Reuters today published a report about an email hacking operation targeting journalists and their connected sources, and the scam appears to be associated with Iran. Read the rest

In 2017, an engineer and entrepreneur sued Techdirt for criticising his claim to have invented email. Though a district court soon dismissed the lawsuit on First Amendment grounds, appeals and wrangling over lawyers' fees continued. The case finally settled this month, Techdirt reports: article stays up, no money changes hands.

It's a win for Techdirt and journalism, as all he got was a link to a response he could have added himself by signing up for a free commenting account. But that was the point: it was a SLAPP, a legal action the plaintiff knew he could not win, whose real purpose was to be so expensive and troublesome for the defendant to fight that they shut up or paid up. Mike Masnick writes that it doesn't feel like victory:

You may wonder how it could possibly take 18 months to negotiate a settlement about adding links to old articles -- and, indeed, I wonder that myself. The entire process has been quite a pain for us. I cannot and would not describe this result as a victory, because this has been nearly two and a half years of wasted time, effort, resources, attention and money just to defend our right to report on a public figure and explain to the world that we do not believe his claims to have invented email are correct, based on reams of evidence.

During those 18 months, we stopped all the fundraising we had done around the lawsuit, as, for nearly all of that time, it did appear that a settlement was close, and we did not wish to mislead anyone into believing that we were raising money on the premise that our continued existence was in grave danger only to settle the case immediately after doing so.

People who run their own mail servers are increasingly finding that the mail they send to Gmail users is being rejected, because the company's anti-spam algorithm treats small, independently managed mail-servers as high-risk mail sources. Read the rest

Last October, a startup called Helm announced a $500, plug-and-play home email server that was designed to be a secure, decentralized, privacy-oriented alternative to using one of Big Tech's email systems like Gmail, an option that was potentially even more robust than using email from a privacy-oriented provider like Riseup or Protonmail because your metadata would not be stored anywhere except in your home. Read the rest

In 2015, Mozilla announced that it would turn Thunderbird -- one of the last freestanding, cross-platform email clients -- into a freestanding, independent project, and in 2017, Thunderbird became a community-overseen project with institutional backing from Moz. Read the rest

It's always good to have something to blog about first thing Monday morning.

TO:inquiries@boingboing.net

Hi, victim.

I write you because I buried a malware on the web page with porn which you have viewed. My virus captured all your private info and switched on your webcam which recorded the process of your masturbation. Just after that the malware saved your contact list. I will erase the compromising video and info if you pay me 350 EURO in bitcoin. This is address for payment : 16aFnAAFfeq4BhL98P8LAoaviUaYp7oTSr

I give you 30h after you open my message for making the transaction. As soon as you read the message I'll see it immediately. It is not necessary to tell me that you have sent money to me. This wallet address is connected to you, my system will delete everything automatically after transfer confirmation. If you need 48 hours just Open the calculator on your desktop and press +++ If you don't pay, I'll send dirt to all your contacts. Let me remind you-I see what you're doing! You can visit the police station but nothing can't help you. If you attempt to cheat me , I'll know it right away! I don't live in your country. So nobody can not track my location even for 9 months. bye. Don't forget about the disgrace and to ignore, Your life can be ruined.

It turns out that the ESL Shame Wizard is randomly-generated! Our customer service email helpline received one with a slightly different wording:

Hi, victim.

Everything has a cost, especially in the realm of online services. It used to be a pretty common practice for providers of 'free' email services to scan their user's messages for data that'd be valuable to advertisers. The data got sold to keep the email provider's lights on, with in-browser advertising filling in the financial gaps. Most email providers abandoned the practice, years ago: they were amazed to find that it pissed off their users. Yahoo's parent company, Oath, however, is getting back on this particular brand of bullshit.

From The Verge:

Yahoo’s owner, Oath, is in talks with advertisers to provide a service that would analyze over 200 million Yahoo Mail inboxes for consumer data, sources told WSJ. Oath did not immediately respond to a request for comment.

Oath confirmed to the WSJ that it performs email scannings and said that it only scans promotional emails, usually from retailers. Users have the ability to opt out, it said. Oath’s argument is that email is an expensive system, and people can’t expect a free service without some value exchanged.

That's greasy.

Greasier still is the fact that even if you pony up the dough, on a monthly basis, for Yahoo's premium email services, your data will get scanned unless you opt to opt out. Finding the page that lets you do this, surprise, surprise is not easy to do. We've got your back, though. Follow this link to take control of your Oath-related privacy settings.

Oath swears that the data scraping method they use ignores personal information and personal identifiers. Read the rest

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Eudora -- first released in 1988 -- was the first industrial-strength email client designed to run on personal computers like IBM PC and the Macintosh; though there are still die-hard users of the program, the last version was published in 2006. Read the rest

The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? Read the rest

Spamnesty is a simple service: forward your spam to it and it will engage the spammer in pointless chatbot email chains, wasting their time.

If you get a spam email, simply forward it to sp@mnesty.com, and Spamnesty will strip your email address, pretend it's a real person and reply to the email. Just remember to strip out any personal information from the body of the email, as it will be used so the reply looks more legitimate. That way, the spammer will start talking to a bot, and hopefully waste some time there instead of spending it on a real victim. Meanwhile, Spamnesty will send you an email with a link to the conversation, so you can watch it unfold live!

The conversations are indeed posted live, and some are quite funny. It's fascinating how obvious it is when a spammer switches from their own bot to giving a human response, and satisfying to see them fooled.

Have you met Lenny? Read the rest

America Rising, a GOP oppo research firm, has filed a slew of Freedom of Information requests seeking access to EPA employees' email, targeting employees who criticized Donald Trump, Scott Pruitt, or EPA policies, or who participated in union rallies against cuts; the requests target communications that mention Trump officials or are addressed to Democrats in Congress. Read the rest

It is routine for companies -- and even individuals -- to send emails with "beacons," transparent, tiny images that have to be fetched from a server. Through these beacons, companies can tell whether you've opened an email, whom you've forwarded it to, and even your location from moment to moment. Read the rest

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest

Best practice for mail-servers is to turn on TLS by default, which means that when that mail server talks to other mail servers, it encrypts the connection to thwart eavesdroppers. Though the practice (sometimes called "opportunistic encryption") started out as something only paranoid organizations partook of, it's now so widespread that Google warns you if you attempt to use Gmail to send a message to someone whose server won't accept encrypted connections. Read the rest

College student Abby Jo Hamele shared this amazing email she sent to her philosophy TA while she was still loopy from the hydrocodone from her wisdom surgery: Read the rest