The May 2004 issue of Linux Journal arrived yesterday, and I've completed reading the second part of Meng Weng Wong's SPF articles. It's obvious that a lot of work has gone into the authentication concept. Unfortunately, it's actually not required merely to be spam-free. All the effort for both you and others simply penalizes the good guys. Although authentication is a positive thing, it still solves the wrong problem, as Wong's article admits: “Remember, spammers can publish SPF too.” That's a lot of effort only to end up with that caveat.
More than two years ago, the company I work for started development of EVS Mail (the E-mail Validation Service) for a specific client who had requested it. Within months we were spam-free—we still are today. We don't have to care about how the rest of the Internet tries to cooperate to get rid of spam—our techniques work with how SMTP works, and that's the only cooperation we have to consider. Although SPF and others may be more effective than RBLs, I don't think they will be more successful. Our client never did sign on—go figure.
Fundamental pieces of EVS Mail are the automated white listing and challenge/response (authentication, or what we call validation). However, they are relatively minor items and do not suffer from the problems normally associated with those types of systems. This is due to ongoing development, of course. At this point, more than two years later, we have eliminated 100% of all baggage messages—they are completely unnecessary. Just today I put the finishing touches on a new process that will eliminate the generation of all explicit challenge messages (yet still accomplish the challenge function). For anyone who is the victim of a joe-job, we will now be able to guarantee that they will not get a challenge message from our servers. And, interestingly, our clients do not receive joe-job-related messages, so are not victims themselves.
The end result is that we are at the point where we can reduce bandwidth usage to less than what is used by either normal (unprotected) SMTP or by other spam-control products and services. We also have extremely low resource usage and other benefits.
Why have you never heard of EVS Mail? Marketing, of
course, which is directly related to money. We do have
a superior service, but we are a small shop with a
shoestring budget. We are seeking investment and will
be able to produce a black box gateway running EVS
Mail within three months of getting it.
I just wanted to say how much I love your magazine. The articles are truly inspiring. And as a die-hard Linux fan, I wanted to show my devotion to Linux and open source. When temperatures in New York are at record lows, you need all the reliability you can get. I am planning to design and build various systems in this vehicle that are powered by the penguin.
Do you really think it wise to use as a demonstration
in a magazine about Linux a personal Web site
containing the author's personal views on such
sensitive issues? [See “COREBlog”, LJ,
I understand that by their very nature Weblogs are
linked to opinion and comment, but there is plenty
of scope for opinion and comment within the realm
of technology. Readers may disagree with you on your
preference for Emacs over vi, but as far as I'm aware,
nobody has died over this long-running dispute.
In the future, please keep such personal Web sites out of
articles about technology, or I may reach the opinion
that your magazine has some other motive than just
Real Web sites sometimes have information that people feel strongly about. We'd rather keep our examples realistic than give new readers the impression that Linux users spend all their time bickering over Emacs vs. vi. —Ed.
I appreciated Doc Searls' article in the June 2004 issue
of Linux Journal entitled “Hacking Democracy”.
I also see a link between freedom, democracy and
technology. I very much hope all our members of
democracy can see that link and maintain it. It is
definitely being attacked by those who hold greed
as their creed as they march on—even attempting to
redefine the word innovation.
Meng Weng Wong is a terrific writer. I just finished
his current article on SPF [LJ, May 2004]. He has a way of taking
complicated, technical and potentially dry material
and expressing it in a clear, conversational way.
As far as I am concerned, he's the benchmark.
Check our Web site for a follow-up from Meng on the new generation of SPF. —Ed.
I would like to say thank you for an excellent
magazine. I always look forward to my LJ coming
in the mail. I typically read the entire magazine
within the first couple of days.
I recently read an article about Weather.com switching
from Solaris/Websphere to Linux/Tomcat for delivering
its Web information. The article also said they may
be moving from Oracle to MySQL for their database.
I would like to see more articles or sidebars about
companies that switched from proprietary to open-source platforms and the successes and failures
they had. I liked your recent article about HEC in
Canada [May 2004] and their new e-mail system. I especially
liked the amount of detail given about the setup.
I work as a Windows Network administrator, and it is
nice to see the Linux alternatives that are available.
I realize companies tend to be a little secretive
about their networks, so it may not be possible
to provide the information I am seeking.
I just wanted to thank you for the excellent articles
on SPF published in LJ [see Meng Weng Wong's
articles in the April and May 2004 issues]. Thanks to your wizard
(spf.pobox.com/wizard.html), I could enhance
and verify my setup in a couple of minutes.
The June 2004 issue of LJ has a minor error
on page 12, LJ Index, #17. The number of
Opterons to be used in the Dawning 4000A
supercomputer is “More than 2,000”, not
Charles N. Burns
I ran across this old photo (SuSE 7.2) and thought you might like it for your magazine's Letters section. As you can see, my cats enjoy a new distribution of Linux just as much as I do—or at least the box!
Jeffrey K. Brown
Photo of the Month gets you a one-year extension to your subscription. Photos to email@example.com. —Ed.
One of Linux's greatest assets is its ability to add value to legacy technology investments by connecting and interfacing with old equipment or software. Recently, I found a solution to add networking capabilities to an old telephone system. After seeing an advertisement for Cyclades in a previous issue of Linux Journal, I purchased the Linux-based Cyclades TS-100. Much like the way Linux can be used as an e-mail gateway to enhance a legacy mail server, I was able to add networking services to my old phone system.
LJ is about the only computer magazine I pay for—LOVE IT! I've been a longtime fan of Linux, and now my kids are starting to use it. They love the Linux penguin and call him Pengi. We took a few snapshots a while back with one of them.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide