SAN FRANCISCO (CBS.MW) -- Isn't it ironic. In the war against
unsolicited e-mail, automated Spam blockers are actually getting in the
way as they block legitimate mail from the government. The federal
government on Friday began accepting consumers' requests to be put on
its "Do-Not-Call" registry, a nationwide listing of people who don't
want to be solicited at home via calls or e-mails. The Federal Trade
Commission is responsible for administering the program.
A person who wants to be included on the list will receive an e-mail
from the government, then must send back an e-mail reply as
confirmation. But a problem's arisen, as at least one major processor of
e-mail -- Yahoo -- is blocking the confirmation e-mail, according to
NetFrameworks, a tiny 25-person security company. NetFrameworks monitors
Spam control mechanisms from the largest mail carriers, like Yahoo
(YHOO), America Online and Microsoft (MSFT).
"The irony of it is that the confirmation e-mail is being blocked by
Yahoo, and therefore you will not receive the confirmation mail," said
Eric Greenberg, chief technology officer of NetFrameworks and a former
product manager for security at Netscape, now part of the AOL Time
Warner (AOL) empire.
"It's very difficult to make the technology work... Spam blockers are
automated and the software rules are arbitrary," he said.
A decade in the making, the federal do-not-call rule officially takes
effect on Oct. 1. Companies that call phone users who are in the
registry will be liable for steep fines -- as much as $11,000 per call.
As of 10:30 a.m. Eastern time, 250,000 phone numbers had been
registered, according to the FTC.
"It's very difficult to make the technology work... Spam blockers are
automated and the software rules are arbitrary," he said.
It's a shame the press are putting the blame for this on anti-spam software,
as it's clear that the DoNotCall.gov people have brought the problem on
themselves by not running a standards-compliant mail system.
What's worse is they knew this was coming and didn't do anything to prevent
it! It appears Mr. Callahan's message to nanog wasn't to look for advice on
how not to trigger spam filters -- it was to beg us to add his systems to
our whitelists so his suspicious-looking mail would go through.
Looks like a case of "Good enough for government work" in action.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
"The irony of it is that the confirmation e-mail is being blocked by
Yahoo, and therefore you will not receive the confirmation mail," said
Eric Greenberg, chief technology officer of NetFrameworks ...
... who hasn't a clue what he's talking about.
I checked with a friend who's a tech manager at Yahoo, and when I gave
him the IP range that donotcall is using (I registered at 1 AM when it
was fast and got most of my mail right away), he checked and found
that in fact Yahoo hadn't blocked anything and at worst had filed some
of them in the Bulk folder, since they're certainly bulky.
Other people have reported delays of up to 11 hours getting their
confirmation mail, so it's clear that a few people have misinterpreted
slow mail as blocked mail.
The donotcall.gov project certainly does seem to have been a learning
experience. Next time there's a project like this that's going to
have a big first day spike it'd make sense to do load shedding and
divert peak traffic to a server that says "sorry, we're overloaded,
please come back tomorrow and don't panic because you have until the
end of July to sign up and be on the first release of the list." That
and fix the rDNS and price out some alternatives to Redmond Bloatware,
of course.
Next time there's a project like this that's going to
have a big first day spike it'd make sense to do load shedding and
divert peak traffic to a server that says "sorry, we're overloaded,
please come back tomorrow and don't panic because you have until the
end of July to sign up and be on the first release of the list." That
and fix the rDNS and price out some alternatives to Redmond Bloatware,
of course.
...and ask the questions asked here (much!) more than a few hours prior to the event start/spike.
Coming here to ask what was asked was obviously a smart move by Mr. Callahan, but one and a half days prior to launch was way too late to successfully implement any of the (very good) advice given.