We see a lot of spam in the VBSpam test lab, and we also see how well such emails are being blocked by email security products. Worryingly, it is often the emails with a malicious attachment or a phishing link that are most likely to be missed.
This blog post was put together in collaboration with VB test engineers Adrian Luca and Ionuţ Răileanu.
In a talk I gave at IRISSCON last year (the video of which you will find… https://virusbulletin.com/blog/2019/01/spam-hardest-block-often-most-damaging/
Though IPv6 is gradually replacing IPv4 on the Internet's network layer, email is lagging behind, the difficulty in blocking spam sent over IPv6 cited as a reason not to move. But would we really have such a hard time blocking spam sent over IPv6?
In email security circles, IPv6 is the elephant in the room.
While the transition from IPv4 to IPv6 is a relatively smooth affair for most of the Internet, and few people will… https://virusbulletin.com/blog/2018/06/we-are-more-ready-ipv6-email-we-may-think/
A clever trick taking advantage of the fact that Gmail ignores dots in email addresses could be used to trick someone into paying for your Netflix subscription - demonstrating the importance of confirmed opt-in.
In the email security community, the use of confirmed opt-in has long been a recommended practice: an email address given to you can't be used until the account owner has… https://virusbulletin.com/blog/2018/04/netflix-issue-shows-email-verification-does-matter/
Researchers at Mimecast have published a paper about the 'ROPEMAKER' exploit, which allows an email sender with malicious intentions to change the visial appearance of an email after it has been delivered.
Researchers at Mimecast have published details (pdf) of an email exploit they call 'ROPEMAKER' (short for 'Remotely Originated Post-delivery Email Manipulation Attacks Keeping… https://virusbulletin.com/blog/2017/08/ropemaker-email-exploit-limited-practical-use/
US Senator Ron Wyden has asked the Department of Homeland Security to implement DMARC. Martijn Grooten looks at what difference this could make for phishing attacks impersonating the US federal governent.
US Senator Ron Wyden has written a letter (pdf) to the Department of Homeland Security, urging the US government to implement DMARC to "ensure hackers cannot send emails that… https://virusbulletin.com/blog/2017/07/dmarc-imperfect-solution-can-make-big-difference/
All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC.
All solutions on test blocked at least 99.4% of spam, but some struggled with false positive issues; survey also shows few products support DMARC. The results of the most recent… https://virusbulletin.com/blog/2014/02/least-99-4-spam-blocked-recent-test/