Wow, Alexa thinks PlanetMike.com is ranked #690,887. Does that mean that there are only 690,886 web sites that get more traffic than I do? Wow, that’s actually kind of impressive. Here’s a traffic button/ad thing for Alexa:
If you don’t see it, that’s because it is a javascript thing.
Someone just signed up for a mailing list on my day job’s web site. Our system uses Mailman, which sends a confirmation email back to the email address given to get confirmation that the address should be added to the mailing list. An AOL user filed a spam complaint about the confirmation message. Now, that is an interesting conundrum. For years, we (the anti-spam community) has been railing that all mailing lists should be confirmed opt-in. An email address should only be added to a mailing list if the email address has been confirmed through some kind of tagged email. This is usually done with a hash of some sort that can only be read by the owner of the email address. This prevents an attack on a victim by signing them up for zillions of lists without their permission.
Of course, now what could happen is the attacker attempts to sign them up for zillions of lists. The victim still gets zillions of messages, but these now are the confirmation messages. The flood of mail will stop very shortly after the attacker’s computer stops generating the requests. The victim will have no choice but to either ignore the list requests, or to file a spam complaint on the requests.
What’s the answer? Do list managers (who are mostly all using confirmed opt-ins for new subscriptions) now need to start using a CAPTCHA to protect themselves from abuse?
In the specific example above, I will chalk up the abuse report I got from AOL as being from an idiot AOL user who did not understand that by submitting their email address they would be getting email from us.
I always register with a unique email address whenever I need to register somewhere. It makes it very easy to track spammers or other companies that choose to violate their privacy policy. Just today, I received an email from PC Magazine.
They lie: “You indicated that you want to receive special Ziff Davis offers when you provided your email address to PC Magazine. If you prefer not to receive this type of special offer from PC Magazine, please use the following link:”
This is the first message I have received using that email address since it was created on September 15, 2003 at 1:46:07pm. You think if I had opted in to getting email from PCMagazine, I would have gotten at least one message in the 879 days (almost 2.5 years!) since I gave them an email address. So, I have blocked both pcm-marketing.com and omessage.com from my mail server. And of course, you should never opt-out of stuff you didn’t sign up for.
An interesting idea for a SpamAssassin rule: If a domain name mentioned in the headers of an email mesage does not have content on a web page at the same domain, give it a couple points. So this message would have scored at least four points, as both omessage.com and pcm-marketing.com do not have a web site. I also wonder why omessage.com doesn’t have any information in their whois records?
Yesterday during the Super Bowl I ran the web traffic logs for PlanetMike.com. And discovered that dozens of people at MySpace.com are leaching images from my web site for use on their profile pages. So I am now changing those images to be an ad for my web site. I wonder how long my images will continue to be leached? And I hope that people learn that using other people’s images isn’t cool. If I have to I’ll put in some mod_rewrite rules to take care of the traffic.
Looking at the chart, you can see a nice spike starting up in September. The August spike was a spider running amok in my blog pages. It looks like it got caught in a Blosxom loop.
Slashdot, news for nerds. Maybe the original blogging site, technical article summaries from around the world, with commentary from the technical elite (aka nerds).
The new iMacs with the embedded iSight camera also have a nifty piece of software called Front Row. It allows easy access to audio, video, movies, and photos. To make it work on other Macs, check out How To Install Apple’s Front Row.
My gmail test account is filling up. 2,655 messages are in my Inbox; with 35,536 in my Spambox. Gmail left 6.95% of incoming messages in the Inbox. All messages coming into my account are spam from a dead domain created years ago.
I forwarded mail from my spam-collection domain to new accounts at Yahoo, Hotmail, and Gmail. Yahoo and Hotmail didn’t allow any spam at all to get into the Inbox. Of course, Hotmail had an easier time since they only accepted 926 messages, while Yahoo accepted 4,149. Gmail accepted 3,068, allowing 224 (7.30%) into the Inbox. So maybe Yahoo’s Mail is the webmail system to use. They aren’t flat out dropping as many messages as Gmail, or as Hotmail. It would be really ncie to know what criteria Hotmail and Gmail (and maybe even Yahoo) are using to decide which messages to drop. Is it a blacklist based on message headers? Or based on links in the body? Content analysis (ala spamAssassin)?
Once I noticed that the webmail companies were dropping some mail I stopped the forwarding. Ideally, I should download the mail to my Mac so I can see which messges were dropped. Anyone know a way to easily look for duplicate messages? If I add a X-trace-tag header when the message leaves my doamin, would that invalidate the header trail?
Derik suggested a comparison between Gmail, Hotmail, and Yahoo mail. Glad to oblige. Last night I set up virgin email accounts at each service. Then I redirected all mail from my spam ridden domain to each address. It’s been a looong time since I’ve used Yahoo or Hotmail, so I figured it would be interesting to see how they are.
Yahoo
Signing up is pretty straightforward. Make sure you opt out of the thirteen “Special Offers and Marketing Communications” from Yahoo!. Even if you do, you may get them for up to 10 days. 
Also make sure you read all of the 126 lines in the Terms of Service. I love how every onilne service makes it easy to sign up, but difficult to read the terms of service.
Yahoo gave me 1.0GB of space for messages. This morning they have caught 3,419 pieces of spam, with nothing in my inbox. Not bad. I also counted six graphical ads, including an enormous one that takes half the screen. 
Hotmail
Signing up was not too bad. you only get 25 MB of space, and then up to 250Mb in around 30 days after someone at Hotmail decides you are worthy. I found the home page very busy. There are tons of links to go other places, a large ad (but not as large as Yahoo’s big ad). 
It was very confusing when I tried to logout. 
Apparently, Hotmail does not want you to log out. I never was able to successfully log out. If you hit the “Need help signing out?” link, all you get a is a pitch for other MS services, like Passport. I’m still not sure if I got logged out or not. Wonderful, is MS tracking me as I surf?
This morning, they’ve caught 898 messages, none missed. but where are the other couple thousand messages? I see tons fo rejections in my mail server’s log. It makes me wonder how robust Hotmail is and how many other messages didn’t make it to my Hotmail mailbox at all.
I will say it was cool to see that Hotmail is still linking to GetNetWise in the page footer. GetNetWise is one of the web sites I manage for my day job.
Gmail
Gmail is interesting, because you have to either be referred by a friend (I have over a hundred invitations if anyone is interested), or you have to provide Gmail with your cell number so they can SMS you a code to sign up. So you can’t be totally anonymous through Gmail. So even though Gmail appears to be the only large webmail provider protecting user’s privacy from the government, they do know a lot about you. Currently, they give users 2.6GB of space.
Gmail has the cleanest interface by far. 
The ads appear as text blocks once you are actually looking at a message.
Gmail missed 184 messages, and tagged 2,591 messages. So it looks like Gmail is missing some messages too. Weird. All three of these services should have the same number of messages total.
Terms of Service
Remember the good old days, when there was a separate page you had to click through that had the entire terms of service available without having to scroll through a one inch high textbox? It seems the service provider would love to have a captive audience so teey could have another opportunity for a few eyeballs to see an ad. Plus now you have to read two or three separate agreements to sign up for a service. Who really reads these things?
Summary
Wow, I think I’ll stay with my home grown solution: SquirrelMail running on my Red Hat Enterprise box. If I had to recommend a webmail system to someone, I’d lean towards Gmail. It’s clean interface, generous disk space make it a winner. But I wouldn’t run a business off of it.