It's always good to have something to blog about first thing Monday morning.

TO:inquiries@boingboing.net

Hi, victim.

I write you because I buried a malware on the web page with porn which you have viewed. My virus captured all your private info and switched on your webcam which recorded the process of your masturbation. Just after that the malware saved your contact list. I will erase the compromising video and info if you pay me 350 EURO in bitcoin. This is address for payment : 16aFnAAFfeq4BhL98P8LAoaviUaYp7oTSr

I give you 30h after you open my message for making the transaction. As soon as you read the message I'll see it immediately. It is not necessary to tell me that you have sent money to me. This wallet address is connected to you, my system will delete everything automatically after transfer confirmation. If you need 48 hours just Open the calculator on your desktop and press +++ If you don't pay, I'll send dirt to all your contacts. Let me remind you-I see what you're doing! You can visit the police station but nothing can't help you. If you attempt to cheat me , I'll know it right away! I don't live in your country. So nobody can not track my location even for 9 months. bye. Don't forget about the disgrace and to ignore, Your life can be ruined.

It turns out that the ESL Shame Wizard is randomly-generated! Our customer service email helpline received one with a slightly different wording:

Hi, victim.

Everything has a cost, especially in the realm of online services. It used to be a pretty common practice for providers of 'free' email services to scan their user's messages for data that'd be valuable to advertisers. The data got sold to keep the email provider's lights on, with in-browser advertising filling in the financial gaps. Most email providers abandoned the practice, years ago: they were amazed to find that it pissed off their users. Yahoo's parent company, Oath, however, is getting back on this particular brand of bullshit.

From The Verge:

Yahoo’s owner, Oath, is in talks with advertisers to provide a service that would analyze over 200 million Yahoo Mail inboxes for consumer data, sources told WSJ. Oath did not immediately respond to a request for comment.

Oath confirmed to the WSJ that it performs email scannings and said that it only scans promotional emails, usually from retailers. Users have the ability to opt out, it said. Oath’s argument is that email is an expensive system, and people can’t expect a free service without some value exchanged.

That's greasy.

Greasier still is the fact that even if you pony up the dough, on a monthly basis, for Yahoo's premium email services, your data will get scanned unless you opt to opt out. Finding the page that lets you do this, surprise, surprise is not easy to do. We've got your back, though. Follow this link to take control of your Oath-related privacy settings.

Oath swears that the data scraping method they use ignores personal information and personal identifiers. Read the rest

When you send someone else an email, your mail server connects to their mail server to transmit the message, and spy agencies have made a surveillance banquet out of these transactions, harvesting emails by the billions. Read the rest

Eudora -- first released in 1988 -- was the first industrial-strength email client designed to run on personal computers like IBM PC and the Macintosh; though there are still die-hard users of the program, the last version was published in 2006. Read the rest

The revelation that encrypted email is vulnerable to a variety of devastating attacks (collectively known as "Efail") has set off a round of soul-searching by internet security researchers and other technical people -- can we save email? Read the rest

Spamnesty is a simple service: forward your spam to it and it will engage the spammer in pointless chatbot email chains, wasting their time.

If you get a spam email, simply forward it to sp@mnesty.com, and Spamnesty will strip your email address, pretend it's a real person and reply to the email. Just remember to strip out any personal information from the body of the email, as it will be used so the reply looks more legitimate. That way, the spammer will start talking to a bot, and hopefully waste some time there instead of spending it on a real victim. Meanwhile, Spamnesty will send you an email with a link to the conversation, so you can watch it unfold live!

The conversations are indeed posted live, and some are quite funny. It's fascinating how obvious it is when a spammer switches from their own bot to giving a human response, and satisfying to see them fooled.

Have you met Lenny? Read the rest

America Rising, a GOP oppo research firm, has filed a slew of Freedom of Information requests seeking access to EPA employees' email, targeting employees who criticized Donald Trump, Scott Pruitt, or EPA policies, or who participated in union rallies against cuts; the requests target communications that mention Trump officials or are addressed to Democrats in Congress. Read the rest

It is routine for companies -- and even individuals -- to send emails with "beacons," transparent, tiny images that have to be fetched from a server. Through these beacons, companies can tell whether you've opened an email, whom you've forwarded it to, and even your location from moment to moment. Read the rest

Yesterday's massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware's author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account. Read the rest

Best practice for mail-servers is to turn on TLS by default, which means that when that mail server talks to other mail servers, it encrypts the connection to thwart eavesdroppers. Though the practice (sometimes called "opportunistic encryption") started out as something only paranoid organizations partook of, it's now so widespread that Google warns you if you attempt to use Gmail to send a message to someone whose server won't accept encrypted connections. Read the rest

College student Abby Jo Hamele shared this amazing email she sent to her philosophy TA while she was still loopy from the hydrocodone from her wisdom surgery: Read the rest

After the DNC hack, security experts began playing close attention to the security of servers associated with the Trump campaign, on the assumption that if the Democrats had been targeted, the Republicans would be, too. Read the rest

FBI Director James Comey writes in a letter sent Friday to congress that the bureau is investigating more emails related to Hillary Clinton's use of a personal email server.

In previous congressional testimony, I referred to the fact that the Federal Bureau of Investigation (FBI) had completed its investigation of former Secretary Clinton's personal email server. Due to recent developments, I am writing to supplement my previous testimony

In connection with an unrelated case, the FBI has learned of the existence of emails that appear to be pertinent to the investigation. I am writing to inform you that the investigative team briefed me on this yesterday, and I agreed that the FBI should take appropriate investigative steps designed to allow investigators to review these emails to determine whether they contain classified information, as well as to assess their importance to our investigation.

Although the FBI cannot yet assess whether or not this material may be significant, and I cannot predict how long it will take us to complete this additional work, I believe it is important to update your Committees about our efforts in light of my previous testimony.

The letter's vague. Everyone is losing their shit over it, either thinking it's saying more than it is (there's no suggestion that it's her email), or finding its lack of detail suggestive of a partisan effort to spread fear and doubt days before an election.

If we don't hear more from Comey, we just have to conclude that he was trying to swing election.

A week after the revelations that Yahoo illegally allowed American spies to access all Yahoo users' email (possibly via a dangerous rootkit), and two weeks after admitting that 500,000,000 Yahoo Mail users' passwords were leaked years previously, possibly to a "state actor," the company has disabled email forwarding for Yahoo Mail users. Read the rest

Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to "all arriving messages," reports Reuters.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.

It might not seem terribly meaningful to users, given the revelation that 500m Yahoo accounts (surely all of its users, or close to it) were hacked anyway, but there's a difference between a one-off break-in and a standing invitation. Over four years of Mayer's leadership, Yahoo suffered a "stunning collapse in valuation" and was sold to Verizon for $4.83bn. Completion of the deal is reportedly threatened by the recent stories about Yahoo's security failings. Read the rest

The U.S. State Department said today that about 30 or so emails out of the nearly 15,000 the FBI obtained from Democratic presidential candidate Hillary Clinton may have involved Benghazi.

Last week, officials announced that the FBI had recovered 14,900 emails that Clinton did not turn over with the server she used while secretary of State. Read the rest

For April Fools, Google rearranged Gmail's UI to replace the normal send button with one that attaches a Minions(TM) Mic Drop GIF animation to outgoing email.

“Today, Gmail is making it easier to have the last word on any email with Mic Drop. Simply reply to any email using the new ‘Send + Mic Drop’ button. Everyone will get your message, but that’s the last you’ll ever hear about it. Yes, even if folks try to respond, you won’t see it,” Google explained when it launched the button on April 1.

Unfortunately, this resulted in things like this:

WHAT A HARMLESS APRIL FOOL'S JOKE, WHAT COULD GO WRONG pic.twitter.com/Maw8a6VUSA

— Andy Baio (@waxpancake) April 1, 2016

Google quickly realized what it had done and turned it off…

Well, it looks like we pranked ourselves this year. 😟 Due to a bug, the MicDrop feature inadvertently caused more headaches than laughs. We’re truly sorry. The feature has been turned off. If you are still seeing it, please reload your Gmail page.

…but not before a fair heap of mistakenly-dropped mics had piled up, along with the mic droppers' anguished complaints, on the internet.

A good reminder that email is not what Gmail is for. Read the rest