16 February 2008

Taking on the Spammers: Datapro/Vox Telecom - Part 3 - email Ping Pong

Obviously the spammers thought they could just listwash me and be done.  Here's Datapro's latest response:
Subject: RE: Response to ISPA complaint
Date: Fri, 15 Feb 2008 12:55:45 +0200
From: "Maggie Cubitt" <maggiec@voxtelecom.co.za>
To: "Mike Morris" <me>

Hi Mike Apologies, as I can fully understand your frustration, which is why I am attempting to resolve it comprehensively and finally. I am unable to find the e-mail address mikro2nd@gmail.com on the Contacts database from the DataPro CRM.. and you have extracted the delivery address from your notepad doc. Can I please just confirm that the Newsletter was delivered to the e-mail address mikro2nd@gmail.com?
My response to them:
Maggie Cubitt wrote:

> Apologies, as I can fully understand your frustration, which is why I
> am attempting to resolve it comprehensively and finally.

Please understand that having my own email address removed from your mailing lists is of only limited interest to me in this matter.  The larger issue, which it is my main purpose to tackle, is that of Datapro and Vox Telecom blithely spamming, over an extended period of time, continuing in the face of numerous good-faith attempts to unsubscribe, and in direct violation of

  1) their own Terms of Service,
  2) the email provisions of the ECT Act, and
  3) the ISPA's Code of Conduct.

> I am unable to find the e-mail address mikro2nd@gmail.com on the
> Contacts database from the DataPro CRM.. and you have extracted the
> delivery address from your notepad doc. Can I please just confirm that
> the Newsletter was delivered to the e-mail address mikro2nd@gmail.com?

The spam was not delivered to that email address, but another one.

I am not willing to assist you in listwashing -- the much-loathed practise whereby spammers remove the addresses of the whiners, but continue to blast their unwanted spew out to the Silent Majority Who Just Hit Delete.

I never opted-in to any mailing list belonging to Datapro or Vox Telecom, but was placed on it without my knowledge or consent via person(s) with whom I had contact for purely technical purposes on behalf of my own clients.  This, in turn, means that my email address was repurposed for marketing spam.  In turn Datapro's mailing list was repurposed by Vox Telecom, a company with which I have certainly never had any business relationship.  (Yes, I do understand the relationship between the companies.  No explanation needed.)  Please take note that this is NOT the only list from which I get spammed by Datapro, so your problems are deeper and wider than listwashing a single whiny anti-spam "activist" from a single ill-constructed mailing list or database.

If your lists are NOT fully confirmed-opt-in (and clearly they are not,otherwise I wouldn't be bothering you), then they're spammy lists until you can verify, with a full audit trail, that each and every recipient has positively confirmed their wish to opt in.  Any addresses that cannot be so confirmed must be removed from your databases.  All databases.

The procedure for confirming mailing-list opt-in has been well-established, well-understood, standard practise in legitimate email management for at least the last 30 years, and is correctly implemented by every respectable mailing-list management system.  I would expect an ISP as large as Datapro to be conversant with such established, accepted, and widely-implemented industry-standard, and to have the resources to ensure compliance.  I realise that these practices are somewhat more stringent than required by SA law, but will point out that the ISPA Code of Conduct (para 28) mandates that "ISPA members must operate with due regard for established Internet best practices, as set out in the various request for comment (RFC) documents and as mandated from time to time by established and respected Internet governance structures."  That reads: "established Internet best practices", not "ineffective South African law".  I believe that mailing list operation is covered by RFC-3098 among other resources.

Furthermore, you will, no doubt, have noted that the sample email sent to you is in violation of even the very modest requirements of the ECT Act.  Not to mention the long-term on-going failure to heed good-faith removal instructions as required by the Act.

I trust that Datapro's forthcoming response to this will measure up to the full scope of the organisation's evident ignorance of, or unwillingness to implement, Internet standards and best practise.
Forgive me my skepticism... ;-)

Taking on the Spammers: Datapro/Vox Telecom - Part 2

Yesterday, 14 Feb, the following response to my complaint to the Internet Service Providers' Association about one of their member's spamming activities:

FYI: Mr Reed is the CEO of Vox Telecom (the parent company), so hopefully we've got the attention of a Big Shot.
From: "Maggie Cubitt" <maggiec@voxtelecom.co.za>
To: <me>
Cc: "Douglas Reed" <douglasr@datapro.co.za>

Hi Mike As a listed Telecommunications Company we do take any reports of this
nature extremely seriously. We were very concerned to receive the
notification of your complaint to ISPA, and are obviously anxious to get
this resolved as a matter of urgency.

As there are many companies in the Vox Telecom Group and as DataPro, as
an ISP, does provide a bulk mailing service to customers as well, there
is a possibility that you are on one of our customer's databases.

In order to investigate this properly I would really appreciate if you
could forward me the "February newletter" to which you refer so that I
can investigate this thoroughly for you.

I look forward to your response.

Regards,
Maggie

I have forwarded the most-recent offending email -- "signed" at the bottom by a Mr Gary Sweidan, Datapro's Managing Director, I am sure he is blissfully unaware of the content, or that it is being blasted to a who-knows-how-large list of unwilling , unconfirmed, not-opted-in recipients.

Sadly for them, I redacted out all the recipient email address details and message UUIDS that might server to identify the address it was sent to ;-)

One of the few spammer activities more loathsome than "address repurposing" is listwashing -- removing the whiners from your list whilst blithely continuing to spam the quite ones who Just Hit Delete.

15 February 2008

Taking on the Spammers: Datapro/Vox Telecom - Part 1

For well over a year now I've been getting spammed by Datapro (a Vox Telecom subsidiary) with sundry Friendly Newsletters, Product Offers and Special Crap We're Sure Will Interest You.  Now we're in a fight argument complaint-resolution discussion.

Background

Datapro is a fairly large supplier in SA of web and email hosting, ISP services, and all the myriad little bitty services around that.  They're also one of only 15 "Large" members of the Internet Service Providers' Association -- the industry's self-regulation watchdog in SA -- and hence a signatory to ISPA's Code of Conduct, which includes a clause saying, in effect, "members won't support spam or spamming."

I have never been one of Datapro's customers because I think their technical standards are... dodgy... to say the least.  But, I have had contact with some of their technical staff in the course making changes to email, web-hosting and DNS on behalf of some of my clients who do use Datapro as their service provider.  For whatever misguided reasons.  Evidently, some of Datapro's tech staff have had their email address-books "harvested" by The Marketroid Department.  Or Something.  How ever it happened, my email address got repurposed without my knowledge or prior consent.  A major point, here, is that I have never been in a business relationship with this company.

In the anti-spam world "repurposing" is considered a Very Bad Thing, and will result in instant and permanent blacklisting on some aggressively well-run mail servers.

I've lost count of the number of times I have emailed the sender asking, demanding, pleading or threatening legal action, in the interests of getting off their mailing lists.  Countless times I've clicked on the (rarely present) "unsubscribe" links and jumped through web-page hoops to get unsubscribed.  Nary a confirmation have I received.  Nor has any of this actually diminished the volume of crap I get from them.

To add insult to injury, Vox Telecom, the parent company, have in turn taken to spamming their subsidiary's lists.

A Lightbulb Moment

A short while ago, a contact on one of the local Internet-industry mailing lists I haunt, suggested that I lodge a complaint with ISPA.  I must confess that I had never seriously thought about it, but maybe worth a try...

I waited.  Made sure I gathered and archived the evidence.  Then, last Tuesday, I struck: lodged a complaint via the ISPA's webform:

Action The First: The Complaint
NameISP: Datapro/Vox Telecom
name: <redacted>
email: <redacted>
Address: <redacted>
Telephone: <redacted>
Cellphone: <redacted>
SectionCoC: E. Unsolicited bulk mail (spam)
Details:

I have never been a customer of Datapro.  My only interactions with them have been on behalf of my clients, in the course of managing clients' DNS, email, hosting, etc. technical requirements where those services have been provided (at the clients' choice) by Datapro.  As such my interactions have been with technical service personnel only.

During the course of such interactions Datapro staff have, without my consent or prior knowledge, added my email address to various mailing lists that they use to send marketing "newsletters" and advertisements (a.k.a. address repurposing.)

I have on numerous occasions requested that my details be removed from all mailing lists and databases under Datapro's control to no avail.  I have made such requests telphonically, by email, and by clicking through the (rare) unsubscribe links that some of this spam contains.

Finally I have records good enough to prove my point.  Their latest "February newletter", sent in duplicate today, 9 February 2008, is in clear violation of

1) my past instruction to them of 2 August 2007 (and subsequent, evidence-free removal-link-clicking)

2) the ECT Act itself, in failing to meet the information provision and opt-out requirements of the Act, and

3) the ISPA Code of ConductCopies of all relevant emails are available from myself.
Let's see what results...

15 December 2007

Quartz Crystal

A very trying couple of days...  Faced with a job that cries out for a decent scheduler (polling feeds), I turned to OpenSymphony's Quartz.  I mean, the ads look so good: Robustness, recoverability, scalability, blah, blah.

First hint of warning I should have paid attention to was a couple of developers' names that I long associate with Doomed Pieces of Shit.  But it all still looked so good.  Until I got closer to the code.  Quartz?  Quartz Crystals for accuracy?  More like Crystal Meth!  Documented methods that mysterious fail to exist.  Examples that aren't.  I thought the JavaDoc got generated from the source, no?  I guess we have here the penetrating stench of Configuration Mismanagement.

Then you enter a twisty little maze of undocumented dependencies.  You will use Commons Logging.  You will use a bunch of J2EE stuff, even though you application is a simple standalone with no hint of J2EE awfulness in sight.

No.  After a day or so of hacking at this steaming turdpile my brain feels like so much oatmeal porridge that I can't even work even work up enough bile for a decently vitriolic blog post.  For me, one of the surest signs of a dying opensource project is when their wikis and forums are filled with spam because nobody can be bothered to disallow Guest users from posting; when the version-control system shows six checkins in the past six weeks.

I'm outa here in favour of Doug Lea's concurrency stuff. What a pleasure by contrast.  I'll live without clustering for now...

29 November 2007

3 Apps I Really Want (Open Source Only!)

I'm full of ideas.  Aren't we all?  Eventually, when you reach a hairy old age like me, you realise that There Ain't No Way In The World you'll ever be able to do them all.  This is what makes ideas cheap.  Let me say it again.

Ideas Are Cheap. Implementation Is Everything!

Just occasionally, though, we have ideas that are so good that we really, really want to see them implemented.  But we know, deep down inside our souls, deep down in our secret heart, that we're never, ever going to have the time, energy and stick-with-it-ness to pull the thing off.

Here are three of my ideas:

1. I want a ToDo manager that works like this: Keep my top five ToDo items only. Don't even allow me to put more in.  I must be able to prioritize them.  And they should display at all times as my computer's desktop image.

2. A decent word-processor.  One that fails almost completely to concern itself with formatting.  Perhaps bold, italic and lists -- that's all that's really needed.  On the flipside, though, it should really understand document structure -- sentences, phrases, paragraphs and sections.  And allow me to collapse them.  If I move a heading, move all its subheadings and associated text, too.  In other words, focus me purely on prose, editing prose, tightening up my phrasing, reordering my own words.  Please don't make me fuck around with margins, fonts or colours.  I know that Lyx does something pretty close to this, but its far from pretty, and, frankly, TeX is dead.  Get over it.

3. A social-networky, Web2ish, Ajaxy, <insert-own-buzzword-here> website where people can list their ideas for systems they don't have time to write, and everybody else can vote on the ideas, comment, add/edit the spec (wiki style). Perhaps, just perhaps, some people might choose to pick up those projects and start implementing them.  No bounties.  Sorry, but I'm more broke than you!

Come to think of it, maybe I will implement that last one!  After all, don't the VC pundits all say "Get the simplest thing that functions out the door, and then listen to your user-base."  Here's a way of listening before you even get version 0.0 written!

19 November 2007

Object-Relational Event

At long last EoD SQL 1.0 is out! Congrats to Lemnik on this achievement. But what is lurgy?

EoDSQL
is an Object-Relational bridge -- an small library for getting (Java) objects in and out of relational databases. It is not an OR Mapper; that task is left to the developer. You get to specify how (Java) data elements correspond to which database columns handraulically, using annotations[1].  Not only that, but, as developer, you get to write all the SQL, too!  Good!  For me this is one of the best features of EoDSQL.  EoDSQL will never mess with your highly tuned SQL, will never get between you and your database.  I confess to finding myself far more comfortable with this sort of lightweight approach to the much-lamented "OR impedance mismatch" problem than other approaches I've seen to date.

The upshot of all this lightweight deliciousness is that it is screamingly fast!  Way faster than any of the heavyweight OR tools I've seen. And Lemnik is talking about implementing a compile-time tool to make it faster yet.

I have to confess to some bias, though: I was so impressed with the thing that I ended-up writing the tutorial for EoDSQL, so I'd welcome feedback on it, either here, or on the project's mailing list.


[1] So, yes, it is Java >=1.5 only. Anybody who is not already running 1.5 or better (production environments included!) has lost the plot (or has serious, perhaps fatal, legacy issues!)

06 November 2007

Scam, scam, scam, scam, scam!

You must have heard it before: "Is this Mike? You have won a Holiday In Florida!"

We've all had the emails. This evening was, I admit, The first time I got the Phone Call. Very American accented young lady. Fortunately my highly tuned sense of paranoia kicked in, perhaps aided by the fact that they quoted my using an email address not used in over ten years, and I simply put the young lady on hold for several minutes while pouring myself a small drop of a certain Scottish libation.  After a couple of minutes I asked her to hold while I considered the situation.

How did these scammers get my phone number?

The thing is, my phone number is unlisted, and I am certain I have never, ever typed it into any web form.  Ever.  Trust me on this.  I treat all forms with the abuse, hostility and contempt they deserve (thanks to a old boss I had, John Merry, who taught me The Fine Art of Form Contempt.)

A fairly obvious advance-fee fraud.  But how many people would fall for it?  A few weeks ago, an acquaintance called me, filled with jubilation:  He had Won The Lottery!  An email said so!

I sadly had to puncture his bubble, and enlightened him as to how these things work.  This is a man who worked in the IT industry as a senior manager for many years.  He is far from a fool; indeed he is a highly talented and intelligent individual.  But he fell for the scam and was about to (snail-)mail them a cheque!  I can only shudder at the thought of the outcome if they had called my Dear Old Dad with the same line of bullshit.

After about ten minutes of playing silly-buggers with the caller - mainly to cost them money - I asked the lady where they had obtained my phone number.

*click*  (The sound of the phone being put down.)

A couple of minutes later, the phone goes again.  This time a (very American accented) man, with the same line of bullshit.  "You filled in a form on the computer.  The Com-Pu-Ter!" (Like we Africans have never seen a computer before.) "Using the .  You've won a Holiday In Florida."

I repeated my question: "Where did you get this phone numer?"

"Off the Web Form you filled in."

"No. Really, where did you get this unlisted phone number never before typed into a web form in any shape manner or form?"

*click*

The only company who have somehow managed to get my unlisted phone number into a database somewhere were Standard Chartered Bank, with their spam phone calls.  Perhaps they're exacting a revenge now for all the pain I caused them over that.

The Unterste Schurrer (Non-Yiddish Readers: "The Bottom Line")
Who the fuck would want to holiday in Florida, anyway?
Related Posts Plugin for WordPress, Blogger...