Archive for the ‘email’ Category

FidoListens.ca? Who are you?

Friday, July 3rd, 2009

I care about email security and transparency of email content a lot.  I deal with it all the time as a contractor who produces a email newsletters for local retailers.  I’m also the guy who teaches end users (including family) to be extremely skeptical about all the email they receive because 90% of it is fake, SPAM, and scams.

So, I get peeved when larger firms do email communications wrong.

Today I received an email invite from a company claiming to do work for Fido.  I think it’s cringe-worthy.

My first step in my research was a quick glance at the Fido homepage – no mention of a new survey program, though, I didn’t really expect to find one.

Looking strictly at the email itself then, here are some tidbits:

Subject line:  Invitation to Join the Fido Listens Panel

OK so far.

From: Fido Listens Team <fidolistens@itracks.com>

Who is iTracks.com? I’ve certainly never heard of them.  Definitely a yellow caution flag.

The email copy talks about a survey and some prizes for participating in Fido’s latest customer feedback thing.

A lot of scams offer prizes or financial incentives.   Can you get two yellow caution flags?  Or maybe just upgrade to a larger one.

The survey link goes to  https://surveys.itracks.com/survey/RogersFido_4?ID=xxxxxxx.

Well,  iTracks.com hosts the survey.  Their homepage looks legitimate at least.  Funny, I was expecting iTracks.com to be an online MP3 store.

And a support email address of support@fidolistens.ca.

Wait, now what is fidolistens.ca? More on Fido Listens later on.

And a contact mail address of Ipsos Reid, a well respected research firm based in Vancouver.

Ah! I’ve heard of them. Actually, I know people who have worked there. Of course, anyone can write an email with someone else’s legitimate mail address.

So, let’s review. Yes, I am a Fido cellphone user.  But who is iTracks.com?  Do I really believe that they got my email address from Fido? Who is FidoListens.ca?  And is IPSOS really involved?

fidolistens.ca?  At least this was somewhat comforting.  The vanity domain of fidolistens.ca forwards to https://iaf.ipsos.ca…, i.e. a page belonging to IPSOS and transparently hosted by them on their own domain.

In the end, I feel comfortable doing a survey that is hosted by IPSOS.  But that’s only because I know that IPSOS Reid is a legitimate firm.  A little over a year ago I ranted about another Fido survey attempt in my blog post, How to Properly Use 3rd Party Web Services, I didn’t feel comfortable with the firm conducting that survey.

If you are using a 3rd party firm for surveys or anything that is customer related, please make it easy to verify that it’s legitimate.  At Papaya Polls, we offer to host our pages under your own subdomain.  It works great and it is very confidence inspiring.  I would have zero hesitation in doing a survey which had a web address of http://fidolistens.fido.ca or http://surveys.fido.ca.

Anyway, enough ranting.  Time to enjoy the sun.

User Friendly Form Spam Block

Thursday, December 25th, 2008

SPAM, SPAM, SPAM. How do I hate thee.

Well, it finally happened again – abuse of one of our web pages by spammers.  This time, it is form spam – an automated web crawling tool (I assume) has discovered the “save/send/share” feature of print-bingo.com.  That form lets print-bingo.com users email their custom bingo designs to friends, family, or themselves. This form is now used by a spam bot network to send poor quality spam using our “invite” emails.  I’m currently getting about 10 bounce backs a day and growing – it has to be stopped before my VPS gets blacklisted for spamming.

I could setup a CAPTCHA, but I hate them – particularly the ticketmaster.com’s.  So, I will try to foil spammers with simple tricks to fool “dumb” automated spam software.

I’m trying a hidden to humans “fake” email field.  This post Quick tip to fight email form spam is the model.  The basic idea is to create a form field with “email” in the name and hide it with CSS (display:none) so that humans will not see or fill in the field.  Then deny attempts to use the form where the hidden field has been filled in.

We’ll see how well this works.

Merry Christmas!

Bulk-Adding “To” and “BCC” Recipients to a Thunderbird Email

Thursday, September 4th, 2008

I found a new use for our Web Tools by Perceptus website.  I was sending a bulk email to friends, family, clients, and co-workers about my team’s upcoming race in the Red Bull Soapbox Derby in Vancouver.

But the list of email addresses I selected in Outlook, my PIM, would not copy and paste into a new email in Thunderbird, my email client.*  Outlook separates recipients with semi-colons, Thunderbird… doesn’t.  It’s not immediately obvious to me what Thunderbird will accept as a separator in a single “to” line. It took several Google searches (or was it trial and error?) to figure out that Thunderbird will accept line breaks, i.e. “enter”.

Now all I needed to do was find quick way to convert the list which looks like this “<Leonard> me@perceptus.ca; <Me too> me2@perceptus.ca” from Outlook.  In this case, the extra name information that comes up in angled braces was just in the way.

Fortunately, The Email Grep Text Wizard! from our tools site, tools.perceptus.ca, handled the job well.  Just paste the list from Outlook and let our website return a clean simple list of email addresses.  One email per line.

* My PDA syncs to Outlook so it has to be the personal info manager, but I prefer the email features of Thunderbird.  Yes, it’s cumbersome, and no, I’m not entirely happy with the setup, but I haven’t found anything better, yet.

Reducing Memory Used by Milter-Greylist

Monday, July 21st, 2008

Our VPS was running low on free memory the last few weeks.  After a bit of research, we realized that our email greylisting software, Milter-Greylist was using the most memory of everything installed on our server.  More than our database engine, web server, email server, and everything else (not combined)!

For those who don’t know, Grey Listing delays emails in an attempt to foil spammers which don’t typically follow standards for retrying email messages. Milter-greylist is a package that works with sendmail, our SMTP server. Milter-greylist is great, however, it keeps it’s working history in memory, which was OK for the two years that we have run it.  However, the amount of spam attempts continues to rise… why don’t home users notice that their computers have become SPAM zombies anyway?

So, the milter-greylist was storing tens of thousands of records in memory.  It had to be reduced.  Rather than switch to a database driven greylisting package, we decided to start blocking some SPAM attempts earlier in the process.

We enabled the outright blocking of inbound email attempts by any IP address listed on Spamhaus.org’s SBL+XBL list.  SBL+XBL are lists of computers (built by crazy wizardry) that one can use to blacklist email attempts.  I’m uncomfortable using blacklists like this, but, what can you do?  The odds of good mail being lost are very small, and hopefully, anyone who happens to get bounced unintentionally can phone us.

So, following the simple instructions here:

http://www.joeldare.com/papers/spamhaus.pdf

We were able to reduce the traffic to Milter-Greylist and it’s memory usage by 2/3 to 3/4!  Uptime and performance of our VPS and therefore everything hosted on it should be slightly better.

Spammers suck.