A Horribly Wrong Attempt at Doing it Right

For several years, I have made it a practice to have separate email addresses (aliases) for separate purposes. This has made it easy for me to dispose of addresses when I no longer needed them – usually when I no longer wanted to receive emails from parties to whom I’d given the addresses. This also makes it easy to detect, and shut off mail from, companies that add you to their spam lists. Examples include online stores that I’d buy from (store_name@example.com), annoying realtors (city_i_want_to_buy_in@example.com), and addresses I’d use in a variety of online forums (online_dating_profile@hotmail.com). If you own your own domain name, or have a good email provider, this process is generally fairly simple.

Recently, I noticed I wasn?t getting any emails from Meetup.com. I?d just unsubscribed from a bunch of groups and changed others to not email me anymore, and since I hadn’t hosted any events in my group for some time, I didn’t think anything of it. As I’ve spent most of the last couple of months traveling, I did not miss the deluge of notifications of activities I wouldn’t be able to participate in anyway.
Separately from this, I had stopped receiving emails from American Express. I did not really notice this until I attempted to reset a password and never received the confirmation email that was to allow me to make the change. I sent myself a test email, and got it immediately, so I figured it was an issue on their end. As an alternative, I had Amex text me the confirmation code I needed, and promptly forgot about the email problem.
I also stopped receiving emails from Amazon.com, telling me my order had been received. But since I was getting text alerts of the package shipping and delivery status, I felt like I was still in touch with Amazon, so I didn’t think anything of it.
Finally, my financial advisor needed me to sign some electronic documents, and they kept emailing me, telling to sign them. I kept waiting for the forms, coming via Adobe’s document signing service, and they never arrived. Then I started to do some simple math and realize that we had a problem.
So I began to pay attention to this problem and troubleshoot it. My personal email was hosted at a budget hosting provider, and then forwarded to a Gmail account. I would send test emails to myself, and they would show up. I checked my junk mail folders, and searched everywhere, but could not find any recent emails from Amazon, Amex, Meetup, and other vendors, yet my tests came through! Why? Now that I was aware of the problem, I had to know, so after I’d exhausted all the troubleshooting I could do myself, I opened a chat session with my hosting provider. The results were astounding.
But first, a little background information. DNS – Domain Name System – is the service that translates somewhat human-friendly Internet site names, e.g., nikolaidis.com, amazon.com, and example.com, into computer-friendly numbers, e.g.,,, and There are several types of DNS records, and one of them is SPF, short for Sender Policy Framework. This began as a proposal several years ago to allow for some sort of authentication of email.
Most people probably do not realize that, in most cases, it is quite trivial for anyone to send email as just about any address they want, and unless the mail servers’ administrators take deliberate action, there’s nothing stopping this. This means that I can quite easily send an email to you as support@amazon.com, telling you to click the link below to reset your password, and if you are gullible enough to do so, steer you to a phishing site where I steal your credentials. SPF is an attempt to combat email forgery, but allowing owners of domains to set up authorized lists of email servers that they can send email from. If the owner of the domain configures this, and the receiving mail server actually checks it, this can be an effective way to authenticate the sending server and allow or reject the email, based on its validity.
Back to my budget host. A couple of months ago, supposedly to comply with an ICANN regulation (which I do not buy for a second), my host made a change that enforces checking of SPF records. To prevent spoofing of emails, they will not forward any email for a domain that has an SPF record unless they are authorized to do so. This means that if I am not Amazon.com, my host will not forward emails claiming to be from Amazon.com. So far, so good.
Some mail systems have the concept of an alias, which is one way of saying “anything addressed to bob@example.com goes to robert@example.com.” Another way to accomplish this is to set up an email forwarder, which is another way of saying “any emails that come here for bob@example.com we will forward on to robert@example.com.” If the difference seems trivial, it can be. Essentially, forwarders are usually used to send email to a different mailbox or server, whereas aliases are both local to the same account on the same server. So if bob@example.com and robert@example.com are on the same server, you’d normally use an alias, but if Robert wanted his email to forward off to a Gmail account, he’d use a forwarder.
Here’s where things get stupid.
My budget host supports email aliases by using forwarding addresses only, not aliases. I would normally make up a forwarder for each purpose, and have that forwarded to my Gmail account. My host’s recent attempt to comply with a supposed ICANN directive means they will no longer “forward” an email unless the SPF records match. Since Amazon does not have an SPF record, saying that my email host is authorized to send email for them – why would they? – my host will not forward my email, which has landed in my mailbox, to my own external mailbox. “Okay,” I said, “I’ll set up a new, local account on my host, and have my forwarders forward to it, and then check that mailbox separately.” Nope, that won’t work either, as this is still considered a “forward” and my host won’t do that.
What?!?! When I heard that, I was astounded. Essentially, this host, which is a large, tier 1 hosting provider, has just killed the idea of aliases altogether. Their suggestions were for me to have Amazon set up an SPF record for my host mail server (Uh… no, you level 1 idiot, Amazon is not going to grant me the honor of sending email as Amazon to every one of their customers who wants to receive email from them), and for me to simply set up a new mailbox for each address I want. I have over 100 email aliases. So they want me to set up and check over 100 mailboxes now? I think not!
This is a case of good intentions gone horribly awry. I can only hope my host realizes the level of idiocy they’ve fallen to in their attempt to make things better. In the meantime, I’m moving my email to the one that we use and resell at work, which does not have this well-intentioned, yet stupid, restriction. As a result of my not receiving emails from Meetup.com for several weeks, I never got the email telling me that my dues were due again, and as a result, I lost control of my favorite Meetup group, which I’ve run for the past year. Fortunately, one of my fellow members pointed this problem out promptly and I was able to renew my subscription and reclaim my group. This is a relatively minor consequence, but it does not take a long stretch of the imagination to see more serious consequences coming from emails being unanswered for several months.
On the plus side, I realized that I was still receiving emails from Plenty of Fish, so I was able to use this as an opportunity to delete that forwarder. Advice to those of you who use online dating: avoid PoF. Trust me, eHarmony and OKCupid are better.

Is Anyone Doing This yet? Pre-order My Favorite Drink On Arrival

Starbucks: Love 'em or hate 'em, you have to admit, they are doing something right.
Since moving to the Boston area, I’ve had the pleasure of actually using cool technologies a lot sooner than I used to in rural Vermont. For instance, Starbucks’ mobile app, allowing me to order and pay for my drinks with my iPhone, or Stop & Shop’s “Scan It!” app that lets you itemize what you’re buying as you go through the store, saving time at checkout because you’ve already accounted for everything and don’t need to itemize them all again. Granted, I’ve never gotten it to work completely for me, so I question how much time Scan It! has saved me, if any, but I digress.
I’ve mentioned an idea in the past on the Pocket Sized Podcast, with respect to Starbucks and their mobile app for iOS, but I don’t know if I went into details. The Starbucks app allows me to save my favorite drink, in Starbucks lingo, so instead of trying to order a “small latte with caramel syrup, the sugar free kind, two shots,” and getting confused as to whether I meant espresso shots or syrup shots, etc., I can whip out the app, refer to my favorites list, and say “Short 2-pump Sugar Free Caramel Nonfat Caffe Latte, please.” Theoretically this will save time.
But… why can’t I, upon entering the shop and connecting to Starbucks’ (arguably the slowest) free wifi (network on the planet), tap on my favorite drink, and go straight to the pickup line? You already know who I am. You already have my credit card on file. Now you know what drink I want. Granted, I might miss some thrilling conversation with the person at the counter, but that’s not usually so noteworthy as to be missed.
It doesn’t have to be Starbucks! Someone, please, make this happen. If it’s already being done, please drop me a line and let me know where.

Today's Spam/Scam Brought to You by…

What would my inbox be like without my old AOL account?

How are you doing? I am Anastasya. i look for a gentleman. i commonly am tidy, paint… Reply me email in anastasyaare@yahoo.com Yours, Anastasya…

That’s great! I am looking for a woman who commonly is tidy, paint…
Seriously, it scares me to think that things like this work as openers to social engineering and Nigerian scams that end up robbing people of not only time and money, but sometimes even their lives. Be careful out there.


Anti-Terrorist and Monetary Crimes Division
FBI Headquarters In Washington, D.C.
Federal Bureau Of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001
Attention: Beneficiary
This is the final warning you are going to receive from me, do you get me? I hope you understand how many times this message has been sent to you.
We have warned you so many times and you have decided to ignore our e-mails or because you believe we have not been instructed to get you arrested and today if you fail to respond back to us with the payment details below, then we would first send a letter to the MAYOR of the city where you reside and direct them to close your bank account until you have been jailed and all your properties will be confiscated by the FBI, CIA and other enforcement agency. We would also send a letter to the company/agency that you are working for so that they could get you fired until we are through with our investigations because a suspect is not supposed to be working for the government or any private organization.
Your ID which we have in our database have been sent to all the crimes agencies in America for them to inset you in their website as an internet fraudsters and to warn people from having any deals with you. This would have been solved all this while if you had gotten the CERTIFICATE ENDORSED AND STAMPED as you were instructed in the e-mail below. This is the federal bureau of investigation (FBI) am writing in response to the e-mail you sent to us and am using this medium to inform you that there is no more time left to waste because you have been given a mandate. As stated earlier to have the document endorsed, signed and stamped without failure and you must adhere to this directives to avoid you blaming yourself at last when we must have arrested and jailed you for life and all your properties will be seized and bank account will be confiscated too.
You failed to comply with our directives/instruction and that was the reason why we didn’t hear from you, as our director has already been notified about you get the process completed yesterday and right now the WARRANT OF ARREST has been signed against you and it will be carried out in the next 48hours as strictly signed by the FBI director. We have investigated and found out that you didn’t have any idea when the fraudulent deal was committed with your information’s/identity and right now your ID is placed on our website as a wanted person, I believe you know that it will be a shame to you and your entire family because after then it will be announce in all the local channels that you are wanted by the FBI.
As a good Christian and a Honest man, I decided to see how i could be of help to you because i would not be happy to see you end up in jail and all your properties confiscated all because your information’s was used to carry out a fraudulent transactions, i called the EFCC and they directed me to a private attorney who can help you get the process done and he stated that he will endorse and stamp the document at the sum of $98 usd only and i believe this process is cheaper for you.
You need to do every possible thing today and tomorrow to get this process done because our director has called to inform me that the warrant of arrest has been signed against you and once it has been approved, then the arrest will be carried out, and from our investigations we learnt that you were the person that forwarded your identity to one impostor/fraudsters in Nigeria when he had a deal with you about the transfer of some illegal funds into your bank account which is valued at the sum of $10,500,000.00 only.
I pleaded on your behalf so that this agency could give you till 6/20/2012 so that you could get this process done because i learnt that you were sent several e-mails without getting a response from you. Bear it in mind that this is the only way that i can be able to help you at this moment or you would have to face the law and its consequences once it had befallen on you. You would make the payment through western union money transfer with the below details.
Senders Full Name:
Sender Full Address:
Direct Phone Number:
Send the payment details to me as stated above and make sure that you didn’t hesitate making the payment down to the agency by today so that they could have the certificate endorsed, signed and stamped immediately without any further delay. After all this process has been carried out, then we would have to proceed to the bank for the transfer of your compensation funds which is valued at the sum of $10.500,000.00 usd which was supposed to have been transferred to you all this while.
Note: All the crimes agencies have been contacted on this regards and we shall trace and arrest you if you disregard this instructions. You are given a grace today to make the payment for the document after which your failure to do that will attract a maximum arrest and finally you will be appearing in court for act of terrorism, money laundering and drug trafficking charges, so be warned not to try anything funny because you are been watched.
Expecting your anticipated- Co-operation.
Yours in service,
Robert S. Mueller

When You're Going Through Hell…

Winston Churchill said “When you’re going through hell, keep going.” Brilliant man, he was. We’ve been going through email hell. Today, it continued. For some reason, our main ticketing system, which runs the Postfix mail server, decided that it had never heard of our main XXXXXXX@paradigmcc.com email address. A simple restart of the mail server was all that was needed to fix this problem, but given that no changes have been made to this system in several days, it does give me pause as to why this problem occurred right now.
Personally, I blame Mercury.