taint.org: Justin Mason’s Weblog

The combined DKIM standard, mixing Yahoo!’s DomainKeys and Cisco’s IIM, has been submitted to the IETF as a candidate spec by the MASS ‘pre-working group effort’. I like the idea behind both (a few years back, I, a few other SpamAssassin developers, and several others came up with the roots of a message-signature anti-forgery scheme we called ‘porkhash’, but never really went anywhere with it), so I’m glad to see this one progressing nicely.

Seeing as I never seem to write much about anti-spam here any more, I might as well remedy that now with some comments on the new DKIM draft. ;)

It’s a very good synthesis of the two previous drafts, DomainKeys and IIM, more DK-ish, but taking the nice features from IIM.

The ‘h=’ tag is now listed as REQUIRED. This specifies the list of headers that are to be signed. If I recall correctly, this was added in IIM, modifies the behaviour of DK, and is a good feature — it protects against in-transit corruption by, (a) specifying an order of the headers, to protect against MTAs that reorder them; and (b) allowing sites to protect the ‘important’ headers (From, To, Subject etc.) and ignore possible additions by MTAs down the line (scanner additions, mailing list munging and additions, and so on).

A list of recommended headers to sign is included, with From as a MUST and Subject, Date, Content-Type and Content-Transfer-Encoding as a SHOULD.

Forwarding is, of course, just fine. This one doesn’t suffer from the SPF failure mode, whereby a forwarder will break a signature if it doesn’t rewrite the SMTP MAIL FROM sender address. (Of course, it now has its own new failure modes — the message must be forwarded in a nearly-pristine state.)

The message length to sign can be specified with ‘l=’. This may be useful to protect against the issue where mailing list managers add a footer to a signed message. It recommends that verifiers remove text after the ‘l’ length, if it appears, since that offers a way for spammers to reuse existing signatures. I still have to think about this, but I suspect SpamAssassin could give points for additional text beyond the ‘l=’ point that doesn’t match mailing list footer profiles.

The IIM HTTP-based public-key infrastructure is gone; it’s all DNS, as it was in DK.

The ‘z=’ field, which contains copies of the original headers, is a great feature for filters — we can now pragmatically detect ‘acceptable’ header rewriting if necessary, and handle recovery at the receiver end.

Multiple signatures, unfortunately, couldn’t be supported. I can see why, though, it’s a very hard problem.

The ‘Security Considerations’ section is excellent — 9.1.2 uses a very clever HTML attack.

Looks like development of DKIM-Milter, and an associated library, libdkim, are underway.

Given all that, it looks good. It’s not clear how much we can do with DK, and now DKIM, in SpamAssassin, however — it’s very important in these schemes that the message be entirely unmunged, and in most SpamAssassin installs, the filter doesn’t get to see the message until after the delivering MTA, or the MDA (Message Delivery Agent), has performed some rewriting. This would cause FPs if we’re not very, very careful.

I hope though, that we can find a useful way to trust DKIM results. It appears likely that they’d make an excellent way to provide trustworthy whitelisting — ‘whitelist_from_dkim’ rules, similarly to our new whitelist_from_spf support. (In fact, we could probably just merge both into some new ‘whitelist_from_authenticated’ setting.)

Tags: course, dkim, domainkeys, failure, iim, list, message, mtas, subject, the

Patents: An anonymous contributor writes:

‘I just received this letter and these pre-addressed postcards in the post this morning. I was surprised when I saw the envelope, because I’d never received anything from the BSA before. It turned out that they had extracted my name and address from the European Patents database, because I registered a software patent once. So a lot of these letters have been probably been sent out.

According to the letter, from Francisco Mingorance, the draft directive is being turned around to ‘rob small businesses of their intellectual property assets’.

I find it hard to see how that could be true. However the BSA’s letter has an important message you should heed - it is critical to contact your European representatives (your MEP and your country’s Commissioner) within the next two weeks. Let them know that the European Union should curtail software patents for once and for all.

Get out your best stationery and write to your MEP at the address given on this page.

Make sure your message is short and clear. SME’s don’t benefit from patents. Few patents are held by SME’s and the cost of applying for, maintaining and defending them is crippling.’

jm: I would suggest noting that you support the position of rapporteur
Michel Rocard MEP, and/or the FFII — details here. Please do write!

• scanned JPEG of cover letter
• scanned JPEG of some of the postcards

BTW, the contributor also offers: ‘if anyone is interested in doctoring up the BSA postcards, I can provide the hi-res scans.’ ;)

Tags: bsa, contributor, european, jpeg, letter, mep, message, patents, post, sme, software

Spam: WashPost: Computers Seized in Data-Theft Probe:

According to an account provided by the teenaged member of the hacker group — and confirmed by the law enforcement source who insisted on anonymity — the LexisNexis break-in was set in motion by a blast of junk e-mail. Sometime in February a small group of hackers … sent out hundreds of e-mails with a message urging recipients to open an attached file to view pornographic child images. The attachments had nothing to do with child porn; rather, the files harbored a virus (sic) that allowed the group’s members to record anything a recipient typed on his or her computer keyboard.

According to the teenage source, a police officer in Florida was among those who opened the infected e-mail message. Not long after his computer was infected with the keystroke-capturing virus, the officer logged on to his police department’s account at Accurint, a LexisNexis service provided by Florida-based subsidiary Seisint Inc. …

The young hacker said the group members then created a series of sub-accounts using the police department’s name and billing information. Over several days, the hacker said the group looked up thousands of names in the database, including friends and celebrities. The law enforcement source said the group eventually began selling Social Security numbers and other sensitive consumer information to a ring of identity thieves in California.

Tags: account, child, computer, group, hacker, message, officer, police, source, spam, virus

Map: much interesting geowankery going on in London, where they suffer under the same Ordnance Survey monopoly as we do in Ireland.

This message to their mailing list notes a quote from IKONOS of $1,172.50 USD plus shipping for a 1m Color Geo referenced satellite image of central London, covering 67 square kilometers.

Given ‘enough processing’, data extracted from that map becomes a Derived Work, and have no copyright restrictions. ‘Processing’ includes ‘vector extraction, classification, etc.’

Now, I worked it out — central Dublin city centre covers about 3km x 4km. At the named rates for London, that works out at an inexpensive $210! Looks like it was imaged in September 2003.

There’s something interesting for a local geohacker to add to their list of projects ;)

(There’s also some old Landsat-7 data that may be usable.)

Tags: geowankery, ikonos, list, map, message, monopoly, ordnance, processing, quote, survey, usd

Spam: Ask Slashdot: How Powerful is the Turn-Off Power of Spam? The question is, ‘How often do you make the decision to NOT buy something form a company because you know they engage in spamming activities?’

This is an old idea — it goes back to a December 1996 column by Roger Ebert, of all people, who proposes the following pledge that all internet users should take:

Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited e-mail message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community.

8 years later, it’s more important than ever.

However, it’s complicated by one additional factor — not everyone knows which products and companies use spam to advertise. For example, did you know that Kraft routinely advertise their Gevalia coffee through spam?

My suggestion — a daring individual (that rules me out ;) should set up a website where samples of major-product-advertising spam are collected from (trusted) reporters. A quick scoreboard based on how many reports a particular company accumulates, and we have a Boulder Pledge reputation service.

Some simple rules should be applied:

• Messages arriving at never-used spamtrap addresses, or scraped addresses from USENET or the web, especially if the message hits multiple of those addresses (indicating a high volume), is the basis for a listing;
• Failure to respect opt-outs, of course, would be a biggie;
• Using a known spamhaus, or sending via open proxies in Shandong, would be a massive thumbs-down;
• Failure to clean up it’s act after being made aware of the problem, oh dear.

It’d be essential to take an extremely careful approach to this; any hint of personal axe-grinding, and the site would be useless, written off as just the work of ‘another anti-spam kook’.

Essentially, this’d be a Fortune-500-oriented version of spamvertized.org.

Reportedly, many of the large companies using spam to advertise are fully aware at a management level that they are responsible for spamming. (That line about open proxies in Shandong is no joke — at least one Fortune 500 company has hired a spamhaus that does this.)

Doubtless, some spamvertisers may be victim to an overzealous but clueless marketing department, on the other hand — but either way, a public ‘name and shame’ forum gives a great impetus for them to avoid this problem, at least once they’ve been bitten the first time.

In some cases, it’s dodgy ‘affiliates’ that use spam to advertise their products — but a company that operates affiliates really should post a policy that says that affiliates found to be spamming will be terminated and have their commissions forfeited; reportedly, that has been found in other programs to quickly cut off the problem.

Tags: company, failure, message, pledge, power, powerful, question, slashdot, spam, turn

Spam: ‘The spam-classifying accuracy of a human being is 99.84%’. This statement has passed into SlashDot lore as the gospel truth, so time for some debunking.

First off, that’s not what Bill Yerazunis said in the CRM-114 Sparse Binary Polynomial Hashing and the CRM114 Discriminator paper. Here’s the real quote:

the human author’s measured accuracy as an antispam filter is only 99.84% on the first pass

Here’s a copy of the original mail:

I manually classified the same set of 1900 messages twice, and found three errors in my own classifications, hence I have a 99.84% success rate.

(my emphasis). In other words, the author sat down and ran through 1900 messages manually, then ran through them again, and checked to see how many messages in the first batch disagreed with the second.

Let’s consider an alternative situation, where a user is presented with one message, and asked to take their time, give it a full examination and some thought, and then classify the message. I would consider that more likely to be classified correctly, since fatigue will not be an issue (after 1900 messages, I’m pretty tired of eyeballing), and neither will time pressure (taking 20 seconds on each of 1900 mails would require 10.5 hours, and would be excruciatingly boring to boot).

In addition, the study wasn’t clear on exactly how much information from each mail was presented. Too little (just the subject line) or too much (every header and raw HTML), and a human will be more likely to make mistakes than if the mail is rendered fully, and the extraneous header info hidden. In my experience, I’ve never hand-classified 1900 messages purely through either method, because it’s just too tiring, and I know I’ll make quite a few mistakes. The UI for this work is important.

And finally, the figure is derived from a study with one user performing a task once. There’s no way you could use that figure in a serious setting — it’s not valid statistical science. Here’s Henry’s comment:

Yerazunis’ study of “human classification performance” is fundamentally flawed. He did a “user study” where he sat down and re-classified a few thousand of his personal e-mails and wrote down how many mistakes he made. He repeats this experiment once and calls his results “conclusive.” There are several reasons why this is not a sound methodology:

• a) He has only one test subject (himself). You cannot infer much about the population from a sample size of 1.
• b) He has already seen the messages before. We have very good associative memory. You will also notice that he makes fewer mistakes on the second run which indicates that a human’s classification accuracy (on the same messages) increases with experience. For this very reason, it is of the utmost importance to test classification performance on unseen data. After all, the problem tends towards “duplicate detection” when you’ve seen the data before hand.
• c) He evaluates his own performance. When someone’s own ego is on the line, you would expect that it would be very difficult to remain objective.

So, to correct the statement:

‘The spam-classifying accuracy of this one guy, when classifying nearly two thousand mails by hand, was 99.84%, once.’

Tags: accuracy, author, being, figure, header, mail, message, spam, study, time, user

Patents: Ciaran O’Riordan just posted a message to ILUG, regarding how concerned voters in Ireland can use their votes in tomorrow’s European elections to prevent legalising patenting of software ideas in Europe. Here’s the scoop:

Note the main thing I got wrong — some sitting MEPs from Fianna Fail and FG actually voted the right way! So a vote for FF in this case, is a vote against software patents. (I never thought I’d be saying that, but there you go ;)

Tags: area, brian, crowley, ilug, message, patents, scoop, software, south, tomorrow, vote

Web: Check out GMail’s ‘thread history’ built into the message display, dubbed ‘collapsable history’ and ‘cards’. Very, very nice email usability!

More at Kevin Fox’ weblog, fury.com.

Tags: com, display, email, fury, gmail, history, message, thread, usability, web, weblog

Spam: So this Orlando Soto guy again — the story hit Slashdot today, and the /.ers did some digging. It appears that Mr. Soto runs dduo.com, listing himself at the bottom of the page as ‘Orlando Soto - Webmaster/Owner’. He sells a wide range of apps, including:

• IP Ad Web Sender: ‘Send your advertising message to millions of people instantly! Target your advertisement geographically! Advertising message on someone’s screen, the second you send it! To send messages, IP Ad Web Sender uses a program called net send which is part of windows and is installed by default in Windows 2000, Windows NT and Windows XP.’

Yep, that’s Messenger spam. But don’t worry, he flogs the solution too:

• IP Blocker: ‘Protect yourself against a new type of annoying pop up spam message called IP Ads that can be sent directly to your computer anytime while you are online.’

Or you could just save your money and turn it off the easy way.

Tags: advertising, guy, message, orlando, sender, slashdot, spam, story, web, windows

Spam: /.: New Method of Spam Filtering: ‘A simple and easily implemented scheme for combating e-mail spam has been devised by two researchers in the United States. P. Oscar Boykin and Vwani Roychowdhury of the University of California, Los Angeles use their method to exploit the structure of social networks to quickly determine whether a given message comes from a friend or a spammer. The method works for only about half of all e-mails received - but in all of those cases, it sorts the mail into the right category.’

Abstract here. It appears it classifies 53% of the emails and leaves the other 47% as undiagnosed.

The problem with this scheme is that it relies on the data in the To, From, and CC fields being accurate. Currently, there’s no means to stop spammers faking those addresses.

A trivial way to get around this filter, similarly to the other filters that trust the From address, is for a spammer to send a message using your address in both the From and To fields. Most people would include themselves in their web of trust, hence the spam would get through.

A more resilient method uses IP addresses from the Received headers in conjunction with the From address. Once you do this, you can no longer use To and CC data — and the scheme becomes pretty much similar to SpamAssassin’s auto-whitelist.

Tags: address, filtering, message, method, new, scheme, spam, spammer, trust, use

Admin: So, taint.org has moved to a new server. With any luck, this message should show up there and get blogged…

Tags: admin, luck, message, org, server, taint

Funny: overheard on the radio just now, from the DJ interrupted during a station ident: ‘Your phone’s ringing. What, you have a text message? Fancy!’

Just to remind me I’m in the US ;)

Mind you, the DJ seems a bit out of touch; he’s clearly just discovered the Rock Gods that are The Darkness.

Tags: bit, fancy, funny, ident, message, overheard, phone, radio, station, text, touch

overheard on the radio just now, from the DJ interrupted during a station ident: ‘Your phone’s ringing. What, you have a text message? Fancy!’

Just to remind me I’m in the US ;)

Mind you, the DJ seems a bit out of touch; he’s clearly just discovered the Rock Gods that are The Darkness.

Tags: bit, fancy, ident, message, overheard, phone, radio, station, text, touch

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1

Science: Fish farting may not just be hot air (New Scientist):

Biologists have linked a mysterious, underwater farting sound to bubbles coming out of a herring’s anus. No fish had been known to emit sound from its anus nor to be capable of producing such a high-pitched noise.

… Three observations persuaded the researchers that the FRT is most likely produced for communication: Firstly, when more herring are in a tank, the researchers record more FRTs per fish. Secondly, the herring are only noisy after dark, indicating that the sounds might allow the fish to locate one another when they cannot be seen. Thirdly, the biologists know that herrings can hear sounds of this frequency, while most fish cannot. This would allow them to communicate by FRT without alerting predators to their presence.

—–BEGIN PGP SIGNATURE—– Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS

iD8DBQE/qThjQTcbUG5Y7woRAgEOAKDBmfaPgFrrGwTIndzQXJpQvoJGQwCcDyMa qkAWXoutn5Ki64fTK05emHA=
=E1La
—–END PGP SIGNATURE—–

Tags: begin, cannot, fish, frt, hash, herring, message, pgp, signed, sound

Security: Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:

BUCHAREST, Romania - It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.

‘I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned.

Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems.

One question: why was an internet-connected computer controlling the life support systems? eeek.

Tags: computer, contains, cybercrime, emerges, message, nexus, nightmare, scenario, security, server, south

Romania Emerges As Nexus of Cybercrime (AP). Contains this glorious nightmare scenario:

BUCHAREST, Romania - It was nearly 70 degrees below zero outside, but the e-mail on a computer at the South Pole Research Center sent a different kind of chill through the scientists inside.

‘I’ve hacked into the server. Pay me off or I’ll sell the station’s data to another country and tell the world how vulnerable you are,’ the message warned.

Proving it was no hoax, the message included scientific data showing the extortionist had roamed freely around the server, which controlled the 50 researchers’ life-support systems.

One question: why was an internet-connected computer controlling the life support systems? eeek.

Tags: computer, contains, cybercrime, emerges, message, nexus, nightmare, scenario, server, south

Spam: I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There’s even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

• From, To addrs and HELO string used
• proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
• random seed used to generate random hashbuster tokens etc., so the body text matches

That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.

Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.

Tags: collate, mail, message, page, server, smtp, spam, update, verp, world

I’ve been meaning to collate a page about why I don’t like greylisting. My previous posting is relatively useful, but it needs an update, so here it is:

First off, every single message is delayed until a database match is found for the combination of sending IP, envelope-from and envelope-to. As Alan Leghart pointed out, ‘So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’? Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server.’

Secondly, large mailing lists that use VERP (generating keyed From addresses for each mail for good bounce-handling) will require manual whitelisting for each list, or each host.

Yahoo! Groups, for example,
uses VERP for all its lists, and also will not retry delivery if the first attempt fails.

There’s even buggy SMTP servers that do not support retrying, believe it or not.

(Once again, as for many spamfilter designs, the unusual SMTP clients are the ‘edge cases’ that cause the most trouble.)

Manual whitelisting == work == what spam filtering is trying to reduce == bad.

Thirdly, and most seriously, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed spam solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

For a spamtool to retry, it just needs to track 4xx responses, and if it encounters one, save these items of data:

• From, To addrs and HELO string used
• proxy IP used (btw proxies are almost never shut down successfully, so the spammer can generally assume this can be reused next time)
• random seed used to generate random hashbuster tokens etc., so the body text matches

That’s really not a lot of data — 64 bytes per address that requires a retry. Then, an hour or more later, do the retry.

So, IMO, ‘greylisting‘ will work fine in the short term, until it becomes reasonably common — then the spamtool developers will start adding retry code.

Then we’re back to square one — except some legit mail takes much longer to get delivered, and the bandwidth wasted by spam has doubled, due to all those retrying spams. That’s not really progress.

Tags: collate, mail, message, page, server, smtp, spam, update, verp, world

Spam: SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

Schemes similar to this — calling back to a sending server to verify that a mail was really sent via that host — have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:

• J C Lawrence’s ‘forward chained digital signatures’ on Received headers
• William at elan.net’s ‘complex callback verification requirying full message tracking server functionality with dns extensions’
• Russ Nelson’s Q249
• Our own ‘porkhash’

I still like this style of system, I think, but in terms of deployability and simplicity, I’m supporting Sender-Permitted From for now — which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.

Another bonus of SPF is that it’s simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It’s not always easy in the anti-spam field to find a solution like that ;)

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

Tags: authentication, list, mail, message, pointer, schemes, sender, server, smtp, spam, spf

SMTP Sender Authentication, by David Jeske of Y! Groups (pointer from Jeremy.

Schemes similar to this — calling back to a sending server to verify that a mail was really sent via that host — have been proposed before in several venues, the most high-profile and public being the ASRG list. Here is a message I sent to that list in April 2003 discussing a few of those schemes:

• J C Lawrence’s ‘forward chained digital signatures’ on Received headers
• William at elan.net’s ‘complex callback verification requirying full message tracking server functionality with dns extensions’
• Russ Nelson’s Q249
• Our own ‘porkhash’

I still like this style of system, I think, but in terms of deployability and simplicity, I’m supporting Sender-Permitted From for now — which similarly forces senders to use registered relays for a given SPF-supporting domain, but using DNS as the protocol and IP addresses as the hard-to-forge identity component.

Another bonus of SPF is that it’s simple, easy to implement, has *running code* out there now, and is being pushed strongly by a pragmatic and sane driving person (in the form of Meng Weng Wong). It’s not always easy in the anti-spam field to find a solution like that ;)

BTW, SPF also, similarly, breaks envelope sender forging. However, I agree, this is one egg that has to be broken to help stop spam (or at least force spammers to use their own domains and IPs.)

Tags: authentication, list, mail, message, pointer, schemes, sender, server, smtp, spf

Spam: Well, this is just incredible. I’ve just been spammed by a .gov domain — myfloridahousemail.gov.

The irony of my first .gov spam coming from Florida is inescapable.

The message came from an IP address registered to State of Florida/Dept. of Management Services, bldg 4050 esplanade way suite 115d, Tallahassee, FL 32399-0950 US. That address looks genuine. It really does look like it came from the Florida House of Representatives.

And it was sent to a spamtrap which is on a few spammer address lists, but has never been a genuine user address. And, obviously, I don’t live in Florida ;)

Read the spam here.

Tags: address, dept, domain, gov, irony, management, message, myfloridahousemail, spam, state

I keep getting this one, with a question about whether spammers can use it to get past filters:

Aoccdrnig to rceent rsceearch at an Birtsih uinervtisy, it deosn’t mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe.

Firstly, it’s a crock. That text is incomprehensible! Plus, it’s not entirely truthful in its message — try this variant, which really does make the ‘rset’ a ‘toatl mses’:

Aidnroccg to rceent rrceesah at a Biitsrh usvitrneiy …

Or maybe it’s just me who has to spend about 10 times as long trying to comprehend it. (Or maybe my font’s too small. whatever…)

Secondly, every ‘trick’ that results in spammers embedding large up-front blocks of readable text in their mails, scrambling letters around like that, using l33t-sp3ak, i n s e rt i n gs p ac e s, 92384 adding lsdjfgk random foo words to viagra confuse filters, etc. etc. will do nothing but hurt them.

Bear in mind they make money from spam by making sales — if they have to increasingly obfuscate their message to get through, their would-be ‘customers’ will not be able to read the messages, their sales will go down, and spamming will become unprofitable.

Remember: if the costs of spamming goes up (through effective filters, increasing complexity to evade detection, and legislation to prosecute them), and the returns go down, the spamming becomes unprofitable and more spammers will give up.

Tags: aoccdrnig, birtsih, message, question, rceent, rsceearch, rset, text, toatl, wrod

Neil Gaiman writes about how, for several months, mail to his publishers, DC Comics, was intermittently disappearing into a black hole. Eventually, the culprit was found: AOL-TW’s spam/virus filters. Any mail containing the word ‘Sandman’ — ie. the name of the comic he writes for DC Comics — was being filtered silently, without notifying either the sender or recipient. Wow. His editor’s computer guy reported:

I’ve been informed that the reason why there was a delay in the delivery of this message was because one of several keywords were found within the message. In particular, the word ‘SANDMAN’ was found several times. This has been a telltale sign of one or more computer viruses, so the message was set aside to be investigated by a WB security person.

(Via Crypto-Gram)

Tags: aol-tw, computer, culprit, hole, mail, message, sandman, spam, virus, word

spamvertized.org; a gallery of US political spam.

Sadly, Howard Dean kicks it off, with a ‘Dean For Texas’ e-pended message (’e-pending’ is explained here). But don’t go voting R just yet — they’ve got one too ;) It’s not on the site just yet, as the site maintainer wants to get permission from the recipient to post it publicly first.

And check out these nefarious antics from the Bush 2000 campaign.

Tags: check, gallery, maintainer, message, org, permission, recipient, site, spam, voting

Wired News: Yahoo! Spam Filter Thwarts FTC:

Consumers who used Yahoo Mail e-mail accounts to register for the Federal Trade Commission’s new do-not-call service were met with an ironic twist Friday — Yahoo’s spam filter intercepted confirmation messages sent from FTC servers.

‘Our tests showed that Yahoo’s spam filter was automatically sending the confirmation messages from the do-not-call list into users’ bulk-mail folders,’ said NetFrameworks co-founder and CTO Eric Greenberg. ‘The irony of it is that the spam filter is blocking the very thing that’s supposed to help you stop getting spam over the phone.’

FWIW, I signed up, without any hitches.

As noted elsewhere, their mail-sending systems were massively overloaded – an insane quantity of people were also signing up at the same time, from what I’ve heard.

But a day later, the confirmation message eventually came through, and got run through my ‘dogfood’ SpamAssassin 2.60 installation. That gave it -5.2 points. Not bad, considering they didn’t have reverse DNS records for the machines sending the mails out ;) (update: they do now, btw.)

In case you’re wondering, the tests it hit were: BAYES_00,CLICK_BELOW,DATE_IN_PAST_12_24,NO_REAL_NAME. Pretty respectable, really. Aside: that message getting a BAYES_00 match is impressive, given that (a) that Bayes db was initialized entirely from auto-learned mails, no hand-training; and (b) I’d never received a mail from the Do Not Call registry operators before.

Tamales: this is cool — San Francisco’s boozy culture paid homage last night to ‘The Tamale Lady’:

Tonight, Zeitgeist will swell again for Ramos’ 50th birthday party. There, San Francisco filmmaker Cecil B. Feeder will premiere his mini-documentary ‘Our Lady of Tamale,’ featuring 30-second songs submitted by dozens of San Francisco musicians.

Isn’t that nice. Ben says it went well. Somehow or other we missed her tamales last time we were up, but I’ll be sure to get one next time…

Tags: bayes, confirmation, filter, ftc, lady, mail, message, spam, time, yahoo

‘Greylisting’, as described here, has received a lot of attention recently. However, I don’t think it’s a goer; here’s why:

• Firstly, as Alan Leghart pointed out on the SpamAssassin-talk list:

  This method proposes to delay EVERY SINGLE MESSAGE until a database match is found for sending IP, FROM, and TO. So…we punish everyone in the world, and hope that a delay of one or more hours is considered ‘acceptable’?

  Read his message for a sample typical daily scenario which shows how bad this can be. Maybe some people already expect a mail to take several hours to reach a recipient. In that case, you need to fix your mail server. Even the 300Mhz SpamAssassin spamtrap server gets through mail faster than that, and it’s seeing an absurd mail load ;)

• Secondly, many VERPing mailing lists and newsletters will need manual whitelisting. Requiring manual intervention == work == what spam filtering is trying to reduce == bad.

• Thirdly, it assumes spammers would never introduce retries into their spam-tools if it took off. Tempfailing, what this is based on, is effective right now because spamtools don’t retry. But every proposed solution has to consider what would happen if every server admin in the world implements it, and spammers then want to subvert it.

  IMO, ‘greylisting‘ would work fine until the spamtools start retrying, then we’re back to square one — except some legit mail takes a long time to get delivered, and the bandwidth wasted by spam has doubled due to all those retrying spams.

Tags: attention, firstly, goer, greylisting, lot, mail, message, server, spam, world

That’s the message from Robert Sapolsky, professor of biological sciences at Stanford and neurology at Stanford’s School of Medicine, from his studies of baboon behaviour in the Serengeti:

For the humans who would like to know what it takes to be an alpha man–if I were 25 and asked that question I would certainly say competitive prowess is important–balls, translated into the more abstractly demanding social realm of humans. What’s clear to me now at 45 is, screw the alpha male stuff. Go for an alternative strategy. Go for the social affiliation, build relationships with females, don’t waste your time trying to figure out how to be the most adept socially cagy male-male competitor. Amazingly enough that’s not what pays off in that system. Go for the affiliative stuff and bypass the male crap. I could not have said that when I was 25.

A handful of (the baboons) simply walked away from it over the years. Nathaniel was one, and Joshua was another. They had the lowest stress hormone levels you’ve ever seen in male baboons, and outlived their cohorts. The fact that this alternative strategy is actually the more adaptive one is one of the good bits of news to come out of primatology in quite some time. If that’s the future of primates, this planet is going to be in great shape in a couple of million years.

A great article, and pretty funny in places — especially where he discusses the results of baboons’ lack of a developed frontal cortex:

Even though there are tremendous individual differences among the baboons, they’re still at this neurological disadvantage, compared to the apes, and thus they typically blow it at just the right time. They could be scheming these incredible coalitions, but at the last moment, one decides to slash his partner in the ass instead of the guy they’re going after, just because he can get away with it for three seconds. The whole world is three seconds long–they’re very pointillist in their emotions.

More at the Edge Magazine site.

Tags: alpha, medicine, message, neurology, professor, school, stanford, strategy, stuff, time

Ah, some good old-fashioned sleazy MS stuff:

Chris O’Rourke, a Microsoft employee, described attending LinuxWorld, a trade fair in California, where he ‘purported to be an independent computer consultant’ working with several public school districts, according to an e-mail message he sent on Aug. 20, 2002. ‘In general, people bought this without question,’ Mr. O’Rourke wrote. ‘Hook, line and sinker.’

He said his goal was to glean intelligence about the competition. His guise, Mr. O’Rourke said, ‘got folks to open up and talk.’ Mr. O’Rourke did not respond to a fax and voice mail message seeking comment.

Hilarious — if you can’t beat ‘em, send in the clowns. Via the NYT.

Tags: aug, computer, consultant, employee, linuxworld, message, microsoft, school, stuff, trade

a message on Dave Farber’s IP list tipped EMusic.com as a little-known alternative to Apples new music store. So I took a look, and whaddya know, it’s incredible! Here’s the key points:

• A fantastic selection of my favourite genres: roots reggae, dancehall, ambient and drum and bass. This is exactly the stuff you can’t find on P2P nets nowadays, and it’s not on Apple’s store either. EMusic is not so hot for the top-40 stuff, but let’s face it, I will never want to listen to Britney’s latest anyway.

• ‘Try before you buy’ 30-second track tasters, so you can listen to
  • the tune just enough to see if you like it before committing.
• A flat monthly rate of 10 bucks, for 50 tracks a month.

• Download as plain old un-DRM-encumbered MP3s. So it’ll work fine on my Linux desktop, and pretty much any music-listening device you can possibly imagine for the next few years.

Wow. I’m so signing up for this. I think in 10 minutes I’ve identified my next 6 months’ listening material…

Tags: alternative, apples, com, emusic, list, look, message, music, store, stuff

I was clearing out my mail last night, and came across a message that referenced a mail I sent a few years back; it’s a selection of feature requests I made at the start of development of Evolution, the GNOME mail reader/contact manager/Outlook clone. (Not sure if any got implemented BTW ;)

Since I still think some of these are killer ideas that would really improve email readers, and since the only copy is sitting in a mailing list archive, I’ll take a local copy here by posting it.

Worth noting that the reason it came up was a quick mail exchange with Kaitlin ‘Duck’ Sherwood, who’s the queen of email usability, and will be working on the OSAF’s Chandler PIM (and mail) application. Not only had she read the CHI’96 paper in question, she noted it as a ‘profound influence’! Cool — and bodes well for Chandler!

Kaitlin also replied with some excellent plans for folder-overview presentation; I can’t wait to see the results in Chandler, personally. If you want an idea of this stuff, her page on the Perfect Email Client lives here.

Quick top tip: filtering or colorizing messages based how you’re addressed in the headers is immediately beneficial. Quoting Ducky:

My pet view also color-codes messages based on how you were addressed.

• to me and only me
• to me and other people
• cc me and only me
• cc me and other people
• bcc me

Most people who have implemented the above techniques (you can do it

with either Outlook or Eudora, though it’s somewhat painful to set up) tell me they’ve saved between 25% and 50% of their prior email time.

She’s right, too!

From: Justin Mason (spam-protected)
Date: Fri, 02 Jun 2000 12:11:56 +0100
Subject: CHI’96 paper on mail usability and some thoughts

Hi guys,

Dunno if you’ve seen this, it’s a good paper on email usability and some recommendations to improve same…

http://www.acm.org/sigchi/chi96/proceedings/papers/Whittaker/sw_txt.htm

Basically it says:

1. heavy mail users use incoming mail as a to-do list and appointment tracker

(I personally would add “as a reference bookshelf” as well in my case);

1. filing into folders doesn’t work in a lot of cases; once it’s out of the

inbox it’s off the radar and soon forgotten about; and folder names are hard to pick and remember;

1. users quite often do not delete mails in case they become valuable context

for an ongoing discussion, resulting in inbox bloat and an interleaved stack of messages from threads filling up the inbox;

1. inbox bloat means important mails from a day or two ago soon scroll out

of the “main” window and are lost in the noise.

to fix these:

• it recommends threading (makes sense, and we know that). This reduces

the visual impact of inbox bloat and sorts 3. and 4.

• close links to PIM functions such as todo and datebook would be good to help

with 1. (that’s the plan isn’t it!)

• vfolders should deal with 2.

A few ideas I came up with myself during reading it:

• I previously added some code to ExMH to colorise messages, and used

the colours as a way of differentiating “todo low-priority”, “todo high-pri”, “support mails”, “pals chatting”, etc. This worked very well as a way to scan a lot of mails and immediately work out the rough categorisation without having to read and parse the from and subject. (unfortunately the code stopped working in the next ver of ExMH and my Tk knowledge wasn’t good enough to fix it!) Helps with problem 4 and aids scanning.

• up to now there’s been essentially 3 states for mail messages — “unread”,

“read” and “deleted” (ie. not there anymore). I would like to see another state, “saved_as_context”, which would be similar to deleted; ie. the mail would not be visible to the user at all. However, if another mail came in that referenced the “saved_as_context” mail, it would be possible (probably through hitting a “view context thread” button) to see all of that new msg’s context mails. This sorts out problem 3 in a nice way IMHO. BTW it may even be better to use “saved_as_context” instead of “deleted”, ie. keep deleted msgs around for possible context use, and purge them periodically.

• Retitling mails (ie. changing their subjects after they’ve been received)

would help deal with problem 1 as well — e.g. changing a mail from “Re: help” to “How to fix the latest Outlook worm” is obviously handy for future visual message retrieval ;)

• It would be handy if an incoming mail can be converted into a To-Do list item

in the PIM interface; ie. right-click on mail, select “add to to-do list”, and that mail (and/or thread!) would be visible in the To-Do PIM interface in some way (even just as a “see this mail” link a la the “note” attached to Palm To-Do list items). It’d also be cool if this went both ways so the To-Do list position/priority of a mail was visible in the inbox view.

Anyway, these are some ideas I thought I’d throw in. I’m pretty excited by the possibilities of Evolution, and I’m looking forward to trying it out; after reading that paper, I just had to share ;)

BTW I haven’t used MS Outlook, so forgive me if Outlook sorts out these problems and I just didn’t notice — ditto for Evolution too, I haven’t had the time to get it compiling yet! ;)

–j.

Tags: copy, email, list, mail, message, night, outlook, paper, selection, usability

Ben notes this passage from this SFGate story:

‘(Saddam’s) generals have been getting personal messages, including e-mail and cell phone calls, urging them not to fight.’

Then speculates exactly what such a message might look like…

Date: Thu, 20 Mar 2003 12:30:18 -0800
From: ben (spam-protected)
Subject: speculation

Dear friend,
This is for real!!!!!!!!!!!!1
================================================
================================================
This is a ''ONE-TIME MESSAGE'' you were randomly
selected to receive this.  There is no need to reply
to remove, you will receive no further mailings from
us.  If you have interest in this GREAT INFORMATION,
please do not click reply, use the contact information
in this message. Thank You! :-)
================================================
================================================
* Print This Now For Future Reference *
The following opportunity is one you may be interested
in taking a look at.  It can be started with VERY
LITTLE risk and the return is TREMENDOUS!!!
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
You are about to not get killed by the most powerful
military force in the world.
Please read the enclosed program…THEN READ IT
AGAIN!!!
<>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  <>  
The enclosed information is something I almost let
slip through my fingers.Fortunately, sometime later I
re-read everything and gave some thought and study to
it.
My name is Major Hassan al-Ramidi. Twelve years ago,
the unit I commanded at for the past twelve years was
eliminated. After unproductively wandering around in
the desert in terror for a while, I incurred many
unforeseen problems. Enormous numbers of men and
high-tech weapons surrounded me and were trying to
kill me. I truly believe it was wrong for me to be in
trouble like this.  AT THAT MOMENT something
significant happened in my life and I am writing to
share my experience in hopes that this will change
your life FOREVER!!!
In mid-December, I received this program via email.  I
had been sending away for information on various
opportunities for not dying.  All of the programs I
received, in my opinion, were not practical.  They
were either too difficult for me to comprehend or they
involved me getting killed by the US military or dying
of thirst in the desert. 
But like I was saying, in December I received this
program.  I didn’t send for it, or ask for it, they
just got my name off a mailing list. THANK GOODNESS
FOR THAT!!!  After reading it several times, to
make sure I was reading it correctly, I couldn’t
believe my eyes.  Here was a NOT GETTING KILLED
PHENOMENON.
After I got a pencil and paper and figured it out, I
at least had a chance of not dying horribly and
painfully.  After determining that the program is
LEGAL and NOT A CHAIN LETTER, I decided ”WHY NOT”.
I AM LIVING PROOF THAT IT WORKS !!!

Tags: cell, date, information, message, passage, phone,