Slovak Telekom email service has shut down

Slovakia-based communications provider Slovak Telekom, a 100% owned subsidiary of Deutsche Telekom, has terminated all email services effective December 31, 2020.

Mailkit's Jakub Olexa explains: "The affected domains are,,, and regional subdomains of eg. (,,, etc). It also affects a number of business domains that were hosted at their email service and have not made the switch to their business service. All affected domains can be identified by using MX of It's likely that the business customers will switch to a different service (or at least some of them) but the above listed domains should be the ones with the bulk of the volume and should be put on suppression lists as abandoned domains."

Thank you, Jakub, for sharing this very useful information! 

Spamhaus warns: Watch for new (error) response codes

Anti-spam blocking list group Spamhaus is warning that come March 2021, they will begin implementation of new error codes (DNSBL lookup responses) that they may provide in response to certain queries run against the Spamhaus blocking lists.

Those new codes are meant to alert you if you typo the DNSBL name, if you're querying Spamhaus via a public or open DNS resolver, or if you are making an excessive number of queries (lookups) to the Spmahaus blacklists.

These could have the effect of catching people unawares and causing all mail to be blocked. Be sure to head on over to the Spamhaus website and learn more about what this all means.

Open Tracking is evil and you should be ashamed

Open Tracking is evil and you should be ashamed! So says the BBC -- or rather, so says, who was asked to explain it all to BBC News. might have a bit of a bias, there, don't you think? Another point of view might be that ISPs take user engagement into account as a part of spam filtering, so smart and good senders also want to use user engagement data into account so they can stay in the good graces with ISPs. It's not evil; it's doing the right thing.

Could and should how open tracking works be reconsidered and modified to better address privacy concerns? Possibly. Email evolves and I'm sure our thinking on all of this will evolve over time as well. But today? C'mon, this whole thing reads like an advertisement for's own paid email service. And aren't they collecting stats on what mail lands in user mailboxes to be able to sell their point of view?

Proofpoint: Facebook, stop taking our domains away!

ZDNet's Catalin Cimpanu provides an overview of how internet security company Proofpoint is suing Facebook, looking to stop Facebook from using UDRP (Uniform Domain-Name Dispute-Resolution) requests to wrest away certain Proofpoint-owned domain names being used for phishing-related security testing. Context and background suggest that Facebook is doing this because they are not happy that the domain names in question purport to contain or sort of look like Facebook domains and trademarks.

I'm torn on this one, I really am. On the one hand, a company should have the ability to prevent misuse of their domain names and trademarks, and I think that should extend to cover "lookalike" or "cousin" domains potentially being used by other parties. There needs to be a way for Facebook to go after people doing bad things while pretending to be Facebook.

On the other hand, to me this sounds like Facebook getting mad about what the good guys do -- using domains like these for tracking bad guys or protecting their own (or customers') systems and networks. Spamtrap domains are perhaps similar. Typo variations of ISP domains are commonly used as spamtraps -- they catch spam and identify questionable actors -- senders with poor list hygiene, and those acting with nefarious intent, sending malware or phishing messages. I myself own a number of spamtrap domains like this, and I know lots of other people, groups and companies that do the same. The emails these domains capture are valuable to the good guys. I can't think of any other examples where a trademark or brand owner has hassled somebody who owns a typo, lookalike or cousin domain related to that brand. 

What's a bit different here is that Proofpoint is using these domains as sender domains or destination domains (think "click domains") for fake phishing emails, testing users to help with phishing awareness. That muddies the water a bit as they're originating traffic with those domain names, as opposed to just passively accepting traffic to those domains.

Should this even be in court? If Proofpoint wins, it perhaps undermines a company's ability to go after bad guys registering lookalike domains trying to rip off a brand. If Facebook wins, it perhaps undermines security researchers' ability to (safely and harmlessly) emulate what criminal gangs are already doing, except instead of harm they're using it for desirable end user education. Neither possibility seems like a desirable outcome.

(H/T: Slashdot)

SMTP Field Manual: Updated!

I am reliably informed that the SMTP Field Manual published by Postmark (first mentioned here) has been comprehensively updated, with lots of new information, including provider/receiver descriptions, postmaster links and resources, troubleshooting steps, insight for individual SMTP response codes, and more. Great job, Postmark team! Check it out here.

Why some people get more phishing emails and malware spam

ZDNet's Danny Palmer breaks down the data compiled and analyzed by Google and Stanford University in a new research paper. It turns out, if your data was exposed in a breach, you're more likely to be targeted with phish or malware. Perhaps a bit obvious, but there's also other interesting stuff to glean from "Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk," authored by Camelia Simoiu (Stanford University) along with Googlers Ali Zand, Kurt Thomas and Elie Bursztein. Click here to read the ZDNet article and click here to access the research paper.