True, but you can immediately start rejecting email with invalid SPF results.
One of my domains gets joe-jobbed all the time. I've started publishing SPF records for all of my domains, and from the moment I started doing so you can verify whether a particular email did or did not originate from my system. You win, in that you get to reject a bunch of email with zero false positives. I win, in that you know that the email didn't come from me, so you won't be bouncing the messages back to my domain or calling me to complain about "my" spam. The spammer loses, in that it cost resources to attempt to deliver those dead-on-arrival messages (not much, granted, but multiplied by the 14,000+ domains currently serving SPF records...).
SPF may stop spammers, but it sure goes a long way toward protecting the reputations of some of their victims.
So do I. So do my friends, co-workers, and pretty much everyone else I know that own mutual funds. If you invest in your company's retirement plan, then you probably have financial interests in the "energy sector".
You don't have to be a billionaire to have financial ties to large companies.
I wrenched something in my back while helping a friend move a washer and dryer. I went to several MDs over the course of a few months and got various painkillers and muscle relaxers. These helped for a couple of hours, but I'd wake up every morning at about 3AM in agony - it literally felt like someone was sliding a hot knife into the small of my back. I couldn't sleep, work, or do anything else the way I normally would.
My dad pestered me to try his chiropractor, but I'd been holding out. After about three months of continual misery, I'd reached the "I'll try anything" stage. One visit with a deep adjustment later, plus about a day of avoiding sudding movements, and I was cured. Completely. Pain free without any medicine. I got the first real sleep in months and felt better from that moment on.
I do not believe in "chiropractic medicine" and the abilities that some chiropractors claim to have to cure infectious disease. However, when I hurt my back or neck, I go straight to the source and have never been let down.
What version of KDE do you have? I switched from Firefox to Konqueror for regular browsing a couple of weeks ago, and I really don't notice much of a difference between the way the two render pages. Slashdot is still ugly, and everything else looks much the same.
One nice thing about KHTML is that Apple is spending a lot of time and money to make it render well, which is also good for KDE users.
You do know that the University of Okoboji isn't a real med school, don't you? And that proctologists don't typically have a webcam and a T-1 in their basement "office", right?
It's easy to install Graffiti 1 on any OS 5 Palm PDA.
...and it seems to be impossible to install Graffiti 1 on a Palm OS 4 unit, like my m130.
Well, the biggest reason is that I don't have a lot of time to mess with it. When the day comes that I can't using G1 anymore except by buying old units, I'll have to switch. I want that to happen on my own schedule, and not when my current PDA just died catastrophically and I need to have all of that information in portable form for a business trip the next day.
I guess that I see it as dying technology, at least for me. I don't want to invest too much more in a system that I don't have much confidence in.
As a stronger example, consider that Palm applications typically allow a lot of penstroke shortcuts to menu commands. You start the shortcut by writing a "/", then the associated letter. For example, the "delete" command often has a shortcut of "/d".
Now, consider what the poster said about how the letter "t" is generated (except that the first stroke is really a "l" and not an "i"; you write an "i" by drawing an "l" and then dotting it). If your application uses "/t" as a shortcut, that shortcut cannot be written, since the menu-shortcut function accepts the first penstroke of the "t" as an "l" and processes it before you can cross the "t". No matter how fast you try to write "/t", it always gets interpreted as "/l <space>". Sucks to be you if "t" is the shortcut for "take a backup", and "l" is the shortcut for "lose this immediately".
Did I mention yet in this post that I hate Grafitti 2? I didn't? Oh, then: I hate Grafitti 2.
If they're smart, they'd piss off that small group of people who like Grafitti 2 and go back to G1. I always hear the same thing: G2 is easier to learn for people who've never used a PDA, but G1 only takes a little longer and is much faster and more accurate for the rest of the life of your device.
I will not buy another G2 Palm. Right now, there are viable options (such as TealScript) to give owners of newer units G1 capability, but as with any closed source application and OS combination, it will only continue to work for as long as it's updated to work with new systems. As soon a TealPoint gets tired of supporting it, the product dies, and I lose the possibility of updating to newer hardware and actually being able to use it.
I've tried and tried to get used to G2, but I just can't. If Palm re-adopts G1, I will continue to buy their devices. If they don't, I'll go back to using a DayRunner (which accepts any handwriting style and has a place to put my checkbook).
Spammers are immorally greedy, pretty much by definition. If they weren't they wouldn't be spammers. That's why I'm pretty sure that they'd have no problem with suing the advertiser.
Now, someone would notice that lawsuit and report on it - spam + lawsuit == public interest. When they did, it might make a spammer's would-be partners think twice about going into business with them, in much the same way that SCO's lawsuits against their own clients certainly isn't making their sales telephone ring off the hook.
We may not be able to directly stop spammers, but there are a lot of things we can do to further isolate them from the rest of the world.
You'll find that a lot of the spammers present a load of banners on the unsubscribe page.
You know, sending about 10,000 virtual eyeballs to each one of those ads might not be a bad idea. When the first advertiser gets hit with an $87,000 bill for a month's worth of impressions, a public and ugly court battle between a spammer and his clients might dissuade other ideas from doing business with either party.
I'd be willing to help a spammer "earn" some outrageous, uncollectable fee if I thought that the resulting publicity would help the anti-spam movement.
By the way, the first line of my reply was lacking the /> tag that seemed obvious at the time. I didn't really think that you used an address at honeypot.net.
Thanks. That would explain all of forged sandman@honeypot.net spams that I have to deal with.
Yes, I own honeypot.net. About once a week, some jackass decides that "foo@honeypot.net" would be a splendid From: address, so I suddenly get thousands of bounce messages, whiny upset recipients, and other administrative hassles. My Sendmail reject list is growing longer by the month.
Erm, the picture does sort of look like hooded Klansmen, and that would've been my first impression. The manager was still a jerk who badly mishandled the situation, but I have to admit that I can understand his interpretation. Your (albeit correct) explanation that it depicted medieval executioners probably wasn't much more acceptable.
Wow. You've finally found a use for "tar --swap-every-third-byte --emulate-vax-post-1993 --include-hurd-source-but-backward". I've always wondered what all of those weird extra GNU options were for.
I've managed to install the milter package, but I'm not sure where to go next. Did you hack the "sample.py" program to add SPF verification? Did you download a working module from somewhere else?
The docs seem to be a bit spartan, along the lines of "here's a milter library and here's a simple example program. There you go!"
Your classes directly assign a letter grade to each assignment? It seems that "n/6 percent" is meaningless in the context of one single portion of the overall grade.
In other words, in my math classes, I didn't panic if I got 3 of 5 points on a random pop quiz. My final grade wasn't computed from "median letter grade received", but from "total points earned out of total points possible". If you're used to getting letter grades on all assignments, I would hate to have been at your school.
an American brought up on a Buddhist monastery who pitches 130 mph fast balls
Which reminds me of something: Johnson's last pitch of the game was a 98mph fastball. He threw an entire game, and could still hurl a ball at a speed that many pitchers would sacrifice their weak arm for.
Side note: I bet he thanks the guy who nicknamed him "Big Unit". How'd you like to use that one in a bar? "Hi! My friends call me 'Big Unit'", and all of your friends would back you up ("Yeah, that's really what everyone calls him.").
Different people have different situations. I am explicitly arguing against the one-size-fits-all approach.
Agreed. I think that SPF is one-size-fits-many, though, at least based on the perceived reaction of the admins I hear who are rooting for it to become standard.
To be honest, I rarely read postmaster email. I mainly take notice of it when it suddenly grows tremendously in size, at which time I know that some spammer decided to use foo@honeypot.net (I registered it before "honeypot" related to security) as a return email address, and that I need to add an explicit reject rule to Sendmail before my home DSL line catches on fire.
Still, I find it strange that you still get 28 false positives per day...
That was 28 false negatives, or spams that make it through into my inbox. I get about 4 false positives per day. I use a multi-tiered approach where mails that SpamAssassin scores between 5 and 8 go into a "possibly spam" folder, and those scored >8 go into a "almost certainly spam". I only check the former folder for false positives, since I've literally never seen a legitimate email get scored higher than 8. I open the "possible" folder each morning, mark every message, unmark the couple of false positives, then move all of the marked messages into the Bayesian training folder.
I actually don't advocate whitelist solutions, and I don't really consider SPF to be one. I see it more like caller ID on my telephone. I almost always answer calls where the caller's information registers. I almost never answer blocked-ID calls. I may or may not answer "unavailable" calls, depending on whether I'm expecting to hear from someone who lives out-of-town.
OK, let me give you some hard numbers. This data comes from the number of messages that my IMAP server sorts into the different spam folders. They all expire at different rates, so it's not easy to say many messages have entered each folder since a specific date, but this is a pretty close approximation.
Today is May 19. My spam folders currently hold:
604 viruses since May 13 - or 100 per day.
437 bounce messages from stupid remote mailservers telling me that a message generated by a virus but that forged my From: address could not be delivered, since May 13 - or 26 per day.
463 messages that SpamAssassin ranked so likely to be spam that I don't bother sifting through them for false positives since May 15, or 116 per day.
16 false positives since May 15, or 4 per day.
112 false negatives since May 15, or 28 per day.
I have received 137 legitimate emails to my main inbox since April 15.
Cricket gives a rough estimate of the rate of blocking from DNS blackhole lists as.43 per minute, or 619 per day.
These are messages that were either directed to me personally, or to postmaster at my domains. I do not track my clients' messages, so I can't give you their numbers. Basically, I received an average of 270 spams and viruses to my personal account per day, on top of the average of 619 per day that never enter my system.
Do you see why I'm increasingly willing to resort to drastic measures? My inbox is still useful for mailing lists, but I receive about 4 legitimate messages directly to me per day. That alone gives me a 4-to-28 ratio of ham-to-spam that makes it through all of the filters, and doesn't account for the false positives.
This just isn't tolerable anymore. I'll do what I can to alleviate the situation, even if it inconveniences some of the people who want to contact me. I just don't have a choice.
So close down your mail server. In the mean time, the rest of us will try to find better alternatives than destroying email service.
When you do, get back to us. The person who invents a perfect spam filter, ie one with no false positives or negatives, will become extremely wealthy. In the mean time, we're doing what we can to try to keep email as a viable message delivery system, despite the best efforts of spammers to kill it.
SPF is a solution that seems to offer a reasonable chance of success with the minimum collateral damage possible. It's obviously not perfect, but we don't have that yet, and I honestly don't think we have the time to wait for it. I'm sorry if that offends you, but that's the decision that many service providers are facing.
To be clear, you seem to be under the impression that I work for a large, public ISP. I don't. I have a list of customers who hire me to do these things on their behalf. In other words, they have explicitly contracted with me to discard parts of their incoming email that they don't want to receive, and that's where your analogy breaks down.
One of my domains gets joe-jobbed all the time. I've started publishing SPF records for all of my domains, and from the moment I started doing so you can verify whether a particular email did or did not originate from my system. You win, in that you get to reject a bunch of email with zero false positives. I win, in that you know that the email didn't come from me, so you won't be bouncing the messages back to my domain or calling me to complain about "my" spam. The spammer loses, in that it cost resources to attempt to deliver those dead-on-arrival messages (not much, granted, but multiplied by the 14,000+ domains currently serving SPF records...).
SPF may stop spammers, but it sure goes a long way toward protecting the reputations of some of their victims.
You don't have to be a billionaire to have financial ties to large companies.
I wrenched something in my back while helping a friend move a washer and dryer. I went to several MDs over the course of a few months and got various painkillers and muscle relaxers. These helped for a couple of hours, but I'd wake up every morning at about 3AM in agony - it literally felt like someone was sliding a hot knife into the small of my back. I couldn't sleep, work, or do anything else the way I normally would.
My dad pestered me to try his chiropractor, but I'd been holding out. After about three months of continual misery, I'd reached the "I'll try anything" stage. One visit with a deep adjustment later, plus about a day of avoiding sudding movements, and I was cured. Completely. Pain free without any medicine. I got the first real sleep in months and felt better from that moment on.
I do not believe in "chiropractic medicine" and the abilities that some chiropractors claim to have to cure infectious disease. However, when I hurt my back or neck, I go straight to the source and have never been let down.
One nice thing about KHTML is that Apple is spending a lot of time and money to make it render well, which is also good for KDE users.
You do know that the University of Okoboji isn't a real med school, don't you? And that proctologists don't typically have a webcam and a T-1 in their basement "office", right?
Besides, we gave control of the courts system to the Elders Of Zion a while back; take it up with them.
...and it seems to be impossible to install Graffiti 1 on a Palm OS 4 unit, like my m130.
Well, the biggest reason is that I don't have a lot of time to mess with it. When the day comes that I can't using G1 anymore except by buying old units, I'll have to switch. I want that to happen on my own schedule, and not when my current PDA just died catastrophically and I need to have all of that information in portable form for a business trip the next day.
I guess that I see it as dying technology, at least for me. I don't want to invest too much more in a system that I don't have much confidence in.
Now, consider what the poster said about how the letter "t" is generated (except that the first stroke is really a "l" and not an "i"; you write an "i" by drawing an "l" and then dotting it). If your application uses "/t" as a shortcut, that shortcut cannot be written, since the menu-shortcut function accepts the first penstroke of the "t" as an "l" and processes it before you can cross the "t". No matter how fast you try to write "/t", it always gets interpreted as "/l <space>". Sucks to be you if "t" is the shortcut for "take a backup", and "l" is the shortcut for "lose this immediately".
Did I mention yet in this post that I hate Grafitti 2? I didn't? Oh, then: I hate Grafitti 2.
I will not buy another G2 Palm. Right now, there are viable options (such as TealScript) to give owners of newer units G1 capability, but as with any closed source application and OS combination, it will only continue to work for as long as it's updated to work with new systems. As soon a TealPoint gets tired of supporting it, the product dies, and I lose the possibility of updating to newer hardware and actually being able to use it.
I've tried and tried to get used to G2, but I just can't. If Palm re-adopts G1, I will continue to buy their devices. If they don't, I'll go back to using a DayRunner (which accepts any handwriting style and has a place to put my checkbook).
Note that you mean, literally, 4.1. I was unlucky enough to get an m130 with 4.1.2, which is 4.1 "upgraded" to Grafitti 2.
Now, someone would notice that lawsuit and report on it - spam + lawsuit == public interest. When they did, it might make a spammer's would-be partners think twice about going into business with them, in much the same way that SCO's lawsuits against their own clients certainly isn't making their sales telephone ring off the hook.
We may not be able to directly stop spammers, but there are a lot of things we can do to further isolate them from the rest of the world.
You know, sending about 10,000 virtual eyeballs to each one of those ads might not be a bad idea. When the first advertiser gets hit with an $87,000 bill for a month's worth of impressions, a public and ugly court battle between a spammer and his clients might dissuade other ideas from doing business with either party.
I'd be willing to help a spammer "earn" some outrageous, uncollectable fee if I thought that the resulting publicity would help the anti-spam movement.
By the way, the first line of my reply was lacking the/> tag that seemed obvious at the time. I didn't really think that you used an address at honeypot.net.
Thanks. That would explain all of forged sandman@honeypot.net spams that I have to deal with.
Yes, I own honeypot.net. About once a week, some jackass decides that "foo@honeypot.net" would be a splendid From: address, so I suddenly get thousands of bounce messages, whiny upset recipients, and other administrative hassles. My Sendmail reject list is growing longer by the month.
Erm, the picture does sort of look like hooded Klansmen, and that would've been my first impression. The manager was still a jerk who badly mishandled the situation, but I have to admit that I can understand his interpretation. Your (albeit correct) explanation that it depicted medieval executioners probably wasn't much more acceptable.
You keep using that word. I do not think it means what you think it means.
I wouldn't mind kicking them off the rest of the Internet, too.
Wow. You've finally found a use for "tar --swap-every-third-byte --emulate-vax-post-1993 --include-hurd-source-but-backward". I've always wondered what all of those weird extra GNU options were for.
The docs seem to be a bit spartan, along the lines of "here's a milter library and here's a simple example program. There you go!"
In other words, in my math classes, I didn't panic if I got 3 of 5 points on a random pop quiz. My final grade wasn't computed from "median letter grade received", but from "total points earned out of total points possible". If you're used to getting letter grades on all assignments, I would hate to have been at your school.
Which reminds me of something: Johnson's last pitch of the game was a 98mph fastball. He threw an entire game, and could still hurl a ball at a speed that many pitchers would sacrifice their weak arm for.
Side note: I bet he thanks the guy who nicknamed him "Big Unit". How'd you like to use that one in a bar? "Hi! My friends call me 'Big Unit'", and all of your friends would back you up ("Yeah, that's really what everyone calls him.").
Keep me updated, would you? I'd love to give it a shot.
Agreed. I think that SPF is one-size-fits-many, though, at least based on the perceived reaction of the admins I hear who are rooting for it to become standard.
To be honest, I rarely read postmaster email. I mainly take notice of it when it suddenly grows tremendously in size, at which time I know that some spammer decided to use foo@honeypot.net (I registered it before "honeypot" related to security) as a return email address, and that I need to add an explicit reject rule to Sendmail before my home DSL line catches on fire.
Still, I find it strange that you still get 28 false positives per day...
That was 28 false negatives, or spams that make it through into my inbox. I get about 4 false positives per day. I use a multi-tiered approach where mails that SpamAssassin scores between 5 and 8 go into a "possibly spam" folder, and those scored >8 go into a "almost certainly spam". I only check the former folder for false positives, since I've literally never seen a legitimate email get scored higher than 8. I open the "possible" folder each morning, mark every message, unmark the couple of false positives, then move all of the marked messages into the Bayesian training folder.
I actually don't advocate whitelist solutions, and I don't really consider SPF to be one. I see it more like caller ID on my telephone. I almost always answer calls where the caller's information registers. I almost never answer blocked-ID calls. I may or may not answer "unavailable" calls, depending on whether I'm expecting to hear from someone who lives out-of-town.
Today is May 19. My spam folders currently hold:
I have received 137 legitimate emails to my main inbox since April 15.
Cricket gives a rough estimate of the rate of blocking from DNS blackhole lists as .43 per minute, or 619 per day.
These are messages that were either directed to me personally, or to postmaster at my domains. I do not track my clients' messages, so I can't give you their numbers. Basically, I received an average of 270 spams and viruses to my personal account per day, on top of the average of 619 per day that never enter my system.
Do you see why I'm increasingly willing to resort to drastic measures? My inbox is still useful for mailing lists, but I receive about 4 legitimate messages directly to me per day. That alone gives me a 4-to-28 ratio of ham-to-spam that makes it through all of the filters, and doesn't account for the false positives.
This just isn't tolerable anymore. I'll do what I can to alleviate the situation, even if it inconveniences some of the people who want to contact me. I just don't have a choice.
When you do, get back to us. The person who invents a perfect spam filter, ie one with no false positives or negatives, will become extremely wealthy. In the mean time, we're doing what we can to try to keep email as a viable message delivery system, despite the best efforts of spammers to kill it.
SPF is a solution that seems to offer a reasonable chance of success with the minimum collateral damage possible. It's obviously not perfect, but we don't have that yet, and I honestly don't think we have the time to wait for it. I'm sorry if that offends you, but that's the decision that many service providers are facing.
To be clear, you seem to be under the impression that I work for a large, public ISP. I don't. I have a list of customers who hire me to do these things on their behalf. In other words, they have explicitly contracted with me to discard parts of their incoming email that they don't want to receive, and that's where your analogy breaks down.