The Curmudgeon’s Believe It or Not

Last week’s rant and rave on spam definitely touched a few nerves out there. This week I’m taking a bit of a different approach by presenting “The Curmudgeon’s Believe It or Not.” (My apologies to Ripley’s.)

Did you know that you can cut your spam by 50 percent by using a filtering service such as Brightmail? Believe it or not.

Forget about the inbox filters that Hotmail and Yahoo Mail offer. I don’t trust them. Brightmail performs wonders because it works as a surveying service, identifying unsolicited emails from thousands of mailboxes and filtering them before they get downloaded into your email client. If you are a complete masochist (or just want to make sure real mail isn’t getting filtered), you can log in to Brightmail’s Web-based service and read all the caught spam in the privacy of your own home.

Here’s an example of the weekly report I get from Brightmail:

    Dear [email address deleted]

    The Brightmail software has removed the following pieces of spam email.
    These messages will be permanently removed automatically after 30 days.
    == SUSPECTED SPAM REMOVED FROM YOUR ACCOUNT============================
    Subject From Date Caught Size
    ———————– ———– —–
    Tired of the 40 X 40 X 4… kydeyn@mail-online.dk 2/15/2001 2838
    advertisement: FLORIDA P… “idprimeland2000@ya… 2/15/2001 2939
    Take advantage of low rates uew22@hand-out.com 2/16/2001 2460
    NEVER PAY FOR IT AGAIN!!! “sally42198@mail.ee… 2/17/2001 1562
    Save Up to 70 percent On Your L… skjdfk@stwimst.at 2/18/2001 7398
    This Program makes you a… gotapel@email.ro 2/18/2001 5604 Mortgage Rates DROPPED! … Great-Loan-Rates@ee… 2/19/2001 6615
    We can help with your cr… psd2@123india.com 2/19/2001 3098
    ===================== =====================

    ——————————————
    You are receiving this message because you are enrolled in the Free Brightmail service. Free Brightmail filters your email and places suspected spam into a special mailbox which you can access from the Brightmail Web site.

    For more information on Brightmail, visit http://www.brightmail.com/

The amazing thing is that on a regular basis 10-15 pieces of spam per week get caught in Brightmail, definitely saving wear and tear on my sanity. When I had my Web-based email forwarded to my regular account that Brightmail checks, the service did double duty and filtered out 20-30 pieces of spam per week.

When you set up a Brightmail account, you reconfigure your email client to check a special Brightmail mailbox that knows about your “real” inbox info, including Post Office Protocol (POP) server, account, and password. Then, when you check your email, you are actually inviting Brightmail to filter your incoming mail, weed out spam, put it aside, and download the rest of your mail.

Were you aware that international spam is the next big annoying monster? Believe it or not.

In the past two months I have received 20 pieces of unfiltered spam in Spanish. Witness my inbox.

Why is this happening? Can someone please tell me? I don’t read Spanish and have never subscribed or posted to anything Spanish.

Please, stop the insanity.

Did you know that someone can send an email that either does not have a sender address (e.g., “From: [blank]”) or has an email address such as “@msn.com”? Believe it or not. (Note the lack of anything to the left of the @, thus there’s no valid reply address.)

Here’s the full header from the spam received on Hotmail. Its blocking rules fail miserably to block this sender:

    From: @msn.com
    Subject: Holy cow!
    Date: Thu, 22 Feb 01 11:27:32 Pacific Standard Time
    MIME-Version: 1.0
    Received: from [63.29.57.110] by hotmail.com (3.2) with ESMTP id
    MHotMailBC5EC4B50083400431103F1D396E079E35; Thu Feb 22 13:02:47 2001
    From @msn.com Thu Feb 22 13:04:19 2001
    X-Priority: 3
    X-MSMailPriority: Normal
    Importance: Normal

In the first situation, it’s impossible to set up blocking rules since there are no email rules that can be applied to block an empty sender line; you must put some string to filter on. In the second situation, email clients such as Outlook can set up a rule to filter email from “msn.com,” but then you run the risk of deleting important mail from someone at msn.com. Also not good.

There are probably many other loopholes out there that need to be fixed in email systems. Let me know what they are, and I will publish them in hopes that some enterprising open-source junkie will make sendmail and others more spam proof. We must become more vigilant, right? And, Hotmail, please take a close look at who’s spamming your users.

Were you aware that the Internet Corporation for Assigned Names and Numbers (ICANN) enables the more than 75 accredited, operational domain-name registrars to sell the domain-name database? Believe it or not.

This one completely floored me. A couple of readers have informed me that ICANN (the organization that administers domain-name registrars) must sell the integrated network information center (InterNIC) database. The following text is excerpted from the full registrar agreement at http://www.icann.org/nsi/icann-raa-04nov99.htm (Section II.F.6):

    a. Registrar shall make a complete electronic copy of the data available at least one time per week for download…

    b. Registrar may charge an annual fee, not to exceed US$10,000, for such bulk access to the data.

    c. Registrar’s access agreement shall require the third party to agree not to allow … solicitations via email (spam)…

    f. Registrar may enable SLD holders who are individuals to elect not to have Personal Data concerning their registrations available for bulk access…

So, although it’s clear that ICANN forbids the buyers of the domain-name database to use the data for spam, how can this be enforced? Unless each registrar seeds the database with known domain names that are monitored for spamming under accounts such as Webmaster@, info@, and sales@, point c can’t be enforced. ICANN should look at this agreement and review the privacy implications. I don’t remember seeing any opt-in or opt-out confirmations when I registered a domain name, and I definitely don’t remember anything about my domain-name information being sold (although Network Solutions’ lengthy service agreement definitely tells me that my info may be made available), so point f is not being taken to heart by any registrars.

To tell you the truth, if my info is sold in this manner, domain-name registration should be free. Back-of-envelope calculation: If each registrar has just 10 third parties to whom it can license the database, it stands to make $100,000 annually. The ordinary registration is $20 per year, so each registrar should be able to afford 5,000 free registrations and not lose out at all. In theory, if enough third parties are found (that shouldn’t be a problem, right?), more domain registrations can be free.

Come to think of it, I have been wondering why domain names that used to cost over $100 to register can now be had for next-to free. Hmm….

Related reading

/IMG/853/275853/gmail-logo-2013-320x198
/IMG/550/200550/google-gmail-logo-320x198
email3-1
Gmail-Logo
<