Project news/updates will be posted in this section. You can also follow @HoneymailNet on Twitter.

HoneyMail found a new home

posted 27 Sept 2014, 16:12 by Tomasz Miklas

It's done - the service was moved to a new server on Friday, 26 September 2014.

When I started this project I didn't know how long it will last. Actually it turned out quite well - since January 2011 till yesterday all mail was routed through server in UK. Unfortunately the hosting provider I used for this project decided to move the contracts and billing to their sister company that is governed under the law of the State of Delaware, USA. The change of contracts is planned to happen on 1st Oct 2014.

This is rather unfortunate change for anybody that is located outside of the US, doesn't qualify to be "a US person" and is privacy aware - which would apply to most if not all of HoneyMail users. As a result I decided to find a new server that would offer similar or better privacy - simply because the new situation just doesn't feel right. After some research and reading quite a few internet privacy reports I decided to go with a server in Iceland, which surely will be better for privacy than hosting with a company governed under US law.

Internet Freedom Ranking

As an additional bonus, the new server also supports IPv6, so I guess this is the right direction. I'm sure time will tell either way ;-)

Dude! Where are my headers?

posted 21 Dec 2011, 17:21 by Tomasz Miklas

Recently I was asked by several people, what happens with original email headers when honeymail forwards the message.

Once you get spammed you may be curious how the message got to your mailbox - was it sent via open relays, from dynamic IP blocks or from hijacked SMTP server. It's all in the headers, and you have all of them - always had!

Honeymail's forwarding process is simple:
  1. Receive email
  2. Check if recipient exists - yes/no (queue/drop)
  3. Do all the checks and generate appropriate message to put inside email
  4. Generate new MIME encoded email and deliver to the recipient
    1. New headers (it's a new message)
    2. First MIME part includes check results
    3. Second MIME part includes original message (including all the headers)
Now, if your email client accepts 'inline' MIME content, check results and original message will be displayed, otherwise you will see only check results and original message will be show as an attachment.

There it is, all the headers you wanted to see.

Lightning talk at DC4420

posted 14 Dec 2011, 03:15 by Tomasz Miklas   [ updated 14 Dec 2011, 03:26 ]

Yesterday we had another DC4420 meeting in London. It was our last meeting this year and there was no talks formally scheduled... so we did lightning talks. I've presented the same slides as at BruCON with one addition - screenshot of the message I received yesterday morning.

Message that failed...

It's quite funny to see how some companies run their on-line stores under many domain names and can't keep consistency in their emails. This one is actually legitimate message, but not the first one from this company that failed honeymail checks... is now a public project

posted 22 Sept 2011, 02:24 by Tomasz Miklas   [ updated 22 Sept 2011, 02:34 ]

As of Tuesday, 20 September 2011 has become a public project. 

I've presented the overall concept during BruCON 2011 lightning talks, which are sometimes compared to "speed-dating for geeks". In general you have only 5 minutes to present your idea, hoping to get someone interested/excited/etc, so they go and research your work a bit more.
Sadly 5 minutes is also not enough to give the full overview of what's going on, and in this case, I only managed to present concept but didn't even touch on the future plans/ideas I have for it. Here is the slide deck I used for my lightning talk.

Sadly the presentation above doesn't have the commentary that is really the key part of the whole thing, but that's how it works :-)

1-4 of 4