A Horribly Wrong Attempt at Doing it Right

For several years, I have made it a practice to have separate email addresses (aliases) for separate purposes. This has made it easy for me to dispose of addresses when I no longer needed them – usually when I no longer wanted to receive emails from parties to whom I’d given the addresses. This also makes it easy to detect, and shut off mail from, companies that add you to their spam lists. Examples include online stores that I’d buy from ([email protected]), annoying realtors (city_i_want_to_[email protected]), and addresses I’d use in a variety of online forums ([email protected]). If you own your own domain name, or have a good email provider, this process is generally fairly simple.

Recently, I noticed I wasn?t getting any emails from Meetup.com. I?d just unsubscribed from a bunch of groups and changed others to not email me anymore, and since I hadn’t hosted any events in my group for some time, I didn’t think anything of it. As I’ve spent most of the last couple of months traveling, I did not miss the deluge of notifications of activities I wouldn’t be able to participate in anyway.
Separately from this, I had stopped receiving emails from American Express. I did not really notice this until I attempted to reset a password and never received the confirmation email that was to allow me to make the change. I sent myself a test email, and got it immediately, so I figured it was an issue on their end. As an alternative, I had Amex text me the confirmation code I needed, and promptly forgot about the email problem.
I also stopped receiving emails from Amazon.com, telling me my order had been received. But since I was getting text alerts of the package shipping and delivery status, I felt like I was still in touch with Amazon, so I didn’t think anything of it.
Finally, my financial advisor needed me to sign some electronic documents, and they kept emailing me, telling to sign them. I kept waiting for the forms, coming via Adobe’s document signing service, and they never arrived. Then I started to do some simple math and realize that we had a problem.
So I began to pay attention to this problem and troubleshoot it. My personal email was hosted at a budget hosting provider, and then forwarded to a Gmail account. I would send test emails to myself, and they would show up. I checked my junk mail folders, and searched everywhere, but could not find any recent emails from Amazon, Amex, Meetup, and other vendors, yet my tests came through! Why? Now that I was aware of the problem, I had to know, so after I’d exhausted all the troubleshooting I could do myself, I opened a chat session with my hosting provider. The results were astounding.
But first, a little background information. DNS – Domain Name System – is the service that translates somewhat human-friendly Internet site names, e.g., nikolaidis.com, amazon.com, and example.com, into computer-friendly numbers, e.g., 74.207.233.119, 72.21.194.212, and 93.184.216.119. There are several types of DNS records, and one of them is SPF, short for Sender Policy Framework. This began as a proposal several years ago to allow for some sort of authentication of email.
Most people probably do not realize that, in most cases, it is quite trivial for anyone to send email as just about any address they want, and unless the mail servers’ administrators take deliberate action, there’s nothing stopping this. This means that I can quite easily send an email to you as [email protected], telling you to click the link below to reset your password, and if you are gullible enough to do so, steer you to a phishing site where I steal your credentials. SPF is an attempt to combat email forgery, but allowing owners of domains to set up authorized lists of email servers that they can send email from. If the owner of the domain configures this, and the receiving mail server actually checks it, this can be an effective way to authenticate the sending server and allow or reject the email, based on its validity.
Back to my budget host. A couple of months ago, supposedly to comply with an ICANN regulation (which I do not buy for a second), my host made a change that enforces checking of SPF records. To prevent spoofing of emails, they will not forward any email for a domain that has an SPF record unless they are authorized to do so. This means that if I am not Amazon.com, my host will not forward emails claiming to be from Amazon.com. So far, so good.
Some mail systems have the concept of an alias, which is one way of saying “anything addressed to [email protected] goes to [email protected]” Another way to accomplish this is to set up an email forwarder, which is another way of saying “any emails that come here for [email protected] we will forward on to [email protected]” If the difference seems trivial, it can be. Essentially, forwarders are usually used to send email to a different mailbox or server, whereas aliases are both local to the same account on the same server. So if [email protected] and [email protected] are on the same server, you’d normally use an alias, but if Robert wanted his email to forward off to a Gmail account, he’d use a forwarder.
Here’s where things get stupid.
My budget host supports email aliases by using forwarding addresses only, not aliases. I would normally make up a forwarder for each purpose, and have that forwarded to my Gmail account. My host’s recent attempt to comply with a supposed ICANN directive means they will no longer “forward” an email unless the SPF records match. Since Amazon does not have an SPF record, saying that my email host is authorized to send email for them – why would they? – my host will not forward my email, which has landed in my mailbox, to my own external mailbox. “Okay,” I said, “I’ll set up a new, local account on my host, and have my forwarders forward to it, and then check that mailbox separately.” Nope, that won’t work either, as this is still considered a “forward” and my host won’t do that.
What?!?! When I heard that, I was astounded. Essentially, this host, which is a large, tier 1 hosting provider, has just killed the idea of aliases altogether. Their suggestions were for me to have Amazon set up an SPF record for my host mail server (Uh… no, you level 1 idiot, Amazon is not going to grant me the honor of sending email as Amazon to every one of their customers who wants to receive email from them), and for me to simply set up a new mailbox for each address I want. I have over 100 email aliases. So they want me to set up and check over 100 mailboxes now? I think not!
This is a case of good intentions gone horribly awry. I can only hope my host realizes the level of idiocy they’ve fallen to in their attempt to make things better. In the meantime, I’m moving my email to the one that we use and resell at work, which does not have this well-intentioned, yet stupid, restriction. As a result of my not receiving emails from Meetup.com for several weeks, I never got the email telling me that my dues were due again, and as a result, I lost control of my favorite Meetup group, which I’ve run for the past year. Fortunately, one of my fellow members pointed this problem out promptly and I was able to renew my subscription and reclaim my group. This is a relatively minor consequence, but it does not take a long stretch of the imagination to see more serious consequences coming from emails being unanswered for several months.
On the plus side, I realized that I was still receiving emails from Plenty of Fish, so I was able to use this as an opportunity to delete that forwarder. Advice to those of you who use online dating: avoid PoF. Trust me, eHarmony and OKCupid are better.

Is Anyone Doing This yet? Pre-order My Favorite Drink On Arrival

Starbucks: Love 'em or hate 'em, you have to admit, they are doing something right.
Since moving to the Boston area, I’ve had the pleasure of actually using cool technologies a lot sooner than I used to in rural Vermont. For instance, Starbucks’ mobile app, allowing me to order and pay for my drinks with my iPhone, or Stop & Shop’s “Scan It!” app that lets you itemize what you’re buying as you go through the store, saving time at checkout because you’ve already accounted for everything and don’t need to itemize them all again. Granted, I’ve never gotten it to work completely for me, so I question how much time Scan It! has saved me, if any, but I digress.
I’ve mentioned an idea in the past on the Pocket Sized Podcast, with respect to Starbucks and their mobile app for iOS, but I don’t know if I went into details. The Starbucks app allows me to save my favorite drink, in Starbucks lingo, so instead of trying to order a “small latte with caramel syrup, the sugar free kind, two shots,” and getting confused as to whether I meant espresso shots or syrup shots, etc., I can whip out the app, refer to my favorites list, and say “Short 2-pump Sugar Free Caramel Nonfat Caffe Latte, please.” Theoretically this will save time.
But… why can’t I, upon entering the shop and connecting to Starbucks’ (arguably the slowest) free wifi (network on the planet), tap on my favorite drink, and go straight to the pickup line? You already know who I am. You already have my credit card on file. Now you know what drink I want. Granted, I might miss some thrilling conversation with the person at the counter, but that’s not usually so noteworthy as to be missed.
It doesn’t have to be Starbucks! Someone, please, make this happen. If it’s already being done, please drop me a line and let me know where.

Today's Spam/Scam Brought to You by…

What would my inbox be like without my old AOL account?

How are you doing? I am Anastasya. i look for a gentleman. i commonly am tidy, paint… Reply me email in [email protected] Yours, Anastasya…

That’s great! I am looking for a woman who commonly is tidy, paint…
Seriously, it scares me to think that things like this work as openers to social engineering and Nigerian scams that end up robbing people of not only time and money, but sometimes even their lives. Be careful out there.

When You're Going Through Hell…

Winston Churchill said “When you’re going through hell, keep going.” Brilliant man, he was. We’ve been going through email hell. Today, it continued. For some reason, our main ticketing system, which runs the Postfix mail server, decided that it had never heard of our main [email protected] email address. A simple restart of the mail server was all that was needed to fix this problem, but given that no changes have been made to this system in several days, it does give me pause as to why this problem occurred right now.
Personally, I blame Mercury.

Book Review: The Facebook Era by Clara Shih

Last month, I read The Facebook Era: Tapping Online Social Networks to Build Better Products, Reach New Audiences, and Sell More Stuff. It is somewhat larger and more up to date than “I’m on Facebook Now What???” Although I liked it, like the previous Facebook book, I found that it failed to adequately address the issue of social networking security and, like just about any “guides” to “success,” unless you have your killer product, app, service, etc., already, this book won’t do you any good until you do. Also, due to the recent Facebook redesign, certain aspects of? this book no longer apply or need to be updated.