Managing Email

My post today was my first in about a month-- sorry about that.  It's been a busy time for the company and my family as well.

I've been meaning to write about managing the large volumes of email many of us receive.  When I was thinking of this subject a few weeks ago I did some googling around to see what others had to say.  There are a lot of different approaches out there!

Here is what I've been trying to do:

1) Delete email I really don't need.  Like the ones where someone says "thanks".  When will I ever need that email?  I used to keep every email (and piles of useless stuff at home, too).  I've taken to deleting everything that isn't pretty obvious that I'll need again.  No "whoops!" experiences, yet.

2) Keep my Inbox clean.  I use folders in my webmail and move messages to folders-- mostly categories of who sent me the message.  I use the Inbox like a short task list now.

3) Make my subject lines summaries of the content.  My consistency could improve here, but I like the idea and I have had some small success.  Instead of something like, "FW: Some customer name" I say, "FW: This customer needs help with a private label website".  I do rewrite FW: and RE: subject lines.  I think it saves people time on the receiving side.  This is probably my favorite new email almost-habit.

Let me know if you have any good ideas for managing a lot of email!

-Kirk

Ransom-Ware Viruses & Predictions

There is a new article up at IOL: Computers / IT about a new type of virus labeled "Ransom-Ware".  The virus-writer wants $200 to remove the virus and not harm the computer & data.

I'm guessing that Internet banking isn't quite anonymous enough to make this commonplace-- too easy for the virus writers to be located.

Radicati Predicts More Viruses

In an unrelated article, the Radicati Group estimates that the 900 million viruses expected to be emailed this year will reach 4.2 billion / yr in 2009.  The article goes into much more detail and is worth a read if you like scary numbers.

I'm not sure that I agree that the figure will quadruple over the next 4 years.  I'm sure they've looked at trend data.  I just don't think that it's possible to know what anti-spam and anti-virus measures will be developed and used.

If 90% of ISP's simply blocked the SMTP port 25 and then used a little connection throttling on their own legitimate SMTP servers, spam and virus traffic would drop tremendously.  As the volume of spam increases over the next year or two, I think it's highly likely that ISP's will start to take notice.  If nothing else, new revisions of their firewalls and mail transfer software will be smarter by default and make an impact.  Just my 2 cents.

-Kirk

Domain Name Scam?

I did an earlier post about domain name scams. ILSCORP was really pushing the boundaries on marketing ethics.

On Monday of this week I received a letter from the Domain Registry of America about a domain name I registered for my mother-in-law a year or two ago. It is leaps and bounds better than the ILSCORP, but it still leaves me a little uncomfortable.

The Good

It uses the word "switch" in the 2nd sentence helping the reader understand that DRoA is not your current registrar. The text "This notice is not a bill" appears twice in the letter; it appears bolded the first time. They have a paragraph about our right to change registrar's when we renew, again emphasizing that they are not the current registrar. Pretty good, in my opinion.

The Bad

The design of the document is built to pull your eye away from the informative text and focus your attention on other things. Three main sections get the attention: a section with the domain name & a "reply requested by" date, a section listing costs for different terms of registration, and a section listing prices on similar domains. It seems likely to me that a casual reader will simply see this as renewing their domain and never think about it being with a new provider.

The second "This notice is not a bill" is squished between larger and heavier fonts on the detachable portion to send in with your money. Not great.

The fine print on the back is almost comically small. It has to be 3 to 4 point font and is a grey color rather than a higher-contrast black. Again, it smells of design built to draw attention away from potentially important information for a consumer.

Competition

This letter seems to add customers to the Domain Registry of America through subtlety. True, there may be some existing domain registrar that doesn't warn its customers that their domain is expiring. The DRoA is then providing a meaningful service. But I'm guessing they mostly get customers because the folks don't realize that they are switching to someone new and maybe not getting the best deal (DRoA charges $25 for one year of registration...there are significantly less expensive registrars out there).

Customers benefit when there is more direct competition between providers on core issues. Customers then choose new companies based on a feature/price ratio that makes sense to them and companies that better meet needs get more customers.

I was just reading through a competitor's web site yesterday and saw where they had an add-on support package where their customers would be guaranteed a response to an email question within 48 hours. 48 hours?!? Maybe that's a big step up from a free email provider.

Needless to say, I believe we're a huge step up from a situation like that. And we're working on doing even more!

-Kirk

Greylisting

I received this comment in response to an earlier blog entry:

Is there any chance of webmail.us implementing greylisting? Here is a link about it: http://projects.puremagic.com/greylisting/whitepaper.html I have yet to see a downside.... Thanks, Zachary

Zachary-- thank you for the question and the answer is: probably not anytime soon. I'm putting this as a separate blog post because I think it is a really good general question and the explanation for my answer might be useful to others.

What Is Greylisting?

First, let's talk about whitelisting and blacklisting. A whitelist is a list of email addresses and/or Internet Addresses that someone knows as "good" senders. A blacklist is a corresponding list of known "bad" senders. Clicking "trust sender" in the webmail interface puts a user on a whitelist. Clicking "report spam" doesn't blacklist the sender, but does submit the message to our filtering software so that it can learn to recognize the new type of spam.

The link Zachary sent along is a great explanation of the concept of greylisting. It is an approach that says, "I don't know who you are so I'm going to make your email message jump through some extra hoops before I accept it." So an email from an unrecognized sender is neither on the whitelist or the blacklist and therefore is treated differently.

Greylisting works by telling the sending email server to resend the message sometime soon. Most spammers right now set their software to blindly transmit their spam email and the software doesn't understand the "resend soon" message. Thus, the spam would never actually be delivered.

One Weakness

There is one weakness to this approach in a business or high-performance personal setting: the delay and resend may take up to an hour. Many businesses receive email from new customers regularly, whose email would be delayed by the greylisting rules, and the delay could have a significant business impact. And if you frequently get email from "friends of friends", then greylist might cause you problems, too.

A second potential weakness is that it seems to Bill Boebel, our CTO, that updating spammer software to follow greylisting rules would be just too easy to implement. So as more people used greylisting it seems likely to stop working altogether as spammers adjusted.

Choosing Your Approach To Spam

There is no wrong approach, just a few choices that will make your mailbox work in a way that's most useful to you.

I've included some info in earlier posts about how we filter spam. The summary is blacklists, keyword recognition, and some very intelligent programming in SpamDNA(r). But our customers can also use desktop anti-spam software and 3rd party services to add more layers if that better meets their needs.

-Kirk

Cell Phone Do Not Call Registry

I was shown an email today that talked about the creation of a 411 lookup service for cell phones and a big rush in cell phone telemarketing that would follow.  The email encouraged readers to sign up for the federal government's Do Not Call registry by dialing a phone number.

Fact Mingled With Fiction

Yes, there really is a cell phone 411 service being created.  Yes, the federal government has a registry of phone numbers that most telemarketers are required to avoid.

But...

The 411 service is being built for consumers and does not support telemarketing.  It is like 411 for regular phones: call and ask for a person by name and area to get a phone number.

The national Do Not Call registry is only for home phones.  We can all hope that if cell phone telemarketing ever begins in earnest that the registry will allow cell phone numbers to be listed, too.

Read more at snopes.com and urbanlegends.about.com.

-Kirk

Interesting article about viruses

Here is an article with a lot of interesting facts and figures about viruses in 2004: CRN.

I won't ruin the article, but a lot more viruses caused problems, the average time it took to recover became longer, and (not suprisingly) costs to recover went up.

I'll renew my earlier recommendation that multiple layers of anti-virus protection be used whenever possible.  Putting two anti-virus programs on the same computer is generally not a good idea, but protecting servers-- and particularly email servers-- as well as regular desktop machines should be standard practice.

Some Anti-virus Programs

There are some anti-virus programs that are free for noncommercial use (see their sites for definitions).  Here are three that I have tried at various times:

Avast! free home edition
Antivir personal edition
AVG free edition

There are *way* too many commercial anti-virus programs for me to track.  All of the products above have corresponding commercial programs, but here are a few more for small businesses:

McAfee
Symantec
Panda Software
Trend Micro
F-Prot

We Use

On our email servers we use F-Prot for servers with ClamAV, an open-source anti-virus program that works on Linux.  We encourage our customers to use another layer of anti-virus software on their desktops & laptops!

-Kirk

New Client Docs And A Tip

We recently hired a great technical writer to help us with a lot of projects.  There are now some new documents at our Setup email client page for Netscape Mail and Mozilla Thunderbird.  I really like the new formats we're moving to and hope that we can get the old docs redone within the next couple of months.  And keep your eyes open for a Webmail user guide in the next few days.

Outlook Express With IMAP Tip

Outlook Express allows email you send using IMAP to stay synchronized with the Sent folder in Webmail, although this isn't how OE handles sent mail by default.  To make the change go to Tools -> Accounts -> Mail (tab) -> Properties -> IMAP (tab).  For our email system (or any other system based on courier-imap), put 'Inbox' for the root folder, and 'Sent' and 'Drafts' for the other two folder names below.  After clicking OK Outlook Express will take just a moment to reset its folder information.

To make sure that Sent and Drafts stay up to date, right click on each of those folders then choose to synchronize all messages in the folder.

If you want to do the same thing using Outloook, follow these instructions from Microsoft.

-Kirk

Pharming Threat Officially “Yellow”

I’m not going to blog every time SANS kicks out a slightly elevated threat level. If that’s the sort of thing you *want*, subscribe to their alert feed here.

The subject of the threat is about “DNS Poisoning”. I wrote about pharming (which is the cool way to say DNS poisoning) a couple of weeks ago. But the gist of the alert from the SANS folks is that there are some very specific attacks against certain DNS Servers (not clients) going on right now and that it has been building over the course of about a month.

Amazement & Dismay

When I read about these sorts of things I have an internal dialogue with two conflicting viewpoints. First, how the heck has the Internet, by-and-large, not had any big problems with Bad People hijacking DNS servers? Second, how the heck can big-name vendors be sending out products with such serious security problems?

What can you & I do?

Probably nothing. We use UNIX-based DNS here so we’re not considered vulnerable by SANS.

If you happen to be Windows or Symantec Gateway administrator, please be sure your software is patched to the latest specs and configured in a secure way. Here is a guide to securing Windows 2000 DNS. Here is some info from Symantec about issues with their products.

-Kirk

Email Chain Letters & Urban Legends

Today I received a copy of an email that said I would be paid hundreds of dollars if I forwarded the message to a bunch of people. It claimed to be real, to have been on the nightly news, and to have been on a 2-page spread in USA Today.

If only.

My favorite website to visit to check out various myths as fact or fiction is http://www.snopes.com. And I’m sorry: they now have a few ads. Of course, the banner ad they had was for Mythbusters on the Discovery Channel—an awesome show.

Anyway, I’ve used Snopes for years and have found it be to very thorough and accurate. Every now and then, I check something out that I think is a myth and find it to be partly true. Maybe this site will be useful to you, too. It’s fun just to poke around and see what myths are out there!

-Kirk

More Phishing In The News

Here's a good article about the impact of phishing on small businesses: http://www.messagingpipeline.com/159903381.

It includes lots of interesting pie charts with survey results from small businesses.

-Kirk