Archive for the 'SPF' Category

Holiday coupon phishing scams

Thursday, December 6th, 2007

859179849_bf878c8116_m.jpgThe Associated Press is warning email users yesterday to be wary of coupons that they have received via email.

Instead of money saving deals, e-mailed coupons could lead recipients into “phishing” schemes where the consumer is redirected to a copycat site, whose real purpose is to siphon the user’s credit card information, passwords and other financial data, IBM Corp. security executive Christopher Rouland warned.

If you are a Boxbe member and have approved email from say, messages from a an address that claims to be from Amazon, but really aren’t, won’t make it through to your inbox.

Boxbe uses two email authentication methods (DKIM and SPF) to verify that the emailer is who they claim to be. DKIM and SPF are two email authentication standards backed by Google, Microsoft, Yahoo!, and AOL. Boxbe blocks messages that come from senders who claim to be someone that they are not

Be safe out there this holiday season and let us worry about your email.

image from Flickr user skrewtape.

FAQ – Non-approved senders

Thursday, March 1st, 2007

By now, you know how the Boxbe system works. Sign up for a protected email address and only people that pay, prove they are human or you pre-approve get through to you. But what does it look like to the sender?


Setting up your pre-approval list is important to ensure people that you know and trust can still email you. The easiest way to do this is to upload your address book. We’ve made uploading your address book easy.


Non-Approved Senders

When you receive an email from someone you don’t know, an email is sent to the sender.

The email says the following:

Delivery Status Notification (Failure)

The message you sent to was not delivered. uses Boxbe to limit inbox access. You
are not pre-approved to deliver from
and your message has been placed in a quarantine.

To complete delivery

Authenticate your message (click on link):

Pay a refundable(*) fee of USD $0.15 (click on link):

(*) has the choice to grant a refund.

About Boxbe
Boxbe is a communications marketplace built on top of today’s
email. By using a price as a screen and letting you share your
interests, Boxbe helps you get the messages you want and
avoid the ones you don’t. Friends continue to reach you for free.

Get a cleaner, more useful inbox.
Join Boxbe today! Visit

They can take a test to prove they are human or post a bond that you set. If you have allowed senders to take a test, your new friend will get a screen that looks like this:


[Click for full size image]

If not, they will be required to join and post the bond you have set.


[Click for full size image]

Setting the bond low will ensure that people won’t mind risking a few cents. This will, however, deter emails that you aren’t likely to want.

What is phishing?

Friday, February 16th, 2007

In an earlier post, I mentioned a spammer who was phishing getting convicted and facing up to a 101 years in prison as a result. But what exactly is phishing?


Photo by Flickr user thermodynamix

Wikipedia defines phishing as

“a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.”

In a nutshell, phishing is something criminals do to trick people into giving them sensitive information. The stolen information is then used by the criminal for further illicit activities.

Boxbe and phishing

So, what does Boxbe do about phishing? First, the only email that you receive when using Boxbe is from senders that you have approved, have passed a human test or have paid a fee. Second, we use two emerging industry standards, SPF and DomainKeys to increase the likelihood that the sender isn’t spoofing or faking their email address.

Is it a 100% solution? No. Unfortunately, we can’t guard against all forms of social engineering or deception. What we can do is guard against emails from entering your inbox that make false claims as to their point of origin. The rest is up to you.

Learn more about phishing

We suggest that everyone educate themselves against phishing. Here are some great places to learn more about phishing: