|
 Wednesday, November 02, 2011 |
| Why I was wrong about SPF (sender policy framework) |
|
In a previous post about Sender Policy Framework (SPF) I was not enthusiastic. SPF is a field type in a DNS record. It points to a mail server. Rememver the Domain Name Sustem (DNS) resolves a url, like www.damon4.com, to a physical address, such as 12.34.89.100. SPF helps mail servers reject spoofed email. It is imperfect security. I am reassessing my position on this. But first a quick story or two. You will see the relevance.
When I was in China the students told me two stories. The first one was of a child who was kidnapped. The kidnappers asked for 200K RMB. The parents called the police. They were waiting for the kidnappers at the money/child handoff. There was a chase, but then the police caught the kidnappers and shot them dead. Right on the spot. No F*ing around. I felt safe in China, there was some petty crime (pickpockets etc), but not much violent crime.
 The second story the kids told me was of a bus that ran outside the cluster of Universities that was involved in an accident. Apparently many students were hurt and several died. The problem is there was nothing reported in the news about this. The students were in a vacuum as to the status of their classmates. They were upset about this. Chinese media control of an embarassing event.
This is why I have come to the conclusion that there is trade-off between security and freedom. Perhaps SPF is the best trade-off of the two. Think about it. If you can absolutely block Spam then you have complete censure control as well.
Perhaps the SPF imperfection is just enough to make Spam less attractive monetarily, but perhaps it also allows enough anonymity to foil censure. |
damon at 7:03 PM |
(0) Comments |
Add a comment |
Permalink
|
|
|
|
Tuesday, March 27, 2007 |
| Training for Sales and Customer Support |
|
 Quite a few years ago, when I was about 21 years old, I had to fly to Los Angeles, CA. From NY this is about a 6 hour flight. For six hours I sat next to a person who spit at me, cursed at me, jabbed me with his elbow, and I could not complain! It was not that this person intimidated me that I could not complain, this person was younger than me and clearly a frail person. For six hours I sat next to him and took this abuse for fear of appearing cruel to him. You see, this person had Tourette's syndrome. I found this out because he explained it to me, as he cursed me, spit at me and kicked and jabbed me. In fact he was apologetic the whole 6 hours. I was too embarrassed to ask for another seat for fear of appearing cruel and unsympathetic to the handicapped!
So my advice to prepare sales or customer support personnel for their career is to hire someone with Tourette's as the trainer and send them off to California. I have done both sales and customer support. They are not easy job's.
That is a true story and file this under 'Stupid People.' |
admin4 at 11:01 AM |
(1) Comments |
Add a comment |
Permalink
|
|
|
|
Monday, November 13, 2006 |
| Why You Still Get Spam Today. |
|
I have found out why you are still getting spam in your inbox today. Did you ever wonder why with today's technology we just can't be rid of it? There must be a hundred easy solutions to be rid of it 100%.
First some history. 'Way back' in 2003-2004 I was very pleased to see much press being focused on this SPAM problem. You might have remembered all the industry proposals published in the news at that time. It seemed everyone (Yahoo, Google, Microsoft, AOL ..) had their own proposal. I found that much of the focus was emanating from Microsoft. Apparently they had a new technology (Sender ID) that would rid us of the problem.
What I found was that the Internet Engineering Task Force (IETF) rejected the Sender ID  specification in mid-September 2004. Microsoft offered to license the technology free to everyone. But the committee was afraid that Microsoft would have too much influence over the evolving standard. At that point there was no one left championing the issue and the industry adopted some half assed technology.
The answer they adopted? The industry is implementing 'Sender Policy Framework'. SPF is not a cure for spam. It will help legitimate messages get through spam filters. It does not guarantee legitimate messages get through or that bogus messages get rejected.
I have my own opinions which I will share here.
It is my opinion that if the industry had approved the Microsoft proposal we would be virtually spam free. I believe there are many Microsoft phoebes out there. True they probably would have been able to exert influence. But I believe the consumer would be the beneficiary. My second opinion is that I believe the people who killed the proposal WANT SPAM. There is money in spam. There is money in selling spam filters. There is money in ISP who offer spam protection. There is money in being a spammer. There is money in selling internet infrastructure to support all the spam messages going back and forth. No one was supporting the rights of the consumer.
This lab note gets filed under 'Stupid People' and the consumer is the loser. You and ME. Billions of dollars each year are lost alone by people duped on phishing attacks alone! I dislike committee's and I dislike the IETF. |
admin4 at 9:44 AM |
(1) Comments |
Add a comment |
Permalink
|
|
|
|
Sunday, October 08, 2006 |
 I have been doing some research on spam, mainly looking for a new email host that has good anti-spam technology. I have not seen anyone recognize that spam is collected via the virus mechanism. The popular way documented for email harvesting is via posting email addresses on news-groups and other public pages and collected via a robot.
If there are any suggestions on a really good mail host (cheap) with real good spam control on the front end please leave a comment. What I really want is when the front end server detects a spam message (using Baysian filtering) for the mail to be reject back to the sending source with a non-exist email address error. This way when the spammer is pruning his mail list (hopefully) mine will be dropped.
|
admin4 at 5:43 AM |
(2) Comments |
Add a comment |
Permalink
|
|
|
|
Wednesday, October 04, 2006 |
| How Spammers Got Your Email Address |
|
Many people get spam these days. This decade will probably be known in history for it, at least to me. I clean a ton if it every day. I get it because people, people I know, unknowingly sent my address to a spammer. That is a main mechanism by which the spammer got your email address too.
The problem starts when some people get one of these crazy funny emails that seem to be so popular. Or maybe it is a porn picture. Some of these people then forward the email to other people. It seems common just to forward it to everyone in your address book. These lists of people become a distribution list. Why would these people do this? Possibly they feel it is making them popular? This is a question for a social scientist. The problem starts when only ONE of the people in that distribution list has a virus on their computer. That one computer with the virus is a zombie computer. It is controlled from afar by a spammer. A spammer may in fact have tens of thousands of zombie computer under his control, unbeknownst to the computer owners.
The first thing a zombie computer does is to forward the distribution list of any received emails to the spammer. That is how the spammer got your email address. One of your friends or family sent you an email and copied a bunch of other people on the email. One of those other people had a virus. You did NOTHING BUT BE COPIED ON AN EMAIL. The story does not end here. There is more interesting things that also happen.
The spammer also has a need to expand his network of zombie computers. Spammers are good social software engineers. They understand how people interact. The first couple of spam emails you will receive will be from him (or her) and will have a virus in it. I believe these first couple emails will be hand crafted. These are very important emails because they can expand his network. After these first couple emails you will be ‘on guard’ for bogus emails. Anyway these emails will claim to be from your network administrator, or one of your friends he harvested from your list. It will ask you to install some such program or open some such attachment that will install the virus on your computer to be part of the zombie computer network.
The head spammer then will sell your name to other spammers. These other spammers are the low-life spammers. They live in trailer parks in Florida. They make pennies for every response they get to one of their emails. There must be a lot of people sitting in trailer parks making a few dollars a day by sending junk email to these lists. The head spammer that harvested your address is the smart one. It took a lot of computer knowledge and social engineering skills to collect those email addresses and maintain that zombie network.
There is NO WAY I know of to turn off the spam. The junk email filter in Outlook seems to be the best way I know to reduce it.
Never ever open or click or respond to a spam. It amazes me that spammer are making money. If they were not making money then they would not be sending spam. Someone out there must be clicking on this crap.
Never ever click on the ‘Unsubscribe’ link in an email. It only verifies your email address to the spammer and you will get even more spam.
Is your computer behaving more slowly? Do you have virus protection software? How about downloading the FREE Microsoft Defender? Do you forward joke or porn emails to distribution lists? Do you know what a BCC is? Find out how to BCC an email in Outlook, it’s safer. How about asking yourself WHY you are forwarding this email and limiting your distribution list? There are other, better documented ways, for you to get on a spam list. I will discuss that in an upcoming blog. |
admin4 at 10:52 AM |
(3) Comments |
Add a comment |
Permalink
|
|
|
|