Email address hijacking

29 08 2007

I get the occasional hijacking of my domain name with some fake string in front of it and most of the auto responses from the spam filters come back to *my* Spam Quarantine folder. After being a bit paranoid about my system being compromised, I was told by a system administrator that it wasn’t me, it was someone/machine out there in the wild who thought my domain name would be a good one to attach ‘xcsewagtsyqhgv’ to and send off messages about body part enhancements for body parts I don’t even have. <sigh>

I’ve now learned to live with it and just delete those messages, and I no longer get paranoid.

However, others do, as evidenced by a discussion thread this past week on the Lone Writers list. Probably one of the clearest explanations of this was posted today by Lou Quillio. With his permission, here’s his response to the person whose Gmail account appeared to have been hijacked:

**********

In general there’s (almost certainly) not a problem, so you don’t need a solution. You just need information.

The phenomenon you describe is called “backscatter” or “outscatter”. It’s caused by mailer-daemons (you might say “email servers”) sending auto-responses when they identify spam. Spam is also called UBE, or unsolicited bulk email.

Here’s what happens:

A piece of spam is sent — to someone you don’t even know — with one of your email addresses as the ‘From:’ address. That *doesn’t** mean it was sent through your account or someone has stolen your login credentials. The ‘From:’ header in an email message is an arbitrary string, chosen by the sender. It isn’t authoritative in the slightest.

The piece of spam is received by the addressee’s mailer-daemon (pronounced “demon”), it’s identified as UBE, and blocked. The addressee never sees it.

Now the mailer-daemon has a decision to make. The matter can end there. Or, the mailer-daemon _could_ send an automated message to the ‘From:’ address, warning about possible UBE. That’s backscatter.

How useful are these auto-responses? Not very. Any knowledgeable sysop is aware that the ‘From:’ address is probably not the real sender.

But many send them anyway, and word them jarringly: “Considered Unsolicited Bulk Email FROM YOU”, etc. Uhh-huh. Why assume that, bub? Are you living in some innocent 1999 time warp?

Anyhow, this auto-response arrives at your GMail account and guess what? GMail marks it as spam. Because it is. Backscatter is spam. It’s unsolicited by you, the recipient, and sent in bulk.

Still with me? Spam sent + auto-response to somebody there’s no reason to assume sent it = more spam. Backscatter spam.

So there’s no _technical_ problem, just a network effect. Is there a _social_ problem? That, too, depends on how much information you and your peeps have, how well you understand what’s happening.

First concern: the spam sent under your name to Aunt Edna (or more likely to an utter stranger). What will Edna think of me?! Nothing. She didn’t even get it. Her mailserver blocked it. That’s why you got the auto-response.

Second concern: whomever (or whatever) warned you about sending spam apparently thinks you’re a bad girl. You don’t want _anybody_ thinking that. Relax. It was a machine, a rather dumb one.

Here are the take-aways:

  1. Never trust a ‘From:’ address alone. You can’t. You never could. So forget that.
  2. Ignore backscatter if you use GMail, Yahoo! Mail, or one of the other big services. If there’s a problem, it’s theirs. And there’s probably not a problem.
  3. Ignore backscatter if you *know* your desktop email client isn’t compromised. Past experience has made Windows users paranoid. Updated Windows installs aren’t nearly as vulnerable. It remains a best practice *not* to use Internet Explorer nor Outlook Express. They were the egregious point of failure– and, however improved, are vulnerable by design and ubiquity.
  4. Don’t fly into a tizzy and start spamming your peeps and your lists in shame. Windows trained this into you. You’ll have to train yourself out, and the first step to recovery is staying calm.
  5. Never, ever retrieve or send email over an insecure connection. GMail won’t let you, cuz Google’s not dumb. Whenever you’re setting-up an account, connect with SSL/TLS. POP3, IMAP, SMTP … no matter. Always choose the SSL option and avoid providers who don’t offer one. Your email account’s username and password can’t be filched if they’re never sent over an insecure wire.
  6. Send plain text email, and read messages as plain text regardless how they were sent. Why did the the Trojans admit the horse? Because it was fancy. You don’t need fancy. You’re a writer, not a formatter, and it’s your words that matter.

All that stuff about firewalls and virus scanners and changing passwords all the time … yeah, sure, that’s fine. But none of it’s related to your recent fear — which concerns a network effect and is cured with knowledge.

***********

Thanks Lou!





Handy software development references

27 08 2007

I *love* being a member of the Lone Writers Special Interest Group of the Society for Technical Communication (STC). Someone always has something neat to contribute, and in amongst all the helpful suggestions and discussions, there are the occasional gems of reference material… like these shared by one of the members last week:

I’ve put them here to share, but also so I have a central place where I can refer to them again (yes, I know I could use Del.icio.us, but I don’t—it’s just another place I’d have to remember to look for my ‘stuff’!)





One way to document a confusing user interface

27 08 2007

Someone on one of my technical writing lists posted a link to an unofficial user guide for a piece of software used to report building maintenance issues at the University of Pennsylvania. From reading this guide, it is clear that this software is far from user friendly. Called “The Legend of FacilityFocus“, this underground guide for students is written as though logging a maintenance issue is part of a role-playing game. For example:

This [software] provides wonderful new functions for automation and integration and tracking — but from the point of view of a College House resident trying to get a light-switch fixed or a sink unclogged, the … web interface is not exactly user-friendly.

In fact, you can win only if you know which screens to visit in which order, which fields to fill out and which to ignore, which secret codes to use, and so on.

… [later] OK, you might think that since you want to request work, you should click “Work Request”. But DON’T! That will lead you off into a series of twisty little passages, all alike, where you’ll be eaten by goblins.

Go on, read it – it only takes a couple of minutes.





Annual Report sense – finally!

23 08 2007

I received some mail today from Telstra, the Australian telecommunications giant. I have shares in them (which I really should get rid of… they’ve never done well). In amongst all the puffery about how good they are was a slip of paper that was a welcome relief. To quote from it:

“Recent amendments to the Corporations Act allow companies to provide their annual reports to shareholders on the Internet rather than by hard copy. … commencing from the 2007 Annual Report we will no longer mail you a hard copy unless you specifically ask us to do so.”

At last! Some sense. An opt-in clause versus an opt-out one, and a massive saving for companies in not having to get these glossy tomes printed and mailed out. An even better saving for those shareholders who receive these missives because it’s required by law but who just throw them out without doing more than skim them (if that).

I only own a few small parcels of shares in a couple of companies, but it still bothers me to get these 100+ page documents every year. They all try and outdo each other every year in the glossiness, paper stock, fancy wancy bindings etc. So I’m very pleased that the lawmakers have seen fit to enter the 21st century and allow alternative corporate reporting mechanisms.

Of course, elements of the printing industry that have survived only because of this cash cow may be squealing in pain right now. But I’d suspect many ‘Mum and Dad’ shareholders may be cheering these changes.





A better experience

23 08 2007

We decided to give Jarrah Jack’s another try (see previous post for our bad experience there a few weeks ago). I’d taken the day off work so we drove down to Pemberton for lunch and to sample the wines and beers at Jarrah Jack’s Brewery and Woodsmoke Winery.

Our experience this time was much better. Not perfect, but decidely better than the last one! They must be doing something right as there was a decent crowd there for mid-week lunch: in winter and not in the school holidays. Small groups of people too, so it’s not like there was a busload of tourists that had to be catered for. We arrived just after 1:00pm so were at the tail end of the traditional lunch period. We had a short wait for the beer tasting sample, and a bit of a wait for our lunch. But nothing out of the ordinary. Lunch was nice, but nothing to rave about. And this time the service was friendly.

Can’t ask for much more than that, really. At least, we now have a better impression and will likely return. They need to do something about that awful potholed gravel road and driveway though…

Photo of the beer tasting rack to come…

Beer tasting rack





Number plates

23 08 2007

On the way down to Pemberton for lunch today a black Mercedes drove past us heading north. The number plate? “O Lord”

Made me laugh!

PS: It helps if you’re a baby boomer or you know the Janis Joplin song! Otherwise you’ll wonder why on earth I found it funny.





Good customer service

23 08 2007

I received this on Wednesday, a few days after last week’s Skype outage:

As a goodwill gesture to all you faithful Skype Pro, Skype Unlimited, SkypeIn or Skype Voicemail customers, we’re adding an additional seven days to your current subscription, free of charge. And even if you didn’t miss out on using Skype last week – you can still have a week free on Skype, on the house!

They didn’t have to do that, but it’s nice that they did. An ex-colleague of mine once told me that it’s not the problem that causes customer anger so much as how you deal with the problem. Skype kept their users informed every few hours via their blog, and when the situation returned to normal, they ‘rewarded’ their customers with this extra.

Well done, Skype.