Slashdot Mirror

I'm not even saying that I believe the current administration will abuse these google accounts. I don't, but I found it a little repellent that the current administration doing something eerily similar to something that gave the last administration a black eye is considered "funny" here on slashdot, instead of mildly unsettling at the very least.

No, what gave the last administration a black eye was not the fact that they used those private accounts for government work. And it wasn't even the fact that those accounts were insecure (unless, you happen to be one of those pedantic security expert who equates a breach of email security with the end of the world). What gave the last administration a black eye, at least in the public's eye, was that once they had been using those private accounts pretty regularly for official business, they simply refused to give up their passwords to those same accounts when a judge asked them to.

And since in this case, Obama went to the White House Counsel for advice on this, I wouldn't be surprised if the White House Counsel required that they all sign a piece of paper waiving privacy, that they surrender all their passwords in advance, and that they all place an ominous legal disclaimer in the signature advertising the fact that this is an official email address -- that could end up becoming part of the freely available public records -- before they would even be allowed to use those email accounts -- in any way shape or form.

Furthermore, I wouldn't be surprised if the White House Counsel didn't contact Google beforehand to take some additional measures. After all, Google owns Postini now, and Postini allows you to keep all your emails, deleted, sent, or otherwise, on their server, but they even allow you to set your own physical server up on your *own* premises to be the sole go between between all the incoming and *outgoing* email to make sure it gets archived and complies with email retention and archival policies.

Interesting topic. First, there is no loss of security in publicising blacklists. It is a bit silly (or nasty) to claim this is some security breach when it simply isnt.

The problem with web filtering is that there is a market for it. People want to buy it. People are making money on it. It is not going away.

Now, what aussie govt is doing is plain wrong. But, at least, they are not doing it in secret like in the UK... On balance, UK's filter is not mandated by the government, rather it is chosen by ISPs.

Either way, the technology simply isn't there yet.

Google also owns Postini which is outside of GMail. I know that my university used Postini before and after Google bought them and nothing changed. A Google solution might not involve GMail.

I just went through the same thing as you in that my children as they are learning to read and write, are wanting their own email accounts. At the same time, I have found GMail to be quite good at trapping spam, the spam does end up going into the spam folder, and much of it is not the type of email I want my children to see (pr0n, member enlargement schemes, pharmaceutical recommendations).

Since GMail is one of the best around, I recommend you use that with Postini, which just so happens to be another Google company. Postini is a pretty good spam filter that you point your MX records to and it filters your emails and sends it on to your email provider. It costs just $3.00, per year, and I still have yet to get any offensive emails that I would not want my children to receive. I have to say that my gmail spam box is mostly empty. The nice thing here is that you can monitor a spam inbox on Postini that your children will never see, and you can ultimately decide what can and cannot go through to their GMail account.

I dunno what google do, but I get about 1 spam per 3 days on an account that receives about 50 messages a day.

Postini, IIRC:
http://www.postini.com/goog/google.php

Just outsource it. There are plenty of services that will do the job for you, and they're very affordable, especially compared to the cost of your own time. Postini for example is fantastic; we've been using them since before Google bought the company, and they're quite effective with very few false positives. At about a dollar per mailbox per month, you almost can't afford not to do it.

I'm a bit down on Postini lately. A few months ago, they started marking my personal e-mails to Postini customers as spam. Which is kinda ironic. And pretty damned annoying, since my lawyer, my broker, my apartment manager and my chiropractor are all on Postini servers. But hey, that happens. I went over my server with a fine-tooth comb, I set up SPF, DomainKey, DKIM, no luck. I even switched servers. No matter. My e-mail, now digitally signed in triplicate, was still being scored as 90% probable spam.

So I tried to get in touch with their postmaster group. Only they don't have one. And I tried to check their feedback loop. Only they don't have one. As a shareholder, I even wrote to Investor Relations. No response. In the process, I found out that they have a universally awful reputation among the mail delivery community.

In the end, all they could tell me was that their system decided my mail was spam because - I kid you not - their system had, previously, decided my mail was spam. Which, of course, increases my spamminess score. And so on, and so on, until we're all using the same shampoo.

So, to recap: The guy in charge of keeping Google secure, Scott Petry, is the guy who invented a system that bit-buckets your e-mail, with absolutely no accountability, no sanity checks, no industry best practices... because of guilt by association WITH YOURSELF.

Be afraid. Be very afraid.

what is "bullshit" = A/C

even a cursory search will turn up documents that confirm: 90% of email on the net is spam

you make a lot of postings out here buddy and I ain't exactly sure how many you are or what your agenda is

but after a note like the one I'm responding to I have confirmed for myself pretty much what you are.

http://www.technewsworld.com/story/51055.html

http://handsoff.org/blog/category/spam/

http://www.postini.com/news_events/pr/pr110606.php

Ummm... it's here and they call it postini...

Yes I know Postini was around before Google, but they still rock at corporate filtering needs and have made my life easier

Yeah, I mean, it's not like Postini is touting the buyout on the front page of their website or anything...

super-filter every e-mail that comes out of South Korea, Indonesia, and especially Nigeria, etc.

That's funny, I did as you suggested. I see no spam coming out of Nigeria. Just to be sure, I took a trip to Postini and checked. Nope. There is a tiny bit from Egypt, but otherwise I don't see any spam originating from the entire African continent.
That doesn't mean you are wrong about spam being from very specific areas, but Nigeria just isn't supported by the evidence you mention.

Excuse me for interrupting this flame-fest with facts, but I found a Spam map online:

http://postini.com/stats/world-spam-2048.jpg

Most spam comes from California, France, southern England, Japan, and, oh yes, Korea and China. And, no, I do not advocate blocking email from, say, California just because a lot of spam comes from there.

Spam Map

"South Korea, Indonesia, and especially Nigeria, etc"
While we're at it, why not block Alberta, California, North Carolina, Virginia, Colorado, Oklahoma, Kansas, Vermont, New Hampshire, Massachusetts, Spain, France and Portugal - all spam hotspots according to the map cited? What's that, you receive email from people in these places? Tough titties, if we're to block email coming from spam hotspots as you say.

Also, you've managed to point a finger of blame at Indonesia and Nigeria who are saintly in comparison to some more developed nations. Go racism!

See their web site here...

Our company uses a service called Postini http://postini.com/ for this kind of thing. Spam messages are kept on the postini server and the user is given the option to deliver them after previewing them or just delete them. Their inbox isnt full of junk and we dont have to waste time setting up mail filters and the like. The admin interface is decent, and I have had no complaints from my co-workers.

http://postini.com/stats/ has better maps.

Being a dyed-in-the-wool-pinko-commie-liberal, I've always been skeptical of claims that "the free market" can solve any particular problem. Solutions to problems have a nasty habit of changing paradigms, which the free market, by its very nature, is resistant to.

According to at least one source spam currently makes up 71% of current e-mail traffic and viruses account for another 1%. That's almost three out of every four e-mails. And how did it get this way? Because the free market let it.

The truth is that there is no financial incentive for the free market to address the problem, and in a way, it prospers by it. And not just the spammers, but every large ISP that gets paid for bandwidth by a smaller ISP benefits. An entire industry has grown up around "preventing" spam and viruses. Hell, the company behind the source I just referenced makes their money because of it . . . And that's why the problem continues to get worse not better.

However, show me a technical solution, with the backing of some kind of governmental enforcement mechanism (either one without the other doesn't work)and then you're actually talking about something that has a possibility (but note not a likelihood) of working.

... recent download of my earthlink email (which i've just about given up on), had about 60 messages, only 1 of which wasn't ...

are you a non-subscriber using their free email service or a subscriber who just has their spamblocker turned off?

if spamblocker is letting that many through, maybe you need to find a new email provider with better filters.

my office uses services from http://www.postini.com/ and pretty effective. between it and a few predefined rules in the mail client (this is work, so it's just oe since i have to support others using it), and in my "INBOX" folder i get maybe one spam a week out of about 2500 incoming mails.

my home accounts rarely see any spam at all because i am careful who the addresses are given to (and they have uncommon, most not in google, usernames).. the only home accounts that get any are the two i use for debian mailing lists and bug reports.

$100/year/customer?!?

Come on now -- companies like http://www.postini.com/ can do it for magnitudes less.

Maybe your ISP should see what solutions are out there do to what your doing, but for a ton cheaper?

I don't understand why people make such a big deal out of [spam]. If you don't like reading spam (some weird people actually do want to buy penis and breast enhancement toolkits) - get a filter.

Maybe your time is worth nothing. So why don't you come around and set up a filter for me? I don't want to be unreasonable, I could live with 1 or 2 pieces of spam per day. But absolutely no false positives. And I'll need it stopped on the server, before it eats my bandwidth. I'm getting a couple of hundred pieces per day. Right now Postini filters my mail (and since my ISP has to pay them for that, it increases my monthly cost), so I only get actually receive 20 or so pieces per day. Mostly those fake Rolex ads and bounces from spam where the spammer is forging my domain as a return address. So will you can take care of that? By next Tuesday?

My thoughts exactly. How is that any better or any more revolutionary then an outsourced solution? Outsourcing email is most often a better overall solution IMHO, and has the same effects as a firewall, and possibly more secure!

You've got ASPs like Sentinare Email Security, or Postini (ok maybe Postini is a bad example, their filters suck) but you've got your Sentinare! and maybe Brightmail in which all spam is blocked/filtered before it reaches the LAN. This seems like a much better solution then having to install, manage, update, troubleshoot, etc... yet another box on your network. In my experience email systems arent exactly THAT easy to setup and manage.

So why not outsource and let the experts handle it all, and save time/money/grief/headaches in the process.

One of the domains we process mail for gets > 100k bogus RCPTs a day. At the peak of this 6 month old dictionary attack, it reached 1.5M per day. Thunderbird is good, but that may take a while to download and process.

This is exactly why services like MailSift.com and Postini.com exist.

Just for another reference, we get about 200,000 valid emails a day for around 17,000 users. We get another 700,000 or 800,000 spams a day too, but those are run through Postini so thankfully I never see them. I'm sure that the cost of subscribing to Spamhaus would be far less than that of acquiring 4 times our bandwidth and storage facilities plus all the time I would have to mess with that trash.

No, not really. I'd be interested to know where you get your info. If this just reading your spam then you might have a skewed sample.

If you take a look at Postini's live spam map, you see that North America is by far leading the world in sending spam, then Europe, but admittily not too far behind is China, then Brazil.

I think as we see more western countries put in place heavy fines and jail time for spam, we will see a rise in spam from third world countries (or spammer havens). I wonder which will be the first countries to use econmic (or communication) sanctions to force a country to crack down on it's spammers...

Wow, 2500:1 spam ratio? Change your filters or use a service. My company provides a service from Postini that seems to get rid of _all_ of that crap. And no, I don't work for them.

Any ISP however will not filter spam from coming into their networks because for one, no one should dictate what someone should or should not receive.

My ISP has most mail routed through a third-party filter service before it is delivered to mailboxes. Users can review/retrieve blocked mail and adjust the aggressiveness of the filter, black- or white-list addresses or domains, or turn it off. On my account with default settings, it stops about 200 spam/day plus another 50-100 worms, while letting 5 or 6 through, with essentially zero false positives. Look into it, your users will love it, my ISP says it's cheaper to contract the work out than to do it themselves.

To get around this, maybe you can use one of those e-mail services that will let you get your POP messages and view them through a Web page

Actually, the only email I receive via Eudora is the mail sent to my public email addresses. Thanks to the generosity of the dixie-chicks.com host, that mail is filtered by Postini -- otherwise, it would be completely useless due to spam.

My real email address -- the one I use to communicate with people I know personally -- is online, hosted by Neologism Productions, a high-quality, low-cost mom-and-pop operation out of Plano, Texas.

I seldom have any spam problems there, even without filtering, though I get hit by an occasional dictionary/common-name attack. I inadvertently viewed a spam message sent to an alias, triggered a web bug, and started receiving 2-3 spams a day to that alias. That alias, sadly, is no more...

File attachment: details.pif

The file attached to this email was removed because files of this type are not accepted for delivery by your email gateway.

Here's my stats of email virii filtered out by Postini:

* Virus Alert
These virus-infected messages have been quarantined BEFORE they reached your email inbox. You can safely view the text of the message by clicking on the subject.
Messages
Message 1 - 10 of 491 | Next

The only problem I have with Postini is that they send me a note for every single virus email they filter out, and I can't seem to turn that off (like I can the spam notification). So I still have ~620 messages in my inbox, about a hundred of which are bogus "You sent a virus" messages.

I get a lot of those -- generated by infected people who have my email address somewhere on their PC. That's a pretty high number, if the virus mines email addies from web sites like mine that the victim has recently visited.

You'd think the sysadmins would realize that it does no good anymore to tell the sender that they sent a virus, since the "sender" probably had nothing to do with it. [Insert M$-bashing comment about default operation here]

postini does 3rd party spam filtering for a number of companies. However if mozilla mail (1.3 I take it) isn't picking up all the spam postini won't do much better but it will cut down on the amount that gets to your inbox at least.

Try looking looking into postini. You slip your primary MX records through them, leaving backups for direct access. And thir spam filter will quarantine for up to 14 days. Lock your mailserver against direct access (only accept mail via MX routing) and boom, you are set, per mailbox pricing isn't bad but I can't quote our rate, it is under $1/month/mailbox though.

Check out Postini: http://www.postini.com/

I work for an ISP, and we've implemented this as our anti-spam and anti-virus solution for our subscribers. It could not have worked out better -- we make money, our customers get less spam (almost none, really, and very few false positives), and our platform is much more healthy because the crap is blocked before it gets to our network.

The only downside is that it must be implemented by the mail provider -- individuals can't sign up for the service directly. Other than that, it's win-win.

Since my ISP started using Postini I only get one or two, and as soon as they catch one the rest of the same type are blocked. I can still log into the message center where the suspicious messages are held, and review them just in case. I'd never heard of it before then, and have no interest in the company other than paying .50/month for extra spam filtering.

DIY hack for Orange smartphone revealed

Check them out at http://www.postini.com/.

My ISP (the one that I use, I certainly don't own it) is beta testing Postini's service. Basicly all mail is sent to Postini, they filter it based on content huristics and send the "good" stuff on. There is a web based area (which can be tailored to give more or less options to the user) where preferences can be set, and "tagged" email can be checked.

While I was participating in the beta, I was really "promiscuous" with my email address. Now that the test is over, I'm sorry. Pricing is really quite resonable. I've been told that the cost per user per year (for an ISP of about 150k) is around $10.

Not bad?? We move about a million emails a day. Of those million messages, approximately a third are identified as SPAM by postini spam filters (user configurable). I think that can be classified as a bad .

-NetPhoenix