I think it's naive to assume you can't be both anal-retentive and economical.
NASA's problem is that the organization has been orphaned by administrations that have no love for science, and it has therefore morphed into a political/business entity that is no longer capable of even accomplishing what it did in the 60s.
My favorite quote, which I omitted because it's probably his most common quote: "Great spirits have always encountered violent opposition from mediocre minds."
Strange is our situation here on earth. Each of us comes for a short visit, not knowing why, yet sometimes seeming to divine a purpose. From the standpoint of daily life, however, there is one thing we do know: that man is here for the sake of other men - above all for those upon whose smiles and well-being our own happiness depends.
- Albert Einstein
I cannot imagine a God who rewards and punishes the objects of his creation, whose purposes are modeled after our own - a God, in short, who is but a reflection of human frailty. Neither can I believe that the individual survives the death of his body, although feeble souls harbor such thoughts through fear or ridiculous egotisms.
- Albert Einstein
As far as the laws of mathematics refer to reality, they are not certain; and as far as they are certain, they do not refer to reality.
- Albert Einstein
Make things as simple as possible, but no simpler.
- Albert Einstein
Technological progress is like an axe in the hands of a pathological criminal.
- Albert Einstein
The significant problems we face can not be solved at the same level of thinking we were at when we created them.
- Einstein
It is easier to denature plutonium than to denature the evil spirit of man.
- Albert Einstein
Few people are capable of expressing with equanimity opinions which differ from that of their social environment.
- Albert Einstein
The important thing is not to stop questioning.
- Albert Einstein
I agree with you, and I also agree that to some degree it's not about the content, but this new way that content is delivered, in bursts of high-intensity sights and sounds that has a short-term effect of getting a consumer's attention quickly, but a long-term affect of turning them ADHD, destroying their ability to focus on things, and making them aggressively reactive to stimuli as opposed to being thoughtful and calculated.
Children's shows demonstrate these effects most poignantly. Look at Bill Bye the Science Guy. That show is interesting, but painful to watch, with tens of thousands of ever-flickering camera shots and invasive noises. Video games now have to offer almost non-stop chaos in order to get children interested. I feel this is directly related to how desensitized the public has been due to the method by which the media has evolved in their obsessive attempt to garner peoples' attention.
Another case in point: After getting a TIVO and being able to FF past commercials in shows I wanted to watch, I began to realize I had never noticed that when you return from a commercial break, many shows rewind the last minute of content just to remind you what it was you were watching before you went to commercial! That's how bad it is.
I content not only are we influenced by the content we see in the media, whether we acknowledge it or not, whether it's on a grant or miniscule level, but our brains are also being rewired by the media to process information differently, which in some cases results in more animal-like aggressive reactions to stimuli.
It's not GTA's fault, but I think it's naive to not realize that the media people are exposed to does influence them. Since it's obvious that corporations have no responsibility nor desire whatsoever to maintain any kind of moral standards which might be detrimental to their profitabilty, it's up to others to mediate the development, encouragement and access to questionable content of this nature.
The reason GTA is so popular is because people have a secret desire to be anarchistic. The game gives them an excuse, and makes some, usually those on the bottom rung of the intellect and discipline ladder, emboldened to actually do some of these things in real life.
So what do you do? Blame the crappy kids' crappy parents? IMO, ironically, the parents are probably crappy parents because they too, have been influenced by the media, led to believe they have to work harder and make more money in order to be happy, therefore they spend less time with their kids and don't have a clue what they're doing. It's a vicious cycle, all perpetrated by peoples' overexposure to media.
Zombied computers, aka DUL IP space is RBL'd in most well-tweaked RBL-based mail systems and it doesn't affect legitimate mail. These systems shouldn't be running their own SMTP gateway so it's practical to block them. If they want to run their own SMTP, my rejection messages give them a way to request permission. Most content-based systems involve just as many, if not more hoops for someone to jump through to be validated. In the meantime, I don't have to dedicate nearly as much resources to fight spam as you do. If you have unlimited bandwidth and computing power, congrats. I don't need to spend more money on a content-based system that requires a LOT more maintenance, that delays mail, and is even more problemmatic than RBL-based systems.
This is not a valid assumption. I run every incoming message through SpamAssassin and ClamAV and if ClamAV says "virus" or SpamAssassin returns a score of 10+, I reject during the SMTP session by sending a 554.
That means no misdirected bounce messages and anyone whose mail is rejected is notified by his/her MTA.
By the way, I have never had anyone tell me his/her legitamate email was rejected by my server. What false-positive rate do you consider to be acceptable?
I contend there is no way you're running an effective spam filter if you've never had false positives.
In any case, the operative issue here is the reasonable balance between resources required to maintain reliable service and what's necessary to stop spammers. I have no doubt that one can spend an inordinate amount of time and resources to squeeze an extra 1-5% efficiency, but even that is fleeting, and ironically this plays in favor of the spammers, who profit by exploiting an unfair amount of resources via their efforts.
All spam "solutions" essentially fall into one of two categories: efforts that inhibit the spammer's ability to steal resources, and those that don't. RBLs directly affect spammers' ability to disproportionately exploit resources; content-based systems DO NOT.
When you fight spam, you have two objectives depending upon whether you want to temporarily or permanently address the problem: stop spam from getting to your inbox, and/or stop spammers from being able to steal your resources. When spamming requires you to install extra software and beef up systems to handle spam, that's still theft. You might have less spam in your inbox, but it's still costing you time and money. In that case, you still lose.
Content-based filters do encourage spammers to get creative and try to thwart the filters, but it's tit-for-tat. You have to do as much work as them to maintain the integrity of your system, so you're still having your resources bled dry.
RBLs are different. They put much more pressure on spammers and less pressure on innocent servers; they require less resources and time and shift the burdon to spammers. My approach not only cuts down on spam, but unlike yours, it requires less time and money and system resources on my part to implement. This is all about increasing the cost and liability exposure of spamming.
Personally I doubt that your system is more effective than mine. But even if it was, it is moot. Most of the top ISPs routinely lose legitimate mail because they depend too much on content-based filtering, which might offer a short-term improvement, but ultimately doesn't put pressure on SMTP sources to be responsible, and that's the only way to really make a difference. RBLs do that, very effectively.
Being a semi-professional photographer, I have tens of thousands of images that aren't being utilized that I would like to publish in a manner such as this. I don't mind putting images in the public domain, but I would like to receive credit or references where they're used. Most publishers would have no problem with this, and many photographers like myself would gladly donate quality images to the project in return for helping to establish our reputation.
The problem I see with this site is that the images online appear to be anonymous. So what's to stop people from uploading copyrighted images or material they don't own the rights to? I can't see this project working if they can't documented some attribution for the content they're distributing.
The site could try to hide under some sort of "common carrier" status, but ultimately, because there is no provinence attached to the content, no decent publisher would touch the images for fear of legal liability.
The concept is nice, however, it's not practical in its current form. The system needs to be enhanced so that contributors can identify themselves and claim authorship of the content so they can verify the legitimacy of the licensing. This would also provide the motivation for higher-caliber artists to contribute, especially if they could choose from a finite list of licensing options, none of which necessarily requiring remuneration, but at the least, acknowledgement of the author of the content.
As a long time FreeBSD user and supporter, it should be noted that many of us support the effort with our auto-subscriptions, where we pay $25 for each new release. On many of my servers I'm still running old versions, and I'm aware that I don't need the CDs for the latest versions mailed to me, but this is my way of supporting their efforts by kicking back money each time they have a major release. I urge all FreeBSD users to subscribe and provide the project with a solid source of recurring revenue that helps keep their project going.
While the funding drives are helpful, it's important to give the team a more substantive commitment and ongoing revenue they can bank on. It's a small price to pay. Subscribe and make a difference!
My choice of technology uses exponentially less resources than content-based systems, and therefore makes mail processing faster, more reliable and more efficient, with a dramatically reduced chance of missing mail.
The irony is that most of the decent content-based systems take into account the source of the mail... which in my opinion is one of the most efficient ways to identify legitimate/illegitimate messages.
Analyzing content is problematic, slow, resource-intensive, invasive and even more prone to error, so it makes no sense to use it IMO.
Any decent administrator should have things set up like that. And running PHP in safe mode with the switches to limit php's ability to write to files would also catch this problem.
This is a good example of how important security planning can be. A cautious administrator who set up Apache and PHP properly would probably not be affected by this bug in any substantive way.
I use RBLs because I absolutely, positively care about every single legitimate e-mail. The problem with content-based filters is that the sender never knows whether his e-mail was received or not, or put into some spam bin that the user may never look at.
With my system, EVERY bounced e-mail, legit or not has an error message returned with an index to the specific rule violation and a web address with instructions and a contact form which bypasses the spam filter so they can let me know there was a problem.
Every once in awhile I get a false positive, but the percentage is very trivial, and the problem gets immediately solved because, unlike content-based systems, the sender immediately knows his mail didn't go through and can bypass it manually.
I completely agree with you. While you're at it, should also consider adding 80/8 - 83/8
If you notice, the people who are promoting other "solutions" typically fall into one of two categories: a) people making money by promoting these inefficient content-based systems, or b) tinkerers who enjoy creating more complex systems than what might be necessary.
Personally, I just want spam to go away. I don't want to spend a ton of time programming things. I have learned the best way to deal with it is to put the burden on the SMTPs to ask for permission to communicate with us if they're nestled among a lot of rogue IP space. It has shown to work well.
These are approximate summary stats. If you look at yesterday, approximately 86% of the connections were immediately RBL'd. Right away that's 86% spam catching, but if you factor into account that many of the spammers sort messages by host and send multiples per connection, it easily jumps much higher.
98% of the invalid users are spam and virus mail.
Extrapolating the amount of spam that gets past the RBLs in boxes I monitor, it's at most 1% of the spam that I'd otherwise receive, so I was being conservative when I said my RBLs catch 95+% of the spam hitting my server. It's probably higher than that.
Personally I think there's a fatal flaw in the analysis of content-based anti-spam systems. They CAN NOT handle an equitable volume of mail as a comparably-equipped RBL-only system due to the exponential increase in system resources they need to operate. These systems can't handle mail as fast and probably throttle or miss transactions during peak hours so their stats are flawed.
I like bl.spamcop.net, sbl.spamhaus.org, dnsbl.sorbs.net.
However, I have a much higher hit ratio with my own, homebrew IP blacklist, which includes darkening out most of China, Korea and other major spam havens. If anyone wants to communicate with our network from the black IP space, they need to be whitelisted, and any bounced e-mail has instructions within on how to do that.
A well-designed RBL blocks 95+% of spam and consumes less resources than all the other solutions. Plus it has the added benefit of stopping virus and worm propagation, phish e-mails and lots of other scenarios where unauthorized SMTP relays operate.
I see no reason to use client or server-side products that analyze the mail content, when this slows down mail service and reliability. RBLs, blocking mail based on the legitimacy of the source address has proven to be the most effective method of curtailing spam, and unlike all the other solutions, this one aversely affects spammers by not allowing them to consume your resources.
If you're in the business of making money off selling spam products, I can see your support of these various half-way solutions, but otherwise, the best way IMO is to employ RBLs at the server level and slowly work towards SMTP whitelisting. I contend this is an inevitability if the authorities don't start prosecuting spammers for their illegal computer tampering.
Quoted from elsewhere but worthy of paraphrasing as a "pre-emptive strike" against the inevitable French-bashing that morons will engage in related to this article:
It is so unbecoming of a country which proclaims itself as the unchallenged leader of contemporary "civilized nations" and so unthankful of a nation that punctiliously celebrates Thanksgiving every year to forget the critical role that France played in the making of the United States of America.
For those Americans who are unaware of their history but have seen the painting of Lord Cornwallis surrendering to Gen. George Washington somewhere, sometime or viewed Mel Gibson's box office hit Patriot, both the painted masterpiece and the climax of the film resurrect the defeat and surrender of the British at the fateful Battle of Yorktown which led to the making of the United States of America.
As it happens, in the months preceding this battle the British under Lord Cornwallis and Gen. Howe with their "death squads" had almost vanquished Gen. Washington and his motley crowd of "patriots" and subdued the two Carolinas and Virginia. Having done that, Lord Cornwallis, camped in the peninsula of Yorktown, and Gen. Howe in New York prepared for the final showdown with Gen. Washington, who was waiting on the banks of Hudson River. Gen. Rochambeau, who was with Gen. Washington, offered to march down to Virginia with his 10,000 French regulars to fight Lord Cornwallis, which they did on foot; a long and hazardous trip, to say the least. Rochambeau also sent an urgent request to the 33-vessel-strong French Fleet in the West Indies under the command of Admiral de Grasse to join the forthcoming battle in Virginia, which he did. Soon the French were blockading the entrance to Chesapeake Bay, preventing the British Fleet sent by Gen. Howe from joining this battle.
Once he saw that defeat was inevitable, Lord Cornwallis sent one of his generals to the French General, Rochambeau, proposing surrender. Not to Gen. Washington, but to the French, because it was the French who had defeated the British. As expected, Rochambeau declined the offer and asked the British to surrender to Gen. Washington. After much negotiation Lord Cornwallis agreed and sent his sword to Washington and surrendered to the Americans.
The Americans had finally won their Independence, but with military assistance from France, without which there would not have been a United States of America. The French did not exact any price from America for this assistance, they did it all on the principles of liberty, equality and fraternity. Two centuries later America would repay this historical debt by liberating France from Nazi Germany. In between, there was the French gift to the United States of America of the majestic Statue of Liberty.
Fifty-seven years later Americans are demanding their pound of flesh from the French with the incumbent George Bush's "You are either with us or against us." Other princes of darkness - and there are many in America -- are crediting the President of France with dozens of qualities and the French with more character traits, all negative.
Outside the United States there is a universal cry of vive la France! Stand up for the universal principles of liberty, equality and fraternity. These shall prevail, sooner than later.
Symantec isn't actually buying the company, they're giving them a bunch of copies of Norton Antivirus and will slowly drive them into bankruptcy via the subscription fees. At which point they'll take over the company based on the money owed.
I loved that series. I remember playing WC2/WC3 and hooking my PC up to a 700 watt PA amplifier with JBL concert speakers, shutting all the lights off and hearing the whole house rumble when I was fired upon in a dogfight. That was a cool game.
I've been looking for something comparable to Wing Commander, but it seems the only space-combat title that continues to evolve has to do with the Star Wars universe, which I find a bit on the boring side and too diluted from being endlessly milked.
In a related story, that guy that's all over television and radio commercials hawking the Cortislim crap, "Dr. Greg Cynaumon" has equally dubious educational credentials. Seems his claim to being a "doctor" and much of his claims are being challenged.
What amazes me is this guy is on television every day, and the media has never thought to investigate him? I guess they don't want to bite the hand that feeds them. But you have to wonder about a commercial promoting a weight loss product that urges you to not weigh yourself.
Late arriving cyber real estate agent
on
i-Names Pick Up Steam
·
· Score: 4, Insightful
I equate ideas like this to a late-arriving cyber real estate agent, seeking to find some creative, yet not terribly useful or practical way to divide up property that people already own.
The premise is that you pay for a pseudo-permanent identity in cyberspace. Ok, however, the TOS, like most other TOS disclaim any responsibility to consistently deliver the services you're supposedly paying for: # Although our intention is that this service is always available, 2idi and its licensees and affiliates reserve the right to interrupt or terminate service for some unforeseen circumstance. # Please note that amendments to this agreement, and to 2idi policies that are incorporated by reference in i-broker agreements, may be made at any time at the sole discretion of 2idi in order to best serve all members of the 2idi community.
The second part is particularly exemplative of the total and utter uselessness of schemes like this. Sure, they want to encourage you to use them as a central repository of personal information, and they allude to respecting your privacy, but they reserve the right, at any time, without your approval, to change the terms of their service, which may arbitrarily involve giving out personal info or whatever they want with whatever they have of yours.
Whenever I evaluate the value of an idea such as this, I consider to what degree the value of the project is based on a useful service, verses the degree to which the success of the project is dependent upon a) obtaining market share and b) marketing. This project fails the test. It doesn't offer anything innovative, and therefore will be marketing driven, and if it doesn't have market share, it will ultimately fail and be useless.
This is one of those markets where it's just too dangerous to fiddle with. For all the resources they invest into this effort, Google, eBay, MSN or Yahoo can pull a similar scheme out of their hat and put them out of business instantly. Spamcop already has a highly effective e-mail/spam forwarding service. The central identity thing has been tried with the.name TLD and hasn't worked. And Microsoft has far more resources poured into their pseudo-secure give-me-all-your-personal-info "solution."
OTOH, what I do like about the basic centralized repository scheme, is that it would be better served as a way to manage and authorize legitimate SMTP servers.
The Treo 600 is notorious for having bad sound quality. It's not as bad as the 650. I had a client call me tonite from one of the 650s and the author is right.. they sounded horrible. I don't get as many complaints with my 600 but it's still substandard as far as other cell phone quality.
Slashdot Mirror
..because they are running out of non-RBL'd IPv4 space from which to spam....
I think it's naive to assume you can't be both anal-retentive and economical.
NASA's problem is that the organization has been orphaned by administrations that have no love for science, and it has therefore morphed into a political/business entity that is no longer capable of even accomplishing what it did in the 60s.
My favorite quote, which I omitted because it's probably his most common quote: "Great spirits have always encountered violent opposition from mediocre minds."
For laypeople, I think the best book introducing Einstein's theories in an understandable way is Relativity Visualized by L. Epstein.
Here are some Einstein quotes from Wisdomtoday.com - a daily quote e-mail:
Strange is our situation here on earth. Each of us comes for a short visit, not knowing why, yet sometimes seeming to divine a purpose. From the standpoint of daily life, however, there is one thing we do know: that man is here for the sake of other men - above all for those upon whose smiles and well-being our own happiness depends.
- Albert Einstein
I cannot imagine a God who rewards and punishes the objects of his creation, whose purposes are modeled after our own - a God, in short, who is but a reflection of human frailty. Neither can I believe that the individual survives the death of his body, although feeble souls harbor such thoughts through fear or ridiculous egotisms.
- Albert Einstein
As far as the laws of mathematics refer to reality, they are not certain; and as far as they are certain, they do not refer to reality.
- Albert Einstein
Make things as simple as possible, but no simpler.
- Albert Einstein
Technological progress is like an axe in the hands of a pathological criminal.
- Albert Einstein
The significant problems we face can not be solved at the same level of thinking we were at when we created them.
- Einstein
It is easier to denature plutonium than to denature the evil spirit of man.
- Albert Einstein
Few people are capable of expressing with equanimity opinions which differ from that of their social environment.
- Albert Einstein
The important thing is not to stop questioning.
- Albert Einstein
I agree with you, and I also agree that to some degree it's not about the content, but this new way that content is delivered, in bursts of high-intensity sights and sounds that has a short-term effect of getting a consumer's attention quickly, but a long-term affect of turning them ADHD, destroying their ability to focus on things, and making them aggressively reactive to stimuli as opposed to being thoughtful and calculated.
Children's shows demonstrate these effects most poignantly. Look at Bill Bye the Science Guy. That show is interesting, but painful to watch, with tens of thousands of ever-flickering camera shots and invasive noises. Video games now have to offer almost non-stop chaos in order to get children interested. I feel this is directly related to how desensitized the public has been due to the method by which the media has evolved in their obsessive attempt to garner peoples' attention.
Another case in point: After getting a TIVO and being able to FF past commercials in shows I wanted to watch, I began to realize I had never noticed that when you return from a commercial break, many shows rewind the last minute of content just to remind you what it was you were watching before you went to commercial! That's how bad it is.
I content not only are we influenced by the content we see in the media, whether we acknowledge it or not, whether it's on a grant or miniscule level, but our brains are also being rewired by the media to process information differently, which in some cases results in more animal-like aggressive reactions to stimuli.
It's not GTA's fault, but I think it's naive to not realize that the media people are exposed to does influence them. Since it's obvious that corporations have no responsibility nor desire whatsoever to maintain any kind of moral standards which might be detrimental to their profitabilty, it's up to others to mediate the development, encouragement and access to questionable content of this nature.
The reason GTA is so popular is because people have a secret desire to be anarchistic. The game gives them an excuse, and makes some, usually those on the bottom rung of the intellect and discipline ladder, emboldened to actually do some of these things in real life.
So what do you do? Blame the crappy kids' crappy parents? IMO, ironically, the parents are probably crappy parents because they too, have been influenced by the media, led to believe they have to work harder and make more money in order to be happy, therefore they spend less time with their kids and don't have a clue what they're doing. It's a vicious cycle, all perpetrated by peoples' overexposure to media.
Zombied computers, aka DUL IP space is RBL'd in most well-tweaked RBL-based mail systems and it doesn't affect legitimate mail. These systems shouldn't be running their own SMTP gateway so it's practical to block them. If they want to run their own SMTP, my rejection messages give them a way to request permission. Most content-based systems involve just as many, if not more hoops for someone to jump through to be validated. In the meantime, I don't have to dedicate nearly as much resources to fight spam as you do. If you have unlimited bandwidth and computing power, congrats. I don't need to spend more money on a content-based system that requires a LOT more maintenance, that delays mail, and is even more problemmatic than RBL-based systems.
This is not a valid assumption. I run every incoming message through SpamAssassin and ClamAV and if ClamAV says "virus" or SpamAssassin returns a score of 10+, I reject during the SMTP session by sending a 554.
That means no misdirected bounce messages and anyone whose mail is rejected is notified by his/her MTA.
By the way, I have never had anyone tell me his/her legitamate email was rejected by my server. What false-positive rate do you consider to be acceptable?
I contend there is no way you're running an effective spam filter if you've never had false positives.
In any case, the operative issue here is the reasonable balance between resources required to maintain reliable service and what's necessary to stop spammers. I have no doubt that one can spend an inordinate amount of time and resources to squeeze an extra 1-5% efficiency, but even that is fleeting, and ironically this plays in favor of the spammers, who profit by exploiting an unfair amount of resources via their efforts.
All spam "solutions" essentially fall into one of two categories: efforts that inhibit the spammer's ability to steal resources, and those that don't. RBLs directly affect spammers' ability to disproportionately exploit resources; content-based systems DO NOT.
When you fight spam, you have two objectives depending upon whether you want to temporarily or permanently address the problem: stop spam from getting to your inbox, and/or stop spammers from being able to steal your resources. When spamming requires you to install extra software and beef up systems to handle spam, that's still theft. You might have less spam in your inbox, but it's still costing you time and money. In that case, you still lose.
Content-based filters do encourage spammers to get creative and try to thwart the filters, but it's tit-for-tat. You have to do as much work as them to maintain the integrity of your system, so you're still having your resources bled dry.
RBLs are different. They put much more pressure on spammers and less pressure on innocent servers; they require less resources and time and shift the burdon to spammers. My approach not only cuts down on spam, but unlike yours, it requires less time and money and system resources on my part to implement. This is all about increasing the cost and liability exposure of spamming.
Personally I doubt that your system is more effective than mine. But even if it was, it is moot. Most of the top ISPs routinely lose legitimate mail because they depend too much on content-based filtering, which might offer a short-term improvement, but ultimately doesn't put pressure on SMTP sources to be responsible, and that's the only way to really make a difference. RBLs do that, very effectively.
Being a semi-professional photographer, I have tens of thousands of images that aren't being utilized that I would like to publish in a manner such as this. I don't mind putting images in the public domain, but I would like to receive credit or references where they're used. Most publishers would have no problem with this, and many photographers like myself would gladly donate quality images to the project in return for helping to establish our reputation.
The problem I see with this site is that the images online appear to be anonymous. So what's to stop people from uploading copyrighted images or material they don't own the rights to? I can't see this project working if they can't documented some attribution for the content they're distributing.
The site could try to hide under some sort of "common carrier" status, but ultimately, because there is no provinence attached to the content, no decent publisher would touch the images for fear of legal liability.
The concept is nice, however, it's not practical in its current form. The system needs to be enhanced so that contributors can identify themselves and claim authorship of the content so they can verify the legitimacy of the licensing. This would also provide the motivation for higher-caliber artists to contribute, especially if they could choose from a finite list of licensing options, none of which necessarily requiring remuneration, but at the least, acknowledgement of the author of the content.
As a long time FreeBSD user and supporter, it should be noted that many of us support the effort with our auto-subscriptions, where we pay $25 for each new release. On many of my servers I'm still running old versions, and I'm aware that I don't need the CDs for the latest versions mailed to me, but this is my way of supporting their efforts by kicking back money each time they have a major release. I urge all FreeBSD users to subscribe and provide the project with a solid source of recurring revenue that helps keep their project going.
While the funding drives are helpful, it's important to give the team a more substantive commitment and ongoing revenue they can bank on. It's a small price to pay. Subscribe and make a difference!
My choice of technology uses exponentially less resources than content-based systems, and therefore makes mail processing faster, more reliable and more efficient, with a dramatically reduced chance of missing mail.
The irony is that most of the decent content-based systems take into account the source of the mail... which in my opinion is one of the most efficient ways to identify legitimate/illegitimate messages.
Analyzing content is problematic, slow, resource-intensive, invasive and even more prone to error, so it makes no sense to use it IMO.
Any decent administrator should have things set up like that. And running PHP in safe mode with the switches to limit php's ability to write to files would also catch this problem.
This is a good example of how important security planning can be. A cautious administrator who set up Apache and PHP properly would probably not be affected by this bug in any substantive way.
I use RBLs because I absolutely, positively care about every single legitimate e-mail. The problem with content-based filters is that the sender never knows whether his e-mail was received or not, or put into some spam bin that the user may never look at.
With my system, EVERY bounced e-mail, legit or not has an error message returned with an index to the specific rule violation and a web address with instructions and a contact form which bypasses the spam filter so they can let me know there was a problem.
Every once in awhile I get a false positive, but the percentage is very trivial, and the problem gets immediately solved because, unlike content-based systems, the sender immediately knows his mail didn't go through and can bypass it manually.
I completely agree with you. While you're at it, should also consider adding 80/8 - 83/8
If you notice, the people who are promoting other "solutions" typically fall into one of two categories: a) people making money by promoting these inefficient content-based systems, or b) tinkerers who enjoy creating more complex systems than what might be necessary.
Personally, I just want spam to go away. I don't want to spend a ton of time programming things. I have learned the best way to deal with it is to put the burden on the SMTPs to ask for permission to communicate with us if they're nestled among a lot of rogue IP space. It has shown to work well.
I can provide stats proving my assertion. I log and generate reports on all mail traffic.
Here are stats from yesterday:
start,OK mail,invalid user,check_rcpt,rbl1 spamcop,rbl2 spamhaus,rbl3 sorbs, internal rbl
Dec 19 00:00:00, 3861, 2898, 24592, 4217, 752, 1453, 17705
These are approximate summary stats. If you look at yesterday, approximately 86% of the connections were immediately RBL'd. Right away that's 86% spam catching, but if you factor into account that many of the spammers sort messages by host and send multiples per connection, it easily jumps much higher.
98% of the invalid users are spam and virus mail.
Extrapolating the amount of spam that gets past the RBLs in boxes I monitor, it's at most 1% of the spam that I'd otherwise receive, so I was being conservative when I said my RBLs catch 95+% of the spam hitting my server. It's probably higher than that.
Personally I think there's a fatal flaw in the analysis of content-based anti-spam systems. They CAN NOT handle an equitable volume of mail as a comparably-equipped RBL-only system due to the exponential increase in system resources they need to operate. These systems can't handle mail as fast and probably throttle or miss transactions during peak hours so their stats are flawed.
I like bl.spamcop.net, sbl.spamhaus.org, dnsbl.sorbs.net.
However, I have a much higher hit ratio with my own, homebrew IP blacklist, which includes darkening out most of China, Korea and other major spam havens. If anyone wants to communicate with our network from the black IP space, they need to be whitelisted, and any bounced e-mail has instructions within on how to do that.
A well-designed RBL blocks 95+% of spam and consumes less resources than all the other solutions. Plus it has the added benefit of stopping virus and worm propagation, phish e-mails and lots of other scenarios where unauthorized SMTP relays operate.
I see no reason to use client or server-side products that analyze the mail content, when this slows down mail service and reliability. RBLs, blocking mail based on the legitimacy of the source address has proven to be the most effective method of curtailing spam, and unlike all the other solutions, this one aversely affects spammers by not allowing them to consume your resources.
If you're in the business of making money off selling spam products, I can see your support of these various half-way solutions, but otherwise, the best way IMO is to employ RBLs at the server level and slowly work towards SMTP whitelisting. I contend this is an inevitability if the authorities don't start prosecuting spammers for their illegal computer tampering.
Quoted from elsewhere but worthy of paraphrasing as a "pre-emptive strike" against the inevitable French-bashing that morons will engage in related to this article:
It is so unbecoming of a country which proclaims itself as the unchallenged leader of contemporary "civilized nations" and so unthankful of a nation that punctiliously celebrates Thanksgiving every year to forget the critical role that France played in the making of the United States of America.
For those Americans who are unaware of their history but have seen the painting of Lord Cornwallis surrendering to Gen. George Washington somewhere, sometime or viewed Mel Gibson's box office hit Patriot, both the painted masterpiece and the climax of the film resurrect the defeat and surrender of the British at the fateful Battle of Yorktown which led to the making of the United States of America.
As it happens, in the months preceding this battle the British under Lord Cornwallis and Gen. Howe with their "death squads" had almost vanquished Gen. Washington and his motley crowd of "patriots" and subdued the two Carolinas and Virginia. Having done that, Lord Cornwallis, camped in the peninsula of Yorktown, and Gen. Howe in New York prepared for the final showdown with Gen. Washington, who was waiting on the banks of Hudson River. Gen. Rochambeau, who was with Gen. Washington, offered to march down to Virginia with his 10,000 French regulars to fight Lord Cornwallis, which they did on foot; a long and hazardous trip, to say the least. Rochambeau also sent an urgent request to the 33-vessel-strong French Fleet in the West Indies under the command of Admiral de Grasse to join the forthcoming battle in Virginia, which he did. Soon the French were blockading the entrance to Chesapeake Bay, preventing the British Fleet sent by Gen. Howe from joining this battle.
Once he saw that defeat was inevitable, Lord Cornwallis sent one of his generals to the French General, Rochambeau, proposing surrender. Not to Gen. Washington, but to the French, because it was the French who had defeated the British. As expected, Rochambeau declined the offer and asked the British to surrender to Gen. Washington. After much negotiation Lord Cornwallis agreed and sent his sword to Washington and surrendered to the Americans.
The Americans had finally won their Independence, but with military assistance from France, without which there would not have been a United States of America. The French did not exact any price from America for this assistance, they did it all on the principles of liberty, equality and fraternity. Two centuries later America would repay this historical debt by liberating France from Nazi Germany. In between, there was the French gift to the United States of America of the majestic Statue of Liberty.
Fifty-seven years later Americans are demanding their pound of flesh from the French with the incumbent George Bush's "You are either with us or against us." Other princes of darkness - and there are many in America -- are crediting the President of France with dozens of qualities and the French with more character traits, all negative.
Outside the United States there is a universal cry of vive la France! Stand up for the universal principles of liberty, equality and fraternity. These shall prevail, sooner than later.
What's the matter with you? Haven't you ever heard of humor? Then again, your pseudonym gives away the grades you received in school.
Symantec isn't actually buying the company, they're giving them a bunch of copies of Norton Antivirus and will slowly drive them into bankruptcy via the subscription fees. At which point they'll take over the company based on the money owed.
I loved that series. I remember playing WC2/WC3 and hooking my PC up to a 700 watt PA amplifier with JBL concert speakers, shutting all the lights off and hearing the whole house rumble when I was fired upon in a dogfight. That was a cool game.
I've been looking for something comparable to Wing Commander, but it seems the only space-combat title that continues to evolve has to do with the Star Wars universe, which I find a bit on the boring side and too diluted from being endlessly milked.
In a related story, that guy that's all over television and radio commercials hawking the Cortislim crap, "Dr. Greg Cynaumon" has equally dubious educational credentials. Seems his claim to being a "doctor" and much of his claims are being challenged.
What amazes me is this guy is on television every day, and the media has never thought to investigate him? I guess they don't want to bite the hand that feeds them. But you have to wonder about a commercial promoting a weight loss product that urges you to not weigh yourself.
I equate ideas like this to a late-arriving cyber real estate agent, seeking to find some creative, yet not terribly useful or practical way to divide up property that people already own.
.name TLD and hasn't worked. And Microsoft has far more resources poured into their pseudo-secure give-me-all-your-personal-info "solution."
The premise is that you pay for a pseudo-permanent identity in cyberspace. Ok, however, the TOS, like most other TOS disclaim any responsibility to consistently deliver the services you're supposedly paying for:
# Although our intention is that this service is always available, 2idi and its licensees and affiliates reserve the right to interrupt or terminate service for some unforeseen circumstance.
# Please note that amendments to this agreement, and to 2idi policies that are incorporated by reference in i-broker agreements, may be made at any time at the sole discretion of 2idi in order to best serve all members of the 2idi community.
The second part is particularly exemplative of the total and utter uselessness of schemes like this. Sure, they want to encourage you to use them as a central repository of personal information, and they allude to respecting your privacy, but they reserve the right, at any time, without your approval, to change the terms of their service, which may arbitrarily involve giving out personal info or whatever they want with whatever they have of yours.
Whenever I evaluate the value of an idea such as this, I consider to what degree the value of the project is based on a useful service, verses the degree to which the success of the project is dependent upon a) obtaining market share and b) marketing. This project fails the test. It doesn't offer anything innovative, and therefore will be marketing driven, and if it doesn't have market share, it will ultimately fail and be useless.
This is one of those markets where it's just too dangerous to fiddle with. For all the resources they invest into this effort, Google, eBay, MSN or Yahoo can pull a similar scheme out of their hat and put them out of business instantly. Spamcop already has a highly effective e-mail/spam forwarding service. The central identity thing has been tried with the
OTOH, what I do like about the basic centralized repository scheme, is that it would be better served as a way to manage and authorize legitimate SMTP servers.
The Treo 600 is notorious for having bad sound quality. It's not as bad as the 650. I had a client call me tonite from one of the 650s and the author is right.. they sounded horrible. I don't get as many complaints with my 600 but it's still substandard as far as other cell phone quality.