Monday, February 28, 2011

Exams by computer

I'm waking up slowly the other day, and one of my pleasures is to listen to Radio4 before I drag myself out of bed to face the day. Isabel Nisbet, the outgoing chief of OfQual, was on. She has a lovely idea: the youth of tomorrow should do their examinations on computer.

Well, fine and dandy. Let's just imagine that we're a sixth form college or around 3000 students. We have two years, both of which do exams in the summer, and there is some overlap in the timetables.

Soooooo....we could have around 2000 students doing exams at the same time. Now, we need a bit of leeway, and we have a three year replacement cycle so...

  • I need to build a network to manage 2000 computers
  • I need to buy around 700 a year to replace old ones- that's a budget of around a quarter of a million a year on computers alone.
  • I need, ooh, 40 computer rooms - which I don't need the rest of the year.
  • Oh, and they need to be secure for exams.
If Ms Nisbet can tell me where that lot is coming from, I'm up for it.

Reporting SPAM...

I even had a reply from the nice lady at the SPAM reporting centre, apologising for the SPAM blocking stuff.

She suggested I sent my emails in by post.


Sunday, February 27, 2011

Yay! Someone, at last, has created a repository for fraudulent spam emails to be analysed and "dealt with".


and, lo and behold, they have created an email address to which we can all send fraudulent email, once only, so they have a record.


I sent a couple yesterday. I spend some time copying and pasting the full headers. I don't know if these guys knw something I don't, but I need the headers to work out what is going on. Just copying the email is a pure waste of time.

I tried to send a couple more today. Spent a few mins on the headers, as yesterday.

I get a 550 on the first one - it just said it was SPAM. Well, hey, I knew that already.

Here's the second:

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
    (ultimately generated from
    SMTP error from remote mail server after end of data:
    host []:
    553-Message filtered. Please see the FAQs section on spam
    553-at for more
    553 information. (#5.7.1)

So, hang on a mo. They're asking me to send SPAM to this address, and messagelabs, bless 'em, are filtering it all out.

So, someone, somewhere hasn't really thought this out properly...?
Nothing new there.

Saturday, February 19, 2011

Had a phone call from a very IT literate guy in another, similar school yesterday. His head is worried about security, and won't use the EMAIL system because he is convinced his email is being read by the network people.

Well, no surprise there then. As a protocol developed in the 1970s for email between friends on ARPANET, the whole thing is inherently insecure.  We use kludges to encrypt at various stages, but it's difficult to tell someone that an TLS SMTP transaction doesn't mean the email is secure on the IMAP server it ends up on.

Then, of course, there is the statement that it's all but impossible to secure files kept on a file server to which someone has physical root access.

Most of the articles on IMAP security consider only an encrypted exchange with the server.

So, the only way his emails are going to be secure is if he elects to use PK Encryption (or equivalent)  on his email client. But this is just far too unwieldy for the untechy types using email these days. The costs outweigh the benefits.

So one trots out the other line. Email is about as secure as stuff on the back of a postcard.

My PK is (0x) 35168699

Sunday, February 13, 2011

The guy wasn't too pleased his email wouldn't arrive. He'd tried several times, so one of the support staff asked him to play our usual trick of emailing us and CC a gmail address so that we have a time fix, and a server name.

Only this time the gmail didn't arrive either- and the guy was clearly getting irate, so I got involved.

After an hour or two, the penny dropped. the outward facing email server at my end (exim - a truly wonderful piece of code) was checking the incoming HELO for syntax. His HELO had an underscore in. So the fix was delightfully simple:

helo_allow_chars = "_"

in the configure file and

killall -HUP exim

at the command prompt.

About 5 mins later, his message was accepted.
But why do I have to break my server from spec? Well, he's a potential customer, with an exchange server and MS trained guys who don't know anything much about the RFCs for hostnames not containing underscore characters

I did have what I think is an effusive email from him. I suspect he's not too chuffed with his techies.

Friday, February 11, 2011

I've been fettling our email system at work - implementing a proper, locked down SPF, and DKIM signatures on all outgoing email.

SPF has been fantastic at cutting down the amount of SPAM coming in from forged domains - yahoo, in particular. So I have been looking round at how other domains implement SPF.

A lot of domain admins seem to misunderstand it. The presence of an SPF validated sending IP address is no statement of HAM-ness of the email. However, the absence of one in a domain locked down with -all most certainly is.

Enter a big UK bank - let's call them Hickleys. They have SPF set up on, and it's -all too, meaning that it's definitive: if the IP address isn't in that definition, then it's a fake. Fantastic.

The only problem is that doesn't have any SPF entry at all. So I can  go forge email from and send it to the world with no SPF cover whatsoever. Which member of Joe Public is going to realise that all email from Hickleys has to come from, not And blocking email from the TLD, and allowing it through from the email subdomain is interesting to say the least.

Then, of course, there are all the little players out there running with a +all SPF setting. There is a delightful little Canadian firm of Lawyers who's email domain is spammed a lot (by third parties, obviously) at work, because they have said "anyone, anywhere in the world can send email from us" in their SPF definition...

(That's SPFending with +all)