John Levine, founder of Taughannock Networks, writes, speaks, and consults on e-mail, the Internet, and other computer topics. He has written over 20 technical books, and is the co-author of O'Reilly's lex & yacc, 2nd Edition and qmail. He's also deeply involved in Internet e-mail in general and spam issues in particular as co-chair of the Internet Research Task Force's Anti-Spam Research Group (http://asrg.sp.am ) and a board member of the Coalition Against Unsolicited Commercial E-mail (http://www.cauce.org.)
He lives and works in the tiny village of Trumansburg NY (http://www.trumansburg.ny.us) where he reports that being the municipal sewer commissioner was a much cleaner job than dealing with spammers.
DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo.
A side effect of AOL and Yahoo's actions is that a variety of bad things happen
to mail that has From: addresses at aol.com or yahoo.com, but wasn't… read more
that crooks have stolen credentials and address books from some large number of
(They say 2%, but that's only the ones they know about so far.)
So we suggest you take some routine security precautions. Specifically, we recommend that you change your postal address, phone
number, employer, date of birth,… read more
Two weeks ago I wrote about
Yahoo's unfortunate mail security actions.
Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty. Yahoo used an emerging system called DMARC, which was
intended to fight phishing of often forged domains like paypal.com.
A domain owner can publish a… read more
Last week we heard of yet another
security breach at an online provider, as crooks made off with
the names, address, and birth dates of eBay users,
along with encrypted passwords. They suggest you change
your password, which is likely a good idea,
and you better also change every other
place you used the same password.
But… read more
I used to say to our audiences: "It is difficult to get a man to understand something when his salary depends on his not understanding it!" - Upton Sinclair, I, Candidate for Governor: And how I Got Licked, (1935), p. 109 In November, the Authors Guild suffered a
in… read more
for anyone who doesn't read the papers, is a serious bug in the popular
OpenSSL security library.
Its effects are particularly bad, because OpenSSL is so popular, used to
implement the secure bit of https: secure web sites on many of the
most popular web servers such as apache, nginx, and lighttpd. A few… read more
DMARC is what one might call an emerging e-mail security scheme.
It's emerging pretty fast, since many of the
largest mail systems in the world have already implemented it,
including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo. DMARC lets a domain owner make assertions about mail
that has their domain in the address on the From:… read more