Friday 11 February 2005

Bitten by SPF

Categories: , , .

Oh dear. The Law of Unintended Consequences is hard at work again...

When people post blog comments here, they also get emailed to the author of the original blog post. The email has the commenter's address as the sender, even though it was actually sent by the blog software. This causes a problem if the author's email is filtered using SPF!

To recap SPF: it allows a domain owner to say who can send on behalf of the domain. The domain owner publishes a list of IP addresses or address ranges in the DNS. A receiving email server can compare the sending IP address against the SPF list for the sending domain. It's a way of spotting sender forgeries, which are hallmarks of spam and phishing.

So what went wrong in this case? Naturally, the blog server doesn't appear on the SPF list for the domain where the comment author lives. In other words, the blog software isn't permitted to send on behalf of the comment author's domain, so it looks to an SPF filter that the message is forged.

In a sense, it is forged, I suppose. But this sort of "legitimate forgery" is commonplace in applications. The ease of doing this with SMTP is one of the key reasons why spam is such a problem.

Applications now need to be much more cautious about doing this sort of stuff. Meng has an illustration, calling this sort of thing "ugly." What was acceptable a year or two ago just isn't any more. Really. Get over it.

Wednesday 9 February 2005

She's gone

Category: .

Fiorina sacked from HP. But what will she do next?

Tuesday 8 February 2005

First GeCAD and Giant, now Sybari

Categories: , , , .

Today, Microsoft announced that it is acquiring Sybari. This comes hard on the heels of their buying Giant, and GeCAD.

Microsoft is clearly on a spending spree to bring in-house anti-virus, anti-spyware, and anti-spam capabilities. How will this play with their "ecosystem" partners? I spy FUD ahead.

It's an interesting move, nevertheless. Sybari Antigen seems to be a product line that's well respected by those who's opinions matter most: it's customers.

I expect more consolidation during 2005, especially in the anti-spam market. There are too many private anti-spam vendors, some of whom are becoming insufficiently capitalized: either in terms of VC funds, or in terms of intellectual property.

Sunday 6 February 2005

Blogs as conversations? Yeah, right.


Some folks like to see blogs as a way to have conversations. Blogs reference other blogs; people add comments; trackbacks form back-links to references; all is happy, sweetness, and light.

Twaddle. What we have right now, is a messy prototype. Comments are too prone to comment spam, most people find it hard to understand the concept of trackbacks, and the whole thing is just too damned difficult.

If feeds and aggregation really are going to replace email, it needs to be a whole lot easier to have conversations. Today, conceptualizing, navigating, and adding to a thread is just too hard for 95% of users. (No I didn't do a statistically-clean survey to come up with that number. So sue me.)

So how do we make this a friction-free process? Glenn Reid has had an interesting idea; he's still thinking about it.

Gosling is a potty-mouth

Category: ,

Link: ZDNet Australia

Buried in a mildly-interesting piece about how Microsoft may have screwed Sun over with their recent legal settlement, Brendon Chase throws in this nugget:

"Gosling [used] adjectives traditionally reserved for the act of procreation to describe DVD encryption."
He's right, you know. (/me fires up DVDShrink...)