Skip to content

I found a Tiger Security Bug!

-Redacted-

Alexa rank at 690,887

Wow, Alexa thinks PlanetMike.com is ranked #690,887. Does that mean that there are only 690,886 web sites that get more traffic than I do? Wow, that’s actually kind of impressive. Here’s a traffic button/ad thing for Alexa:

If you don’t see it, that’s because it is a javascript thing.

AOL users and list confirmations

Someone just signed up for a mailing list on my day job’s web site. Our system uses Mailman, which sends a confirmation email back to the email address given to get confirmation that the address should be added to the mailing list. An AOL user filed a spam complaint about the confirmation message. Now, that is an interesting conundrum. For years, we (the anti-spam community) has been railing that all mailing lists should be confirmed opt-in. An email address should only be added to a mailing list if the email address has been confirmed through some kind of tagged email. This is usually done with a hash of some sort that can only be read by the owner of the email address. This prevents an attack on a victim by signing them up for zillions of lists without their permission.

Of course, now what could happen is the attacker attempts to sign them up for zillions of lists. The victim still gets zillions of messages, but these now are the confirmation messages. The flood of mail will stop very shortly after the attacker’s computer stops generating the requests. The victim will have no choice but to either ignore the list requests, or to file a spam complaint on the requests.

What’s the answer? Do list managers (who are mostly all using confirmed opt-ins for new subscriptions) now need to start using a CAPTCHA to protect themselves from abuse?

In the specific example above, I will chalk up the abuse report I got from AOL as being from an idiot AOL user who did not understand that by submitting their email address they would be getting email from us.

PCMagazine is spamming?

I always register with a unique email address whenever I need to register somewhere. It makes it very easy to track spammers or other companies that choose to violate their privacy policy. Just today, I received an email from PC Magazine.

They lie: “You indicated that you want to receive special Ziff Davis offers when you provided your email address to PC Magazine. If you prefer not to receive this type of special offer from PC Magazine, please use the following link:”

This is the first message I have received using that email address since it was created on September 15, 2003 at 1:46:07pm. You think if I had opted in to getting email from PCMagazine, I would have gotten at least one message in the 879 days (almost 2.5 years!) since I gave them an email address. So, I have blocked both pcm-marketing.com and omessage.com from my mail server. And of course, you should never opt-out of stuff you didn’t sign up for.

An interesting idea for a SpamAssassin rule: If a domain name mentioned in the headers of an email mesage does not have content on a web page at the same domain, give it a couple points. So this message would have scored at least four points, as both omessage.com and pcm-marketing.com do not have a web site. I also wonder why omessage.com doesn’t have any information in their whois records?

PlanetMike web traffic updated

Yesterday during the Super Bowl I ran the web traffic logs for PlanetMike.com. And discovered that dozens of people at MySpace.com are leaching images from my web site for use on their profile pages. So I am now changing those images to be an ad for my web site. I wonder how long my images will continue to be leached? And I hope that people learn that using other people’s images isn’t cool. If I have to I’ll put in some mod_rewrite rules to take care of the traffic.

Looking at the chart, you can see a nice spike starting up in September. The August spike was a spider running amok in my blog pages. It looks like it got caught in a Blosxom loop.

OneWebDay

OneWebDay What are you going to do for the Web on September 22?

SlashDot (or /.)

Slashdot, news for nerds. Maybe the original blogging site, technical article summaries from around the world, with commentary from the technical elite (aka nerds).

Apple Front Row

The new iMacs with the embedded iSight camera also have a nifty piece of software called Front Row. It allows easy access to audio, video, movies, and photos. To make it work on other Macs, check out How To Install Apple’s Front Row.

Gmail accuracy drops to nearly 7%

My gmail test account is filling up. 2,655 messages are in my Inbox; with 35,536 in my Spambox. Gmail left 6.95% of incoming messages in the Inbox. All messages coming into my account are spam from a dead domain created years ago.

Hotmail, Yahoo, Gmail comparison update

I forwarded mail from my spam-collection domain to new accounts at Yahoo, Hotmail, and Gmail. Yahoo and Hotmail didn’t allow any spam at all to get into the Inbox. Of course, Hotmail had an easier time since they only accepted 926 messages, while Yahoo accepted 4,149. Gmail accepted 3,068, allowing 224 (7.30%) into the Inbox. So maybe Yahoo’s Mail is the webmail system to use. They aren’t flat out dropping as many messages as Gmail, or as Hotmail. It would be really ncie to know what criteria Hotmail and Gmail (and maybe even Yahoo) are using to decide which messages to drop. Is it a blacklist based on message headers? Or based on links in the body? Content analysis (ala spamAssassin)?

Once I noticed that the webmail companies were dropping some mail I stopped the forwarding. Ideally, I should download the mail to my Mac so I can see which messges were dropped. Anyone know a way to easily look for duplicate messages? If I add a X-trace-tag header when the message leaves my doamin, would that invalidate the header trail?