Season of the playful penguins from Oyonale

nice old writeup from Tristan Miller (someone whom I first met on UseNet) explains why it is a poor idea to send Word files. I explored his site at deeper levels in the past as his opinions broadly intersected with mine. I also happened to find this funny ‘scientific paper’ with an hilarious followup.

Returning to the subject at hand, the true nuisance is mail that contains Word attachments. It is a plague that appears to be reaching its end. Funnier (or coversely — more annoying) experiences include the embedment of nothing but plain text (or even a single image) in a Word files which is attached to a blank-body message. Some people just never learn. Here are some effective E-mail signatures that I have come across in the L_yX mailing list.

I do not have a copy of Word, Excel, or PowerPoint.
I have no plans to buy one.
Please avoid sending me Word or PowerPoint attachments.
Word, Excel, and PowerPoint use proprietary data formats,
encouraging consumerism by forcing us to purchase new licenses
every time they “upgrade” their secret formats.
Send plain text, rich text format, html, or pdf instead.
See http://www.gnu.org/philosophy/no-word-attachments.html

Or a shorter version thereof (one which honours the 4-line signature limit)

Please avoid sending me Word or PowerPoint attachments.
Word, Excel, and PowerPoint are unreliable, unmaintainable, and unsafe.
Send plain text, rtf, pdf, or W3C html instead.
See http://www.gnu.org/philosophy/no-word-attachments.html

There is now the ODF argument as well. ODF has recently become an ISO-approved standard.

Upgrade to Thunderbird. It’s Open Source and it honours standards/netiquette.

ICROSOFT Outlook is a terrible mail application, despite some common beliefs (and expectations due to cost, or bloat). I cannot comment on its abilities as a calendaring software as I have only seen others using these peripherals features. However, at least one Outlook user whom I exchange E-mails with is breaking every rule in the book regularly (if not always). Outlook does not prevent him from doing this. As a matter of fact, it encourages this and a dissatisfied recipient is of course less likely to reply.

Here is a short description of the problems inherent in these messages that I receive from Outlook (and sometimes Outlook Express too):

• HTML-formatted
• Non-standard ‘HTML’ (Microsoft Office inclination, MSIE-centric)
• Roughly 38 kilobyte even for a one-liner (an enormous non-standards compliant ‘style sheet’ is prepended)
• 10-line signature (Outlook does not warn or deter)
• No signature delimiter (breaking all RFC standards)
• Always top-posted, not trimmed and lacking context (Outlook is definitely not helping by creating new lines and putting the cursor at the top)
• In quotes, re-wrapping is broken and irregular symbols get inserted sporadically

There is no gentle way to approach the issue, but one such person learned to at least stick to plain-text (owing to a kind request). The top posting habits remain though. Outlook Express requires QuoteFix, which is addon software/hack, just to stop this default behaviour and make bottom posting practical. So there is no subtle way to suggesting others to improve their posting habits, unfortunately. To them, the Windows/Microsoft way is the right way. Acceptable standards lose their value when a desktop monopoly simply ignores them.

Some time ago I wrote some notes on how to begin loving E-mail again , which reminds me of an old favourite that is titled the UseNet improvement project.

I have just learned (through Bruce Schneier) that, in a large German dating site, the password “123456″ works 1.4% of the time and 2.5% of all passwords begin with “1234″. People are simply lazy or unwilling to memorise passwords. This all means that it would only take about 60 attempts to break into a user’s account.

In an era of Web services, remembering many password can be difficult. For this reason, I personally chose the ‘master password’ approach, as I call it, and I also manage everything as such on my PDA. Password choices are a very important matter, which is something you come to realise only when you get hacked/cracked. In the case of unencrypted comminication, they need to be changed very regularly, as well.

Thunderbird with an Aqua-based theme called CrossOver

OZILLA Thunderbird is an Open Source mail/news (most latterly RSS) client, which I have praised several times in the past. It is also my default mail application — the haven I found after experience with various other packages.

At present, I continue to use a mail notifier for Thunderbird which is rather stripped-down and is called the Mozilla New Mail Icon (project homepage). However, it lacks some of the power of other checkers — particularly those that deliver detailed information without interfering with the user’s current work (e.g. steal window focus). The good news is that the Thunderbird team is making progress and is bridging the gap between the latest of Outlook and the Mozilla family of applications. A good example of this is their calendar extension. They may even go farther ahead by incorporating tabs, which for mail clients is unprecedented.

In Thunderbird 2.0 there will finally be a built-in function which triggers an overview-type popup whenever new mail arrives (see screenshot). This way, users will not necessarily have to divert attention to the bulky application. When mail arrives in large volumes, such features can be very valuable.

Separating ham and spam

NE powerful technique to avoiding spam are E-mail addresses (accounts) which are not public. They can reside rather happily alongside more public address(es), but the level of ‘noise’ in each then varies. Reading habits benefit from the separation.

An odd suspicion should rise when a private (undisclosed) mail account is beginning to receive spam. Then, one can only spect that EITHER:

• A trusted person gave the E-mail address to a spammer or posted it publicly for ratbots to harvest

OR

• Somebody’s computer has been hijacked and address book data pulled from it, leading to misuse

This unfortunate scenario has recently hit me. At the end, it turned out that SpamAssassin was disabled, so I reported the fault to my host. My private account remains clean and has been clean for over a year. I warmheartedly recommend this tactic, which will be explained at greater depth if you follow the link above.

long time ago I argued that more people ought to digitally sign their E-mail messages. Unfortunately, very few people bother to do so. There are many benefits to encryption-based verification of one’s identity. Ultimately, it can lead to more trust, which can in turn prevent spam and make communication less susceptible to ‘noise’.

There recently emerged a word-of-mouth that signed messages are less likely to be intercepted by spam filters. As to whether this is true or not, I would have to say I doubt it. I am sorry to antagonise some people’s hopes, but several messages that I PGP-signed got flagged as spam (not by SpamAssassin). At least I was informed in all (probably two) occasions, but it was nonetheless worrisome. Quite recently I mentioned a trend whereby banning of autoresponders becomes prevalent. It is very important that moderators up above can discern spammers from those who attempt to fight spam in genuine and effective ways.

AST night, Brad Templeton pointed out that mail servers which run autoresponders or challenge/response filters could get blacklisted by spamcop.net. This is a database-driven Web site, which various spam filters rely on as a knowledgebase-type service. It also banned our LUG‘s mailing list earlier today.

I have been aware of the problems with such anti-spam tactics for quite some time, but never thought it could lead to this. As some commenters pointed out, other services may indirectly abolish anti-spam practices such as challenge/response, as well lead to banishment from people’s inboxes. Put in Brad’s words:

I learned a couple of days ago my mail server got blacklisted by spamcop.net. They don’t reveal the reason for it, but it’s likely that I was blacklisted for running an autoresponder, in this case my own custom challenge/response spam filter which is the oldest operating one I know of.

My personal solution, as posted in reply to the article, is to use a spam filter ‘on top’ of the challenge/response component. The intent: lowering the amount of challenges. One can reduce the likelihood of banishment in this way, as well as become less of a nuisance to the Net. In other words, it is possible to rule out cases when messsages are rather obviously spam. It leads to lower volume of messages being dispatched, which in turn can avoid blacklisting.

I use SpamAssasin, which is active at a layer higher than challenge/response (in this case Apache with BoxTrapper). Whatever gets scored as spam will be put aside in a mail folder which is reserved for spam. Only messages not marked as spam (and not in the whitelist either) will have a challenge delivered. This cuts down the number challenges by about 70% in my case. It never entails any false positive because I set the thresholds rather high.