While completely practical (and probably wise), there’s something a bit sad about the fact that Barack Obama will more or less be forced to give up e-mail access upon his ascension to the Presidency. E-mail communication has, in many ways, completely supplanted telephone communication in the 21st century; to me, this would be like telling any of the 20th century Presidents that they had to give up the phones on their desks. It seems like there must be a way to figure this one out…

I frequently find myself attached to some public wifi hotspot trying to get work done, and while I try to make most of my connections via secure methods (e.g., all my email takes place over encrypted connections), most of my web surfing takes place in cleartext. Occasionally, I’ll read some weblog post about the various hosted VPN services and think that I should just use one of them, but never really get around to it. This week, I finally bit the bullet… but rather than subscribing to one of the services, I just set up my own VPN server at home to use.

I have a Linux machine in my home network, and I flirted with the idea of installing OpenVPN on it and using that as my server, but due to a few weird complexities in where that machine sits on my network, that wasn’t the most appetizing idea to me. It was then that I wondered whether someone had built a VMware virtual appliance with OpenVPN support, and it turns out that PhoneHome was just the ticket I was looking for. On my home Windows 2003 Server box, I started that puppy up in VMware Player; it took about a half-hour’s worth of tweaking to get it set up just perfectly for me, and another half-hour to get my home firewall (well, really a Cisco router with a detailed set of access rules) set up to play nicely with the server. Now, I have an easy-to-run, easy-to-connect-to VPN server that allows me to have a secure connection no matter where I am, and that just rocks.

One of the things I was worried about was that the VPN would massively slow down my network connection; between the bottleneck of encrypting all the tunneled traffic and the bottleneck of my home internet connection, I was pretty sure I’d be less than impressed with the speed of an always-on VPN. Surprisingly, the connection is pretty damn fast, though — I appear to have the full speed of my home T1 available to me.

speed test over VPN

If anyone’s interested, I’m happy to share details of the changes I made to the PhoneHome VMware appliance, and any other info you might want.

Because I run my own mail server, I’m able to watch for trends related to incoming email and crunch numbers on those that seem interesting. Today, listening to the voice which has been telling me for the past few weeks that spam feels to be on a major uptrend, I looked at the numbers of spam messages that have hit my own inbox. (Well, make that “tried to hit my own inbox,” since I’m also able to run a general spam filter whcih catches most of the unsolicited crap.) And that voice appears to be correct; over the past two months, I’ve received way more than double the number of spam emails than in any of the months in the first half of 2007. For example, I’ve received over 28,000 spams through today in November, compared to just under 12,000 in January.

spam trend, 2007

As always, stats can lie as much as they can reveal truth; I don’t know what my 2006 chart would have looked like, whether there’s always an uptick towards the later months of a calendar year, or any other such comparison information. Nonetheless, I figured this was interesting enough to share.

Oh, sweeeeet: Google Mail now has IMAP support. That makes me pretty happy, since I don’t use Gmail as my primary mail client, but get enough mail in the account to make it worth checking it every so often. Now, I can plug the account into my desktop mail client and it’ll be integrated into my normal email flow…

I’m starting to think that something about me — or about my Google Mail address, specifically — intersects with a group of people who might be among the dullest knives in the drawer. A week doesn’t go by where I don’t receive at least a dozen misaddressed emails to that account; we’re not talking about spam, but rather we’re talking about long, personal emails from someone who’s letting me know that they’re moving to a new house, or sharing the pictures of the party we ostensibly attended together a few days ago, or even my favorite repeat offender, a mother who is passing on the odd bit of news to all her kids. I get full screenplays emailed to me for proofreading, I get confidential legal documents for my review, I even received a set of robo-calling scripts from the Democratic Party of Virginia a few weeks ago. All of these are misaddressed, intended for some other individual with an GMail address similar to mine. I even get people mistyping their own email addresses into web forms, such as all the confirmation emails I received from American Airlines last week for another J. Levine’s flight to London, or the bunch of forwards I got from another J. Levine’s corporate account two weeks ago (forwards which included truly awesome legal letters between a mother and her sons, full of threats of disinheritance and ill will).

I used to get frustrated at all the misaddressed email I receive at my GMail account, but now I treat it as a surreal break from reality, a glimpse into the weirdness that gets passed along in email every day. Maybe I should put up a site with all the email, if for no other reason than to teach people that those long disclaimers they put at the end of their emails (“if you’ve received this in error, you must delete it immediately”, etc.) are meaningless.

Wow, does this Washington Post article make me feel old. The premise of the piece is that colleges now find it difficult to track down or get messages to their students, since most don’t have in-dorm telephones or voicemail and don’t check their college-issued email all that much. It’s a fact that I’ve now heard in different contexts a bunch of times over the past few months, and I feel like it’s the first concrete thing that makes me feel completely separated from today’s generation of young’uns.

I graduated from college just a hair over a decade ago, and during my four years, email went from mostly inaccessible to an essential staple of every student’s life. Talking to friends a few weekends ago, Shannon and I were stunned to learn that for most of today’s students, the term “checking email” has nothing to do with college email accounts, or even Gmail or Hotmail — instead, it means logging into Facebook or MySpace and reading your incoming messages. Similarly, while my university had digital phones with campus-wide voicemail in every dorm room (and used the system regularly to push out notices and information), a not-insignificant number of students at my alma mater today have never picked up their in-room phones, and actually don’t even know their own campus phone numbers. It’s amazing how fast things change.

That being said, these changes aren’t all that surprising, given that the fundamental roles of email and telephones have changed in college today. When I was in college, getting access to an email account wasn’t trivial; the free email services didn’t exist, the internet was new enough that setting up access to an email account was anything but trivial, and it took the infrastructure of colleges and reasonable-sized corporations to get most people into the fraternity of email users. Email was also novel enough that it was instantly appealing to college students, and there weren’t really any other options for talking to friends from back home (unless you wanted to pour money into your long-distance plan). Now, with instant messaging, social networking, and SMS-enabled cellphones, email is the least convenient of all the electronic communication methods available to college students (given the crushing amount of the erectile dysfunction spam, and what I’d imagine is an equally-crushing amount of college-related spam). Likewise, a decade ago, campuses used their functional monopoly power to satiate students’ need for phones in their dorm rooms, but today that monopoly is gone, and there’s little to recommend an in-room telephone when any student can get a cellphone for a lower price with more features and a more durable phone number. The rules of communication have changed, and it’d appear that colleges haven’t kept up… but it’d also appear that I’m getting old.

Ever since moving my life onto a Mac laptop, I’ve been using Apple’s Mail.app as my primary email application. In general, it’s a great program, but for someone like me who has a lot of email folders, it’s a bit irritating using its interface to move messages around — there’s a lot of scrolling of the folder sidebar involved, and no good way to shortcut that process. (Plug-ins like Mail Act-On get part of the way there, but are too specific to solve the more general problem.) Imagine my happiness, then, when I saw Adam Tow’s MsgFiler come across VersionTracker this afternoon… it’s the Mail.app plugin I’ve been dying for someone to write! Within two or three minutes of installing it, I paid the shareware fee and dropped Adam a note expressing my undying gratitude; if you’re as annoyed by Mail.app’s folder handling, I might recommend you do the same.

Update: Wow, that’s weird — two people who impress me on nearly a daily basis, Alex King and John Gruber, both feel the same way about MsgFiler!

This morning, I took a look at my mail server logs to see if yesterday’s changes had caused any unexpected issues, and I’m happy to say that all appears well. I also took a few minutes to analyze the logs a little bit, and here’s what the past 20 hours has brought:

don't send email to these accounts; they don't exist!
  • In 1,202 minutes, 16,605 messages were attempted to be delivered to nonexistent accounts on my server, for a rate of one message every four and a half seconds.
  • Those 16,605 messages were addressed to 915 unique (and still nonexistent!) email addresses.
  • By far, the queso.com address bore the brunt of this, with 759 of the addresses living there; no other domain had more than 60 or 70 false attempts.
  • The most popular fake email address is one that’s never existed, and doesn’t make much sense at all; it received 461 attempts. (The top 10 list is in the graphic to the right.)
  • As you’d expect, generic “webmaster” email addresses are popular, accounting for 225 of the attempts across all the domains I host; “postmaster” and “mail” are a lot less popular than you’d think.

All in all, I’m glad to have made the configuration change, and my mail server seems to be operating under quite a bit less load as a result.

There’s really no debate that despite all efforts to combat it, spam email continues to grow and thrive on the internet. Since I host my own email server (providing accounts for myself, my family, and a few friends), I’ve watched as gargantuan volumes of unsolicited email stream in over the wire, and I’ve had to keep up to speed on the latest and greatest spamfighting techniques in order to keep our mailboxes reasonably free of the nuisance. That being said, the whole system has always felt like a fragile beast, and when my spam system fails for even a few minutes, my inbox can get buried. (For example, a component of my filters got overloaded this morning for just over six minutes, and over 50 spam emails slipped through in that period.) So, for the past year, I’ve been hunting for ways to optimize my mail setup in order to lessen the load on the spam filters, and one specific way has eluded me until this morning. Being that I’ve actively searched for this very solution for over a year and not had success until today, I figured I’d describe what I did in case anyone else is looking for the same fix.

(Really, I shouldn’t have to tell you this, but what follows is an extremely detailed, low-level description of my mail setup and the innards of a spam filtering system. It’s dorky, and you probably won’t want to read the rest unless you’ve imbibed a good deal of caffeine and know your way around sendmail.)

Interesting: Google Apps for Your Domain. Veeerrrrrryyyy interesting. It’s hosted Gmail, chat, calendering, and web design all under the banner of your own domain name, all currently in beta-test mode. Unsurprisingly, Anil does a better job of reviewing the landscape than I’d ever be able to do.

Jonathan Corbet, the Grumpy Editor over at LWN.net, has a reasonably good review of the current offerings in the world of Bayesian spam email filters. His tests hinted that SpamAssassin remains difficult to beat in terms of accuracy, but that it’s still the slowest and most computing-intensive of all the solutions out there (in part because SpamAssassin does a lot more than just act as a Bayesian filter). It’s the system I run all my incoming mail through, but I definitely feel the processor crunch at times — and it’s definitely the kind of service I’d love to offload if there were a reasonable and inexpensive way to do so.

(For those of you who aren’t hip to the lingo of internet system administration, Bayesian spam filters are “trainable” applications that scan incoming email and make predictions about whether any given message is spam, predictions that are based in part on the content of prior legitimate and illegitimate messages to the same users. Back in 2002, Paul Graham wrote an article which posited that applying Bayesian probability theories to email might help alleviate the growing spam problem, and since then the notion has established itself as one of the cornerstones of email administration.)