Observing the CAN SPAM law and getting "delivered" are not the same thing. This article in Direct Magazine highlights some of the enormous difficulties that honest list mailers are having sending list mail to legitimate opt-in mailing lists. High performance senders need to do a lot more today to get their messages delivered, opened, read, and hopefully acted on.

A recent court ruling in Illinois has vast implications for direct marketers. And if there's one lesson DMers must take from the decision it's this: Rightly or wrongly, simply complying with Can Spam is not enough to get e-mail delivered. It doesn't matter if the sender's list is triple-verified-we-even-called-just-to-make-sure opt-in, if an Internet service provider decides a mailer's e-mail is spam and blocks it, the ISP has every legal right to do so.

Read the whole article in Direct Magazine

The security landscape is becoming more dangerous by the minute. Readers of this blog have seen multiple articles here about the growing security threat that we all face (see: security archives). I think that most of you have taken the warnings to heart and checked that your web browsers, and your mail clients, are up to date, and properly patched against the latest threats. However, the study referenced below suggests that over 40% of the machines on the web are not properly patched and thus represent a serious problem for their owners and ultimately for all of us on the web. If your computer is not patched and fully up to date, then you need to do something about this today. Check your browser status

Study: Unpatched Web Browsers Prevalent on the Internet

Only 59.1 percent of people use up-to-date, fully patched Web browsers, putting the remainder at risk from growing threats from diligent hackers, according to a new study published by researchers in Switzerland.

The study, published Tuesday, is one of the most comprehensive analyses of what versions of Web browsers people are using on the Internet. The study was conducted by researchers at The Swiss Federal Institute of Technology,Google and IBM Internet Security Services.

Read the rest of the story in PC World

Here's an excellent tutorial from our friends at EBay that could save you a whole lot of time, money and grief. Make no mistake, the spoofers are getting trickier than you can imagine, and they are more persistent than ever. This is serious stuff... pay attention.

Spoof emails can be a major problem for unsuspecting Internet users. Claiming to be sent by well-known companies, these emails ask consumers to reply with personal information, such as their credit card number, social security number or account password.

These deceptive emails are called "Spoof Emails" because they fake the appearance of a popular Web site or company in an attempt to commit identity theft. Also known as "hoax" or "phishing" emails, this practice is occurring more and more frequently throughout the online world.

Read the whole tutorial

Are you seeing a lot of messages in your in box that are titled "Undelivered Mail Returned to Sender"?

You're not alone. The global mail system is awash with these messages. But what you probably find most alarming about this situation, is the fact that all of these "bounce" messages, that keep coming to your mailbox, say that they were originally 'sent' by YOU! And you know this is impossible.

These "bounce" messages are an artifact of a massive on-going spam attack that involves literally millions of people all over the internet. The Signal mail system is sending this mail "back" to you because it thinks you sent it, and it has no way of knowing that you did not.

Read the whole release

This is the reason you are seeing such an increase in the amount of spam you are receiving. The botnets are getting bigger and more effective with each passing month.

The prodigious Srizbi botnet has continued to grow and now accounts for up to 50% of the spam being filtered by one security company... Srizbi is now the biggest single menace on the Internet, dwarfing even the feared and mysterious Storm... Having compromised 300,000 PCs around the world, it was now sending out an estimated 60 billion spam e-mails per day on "watches, pens, male enlargement pills"... Srizbi is the single greatest spam threat we have ever seen. At its peak, the highly publicized Storm botnet only accounted for 20% of spam. Srizbi now produces more spam than all the other botnets combined.

Read the whole article

Are you infected with Srizbi?

Identity theft is a hot topic these days. If we are to believe the special reports on the evening news, Identity theft is reaching epidemic proportions. So companies that offer "Credit Monitoring Services" have become all the rage. After watching too many of their TV commercials, I tried going to the FreeCreditReport.com site, only to find that they only provide a free credit report if you sign up for Experian's (not free) monitoring service. The FTC is currently investigating this company's practices, and the fact that their well promoted site is uncomfortably close to AnnualCreditReport.com, which actually does provide free credit reports. It never fails, there's always a scammer trying to "help" us in our hour of need.

All of which begs the question: Are these services worth the cost, and more to the point, do they actually protect you from identity theft? "Our position is that for most consumers -- and by most, we mean well over 99.9% of the people in the country -- they are not," says PRC's Stephens. "If you're talking about spending upwards of $100 per year, we don't think that the typical benefit a consumer is going to derive is worth the cost."

Read the whole article

This report explores the ethical dilemma encountered by researchers who successfully cracked one of the largest and most prolific robot spam networks on the internet. What do you do when you successfully manage to take over an evil spam empire; do you just turn it off? What do you become liable for if your "good deeds" have unintended consequences?

Researchers seize control of one of the world's largest spam-spewing botnets, but there is disagreement about what should happen next. Researchers at TippingPoint Technologies' Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world's largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of "cleaning" infected computers.

Read the whole article

In a sure sign that they have achieved success in the marketplace, Firefox and Safari have finally become the target focused hacker exploits. After years of flying under the radar this is a new and unwelcome note of celebrity for browsers that were previously touted as safe alternatives to MS Explorer.

Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes.

Read the Article in Inforworld

The massive attacks against hundreds of thousands of Web pages that started earlier this month has spread to some of the Internet's most prominent sites, including those for USA Today, ABC News, Target and Wal-Mart, researchers said today.

Dancho Danchev, the Bulgarian security researcher who first reported the attacks two weeks ago, said that the attacks had spread to a long list of high-profile sites, which have had their search results poisoned with malicious IFrame code. "The attack's been ongoing for almost a month now," Danchev said in an e-mail.

There is a misperception among much of the security community that Mac users don't care about security. Since joining TidBITS I've learned that Mac users are just as concerned about their security as their Windows brethren, but they aren't really sure what they need to know. Even the most naive Windows user understands that their system is under a constant barrage of attacks, but the Mac user rarely encounters much beyond the occasional pop-under browser ad and, of course, their fair share of spam.

Rich Mogull on Macintosh security

Google: Spam, Virus Attacks to Get More Clever - Google's Postini team recommends enterprises guard against socially generated spam and virus attacks in 2008. Spam and virus threats to enterprise messaging security and compliance may level off this year compared to 2007, but social engineering techniques are evolving to challenge businesses and security software providers, according to a new report released by Google's Postini team. The report, released March 6 after Google's Postini team commissioned the study to survey 575 IT professionals, found that Postini data centers recorded 57 percent more spam and virus attacks in 2007 compared to 2006.

Clint Boulton on Socially Generated Spam