Your periodic reminder: Please register with abuse.net

If you're an email marketer, a compliance or deliverability specialist at an ESP, if you work for an email platform, or if you're a marketing manager who manages a lot of outbound email streams, I ask that you register all of your domains with abuse.net.

Abuset.net, the Network Abuse Clearinghouse, run by John Levine, is a simple, centralized database of spam contact information for different domains. John, who has managed this serviced for many years, has done the internet community a very good service by helping to make it easier for people and automation to send spam reports to the right place.

Yikes! Cyber-Criminals Increasingly Using CAPTCHA Walls in Phishing Attacks

From Infosecurity Magazine: "New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users." Read more here.

Meaning, if a phishing email's landing page blocks content until and unless a user solves a CAPTCHA or CAPTCHA-like process, the automated systems in use by email security devices and services (such as Barracuda) may not be able to fully review the content to correctly categorize it as malicious. That's pretty scary. I wonder if a long term solution is perhaps for security services to collaborate with CAPTCHA providers to be able to see past these challenges. I've long felt there's a missed opportunity there for those important security services to work more closely with content providers and email platforms to better understand each other and improve threat identification. But what do I know?

In the meantime, it's important that users stay vigilant, as even before this challenge there's always going to be some bad content or other that gets past a filter. Be careful what you click on and be sure to check URLs of any site where you may be entering login credentials. (And a password tool such as LastPass can help with this sort of thing as well; it'd only populate your credentials in a site with the correct domain name, not suggesting a user/password entry on a fake domain name that it doesn't recognize.)

[ H/T: Slashdot ]

Google: Protecting businesses against cyber threats during COVID-19 and beyond

Neil Kumaran and Sam Lugani from Google recently shared staggering statistics regarding the amount of bad stuff that gets aimed at Gmail users daily: "Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users."

Outlook.com has tabs now, too?

What? This seems new. Brad Gurley talks about this over on his Delivery Counts blog. He says the tabs that show up include "Focused Inbox, Microsoft’s 'Priority Inbox' clone, along with Promotions, Social, and Newsletters." Find more details and screenshots here.

Spam-a-licious!

With so many grocery store shelves running bare during the pandemic, it looks as though people are turning to Spam (the good and salty kind). "The packaged pork product that is Spam has never been more popular," reports the Minneapolis Star-Tribune. Looking for recipes? They've got you covered. I'll be trying the spam fried rice, myself. It sounds like a nice change from my usual spam-and-eggs.