Some brief notes on spam

November 1st, 2011
  • It was probably a mistake to use a catchall account and make up addresses on the fly. Now I get spam on every address that is published! I may do something like the fellow at unstable.nl does and have a dedicated spam address that allows me to deduplicate those, but I haven't yet figured out how to do that in Claws Mail.
  • I think spammers may be avoiding honeypots by preferring email addresses that are very likely to be real -- such as those on Bugzilla sites.
  • I recently switched my hosting service for my brainonfire.net email address from Lavabit (horrible customer service) to Cotse (they seem like good folks), but I still receive spam at Lavabit! I think spammers are caching MX records. This could be used against them.

Proposal: Automatic verification of email address ownership

January 14th, 2008

Many sites require email verification to prevent impersonation by spammers (and to ensure that a user can retrieve their password, should they forget it.) Since this practice is a bit of a hassle for the user and does not require any thought on the user's part (sign into email, see registration email, click link), it should be automated. I've written a proposal of how to implement this.

Read full entry »

When torrents bite back

September 19th, 2007

Four days ago, a group calling itself the "MediaDefender-Defenders" released a torrent pointing to 700 megabytes of corporate emails from MediaDefender, a company providing "BitTorrent protection services" to record labels and movie studios. The emails expose company strategy, confidential contracts, passwords and login information, lists of servers and IP addresses, and reactions to mentions of the company in the news [read them here]. This post is a summary of recent events, along with a heaping of speculation as to what happened behind the scenes.

Read full entry »

Underspecified CSS: Bad practice

April 20th, 2007

Underspecified CSS is the name I am giving this sort of code:

h2 span
{
	color: black;
}

I'll show you why this code is the bane of large sites.

Read full entry »

Excess GMail invites? Script them away!

October 6th, 2006

Amazingly, people are still looking for free GMail invites. (You'd think there'd be enough floating around, but apparently not.) There are several sites that accept invites and spool them back out to anyone who asks, my favorite of which is ByteTest. Sending invite after invite to ginvites@xn0.org is not my idea of fun, but I still like the anonymizing effect of the spooler, and I wanted to help. So, I hacked together a clod of javascript to automate the process.

Read full entry »