It's Just this Little Chromium Switch Here

Link: Toward a Spam-Free Future

Microsoft has launched if not an all-out war, then at least a significant publicity blitz against spam. Last week, Microsoft announced a number of lawsuits against spammers. Today, the Wall Street Journal published a letter from Bill Gates attacking spam.

The focus of these actions has been spam received by Microsoft customers. What about taking care of the spam that originates on Microsoft networks? Earlier this month I described a serious Hotmail problem that is being exploited by spammers to send unwanted email.

The noted article by Bill Gates has what may be some good news on this front.

[...] spammers set up many different email accounts to avoid detection, and, once detected, they move to other services. To put an end to this shell game, we are taking steps to prevent spammers from creating fraudulent email accounts in bulk.

The Hotmail vulnerability involves scripted sending of spam using the DAV protocol. That's only half the problem, because Hotmail limits accounts to 100 messages a day. A spammer can't do much damage with one account.

So, spammers need a significant number of Hotmail accounts to do their dirty deeds. Hotmail, unfortunately, lets them do that. Spammers have scripted the signup process as well, allowing them to gather hundreds (thousands?) of bogus accounts to originate spam. If Microsoft secures the Hotmail signup process so that it no longer can be automated, this vulnerability will be reduced significantly.

There is one other part to the Hotmail spam problem: they allow forged headers, including headers that are supposed to provide an audit trail. Microsoft should address this problem too. They should stop allowing spammers to forge headers such as the From: header. They should get rid of the silly, non-standard audit headers such as X-Originating-IP: and use a trustworthy Received: header to indicate the mail source.

I am holding out hope that Gates' message means Microsoft is going to give this problem the consideration it deserves.

Link: UT Singles Out Site that Seeks Single Longhorns.

White Buffalo spammed 57,000 email users at the University of Texas. UT responded by blocking them. White Buffalo sued, but lost.

I gave my three cheers for the good guys winning, but there are some aspects of this story that trouble me.

First, blocking a source that's generating spam can be justified to protect your users or facilities. According to the story, UT went beyond that and blocked email in the other direction: from their users outbound to the spammers. A block such as that cannot be supported on either grounds: protecting users or protecting resources. It sounds like the intent was punitive. Now, I enjoy spanking spammers as much as the next guy (maybe more so), but not at the expense of disrupting users' email.

Another thing that bothers me is the implication that UT allows some organizations to spam. The article cites Dell and MasterCard. What isn't clear, however, is whether the email from those companies is solicited. Or, maybe the email was just sent to people with whom they have an existing business relationship. In either case, that's not spam, and White Buffalo would be barking up the wrong tree.

Finally, I find it disturbing that White Buffalo believes that UT email addresses are public information and subject to spam. That information ought to be able to be kept private, and it should not be repurposed into marketing fodder.

These are some of the big red flags that went up when I read the article. I wish the reporter had spoken with somebody familiar with spam issues so that they may have been clarified. (via spamNEWS)

A blog without comments is wrong. I feel a twinge of discomfort when I come across such a blog. I think I'm beginning to understand why.

Blogging is an act of egocentricity: come read me because I have something interesting to say. Come back again because I'm regularly interesting.

Adding comments to a blog softens that. It's a willingness to listen, an invitation to conversation. Blogs without comments, on the other hand, twist the dagger: I'm interesting, I've said all there is to be said, and you couldn't possibly say anything worth hearing.

For instance, I'm probably going to drop the Reverse Cowgirl from my reading list. She's been a fun, guilty pleasure for some time. In recent months, she has leveraged her blog presence into one of minor celebrity. While visiting today, I noticed the comments had disappeared. I felt an axis-tilting change in the relationship. I didn't feel like a welcome guest anymore.

As another example, Halley publishes a blog I've never enjoyed. Best I can tell, Halley's claim to fame is she blogs a lot. A lot of people read that blog because ... ummm ... I don't know. I've just found it irritating. To test my theory I went and visited her blog, and sure enough: no comments.

David has a thing for skewering A-List bloggers. I understand and share some of his irritation, but not all of it. There are some A-List bloggers I enjoy reading, such as David Weinberger and Larry Lessig. These guys have comments on their blog. Maybe there is some correlation. The fact that they are willing to listen makes me feel welcome. Totally not irritating.

So far, I've only found one comment-less blog that I want to keep on my reading list. That is Ed Felten's blog. Although he doesn't accept comments, he does take trackbacks. That mitigates things a bit; it at least gives somebody a chance to respond. Still, I get a small whiff of that, "I don't care what you have to say" thing whenever I visit.

What I'm realizing is that--good, bad, or otherwise--I'm insulted by blogs without comments. It's the same feeling as going to a party, having somebody yack at you for five minutes, and then they turn tail and run before you can say anything. I think it's rude, and I don't enjoy hanging around those sorts of people.

Happy broadband to me!

It was over a year ago that I lost my broadband Internet connection. The cost of a business-class service became beyond my budget. Plus, my old ISP initiated a novel business strategy: let's act like a bunch of morons and chase off our customers. The parent company eventually crashed into bankruptcy, which I assume was the desired result of their "act like morons" business strategy.

Since then, I've been running across a 56K dialup modem attached to my router. It was serviceable, because I moved the servers out of the apartment and into a downtown data center. But, still, it sucks.

This morning, my cable Internet service was turned up. First thing I did was download a badly needed bunch of operating system upgrades. Next thing I did was point my browser to Shoutcast to tune into some of those delicious music streams I so badly missed. I was aghast to find I'd stepped into the middle of an empty ghost town.

It seems in the interim, the big Internet content providers succeeded in killing off the burgeoning Internet radio movement. Very few of the stations have survived. My favorite station had to abandon the open MP3 streaming format for a lower fidelity, proprietary system. I don't have a problem paying a subscription fee, but no way am I going to pay for a non-portable, proprietary format stream.

Why is it that whenever the big content providers get involved, it all goes to shit?