SQL to see domains for email addresses

I wanted to find out which domains were on somebody’s mailing list, and used this SQL command:

SELECT count((SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1))), (SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1)) FROM `phplist_user_user` group by (SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1)) where confirmed=1 and blacklisted=0 order by count(SUBSTRING_INDEX(SUBSTR(email, INSTR(email, ‘@’) + 1),’.’,1)) desc

It resulted in this list. Pretty cool!

3916 gmail
496 yahoo
442 kellyservices
256 comcast
228 hotmail
195 officeteam
179 accountemps
163 aol
115 sbcglobal
85 volt
84 att
81 adeccona
78 bellsouth
76 outlook
76 roberthalffinance
65 us
58 roberthalftechnology
57 earthlink
56 me
56 msn
53 ajilonfinance
52 roberthalfmr
51 cox
47 right
43 mail
40 icloud
40 mac

Testing DKIM

Recently, I’ve been learning about email and how to set things up so people can’t impersonate email addresses.

One of the things to set up is DKIM, which is a method of “signing” an email as it leaves your server. The recipient end can validate that signature when email is received, and if it fails the validation, the email can be rejected as not legitimate.

This site can be used to test if your DKIM signature is set up correctly:


Another way to test is to send it to your Yahoo email, then look at the message source. If you find “dkim=pass” in the header, you’re good to go.

And, one more way is to send an email to check-auth@verifier.port25.com and you’ll get a report back.

Additional resource: https://emailstuff.org/


New serious vulnerabilities – Spectre and Meltdown

Two hardware vulnerabilities have been recently revealed, and they affect the CPUs (brains) of most modern computers and electronic devices. The only permanent fix is replacing the affected hardware but there isn’t anything available just yet. It’s going to take some serious work by hardware vendors to come up with a solution. That being said, software patches are being made available, so go ahead and perform any updates that become available for your computer, phone, tablet, and all other electronic devices as soon as possible.

Since this affects pretty much all computers, your website may also be rebooted during the patching process. Contact your web host with any questions.

Full details, in human-readable form (!) are on the Defiant blog: The Impact of Meltdown and Spectre Vulnerabilities

Huge password database found on the dark web

One of my newsletters had an interesting article in it today. It talked about a database of login credentials that is open and available for cybercriminals to download, if they know how to find it. They also provided an email address where you can check to see if your email is in the database.

How to See if Your Email is in The Database

Send an email to verification@4iq.com with the subject line Password Exposure Check, and they will send you back an email if they find the sending email address in the database.

I did this with three of my email addresses, and two came back with one password each. They were very old passwords, I think, because I now use a scheme to make it different for every site but follows a pattern so I know what the password should be.

Never Reuse Passwords

Yes, it’s a hassle to keep track of passwords. You really should use a different password for every site because if you use the same one all the time, if one site gets compromised, it could potentially compromise any and all other accounts where you use the same password. This is especially true for email passwords. Think of all the information to be had if someone is able to log in to your email.

How to Keep Your Passwords Unique

One idea is to use a simple phrase that also includes a couple of different characters depending on the website where it’s being used. For example, you could use something like:

Hello world! 29#WE

Where WE is the first two or three letters of the name of the website. The only thing that would vary is the letters at the end (or in the middle, wherever you decide to put them). This strategy has worked well for me, though I do encounter some sites that don’t allow spaces or other weird characters, so it’s not always possible to follow the scheme for every site. But then I just remove the spaces and if that doesn’t work, I remove the special characters. And if those things don’t work, I just request a new password and then write it down in my password notebook.

Another thing I do, to vary them just a little more, is to use a different number for personal use websites (like AllRecipes.com or Facebook) versus business websites.

Stay safe out there!