Tony Webster: Investigating using domain & SSL info

Minnesota-based freelance journalist Tony Webster is somebody you should follow on Twitter. He's been mining public records and other info to provide additional insight into what's going on in Minneapolis (my home town) right now.

You should check out his website, too. One thing that really caught my eye was this: Using domain registrations, security certificates, and Shodan to break news. He calls it, "A quick guide for journalists: how to spot new domain registrations, recently-issued SSL certificates, and new servers to report on political, business, and government initiatives." It's good stuff! It might need an update, as WHOIS output in a GDPR-compliant world can be limited compared to what it once was (thanks, ICANN), but there's still some very good stuff here.

How to Send a Text Message Via Email

I'm not sure how the website "20somethingfinance.com" ended up being a good resource for this, but that's where I found the most information when I started doing my research. Just to be safe, I'm going to share their same info here just in case that website disappears.

Want to use email to send a text message to your cell phone? Just send an email message to your ten digit phone number + @ + your provider's SMS/MMS gateway domain name. For example, the Verizon Wireless domain for this is vtext.com. If you're a Verizon Wireless customer, and your mobile phone number is 3125551212, you would send email to 3125551212@vtext.com to send a text message to your mobile phone.

Please hire: Aric McKeown

My friend Aric McKeown is a smart guy on a job hunt. Are you hiring? Got anything suitable for his unique set of skills? He's got very solid deliverability, email operations expertise and more!

Aric writes: I have spent the last 5 years work in email deliverability and the 13 previous years working in email marketing production, website analytics, and website design.

In addition to my work resume, I have a large swath of creative side work I've been involved in and created.

Least Dangerous Game - A urban scavenger hunt created at the outset of Twitter, highlighted by Twitter's Jack Dorsey himself.

Make Me Watch TV - A one-year experiment in web 3.0, allowing users to dictate the TV shows I would watch and live-blog nightly.

The Mustache Rangers - A 250-episode improvised podcast produced, edited, and performed by me. 

Blank It - An abstract and surreal webcomic written by me.

A Talking Cat!?!: The Blog - Examples of extreme critical and humorous writing pertaining to the horribly bad movie A Talking Cat!?!

If you, or somebody you know, needs someone with a large history of email marketing skills, or any of my other myriad of critical and creative skills, please let me know.


Dead domains: upcmail.cz, chello.cz, karneval.cz, mistral.cz and mbox.dkm.cz

Back in 2019,  UPC (Liberty Global) sold their Czech Republic holdings to Vodafone. Fast forward to May 2020 and they've just announced that email service to the Czech UPC/Chello domains is being shut down, with service terminating on August 31, 2020.

Finally! A font-based solution to the Scunthorpe problem

I've mentioned the Scunthorpe problem a couple times previously--how computerized attempts to block profanity inevitably result in silly false positives. Today it is with glee I note that a kindly font designer has taken heed of the plight of the town of Scunthorpe and implemented a rather silly font that automatically blocks most swears, but allows the name "Scunthorpe" to remain fully viewable. You'll want to click on through and learn more about this, I am sure.

ISP Deliverability Guide: Apple's iCloud Mail

Apple's iCloud Mail is a top ten consumer email mailbox provider based in the US, hosting consumer mailboxes at the domains mac.com, me.com and icloud.com.

Apple may not always make it clear exactly why they may have blocked your mail, but I strongly believe that they look at the typical deliverability and reputation-related data points that most smart ISPs look at. Based on metrics and reputation, do they suspect that the mail you are sending is unwanted? Do they see high spam complaints? Are you blacklisted by Spamhaus or is your mail fingerprinted as spam with a major reputation provider such as Proofpoint? Any of these are likely reasons for being blocked from sending to Apple's consumer mailboxes.

Dead DNSBLs: all.rbl.webiron.net and bsb.spamlookup.net

Two anti-spam blacklists appear to have died or malfunctioned recently.

Your periodic reminder: Please register with abuse.net

If you're an email marketer, a compliance or deliverability specialist at an ESP, if you work for an email platform, or if you're a marketing manager who manages a lot of outbound email streams, I ask that you register all of your domains with abuse.net.

Abuset.net, the Network Abuse Clearinghouse, run by John Levine, is a simple, centralized database of spam contact information for different domains. John, who has managed this serviced for many years, has done the internet community a very good service by helping to make it easier for people and automation to send spam reports to the right place.

Yikes! Cyber-Criminals Increasingly Using CAPTCHA Walls in Phishing Attacks

From Infosecurity Magazine: "New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users." Read more here.

Meaning, if a phishing email's landing page blocks content until and unless a user solves a CAPTCHA or CAPTCHA-like process, the automated systems in use by email security devices and services (such as Barracuda) may not be able to fully review the content to correctly categorize it as malicious. That's pretty scary. I wonder if a long term solution is perhaps for security services to collaborate with CAPTCHA providers to be able to see past these challenges. I've long felt there's a missed opportunity there for those important security services to work more closely with content providers and email platforms to better understand each other and improve threat identification. But what do I know?

In the meantime, it's important that users stay vigilant, as even before this challenge there's always going to be some bad content or other that gets past a filter. Be careful what you click on and be sure to check URLs of any site where you may be entering login credentials. (And a password tool such as LastPass can help with this sort of thing as well; it'd only populate your credentials in a site with the correct domain name, not suggesting a user/password entry on a fake domain name that it doesn't recognize.)

[ H/T: Slashdot ]