You are viewing tacit

dragonpoly
The sun rises in the east and sets in the west, as every fule know.

What we don't often think about is this is really true only at the equator, and even there it's only entirely true during the solstices. For people anywhere else, or at any other time, the sun actually rises in the northeast and sets in the northwest (if you're in the southern hemisphere) or rises in the southeast and sets in the southwest (if you're in the southern hemisphere). Or at least it would, if the earth weren't tilted on its axis.

Since the earth is tilted, not only does the sun generally not rise and set at locations 180 degrees apart from each other, the location of sunrise and sunset wobbles as the year goes on.

When you're north of the Arctic Circle, things get really weird.

At the summer solstice, the sun doesn't set at all, and during the winter solstice, it never rises. The rest of the time, it makes circles in the sky. The circles wobble as the year goes by...during the summer, most of the circle is above the horizon, and as winter comes, the circle sinks below the horizon. (So, if you plot the path of the sun in the sky--when it is in the sky--over the course of time, it actually does a spiral.)

Last night, Eve and I climbed to the top of Anvil Mountain just outside Nome, Alaska (which is near enough to the Arctic Circle to see some of the weirdness) at 2 o'clock in the morning to watch the "sunset." I say "sunset" because it's still pretty much full daylight out. The sun dips just barely below the edge of the horizon, but it doesn't stay there, and it comes up again shortly thereafter...meaning we saw a simultaneous sunset and sunrise.

The red in the sky on the left of this panorama is the sunset. The red in the sky on the right is sunrise. The sun is traveling in a shallow arc that just barely dips beneath the horizon.

Click on the picture to embiggen!

Nome, Alaska: The Last Train to Nowhere

dragonpoly
As the result of a lengthy and somewhat improbable series of events, I'm in Nome, Alaska with my sweetie Eve, working on another book.

A few days back, we took a drive on the one road that goes through Nome. Nome is inaccessible by car; the only road links it to the nearby towns of Council and Teller.

If you drive out toward Council, a trip I recommend only during the summer and then only in a large 4WD vehicle, about twenty miles from Nome you'll come across the long-deserted ghost town of Solomon, a leftover from the gold rush in the early 1900s. Near Solomon, you'll find what's left of a failed attempt to bring rail service to Nome.



In 1903, an enterprising group of people formed a company to build a railroad to serve the gold mines near Solomon. They bought a bunch of secondhand elevated railway engines from New York City and hauled them up to Nome by barge.



In 1907, a storm washed out the one rail bridge between Solomon and Nome, leaving the trains stranded on the edge of the water. The company folded and simply walked away, leaving the trains where they were, to quietly rust away into the tundra.



That seems to be a common theme in Alaska. The landscape is dotted with abandoned mining equipment, wrecked construction vehicles, and huge pieces of machinery simply left where they were when they became inoperable.

The locals call this steam engine graveyard "The Last Train to Nowhere."



Even during the summer, it's cold and windy here. The train never was reliable under the best of circumstances, so it's no surprise there was no effort to replace it.





Piracy and More Than Two: Caveat Emptor

dragonpoly
This Blog post has been updated; updates are at the end.

Recently, a concerned blog reader sent me an email alerting me to a Web site that claimed to have a free ebook download for More Than Two, the polyamory book Eve and I just finished. He found the link on a YouTube "video" that was basically just a still spam image claiming that the book could be downloaded free, with a Web link in the description. The YouTube page looks like this:



Naturally, I was concerned; Eve and I have put a tremendous amount of work into the book. The eBook isn't slated to be released until September 2; only our Indiegogo backers have a copy of it, so if it's leaked, it came from one of our backers.

The download site is a place called masszip.com. It claims to have a huge number of "free" ebooks available for download, all of them pirated versions of books that are most definitely not free.

On the masszip.com page for More Than Two, there is a prominent "Download Now" button. Clicking it causes a "Premium Content" popup to appear:



The popup has several links for various online "surveys" and advertising offers. If you click on one of them, you are taken to another site called cleanfiles.net, which then redirects through a number of affiliate-tracking intermediaries to one of the sites offering "free*" (*particioation required) gift cards, surveys, and the other sorts of flim-flam that fill the scummy and less reputable corners of the Internet.

Both masszip.com and cleanfiles.net are served up by the Cloudflare content delivery network. I'm planning an entire computer security blog post about Cloudflare; they are either completely incompetent or totally black hat, and provide content delivery services for a wide assortment of spammers, malware distributors, and phish pages. (I've mentioned Cloudflare's dysfunctional abuse procedures in a previous blog post.)

I jumped through all the hoops to download a copy of More Than Two, using a disposable email address created just for the purpose. The sites signal cleanfiles.net that you've finished the "survey" or filled in an email for an insurance quote or whatever, and then a file downloads.

It's not necessarily the file you expected, though.

The first time I did this, I got a file that claimed to be an epub, all right, but it wasn't More Than Two. It was a file called Ebook+ID+53170.rar, which uncompressed into a file called "Words of Radiance - Brandon Sanderson.epub". Words of Radiance looks to be a real book--a somewhat pedestrian fantasy story about kings and assassins and heroes with secret powers.

The file was not actually an ebook, though. It was actually a Windows executable; and, needless to say, I would not recommend running it. In my experience, Windows expecutable files that mislead you about their names usually have nefarious purposes.

I tried the download again, using a different "survey" link and a different throwaway profile, and ended up being taken to this page:



I'm betting the violation of the Mediafire terms of service probably related to malware.

So basically, the site offers pirated eBooks, but actually makes you fill out surveys and apply for various kinds of insurance quotes and so on, presumably all to make money for the folks who run it. It doesn't actually deliver the goods, however. Instead, it delivers Windows executables of undetermined provenance that likely don't do anythig you want them to do.

I examined each of the links and discovered the owners of the site are using three different affiliate tracking systems to make money. The affiliate system you're routed through depends on which link you click. The system looks something like this:



Presumably, they also make money from malicious file downloads.

The site at trk.bluetrackmedia.com is an affiliate tracking site run by Blue Track Media, which bills itself as "The Performance-Based Online Advertising Company." Typical URLs that run through Blue Track Media look like

http://trk.bluetrackmedia.com/cclick.php?affiliate=3239&campaign=9600&sid=139267348_21118_w_161238&sid3=2859

The people responsible for this scam are identified by the affiliate code "affiliate=3239".

The site at adworkmedia.com is an affiliate tracking site run by AdWorkMedia, a site that monetizes Web sites using "content locking," where certain parts of the site are blocked until the visitor does something like fills out a Web survey or gives his email address to an advertiser. Typical URLs that run through AdWorkMedia look like

http://www.adworkmedia.com/go.php?camp=7012&pub=11178&id=15672&sid=&sid2=2736&sid3=LinkLocker&ref=&shortID=198717

t.afftrackr.com is a site registered to a guy named Ryan Schulke. It's listed as malicious by VirusTotal.

I can't find out much about quicktrkr.com, except that it's a new site registered February of this year, 1.quicktrkr.com is hosted on Amazon EC2, and it's protected by a whois anonymizing service in Panama.

So in short, here's the scam:

A Web site, masszip.com, promises free stolen eBooks. The site is a front-end for another site, cleanfiles.net, which makes money by using an affiliate system to try to get you to fill out surveys and similar offices. Advertising companies like AdWorksMedia and Blue Track Media pay the site owners whenever you fill out one of these surveys or offers.

If you do this, a file downloads to your system. it will claim to be an eBook (though not the eBook you thought you were getting), but analysis of the file shows it's actually a Windows executable. The scam is spamvertised via YouTube "videos" that are actually nothing but spam front-ends.

If you're looking for a copy of our book More Than Two, I suggest you don't take this route. I understand that waiting for the book to be released on September 2nd might feel like agony (believe me, it does for us too!), but it's a lot less likely to get your computer infected with malware, and it won't help line the pockets of scammers at your expense.

Interestingly, some of the advertised sites you end up with if you jump through all the hoops are actually mainstream, big-name companies like Allstate and Publisher's Clearinghouse, which apparently have no compunction in associating their brands with scams and malware.

UPDATE: The site at t.afftrackr.com appears to be owned by Cake Marketing, and is part of their affiliate tracking system. A Google search for t.afftrackr.com shows a very low confidence in the site, and a number of complaints and dodgy associations.

UPDATE 2 (1-July-2014): The YouTube account of the scammer has been terminated. I received an email this morning from Blue Track Media, saying the affiliate account of the scammers had been closed.

The scam is still active, and it's now using the affiliate tracking company Adscend Media. Typical URLs used in the links on the scam download page look like

http://adscendmedia.com/click.php?aff=12842&camp=29168&crt=0&prod=3&from=1&sub1=141558590_21118_w_161238&subsrc=2859

I also filed a DMCA report with Cloudflare, and received a reply that basically says "we are a content delivery network, not a conventional Web host, so we don't have to listen to DMCA reports." Cloudflare is continuing to provide services to the scam Web sites.

UPDATE 3 (1-July-2014): Only a few hours after I emailed Adscend Media about the scam, I received an email saying they'd also terminated the scammer's affiliate account.

Sex Tech: Adopting the Brain's Plasticity

dragonpoly
Some while ago, I read an article about a gizmo made of a black and white video camera attached to a grid of electrodes. The idea is that you wear the electrodes on your tongue. Images from the video camera are converted into patterns of electric signals on the electrode, so you "see"--with your tongue--what the camera sees.

Early users of the prototype gizmo would wear a blindfold and then try to navigate around just by the electrical impulses on their tongues. What's most interesting is not only were they able to do this, but they reported that, after a while, their memories were not of sensations on their tongues, but of seeing a fuzzy, black and white image.

The brain is wonderfully plastic, able to interpret new kinds of sensory input in amazing ways. It can rewire itself to accommodate the new input; in fact, the tongue-electrode thing is being commercialized as a device for the blind.

As I do, when i first heard about this, I naturally thought "how can this be used for sex?" And I think it has fantastic potential.




Imagine, if you will, a wearable dildo, rather like the Feeldoe, that's designed to have one end inserted in the vagina. Only imagine that we take the same kind of electrodes used in the tongue-camera device, and send signals to the electrodes not from a video camera, but from small touch sensitive sensors mounted just below the skin of the dildo.

These sensors would be mapped onto the electrodes so that when something touches the sensor, you'd feel a corresponding signal from the corresponding electrode.

I'm not an artist, but I made a couple of crude animations to illustrate the idea:





What would happen?

I believe that after a period of adjustment, this dildo would be incorporated into the brain's somatosensory perception. The brain would, in essence, modify its model of the body to accommodate the dildo--it would, rather quickly I suspect, cease to be perceived as a thing and become perceived as a part of the body. Stimulation of the dildo would begin to feel like stimulation of yourself.

And isn't that an interesting idea.

The neural density in the walls of the vagina isn't as great as the neural density of the tongue. I don't think that's a problem, though; the neural density of the shaft of the penis isn't as great, either.

One potentially interesting twist on this notion is to map the most sensitive part of the penis, the underside just below the glans, onto the most sensitive part of the body--the clitoris. The sensors of the shaft would map onto electrodes in the bulb worn inside the vagina, except this part, which would map onto the clitoris--mapping the sensitivity of a natural penis.

Another potentially interesting thing to do is to make the sensors on the dildo pressure sensitive, with firmer touches creating stronger impulses from the electrodes.

Now, there's a lot of experimentation between this idea and a real device. I don't know the neural density in the walls of the vagina, but it would impose a limit on how many electrodes could be placed on the dildo. Would there be sufficient density to be able to create a fine tactile sense? I think the answer is probably "yes," but I'm not sure.

I'm also not sure how much processing would be required. I'm guessing not much; certainly much less than is required with the vision sense. The tongue-vision thing is trying to do something far more complicated; it's trying to register sufficient information to allow you to navigate a three-dimensional world. A circle seen by the camera might be a lollipop right in front of your face or a billboard far away; because the tongue has no way to represent stereo imagery, there's no way to tell. So the processor has to allow the operator to be able to zoom in and out, to give the user a sense of how far away things might be. It has to be able to adjust to different lighting conditions.

The dildo, by way of contrast, merely has to respond to physical touch, which maps much more easily onto the array of electrodes. It's pretty straightforward; if something's not touching a particular sensor, its electrode isn't producing a signal. The amount of processing might be low enough to allow the processor to be housed inside the dildo, making the device compact, and not requiring it to be tethered to any electronics.

I think this thing could be hella fun. It would allow people born with vaginas to have a remarkably good impression of what it's like to be born with a penis.

In a world where I had infinite free time, I'd put together a crowdfunding campaign to try to build a working prototype. Even without infinite time, I'm considering doing this. Thoughts? Opinions?

Badass is Back, and dealing with squicks!

dragonpoly
In this new addition to the lore of Badass McProblemsolver, he offers his calm, wise advice about how to deal with feeling squicked because your girlfriend wants to have sex with another man. Check it out!

Tags:

dragonpoly
I was sold a bill of goods.

We all were, really. It was a bill of goods we'd been promised for years, with the reboot of the popular BBC TV show Dr. Who.

I loved Dr. Who as a kid. I had a secondhand television set in my bedroom when we lived in rural Nebraska. We didn't have cable, and we were way out in the middle of nowhere, so we only got two stations: PBS and something I don't remember (because if you have PBS, what else do you need?). I'd watch Tom Baker romp around the universe with his sidekick Louise Jameson (my second celebrity crush) in cheesy low-budget glory.

The new Dr. Who promised to be something darker, something more complex, something less campy and more menacing. And, for a time, it delivered.

Oh, sure, it had problems. Russell T. Davies' epic misogyny was tiresome and sad, like that one relative who overstays his welcome at every family get-together, the loser who drinks too much and starts rambling about how in his day, women didn't run for political office before he ends up passed out on the table with all the leftovers scattered around him and his head in the plate of mashed potatoes.



Eventually, the show realized it was actually Mr. Davies' bigotry that looked tired, and Steven Moffatt took over the reins. His sexism is still there, to be sure, though it's a more covert sexism, a sexism that sees female characters as "strong" provided they don't, you know, talk too much or stray from gender roles. But that, perhaps, is a topic for another essay.

Ah, Steven Moffat. The man who blinks at the edge of the Abyss. The man who promises but can't deliver.




The Promise

When you think of the new Dr. Who, what comes to mind? The character of the Doctor has been re-imagined in a much darker way than the original. This is not the Tom Baker Doctor; this is a doctor much more complex, much less cartooney. This is the Doctor who is always running--but not necessarily from Daleks or Cybermen as much as from himself. This is the Oncoming Storm, the Doctor capable of atrocity, the Doctor who disowned his own name after he destroyed his entire species. This is the Doctor driven by remorse, grief, and a vast, aching ocean of loneliness. This is a Doctor at war with himself.

That's what the new series offered, and, for the first several years, delivered. In the re-imagined Dr. Who, we were introduced to a character made up of equal parts whimsey and rage, hope and regret. This was a Doctor of contradiction, a Doctor capable on the one hand of rejoicing "Just this once, everybody lives!" and on the other of inflicting infinite punishment on those who anger him. "He never raised his voice. That was the worst thing, the fury of the Time Lord... And then we discovered why." This is a Doctor capable of acts of almost inconceivable fury. This is a Doctor who, while deriding genocide, is altogether comfortable with it.



Where did this psychological complexity come from? According to Steven Moffat, from his own past, from his own decision some countless number of centuries ago to destroy his own kind and the Daleks in order to prevent their war from swallowing up everyone else. He looked into the Abyss, and he chose atrocity. He made the choice, consciously and with awareness of the outcome, to commit genocide. Living with the consequence of that choice has defined his character since.

This is the grownup Doctor, the Doctor for adults. The Destroyer of Worlds, the Oncoming Storm, the Bringer of Darkness, with a goofy grin and a Fez and an irrepressible sense of optimism that flies in the face of everything he's seen. This is the new Doctor.

Or so we were told.




The problem

Many heroes have darkness in their pasts. It's a rather pedestrian storytelling technique. The most simplistic versions of it, repeated in nearly every comic book since the dawn of time, involves a traumatic event inflicted on the protagonist by an outside party, which becomes the protagonist's reason to become a hero. Spider-Man and Bruce Wayne had people close to them murdered by bad guys. It's a cheap trick, a quick way to jump-start a hero without having to work too hard.

Sometimes, storytellers will go a more ambitious route, and make the Dark Tragedy that compels the protagonist forward an atrocity of the character's own making. This is the strategy employed in my all-time favorite novel, Use of Weapons. When it succeeds, it succeeds well.

It's a difficult thing to do, though. Presenting a character the audience is expected to see as sympathetic and to be able to identify with, and who is also capable of acts of atrocity the audience finds repugnant, requires considerable finesse in the craft of storytelling.

There's a problem that one faces, when one is a storyteller dealing with a protagonist who, we are told, is capable of atrocity. At some point, we, the audience, must see the atrocity, or else it becomes a gimmick. If we are told the protagonist is capable of this repugnant thing, but we are never shown it, it's simply another cheap trick, too easily ignored. Eventually, the TV show was going to have to come to a point where we, the audience, would have to be taken to the abyss. We were going to have to see the act, if we were to continue to take it seriously.

That moment came in a Dr. Who show called The Day of the Doctor, and Steven Moffat almost--almost--pulled it off.

The Day of the Doctor could have been one of the best hours of television filmed in a long time. Instead, it made me utterly abandon any interest in continuing to watch the show, and totally undermined any confidence I have in Moffat's ability to tell a story.

It should have worked. It really should have. I mean, for Chrissakes, they got John Hurt to play the zeroth Doctor, the Doctor whose act of atrocity laid the groundwork for everything that came after.



The Blink

Dr. Who has always been a corny show, with the degree of corniness waxing and waning as different writers tried their hand at the character. (The Titanic ramming through the TARDIS walls in one particularly atrocious and best-forgotten episode, for instance, will not exactly ring down through the ages as television's highest moment of artistic achievement.) There is, naturally, a bit of corniness in The Day of the Doctor,, and the episodes leading up to it. That's to be expected. It's the characters and not the situations that matter most, right?

So we are introduced to the War Doctor, the Doctor before he renounced his name, the Doctor who was the person all the other Doctors would spend their lives running away from, the Doctor who made an unthinkable choice for which he and all his future incarnations would be driven by remorse. We saw, by the device of time-travel and simultaneous presence, the revulsion and contempt his future selves hold for him. We saw, starkly, the Doctor's self-loathing put on display. We, the audience, were walked through the events that led to this unthinkable choice, the anguish, the despair, the cold moral calculus that justified it and the emotional response to what it implied. We saw all that.

And then, we saw those future Doctors, the ones who had spent centuries running from that choice, the ones who held the man who made them in such contempt, join him at that hour. Wait, the later versions said. You were the Doctor on the day it wasn't possible to get it right. But this time, you don't have to do it alone. The past Doctor and the future Doctors, reaffirming that this act was the right--the only--thing to do.

This was a gutsy, brilliant piece of storytelling. This was the storyteller leading us to the edge of the Abyss and saying, see, this character you love, he is capable of atrocity, and he would do it again. This was the Doctor saying, all these centuries I have lived with this guilt and this remorse and this shame and this self-loathing, and I would do it again. From here, from the vantage point of all these centuries, with all that has happened, it was still the right thing to do. This was the twin irreconcilable pillars of the character's psychology, the essential paradox of his makeup, the Doctor's compassion and the Doctor's capacity for genocide, reconciled. This, maybe, was the beginning of the Doctor's coming to terms with himself, the path away from self-loathing and grief.

And Moffat blinked.

But he's the Doctor! Everybody loves the Doctor! He wears a fez! He's nice to puppies! He helps little old ladies cross the street! We can't show the Doctor doing this!

And so, in a ridiculous last-minute deus ex bigger-on-the-inside-machina, he blinked. No, we won't make him do this! We will paint ourselves out of the corner we've painted ourselves into because...the TARDIS is magic! Alternate dimensions! But we won't actually change the Doctor's character because...because, um...time loop! Memories! He'll still believe he did this terrible thing even though he didn't! Nobody actually has to make hard choices, not for real! Retcon! Retcon!




I can forgive a lot of things.

I can forgive uneven writing. I can forgive lapses in continuity ("Even a Time Lord's body can be dangerous, so we have to burn it...no, wait, Time Lords don't leave behind bodies when they die, they leave a special effect instead!") I can pretend that episode about the Titanic didn't happen.

But I can't forgive cowardice.

What happened in The Day of the Doctor was cowardice. It was a storyteller making a promise he didn't have the guts to deliver on. It was not crediting us, the audience, enough to believe that we could take you seriously about the genocide thing and still want to keep traveling with this character. It was the easy way out--I promised you this...oh, no, only kidding! The Doctor would not really do that. Not for serious.

I can't forgive cowardice, and the television show no longer interests me in the slightest. I simply don't care enough to follow it any more.

We were sold a bill of goods. The box is empty. The Emperor has no clothes. Steven Moffat can keep his robotic bad guys with their plunger arms and little flashy lights. I want stories that aren't afraid to go where they promise. Now, where's that Culture book?
dragonpoly
In this week's episode of Badass McProblemsolver, our plucky polyamorous advice-giver answers a thorny backer question: How do you get back into the world of dating after many years in a relationship? Check it out!

Tags:

Some thoughts on love and sacrifice

dragonpoly
I recently encountered, during the normal course of my regular trawling across the width of this thing we call the Internet, an essay posted on the Psychology Today Web site. The article is a rejection of the notion that adultery is okay (an argument made by a different essay on a different site) and, as far as that goes, I have no quarrel with it. If you're going to make a promise of sexual fidelity, keep it. If you can't,renegotiate the relationship or end it.

But the problem comes near the essay's end, where the author says:

More generally, the author doesn’t seem to appreciate that the value of commitment is based in part on the value of what is given up for it. Of course, sexual desire has a unique pull on most of us. But promises of fidelity would mean much less if we were promising to give up something we didn’t want! The fact that most of us want sex so much is why it means so much when we promise it to just one person...


And I find this argument to be very problematic indeed.

I reject this premise wholeheartedly. I do not--I cannot--buy the notion that in order for something to be valuable, we have to sacrifice something in order to have it.

This idea is one of the malignant gifts bequeathed on us by our Puritan ancestors, who believed it so passionately they never saw the hypocritical self-contradiction in it (they yearned for an afterlife in which there is no want, no suffering, and everything is perfect forever, and they thought the way to get there was by rejecting what you want, by suffering, and by working against basic human happiness...something they regarded with suspicion at best and hostility at worst.)

I think, rather, that the value of a thing is not what we give up in order to have it, but instead whether that thing is an authentic expression of who we truly are.

There is nothing noble in denying who you are in order to get something you want. Just the opposite: that is the most craven sort of commerce, exchanging truth for gain. We rightly deride dishonesty in politicians and businesses; we understand that pretending to be something you're not in order to get votes or money is a perfidious act. Why don't we understand the same thing about love?

There is no virtue in exchanging your true self for the affections of someone else. Love admits no such cynical transaction. Love is most meaningful when those who love us know who we truly are and love us anyway. It is not about what we can make those we love give up; it is about how we can help those we love be the most genuine, the most honest versions of themselves.

We do not make an act of fidelity meaningful because we don't want to do it. We make an act--any act--meaningful when it most truly represents who we are, when it most honestly shares what we actually desire. Believing that sex is valuable because we pledge it to one person when we really want to do just the opposite is the most crass kind of commoditization of both sex and love. Matters of the heart are not about artificial scarcity and transactional gain.

Badass McProblemsolver goes to a party

dragonpoly
We've just released a new video for More Than Two! In this video, Badass McProblemsolver goes to a party to answer a backer question. See if you can spot the tardigrade.

The Dangers of Digital Outsourcing

dragonpoly
Email is hard.

The standards we use for email date back to the 1980s. They were based on even more primitive email standards develiped in the late 1960s and early 1970s.

Computer networks were a very different animal back then. The ARPAnet, one of the precursors to the modern Internet, had 50 systems on it. Everyone knew each other. Only a small handful of "email addresses" existed. There was no security and no authentication, because you knew all the other people who had email access.

Today's email system is a hacked-together, tottering patchwork of different ideas and implementations, with all kinds of additions and extensions bolted on. It's still woefully insecure, and it still has its roots in an earlier and vastly simpler time.

This means running email servers is hard. Even if you're a big ISP, running email servers is hard. And it's expensive. Even the most dedicated sendmail guru will tell you getting all the configuration wibbly bits correct is difficult and tedious, and it's easy to make mistakes.

So more and more people are outsourcing their email. Even large ISPs are turning to Google to run their mail servers. Everyone knows about gmail, but most people don't know that gmail can also take over your company's mail services, dropping the "@gmail" bit for whatever you want. Google is good at email and it's a lot cheaper to have them run your email than it is to do it yourself.

Which creates a problem.




Most email is spam, by a huge margin. About three-quarters of all the email sent anywhere is spam. The only reason you can still use your email is filtering, filtering, filtering. The stuff that lands in your inbox is the tiny drip, drip, drip of spam that gets through the filters holding back the torrential flood.

This happens because email standards were invented in a time when there were 50 computers on the entire net and everyone knew everyone else, so there is absolutely no authentication built into email. I can send you mail from any address I want and your server will blindly accept it.

Now, most of the Internet doesn't like spam. Or, at least, it pretends not to. (Many mainstream ISPs and affiliate advertising companies turn a blind eye to it, because profit--but that's a post I'm working on for another day.)

ISPs have certain "role accounts"--email adddresses that are always the same, such as postmaster@whatever, hostmaster@whatever, and abuse@whatever.

The abuse@ email address is where you send reports of, naturally, abuse. If an ISP is hosting a Spamvertised Web site, or has been hacked and is being used to spread viruses, or is the source of spam emails, you send notifications and copies of the spam emails to abuse@.

So, naturally, you can't put spam filters on the abuse@ email address, for obvious reasons. If you spam-filter abuse@ and I try to send you notification of spam that's being sent from your servers, the notification will get filtered and you won't see it.

In fact, "thou shalt not put spam filters on your abuse role account" is in one of the documents that specifies what makes the Internet go. The standards and protocols that make the Internet work are outlined in a series of technical documents called "RFC"s, and RFC2142 spells out what role accounts an ISP should have, what they're used for...and oh yeah, don't run a spam filter on your abuse@ address because that would be really stupid.

The problem is that more and more ISPs are realizing that email is hard, running email servers is hard, and it's a lot cheaper and easier to let Google just handle all your email services for you.

And Google automatically filters spam.




Email is hard.

Part of the reason email is hard is every email address can be configured in a zillion different ways with a zillion different options.

Google has built a set of options that make sense for most email addresses most of the time, and when you turn over your email operations to Google, that's what you get.

One of those options that makes sense for most email addresses most of the time is spam filtering. When ISPs and Web service providers relinquish control of their email services to Google, they're often not even aware that Google filters spam by default. They don't know they are filtering their abuse@ address, because who would do that? How dumb would you have to be to put a spam filter on an email address intended for reporting spam, right?

So we get things like this:








Here's the bounce:

<help@cloudflare.com>: host aspmx.l.google.com[173.194.64.27] said: 550-5.7.1
[67.18.53.18 7] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to
Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1
http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550
5.7.1 more information. ny4si6062371obb.164 - gsmtp (in reply to end of
DATA command)
Reporting-MTA: dns; gateway07.websitewelcome.com
X-Postfix-Queue-ID: 0FF09169EDAB
X-Postfix-Sender: rfc822; franklin@franklinveaux.com
Arrival-Date: Fri, 28 Mar 2014 16:31:17 -0500 (CDT)


This was a bounce that came back from a "phish"--a phony PayPal or bank site designed to trick people into giving up sensitive information--that Cloudflare, a content delivery network, was serving. I reported the phish to them on March 28. When I checked it three days ago, it was still there, still stealing people's passwords.

And it's not isolated. This is an incredibly common problem:




<abuse@jaguarpc.com>: host alt2.ASPMX.L.GOOGLE.com[74.125.29.27] said:
550-5.7.1 [67.18.62.19 12] Our system has detected that this message
is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to
Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1
http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550
5.7.1 more information. x7si1316702qaj.209 - gsmtp (in reply to end of DATA
command)
Reporting-MTA: dns; gateway01.websitewelcome.com
X-Postfix-Queue-ID: C61B24C69D52
X-Postfix-Sender: rfc822; franklin@franklinveaux.com
Arrival-Date: Sat, 3 May 2014 15:54:51 -0500 (CDT)





<abuse@gigenet.com>: host ASPMX.L.GOOGLE.com[173.194.64.27] said: 550-5.7.1
[67.18.22.93 12] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to
Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1
http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550
5.7.1 more information. ij7si5132986obc.180 - gsmtp (in reply to end of
DATA command)
Reporting-MTA: dns; gateway05.websitewelcome.com
X-Postfix-Queue-ID: 9FB7A4A9184F7
X-Postfix-Sender: rfc822; franklin@franklinveaux.com
Arrival-Date: Mon, 5 May 2014 02:07:56 -0500 (CDT)


Most folks, when they see the bounce message, are like "d'oh!" and find a way to turn off filtering their abuse@ message. (Cloudflare seems to be a bit of a special case; they tend to get defensive and snarky instead. That's disappointing, as their founder was an early anti-spam pioneer.)

The dangers of outsourcing bits of your business is that you necessarily lose control of those bits. When you're an ISP or a Web service provider and you outsource your email services, well, losing control of your email services can have some unfortunate consequences. When you filter your abuse@ address, you soon become a haven for spam and malware and phish pages and all sorts of other nasties...because you don't know you're hosting them.

So what's the solution?

Ideally, a complete overhaul of email. Since that's about as likely as Elvis stepping out of a flying saucer in Times Square and handing me a winning Powerball lotto ticket, I'm not holding my breath.

Another solution is for ISPs to acknowledge that the work they do is hard, and just doing it. That's a bit more likely, but it still involves things approximately as probable as Elvis and flying saucers--perhaps Elvis handing me a chocolate bagel rather than a Powerball ticket--so I'm still not holding my breath.

But it might be in the realm of possibility for Google to set up their configuration to turn off spam filtering by default on any email address that contains the word "abuse."

Anyone know anyone who works in Google's email services department?

Syndicate

RSS Atom
Powered by LiveJournal.com
Designed by Lilia Ahner