TidBITS#753/01-Nov-04
=====================
Apple surprised pundits last week with the release of iPod Photo,
an iPod with a color screen that also stores and displays photos.
At the same event, Apple also unveiled the iPod Special Edition:
U2, and announced the European iTunes Music Store. Also in this
issue, Adam looks at the Postini spam-filtering service, and
we note the releases of Retrospect 6.0.204, Security Update
2004-10-17 (for Apple Remote Desktop Client), and an Office X
10.1.6 security update.
Topics:
MailBITS/01-Nov-04
DealBITS Drawing: iMove from MaxUpgrades
Apple Intros iPod Photo, iPod U2, and Euro iTMS
Postini Brings Relief from Spam
Hot Topics in TidBITS Talk/01-Nov-04
<http://www.tidbits.com/tb-issues/TidBITS-753.html>
<ftp://ftp.tidbits.com/issues/2004/TidBITS#753_01-Nov-04.etx>
Copyright 2004 TidBITS: Reuse governed by Creative Commons license
<http://www.tidbits.com/terms/> Contact: <[EMAIL PROTECTED]>
---------------------------------------------------------------
This issue of TidBITS sponsored in part by:
* READERS LIKE YOU! Help keep TidBITS great via our voluntary <------ NEW!
contribution program. Special thanks this week to Chris Lozach,
Tareck Elass, and Dennis Taylor for their generous support!
<http://www.tidbits.com/about/support/contributors.html>
* SMALL DOG ELECTRONICS: iPod Accessory Kit - $124 <----------------- NEW!
for 3rd & 4th Generation iPods. Includes Belkin
Camera link, iTrip, Car Charger & Zipcord Buds!
Visit: <http://www.smalldog.com/tb/> 800-511-MACS
* FETCH SOFTWORKS: With FTP, Fetch does it all! Upload, <------------ NEW!
download, mirror, and manage your web site. Fetch works
with Mac OS X, Mac OS 9, Mac OS 8, and even System 7!
Get your free trial version at <http://fetchsoftworks.com/>!
* Dr. Bott, LLC: There's still time to get your favorite student <--- NEW!
some new back to school gear for her PowerBook: whether it's
the agile SportFolio or the svelte CEO Milano, Marware makes
the ideal case for your 'Books. <http://www.drbott.com/>
* Web Crossing: Did you know Web Crossing does Blogs?!? Used for
workgroup reports, entertainment, advice columns, politics, or
whatever, Web Crossing's Blogs can integrate w/discussions,
access lists, etc. Try it! <http://www.webcrossing.com/tb-504>
* "The best keyboard Apple ever made" is reborn! The Tactile Pro <--- NEW!
Keyboard is built from the same premium keyswitch technology
as the legendary Apple Extended and Extended II keyboards
Order yours today! <http://tactilepro.com/index.php?refID=5>
* MindFortress: Need a secure digital wallet to store passwords, <--- NEW!
serial numbers, credit card info? Notes? Pictures? Movies?
Custom templates to make your own cards to fit your needs?
Get MindFortress! Free trial at <http://www.mindfortress.com/>
* StuffIt Deluxe 9 from Allume Systems improves on the Mac's
essential compression utility! Now featuring faster performance
and improved Finder integration and data management options.
Upgrade for only $29.99! <http://www.stuffit.com/mac/deluxe/>
* Bare Bones Software BBEdit 8.0 -- More than 100 new features
and improvements including Text Factories, Codeless Language
Modules, a Documents Drawer, and much more! To download a
demo or to purchase a copy, visit <http://www.barebones.com/>.
* easyDNS: No Static IP#? No Problem! With easyDNS's world class <--- NEW!
Dynamic DNS Service. Run FTP, email & web servers even without
a Static IP#. Use your present domains or register a new one.
easyDNS: the way things should work. <http://www.easyDNS.com>
* AUDIO HIJACK PRO: Gain total audio control with Audio Hijack Pro <- NEW!
Now you can record and enhance ANY audio, from Internet streams
(Real, WMP, and more) to DVD audio. Even import vinyl records
and tapes! Download it now! <http://www.rogueamoeba.com/tb/>
---------------------------------------------------------------
MailBITS/01-Nov-04
------------------
**Go Vote!** We strongly encourage those of you who are eligible
to vote in U.S. elections to take the time to register your
opinion about the actions of your local, state, and national
government by voting in Tuesday's elections. Every vote matters
in at least a small way, and you never know which elections
could come down to a single vote - yours. [ACE]
**Retrospect 6.0.204 Released** -- Dantz Development, now
owned by storage gorilla EMC, has released Retrospect 6.0.204
(that's build 204 of Retrospect 6.0), to fix a number of subtle
issues (see "Dantz Ships Panther-Compatible Retrospect 6.0"
in TidBITS-714_). The bugs fixed include one that could cause
Retrospect to delete more files than it should under highly
specific conditions when performing Duplicate or Archive
functions, and another that could sometimes render a Mac
unbootable after a restore of a system that had multiple
Mac OS X updates applied. Other improvements include faster
matching speed (and no more -108 errors) when restoring from
a pre-Retrospect 6.0 backup set, more accurate matching of files
on Linux clients, compatibility with Linux clients running under
Red Hat 6.2, the capability to back up files and folders with
high ASCII characters in their names from pre-Mac OS 9.0 and
Linux clients, and proper handling of volume creation dates
when duplicating. Retrospect 6.0.204 is a free update for all
users of Retrospect 6.0; it's a 24.7 MB download. [ACE]
<http://kb.dantz.com/article.asp?article=1126&p=2>
<http://www.dantz.com/en/support/updates.dtml>
<http://db.tidbits.com/getbits.acgi?tbart=07515>
**Security Update Patches Apple Remote Desktop** -- Apple has
released Security Update 2004-10-27, a patch to Apple Remote
Desktop Client 1.2.4 that prevents a remote user from starting
an application behind the login window, which would allow the
application to run as root. The vulnerability exists on Mac OS X
10.3 systems with Apple Remote Desktop Client 1.2.4 installed
and Fast User Switching enabled. On an unpatched system that
has a user logged in, but the login window visible via Fast
User Switching, an Apple Remote Desktop user with privileges
to do so can start an application, which would run as root.
(The vulnerability requires that the Remote Desktop user have
a valid username and password to access the system; it does not
expose the machine to unauthorized use.)
<http://docs.info.apple.com/article.html?artnum=61798>
The 832K download, available through Software Update or the Apple
Downloads page, only applies to Mac OS X 10.3 and later operating
systems, and isn't needed if Apple Remote Desktop has already been
upgraded to version 2.1. [MHA]
<http://www.apple.com/support/downloads//securityupdate20041027ard.html>
**Office X Updated Slightly** -- Lost temporarily in the news
of the recent update to Microsoft Office 2004 (see "Microsoft
Office 2004 for Mac Service Pack 1 Squishes Bugs" in TidBITS-751_)
was the fact that Microsoft also updated the older Office X on
13-Oct-04. The improvements in the Microsoft Office v.X for Mac
Security Update (10.1.6) include proper functioning of Word X's
AutoRecover when FileVault is enabled (not that we recommend
FileVault in most situations), and a fix to a bug that caused
Entourage X to stop responding when certain corrupted email
messages were received with the Junk Mail Filter enabled. Word X,
Excel X, and PowerPoint X all receive an added level of security
that affects macros that open other macro-containing Office
documents. It's a 38.4 MB download. [ACE]
<http://support.microsoft.com/default.aspx?kbid=883952>
<http://support.microsoft.com/kb/886633>
<http://db.tidbits.com/getbits.acgi?tbart=07858>
**DealBITS Drawing: DayLite Winners** -- Congratulations to Chris
Manderson of telus.net, Donovan Watts of iceplant.org, Daniel
Murray of mac.com, and Peter Jensen of netaxs.com, whose entries
were chosen randomly in last week's DealBITS drawing and who each
received a copy of Marketcircle's DayLite. Everyone else who
entered received a 10 percent discount off the purchase price
of DayLite. Thanks to the 364 people who entered, and keep an
eye out for future DealBITS drawings! [ACE]
<http://www.marketcircle.com/daylite/>
<http://www.tidbits.com/dealbits/marketcircle.html>
<http://db.tidbits.com/getbits.acgi?tbart=07863>
DealBITS Drawing: iMove from MaxUpgrades
----------------------------------------
by Adam C. Engst <[EMAIL PROTECTED]>
The design of Apple's recently replaced G4-based iMacs made
it extremely easy to adjust the position of the LCD display
for optimal viewing as you moved around in your chair or
conferred with someone else about something on the screen.
The new iMac G5, sleek and iPod-like though it is, lacks much
of that adjustability, since the screen can only tilt up and
down through 30 degrees of motion. For any kind of side-to-side,
forward-and-back, or rotational adjustment, you must move the
entire iMac, which isn't necessarily an easy task, given that
it weighs in at either 18.5 pounds (8.5 kg) for the 17-inch model
or 25.2 pounds (11.4 kg) for the 20-inch model. The same problem
affects Apple's current aluminum Cinema Displays, which weigh
between 14.5 pounds (6.6 kg) and 27.5 pounds (12.5 kg).
If you find yourself frustrated whenever you want to adjust the
position of your iMac G5 or Apple Cinema Display, or if you just
like to push it out of the way at times, check out the iMove from
MaxUpgrades. The iMove positioning table is a thin black base with
durable plastic rollers, onto which your iMac or Cinema Display
fits perfectly. It raises the iMac or display by only an inch,
so stability isn't compromised, and the rollers provide complete
freedom of movement around your desk with minimal effort. The base
of the iMac or display fits flush into the iMove, providing a flat
surface for holding a keyboard out of the way as well.
<http://www.maxupgrades.com/pressimove.htm>
In this week's DealBITS drawing, we'll be picking two winners,
each of whom will win his or her choice of an iMove for the
17-inch iMac G5, 20-inch iMac G5, 20-inch Apple Cinema Display,
or 23-inch Apple Cinema Display (retail value $149). As usual,
there will be a discount for those entrants who don't win, so
if you have a new iMac G5 or Apple Cinema Display, be sure to
enter at the DealBITS page below. All information gathered is
covered by our comprehensive privacy policy. Be careful with
your spam filters, since you must be able to receive email from
my address to learn if you've won.
<http://www.tidbits.com/dealbits/maxupgrades.html>
<http://www.tidbits.com/about/privacy.html>
Apple Intros iPod Photo, iPod U2, and Euro iTMS
-----------------------------------------------
by Jeff Carlson <[EMAIL PROTECTED]>
Apple last week fulfilled the wish of every Internet discussion-
forum enthusiast who's longed for the capability to view photos
on a tiny color screen. The new iPod Photo incorporates a color
screen into the existing iPod form factor, enabling users to view
digital images in addition to listening to music. The 220 by
176-pixel screen can display up to 65,536 colors. Like iPhoto,
the iPod Photo can display screens of thumbnails (25 images at
a time), or single photos by themselves, using the iPod's scroll
wheel and middle button. It can also display album art for songs
as they play. The device comes in two configurations: a 40 GB
model for $500 and a 60 GB model for $600; both are available now.
<http://www.apple.com/ipodphoto/>
In a bit of a conceptual disconnect, photos and photo albums
are synchronized using the Auto-Sync capabilities of iTunes 4.7,
which was released as a free 10.5 MB download. iTunes was probably
chosen as the conduit because iPhoto doesn't exist under Windows;
it can also pick up photos from Windows applications Adobe
Photoshop Album 2.0 and Adobe Photoshop Elements 3.0, or from a
designated photos folder on either operating system. The Auto-Sync
process converts your photos to lower-resolution versions for
display on the screen, but you can opt to store high-resolution
versions on the iPod, too.
<http://www.apple.com/itunes/download/>
If the iPod's screen is too small for your taste, an included
AV cable connects the iPod Photo to a television for slideshow
playback. An iPod Photo Dock, included with both models, adds
an S-video connector.
Contributing Editor Glenn Fleishman pointed out that these
connectors make the iPod Photo a remarkably compact presentation
manager: load up your PowerPoint or Keynote presentation (after
converting the slides to individual images), plug in a video
projector, and leave the laptop in your hotel room. It's not
far from what Adam did with his Canon PowerShot digital camera
at a user group presentation when a projector failed to show up
(see "The PowerShot Presentation" in TidBITS-669_).
<http://emperor.tidbits.com/.3c534fdf>
<http://db.tidbits.com/getbits.acgi?tbart=07095>
Apple claims that battery life is improved on the new model,
with up to 15 hours of continuous music or 5 hours of continuous
slideshows with music.
Does the iPod Photo herald the imminent arrival of a video iPod?
Although the existing color screen wouldn't realistically be
suitable for video playback, having video-out capabilities could,
in theory, turn the iPod into a portable video playback device -
a portable TiVo, if you will, for watching movies and television
shows while you're on the road. The problem is, you can already
do that with a PowerBook or iBook. And Steve Jobs has made it
clear that Apple believes photos are more compelling on a portable
device such as the iPod right now, compared to other video devices
that are already on the market. I do think that Apple is slowly
laying the paving stones required to someday offer videos on
portable devices and via the iTunes Music (Media?) Store, but
only according to Apple's schedule.
**U2 Can Enjoy an iPod** -- In other iPod news, Apple announced
the iPod U2 Special Edition model. In addition to engraved
signatures of the members of the band U2, the front face is black
instead of white, with a red scroll wheel; it's available only
in a 20 GB configuration. It also includes a $50 gift certificate
that can be applied to "The Complete U2," a digital boxed-set
of the band's music containing 400 songs and 25 unreleased tracks.
(Contrary to some reports, no music from U2 is included on the
iPod.) An included exclusive U2 poster will no doubt seal the deal
for some fans. The iPod U2 Special Edition will be available in
mid-November for $350.
<http://www.apple.com/ipod/u2/>
**European iTMS** -- Finally, Apple also announced that it has
launched a European version of the iTunes Music Store. Previously
available in the U.S., France, Germany, and the United Kingdom,
the EU iTunes Music Store now also supports Portugal, Spain,
Luxembourg, Italy, Greece, Austria, Belgium, The Netherlands,
and Finland, all with songs priced at EU0.99 apiece. Apple also
says it finally plans to launch its iTunes Music Store in Canada
during November.
<http://www.apple.com/pr/library/2004/oct/26itmseu.html>
<http://www.apple.com/itunes/>
Also noteworthy is news that a version of the iTunes Music Store
for Ireland (the only European Union nation not included in last
week's announcement) was apparently planned for the EU rollout,
but some last-minute glitches held it up. Hopefully we'll see it
come online soon.
<http://www.macinformation.com/>
Postini Brings Relief from Spam
-------------------------------
by Adam C. Engst <[EMAIL PROTECTED]>
From what I gather, the spam problem continues to worsen, but
thanks to the domain-level anti-spam service from Postini, I and
others who receive mail at tidbits.com are no longer drowning in a
fetid tide of spam. That's not to say that Postini has completely
eliminated spam for us, but I was receiving about 1,000 pieces of
spam per day before Postini, and now only 10 to 30 per day make it
through to Eudora (where SpamSieve promptly dumps them into my
Junk mailbox).
As these numbers show, Postini is not a magic bullet. Spam hasn't
disappeared entirely from my life, and in fact, I now have two
quarantines (Eudora's Junk mailbox and Postini's online webmail-
like quarantine) to check for false positives. But the constant
onslaught has abated, and the psychic toll it exacted has lessened
by an astonishing amount. Postini isn't perfect, but I in no way
regret signing up with them, and it's easily worth the $1 per
protected account per month that digital.forest charges for
the service.
**Initial Pain** -- There are two basic modes for Postini, setup
and regular usage. You only go through setup once, though if
you're the administrator for your domain, you may have to dip
into the Web-based administration interface occasionally to tweak
settings for a user. Unfortunate though it was for this review,
Postini significantly improved the administration interface after
I set up my account, making it difficult for me to say exactly
how it would work now for someone coming in fresh.
That said, when I set up my account under the previous
administration interface, I was unimpressed. The interface
was confusing and arcane, and only with the help of Bill Dickson
(my co-author on my second book, Internet Explorer Kit for
Macintosh, and now a technical guru at digital.forest) was
I able to figure out an appropriate strategy for our setup.
Here's the problem. Like most domains, I have a number of real
users (mostly staff and family), and I wanted their accounts
to be protected by Postini. But I also have quite a few alias
accounts that come to me (or to other staff members) and unlike
most domains, we run a slew of mailing lists and auto-replies,
each with their own addresses. I didn't want to pay for each
of these automated accounts (since that would radically increase
our overall cost), nor did I want to take the time to check the
quarantines for each one on a regular basis. So Bill and I worked
out a four-step approach.
First I identified all my real users in Web Crossing, made some
lists, and informed them manually of what was going to happen.
Importing those addresses into Postini was easy, although glitches
in the previous Postini administration interface meant that people
didn't receive custom welcome messages properly. Second, I added
the alias accounts to the appropriate real accounts; Postini
charges on a real user basis, so there's no downside in having
lots of aliases. Third, instead of trying to identify and import
all the automated accounts, I changed Postini's "default user"
such that spam filtering (and thus charging) was turned off, and
I turned on automatic account creation. Fourth and last, I changed
the MX records in my DNS settings so all mail to tidbits.com flows
through Postini's mail servers before it comes to my server.
This third action - automatic account creation - turned out to
be subtle and important. It would be nearly impossible for me to
identify every automated account we have and might create in the
future, particularly because it's so easy to set up a mailing list
in Web Crossing. Postini's automatic account creation looks for
legitimate incoming mail, and creates accounts automatically, but
since it's always possible that spam will appear to be legitimate
(or that someone will just type a username in a tidbits.com email
address wrong), it's important that those automatically created
accounts not employ spam filtering and thus stay out of our
monthly bill.
I discovered the problem with automatic account creation shortly
after enabling Postini. I connected to the administration
interface and found my account included not hundreds, but many
thousands of users. It turns out that Web Crossing, like some
other mailing list management programs, sends messages to list
subscribers from unique addresses, making it easier to link
particular subscribers with bounce messages that come back.
In essence, this meant that for every bounce that came into Web
Crossing, Postini created a new account (nearly 23,000 so far).
Although there is no way to delete all these bogus accounts
as far as I can tell, they don't appear to get in the way,
so I've just left them alone. The other downside to this
approach to creating unprotected accounts automatically is
that when I do want to create a new protected account, I have
to do that manually. That's fine, though, since such an action
has a real-world cost attached to it.
In the end, although my feeling is that Postini's current
administration interface is a lot more understandable than the
previous one, you must still think carefully about what you want
to do if you regularly create new accounts that either should
or should not be protected by Postini.
In fact, I've mostly gone into the administration interface to
add many of my mailing lists' management addresses to my account
as aliases. That enables Postini to weed out the vast majority
of the malformed spam that was causing conniption fits for our
elderly ListSTAR server, and since I check for false positives
in these accounts simultaneously with checking for my main
account's false positives, there isn't much added work. In some
cases, the aliases actually save effort, since seeing three to
five spam messages with identical subjects makes for easier
identification than if I had to read the subjects more closely.
**Regular Usage** -- Everything I just described is of interest
only to the person who will be managing a Postini setup. Normal
users whose email addresses are protected by Postini don't have
to mess with any of that and enjoy a significantly simpler
experience. Here's how I use Postini as a normal user.
I've set up Script Software's iKey to open the Postini Message
Center Web page automatically every morning at 9:00 AM. The
Message Center is basically a webmail client that shows you two
lists of messages: the Virus Alert list containing virus-infected
attachments, and the Suspicious Junk Mail list of messages that
Postini thinks might be spam. For each message, you see the
sender, the subject, and the date, and for the possible spam
messages, there's also a column that tells you what category of
spam the message might belong to (generic bulk mail, naughty bits,
get rich quick schemes, special offers, or - one I've never seen
triggered - racially insensitive messages). You can sort the lists
by any of these columns; sorting on subject works well for me
because of the many duplicate messages I get.
<http://www.scriptsoftware.com/ikey/>
I ignore the Virus Alert quarantine list, so Postini automatically
deletes messages with virus-infected attachments after some period
of time. The main reason for ignoring these messages is that as a
Mac user with a widely known email address, my address is spoofed
by worms all the time, resulting in a lot of virus-infected
messages sent to me, and another bunch bounced back to me after
my address has been used for the From line. Today alone I've
received nearly 70 such messages. Since the likelihood of me
receiving a legitimate but infected attachment is next to nil,
there being almost no Mac viruses, even scanning the list seems
a waste of time.
I do feel badly for PC users who might want to see messages with
infected attachments, since Postini's webmail-style interface is
lousy here. Although you can sort by sender, subject, and date,
you can display (and thus remove) only 10 messages at a time.
If there is a legitimate message, you can click its subject to
view and then choose to deliver it as is, or fix and deliver;
I have no way of knowing how effective the fixes are (Postini
uses anti-virus software from McAfee).
The Suspicious Junk Mail list isn't limited to displaying only 10
messages at a time; it can show up to 200. You can of course click
a subject to view the associated message, and for those legitimate
ones that are caught incorrectly, you can choose to deliver them,
or deliver them and add the sender to a whitelist. There are also
shortcut controls for removing all the visible messages and
delivering selected messages.
Postini's user interface suffers in comparison to webmail clients
I've seen, but it is functional. At first, I found it rather
clumsy, given the amount of spam I get and the frequency of false
positives (one or two per day). I've subsequently figured out
a usage technique that works extremely well. First, I click the
link that selects all the messages, 99 percent of which are spam.
Then I scroll through the list, scanning the subject column for
potentially legitimate messages. This task turns out to be easy,
perhaps easier than in Eudora because of the extra white space
in the display. For each legitimate message, I deselect its
checkbox. At the end, I click the Remove button to trash all
the spam, leaving just the legitimate messages. Then I select
all of them, click the Deliver button, and for permanent sender
addresses (as opposed to the temporary bounce addresses used
by some mailing lists) I add them to my whitelist. For those
temporary bounce addresses, I copy the domain, click the Junk
Email Settings link, and add the entire domain to the whitelist
(it would be more efficient if Postini offered an option to add
either the full email address or just the domain during the
approval process; such interface niceties are generally missing
in Postini). Don't assume you can use the whitelist as you would
in a client email program; it's reportedly limited to 4,000
characters, and should be used only for the addresses sending
mail that Postini is filtering incorrectly.
Most of my other users don't receive nearly as much spam, so they
visit their quarantines less frequently (Postini can send reminder
messages to let you know you have quarantined mail waiting) and
are less likely to see false positives. Some people, including
Tonya, have decided they're too busy to bother checking, so they
undoubtedly miss a few legitimate messages here and there.
The main feature Postini's Message Center lacks is a search
field - if you're missing a message, being able to search for
it rather than scroll through all the possibilities would be
a great help, particularly for those users who don't visit
the quarantine regularly.
**Filtering Accuracy** -- Just how good is Postini's filtering?
I wish I could say for sure, but metrics are tricky for a number
of reasons. Before anything else, Postini checks incoming messages
against what they call the Blatant Spam Blocker, and from what
I can tell, that takes out as much as 80 percent of my spam
without even letting it into my quarantine list. I was receiving
about 1,000 spam messages a day, and now my quarantine shows me
about 125 messages a day. However, remember that my quarantine
actually displays spam messages received by over 30 accounts,
whereas my 1,000 messages were to only about 5 accounts. Of those
125 per day, it's entirely common for 1 or 2 to be legitimate,
although I can usually understand why Postini would have
considered these messages suspicious. I receive a lot of press
releases and mail from companies about product offers, and it's
difficult to differentiate them from the latest too-good-to-
be-true offer from a spammer. Then there are the 10 to 30 spam
messages that Postini allows through. Further confusing the
measurements is the fact I haven't yet locked down Web Crossing's
SMTP server such that it accepts incoming SMTP mail only from
Postini and a few of our servers, and some spammers deliver
mail directly to our Xserve's IP number, thus bypassing Postini
entirely. (That configuration change will be happening soon;
I hadn't realized how much spam was coming in that way.)
Overall, Postini claims 95 percent accuracy and less than
1 percent of false positives, and that seems roughly accurate.
SpamSieve is better, though comparing a single-user tool like
SpamSieve to the multi-user Postini isn't quite fair.
These numbers raise the question of exactly how Postini filters
incoming mail. My contacts at Postini won't say exactly how the
system works, presumably to keep spammers from circumventing it,
but the FAQ says they use "an advanced filtering technique ...
built on heuristic rules, lists of approved and blocked senders,
and databases of known junk email." In other words, Postini is a
black box, though a black box whose sensitivity you can set in
certain categories. Remember those categories I mentioned earlier?
You can adjust, on a five-point scale, Postini's aggressiveness
in holding suspicious messages in your quarantine. The more
aggressive your settings, the fewer spam messages will make it
through Postini, but the more legitimate mail will be caught in
the quarantine. That's the other reason I was waffling on how
effective Postini has been - I've chosen somewhat aggressive
settings, and I've been slowly increasing the aggressiveness
as I become more comfortable with how Postini works. There are
default settings for a domain that the administrator can set,
and every user can override them individually.
One annoyance is that Postini apparently analyzes only mail
written in English. Since I get a vast amount of spam from China,
Korea, and Japan, it's frustrating to know that Postini could
catch more those messages, since almost all of them (short of the
Japanese translation of TidBITS) are guaranteed to be spam, given
that I can't read any of those languages. Despite this limitation
on language analysis, Postini still clearly eliminates a great
deal of foreign-language spam during the Blatant Spam Blocker
pass, and a good many messages that appear in my quarantine are
also in other languages and character sets.
Can Postini be trained? Yes, but not by individuals, short of your
whitelist and another list of permanently blocked senders. You can
forward spam that gets through to Postini, but doing so merely
suggests the message as one to learn from. Although that may make
you feel powerless, it makes sense, since people are notoriously
inaccurate when identifying spam, particularly now that many
people consider any message they don't want as spam, even if they
signed up to receive it. However, Postini provides service to
3,700 domains with 5 million end users, who receive 1.3 billion
messages every week. That volume is almost unimaginable, but it
ensures that Postini has a massive store of spam to analyze for
patterns. The volume also explains Postini's conservative approach
to improving the end user interface and allowing user-based
training.
The current administration interface does offer some reports for
the administrator, so I can tell, for instance, that Postini lets
about 70 percent of incoming messages to tidbits.com go through,
and quarantines about 30 percent. I can see which of my users
receive the most messages, the most spam, and the most viruses.
The reports appear to go back only about 45 days, though, limiting
their utility for trend reporting.
**Ambivalence and a Recommendation** -- You may have noticed a
certain level of ambivalence in my report so far. It stems from
the fact that Postini is not the be-all and end-all of anti-spam
services. Its methodology is unknown, and not as good as other
tools I've seen. Its interface is usable but mediocre, unless
you need to scan virus-infected messages, at which point it's
poor. It doesn't allow user-level training and doesn't pay full
attention to mail that's not in English. And it isn't smart about
ignoring, or allowing the mass deletion of, temporary addresses
used by mailing list software for bounce tracking. In short,
Postini is not an ideal service for the technically savvy email
administrator who understands anti-spam techniques and enjoys
getting a little dirty while maintaining an anti-spam system.
Such people should stick with lashed together open-source anti-
spam programs, which can be highly effective, if time-consuming
to set up and maintain. (Contributing Editor Glenn Fleishman
has set up such a system, and we hope to tell you about it soon.)
Years ago, I fell more into that camp. Now, I'm just sick of
thinking about spam, and if Postini can do as good as job as I've
seen it do on my mail for $1 per month per account, that's money
well spent and time happily regained. Not long ago, I received
a renewal notice and $200 invoice from the MAPS service, which
sells access to a real-time blackhole list that we used before
our switch to Web Crossing. I'd forgotten that we paid $200
to MAPS each year; now Postini seems like an even better
investment, since our yearly bill won't be too much more than
the MAPS payment. My users have gone from moaning about how much
spam they got to gushing about how completely Postini has solved
their spam problems. My mail and list servers, all four of which
have been taken out by malformed spam at one time or another
(and which often require significant effort to bring back online),
are more stable. As I said at the start, being able to stop
dealing with the massive influx of spam has been a huge psychic
weight off my shoulders.
There are of course competitors to Postini, and I even received
pleasant email from several of them after I announced our Postini
trial, offering similar free trials. In an ideal world, where I
had the time and energy to satisfy my intellectual curiosity about
everything, I would have taken them up on their offers. But as it
stands, I can't imagine turning off Postini in favor of something
that might not work as well.
So, despite my technical ambivalence about some of the ways in
which Postini is implemented, I definitely recommend the service
to anyone who needs to deal with spam to an entire domain and
doesn't want to think about it much after setup. (If you have
a normal email account at an ISP, you can't use Postini unless
your ISP offers it.) The price I've been quoting - $1 per month
per account - is available only through digital.forest, the
network service provider and Web hosting service we've long
relied upon and recommend. It may be more cost-effective for
large organizations to work directly with Postini, but if
you don't have thousands of accounts and are interested in
using Postini's services, contact digital.forest via email
at <[EMAIL PROTECTED]> or use the phone: 877-720-0483, option 2.
You might need a little hand-holding with your setup, but I
hope my explanation how you want to configure Postini for real
accounts, alias accounts, and with automatically created accounts
helps smooth the process a bit. In the end, I think you'll be
happy with Postini's service.
<http://www.forest.net/>
Hot Topics in TidBITS Talk/01-Nov-04
------------------------------------
by TidBITS Staff <[EMAIL PROTECTED]>
The second URL below each thread description points to the
discussion on our Web Crossing server, which will be much
faster.
**Experiences with Missing Sync & Friends** -- A reader runs
into irregularities when synchronizing his Palm handheld using
The Missing Sync. (4 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2349>
<http://emperor.tidbits.com/TidBITS/Talk/211>
**DVDs and NTSC/PAL** -- DVD video is stored as compressed MPEG2
data, but is there a difference between DVDs formatted with
the NTSC and PAL video standards? (5 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2352>
<http://emperor.tidbits.com/TidBITS/Talk/215>
**Useless password prompts** -- One security feature of Mac OS X
is that the user is prompted to enter his or her administrator
password before installing certain types of software. But is the
frequency of such password prompts making people less diligent
about verifying the validity of what actions are being requested?
(7 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2354>
<http://emperor.tidbits.com/TidBITS/Talk/216>
**Editing JPEGs and losing information** -- Charles Maurer's
articles about working with digital photos brings up the question
of how best to shoot and import your pictures without encountering
JPEG compression, which discards image data. (4 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2359>
<http://emperor.tidbits.com/TidBITS/Talk/221>
**Sending HTML Messages from Eudora** -- Some people would argue
that HTML email is evil, while others acknowledge that sometimes
it's useful or even essential. Setting aside the philosophical
implications of flirting with pure evil, how would one correctly
send HTML-formatted messages from Eudora? (4 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2360>
<http://emperor.tidbits.com/TidBITS/Talk/222>
$$
Non-profit, non-commercial publications may reprint articles if
full credit is given. Others please contact us. We don't guarantee
accuracy of articles. Caveat lector. Publication, product, and
company names may be registered trademarks of their companies.
For information: how to subscribe, where to find back issues,
and more, see <http://www.tidbits.com/>. TidBITS ISSN 1090-7017.
Send comments and editorial submissions to: <[EMAIL PROTECTED]>
Back issues available at: <http://www.tidbits.com/tb-issues/>
And: <ftp://ftp.tidbits.com/issues/>
Full text searching available at: <http://www.tidbits.com/search/>
-------------------------------------------------------------------
