I was looking around at a few games recently and I must admit that I am pretty sick of games that claim to be free but offer an Item Mall. Yes yes… of course it is still free to play but that is like telling someone they can have a FREE CAR which doesn't come with the proprietary wheels that allow it to move, if you want the wheels you can get them at our Item Mall. It's a cheapass scum tactic to get people to download 3Gigs of data that they don't want. Shame on you whores.

Recently I sent out an email to my "blog subscribers" to tell them of the domain name change… I sent it via my Google Apps account but I used an email alias to send it. My real email address was disclosed in the email and that bothers me, I thought that was the whole idea of the fuckin email alias. As a result I have been considering bringing my email internal again and using something like SPF/PRA/SenderID/Whatever. Of course my thoughts were to make a Debain based server, possibly with Postfix and some other fun stuff like Dovecot. I ended up finding this article on Debian's position regarding Sender ID.

Thanks Debian… thank you for holding the position that my data should be mine, while the means by which I use it, should be free, available for use by all, and not subject to someone else's ownership.

OK, so my first post back at my original domain name is another one of Google's funny captcha images. Can you spot the humour?

Sigh… it looks like I am going to have to switch the website back to the original one. Why people insist on being so tight-assed I'll never understand.

FFS I just noticed that cron was not running the script that rotates the header for me… no idea how long that has been messed up. :-(

you work for money
but do not have any choice
forever a slave

government worker
always sleeping at his desk
do not wake him up

I am not a big fan of about.com… there is plenty of reasonable information there but it is drowning in crap. Not only that but the crap is made to look presentable in some cases. Take this article for instance… it tries to point out the disadvantages of a challenge-response email system. Let's see if they make sense:

1. Newsletters are Shut Out: Wrong, newsletters are properly whitelisted by the recipient before he or she signs up, thus allowing the newsletter through.

2. Challenging People Using Challenge/Response: This section of the article claims that

What if you mail somebody who, like you, uses a challenge/response spam filter? Without precautions, the recipient's filter will challenge you, and your filter will challenge the sender of the challenge again. It's a beautiful loop, though neither of you ever sees a message.

Wrong. If we both use a CR system and I send you an email, my CR system automatically whitelists you when it sends the message, thus your CR response gets through to me and the loop never takes place.

3. The Majority of Challenges are Useless, Maybe Abuse: Sure the majority of challenges are useless, that's the fuckin' point chump. The useless challenges do not get replied to, thus the bogus emails are never delivered.

4. Spammers Using Whitelisted Addresses Get Through: Well Duh! Don't give the spammers your whitelist dipshit! The only way this argument makes sense is if you are stupid enough to let the spammers know your whitelist!

5. The Challenge is Annoying: It is supposed to be annoying, that's why spammers won't reply to the challenges. This part of the article goes on to say that

Not only is the challenge annoying and can be perceived as rude, a lot of people will also not be sure what to do. The impression they get is that the recipient's email system is broken in some way and that they can't send mail.

Seriously, if someone is too slow to understand something that says "To prove you are not a spammer click HERE" then maybe they should pack up that fancy Dell PC and send it the fuck back.

Finally, the last paragraph (which is comprised of a single sentence) is the only correct part of the article.

If you rely on unknown people to contact you, using a challenge/response spam filter is out of the question.

Exactly, IF you rely on unknown people to contact you. If you have a business, and that business has an info@yourdomain.com or abuse@yourdomain.com then DUUURRR! of course those addresses cannot be protected by a challenge-response system. Some fucks should really put more thought into how it works and less effort into defending their right to be lazy as hell.

Let's try another article shall we?

1. Challenge-Response is a guilty-until-proven-innocent scheme: You know why? Because almost all email is spam. And by "almost all" I mean almost all. Depending on who you ask, there is a vast range of stats to backup any position on the subject, though most sources agree that spam makes up well over half of all email.

2. Challenge-Response will prevent you from getting a wide variety of real mail: OK, this one is fucked and needs to be broken down.

2a. Some web site varieties prevent the disabled from completing the verification process: Web Site? What web site? Disabled? How the fuck is that related? Click the link, that's it.

2b. It can prevent you from receiving legitimate automated email, thereby making it difficult or impossible to subscribe to mailing lists, register at many web sites, buy software online when they email you the registration key, and receive receipts and shipping notices. You'll have to correctly jump through several hoops yourself to pre-authorize such mail: Seriously, if you want to sign up for shit, whitelist it. If you don't like it, stop using CR systems jackoff.

2c. I'm far from the only real human who simply refuses to jump through hoops: Guess what, then I don't want to hear from you, mission accomplished… chalk one up for CR systems!

2d. But, you say, you can periodically check the rejected mail to make sure you aren't missing anything good! Then why bother with it at all? Use regular spam filters and you're better off–same number of spam subject lines to scan for false rejections, and you'll never confuse or irritate any real people: Why does Google (spam filtering done by Postini) offer a spam folder for you to look in? How about Hotmail? Yahoo? Well, pretty well all email providers? perhaps we should remove all of these spam folders since obviously your preferred spam filtering system is 100% reliable?

3. Challenge-Response will keep you off of a lot of mailing lists: See 2b.

4. The Challenge is just as annoying as spam–and now, challenges often are spam: Clearly this was written by someone who's time is so extremely valuable that they simply are above dealing with rabble such as the common email user. Here's what it says:

Spammers have already started disguising their spam as challenge messages, and worms and viruses won't be far behind. So you'd be expecting your legitimate correspondents not only to prove that they're human, but to spend a lot of time trying to determine if your challenge is genuine. It's much easier and safer for your correspondents to direct all challenges to the trash.

First off, I have never seen a spam message disguised as a challenge message, this guy must be signed up for some pretty shady deals. But if you think about it, do "your legitimate correspondents" really have to spend any time determining if your challenge is legitimate? They'll only get a challenge the first time they email a stranger. And the challenge should come from an email address they just sent an email to for the first time. They can swiftly look over the ones from R0l3X@douchebag.cum and C_A_L15@dumfuck.org (unless of course they just emailed those addresses for the first time). Think Billy… think!

5. Some Challenge-Response providers are spammers: The article goes on to say…

SpamArrest, Mailblocks, and several other providers of challenge-response 'services' collect the addresses of their clients' correspondents, and use them for sending out their own spam. Just read the fine print of their privacy (sic) policies–if you can find them!

First off, challenge response should be deployed locally, not farmed out as a service. If it is farmed out as a service it adds a layer of complexity when trying to whitelist/blacklist, check quarantine, etc. The first company he mentions is SpamArrest, their privacy policy can be found here. The second company he mentions was purchased by AOL in August 2004 (approximately 2 years before the article). Bottom line, any company that harvests email addresses for any kind of marketing, advertising, or spamming should have it's staff burned (regardless of CR system use).

6. Challenge-Response can overload mail servers: Spoken like someone who has never run an enterprise email server. My last employer paid me to manage its email server (among other things) and had about 3,000 user accounts/mailboxes. When I first arrived at this employer, the application we used to block spam was blocking approximately 2,500 emails a day. When that became 10,000 emails a day we thought it was a really big deal. Over the course of about 3 years, that number grew from the original 2,500 to over 200,000 blocked messages per day. This was a far greater number than the actual number of legitimate emails per day. Eventually spam detection was farmed out to another company (that did not offer challenge response)… partially due to CPU overhead on our SINGLE email server and partially due to bandwidth. That's right, not only was email for 3,000 people hosted on a single server, but we ran out of bandwidth as fast as we ran out of processor power. What does that mean? It means that simple load balancing could have greatly increased our capacity to accept mail, well beyond the capabilities of our Internet connection. What does that mean?

It means that we did not run our of storage or even processor power, we ran out of Internet! Which means the server was not overloaded… and CR would not have overloaded it, especially since CR wouldn't be (and probably shouldn't be) used in most corporate environments. The concept of CR overloading servers is a myth.

7. Just say NO to Challenge-Response: Here, the article confuses the concept of SENDER and RECIPIENT. He says "Dealing with incoming spam directly is a nuisance, but missing out on real mail can be the pits"… well, if he doesn't use a CR system, he won't miss any of that brutally important email. It goes on to say:

Prospective employers aren't going to jump through hoops to send you a job offer. If your great-uncle gets confused about the process, he'll miss the invitation to a family reunion.

Wrong. Prospective employers will never see a challenge because you are smart enough to whitelist them. My great-uncle won't miss the family reunion because even if i was inconsiderate enough to make email my ONLY method of contact for such an important event, I would followup with a phone call when he doesn't reply to say he'll be there. What an inconsiderate fuck.

Finally the article links to some other articles that are either gone (404) or make the same myth-based claims.

There are some people who seem to dislike challenge-response email systems. Fuck them. There seem to be two main complaints from these people: (1) even if the confirmation is a small amount of time, it is THEIR time and therefore very valuable and (2) what if a spammer spoofs their email address? Well… (1) you pompous fuck, people deploying challenge-response systems should whitelist you so that your "friends" do not require a confirmation from you. in addition to this, anyone who emails you first should have automatically whitelisted you when they emailed you in the firs place, and no confirmation should be required. How often do you send email to someone you have never emailed before and who has never emailed you before? As for (2) if spammers are forging your email address it isn't cause they found you by shit luck, it's because you left your wooden spoon where they could find it duuuurrrrr. I only wish there were better challenge-response systems available for me to setup. I can't wait to not hear from you fucks.

Sweet… gives me the warm and fuzzies.