The Hypocrisy Weblog

How many of you administrates your own server(s)? How many of you don’t but still receive on the magnitude of 10 to 1 more spam than real email in your inbox?

Matt Lake really puts down the grim reality into words in his chronicle.

One of the biggest problems is the outgoing spam which we as domain-owners can’t protect ourselves against: Spoofed from-addresses.

This quote says it all:

“Somebody out there, probably thousands of people, are getting messages for V-1-A=G-R-A and c1a-L:IS and embedded GIFs touting some penny stock that nobody’s heard of–all with my domain name all over the From field.”

The above can be handled on a pure technical level, as most of the error-responses can be filtered out automatically. What is worse however is the bad-will that these spoofed send-outs creates, whether these fake emails contains the spam mentioned above or viruses.

This is how it works, told through Matt Lake’s experience:

“Essentially, spoofing would mean that a spammer ran a piece of software that got hold of my domain name, possibly from its own spam lists, maybe from sniffing around in vulnerable e-mail servers from which e-mail came to me, or maybe from the central WHOIS database. The software then generated a mess of fake addresses with my domain on the end to masquerade as the sender’s addresses in the From and/or Reply To fields of their crass bulk e-mail. Then they sent out messages to unwitting strangers.”

Matt continues:

“I picked up the bounced-back messages only because I have a catchall account at my domain host. E-mail spoofing could happen to anybody with a domain (it could have happened to you), and most people never find out about it.

Unfortunately, if this spammer manages to annoy enough people, my domain may end up on a blacklist. Fortunately, because this kind of thing happens all the time, the blacklist compilers probably won’t punish me for what that spammer did, but they may. So I need to keep an eye out for any dropped messages to important clients and friends and comb the huge public list of blacklisted sites and hope for the best.

All told, my options aren’t terribly cheering.”

What is needed is an overhaul of the email-system, however there are many competing technologies and companies promoting these technologies plus that email shouldn’t lose it’s simplictic and genious usage.

A risk that is often forgotten when talking about which way is best to develop email to be less sensitive to UCE (Unsolicited Commercial Email = spam) is that less developed countries will be left behind (again) if the systems becomes too complex and / or expensive.

Another quote from Matt’s chronicle shows on another trap you as an administrator / provider can run into:

“So perhaps Verizon’s spam filter was doing exactly what it was supposed to do: removing objectionable unsolicited content from my mailbox. But of course, this does also mean that Verizon considers itself a spammer.”

Also note that there’s been a class action lawsuit against Verizon due to their spam-filtering methods. (Read about it here.)

It looks like we are stuck between a rock and a hard place…

Tags: Email, Help us!, Internet, Justice, Ouch!, Perspective, Spam, Technology

Technorati Tags: Email, Help us!, Internet, Justice, Ouch!, Perspective, Spam, Technology