Email

[Infrasonic]

ARC...https://en.wikipedia.org/wiki/Authentic ... ived_Chain

https://blog.mxtoolbox.com/2020/02/06/a ... delivered/

https://mxtoolbox.com/dmarc/details/arc ... ived-chain

[Infrasonic]

https://www.zdnet.com/article/new-firef ... ine-forms/

Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms.

The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned.

Private Relay will be available as a Firefox add-on that lets users generate a unique email address -- an email alias -- with one click

Cont.

If you just want a disposable rather than an alias there is...https://10minutemail.com/

[Infrasonic]

https://www.theregister.co.uk/2020/04/3 ... p_leakage/

Quibi, JetBlue, Wish, others accused of leaking millions of email addresses to ad orgs via HTTP referer headers.

Cont.

[Infrasonic]

ping@tools.mxtoolbox.com is another useful tool, just send a blank email and follow the reply to a deliverability report for your domain.
https://blog.mxtoolbox.com/2019/05/30/4142/

[Infrasonic]

https://techcrunch.com/2020/07/03/have- ... 1593787443

When Troy Hunt launched Have I Been Pwned in late 2013, he wanted it to answer a simple question: Have you fallen victim to a data breach?

Seven years later, the data-breach notification service processes thousands of requests each day from users who check to see if their data was compromised — or pwned with a hard ‘p’ — by the hundreds of data breaches in its database, including some of the largest breaches in history. As it’s grown, now sitting just below the 10 billion breached-records mark, the answer to Hunt’s original question is more clear.

Cont.

[Infrasonic]

https://www.gizmodo.co.uk/2020/07/googl ... urb-scams/

As part of a series of security updates to G Suite announced this week, Google says it’s piloting a new standard for email authentication that will display a company or brand icon next to email that Google has verified as legit – a measure that may help curb phishing and other malicious activity from bad actors.

With the Brand Indicators for Message Identification standard...

Cont.

https://bimigroup.org/

[Infrasonic]

This might be of interest to people who have to deal with a lot of email.
https://hey.com/
https://hey.com/features/
https://hey.com/faqs/

Not sure about its GDPR compliance, so it might not be suitable for public sector organisations or businesses that need strict adherence.

Twitter is... @heyhey and email is... support@hey.com

[Infrasonic]

Spam volumes.

I have one account (my oldest Hotmail from 1998) that gets high volumes of spam, partly due to being compromised in a few email address database leaks many years ago, confirmed by HIBP...https://haveibeenpwned.com/
(No password leak issues though thankfully.)

A few months back it went to zero for some time after MS did some drastic updating of their email infrastructure (which also caused loads of issues for genuine email not being delivered, covered at the start of this thread, which I was also a victim of on another business account).

Gradually the odd spam email started to appear and my usual habit is to report it all as phishing. I'd maxed out my address block list so I cleared it completely and started to add certain domains that were occurring repeatedly. The spam volumes went up noticeably almost immediately, odd.

So on a hunch I've deleted all address blocks and stopped reporting any spam as phishing.
All I do now is empty the 'Junk Email' folder, nothing else.

For the past week with that in place the spam volumes have gone right down again, which leads me to believe the spammers may be using NDR/bounces as a way of auto confirming active account management and then auto targeting those accounts even more with new sent from addresses.

Bearing in mind how many hundreds of millions of zombie email accounts there are in the world that would make sense operationally.
Also the old methods of confirming active accounts, active content, HTML, single pixels, graphics et al have pretty much been eliminated by the default settings for inboxes/junk folders blocking them (unless overridden and specifically allowed by the user).

All anecdotal of course as I don't know exactly how MS operate their email infrastructure, black box(ish) being pretty much a requirement for security reasons.

It would be interesting if anyone else could run the same experiments and see if they get a similar result though, as if its valid 'doing nothing' might actually be the best policy to reduce spam!