What is phishing?

Not this kind of fishing.
Somebody asked me recently, what is phishing? Instead of re-inventing the wheel, allow me to link to a few of the resources already out there that explain what phishing is and why it is a problem.

What is phishing? From Wikipedia: "Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication."

From Microsoft: "Phishing email messages, websites, and phone calls are designed to steal money." Included are examples of what a phishing scam in an email message might look like.

And here is more information from the FTC's Consumer Information site.

Outlook.com (Microsoft Windows Live Hotmail) Issues Today

I'm hearing from multiple sources that some mail to outlook.com / live.com / hotmail.com recipients is being delayed / deferred unexpectedly today.

ETA: Issues seem resolved. Not quite sure when they cleared up.

Yahoo, Gmail and Spam in the news

Yahoo and Gmail both hit the news this past weekend, and not for great reasons.

Protect Your Brand and Reputation

Today's guest post comes from deliverability consultant extraordinaire, my friend Josie Garcia. Take it away, Josie!

Did you know that senders are in control of many more reputation and vulnerability factors than ESPs?

Cisco PIX/ASA: Disable SMTP Fixup

Over on the Mailop list, a postmaster shared his tale of woe involving sending mail to a small set of recipients whose mail server is behind a Cisco PIX firewall.

Verizon.net moving to AOL

Some or all of verizon.net mailboxes are going to move to infrastructure hosted by AOL.

Google Postmaster Tools: Domain vs. IP address Data Thresholds

Today's guest post is from Brian Curry, Manager of Deliverability, for Merkle Inc.. Take it away, Brian!

Since July of 2015, Google rolled out a shiny new tool for the Deliverability community to poke around and nerd out. We all know Google hasn’t always been the most transparent to Senders, so while we play with our new Gmail toy, we start to notice small things that perhaps give us clues into Google’s mind.

Google Postmaster Tools: Not receiving data?

A few different folks have reported to me that when accessing Google Postmaster Tools, they were seeing this message being displayed instead of data:

No data to display at this time. Please come back later. Postmaster Tools requires that your domain satisfies certain criteria before data is available for this chart. Refer to the help page for more information.

B2B Spam is Dumb and You're Dumb and This Other Guy is Dumb, too

Every so often somebody approaches me to ask me if B2B spam is OK now, because they get B2B spam at their work address. Everybody gets it, they presume, thus it must now be acceptable. Or it was always acceptable and those deliverability guys were just trying to mislead them before.

Now Hiring: Deliverability Coordinator @ BlueHornet

Here's a good opportunity from the good folks at email service provider BlueHornet. They're looking to hire a Deliverability Coordinator. My contact there shared the following info: "The position will be local to San Diego, CA.  The Deliverability Coordinator will be responsible for compiling data for customer presentations and pulling reports for delivery-related analysis.  The person in this position will also be responsible for creating DKIM and SPF entries, as well as assisting customers with enabling the DNS entries that are necessary for good delivery.  This individual may also assist in the day-to-day coordination for agency and reseller accounts, but the primary responsibility will be to provide support to the deliverability team.  PowerPoint experience is required.  Familiarity with SQL, DNS, and email filtering systems is a plus, but training will be provided on all technical aspects of this position." Apply here.

Microsoft Outlook.com / Hotmail Deliverability Troubleshooting

Here's my top five tips for deliverability success when sending to Microsoft’s Outlook.com / live.com / Hotmail email platform:

I'm blocking all mail from .top

I'm blocking all mail from the new .top TLD, because I'm getting absolutely pummeled with spam from a spammer or small group of spammers rotating through .top domains, trying to hide who they really are. You might want to avoid the .top TLD for email purposes right now; since the only samples I can see are bad things, you won't be in very good company.

UnsubCentral: Anybody home?

I emailed your support address five days ago and haven't heard back. Are you out there? Please get back to me. Thanks!

Gmail: Top 5 Deliverability Do's and Don'ts

Want solid inbox delivery at Gmail? Here's what you need to do (and not do) in 2016:

Best Email Frequency?

How often should you email your subscribers? Every 37 minutes.

Just kidding.

Researchers help shut down spam botnet that enslaved 4,000 Linux machines

(A very old CBL logo.)
Click on over to ArsTechnica if you want to learn more about the specifics of this particular spamming botnet army. The interesting bit (for me, anyway) is that the infected machines monitored the Spamhaus CBL blacklist and would request removal if found to be listed. That's pretty amazing; does this count as the machines being alive? Joking aside, I wonder how one catches and notes these robotic blacklist removal requests.

Spamhaus to indicate DROP status via DNS

In addition to the blacklists we all know and respect, Spamhaus maintains two other special lists: The DROP (Don't Route Or Peer) and EDROP (Extended Don't Route Or Peer) lists.

Outlook.com Inbound Email Issues

It looks like Hotmail done gone and blowed up again.

I am seeing multiple reports that mail server connection attempts to hotmail.com / outlook.com recipients are either timing out or resulting in mail to legitimate users is being rejected with a "554 Transaction Failed" error. This appears to be affecting at least one large email service provider, and probably others.

For some folks, it has been happening since before noon central time on Wednesday. I personally just started to see it on my own mail server around 5:00 pm on Wednesday. As of this writing (6:30 pm), it's still happening.

This is what makes it tricky for an ESP's bounce handling. You can't just assume that any old hard bounce means that a recipient must be invalid, when an ISP could (and occasionally does) fall down, go boom.

Update: This issue seems to have been resolved sometime after 7:00 pm central time on Wednesday, April 6th.