Anti-Spam - Aldoblog

Pete Wellborn for Senator

Pete Wellborn is the attorney representing the defendants in a recent nuisance lawsuit filed by a group of spammers against some of the better-known — and more effective — anti-spam resources and groups, such as Spamhaus and SPEWS. His motion to dismiss the case was so effective that the plaintiffs are now trying to back out of the case.

His motion to dismiss the case was so effective that the plaintiffs are now trying to back out of the case, so they can avoid having to pay opponent’s legal fees, which they’re likely to have to do. Pete’s not going to let them do that.

Wellborn has been so effective at racking up successes against spammers, to the tune of multi-million dollar judgments, that he’s called the “Spammer Hammer.” And after defending on this lawsuit, he’s switching to offense, to run down the toads behind it for their spamming activities.

Go get ’em, Hammer!

Trying Thunderbird

Today I set up Mozilla Thunderbird, the new e-mail client that’s coming out of the Mozilla project. I wanted to give it a whirl, because I’m looking for a new e-mail client for Rochelle. She’s been using Netscape 4.7 to manage her e-mail, and that application is getting old, and has a number of issues, mostly having to do with the fact that it’s now completely unsupported software. Also, Thunderbird has best-in-class spam controls, which is very important, since Rochelle is beginning to receive more and more spam.

Problem is, I haven’t found a better e-mail client than Netscape. Outlook and Outlook Express are out of the question. They are deeply insecure applications, and the number one vector for spreading computer viruses. (Mark my words, in the next 12 months there will be a malignant virus that will wipe Outlook users’ hard disks clean. It’s just a matter of time.) They are also spam-friendly applications (though an Open Source project, SpamBayes, gives Outlook robust anti-spam tools). People who voluntarily use Outlook or Outlook Express are stupid. IM!HO.

I actually bought Eudora Pro for Windows for Rochelle’s computer, on the basis of my experience using Eudora on the Mac for the last decade. But Eudora for Windows uses the obsolete Windows MDI interface paradigm, where all of the windows are contained in one “parent” window. It’s maddening, and a relic from the late 80s. The application has a number of other quirks, differences from the Mac version, to the point where I found it unusable.

So I’m evaluating Thunderbird, to see if it’s ready for Rochelle. I plan to use it regularly over the next few weeks, configured to manage one of my less-used e-mail accounts.

It’s a good thing it’s a less-used e-mail account, because already in my first 15 minutes, it’s clear that Thunderbird is still pretty raw (giving double meaning to the “trying” in this post’s title). Basic e-mail functionality is there, and the application seems solid (no crashing). This is the result of Thunderbird’s gestation as part of the Mozilla Suite. You can use, and even rely on Thunderbird. But there are a lot of fit-and-finish issues, which seem like small things, but add up to making it unsuitable — unenjoyable — for daily use.

Some examples:

The first thing I want to do when setting up an e-mail client is turn off automatic downloading of HTML images. (Loading images in a spam message can tell the spammer your e-mail address is valid, resulting in a lot more spam.) There is a control for this in Thunderbird’s preferences, hidden a little too deeply (Advanced -> Privacy -> Block loading of remote images), but easily checked once you find it. So far so good.
The problem is when you get messages with graphics from valid senders. The graphics don’t display, as per the general preference, but there’s no way to override that for the one valid message. This renders some messages unreadable.
Solution: a toolbar button in the message window to download that message’s graphics.
The default font settings render many messages a blur, with the text far too small to be legible. (This is on Mac OS X, it might be better on Windows or Linux.) The “minimum size” preference seems to do nothing, and the View -> Text Zoom menu option does not appear to be a global setting. I finally solved the issue by changing my Serif font setting to Lucida Grande, a sans serif font that is highly readable, even at small sizes. But all in all, there are far too many settings and options that affect text size and font choice, and it’s not at all clear what does what, how they interact, or how to accomplish specific goals with regard to text rendering.
It reminds me of Don Norman’s description of refrigerator / freezer settings in The Design of Everyday Things. In most home refrigerators the freezer and refrigerator compartments share a single compressor, the key component of the cooling system. Because it’s shared, making changes to the freezer setting, e.g., setting it lower, can affect the refrigerator setting, making it lower too. So you turn up the refrigerator knob to keep your lettuce from freezing, but that makes the freezer less cold, and your ice cream oozes out of the carton. You have to fiddle and fuss to finally get to a balance you can live with.
It’s a ridiculous thing for an end-user to have to deal with, and it happens because the designers give you controls that affect the system’s internals directly, instead of letting you choose a goal state (e.g., a specific temperature for each compartment), and have the system figure out how to achieve it. Product designers and programmers do this because it’s easy to build, and because they don’t see anything wrong with it. The problem is that users don’t think like programmers, and have trouble figuring things out.
Thunderbird is supposed to be a simplified, easy-to-figure-out e-mail client, vs. the everything-but-the-kitchen-sink e-mail client in the Mozilla Suite. They have a ways to go with the text settings.
Thunderbird makes some assumptions about my e-mail reading workflow that are wrong. If I open a message, read it, and then delete it, Thunderbird automatically opens the next message, in a window sized and positioned exactly like the first message.
First of all, while this straight-through workflow may work for some people, it’s deeply distracting to me. I pick and choose my e-mails, working via priority order (or whim), not on the order the messages arrived. I suspect most sophisticated e-mail users do this. Auto-opening a message I would prefer to defer looking at just means I have to close it, and then right-click to mark the message as Unread. Pain in the ass. There appears to be no way to affect this behavior.
The second issue with this is that Thunderbird’s screen redraws are extremely efficient. There is zero flicker when one message disappears and the other appears. Because the new message appears in the same place and is the same size, only the text changes. If you’re looking at a new message that is visually similar to the previous one — say, two text messages — you might not notice it was new, and think that you didn’t hit delete at all. Guess what you’d do then.

These are three examples, but I’ve seen many other issues. I can hold my nose and manage this low-priority e-mail account, but it’s clear that Thunderbird has a few more months of development in front of it before I’ll give it to Rochelle.

SpamBayes for Outlook

A while back I recommended an Outlook plug-in called SpamNet, from Cloudmark. At the time, it was a free tool for Outlook users to block spam, that worked quite reliably. Sadly, it’s no longer free. I get so little spam at work (where my e-mail address is relatively unpublished) that I can’t justify buying a subscription. Fortunately, I have found another solution at least as good.

I do still get some spam, though. Fortunately, Jon Udell’s recent weblog entries and review at InfoWorld turned me onto a replacement that is free, and will remain so (it’s Open Source): SpamBayes.

Like SpamNet, it can be installed as an Outlook plug-in, and easily used via buttons on Outlook’s toolbar. But the technology behind it is very different, as it uses Bayesian filtering rather than distributed recognition. It’s also different in that the core project and recognition engine is command line-oriented. The Outlook-only plug-in is terrific, but only a side project. It’s not required, and there are plenty of ways for those who use something other than Outlook for e-mail to use SpamBayes.

You can read the review for a thorough look, but my experience was that it was just as easy to install as SpamNet, is extremely effective at blocking spam, and is also having fewer false positives. I think the reason for that is SpamNet uses other people’s spam reports to decide what to block in my Inbox, and there’s a lot of people who just block e-mails they signed up for (newsletters, promos, etc.), rather than unsubscribe from them. Those false reports pollute the knowledge base, and affect my results. Bayesian filtering is exactly the opposite — it only cares what I think is spam.

Can I Kiss Eliot Spitzer?

Can I vote for him for President?

Seriously, this is clearly an ambitious man with his finger squarely on the pulse of what’s making people feel crazy. He takes the pulse, he prosecutes cases against the bad buys. It’s great. I wish I had a politician so responsive in California. I predict that state attorney general is not the highest office he will ever hold.

Now, can I sign up to be on the jury?

Channel-Specific RSS Feeds

For those of you who may not be interested in everything I write (hi Mom, sorry about all the technology stuff), here are some channel-specific RSS feeds.

For those of you who may not be interested in everything I write (hi Mom, sorry about all the technology stuff), here are some channel-specific RSS feeds:

Life		Tech
Self Rochelle Food Travel The Cats The House The Job Haightlife I Like Politics & Law Media Miscellaneous		Mac OS X Anti-Spam Technology About This Site

Latent Semantic Analysis Is Not Bayesian Filtering

Macworld recently ran an article about anti-spam tools for Mac OS X, which incorrectly simplified the world of anti-spam tools down to Boolean, points-based, and Bayesian filters. There are at least two more categories of anti-spam tools.

Macworld recently ran an article about anti-spam tools for Mac OS X, which incorrectly simplified the world of anti-spam tools down to Boolean, points-based, and Bayesian filters.

Two additional categories are distributed recognition, such as the Distributed Checksum Clearinghouse (DCC) and Vipul’s Razor, and latent semantic analysis. I don’t know of any distributed recognition products for the Mac (there’s a very good one for Windows Outlook, SpamNet by Cloudmark), but there certainly is a latent semantic analysis tool — Apple’s Mail in Jaguar!

The simplification (or oversight) is relatively understandable. From an end-user perspective, there’s no meaningful difference — even though the math is very different. It’s not clear which will prove better at filtering out spam, even though in the article Mail’s filtering did the best. Seems like it’s good to have both in the fight!

While I’m posting about it, I should note that the article was written prior to the release of my new favorite anti-spam tool, Spamnix, and so it doesn’t include it in the roundup. From my own experience with Mac OS anti-spam tools I think that, with the caveat that it only works with Eudora, it would have done well in the evaluation. Perhaps Geoff Duncan, or someone else at TidBITS, will review it soon, and confirm that guess. I know they like Eudora at TidBITS — they literally wrote the book!

Spamnix, My New Anti-Spam Tool

Yesterday a new anti-spam tool shipped, Spamnix, which functions as a plug-in to Eudora, on either Mac OS X or Windows. After installing it and using it to check e-mail a couple times, I’ve decided to abandon my old tool, Spamfire.

Update: Although it remains an excellent tool, I no longer recommend Spamnix, having found more effective tools while Spamnix 3 was in development, and Spamnix 1.2 was not enough. See my Personal Survey of Anti-Spam Tools for more details and recommendations.

The reason is pretty simple. Spamfire is fairly effective, but its design means my e-mail is processed twice. First Spamfire downloads and scans my messages, deleting those it considers spam. Then Eudora downloads whatever Spamfire lets through. Spamfire integrates with an e-mail client via the POP3 / SMTP mail server, with AppleScripts to trigger the client’s e-mail check. Overall this works fine, but because Spamfire is a separate application the whole process is slow and cumbersome. It would be better if Spamfire itself was not as slow as molasses, but, well, it is as slow as molasses.

While it’s true that Spamnix can only be used with Eudora, I’ve been using Eudora for so many years the possibility of switching to something else is near zero. So my only consideration is how well it integrates.

Spamnix does that beautifully. My e-mail downloads as normal, but messages are scanned during the download process. Messages which exceed the spam threshold are filtered to a separate mailbox, for later review. The rest go to my Inbox as normal. No two-stage mail downloading and processing, no switching to a separate application to review the caught spam for false positives, no hassle rescuing the few false positives that do turn up.

One of the other selling points for me (and here’s where you can tell I’m a nerd) is that Spamnix is based on SpamAssassin, the extremely well-regarded Open Source spam tagging tool written in Perl. While Spamnix appears to currently be using only the text scanning part of SpamAssassin right now, I am very hopeful and excited that Spamnix may soon support the Bayesian filtering and Vipul’s Razor collaborative spam tracking capabilities of the latest SpamAssassin.

At any rate, if you’re a Eudora user on either Mac OS X or Windows, and it’s worth $30 to you to block most of the spam you’re currently receiving, you should give Spamnix a try. The software is downloadable for free, and functions for 30 days before requiring a license key for further use.

But if you’re like me (I get well over 200 spams every day), it won’t take 30 days to convince you that $30 is a small price to pay. I decided in less than 24 hours!

DHI 102-107

Daily Home Improvements: stackin’ plastic, biting off more than I expected, more anti-spam, and a little lipstick on the pig.

DHI 102: Began work on a major consolidation of all my software CDs, from the scattered piles, shelves, and bins that I’ve tossed them into, down to a single CD rack. This is going to be a big project, since I just put in an hour, and I’ve barely dented the task. I think I might need a second CD rack!

DHI 103: Continued working on the migration of my system, installing a number of software packages from CD and fresh downloads. This is a huge task! It will likely take me a couple of months, because I am trying to only move things over as I need them, so that my new system setup has only the software and tweaks that I actually use.

DHI 104: Edited Aldosoft to update the contact e-mail address, and configured Sendmail to block messages sent to the old address. I did this because there was a sudden jump in the amount of spam being sent to the old address.

DHI 105: Did some tweaking on this blog’s page template, updating the copyright date, adding the subtitle to the page as well as the TITLE attribute, and replacing the text RSS subscription link with the rapidly-becoming-standard 80×15 graphic badge for the same.

DHI 106: Submitted this site’s new URL to GeoURL, and added the graphic badge for it to the page.

DHI 107: Added an RSS 2.0 syndication feed to this web log.

DHI 92-98

Daily Home Improvements: cleaning up, online and IRL, retirement planning, more accurate pings, and listing this site for sale.

DHI 92: Some housecleaning on my e-mail setup. My business e-mail address wasn’t being passed through my spam filtering system. Now it is.

DHI 93: Ongoing cleanup from the party. Yes, there’s still debris. Did I mention that it ended at 5am? Two people passed out on our bed, and one person puked. Two recycling bins are full of all the bottles of beer and wine that were drunk. One person gained six pounds. All in all a pretty good party!

DHI 94: Signed up for online access to my 401k plan. This required visiting the site, then phoning them, then waiting for the PIN to arrive via mail, then visiting the site again to register and confirm my identity using the PIN. Painful, but actually appreciated, since we’re talking about our retirement funds here.

DHI 95: Reallocated my 401k contributions to be more distributed, and signed up for the auto-rebalancing plan.

DHI 96: Fixed a lingering problem with this weblog, where the update pings to weblogs.com were sending the wrong URL for this site.

DHI 97: Listed this weblog on blogshares.com, a trading exchange for blogs, i.e., you can buy shares in different sites, trade them, etc. By listing my blog, I get 1000 shares in it, without having to buy them, and it becomes available for actual trading. While I doubt if this blog will ever become terribly valuable on the exchange, it is interesting to participate in yet another online experiment on how to measure social reputation, etc.

DHI 98: Expired an e-mail address that was receiving too much spam. See my other posting about this strategy for reducing spam.

Vendor-Specific E-Mails to Fight Spam

Managing your own e-mail server is a pain in the ass. There’s no two ways about it, when you want to take control of your own network infrastructure, you increase the complexity of the systems you manage, and you greatly increase the consequences of screw-ups. So if it’s hard work, and screw-ups mean you lose important messages, why would anyone want to run and manage their own e-mail server? For me it’s all about spam and viruses.

For example, when I was using aggressive RBL blocking, it was bouncing e-mail I actually wanted to receive, in addition to some spam. A different anti-spam tool was causing occasional, apparently random errors, which resulted in some e-mail messages being dropped on the floor. And back in September, when Rochelle and I were in France and the e-mail server died, we lost about two weeks of e-mail.

So if it’s hard work, and screw-ups mean you lose important messages, why would anyone want to run their own e-mail server? For me, it’s all about spam and viruses. I have a great deal more options for strategies to deal with unsolicited commercial e-mail (spam) and for protecting us from e-mail borne viruses. Since I get about 200 spam messages every day, this matters a lot to me.

One of the tactics I use is to create vendor-specific e-mail addresses, and then expire them when they start generating spam. Here’s how it works. When I register at a new web site, say, www.bigcommerce.com, I give them the e-mail address bigcommerce [at] alderete.com, which will be an “alias” for my actual e-mail address. This lets me receive mail from the vendor, but tagged in a way that’s traceable to them. Any e-mail sent to that address, I know it’s www.bigcommerce.com that generated it — or sold my address to spammers.

And that happens surprisingly often, especially with dot.bombs that went out of business and sold all their assets, including their customer lists, to whomever wanted to buy them. The biggest offenders in my Inbox have been myspace.com and techies.com.

When the amount of spam going to a vendor-specific e-mail address gets to be too much, or if I know they’ve gone out of business, I will “expire” the address. This is done by setting the alias to bounce when someone tries to send messages to it. For folks who want the technical details, I add an entry like the following to sendmail’s virtusertable file:

techies [at] alderete.com    error:nouser 550 No such user here

This trick is only possible if you own your own Internet domain name, e.g., alderete.com, and have complete control over the e-mail aliases for your domain, usually by running your own e-mail server. (Some hosting services will let you do stuff like this, but most of them don’t give you full access to your aliases files.)

I’m still evolving my strategies to combat spam. With almost 1500 offensive messages being sent to me each week, I have to have pretty sophisticated filters. What I have today works fairly well, but could be even better. I’ll surely post when I add new techniques or tools. But no matter what I add, vendor-specific expiring addresses will continue to be a useful and important part of my anti-spam system.

DHI 58-63

Daily Home Improvements: changes of addresses, a little patchwork, correcting the bounce, a change of view, a quick un-tag, and some payola for the Feds.

DHI 58: I discovered that in the move to aldoblog.com, I didn’t update the URL in the RSS file that this site provides for syndication use. Fixing that turned out to be a bit more work than I expected, but while I was in editing the site files, I changed the e-mail address to something disposable, so that at the end of the year I can change it, and so hopefully slow down some of the spam.

DHI 59: A security hole in Sendmail was discovered this week. Since I haven’t gotten around to learning and setting up Postfix, I’m using Sendmail for my e-mail server, which means I needed to patch and restart my e-mail server. Done.

DHI 60: Rochelle’s flat panel display came today, and I set it up. That’s more work than it sounds, since her old monitor had to be removed, and it weighs about 70 pounds, and all the cables needed to be swapped, since she was changing from standard VGA to DVI, a digital signal. Anyway, she likes it.

DHI 61: A friend alerted me to the fact that the e-mail address for this weblog was bouncing. In fact, every address at the aldoblog.com domain was bouncing. Fixed.

DHI 62: Spray-painted over some graffiti on the front of our house. If you don’t paint over it quickly, you get a lot more of it, as the taggers realize that (a) you’re offering them a canvas, and (b) some other asshole painted on their canvas, and they need to re-tag to own it back.

DHI 63: One word: Taxes.

And yes, this leaves me short one DHI for the week. Rochelle ate half my day today, and college basketball ate the other half. With the tournament action coming later this week, and March Madness shortly thereafter, it’s likely that my DHIs for March will be woefully inadequate, unless I’m allowed to count “removed some popcorn from the house today” and “removed much beer from the house today” as DHIs…

DHI 44-50

Daily Home Improvements: The water closet is finished, a VCR hookup, debt service ends, this blog officially moves, window washing, and undoing a previous DHI.

DHI 44: I moved a few dozen books from other bookcases to the new shelves in the water closet. We’ve decided on themes for two of our three shelves, but neither theme completely fills its shelf, so there will need to be some rethinking done.

DHI 45: I connected the TiVo and the VCR, so that we can transfer shows off of the TiVo to tape, for long term storage. Strictly for personal use, of course.

DHI 46: I paid $300 to the MasterCard, which sounds like a daily chore, except we just transfered all bill-paying responsibilities to Rochelle, and that $300 will completely pay off our credit card, leaving us with no non-real estate debt for the first time since our wedding/honeymoon/bathroom remodel (which was followed closely by the stock options fiasco/stock market meltdown, which was followed by 3 months of unemployment each). Now that’s a home improvement!

DHI 47: I finished moving this weblog to aldoblog.com, moving the appropriate files from one location to another, and setting up some redirects in Apache to make links to the old site continue to work. In the process I discovered I had not completed the DNS configuration for the aldoblog.com domain, so I finished doing that, too.

DHI 48: I collected more books to move into the water closet, this time all of our travel books. I found a couple more SF and food books to move, too.

DHI 49: I stripped off an old photo that had fused to our front window, cleaned with Windex, and then scrapped off the glue residue and the accumulated grime of 11 years on Haight Street with a razor blade. The front windows are now about 90% more clear — I can’t wait until tomorrow afternoon when the sun is shining through them, and I can see the improvements the best!

DHI 50: After much research (scanning log files), and even more dithering, I turned off my server-side spam filtering software, because it is apparently occasionally dropping random messages. This basically undoes one of my prior DHIs, where I implemented the anti-spam measures. Which kinda sucks, but then, how often do you get every home improvement right the first time?