam messages. This information can help to pinpoint and then shut down spammers. Many large email receivers provide FBLs, which you can freely register for by clicking on the links below: AOL Bluetie Comcast Cox Earthlink FastMail Hosted Email Mailtrust MSN/Hot NetZero/Juno Rackspace RoadRunner Synacor Terra (Brazil) United Online USA.net Verizon Yahoo Zoho Google’s Gmail service also offers a feedback loop, which is currently in beta. To indicate your interest in the Gmail FBL, visit this signup form. Not all senders will be accepted into their FBL program.
Notification Center pulls together all the intelligence about your email infrastructure and makes it available in one place. It tells you important information, such as who sends the most email by volume, who are the biggest spammers, and who is having deliverability issues on your network. Access the feature You will find the Notification Center under the Activity section of the MailChannels console. (The Top Senders reports are now located under the Activity section.) Use the top menu to access all the Notification Center information. If you click on “Notifications” from within the Notification Center, you can access the same information from the sidebar menu. Monitors The Monitors section lets you configure settings to be alerted about specific events. Alerts can be received by email or by webhook, and you can throttle the frequency to limit how often you receive the same alert. Alerts Regardless of how you […]
MailChannels Insights is a new tool that provides users with an intuitive search interface that helps end users find problematic email deliveries, providing a simple explanation why messages were blocked or failed to deliver. It provides a level of understanding not available with other outbound email solutions. Available at no additional cost to MailChannels SMTP Relay service customers, MailChannels Insights helps end users help themselves by empowering them to fix their own email delivery problems, reducing support tickets for you. Using MailChannels Insights There are two ways to enroll end users started with MailChannels Insights. The most direct way is to invite them via the Customer Console Log Search. Simply find a log entry for the customer you wish to invite and click on the envelope icon at the top right of each entry in the log search results, or on the “Invite to MailChannels Insights” link in the expanded […]