Posts tagged “Google”.

Managing spam with google

If you use google to manage your personal domain email I have worked out a hack to have the best spam filter possible.  This article is all about unsolicited junk email and stopping it dead.

Why

I have an irrational need to make sure I get all my email.  So, if I’m e-vited to the latest social event in our neighborhood (wine tasting, happy hour, etc.) but they misspelled my user name, I still want to get the e-vitation. (If they misspell the domain name, sadly there’s not much I can do.) So, in google mail I set up a “catch all” which means that if google doesn’t find a valid user account to deliver the mail message to, it will drop the message into the designated “catch all” user account instead of bouncing it back to the sender as undeliverable.  That’s great for never missing an invitation to drink alcohol with friends, but that’s horrible for trying to manage spam messages.  Spammers no longer have to guess a valid user name, they can send it anywhere to my domain and it’ll wind up in my SPAM folder.  Which isn’t so bad, but I hate SPAM folders.

I hate SPAM folders because I feel the need to go through them to see if legitimate messages were placed in there on accident.  The thought of missing that wine-tasting e-vitation because it had one too many links in the message is personally disquieting.  When you get thousands of SPAM messages a week, searching for that one party invitation is very time consuming, tedious, and really annoying.  So I gave myself a goal, “Minimize the chances of missing an email while also minimizing the amount of spam that made it into the SPAM folder.”

Lofty goal, huh?  I know, I’m going to tackle hunger and world peace next week.

So, I own my own domain.  When you send a message to a user at wiredsage.com, it comes to my email account no matter what the user name was.  Minimizing missed messages isn’t quite that easy, because they can still get delivered, categorized as spam, and lost in the plethora of junk mail waiting to be deleted never to be seen by human eyes.  I had to figure out a way of killing spam before it got to the SPAM folder in google.

White-List, Are you Human, Black-List?

You might be thinking to yourself, what they need is a “white-list” or a list of people who would never send you spam and would always send you good email. With the proliferation of malware, lots of people who would have been on a “white-list” of mine have in the past sent me crap.  Plus, what about the person I don’t know?  The person that is sending me a legitimate job offer, the job offer of my dreams.  I want that email to come right to my Inbox without delay.  So not only is this not a great solution, it’s not offered by google.

I’ve seen some hosting companies send an auto-reply message to the sender, ask them to visit a website, and complete a captcha (validating that you are human), before allowing the email message to be delivered.  That stops spam pretty much in it’s tracks.  It can be defeated though.  I’ve seen spammers use third world data entry workers to complete captchas in other situations before.   And could you imagine a recruiter sending out a bulk email message, about the best tech job ever to be published to a list of highly qualified potential applicants, going through all that crap to deliver one email to one potential employee.  Opportunity only knocks once.  This is not only overkill, it’s also not offered by google.

What I really needed was a “black list”.  A filter that said, if the email meets this criteria, return it to sender as undeliverable.  Ideally, I would be able to use regular expressions on any email field, header, or the body of the message.  I would be able to count how many links were in the email, I would be able to compare the senders to my contact list, I could count the number or recipients were in the message, to create a robust set of rules which would allow me to decide, “this message was too spammy to accept”.  Now note that I want to bounce the messages and return them to sender with an error for the one in a million emails that weren’t spam.  Well, guess what?  Google doesn’t offer this either.

What to do?

I wondered if I could do anything, so I investigated.  In computer lingo I hacked.  I was looking for a way to use the existing infrastructure provided by google in a non-intended way to get my desired result.  So I hacked… and hacked… and hacked…

I found that if you disable an account, the email is then bounced back to the sender as undeliverable.  I also found that you could apply aliases to a user account.  So I made a user called junkmail-01 and gave it a name of “junkmail filter”.  I then opened up my SPAM folder and looked at all the TO: fields to get the email addresses that were being spammed.  I took those usernames out of the SPAM folder and made them aliases to junkmail-01.  I then tried to send email to those email addresses.  Bounced mail.  I had found my black-list.

How it works

Now when I go to a site shopping, like geeks.com, and they want my email address I give them geeks.com@wiredsage.com.  Then if they sell or lose my email address and I start getting emails for “natural male enhancement” I just have to add “geeks.com” as an alias to my junkmail-01 user and I will get no more mail from them ever again.  Well, they betrayed my trust, they don’t deserve to communicate with me.  If I absolutely still need to get email from them, I update the username they have on file to something like “geeks.com-2@wiredsage.com” and then I know how many times they lost my email address and whether I want to trust them with my credit card information in the future.

Junkmail-01?

You might be wondering, why junkmail-01?  Why not just junkmail?  Well, google only allows you to add 20 or so aliases to a user account.  I’ve gone beyond 20 blacklisted email addresses.  So, you just add another user, junkmail-02, disable the account, and start adding more aliases.

The Result

This is very effective because I’m filtering on the destination address, not the source address.  So no matter what bot network is sending the spam, or what domain the spam originates from, if it’s destined for the blacklisted account, it gets bounced.  Every once in a very long while I get a spam message in my SPAM folder in my catch-all account.  I then have to login to the domain management portion of google mail and add an alias to the highest numbered junkmail account.  To stop it from happening again.  I see it as an effective strategy for managing spam with the existing tools google provides.

Closing Thoughts

I think this is a sweet hack.  But it is just that, a hack.  I would love for google to come out with a regular expression based rule filter for their email.

The Game of Life

I broke down a few weeks ago and bought games for my kids computer. I picked up the “Game of Life, Path to Success”, “Monopoly, Here and Now”, and “Scrabble” all for the Machintosh in a “Board Game Trio II” pack. They came to about $8 a title after shipping, which is my price point for trivial software. I thought it was a great deal. But it got even better when the software didn’t behave as expected. So now I didn’t just have great cheap games. I had great cheap games that “non-privledged users” couldn’t save their progress on. I called support, and they were very polite and helpful, but I was going to have to wait for the guy who actually programmed the games to get back into the office for the solution to my specific issue. It might be a day or so.

Anyone who knows me, knows I’m not one for waiting. And, I figured it was a challenge. Could I figure it out before the programmer emailed me with the answer? The clock was running. I had myself a hacking opportunity!

So, I first started up the game as a privileged user and created a character with a name of “Rumplestiltzkin”. I then searched for \*umplestiltzkin\* with the UNIX command find, hoping that the character’s name was used in the save file on disk. No luck. Without knowing the filename, and not having the character’s name in the filename, I was at a big loss.

Then I said to myself, “Self, there aught to be a program that tells you what files are being accessed on your system.” To which I replied, “Well, self, if such a program exists, I bet google knows about it!”

I searched Google for a few minutes and came up with a shareware/nag-ware program called fseventer which allowed me to see what files were being accessed real time. The only file that looked promising was /Applications/Game\ of\ Life\ -\ Path\ to\ Success.app/Contents/Resources/Source/gol.txt. I opened gol.txt up in Textedit, scrolled to the bottom, and there in clear text was Rumplestiltzkin! I had found the save file!

Now when I did a directory listing with the command “ls -al” it listed gol.txt as -rw-rw—- which means that the owner and group may read and write to the file, but everyone else has no access. This is easily fixed with a quick terminal command run in the directory where gol.txt exists: “chmod 666 gol.txt”. What that does is sets the file to “-rw-rw-rw” permissions, which allows everyone on the system to read and write to the file.

666 may seem a bit satanic, but trust me, it’s not. The permissions are binary, and the values for each group are READ which equals 4, WRITE which equals 2, and EXECUTE which equals 1. These three bits in binary, if they were all on would be 111, or 7 in decimal. For read and write permissions only it would be 110 in binary or 6 in decimal. For read only permissions it would be 100 in binary or 4 in decimal. And for read and execute permissions it would be 101 in binary and 5 in decimal. For more information about unix permissions… read a book, google unix permissions, or take a look at this cool unix permission calculator!

I figured it out before I read the email reply from the support department, however, I didn’t fix it before the email arrived. Can I claim a tie?

Southern Snow Shoveling

Special Thanks to my brother Donald for the Snow Shovel. 😉

I joined Facebook ?!?

The world has officially come to an end.  The seas have turned blood red, the sky is on fire, and I hear the hoofs of the four horsemen approaching.  I joined Facebook today.

I have always felt that Facebook has it’s place for those who are not gifted with mad-uber-tech and zen-computer-fu skillz.  I never felt a need to join Facebook because I figured that if you knew me, you knew this is my web site (it’s on the bottom of all of my personal emails — just a click away) and you had all my contact information… if  you wanted to talk you just had to send me an email, video chat with me (skype, AOL or Yahoo!), or just use the phone — I’m in the book.  And here, on my own personal domain, in my own little electronic kingdom, I control my privacy completely.  If you don’t know me, my personal information on this site is pretty sparse and I feel confident that you’re not using this site as a resource to stalk me or my family.

Over the years I’ve gotten many friend requests for Facebook and for one reason or another I didn’t join.  Reasons included requests sent to my work email address, personal privacy issues, my impression that Facebook was just another re-branded version of MySpace, and Facebooks own EULA.  My content, whether you find it to be inane drivel or not, is mine and I will not grant license to any company or organization to use it as their own.  Ever!  The only thing left that we can honestly claim as our own is what we think, feel and say.  There’s no way I’m giving that up to a corporation.  Then again, I’m jaded.  I’ve seen people lose their reputations on-line.  I’ve seen people lose their jobs on-line.  I’ve seen people lose their identities on-line.  I’ve seen people lose their life savings on-line.  I’ve seen people lose their children on-line.  The Internet is a lot like New Jersey, it’s got it’s really nice parts, and it’s got drawbacks, and it’s got it’s really bad parts… except the bad parts of the Internet are way worse than Newark ever was.

So, now that you know my true, honest feelings about Facebook, I’m sure you are wondering, “Why the hell did you sign up?” Well, my brother came over for Christmas and, as a Facebook addict, he had to get on my iMac to tag someone’s wall.  I gave him the bah-humbug-facebook-shpil and he said, “Naw! You gatta look here… check this out.” So he gave me the tour.  Everything I’ve seen before except one thing.  One thing made me say, “Crap!  I have to join Facebook now!”

My 89 year old Aunt was on Facebook!

So, I read the EULA again, and three sections of it turned my stomach.  But, my 89 year old Aunt Edna on Facebook outweighed the drawbacks enough to make me join.  So I’ve joined, but there is no way I’m uploading any content of any considerable value to their site.  If you desire anything of substance from me, if you want to read anything other than a “LOL! you goof!” or a “Yeah, we need to grab a beer this weekend.” you’ll have to read it here.  Where, for whatever it’s worth, I own it.  It’s mine, all mine.

With that said, Facebook gets a minimum amount of personal information about me.  If you know me and friend me on Facebook, you’ll always have a quick, easy link to this website and you’ll always have a link to my photo gallery.

Well, that all happened.  It’s all true.  But there was something else.  Aunt Edna was the #1 reason I joined Facebook.  But there was one more thing that tipped the scales in favor of signing up at Facebook — Google Wave.  Google Wave integrates with Facebook.  So I don’t actually have to login to Facebook to participate in the conversations there.  I can do it all remotely, from Google Wave.  That to me is just cool.  I’ve grown to be a google fanboy of sorts, and anything that makes me use Google Wave more, can’t be a bad thing.

Google Wave might actually get me to sign up for Twitter too…

Google me this Batman…

If you haven’t heard, the next big WAVE in computing has hit.  Google Wave, that is.  I got my invitation this week and jumped in.  I found several of my uber-techie friends had also been invited and were already there, active, in my contacts list.  It’s amazing what they have done.

Check out the link which describes what Google Wave is.  And request an account from Google — you’ll be glad you did.