Spam filtering, what can I do?

April 18th, 2012 admin Posted in General Rants, Interesting | No Comments »

Over the past few weeks I have been inundated with questions regarding the non-delivery of e-mail messages and I would like to make a few suggestions.

First, a primer on spam. Three-hundred thousand spam messages a month are tracked going through my client filtering systems. That is three-hundred thousand e-mail messages not in various in-boxes. A piece of highly tuned software is making decisions as to the validity of the sender, the body of the message and the various attempts and sending viruses/spyware and phishing attempts.

It’s not perfect, and occasionally, valid e-mail is sent to the land of never-read messages.

There are ways to make this easier.

One, common domain names, that is, domains that you work with on an ongoing basis, can, and should, be added to what is called a whitelist. This is a list of domains that you never want to be checked against spam filters. If you are working with John Smith at Acme (jsmith@acme.com) – I can add the domain acme.com to the pre-filter white-list and never, ever, will John Smith be blocked by the mail filtering system.

However.

There is more than just on filtering system in place. Filtering can occur at pre-filtering sites such as Securence and Postini, filtering on Exchange, filtering in Outlook (yes, it is different than Exchange), filtering in the firewall and some antivirus packages include mail-filtering as well.

All of these need to be told whom you do not want to be considered spam.

Two, tell your customers, contacts, friends and family to white-list you. Yes, the people on the other end have filtering systems in place similar to what you are behind.

People that you communicate with on an on-going basis need to follow the same procedure you have. Ideally, your domain should be added to their white-list, at a minimum, your e-mail address should be white-listed. But it’s not just white-listing in one system. All parts of the spam filtering chain need to be told who you are. Skipping one link in the chain can send you to e-mail jail.

Third, check spam quarantine. This not only applies to you but to your clients/customers. Everyone needs to spend one-minute per day checking spam quarantine for messages sent to spam by accident. Messages routed as spam should immediately be flagged as non-spam by whatever flagged it to begin with. Should you not have access to the filtering system such as firewall or Exchange SCL blocking, your administrator should be contacted to either white-list the email address or domain.

Finally, make sure when you initially begin the conversation, ask to be added to the contact list of the person you are e-mailing and ask that the domain be white-listed on your and their end. Adding a simple statement in your e-mail footer as:

“Adding my email address, xxx@yyy.com to your safe senders list will help reduce the chance you will not receive my email message in the future” - can help reduce the chances you get routed to spam.

While not perfect, spam filtering is getting better, following these steps can help reduce your e-mail headaches.


Counting characters in a string with javascript

April 16th, 2012 admin Posted in Javascript, Programming | No Comments »

I've been asked for this simple snippet a few times so I decided to post it to fiddle for all.

The code in question iterates over a string counting the number of times each character of the alphabet appears in the string. It returns the value as an HTML formatted string but can easily be modified to return an array that can be parsed.

Given the HTML of

<p id="lower"></p>
<p id="upper"></p>
​

Pass in a string and a boolean to check if you want to scan uppercase or lowercase characters.

var msg = 'kegbojxgzazcjenrilmcpyoyhygsxdhavyslanylrgekcykusozvGsihlhatcwcjxipyxzodgihdnfhvcklhEeofkepFRfnspjocmEujlxholsakadxuTxzrutdKotvublqy';

function countCharOccuranceinString(thestring, ix) {
    var count, aph = '',
        i;
    // lower case characters
    for (i = (ix ? 65 : 97); i < = (ix ? 90 : 122); ++i) {
        count = thestring.match(new RegExp(String.fromCharCode(i), 'g'));
        aph += String.fromCharCode(i) + ':<i>' + (count === null ? 0 : count.length) + '' + (i === 122 ? '' : ', ');
    }
    return aph;
}

$('#lower').html('Lower key breakdown: ' + countCharOccuranceinString(msg, false));
$('#upper').html('Upper key breakdown: ' + countCharOccuranceinString(msg, true));

The resulting output would look similar to:

Lower key breakdown: a:6, b:2, c:7, d:5, e:5, f:3, g:5, h:8, i:4, j:5, k:6, l:8, m:2, n:4, o:8, p:4, q:1, r:3, s:6, t:3, u:5, v:4, w:1, x:7, y:8, z:5

Upper key breakdown: A:0, B:0, C:0, D:0, E:2, F:1, G:1, H:0, I:0, J:0, K:1, L:0, M:0, N:0, O:0, P:0, Q:0, R:1, S:0, T:1, U:0, V:0, W:0, X:0, Y:0, Z:0,

I forgot the link to the fiddle.


SiriusXM beta player stores username/password in clear text.

April 10th, 2012 admin Posted in General Rants, Interesting, Network Security | No Comments »

Discovered March 2nd, 2012

Reported March 2nd, 2012

Status: Not Resolved

The beta SiriusXM web player stores the username and password in plain-text in the file "username.sol" located under the Macromedia flash settings folder located in your Application Data/Roaming folder.

The file is found in the flash local settings directory located at (via a Windows 7 profile path):

C:%HOMEPATH%\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\[profile]\www.siriusxm.com\
player\beta\siriusXMPlayer\siriusXM.swf\username.sol

As an administrator with access to users' desktops, I was able to scan for and find multiple credential files on our client's desktops. After discovering, I contacted SiriusXM, who replied application security is taken seriously and would pass on this information to the developers. One month later, nothing has changed. The username and password for a users' SiriusXM account are still stored in plain-text in this file.

If you listen to SiriusXM online I would recommend that do you not store your credential information locally using the "remember me" feature and, until resolved, do not use the beta player.

Storing the username and password in plain-text is basic programming failure. The number of instances of data theft is staggering yet developers are still making these egregious mistakes during development.


Hey Microsoft, hire me to make your dialog boxes

October 7th, 2011 admin Posted in Usless Rants | No Comments »

Microsoft, you seem to have a knack for wasting space. I noticed this when trying to look through the event log and got annoyed at the 3 lines of text you gave me to read unless I expand up the window cutting the list down to 3 lines so I can view more in the text box. Here's an example of how moving a few lines around can make the dialog window more usable.


Browser image load torture test part 4

October 2nd, 2011 admin Posted in General Rants, Interesting | No Comments »

Another month, another set of browser updates. Now that the players have decided to follow the Google "let's update every 42 minutes" approach it was either update this post every other day or just wait a few months to some real changes appear.

In this test I am going to use the same 400x400 grid of images. I should explain that this is a grid of the *same* two images (black.gif/white.gif). There are just two images referenced 160,000 times. In reality, the way the different browsers handle this is staggering.

Since starting these tests, Internet Explorer went from the bottom to the top in performance in rendering the test page. Chrome improved and as usual, Firefox is the worst. As Firefox gets "better" this test page gets "worser" (yes, I know.)

The Results

The Test Page

Firefox 7.0
533.2MB
3 Minutes 11 Seconds
Internet Explorer 9.0
255.9MB
12 Seconds
Chrome (it updated when I checked)
317.3MB
27 Seconds

Pure HTML table crash effects IE9 as well…go figure

June 22nd, 2011 admin Posted in General Rants | No Comments »

Over five years, multiple emails, apparently nobody at Microsoft even cares anymore that their "advanced browser" cannot handle simple malformed table tags.

Want to have every single IE user lockup when they visit your site? Put an iframe in and link it to the malformed table page. Regardless if anyone would ever come across this page in the wild, it is still a glaring bug in their rendering system that Microsoft chose to ignore all these years. We're I on the IE team I'd be ashamed at this point.

Here's the original page
http://www.gregmerideth.net/?p=87

Here's the page that will cause your IE to lockup.
http://www.gregmerideth.net/html/iecrash.html


Google finally got back to me…

June 1st, 2011 admin Posted in General Rants | No Comments »

Google Enterprise Support finally got back to me about cancelling the use of Postini mail filtering. A year after I stopped using the service and eight months after emailing support asking Google to stop trying to bill me for a service I no longer used. If Google were to hire, say, one extra person, making their support department two-strong, they might get around to email messages a little faster.


Hello,

I would like to apologize for the delayed response on this case. If this is still an open issue that needs our attention please reply to this message and a member of our Billing Support team will investigate it as quickly as possible. Again, we sincerely apologize for the delayed follow up with this case.

Regards,
Enterprise Support


Alter table cell CSS with jQuery

May 5th, 2011 admin Posted in Interesting, jQuery | No Comments »

While looking for practical examples on doing this I found it easier to just jump into jsfiddle and figure it out myself.

I needed to alter the css of a single table cell based on the value in another cell. This is how I went about doing it. In a table of open cases, there was a need to quickly show which cases were resolved by using a strike-through (I additionally added a faded grey color) only when the resolved cell had a value. The code can either strike-through a single determined cell or the entire row.

Given the table:

<table border="0" id="bugs">
 <thead>
  <tr>
   <th>ID</th>
   <th>Description</th>
   <th>Created</th>
   <th>Resolved</th>
   <th>Severity</th>
  </tr>
 </thead>
 <tbody>
  <tr>
   <td>1</td>
   <td>Test</td>
   <td>5/1/2011</td>
   <td></td>
   <td>1</td>
  </tr>
  <tr>
   <td>2</td>
   <td>Test</td>
   <td>4/11/2011</td>
   <td></td>
   <td>2</td>
  </tr>
  <tr>
   <td>3</td>
   <td>Test</td>
   <td>4/18/2011</td>
   <td>4/22/2011</td>
   <td>3</td>
  </tr>
 </tbody>
</table>

I want to strike out the last row given a date is in the resolved cell. I've since converted the call to a function which would be executed as:

         strikeTable("bugs", 3, 1, false, "strike", function (x) {
             return x.text().indexOf("/") >= 1;
         });

The parameters are the ID of the table, the column to check, the column to apply the css to, the css to apply and the delegate function to call on each check. The function handles looking for the "#" in ID and providing its own if you don't. This is due to me using ID's to refer to tables, not classes, you will have to remove the check in the method if you use classes.

This is the function:

     var strikeTable = function (table, checkcell, altercell, wholerow, cssclass, delegatecallback) {
         // remove this if you are using tables with classes
         var tbl = (table.indexOf("#") == -1 ? "#" + table : table) + " tr";
         // iterate through each table row
         $(tbl).each(function () {
             // using the value in cell
             var tc = $(this).find('td').eq(checkcell);
             // and the result of the delegate check
             // either alter the css of the [wholerow]
             // or just cell [altercell]
             if (delegatecallback(tc))
                 if (!wholerow)
                     $(this).find('td').eq(altercell).addClass(cssclass);
                 else
                     $(this).find('td').addClass(cssclass);
         });
     }

The delegate method will be passed the cell object. You must write a delegate that will return a true/false based on your needs. Either checking for a cell value, a checkbox being checked, the value of a drop down list (ect...). This way the same method can be used for a variety of table checks.

I will add more as I update the function. If there is some shortcut I haven't mastered yet that would improve the function or some check I should perform I'd like to know about it.

You can find a working copy of the code (jslint verified) at JsFiddle


Android Bloatware

October 12th, 2010 admin Posted in Android, Usless Rants | No Comments »

Perfect article sums up my frustration with all of the crap installed on my new Vibrant. Way to go tmobile, forcing your customers to essentially break (rooting) the security of the phone to install an application capable of removing the applications they did want nor asked for to begin with. Truly pathetic.

http://www.wired.com/gadgetlab/2010/07/bloatware-android-phones/


ESXi raid performance, really?

September 12th, 2010 admin Posted in General Rants, Virtualization | No Comments »

We've been using a few ESXi servers for our virtualization requirements and as always, we are pretty big fans of Adaptec cards. Well, during a copy operation last night, the vSphere (why do they insist on changing all of their program names so often) utility claimed that the copy operation had maxed out at 340577/KBps. This is rather shocking as we have never seen a write/read operation on that array since we installed it. The huge increase in performance can only be attributed to the recent upgrade of ESXi to 4.1.

Either that or the vSphere program just went nuts.


« Previous Entries