Typically when you have someone who manages a spam filter you are talking about a corporation or large company. Often times personal users with their cloud services like yahoo, gmail, msn, etc. already have built in spam filters that are largely way more complex and better than the corporate users. They can do this with Bayesian filtering which lets your filter ‘learn’ spam trends. So when gmail receives 10,000 bizopp emails a second, they can learn pretty quickly which emails to flag.

So why exactly do corporations have various different spam filters? Well the main reason is that its a growing problem, and no one has the end all solution. Some companies  might use a Lotus Domino mail server with Lotus Notes clients while others use Microsoft Exchange with Microsoft Outlook clients. There are literally dozens of email server configs and just as many spam solutions. Personally I’ve worked with about 5 different spam protection providers in my IT career. Everything from cloud based filters to old linux desktops doing the filtering. I’ve even relied strictly on the email server’s capabilities itself.

Why Doesn’t The Email Server Just Block Spam?

Depending on the amount of spam you receive in, it can literally cripple your email server. I’ve had mail server crash on me and be qued up for days at a time just trying to reject all of the spam. Although this can still happen to a spam filter itself under certain loads, at least the mail server could still deliver external mail and allow internal mail without delay if something like that happened.

The Barracuda Spam Filter

So the current packages I have been working with are products of Barracuda networks. I really like these now because they are pretty much completely hands off. I have it synced to my active directory accounts so I don’t need any manual updates, and it always downloads daily updated from Barracuda itself. Definitely a pricier option but so convenience to be this easy.

Here is the main control panel

As you can see since bringing this box online in January it has taken a beating. My server has received over 1.75 million emails, upon which only about 105k or so were authentic non spam based. Imagine sorting through that huh?

If you go into see the default Spam Checking area you can see the following setup. Please note 99% of the people configuring something like this would leave all the defaults here unless they experience a problem.

The default ‘BLOCK’ command for the Spam Filter is ’5′. So if your email rates over a ’5′ it automatically gets deleted…too bad for you. The ‘Quarantine’ is disabled here only because these are global settings and by default the quarantine is set to user settings. The ‘Tag’ feature would append a name onto the title of the email so the user knows it may have spam. IE: If the email title is “Check out these girls yo” it might change it to “[SPAM?] Check out these girls yo”.

Needless to say your goal is to have a smaller score for better chance of delivery. Most commercial mail service providers, like Aweber, provide a way for you to have a good idea of the score. Aweber utilizes Spam Assassin which is a really popular measurement on a lot of linux boxes and will definitely be pretty close scoring across the board, but DON’T RELY ON IT! If it says ’3.5 you are good to go’ that means redo your email because it will probably get picked up somewhere as spam.

Can We Sneak In Images?

I see this all the time where people will just embed an image with tons of text in it. A lot of time spammers on Craigslist do this. Unfortunately those days are gone in email as well. Barracuda and most other providers will actually scan your images for text and flag you on spam for it. I don’t think Aweber does this though, so just because it might say you are safe, doesn’t necessary mean you actually are! By default this is enabled on most filters.

Well I Can Still Have Good Text And Get My Affiliate Links In Right?!?

Yikes you really are a sucker aren’t you? Here are a couple things you need to understand. Not only can email domains get blacklisted but so can regular URL domains as well! For example in the last 2 days I received almost 6,000 emails that weren’t blocked as ‘spam content’ but were blocked because they contained a URL that was blacklisted. Let’s look at the example below. If interested you can download the full list here.

So if you send an incredibly designed email with an affiliate link or redirect from ‘zomgarticles.com’ you just completely blocked. An easy way to see if you are blocked would be to go lookup your domains in various blacklists. I prefer to use Barracuda’s BRBL service just because they typically aggregate from Spam Haus, Spam Cop, etc. You can check your own domains out at www.barracudacentral.org/lookups/domain-reputation. Below you can see what happens when we query for ZOMGarticles.com.

In the image below you can see a few of the emails that got blocked for having URL’s on the list. Its a shame because some of them are actually pretty well written.

Notice we have 'Voip' and 'Penny Auction' offers in this screenshot.

Hmmm Maybe I Can Just Use URL Shorteners?!?

I don’t blame you crazy email marketers for thinking like this, but this is an even bigger risk. Aweber had an awesome article released the other day about how using shorteners are bad. I recommend reading the full article at www.aweber.com/blog/email-deliverability/link-shorteners.htm however I will copy and paste the real meaty chart they did up for us here.

I think the most itneresting things here are that Bit.ly is flagged on one blacklist and goo.gl and is.gd are actually whitelisted by some! BTW being on a national spam provider’s whitelist is basically the ultimate for email marketing delivery. Goodluck getting on there though!

Ok After 1.5 Million Spam Messages You Must Know Everything Right?

One of the benefits of running a spam filter and email server is that you can view everything. Not that I do too much email marketing but if I ever wanted to build a list about credit reports…well I just query my filter for ‘Credit Reports’ I can see what sort of emails are coming in. This gives me an EXTREME advantage to be able to see what sort of emails people are sending out. See below a quick query and the results.

Even better though. I can just query to see everything that got by, so I know what I could pretty much replicate!

Damn This Post Is Long…Is It Over Yet?

Ok ok. Lets wrap this post up already. Bottom line, we all know that we can’t be too spammy but most MSPs don’t actually show you half the crap that might block your mails from reaching the list. Hopefully you learned a few tips from seeing the sort of crap I have to deal with and seeing how you can avoid being caught by the filter.

As usual I received no compensation for this post or any products mentioned herein, however I am an active user of both Aweber and Barracuda products. Note that they each sent me t-shirts. Holla!

I know most people probably don’t have any clue what the difference between Windows 7 and Windows Server 2008 are, but there are many. Fortunately I’d say about 99% of the features of each are available in the other, you just may need to download some additional service packs and what not. The reason I personally used Windows Server on my desktop is that I am bouncing around from Server to Server every day and when it came out 3+ years ago I thought it would make for a steady fast integration by using it as my main desktop. To that end it worked perfectly! When the 2008 Server edition of Windows replaced Windows Server 2003 I was probably more ready than most (not that there is THAT much of a difference anyways).

However the time has come where I have really become sick of a few nuances that the server edition has plagued me with. In an effort to remain efficient I’ve made the decision to format my desktop this weekend and restore it with the Vista disk it was originally shipped with. Then I will use a Win7 upgrade DVD on it and bring it up to speed with the new patches. I have a few video case studies I’ve been trying to prepare for people and I demoed one to a friend and he was confused the whole time because my computer didn’t ‘look’ like his. So this was also a major issue, that I was going to be recording some sessions about Virtual Machines and running a VM within a VM is like breaking the laws of physics so it would just be easier for me to start clean instead of demoing everything within a VM.

Here are a few major reasons I am making the switch:

• Reliably installing the Windows Entertainment Services on Server 2008 is a nightmare, especially updating codecs.
• Windows Hyper-V virtualization kills all normal use of the desktop. I had to uninstall this and go with VM Ware originally because Hyper-V was somehow killing all my port 80 speeds on FireFox (IE was fine…).
• I hate 64 Bit. Let me save you all the trouble of this, if you want to run normal applications/printers just get a 32 bit machine. 5+ years into 64 bit error it is still a compatibility nightmare.
• Facebook – Facebook Ads’ interface is a nightmare on most servers. The increased securities make the AJAX run like a piece of shit and your ads time out 20% of the time.
• Program Compatibility – Numerous programs either server or desktop specific force me to go edit my registry so that you are ‘allowed’ to install on a specific OS. Just got tired of this.
• Program Compatibility – Things like AIM won’t load on here so I use Trillian that I think its a piece of shit. Or maybe I just hate having to talk to my old ICQ friends.
• DEP – Data Execution Prevention blocks nearly every utility/game so you have to go enable it for all the executables.
• Sharing – Whenever anyone is over they have a shitfit trying to understand how to check their email on my desktop….really its not that hard everyone.

So I will be off the grid for most of today as I am performing backups, re-downloading software, and patching. Keep a look out in the upcoming weeks as I do have a few new angles to present to my readers.

*UPDATE 5/8/11*

A couple things that went a muck even for an IT Professional.

In my above statements I was hoping to ditch 64 bit but I forgot that I have 6GB of tripple channel RAM in my desktop. For anyone that doesn’t know, a 32 bit system can’t handle more than 4GB of RAM. You could still install a 32 bit operating system but it would only use 4GB. Since I have it setup in a tripple channel config this would lower the speed of my already lowered amount considerably.

My external hard drive that I back everything up on encountered an error while backing up a folder. While attempting to add a folder to a zip drive it coppupted the header of the zip and although that was easy enough to repair I did lose about 3/4th of the contents of the zip in the process. This was a tough loss but it was some work that I really wasn’t following up on and maybe it is for the best to just get it out of my head.

I happen to be heading to my Mother’s for Mother’s Day today and my younger sister’s desktop was dying. This was a good excuse to pickup a Win7 Upgrade Family Pack (3 licenses) for like $130 at Best Buy (*note Best Buy stores didn’t have it so I went to Staples and they priced matched). So this lowered my costs substantially as a stand alone upgrade is like $120.

Everything is up and going now and looking excellent. I already ditched my 2nd display in favor of the screen snap in features of Win7.

Anyways I’ve had a few good things and a few bad things to say. One Volsh is 200% lying about their guaranteed 24x7x365 support. EVERY single time I have had a problem, which all times it was something on their end, their live chat was either offline or had one of the guy’s wifes sitting in front of a PC and she literally told me ‘Sorry not much I can do for you, call back in a few.’ Today when I experiemced a problem no one was answering their phone, no one was responding to support tickets, just a total f’n mess. I was pissed off the last time I had an outage with these guys and they couldn’t be reached and this time I was even more pissed. In their defense my server is CHEAP as fuck. The price of a Quad Core Intel chip with 4GB of Ram, 250GB drive, DirectAdmin panel is only $150 a month with 4TB of bandwidth. This similar setup was $250+ at ThePlanet and $410 at Rackspace. Secondly the server is blazing fast, waaay faster than my shared hosting (note this blog is still on shared hosting).

So back to the problem. I am getting no support and eventually email James, the president of Volsh, after 6+ hours of downtime. James calls me up like an hour later, apologizes like crazy saying that his support guy must’ve decided to take a half day while he was gone or something. Who cares, not my fault, not the first time their promised support has been no where to be seen. Anyways, James tells me that he was looking for a while to find what the problem was and eventually found that one of their techs took my entire dedicated server offline because they got a cease and desist letter from the Massachusetts Attorney General’s office. This raised several points of concern to me.

1.) How the fuck did Attorney General Martha Coakley and her minions of clowns find my host? The domain in question was a private registration and the server stats point to Volsh’s parent data center Turnkey Internet Inc. Now when I wanted to get some answers and Volsh was no where to be found, I called up Turnkey and they basically told me like 30 times that there is nothing they can do, I have to deal with my reseller. They cried and cried about how they would get fired or sued if they went to check a box for me that they were leasing, blah blah blah, I get it. So then how the hell did the AG’s office get in touch with Volsh if this is the case? Volsh is from my understanding, invisible here, unless those rat bastards at Turnkey turned me in! Which apparently means I should sue them?!?

2.) Why didn’t they email my proxy contact email with a cease and desist? I have in the past received comments from people trying to get in contact with me requesting permission to repost things, questions, etc. They simply fill out the proxy email that then forwards their questions to your real address without revealing you. So what gives the AG any special power to skip the norm of contacting the webmaster and went straight to a host.

3.) Was I in violation of the DMCA (Digital Millennium Copyright Act)? I registered the domain on the recommendation of an Indian friend of mine who is a sales person for an Indian SEO group. I then paid them to come up with copy. The site site essentiallys looks like a two page domain that is similar to a state’s website, please note it wasn’t a .gov site, just a state sponsored .com site. The site had several references to their actual domain if people were looking for it. Obviously the site I had constructed used likeness to the state’s site, I should have actually looked at the finished product but it was such a small task I just kind of assumed it was all set from the guys I paid to do it. I don’t know enough about copyright to know how much of a likeness or reference is allowed so I scrapped the site as soon as they called me, I really wasn’t looking to get into any trouble.

4.) Why the hell did my host shut my box down instead of calling me? First rule of etiquette is call your client before shutting them down right? I might say ‘fuck you they stole this content from me’ or I would’ve probably gone ‘OK I will change the page immediately.’ Either way I now know that if anyone called my host and said ‘Shut Mike down now!’ my host would probably respond immediately ‘OK RANDOM STRANGER HAVE A GREAT DAY!’ Honestly! What if I called up using spoof card to cover my number and just pretended to be something. That’s why most GOOD providers, request written proof, etc.

So here I am asking these questions and I reached out to a friend who actually had a copy of a cease and desist from the attorney general’s office from a southern state with almost identical ‘infringements’ as mine. It was a very generic one similar to what I had seen in the past. You basically get it and take down the site, and no one bothers you anymore.I’ve never had anyone go to my host to complain. When I told my friend about this he immediately started telling me to ditch my host because they are lying.

This comment puts me in a real debate. Is Volsh just that shitty that they make outrageous lies to cover up their horrible support? Or is Martha Coakley really hunting me down like a rebel gun seller?!? I really don’t have any idea but I am pretty pissed at both of them! I can’t really leave MA and ditch Coakley’s reign but I sure can and probably will ditch Volsh.

Do I approve of buying/selling email lists. No not at all. I perfectly believe in say having someone like Frank Kern give you XX% of their profits for a program that you promoted in your email list, that’s basically what affiliate marketing is all about, so get over it people. This is the price you pay for signing up for someone’s list, you get to listen to their pitches as well.

So back to the point at hand, I saw this post on Shoemoney’s site and then saw this post referencing it from Jonathan Volk’s page. Why are these guys both pushing this idea? Well firstly it’s a great idea in concept. It is one of those things that you hear and go “Holy shit I am totally fucking doing this from now on!” It gets you so motivated you might very well sign up for their mailing lists that they have each been pushing pretty hard lately. So lets not blame them for sharing the secret to try and make us feel more comfortable signing up for their lists, I actually give them each props for that. They found a way to present us with valid info that might make us more likely to convert (sign up for a list) kudos to both of them.

However lets blow this concept right out of the water here.

1.) Shoe referenced it works on gmail and Most other email services. Well I tried it on gmail, lotus domino server, yahoo, aol, and my shitty web host’s squirrel mail. Out of those 5 relatively major email providers ONLY gmail accepted that command. This proves a couple things. First Gmail is obviously amazingly awesome here and we should all switch to it. Secondly Shoe’s claim is a quick info note that has a lot of flash appeal to us but not too much reliability.

2.) How reliable is having a stupid ‘+’ sign in there to track your emails? Well its about as reliable as my current affiliate campaigns (that aint saying much people)! I will illustrate in the below screenshots how in about say 3 seconds any email list seller/buyer can scrub their list of your attempts to track who is selling your emails.

Most list providers allow you to export to Micrososft Excel in some fashion (.xlsx, csv, etc). You basically open your list, no matter how large it is, and use the replace function. Where the box prompts you what you want to Find just insert “+*@” (no quotes) and then say replace it with “@” (no quotes) and say Replace All. There you go! This little quasi code says replace anything that starts with + and ends with @. In a matter of seconds it removes all those handy tracking ids we spent our time separating out. See the below images to get an idea how I did it with a quick list I typed up.

Email List Before Edit

So as good as an idea this was to wow us and make us feel save to sign up for our favorite blogger’s email lists, it is absolutely worthless! So now that you are worried that Shoe and various other people are going to sell your email look on the bright side. If someone like Jeremy comes up to you and says “Hey I have this list of 100k emails you want to buy for $20?” you can now drop your hard earned cash and know that no one is going to know bought their emails! Ta Dah!

Our current cell phone bill for our company wireless phones seemed to be slowly drifting out of control. After analysing our bill I noticed that we have a few people who are using a ton of minutes on the plan and others who aren’t using anything. Now this isn’t really a big deal with a normal, voice only, phone since those typically utilize shared minutes and cost about $10.00 per month to keep on the plan. The real problem with this scenario are higher prices phones that aren’t taking advantage of all of their costs.

This brings me obviously to the one and only, BlackBerry.

We have approximately 10 BlackBerry users. Each BB costs approximately $55 a month in addition to any shared minute pool costs. I can see on our bill that each BB user is actively using its data capabilities to stay in constant contact via the company’s email system. This is good, this is why we cover the cost of the phone for them! However I also noticed a few users who were using low minutes, like 9 minutes a month for one user, 23 a month for another one.

Basically what this turns out to be is users were issued BlackBerry devices but they never stop using their personal cell phone. I can relate to this, why ditch your regular cell phone if the company may some day ditch you and you are out your cell number. There are obviously numerous other drawbacks to switching to a company provided phone.

So in the interest of looking at some cost savings I wanted to check out some alternatives to BlackBerry services. There are obviously TONS of cell phones that can do email but the data costs are basically the same. Then I stumbled upon the Peek Pronto. The peek is a small handheld device that utilizes cell phone antenae services to download emails. THATS IT! It does no voice, no websites, just email (well that and texting via email services).

So how could this benefit us? Well basically these users who are still using their own personal cell phones are already carrying around two devices with the BB so ditching the BB for a similar item shouldn’t be too much of an issue. The Peek Pronto is WAAAAY cheaper! The Peek’s monthly service bill (yes you still need to pay for it since it uses cell services) starts off at $20 per month, if you pay on a month to month basis. If you opt to pay for a whole year up front it drops to only $15 a month. They also offer the option of a One Time $250 payment that will grant the device lifetime access. Let’s do the math, if we switched two low minute usage BB users to the Peek and paid an upfront $250 fee we would cover ourselves in $250/$55 = 4.5, 5 Months until ROI is achieved! Lets just say that the users go 2 years with these devices, that equates to saving, $1,045 in savings over the initial investment! Now imagine if you have a larger company and were able to switch say, 100 users!

Now the QoS(quality of service) comes back into play. How reliable is the Peek Pronto’s service? How useful is the device? Does it actually work? How secure is it? These are all questions that would need to be answered. My biggest fear is security. With the BlackBerries we run a BB Enterprise Server that allows us to remotely wipe the devices if they are lost/stolen. This makes it so that confidential emails aren’t that risky on the company BBs. The Peek doesn’t appear to have this as an option. It is essentially a wireless POP3 email checker, so you can change your email password remotely and the lost/stolen device wouldn’t sync to new email but it would still contain what has been downloaded to the device.

So Let’s Try It!

With such a low investment cost of only $60 for the device and $20 for 1 month of service, I figured I would pick up a temp one to test it out. It arrived in the mail the other day and so far I’m not that impressed. I’ve had a few bugs pop up already (ie: emails get downloaded 2x sometimes, showing two copies in the inbox). The service isn’t as fast as a BlackBerry even though it is supposed to be an instant push. The device is a neat idea but I certainly have my doubts on if it could replace a BlackBerry email service without losing substantial QoS.

I will update as a use more.