Tag: mail server

Thanks Spammers

I’ve just been through more than 3,000 emails! I decided to have a look at my spam folder on geofffox.com. The mail server itself is hosted by Google’s Gmail and I use their filters.

The filters do a mostly good job – with notable exceptions.

There were four emails from my Cousin Melissa. They were sent over the last two weeks. Google thinks she’s spammy. She was the only human stopped by their machine.

Interestingly enough, other emails from her made it through without a problem.

The filter also improperly trapped warnings automatically sent from my website, telling me there about spam comments needing attention. I found most of them, not all, on my own.

This is one real weakness with Gmail’s filtering. You cannot flag specific words or IP addresses to bypass the filtering. The spam filters go into action before anything else.

Nor can you search entries that are spam filtered. So, I couldn’t go through the 3,000+ messages, looking for email that originated on my own site!

On October 10-11, a spammer began to carpet bomb the world with messges using my domain, geoffox.com, as his return address. In that 48 hour period, I received hundreds upon hundreds of bouncebacks from closed mailboxes and spam filters. I can only imagine how many messages from the faux Fox got through!

These messages I checked today were only for the geofffox.com domain. Gmail covers me on a bunch of other addresses too. Sometime this weekend, I have another few thousand to pour through.

The false positive rate was slightly under 1% and supposedly Gmail’s filters learn by my re-marking the spam. That means the number should be lower in the future.

Still, even one false positive is too many. Right Cousin Melissa?

Sent Me E-Mail Recently?

Since heading to Las Vegas, my incoming email has has trickled to a dribble. I can’t tell what ‘real’ mail is missing, if any, but my dozens of daily spams have stopped!

My web host, Host4Web, has just switched to a new mail system. Uh oh.

I went to their chat site to get the bird’s eye lowdown on this caper, whatever that means.

Please wait for a site operator to respond.

Thank you for contacting HostForWeb Live Support, my name is Gavin R, how can I assist you today?

Gavin R: Welcome to HostForWeb Inc. How can I help you today?

Geoff: Hi Gavin –

Geoff: Since the switchover to the new mail server,

Geoff: my incoming mail has drastically dropped off

Geoff: geofffox.com

Geoff: longmont

Geoff: is there any way to turn the filtering off?

Gavin R: Yes

Gavin R: Log into your cpanel

Gavin R: And make sure that SpamAssasin is not enabled

Geoff: I’m there

Geoff: it is not

Geoff: SpamAssassin is currently: Disabled Spam Box is currently: Disabled

Geoff: I usually get dozens of spams a day. I am getting nearly none

Geoff: and my ‘real’ mail has also slacked off

Geoff: I’d rather continue to filter for myself

Gavin R: I see

Gavin R: We don’t filter

Gavin R: We have some validation techniques on our servers

Gavin R: But that won’t affect real mail

Hmmm… validation techniques. That worries me. No spam filter is perfect, and I worry about false positives – good mail that gets stopped.

If you have send me email recently and haven’t gotten a response you expected, please let me know. Here’s an alternate address to use.

Criminals Of The Internet

I am fascinated by the ‘dark side’ of the Internet.  Maybe that’s because I was here (wherever here actually is), back when it all began… or close to it.

How long ago was that?  My first surfing of the Internet was done with a browser (Lynx) that only saw text – no images, much less multimedia content.  I remember sending a  technical comment to Yahoo!.  The person responding (get an actual person to respond today) said he’s pass it along to “Jerry.”  He was talking about  Jerry Yang, Yahoo’s co-founder.

The Internet was trustworthy.  In fact, many of the Internet’s biggest weaknesses are caused by the innocence of software coders who didn’t feel it was necessary to verify much of anything because it was a relatively small group of American geeks – mostly affiliated with colleges, universities or the military.

When I send email from home on my geofffox.com account, it comes from servers run by Comcast.  The same mail, sent from work, comes from a server I use at 1and1.com (not the station’s mail server).  I hardly ever use the server assigned to geofffox.com (long story about its dependability).

No one checks to make sure I really am entitled to use geofffox.com.  I could use anything as my return address with little fear of getting caught or suffering consequences!

It’s that ability to do what you wish with little scrutiny that has allowed parts of the Internet to become a cesspool.

I am often call upon to fix friend’s computers that have slowed down, as if a computer was a mechanical device that doesn’t run quite as well with age.  Of course the real reason for the slowdown is that they’ve been bogged down by hidden garbage on our trustworthy Internet

I read a long article, Invasion of the Computer Snatchers , in today’s Washington Post that shows how far all this scamming is going.  It’s scary.

Compromised computers are turned into ‘bots.’  It’s the PC equivalent of “Invasion of the Body Snatchers.”

As is so often the case with crime, a few criminals can affect hundreds or thousands of unsuspecting computer owners.  And, since the thieves and scammers are giving away your time or money or convenience, they really don’t care how insidious their actions are.

What I don’t understand is why there isn’t a more concentrated effort to crack down on this crime?  OK – maybe mere individuals don’t have much pull, but Citibank, Bank of America, PayPal and others must.

And, since at some point these transactions must lead to the movement of money – why can’t it be tracked down and stopped?  I just don’t get it.

The Internet has such an incredible promise, which will never come to fruition if the net is allowed to remain the cyber equivalent of Times Square, circa 1975.

More From The Placid Pacific

Aboard the Norwegian Star

sunset through and inversionThe Sun has just set. I am sitting on our balcony, but the door to the cabin is open. It is comfortably mild (76&#176)with low humidity. There is not a cloud in the sky – OK one, but that’s it.

Our photographers at work refer to this time of day as ‘golden light.’ I know what they mean, and it’s even more obvious at sea. The setting sun created a brilliant cross between copper and gold on the water’s surface. This glistening area moved as the swells moved.

golden light on the Pacific OceanThere is an inversion – an area above us where temperatures rise with height instead of fall. I can tell because I was able to track the smoke trail from the few other ships I have seen over very long distances. Instead of continuing to rise and mix out, they hold steady at one level – a long tail of smoke.

A ship produces a lot of smoke and it’s 24/7. Of course, you can’t judge this smoke against a single car, bus or truck. Our ship is carrying around 3,000 passengers and crew. The ships passing by are carry enough containers to fill hundreds, if not thousands, of trucks.

On my TV, the readout shows 26&#176 38.47″ N 114&#176 37.58″ W. We are somewhere near the southern end of Baja California, holding a course of 140&#176 at 21.4 knots (24.6 mph).

Or cabin is on the starboard side, so we’re facing west as we head toward Manzanillo. No land is visible.

I do hear some conversations from the deck below from time-to-time and, a few minutes ago, a conversation with raised voices in some Scandinavian language, from the folks next door.

I wanted to play Hold’em and did participate in a tournament this afternoon. I was quickly gone. Unfortunately, the way these tournaments are structured, the blinds (forced bets) are so large as to award luck over skill.

I’ll play again later, with reduced expectations.

Norwegian Star pool areaI explored the ship earlier today. Parts of it represent the modern concept of cruising, like the restaurants, casino, theater and pools.

You’re never far from food, even at the pool. I guess that’s old school.

pool bandThough there are other areas as well, the pool is the main location for getting a tan. Through the day, there is a prototypical cruise band. They haven’t played “Red, Red Wine” yet… but they will. I did hear Gene Chandler’s “Groovy Situation,” played Reggae style. Very strange.

One of my favorite spots is the promenade on Deck 7. On this deck you’re walking below the massive lifeboats. Along the side, all manner of lifesaving equipment.

Emergency escape instructionsI have been reading the instructions for some of the evacuation devices. It’s gonna be pretty awful before I slide down a chute or lower myself in a rope harness with a winch!

Deck 7 reminds me of what sea travel must have been like 50-75 years ago. Even the areas of teak deck seem out of time when contrasted with the rest of the ship.

I’ve spent more time than I’d like uploading blog entries and photos. We’ve got Internet access – but barely.

Email is nearly impossible to get going. My mail server isn’t responding at geofffox.com. The ship’s mail server isn’t much better.

Unless it’s really important, it will just have to wait a week. How 20th Century!

Helaine and Stef have decided we’ll have dinner at Versailles tonight. It is the largest of the dining rooms and has huge windows looking directly at where we’ve been.

This really is the good life.

Spam Is Down? No Way!

I was just over at msnbc.com where they’re running an AP wire story about spam:

Those annoying “spam” e-mails for Viagra or low-rate mortgages that clog computer users’ mailboxes appear to be on the decline, federal regulators said Tuesday.

Say what?

In the six hours I’ve been at work today, I’ve gotten 16 spams on my geofffox.com account and more on my work and gmail.com accounts.

Most of my spams are never seen by me. The filtering on Thunderbird, the email program I use, is good – not great. What does get through is often obvious enough that I can dispatch it before opening it.

There has been a veritable flood of spam for ‘hot stocks’ in the past few weeks. Though they look like text, they are really images. Thunderbird gives up and ships them to me.

On the other hand, there are also some false positives. Helaine ran into my friend Diane Smith today. Diane said she had mailed me… though the mail was marked as spam and filed away where I would have never looked!

I am surprised by the huge number of spam emails I get in Russian and Chinese! I don’t speak either language so I can’t tell you much about the content. From what I can tell, the Russian spams are often mass mailings for legitimate products, like real estate. That differentiates them from the spams I get for V1@gr@ or hot girls who want to meet me.

I’m sure there are guys who hot girls really want to meet. None of those guys have to shave their ears.

Even sending mail has become increasingly difficult because of spam. Messages I sent to my counterpart at our sister station in Springfield, MA bounced because the mail server I use was flagged as a spam site.

I can’t send messages to the NH Register either. No one has told me, but since I can get through via gmail.com, I assume it’s another site blacklisting my mail server.

I am neither smart enough nor well versed enough to come up with a spam solution, but I know it’s out there. The vast majority of spam is a chase for money. Money on the Internet means credit cards. Can’t we find where that money is going?

Electronic mail is so smart, so simple, so efficient, it must be saved. We can’t afford to go back. It’s got to be policed… soon, please.

Oh, and to the FTC; the people quoted at the beginning of this entry. What exactly are you smoking?

MyDoom – It’s Killing Me

Maybe you’ve heard of the MyDoom virus. Maybe you’ve gotten one or two or dozens of virus payloads from it. Whatever you’re getting, feel my pain.

As the ‘owner’ of the domain geofffox.com, I make certain administrative decisions that decide how it’s run. For instance, if you send a message to me@geofffox.com, I get it. I also receive it if you send mail to you@geofffox.com… or any other possible email address here.

Actually, there are two exceptions. Years ago, I tagged a couple of email addresses onto some web pages I created: ivythedog@geofffox.com and vegas2000@geofffox.com. After those addresses got picked on spammer lists, and I started getting lots and lots of trash emails, I routed them so they get thrown out before I ever see them. There was no real email to them anymore, so no loss.

Now, the MyDoom virus is using a ploy that works in a similar manner. As it attempts to replicate itself, infected computers are sending out untold emails to joe@geofffox.com, adam@geofffox.com, ted@geofffox.com and a few dozen other first names.

The idea is, at businesses or more normally run domains, some of those emails will get through to unwary Joe’s or Adam’s and the virus will continue to spread.

After a short lull, this past week has seen an explosive growth at my mail server. I woke up this morning to 40 incoming virus payloads!

I really didn’t know too much about MyDoom so I went looking to see if I could figure it out, and what I’ve read is very scary. This virus is sophisticated. The payload is multifaceted. It is scheduled to shut itself down on February Th, though there will still be some active computers because of poorly set clocks and the like.

I have previously kvetched about the problems of our insecure email system. This is just another example.

There’s a deeper problem here. This virus replicates itself because of computer owners actually running the virus executable! No one does this on purpose (or few do). Mostly, it’s because naive computer users have the same privilege to execute files as more knowledgeable ones. And, they do so without regard, or liability, to those who will later be infected or affected.

I fear episodes like MyDoom are going to push us out of what will later be regarded as the golden age of open computing and into a much more restrictive period. Computers will be locked down. In the long run, that’s bad. Open computing has been a boon in advancing the functionality and usefulness of PCs.

Blogger’s addendum: I just added a few dozen filters, for each name used by MyDoom. Yes, it’s a pain in the butt, but it should (and already has) cut my spam back greatly. However, this garbage is still taking bandwidth, flying through the Internet, and is using resources on my host’s computers.

Less Spam? Can’t Be

I’m not going to go into this in great depth because I don’t know if it’s real or a reflection of my earlier mail server problems, but, my spam is down – way down. It hasn’t disappeared totally, but I’m seeing a whole lot less than I did as recently as Wednesday.

Since there were problems, and my host confirmed them, I have been testing my mail server by going to news sites and sending articles back to myself. So far, everything I’ve sent has made it.

So, where’s my spam? Has the new law related to spamming actually slowed it down? Or, am I just imagining?

Stay tuned.

Two Computer Related Problems

Things are supposed to go smoothly, but they never do. I’ve just suffered through two computer related problems – one taking a full ten hours of time without a solution.

First things first. I notice earlier today that I had only received a few emails all day. Normally, I get 100-200 emails a day, the vast majority of which are spam.

I went to my webhost’s site (not Comcast, my ISP, but hostforweb.com who runs the server you’re getting geofffox.com on and also my mail server) and used their tech support chat. It didn’t take more than a few minutes for Fred to tell me something had hung and all mail sent to me (or at least the vast majority of it) had be sent packing.

As best I can tell this had been going on for 24-36 hours. Oh well. There’s really nothing I can do. I’m not sure about he actual bounce message returned, so some might be re-queued and re-sent.

The second problem was much more time consuming and sinister. My friend John has an old Compaq Armada laptop and a pristine copy of Windows 98 from a desktop machine that’s no longer in service. All I had to do was load it up and he’d take it back. This is something I’m glad to do for a friend.

The Armada 1590 is a Pentium 166 laptop that was loaded with Windows 95 and originally came with 16 MB of RAM. Today, that’s a ridiculously small amount of memory. Windows 98 might have run, but it would have run ponderously slow.

I reformatted the hard drive, checked for and installed a BIOS update and then set out to load Windows 98. This is a task I’ve done dozens of times… and never with a problem.

Windows loaded fine, but as soon as I got to the first screen after the installation and the computer began to play it’s little “I’m Ready” music, it locked up tight as could be. It would neither respond to keystrokes or the mouse/touchpad. Rebooting brought me back to the same problem.

I went on Google’s Usenet site which often has great tech support ideas, only to read a series of unhappy Armada owners who tried and never quite got Windows 98 to work.

I reformatted and tried again from scratch. Each time you do that, figure an hour or so until you’re at the first workable screen. I loaded Windows 98 totally at least four times.

After a while, and after staring at those cryptic Microsoft error messages (never had so many words and numbers given so little insight into what’s going wrong), I decided the problem might be with the audio driver on the Windows 98 disk. For some reason it didn’t seem to get along with the hardware which was, after all, designed long before Windows 98. I turned off the audio hardware from the control panel and booted again.

Success – but not for long.

Even a freshly loaded Windows 98 (or XP for that matter) PC needs loads of updates, patches and fixes. The more I downloaded and fixed, the more unstable the laptop became. BSODs (“Blue Screen of Death”) came fast and furiously.

Finally, I got to load DirectX 9. I have no idea what DirectX does, other than to say loading this update into the laptop brought it to its knees! Not only did the laptop crash but the Registry (which tells the computer where and what all the programs on it’s drive are) was now corrupted. Windows 98 was more than glad to restore a prior version of the Registry, which of course brought me back to square one.

I played this game twice.

Finally I called John on the phone and said, “No mas.” OK, actually it was Roberto Duran who said that, and neither John nor I speak Spanish, but you get the point.

Can this laptop be made to play nicely with Windows 98? Maybe. But, is it worth it? Probably not – I’m not really sure – oh who knows. I’m just so frustrated at this point.

The few fleeting moments I did have it running, it seemed reasonably nimble with web browsing. And, in that there’s some Internet wisdom that needs to be shared. This computer is only a Pentium I at 166 MHz. Lots of people throw machines of that speed out as too slow. With enough RAM – and John had boosted the 16 to 82 MB – even a slower Pentium is plenty fast for working the web.

Would I play games with it or edit video or run Photoshop or other high end multimedia programs? Hell no. But, most of what everyone does on the web demands much less horsepower. The laptop I use most is a Pentium II 300 MHz and it kills.

As for John’s laptop, before I attempt any more software loading, I am going to bring it near the sink with the water running full blast and explain what we do to computers that don’t cooperate. That trick always works.

No Mas – No Mas

No mas – No mas

I’m sure you’ve heard about the SoBig virus. This isn’t the one the big boned kid from Minnesota got arrested over (he’s with one of the variants of Blaster). SoBig is one of those virii that penetrates your email and then tries to propagate itself by emailing itself to everyone in your address book.

What makes SoBig particularly nefarious is that it spoofs where it’s coming from. So, if you were infected, you might send out hundreds… maybe thousands of emails, but they wouldn’t have your return address, they’d have someone elses… like mine!

As far as I can tell, that’s just what’s happening. If it weren’t such a huge pain in the ass, the funny part would be that the messages bouncing back to me (which I didn’t send) are coming from my direct business competitor, WFSB.

Here’s a short sample of what I’ve gotten hundreds of times already:

This message was created automatically by mail delivery software.

Message violates a policy rule set up by the domain administrator

Delivery failed for the following recipients(s):

newsdesk3@wfsb.com

—– Original Message Header —–

Received: by mail1-haw (MessageSwitch) id 1062729730176807_24713; Fri, 5 Sep 2003 02:42:10 +0000 (UCT)

Received: from L-39C (mail.jcj.com [216.224.41.148])

by mail1-haw.bigfish.com (Postfix) with ESMTP id E51C011659E

for ; Fri, 5 Sep 2003 02:42:07 +0000 (UCT)

From:

To:

Subject: Re: That movie

Date: Thu, 4 Sep 2003 22:42:07 –0400

X-MailScanner: Found to be clean

Importance: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MSMail-Priority: Normal

X-Priority: 3 (Normal)

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary=”_NextPart_000_01AB1BB8″

Message-Id: <20030905024207.E51C011659E@mail1-haw.bigfish.com>

So, what can we learn from this?

First, the network administrators for WFSB (who are listed in Internet directories as actually being from their parent company Meredith) ought to know that SoBig spoofs return addresses and stop sending these bounces. Most other companies have followed that policy of benign neglect.

Yes, bounces are important in normal times, because people would like to know when mail they sent didn’t arrive. But, with this virus, it is obvious from the contents that this isn’t a ‘real’ message.

Second, the headers show that the mail is coming through the mail server at jcj.com, a Hartford, CT architectural firm. It would be nearly impossible to spoof jcj.com because there is a ‘handshake’ with information traded back and forth when the WFSB server gets the mail. If the address were spoofed, there’d be no response and the transaction would end before the mail was sent. Jcj.com shouldn’t be letting this message pass their server… which seems to be happening dozens and dozens and dozens of times.

I sent a letter to the WFSB mail admiinistrator a few days ago. Nothing. Maybe I should let them know I’ll start charging for my services should they send any more of these my way, I wrote jcj.com tonight. It’s too early to expect a response, but they should have nipped this a long time ago..

Meanwhile, it’s another waste of time. Thanks.