40 Years of Spam

Recognizing the upcoming 40th anniversary of spam (the bad kind), Forbes shares 25 facts you may or may not have known about everybody's least favorite kind of email messages. There's a couple of nits possibly worth picking there for accuracy's sake, but it's mostly an interesting trip down memory lane.

H/T: Multiple folks.

Cloudflare Launches 1.1.1.1 DNS Service

Cloudflare just launched their own public DNS service. To try it, simply configure your computer to use the DNS servers 1.1.1.1 and 1.0.0.1. Then your computer's DNS lookups (the internet's mapping of domain names to IP addresses) will route through Cloudflare instead of through your ISP.

This is being described as a privacy-focused tool, even though Cloudflare is getting access to gobs of data and traffic and could be doing stuff with that data. But if it's fast and works well, and your ISP's DNS servers don't work so well, it might be something to try.

There are actually a number of other DNS services like this out there.

Google Public DNS is perhaps the most well known one. (It's the one I use most often.) To use their service, you set your DNS server settings to use 8.8.8.8 and 8.8.4.4.

There's also OpenDNS and Quad9 that are intended to help block bad stuff.

And you can find even more services like that here. With all these options, does a savvy geek even need to run their own DNS server nowadays?

Though, I'm not sure it's safe to try to query DNSBLs (anti-spam blacklists) through these DNS services. It's entirely possible that some DNSBLs block them as they may appear to be overwhelmingly large sources of traffic. (Or possibly a DNSBL might like this if the DNS service effectively acts as a cache for them; but I don't have any data on this.)

Message Header & Message Checking Tools

Need a tool to parse message headers? Trying to break down how long it took to hand off an email message between servers?

Check out this tool from Microsoft, and this tool from Google. Both do basically the same thing -- you paste in the email headers and it will parse them, giving you a breakdown of how much time it took between each server hop.

Here's another Google tool you should bookmark. It lets you decode blobs of Base64-encoded content. Sometimes you'll find this handy when viewing the source of an email message and running into content encoded in this way. I just used it to decode an odd bounce message yesterday.

And here's another thing that a coworker shared with me -- Mail Tester helps you check your emails against SpamAssassin in an easy-to-use way. Check it out!

Goodbye, goo.gl

Did you use goo.gl to shorten links in email newsletters or text versions of emails? Looks like the ability to do that is going away. Doesn't every ESP or email platform have its own click tracking or URL rewriting mechanism by now? And using third party URL shorteners has long been sort of a mixed bag, anyway.

What is Microsoft BCL?

Now that Microsoft has merged their Office365 and Hotmail/Outlook.com platforms, this should apply to anybody sending to either platform. Microsoft calculates a "BCL" (Bulk Complaint Level) for a sender's IP address or sending domain name. (Which? I'm actually not sure at the moment. Let's assume both for now.)

The BCL score is a 0-9 score, where higher basically means "sent by a bulk sender, and more spammy." See this Microsoft Technet article for more details.

How do I tell what my BCL score is? Select "View Message Source" on an email message received at Microsoft Hotmail/Outlook.com. Find the "X-Microsoft-Antispam" header. Here's an example:

X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000109)(4604075)(4605076)(610169)(650170)(651021)(8291501071);SRVR:CY1NAM02HT241;

That first entry -- BCL:0 tells us that this message is from a sender that has a BCL score of zero. (This message is not from a bulk sender.)

What do those other entries mean? PCL means "Phishing Confidence Level" per this document. So it's good to see that is zero. The rest? I'm not sure. I'll share more as I learn more.