32 items tagged “email”
2024
Kobold letters (via) Konstantin Weddige explains a sophisticated HTML email phishing vector he calls Kobold emails.
When you forward a message, most HTML email clients will indent the forward by nesting it inside another element.
This means CSS rules within the email can be used to cause an element that was invisible in the original email to become visible when it is forwarded—allowing tricks like a forwarded innocuous email from your boss adding instructions for wiring money from the company bank account.
Gmail strips style blocks before forwarding—which it turns out isn’t protection against this, because you can put a style block in the original email to hide the attack text which will then be stripped for you when the email is forwarded.
Budgeting with ChatGPT (via) Jon Callahan describes an ingenious system he set up to categorize his credit card transactions using GPT 3.5. He has his bank email him details of any transaction over $0, then has an email filter to forward those to Postmark, which sends them via a JSON webhook to a custom Deno Deploy app which cleans the transaction up with a GPT 3.5 prompt (including guessing the merchant) and submits the results to a base in Airtable.
2020
Ok Google: please publish your DKIM secret keys (via) The DKIM standard allows email providers such as Gmail to include cryptographic headers that protect against spoofing, proving that an email was sent by a specific host and has not been tampered with. But it has an unintended side effect: if someone’s email is leaked (as happened to John Podesta in 2016) DKIM headers can be used to prove the validity of the leaked emails. This makes DKIM an enabling factor for blackmail and other security breach related crimes.
Matthew Green proposes a neat solution: providers like Gmail should rotate their DKIM keys frequently and publish the PRIVATE key after rotation. By enabling spoofing of past email headers they would provide deniability for victims of leaks, fixing this unintended consequence of the DKIM standard.
Datasette Weekly: Datasette 0.50, git scraping, extracting columns (via) The first edition of the new Datasette Weekly newsletter—covering Datasette 0.50, Git scraping, extracting columns with sqlite-utils and featuring datasette-graphql as the first “plugin of the week”
Datasette Weekly (via) I’m trying something new: I’ve decided to start an email newsletter called the Datasette Weekly (I’m already worried I’ll regret that weekly promise) which will share news about Datasette and the Datasette ecosystem, plus tips and tricks for getting the most out of Datasette and SQLite.
2013
What’s the best way to reach out to alumni if you’re interested in working at their company?
Yes, it’s fine. Many tech companies have a referral bonus for employees that help them make a good hire, and any alumni you contact will be able to forward your details straight on to the recruiting department.
[... 96 words]Is there anyway to game unique link verifications? Like when you get sent a link of the form https:/........com/UID=TYYN04001 How would one change the digits to reproduce another working link?
Not if they’ve been implemented correctly.
[... 42 words]What company or service sends the most beautifuly designed emails?
Litmus (who provide an excellent email testing tool) send out the most attractive newsletter in my inbox.
[... 36 words]What email marketing tool does Goop, InsideHook and other popular newsletters use?
You might be able to tell by viewing the full email headers on one of the emails they have sent you.
[... 39 words]2011
Where can I find a text corpus of English language personal email on the web?
The Enron email corpus is pretty useful, though I don’t know how “normal” you would consider it.
[... 38 words]Get Lanyrd conference recommendations by email. This is the first time I’ve built a custom email subscription feature, and it’s been a very interesting ride. We’re trying to find the right balance between keeping people informed in a timely fashion with useful information while not overloading their inbox with too many messages. You can opt for daily, weekly, fortnightly or monthly emails and we’ll try to ensure you only hear about events you haven’t seen before.
2010
tempalias.com development diary (via) tempalias.com is a e-mail forwarding service that lets you create an address that will only work for a few days (or a limited number of messages) and will forward messages on to your real account. It’s implemented using Node.js and Redis and the code is released under an MIT license. Philip Hofstetter, the developer, maintained a detailed development diary throughout which is worth reading if you’re interested in Node.js.
Stack Overflow Blog: OpenID, One Year Later. Google’s support is a huge deal—61% of Stack Overflow accounts use Google. Google’s implementation of directed identity has caused problems though, since Google provide a different OpenID for each domain making it hard for Stack Overflow, Server Fault and Super User to correlate accounts. Their solution is to require a (verified) e-mail address from Google OpenID users using sreg and use that as a key for the accounts.
My email contacts list is not a social graph. It is not a group of people I have chosen to follow, but is instead full of people with whom I have a (sometimes very tenuous) professional relationship, as well as my family and some of my friends. Interestingly, my best friends don’t email me very often, so they do not show up as a part of my Buzz following list.
2009
Yahoo! OpenID: Now with Attribute Exchange! The nice thing about this is that an e-mail address obtained from Yahoo! via attribute exchange has already been verified, so you don’t need to perform the e-mail roundtrip yourself. I expect a lot of OpenID consuming sites will end up with internal whitelists of OpenID providers who they trust to provide verified e-mail addresses, with users of sites not on the whitelist still getting e-mailed a verification link.
So’s your facet: Faceted global search for Mozilla Thunderbird. Yes! This is the kind of innovation I’ve been hoping would show up in e-mail clients for years. Faceting is a really natural fit for e-mail.
“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”.
Google App Engine: A roadmap update! Receiving e-mail, background tasks and XMPP. I predict a bunch of sites will start building small parts of their overall functionality on App Engine when some of these features land (much easier than hosting your own custom XMPP server).
Changeset 9793: SMTP testing documentation. I didn’t know this trick: running “python -m smtpd -n -c DebuggingServer localhost:1025” will start up a simple SMTP server which dumps received e-mails to the terminal instead of forwarding them on.
2008
Email Address to URL Transformation (EAUT) specification now available! Allows OpenID users to login using their E-mail address, which is converted in to an OpenID URL based on rules specified in an XRDS document attached to the root domain. Seems like a good idea to me.
Lessons from mySociety conversion tracking. Neat trick: show the user a “subscribe” form with their e-mail address pre-filled for them and there’s a much higher chance that they’ll click the button.
A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy.
2007
Sorry PR people: you’re blocked. I was added to some PR mailing lists a few months ago and they appear to be spreading my address around like a nasty disease. I’m tempted to contribute some addresses to Chris Anderson’s block list.
Email addresses your OpenID via DNS. Sam Ruby has warmed to the idea of making e-mail addresses usable as OpenIDs via a DNS SRV record.
Announcing the Dopplr 100. Similar to how Facebook used to only allow college e-mail addresses, Dopplr is now open to holders of e-mail accounts from 100 large corporations. The blog release doesn’t specify if each corporation gets its own special “group” within the application; that would be a neat touch.
A typical phishing email will have a generic greeting, such as 'Dear User'. Note: All PayPal emails will greet you by your first and last name.
... if you're in an email conversation with one other person and you're both using Gmail, don't bother quoting at all.
Gmail and Django. I’d never considered using Gmail to send e-mail from applications, but it could be a useful way of avoiding having outbound e-mail falsely flagged as spam.
Mailhook. Free e-mail address to HTTP POST bridge—just provide a script URL and you’ll be given a subdomain; any e-mail sent to an address at that host is then posted to your script.
SMTP Service Extension for Yadis Discovery. Could potentially let you use your e-mail address as an OpenID, although personally I wouldn’t always want to hand my address over to third-party sites.