Pobox Blog

How to ask questions to strangers, part 3

2010-03-12T18:05:00.006-05:00

Mark Dominus concludes his series of articles on how to send email to strangers asking for help. Read his previous entries about picking the right expert and using an informative subject.

In the past couple of articles, I covered the two most important rules of asking a stranger for help. There are also several minor-seeming mistakes you can make that will sink your chances of getting a reply.

Use correct spelling and grammar.

Yes, this is boring and tedious. And yes, I know you have heard it before. And yes, I know that only fussy old people care. But some of those people you are asking for help are as old and as fussy as I am. And some of those fussy old people will throw your message in the trash if it starts with:

i hope that u would be able to help me.

or ends with:

You wouldnt by any chance have any info on B+ & B* Trees would u ???

Maybe in another twenty years we'll write everything in SMS abbreviations. Until then, the fussy old folks like me will still be alive, and the writer of a line like these will appear to be either:
illiterate,

too lazy to press the three extra keys required to get it right, or

A GODDAMN JACKASS.

Excuse me, lost my patience there.

Related to this is that you should have your real name in the "From" line of the message, or at least a name that is not obviously a fake name. Seeing "Smoove B" in the header of a message is not going to help convince a stranger that you are worth emailing.

Don't make the recipient do any work.

Of course, to answer a question, the recipient will have to do the work of answering the question. But your aim is to make them do as little work as possible. For example, I once got a message with the subject "your article" asking me "What is meant by 'forkish'?" Huh? What article? Did I say "forkish"? How should I know what I meant?

I eventually dug up the article, which I had written several years earlier. If I had been a little busier that day, the question would have gone straight to the trash bin.
It would have been a big help if my correspondent had written something like this:

In your article "..." at URL http://... you said "Blah blah blah forkish." What did you mean by "forkish"?

Then I would have known right away what I had meant, or at least I would have been able to look at the article easily.

Experts are busy people. The more work you ask them to do, the less likely you are to get a response. Try to provide all the relevant information that you can. Don't ask them to look stuff up for you in books; say "I didn't understand this thing I looked up in a book. Does it mean X or Y?"

Don't appear impatient

I don't know about other people, but when I get a message that says something like one of these:

Please respond ASAP!

I need the answer right away!

This is very important.

I want to unleash a torrent of sarcasm. "Gosh, I'll be sure to clear my schedule to work on this important project for you!" You're asking a stranger to do a favor for you, so it's not appropriate for you to put conditions on when or how they do it. Here's that "forkish" example in full:

what does forkish mean? this is very important. thank you. please respond.

"This is very important" spoils the effect of "please" and "thank you". It says "please", but it doesn't mean "please". Some time ago, I tried rewriting that message in a form I would have liked better, and came up with:
Could you take a moment to explain what you meant by 'forkish' here?
I didn't notice until after I had written it that I had eliminated "please". But the rewrite communicated "please" anyway, whereas the original one didn't.
That's all the advice I have. Good luck writing to strangers!

Thanks, Mark! I recently took his advice, and wrote to some experts on one of my favorite topics... Pobox! I asked them for tips and tricks that they use that they would like to share with other Pobox customers. If you've got something that you think other customers would be interested in, just drop me an email to pobox@pobox.com with the subject "blog tip".

Pobox Best Practices: Changing ISPs

2010-02-26T16:33:00.008-05:00

We want you to get as much value as you can out of your Pobox account. Pobox Best Practices will share our methods for using Pobox features for common problems, tips and tricks from other customers, and the ways Pobox staffers use their accounts to manage their own email.

One of the most frequent tickets we see at Pobox Customer Service is, "Help! I just changed my email address, and now I can't log in to Pobox!" Ouch. But the bigger problem, as we see it when we're helping you, is that your Pobox account didn't make that seamless.

One of the best features of a Pobox address is the ability to change your forwarding address, whenever you want, without having to tell all your friends and contacts about your new address. Most people change where they read their mail every 2 years. (If you're sick of your current provider, you can always keep your mail at Pobox by upgrading to a Mailstore account.)

It's no big deal if you're switching between Yahoo and Gmail (or back again), because both addresses will stay open. But, if you're switching from Comcast to Verizon, your access to your Comcast mailbox gets cut off with your last bill. So, how can Pobox help smooth the transition, and make sure you don't lose any mail?

First, as soon as you get your new address, log in to Pobox, and add it as one of your forwarding addresses. (All Pobox accounts can forward mail to up to 5 places.) Don't wait until your current forwarding address goes away. In fact, don't even remove your current forwarding address from your Pobox account just yet.

Now, your mail is going to two places. Why? We know your email is important to you, so you'll want to makes sure your mail is actually arriving at your new address. You may not have the address you thought you did. (I once had a support agent over the phone set up my address as vanessa.canon@example.com, instead of vanessa.cannon... took 2 calls for them to figure out what was wrong.) Your password may be wrong, and so even though the mail is getting there, you can't log in to read it. No matter what the reason, losing access to email has been known to cause irritability, headaches, bloating and irrational behavior.

So, go ahead and send a test message, from your old account to your Pobox address. It should show up in both of your mailboxes. If it doesn't show up in the new address (and it isn't in a spam or junk mail folder), let us know. But this way, you still have access to your email while we work out any problems with your new address.

Also, if you keep old mail, like most people do, you'll probably want to move it to your new address. This is really easy if you're using an email program like Outlook or Mac Mail. Just set up a second account for your new address. Then, when both accounts are set up, just drag and drop the files from your old account, to your new one. Your email program will move everything for you in the background! If you have a lot of mail, don't shut down your computer. It could take a while for everything to get moved.

Once you know you have access to all your existing mail at your new address, kill that old account! Log in to Pobox and remove it as a forwarding address. Send a nasty cancellation letter. Go and leave a bag of your shredded old bills on their doorstep. They were hoping to lock you in with your email address, and they would have gotten away with it, too... if not for your meddling Pobox address!

How to ask questions to strangers, part 2

2010-02-19T16:40:00.001-05:00

Mark Dominus continues his series of articles on how to send email to strangers asking for help. Read the previous entry.

Last week, I told you the one big rule of asking email questions to strangers. This week, I'll discuss a smaller rule:

Use an informative Subject

We all get a lot of junk mail. We all throw away most of it. If the a message doesn't have an eye-catching subject, we may throw it away without opening it. And "eye-catching" here means "does not look like spam". Spammers are very stupid, and they have a very stupid idea of what sort of subjects will be eye-catching:
Please reply ASAP
Seeking your expertise
Help me!
READ THIS!!!!!!
You must be cleverer than a spammer. Just adding more exclamation marks is not clever enough. Good subjects in messages I have received and replied to are:
Question about apache module
Length of day question
how to optimize for speed
The key property here is that each subject contains something specific that makes clear what the message is actually about, and that it is something that might reasonably be directed to me, rather than to someone else, or to one million someone elses. Do you remember the important rule from last week? Experts want to be consulted in the area of their expertise. They do not want to be consulted about random garbage. If you can make clear in the subject line that you sought them out for specific knowledge that only they can provide, the expert is much more likely to read your message.

Here the subjects of some messages that I have sent to famous people that have received prompt and detailed replies:
Computing with lattices: An application of type classes
Hegelian Taco
Octopus anatomy
Each of these is good because it instantly tells the recipient two things. First, it tells them what the message will be about. "Hegelian Taco" may not mean anything to you, but it does mean something to the author of the paper about the Hegelian taco that I was asking for. And second, it tells the recipient that the message was intended for them, and for them alone. Anyone else might throw away a message titled "Hegelian taco" in puzzlement, but the author of the Hegelian taco paper is certain to read it, and that's all you care about.

Similarly, the "Computing with lattices" message was sent to the author of a paper with that title, asking for a copy of the paper, and "octopus anatomy" was sent to an octopus expert.

Once you've gotten the recipient to open and read your message, you still have to get them to answer it. I'll return in three weeks with an article about how to keep the expert from throwing away your message in disgust.

How to ask questions to strangers

2010-02-11T15:22:00.009-05:00

Pobox is proud to have several very active members of the open source community as staff or alumni, which means they get many questions about how their software works (and not just from me!) Today, Mark Jason Dominus, Perl expert, noted author and Pobox staffer, offers his thoughts on how to ask a good question.

I once emailed Dr. Mark Norman, one of the world's foremost experts on octopuses, to ask some questions about octopus anatomy. I once wrote to a well-known writer of computer programming books asking for advice on how to choose a publisher for my own book. I once bugged one of the inventors of the Unix operating system for information about the early technical details of Unix. Last month I wrote to a famous mathematician to ask for a copy of a paper he had written that was too old to be available on the web.

Maybe you're not interested in octopus anatomy or in digging up copies of obscure mathematics papers. But I know some of you are interested in emailing some sort of questions to well-known experts on something, because I'm a well-known expert on computer programing, I get email from strangers all the time, and I know I can't be the only one who does. Someone must be sending those messages. Maybe it was you.

Sometimes I'm really happy to get the messages, and I answer quickly and at length. Other times, I snort and throw the message away, or save it to chuckle over with my friends — or worse, I save it to ridicule in a blog post years later. Here are some easy rules to follow if you want to know how to send the first kind of email, the kind that gets a reply, and not the second.

The rules are pretty simple. Probably the biggest one is:

Pick the right expert for your question.

Only ask the expert questions about an area in which they actually have expertise. If you write to the octopus expert with a question about advanced mathematics, or to the mathematician for advice about octopus behavior, you'll look like a fool, a lunatic, or both. And even if the mathematician is feeling indulgent and is willing to help you, she can't, because she doesn't know the answer to your question anyway.

Does that seem obvious? About ten years ago I received this awesome specimen:

I am a student of Romance and Germanic philology faculty,
I am getting my Master's degree, so I have to write a thesis.
The theme I have chosen is "Lexico-grammatical peculiarities of
the language of constitution" I have to compare the UK(magna
karta)and US Constitution. . ... Will you provide me with the
information, or give a hint about those sources where I can read
about my topic?

I didn't bother replying to this message. I'm a computer programmer. What do I know about lexico-grammatical peculiarities?

But really, there was nothing wrong with the request itself; the only problem was that it was sent to the wrong person. Somewhere out there is a professor of linguistics who specializes in the study of legal documents. That professor would probably have been delighted to offer this poor schmuck some pointers.

People I meet often worry that the expert will be annoyed that a member of the general public is taking up their time. But if you observe this rule, you won't have to worry. I promise you that the expert on the history of knitting would love to get your email inquiring about the origin of the slip stitch. The education expert who wrote about penmanship education in last week's local paper will be thrilled to hear from you. People become experts because they are interested in their topics. Getting email from another interested person brightens their day. People write papers and articles because they want other people to read them attentively. Their great fear is that nobody is listening. Hearing from someone who not only read their article but who cared enough to follow up is a shining joy.

But even if you send your question to the right person, there are still a few ways to go wrong. Next week, I'll discuss some of the other mistakes people have made in asking me for help.

The Wonderful World of Emailed Reports

2010-02-05T19:53:00.002-05:00

I love Pobox spam protection, and I think it's wonderfully accurate. Still, I do identify with Ronald Reagan. Trust, but verify. And getting an emailed spam report every day makes that really easy.

The emailed report provides a list of all the messages the spam filters have picked up for my account since the last report 24 hours ago (approximately). You can get a report that includes both the messages we've held for you, and the sending addresses of everyone who's been bounced. But I use the Aggressive pre-set, so the only messages that are bounced are the ones that we're really confident were spam. So, I set my report to only include the held messages, which makes it easier to review (read: shorter.) The emailed report also has a "Mark This Report Reviewed" button, which lets you delete all the messages in that report, right from your Inbox!

Unfortunately for some users, if your ISP uses content filters (like Comcast), you may end up finding your emailed report in your Spam or Junk Mail folder. That makes sense -- it is a report full of the email addresses and subjects of spam! While having a list is great, some people also just like having a daily reminder to go have a look at the spam we've picked up. So, we're testing out an emailed summary report. It doesn't have a list of all the messages, just a note about how many messages we've picked up, and a button to go check it out on the web. If you'd like to be part of our tester group, just contact Customer Support, and tell us that you want to switch your emailed reports to the summary version!

If you want to keep an up-to-the-minute eye on your spam, you can also get an RSS feed of your messages! That's customized per-person, so I can't give you a link, but head over to the Spam section if you want to grab one. The feeds are customized per view, so you can subscribe to just the view you want to see.

And, of course, some people are happy just knowing the Spam section is there if they need it, but don't need to be reminded just how many people in the world want to sell them a degree. (Only 10 this month, thank you!) If that's you, you can turn off your emailed reports at any time. Please don't report them as spam. That can cause your ISP to think they are spam, and other Pobox customers who do want them may not see them.

Signing off from snowy Philadelphia -- I hope all of you East Coast residents stay warm!

It's time to say goodbye to IE6.

2010-01-29T17:21:00.005-05:00

It can be hard to say goodbye to something familiar. A favorite toy, an old coat, a well-used picnic blanket... they all hold fond memories. But if Internet Eplorer 6 were an old coat, it would be a flammable polyester one infested with bugs, that was secretly giving you a rash every time you wore it. It's time to say goodbye to IE6.

The security breach at Google, amongst other locations, targeted computers that have IE6 installed, because they have so many security vulnerablities. IE6 is notoriously HTML non-compliant, so web pages can look substantially different on IE6 than they do on modern web browsers. (Test your browser, to see how standards compliant it is!) Because of its non-compliance and limitations, more and more companies are refusing to support IE6 browsers, including Google Apps, and more and more organizations are pushing people to upgrade, like the German Government.

IE8 is not perfect, and still has security vulnerabilities that are being discovered. But it is light years better. Like most modern browsers, it will warn you about phishing attempts, which protects not only from computer viruses, but also identity theft, and even the possibility of giving hackers access to your bank account.

If you have a custom application that requires the use of IE6, it may not be possible for you to upgrade your version of IE. If that's the case, please download Firefox, and use it whenever you are not using the custom application. The security holes in IE6 may mean that you are compromising all the data on your computer, or that spammers are using your computer (and your Pobox account!) to send spam and viruses, if you continue to use it for your daily browsing.

Nearly 90% of Pobox customers have already made the switch. We hope that you guys will spread the good word to friends and family members you might see using IE6, or even do them a favor, and help them upgrade their computer! For the last 10%, it's time to make the switch.

Yes, Jenn, I'm talking to you.

New Feature: Spam to Report folder

2010-01-22T17:35:00.004-05:00

Mailstore customers have an easy new tool for reporting spam directly from their email program!

We've added a "Spam to Report" folder to all Mailstore accounts. (If you don't see it, you may need to resynchronize your account, or quit your email program, then reopen it.) To report a message as spam, just drag or save it to that folder. Our spam reporter checks those folders for spam regularly. When it finds a message, it is sent to Cloudmark as a spam report, and deleted from your account.

Cloudmark analyzes the message content, to find elements that may have come from different email addresses or locations, but that have all been reported as spam. All Pobox accounts run the Cloudmark spam filter, unless you're an old custom user who hasn't upgraded to Pobox Recommendations. So, submissions to Cloudmark work to improve filters that are automatically applied to your account!

Webmail users have been able to report messages as spam for some time, and we are very pleased to be able to extend this feature to all Mailstore customers, regardless of where they are reading their messages.

In order to take advantage of "Spam to Report", your Mailstore account must be using IMAP. That's because only IMAP synchronizes changes you make on your computer with our server. POP3 accounts could put mail in the Spam to Report folder, but we would never see those messages when the reporter ran, because they would only be on your computer. If you need to switch your account to IMAP, you can find instructions in the Help section.

Where in the World is Carmen Spamdiego?

2010-01-14T18:52:00.005-05:00

Spam comes from all over the world. But, like the future, it's not evenly distributed. According to a 2009 security report by Cisco (pdf), the top geographic producers of spam, in trillions of messages per year, are:

Brazil: 7.7
USA: 6.6
India: 3.6
South Korea: 3.1
Turkey: 2.6
Vietnam: 2.5
China: 2.4
Poland: 2.4
Russia: 2.3
Argentina: 1.5

Tired of getting spam that's traveled around the world to reach you? Pobox offers geographic-based filters that lets you block mail from specific countries, or whole continents! They will block all mail from that country or continent, so don't block mail from Europe if you've got a pen pal in Poland or a grandma in Germany. But if your only encounter with South America is eating brazil nuts, you might take a big bite out of your spam by blocking that mail.

"Where's Nigeria?" you might ask, examining this list. Nigeria and other places are the source of many, many email scams, which have been going on much longer than you might suspect. Sometimes known as 419 scams, these are the messages you receive promising you untold millions for a small measure of assistance. There's actually a human being at the other end of these messages, as a story of trickster vs. trickster on This American Life showed. So, the volume tends to be smaller than the bot and zombie-driven traffic of other countries.

Do you represent part of the 6.6 trillion messages coming out of the US this year? OK, you don't if you live anywhere else, but are you part of your country's spam output? Infected PCs are one of the major sources of spam worldwide. Running up-to-date anti-virus software (or avoiding a virus in the first place) is the best way to make sure you're not part of the problem. "But, Vanessa, anti-virus software is so expensive!" Not so, my friends. Immunet is now offering free anti-virus software, so go download it today.

Security Changes at Pobox

2009-11-16T10:10:00.001-05:00

We are rolling out some new security procedures here at Pobox, to help protect you from unauthorized access, but also to alert you if it should happen.

This week's changes are in 3 areas. First, we have added email alerts. Updates to your forwarding addresses, password or security question will all trigger an email notification. In the case of forwarding address changes, the notification will be sent to all old forwarding addresses, as well as the ones that have been added.

Should someone make changes to these elements of your account, for any reason, we'll send an email "receipt" of the action. This can be for innocuous reasons (if you and your spouse share a computer, they may simply not realize that you are logged in to your account, and make updates) or by malicious intent. Either way, the sooner you become aware of a change made to your account, the faster it can be fixed.

The second change is designed to make it harder for an unauthorized person to "verify" themselves with Pobox Customer Service. We have switched from a series of questions, to a multi-point security confirmation. Questions must be answered correctly in multiple categories to receive a password reset URL at a new address. (Password reset requests will always be sent to the current forwarding address as well.)

We encourage you to go update your contact information immediately. We rarely use your contact information (and we never give any other companies or groups access to it), but it is used as one of the elements in our new multi-point verification process. Plus, in a worst case scenario, we can use it to contact you immediately for an emergency with your account.

Please also check and update your security question. Your security question should be something that is hard to guess or find out, but something that doesn't change. "Who was my favorite teacher in elementary school?" is a good question. "What was my first concert?" is a good question. "How many licks does it take to get to the center of a Tootsie Pop?" is a bad question because you could guess the answer. "My nickname" is a bad question (unless no one really uses it) because anyone who knew you would know it.

Finally, we are making changes to the way your Pobox login sessions work. This may mean that you will be prompted to enter your password somewhat more frequently than you have been in the past.

These changes are being made for the security and protection of your accounts. We appreciate your understanding about the changes, and we hope that you will find them to be valuable improvements to your account!

How and Why Downtimes are Scheduled at Pobox

2009-10-30T18:13:00.003-04:00

Very early next Tuesday morning (or late Monday night for you night owls), Pobox has a Mailstore downtime scheduled from midnight to 4 AM (which is a really long outage for us!) I asked our Operations Head, Bryan Allen, to explain a little bit about downtimes, including the many, many changes that don't require downtimes, as well as what kinds of changes do.

Here at Pobox we try to minimize outages. In fact, we kind of have a thing about it. We keep the spice flowing, and we try to ensure you can access your mail. Periodically, we generate planned outages for software or hardware upgrades.

The vast majority of the Pobox service infrastructure is redundant and to an extent, self-healing; it requires no human interaction when badness occurs. The rest is replicated but requires manual intervention for failover. The core databases are an example of that: We have failover replicas, and we can fail over to any one of them within minutes with a minimum of service impact and no performance degradation once the failover has finished.

Our software upgrades are relatively benign these days. We push new Perl code to production several times a week, and we patch our operating systems regularly (thanks to the magic of Solaris LiveUpgrade, this would create an outage of a few minutes if most services weren't already redundant), and so on. We very, very rarely have service outages that are caused by core software.

On rare occasion (especially in the last several years), we'll hit an unplanned outage on a unique service. Those are Big Fires, and there's only one goal there: To fix the problem and restore service. Hardware outages, simply due to intrinsic orneriness, are harder to both plan for and recover from. Sometimes bugs can generate an outage: Recently a bug in the Mailstore authentication code made it so new clients could not authenticate and access their mail. That was a regression, and the fix was trivial.

Conversely, a planned outage is a declaration of intent: It says we are going to create an interruption of service some some specific, defined reason. At times, the intention is to avoid an unplanned outage (a fire) at some point in the future. Usually, it's to improve the service in some way.

Tuesday's outage is for a relatively major hardware upgrade.

The X4100 M2s running the Mailstore storage are somewhat older dual-core Opterons. We haven't quite hit the wall for their CPU running Mailstore, but we can see the dust on the horizon. Very early Tuesday morning, we're going to be swapping the X4100s out for X4150s (dual quad-core Xeons). That change alone will see us through for quite a long time. In addition to faster CPU and bus, however, the X4150s can take double the RAM (doubling the filesystem cache) and have 8 SAS bays (four free, currently, per-system). This will let us a build a Hybrid Storage Pool, redirecting the filesystem journal writes to an write-optmized SDD, and building an L2 filesystem cache on a read-optimized SSD. To put it very mildly: Zoom. In the future we'll want a way to upgrade the storage head nodes without taking the service offline, but currently the architecture doesn't allow for it.

In addition to snapshots (which we utilize for data recovery and streaming replication), ZFS comes with built-in compression. The bottleneck for disk access, is well, spinning rust. Regardless of the speed of the disks you use, and the size of the your filesystem cache (which is currently 16GB for Mailstore), you still have to retrieve bits from a platter. And that's slow. So why is compression a good thing? Won't compressing files consume CPU? Isn't CPU still a valuable resource? It is, but these days your fileservers CPUs are likely to be sitting relatively idle, while their disks are thrashing. If you compress the bits you write to disk, you have less to read and write, and get far more I/O per second, basically for free.

(Back when we first refactored the discards storage system, it was taking forever to write the user indexes to disk. Enabling compression increased performance by at least threefold.)

For this upgrade, the vast majority of work can be done before the maintenance window even starts. We use Puppet from Reductive Labs to manage our systems, and we encapsulate services in Solaris Zones. Put that together, and you have the ability to quickly provision services on new hardware without actually doing any work. So the new zones are all already running and configured, just waiting for the storage pools to be mounted. It really is as easy as it sounds.

Regardless of how easy it sounds, for every outage you want a pullback plan. If your upgrade totally fails for some reason, you want the ability to just put things back the way they were. In this case, the plan is: Plug the hardware into the old box.

We scheduled this window for four hours because I'm paranoid. You'll see this a lot when any business is updating a core piece of infrastructure. When our datacenters are updating their routers, they announce a six hour window where connectivity may flap. You may have noticed that our connectivity does not actually flap regularly, because they're pushing out updates they've tested in their labs already, and are reasonably sure everything will be full of joy. Badness does occur, though, and when it does it has a very bad habit of avalanching. So you want a defined window to try to resolve the problem and still complete your task, before you have to give up, put the old pieces back into place, and try again another day.

To recap the services that will be affected by this downtime, Mailstore customers will not be able to access webmail, their Mailstore folders or receive new mail to their Mailstore Inbox during the outage window. If you are a Mailstore customer, and also forward your mail to another address, your forwarded copy will be delivered throughout the outage without delay. You will also be able to send mail. If you are an IMAP user, and keep a local copy of your mail on your computer, you will be able to read your local copies, and any changes you make (deleting, moving messages, etc.) will be synced to Mailstore when the downtime ends.

We apologize for any inconvenience this may cause, and Bryan did ask me to tell you that, if everything goes smoothly, the downtime will be much shorter than the scheduled window. He just doesn't like to bank on that.

Sharing Files: Alternatives to Attachments

2009-10-15T17:33:00.004-04:00

Fun fact: email is not a file transfer protocol. When you use it to send files around, weird (and sometimes bad) stuff happens. Attachments can contain viruses. They take a lot of bandwidth to send (especially if you're CCing them to a lot of people), and that means that everything is slow, and that makes admins suspicious. (Sure, they're a suspicious lot by nature, but they make the Internet go, so we try not to make them mad as a rule.)

But, for a lot of people, attaching a file to an email is the only way they know to send a file to someone else. How else can you get a file to someone besides email?

The very best way to transfer a file is to open a connection directly from the computer that has it, to the computer that wants it. That way, only the two computers that need to handle it do, by talking directly to each other. (When you email a file, three, four or maybe more different computers will handle that message.)

If you're talking to someone on IM, you may not realize it, but you're already using one of the easiest file transfer mechanisms around! Just drop the file you want to share into your chat, and you'll immediately prompt them to start downloading the file from you. It works for pictures, music, Word documents, even short movies. Drag-and-drop!

But, what if you aren't both online at the same time? Well, there are still plenty of options out there.

As digital cameras become more and more sophisticated, even emailing pictures can generate huge messages. Using one of the photo sharing services or social networking sites, like Flickr, Picasa, Kodak Gallery, Snapfish or Facebook, means you get access to their handy tools (like ordering prints!) It also means that the people who you're sharing photos with have an easy place to see all your pictures over time (so that adorable picture from last Thanksgiving can be looked at again when you email them a link to this year's pumpkin pictures.) With an extensive range of privacy options, it's also really easy to make sure people have to log in with a password to see your pictures.

Just want to share some regular old files? Apple's iDisk or Joyent's BingoDisk let you share files publicly or privately (and provide an off-site backup, should your computer fail.) A third option, Dropbox, even provides 2GB of free storage to anyone who sets up an account -- plenty for any basic file-sharing you may need to do.

There are other benefits to sharing this way, too. It's easier to make changes, and know that someone is looking at or downloading your most up-to-date version. Some sites will provide you with statistics, so you can see how often a file is being looked at.

Know other easy, non-email ways to share files? Leave a comment!

Email Etiquette: a background picture is worth a thousand groans

2009-09-25T14:13:00.005-04:00

Email Etiquette is a series of blog posts that was nearly titled "Things you've tried to tell your family a million times, and have gotten tired of repeating." Have an email pet peeve that you'd like to see in a future blog post? Send an email to pobox@pobox.com or leave a comment!

Once upon a time, my mother got an email program that had clip art built in. For a period of several months, no message was too large or small to go unembellished with clip art. Failing to find any clip art in her collection that would suit her message content, she could always just fall back to a picture of a cannon.

By and large, email is still a medium that values content over style, at least when you hear from a human and not a company. But, from time to time, we still get that message with pink text on a paisley tiled image background. So, here are Pobox's tips for maximum email enjoyment for all.

Sending images in your messages is great. Grandparents the world over love receiving pictures of their grandbabies. Images are less great the more people you send them to, though. (If you want to spread pictures far and wide, put them on Flickr.) Background pictures, by virtue of going out on every email you send, are thus the worst offenders of the email world. Save background images for your web pages.

When considering your email text, think of it this way. Every email you send is asking someone for something, even if it is only, "Please read this message." When you ask someone for a favor, you want to make it easy for them to do it. So, choose a clear, easy-to-read font, preferably at least 12 pixels large (10 is ok for print, but too small for the screen.) Black text is the easiest to read in a variety of formats. If you need to add color, it should be an accent, like in your signature, not for the whole message text.

What are your email formatting pet peeves?

Keeping Tabs on Released Messages

2009-09-21T13:24:00.000-04:00

Since we began holding messages we caught as spam (many, many years ago now!), a frequent question has been, "Where is the message I released?" To help answer this question, we have added Delivery Status to the Released Messages page. We hope this will help give a little insight about what's happening behind the scenes!

To view Delivery Status, just click "Edit Columns on the Released Messages page, and check "Delivery Status". There are 3 possible states we display: Bounced, Queued or Sent.

If a message is marked Bounced, we tried to deliver it to the address you selected, and it was rejected by your ISP. This could be due to an overfull mailbox, or a problem with your account. If your release bounced, other messages may also be bouncing, so we recommend adding another forwarding address where we can send your messages, and then re-releasing the message. If your other mail is not bouncing, it's possible that the message you're releasing is actually a phishing attempt or virus, and your ISP is rejecting that message, to protect you from a dangerous email.

If a message is marked Queued, it means that Pobox has it flagged for release, but the release hasn't been processed yet. In order to keep the Spam system running smoothly, releases are processed in a batch. But if you have a message that's been marked Queued for more than 20 minutes, please email Customer Support and let us know, and we'll do what we can to get it released, pronto!

A message marked Sent means that your message is being sent. This is what you should nearly always see. However, this is actually the most common "missing" group!

In most cases, the message characteristics that caused us to think the message was spam also caused your ISP to think the message is spam. Usually, these messages can be found in your ISP's Junk Mail or Spam folder. If they aren't, we recommend emailing your ISP and asking them to locate the missing message. If you also add the "Released Time" column to your Released Messages page, you can see what time we sent you the message.

Another reason why a message marked Sent might go missing is if you have multiple forwarding addresses on your account, and you released the message to one other than the one you're checking. In that case, the simplest thing to do is just release the message again.

Released mail is usually delivered immediately, because there's such a small number of messages sent out from those servers. However, from time to time, mail has been backed up by someone releasing a large amount of spam. In those cases, we have seen messages to other users at that ISP get deferred (or temporarily rejected, with a request to retry delivery later.) This is the major reason that we monitor releases; releasing spam can cause other people's legitimate mail to be delayed.

We hope that you'll find this additional little piece of information about Released Messages useful!

Zombies walk the Internet: Today's Pobox mail delay

2009-09-04T16:53:00.003-04:00

This morning, Pobox mail saw processing and forwarding delays. Most messages were delayed no more than 10 or 20 minutes, but we did get reports of a few messages taking an hour or more to be delivered to their final destination. In general, we try to keep delays for your mail to under 5 minutes; most messages are handled within seconds.

Today's delay was caused by a huge surge in traffic, that we've actually been dealing with for over a week, from a botnet. Botnets are massive numbers of computers (also known as zombies), typically people's virus-infected home computers, controlled by remote software for nefarious purposes. Some estimates say as many as one in 4 personal computers connected to the Internet are running botnet software.

This software can be used for different purposes. In our case, the botnet is being used to send spam. They are also commonly used for denial-of-service attacks, where huge amounts of traffic are targeted at servers or a company, with the goal of effectively blocking all legitimate traffic; or behind phishing attacks, where credit card or bank information is collected.

We are making a number of network and security changes to deal with this ongoing attack. There will be a series of brief outages this evening for the website, webmail, outbound SMTP and POP3/IMAP services, as we make upgrades and networking changes to prevent further delays.

Running a PC at home? Make sure that you have up-to-date anti-virus software, and run it regularly. Using a home firewall is also a good preventative step from keeping your computer from being used as part of a botnet. If you're running a Mac, you're probably safe. Thus far, there seems to have only been one Mac botnet, and it came from people downloading "shared" copies of iWork '09 and Photoshop CS4.

What your email sign-off says about you

2009-08-11T18:13:00.006-04:00

An email sign-off can be seen as warm, affectionate (or overly affectionate!), cold, a brush-off, or just plain odd.

In July, the Edelman public relations firm's in-house research team conducted an online survey where people could write their own responses to the following questions:

Thinking about business e-mails that you write, which one closing do you typically use before signing your name?

Sincerely: 25 percent
Thank you/Thank you for your time: 20 percent
No sign-off: 17 percent
Thanks/Thanks again/Many thanks: 7 percent
Regards (or some variant): 5 percent
Name/E-mail/Job Title: 3 percent

Thinking about personal e-mails that you write, which one closing do you typically use before signing your name?

Love you/Love & hugs/Hugs: 25 percent
No sign-off: 18 percent
Thanks/Thanks again/Many thanks: 8 percent
Name/E-mail/Job title: 7 percent
Sincerely: 5 percent
Thank you/Thank you for your time: 4 percent

The Washington Post article (reprinted in the Monterey Herald) interviewed many celebrities about their sign-offs. But, even better, the author did an online chat where she addressed reader questions about sign-offs!

Since 1995, Pobox Customer Service has used "Cheers" as its salutation, and many of us have ended up using it on our personal mail, too. Founder (and Commonwealth citizen) Meng Weng Wong was also the company's very first customer service agent, and that little briticism has stuck with us since those days. Here's what she had to say to the readers who inquired about "Cheers":

Portland, Oregon: I think that it was my time living in London, but for me I generally sign off with "Cheers." It tends to bring a chuckle/smile and is appropriate to a colleage and to a friend. Minimizes the likelihood of screwing up. :-)

Cheers! Portland, Oregon

Ruth McCann: Craig Brownstein (PR guy quoted in the article) said "Cheers!" has been rebuffed by some of his clients as being "Too PR-y," so keep that in mind. But otherwise, by virtue of its--well--cheeriness, it's a sterling choice! (Unless you're afraid of being read as an over-eager anglophile. But I mean really, why must we read into everything? Jane Austen, and indeed Lizzy Bennett, would do well here...)

_______________________

Signing off: I like "Thanks," but I sometimes use "Cheers," if there's nothing in the e-mail that needs thanking. Am I pretentious?

Ruth McCann: When I have a correspondent who's a "Cheers" user, I always wait on my little tenterhooks to see if that person actually says "Cheers" in person. And sometimes... they do! So I know it's genuine. But man, "Cheers" is an awkward word to say in person. I mean, it just sounds odd. Try it. Someone hands you a sandwich, and you say "Cheers!" Just like... Ron Weasley!

If it's at all comforting, none of my myriad sources said they found "Cheers!" pretentious. So sleep easy.

How do you sign your emails? What does your sign-off say to your correspondents? Does Pobox Customer Service remind you of Ron Weasley when you correspond with them?

Pobox: In love with logos since 1995!

2009-07-08T17:57:00.036-04:00

After the last few posts talking about the modern times of email, I got a little nostalgic for the old days, and I took a walk down Pobox's own memory lane of logos. I also roped Louis Clotman, our graphic designer, into commenting on each logo with a professional's eye.

The original Pobox logo! I remember the thrill I got when I saw this appear in Wired magazine's May 1995 issue. The logo that was born with the service would stay in use until 1998, and was created by Pobox founder Meng Weng Wong.

Louis said: Nice job, Meng. Simple and to the point.

From 1998 to 2004, we asked, "why chase your email, when it can chase you?" From the time when frames were the cutting edge of web design, to the time when the use of frames marked your website as badly in need of an update, this was the Pobox logo (and the jumping-off point for our sister service, Listbox.com, logo redesign, too.)

Louis said: Many email services combine the mailbox metaphor with a computer screen in their logo. I actually like this one. We had dropped the www from our logotype at this point, and the use of yellow added some much-needed color.

As we approached our 10 year anniversary, we changed our tagline to better show our devotion to all things email, and also to highlight our longevity. What's the point of a lifetime email address if the service you're using is only 9 months old? This era did have a "logo" of sorts, but the heart became emblematic of all things Pobox.

Louis said: Trajan was our logo typeface, which contrasted nicely with the sans serif on the rest of our homepage. If I had to select a logo from the past to refresh and reintroduce, it would probably be this one. It's simple and classy.

And finally, the modern logo, which took that heart, and stamped it onto the icy world of email. It has stood through 2 different eras: the age of bicycles, and the age of philately.

Louis said: This was the first logo I got to design, and it took weeks of trial and error to get it right. We distilled the heart down to a frosty block and simultaneously arrived at "Pobox Blue" as our signature color, which you'll recognize from the webmail user interface and the color of some of our links. Avenir has become our house typeface, and it combines with the logo to create a nice, clean effect.

This logo is also great for situational tweaks. So, for your amusement, some variants of the Pobox logo: the technical staff in-house logo (designed by friend of Pobox Dan Hinder), the "zombie" logo and the greenscreen logo (for various email-related talks given by Pobox staffers.)

As one of the first pre-launch testers, my pobox.com email address is turning 15 this fall, and I remember the endless discussions that preceded each one of these logo changes. But one thing hasn't changed over all those years -- our true-blue love for all things email!

Modern Times: Reload Relief with RSS

2009-06-19T17:28:00.003-04:00

Back in the day, if you liked a site, and you wanted to make sure you saw all their articles, you would add it to your Bookmarks, or maybe even make it your Home page in your browser, and check back regularly. Today, you would just add it to your RSS reader instead. (In fact, most web browsers will even double as RSS readers for you.)

RSS (Really Simple Syndication) is part of almost every major website. You'll see it denoted with the icon The idea is like a magazine subscription. Instead of going to the newstand (website) to get your content, the content is sent to your mailbox (RSS reader) whenever it is updated.

This is this handy for the obvious places, like news websites like CNN or the New York Times. It's fantastic for things like friends' blogs, which don't necessarily get updated all the time. And, once you start using it, you'll notice that it's integrated into lots of sites. Flickr lets you add your friends' photo streams, so you'll get new entries every time they post pictures. Farecast (aka Bing Travel, apparently) lets you use it to track airline fares. Google will update your feed every time it scans a page with your name on it (or any other piece of text you're tracking.) Can't remember when your favorite webcomic updates? You can get a feed. And, of course, Pobox will give you a feed of all your spam (or just the results of one of your views, if you prefer.)

It's easy to get started, too! There are desktop programs like Feed Demon and NetNewsWire. I prefer web-based programs like Google Reader or Bloglines, because then they're up-to-date on any computer (or iPhone) I use. Most programs will let you paste in the URL of a site you like, and then they'll scan the site for feeds. Other sites will just present buttons that automatically add their feeds to common feed readers.

It seems at first, that you're just replacing one website with another. But as you add more and more feeds into your reader, and you stop losing track of blogs, pictures, news and sites that you enjoy, you'll wonder how you ever lived without RSS. With RSS, rather than chasing content across the Internet, let it come to you.

Modern Times: Make it IMAP!

2009-06-15T14:28:00.011-04:00

At the Pobox Customer Service desk, some days feel like a walk down Internet memory lane. Email programs, unlike web browsers, are things you can avoid updating for years and years, without losing functionality. We still get questions about Pegasus and Eudora (both unsupported, sadly), even though neither of them have been under active development for about 3 years. So, unsurprisingly, lots of people still use POP.

I'm here to tell you, you want to make the switch to IMAP. POP was designed to download your messages to the place you were reading mail, every time you read it. (Doing anything else is basically just a hack.) IMAP was always designed to store your messages on the server. You can tell your local mail program to cache a copy of everything, but a copy is on the server, too. Why do you want your email "in the cloud"?

If you read your email in more than one place (like webmail and an email program, or your desktop and your cell phone, or your work computer and your home computer), then IMAP is an absolute must-have. POP has a "leave on server" option, which is designed to mimic IMAP, so you can read webmail. But this is a hack, and sometimes it means you end up with duplicate copies in your mailbox, because something loses track of whether a message has already been downloaded. IMAP's initial design was for messages to stay on the server, and be read from multiple places.

If you've ever had a computer crash, you'll immediately see the benefit of using IMAP. See, when you store your mail on our servers (or, hopefully, any ISP's), we're using computers that are designed to prevent failure and data loss. The mailbox you're using is running on redundant hardware, so that if one part of it fails, we can fix it without losing anything, and we're making backups, too. Your home computer has a single hard drive, and maybe you're making backups (you should), but maybe you're not. If it fails, and you're using POP, there goes all your mail. Data recovery is really expensive, and, well, most people just cry and say goodbye to their email. If you're using IMAP, though, just go get that hard drive replaced, and when you come back and set up your email program again, you'll see your mailbox refilling with all your old mail. Technology is a beautiful thing sometimes.

Finally, IMAP can be set up to store all your folders on the server. POP is for your Inbox only, even if you tell it to leave your mail on the server.

Pobox Mailstore accounts include 10GB of storage, so add the power of IMAP to your account today. If you're a current Mailstore customer, all our setup instructions are for IMAP, so check them out if you want to see if you're set up correctly.

Protecting Your Reputation: How Blocking Spam Helps Your Mail Get Delivered

2009-05-28T18:53:00.005-04:00

Many years in the past, it was possible to set your Pobox account to not do any spam filtering, at all. As much time and effort as we put into having fantastic spam protection, we knew that some people would rather wade through heaps of junk mail to be sure they didn't miss anything.

Oh, how the times have changed! Today, more than 90% of the mail received is spam, and total spam volume grows by leaps and bounds every month. A few years ago, Pobox servers were blocked from delivering mail to Comcast, as they said we were delivering too much spam. After more analysis, the problem was traced to fewer than 3% of our customers forwarding to Comcast, who weren't using spam filtering. At that point, we no longer allowed accounts to turn off their spam filters, but we didn't require people currently going without to turn it on.

Well, Comcast represented the wave of the future. In the last several months, Yahoo, Gmail and more have been getting more aggressive with legitimate email providers, insisting that the total amount of spam coming through be throttled, or we would face the possibility of getting blocked. As such, existing accounts without spam filters have been being converted to our weak spam filters weekly.

Even weak spam filters do a lot! We estimate that they catch over 70% of all spam, and are wrong once in every 10,000 messages. But don't stop there -- trade up! Standard filters catch over 85% of all spam, and only misidentify 1 in 1350 messages. Aggressive filters (which is what I use) catch 95% of all spam, and, even better, bounce the messages from the super-accurate filters, which means I only review about a tenth of all the spam I receive (hundreds a day -- I've had my address since 1994!) And, if you send your email out through Pobox, we auto-build your Trusted Sender list for you, so you further reduce the chances of mail from one of your legitimate correspondents getting caught. (Our slider help page details all these numbers, too.)

Even better, when we released the new recommendations, we updated what we meant by them. The old Standard and Aggressive preset groups were static lists of specific conditions. The new Pobox recommendations have statistic-based averages to define aggressiveness, and conditions can be moved to new preset groups if their individual stats stray beyond their categories' acceptable numbers. This way, your preset group's level of protection stays consistent, even as the spamming world turns and wobbles.

Since we began the process of adding spam protection for unfiltered accounts, we've seen an almost 5% drop in the amount of spam forwarded on to other services. (In the anti-spam world, that is HUGE -- if 10% of your total mail volume from a source is spam, you start thinking about blocking.) As we finish this transition, we hope to reduce the amount of spam forwarded by another few percent.

For our affected customers, thank you for your understanding on this policy change. As the anti-spam universe moves, sometimes old policies have to be updated. For all our other customers, please feel free to contact us for recommendations if you feel like you're getting too much spam; we'd love to help you customize your settings!

-----

Fun fact: Pobox customers receive 39% less mail over the weekends, but only 9% less spam. I guess spammers love their work!

All About Email: Why can't I always send messages?

2009-05-13T17:02:00.004-04:00

You may sometimes find that you can't send mail from home computer or workstation at the office. Or, if you have a laptop, you can send messages from your office or an Internet cafe, but you can't send them from home. What causes these problems sending mail? In many cases, it's actually your ISP blocking you!

Bryan Allen, Pobox Operations Head, is back with a look into the spam-fighting world, and how it can spill into your world, blocking your attempts to send mail.

In the last decade, the spam industry has garnered most of its resources through compromising and controlling your standard home PC. Most home PCs are not kept up-to-date by their owners (software updates are frequently made to fix security problems), aren't secured from network connections in any way, and are thus easy targets for takeover by spammers.

A computer being controlled in this manner is called a zombie, or bot. When an individual or group controls enough machines (almost always without the owners' knowledge), you may hear it referred to as a "botnet."

In the old days of the Wild West Internet, nefarious computer enthusiasts would utilize botnets to stage attacks against servers they didn't like, or each other. Nowadays, spamming is big money (it is, in every sense, an industry), so that's what most bots end up being used for.

Sending spam in volume is extremely problematic for ISPs and other providers. Bandwidth costs money, other users trying to utilize the network resources being consumed by bots relaying spam are impacted, and the provider's reputation is hurt, so it is more difficult for them to send legitimate mail to other service providers.

To try to prevent spammers from abusing their networks, network administrators will block outbound mail to everywhere except their own outbound mail servers. This way, they can control the total amount of mail you're sending, and verify using their own antispam that your mail isn't spam -- before it leaves their network.

Mail is sent using the Simple Message Transfer Protocol (SMTP), which is run across TCP port 25. So when network admins block mail, they're actually dropping any outbound connections to port 25.

The Pobox SMTP servers require customers to authenticate using their Pobox account. We also run our own antispam suite against any mail going out through our servers, and we limit the number of messages that can be sent over a given period of time. We do all of this for the same reason ISPs do: To protect our IP reputation and ensure we can always send legitimate mail to other providers.

Given that we take care in relaying customer mail in this manner (and that there are a few antispam features we provide that require mail be relayed through our servers), we provide extra ports to work around ISPs blocking the default SMTP port out of their network. Those are defined in our help section.

So while it can be something of an inconvenience to have to do some extra configuration in your mail client to send mail through us, your ISP has some very good reasons for blocking that traffic at their border.

As an aside, the outbound SMTP block is very similar to another issue which was very common about a decade ago. There were a swath of vulnerabilities in the NetBIOS/CIFS/SMB services on the Windows platform, and to stop systems getting infected, most providers and institutions blocked inbound and outbound traffic to those services. Those ports are still blocked everywhere, as those services are still common vectors for attack. For instance, the Conficker worm, which has gotten a lot of press recently, uses them.

Once a vulnerability is identified, it is almost always going to be abused by someone as long as the platform or service continues to exist. For certain platforms, even N iterations and years down the line, problematic services will continue to be problematic. Nothing on the Internet ever dies. Spammer botnets and blocked outbound port 25 are here to stay.

Thanks, Bryan!

----

Network admins try to fight email crimes. Now the Detroit police is trying to use email to fight real-world crimes.

What if "This is spam" really isn't?

2009-05-05T16:44:00.006-04:00

Most ISPs and email providers will let you declare any piece of email spam, using a "This is spam." or "Junk Mail" button. Sometimes, this will delete the message; sometimes it will just flag or mark it. But what happens behind the scenes?

Spam is the bane of all email providers' existence, so most of them use a variety of methods to block mail. If that's the case, your spam report is probably processed to improve the accuracy of all those methods.

For content filters, your message is processed for:

URLs and email addresses - these can't change, or they won't work. They're very popular to filter on.
Checksums - the whole message is processed down into a short string. This works because many pieces of spam are identical, and are sent millions of times.
words and phrases - one of the more unreliable methods, but still used.

Most other methods look at the computer that sent the email to the ISP. They assume it's sending spam because:

it's infected with a virus.
it hasn't been properly secured, and someone is taking advantage of it.
it's owned by a spammer.

However, sometimes people click the "This is spam." button for things that aren't really spam. Like:

A mailing list they subscribed to, but don't want to be on anymore.
A message from a friend that they didn't want to receive.
As an alternative to the Delete button. (At least, that's the only thing I can assume, seeing some of the messages that people have submitted as spam. Maybe they're just from people they really hate.)

However, your ISP doesn't care why you clicked the Spam button. They always assume the worst. So, what do they do?

If the message was sent by a legitimate email provider, they'll let you know that an anonymous someone reported a message as spam, and show you the message so that you can take action to prevent these messages from being sent in the future.

If you don't prevent it from being sent in the future, or they don't know who you are, they treat you like a spammer. This means they treat all the mail coming from that computer like it's probably spam.

I know the conventional wisdom is, "Never try to unsubscribe from spam." That is true. However, it is not only OK, but you should try to unsubscribe from lists from legitimate companies and/or providers that you've subscribed to in the past, but don't want to receive anymore. Companies like the Gap, American Airlines, Expedia, etc., are more than happy to remove you from their email lists -- they don't want their messages treated like spam, so they want to make sure that only people who want to receive them do!

When your friend is CCing you on mail you don't want to receive anymore, just tell them, "I'm really trying to get my email under control. Would you mind leaving me off your joke of the hour messages from now on?" And if they won't? Well, delete is always available, too (unless you think your friend really has crossed over into the realm of spamming.) If you are a Pobox Plus or Mailstore user, you can use email filters to automatically send messages matching "Joke of the Hour" to the Spam section. And most email programs will also let you set up filters that will automatically move messages from your Inbox to another folder, or the trash.

What should you do if you accidentally report a legitimate message as spam? Most ISPs are looking for multiple reports, so don't worry too much about any one message. But, if you accidentally selected 20 messages in your mailbox, and instead of clicking Move to store them in your "all-time greatest messages" folder, you accidentally hit "This is spam." instead, well... you might want to shoot an email off to your ISP's customer support, to let them know that your friends aren't really spammers.

-----

The New York Times suggests a list of 10 questions we should all ask our mothers this Mother's Day. Let me suggest one more: "Mom, is there anything I can help you out with for your computer or cell phone?"

Tweet, tweet! Why Pobox is using Twitter

2009-04-16T18:01:00.004-04:00

Since the new Home page has gone live, you've probably noticed the Twitter link at the top of the page. You may be wondering, what is Twitter? And why is Pobox using it?

Twitter is a "micro-blogging" service. If you use Facebook, you're probably familiar with status updates. Twitter is a status-updates-only service. If you use IRC, you can think of Twitter as your global channel.

If you don't use any of these services, Twitter allows you to post messages, up to 140 characters long (that's 20 less than a text message!) from the web, your cell phone or instant messenger. People who are "following" you can see your message on the Twitter website, using one of the many third-party programs out there, following your feed in RSS, or (as you can see) when you integrate it into your own website.

So, why is Pobox using it? I am the first person to admit that we have frequently been remiss in posting notices about problems and downtimes. In a lot of cases, it's because someone identifies the problem, thinks, well, I could go write a post for the News page, or just fix it, and chooses to just fix it. With a 140 character limit, there's always a minute to jot a quick note about a problem.

Twitter makes it easier for you to get those notices, too. The old News page had an RSS feed, or you could come to the site to see it. Both of those would be unavailable if the notice was, "The Pobox website is down right now"! Using Twitter means you can choose to get notified through a larger number of tools, or still just visit our site if you prefer. But by using a tool that is automatically displayed on the site when it's available, but accessible using other methods when our site is down, we should (hopefully) always have a way to communicate with you, no matter how dire the problem.

Finally, there are a lot of great companies out there. By using services like Twitter for our announcements, Liquid Planner for our project planning, and GitHub for our version control, we're reducing the amount of support tools we maintain, so we can focus on what we do best -- giving you the best tools to manage your email.

----

Pobox is hiring! If you're a Perl programmer who loves email as much as we do, check out our job posting.

All About Spam: The Case of the Productless Spam

2009-04-01T18:04:00.006-04:00

All About Spam is a series of blog posts about common spammer techniques. Have a question about a type of spam that you'd like to see in a future blog post? Leave a comment, or send an email to pobox@pobox.com!

The classic spam is a smoking gun, easy to spot. Viagra. University diplomas. My new favorite, the acai berry. But some messages have a twist; they don't appear to be selling anything at all! I received the following email today:

From: hfkunm@winartproje.com
Subject: NYC judge denounces woman's self-styled sting

Militants Attack NATO Terminal In Pakistan

hfkunm and I are not best buds. That's the whole message; it doesn't even have a link in it. Aren't spammers supposed to be selling me something? So, why did a spammer bother sending me this message?

Elementary, my dear readers! The first reason is simple: they could be probing for valid email addresses.

The second reason: they're trying to beat the system. In 2002, Paul Graham popularized a plan to filter spam using all your spam and all your ham (legitimate mail) to generate a giant word list, known as Bayesian filtering. Each word would be given a score, based on how frequently it appeared in spam vs. ham. The idea had two key points:

it would learn about new spam words as they were introduced
"good" words could offset "bad" words

Good words are words that appear, proportionally, way less often in spam. For example, spammers rarely talk about themselves in the first person, so "I" or "I'm" has a negative spam score. Spammers do want you to click on links, so the word "click" has a positive spam score.

So, how does it all work? Well, let's take that most popular of all spam words, Viagra. Your gossipy friend sends you a message all about herself, and it happens to include "I hear Joe started taking viagra!" A keyword-based spam filter will block any message that contains "viagra", so out it goes. A Bayesian filter would say, all these "I"s outweigh the the one "viagra", and let it through.

For a short while, Bayesian filters were all the rage, and very effective, because they were trained per user. Spammers never let a good plan get them down, though, and came up with a simple, ingenious solution: start sending random content. In the early days, it was snippets from great books (read David Copperfield one paragraph at a time!). They've since moved on to simple randomized phrases, and headlines like today's. All these red herrings have certainly degraded the accuracy of Bayesian filters, but like a good detective, spam filters try all the tools in their arsenal, hoping to find the one that closes the case.

------
Do you love sending email so much it hurts? See some simple stretches to relieve carpal tunnel syndrome pain.

The great Mailstore migration

2009-03-25T16:53:00.005-04:00

Today's guest blogger is Bryan Allen, our Operations head. For a long time now, Mailstore accounts have been undergoing a makeover, as the number of accounts grew. He's been working on making Mailstore a top-notch service for quite some time. Tonight's hardware roll-out is one of the final steps in his plan, so he's taken a few minutes to chronicle the whole journey. Take it away, Bryan!

Pobox doesn't often talk about the technology we use to ensure the spice continues flowing, and technical posts that don't deal with a specific (typically obnoxious to the person who solved it) problem tend to be pretty dry, but hopefully you'll find this somewhat informative.

Tonight's outage is the next step in what I've come to refer to as The Great Mailstore Migration.

Previously on Pobox...

Two years ago, it became obvious that our infrastructure needed a major change. We needed to consolidate hardware, we needed to move from the x86 Linux whiteboxes we were using to something beefier and better built. After a fair amount of testing, it was decided we'd move to Solaris 10 on Sun hardware.

Changing platforms gave us a lot: All the awesomeness of ZFS (checksumming, cheap snapshots, etc), and gobs of introspection thanks to DTrace. It wasn't a trivial process, but in the end it was absolutely worth it. Perhaps most importantly to how we provision services now, we got Solaris Zones. Pretty much any Pobox service you use lives in a Solaris container. Encapsulating services in this way allows us to fine-tune resource controls, quickly migrate the zone to bigger hardware, gives us a really simple view of how many resources a given service is consuming (as it's all running in a zone, there's no hunting for ancillerary processes amongst, perhaps, thousands).

It's also very useful conceptually when provisioning, knowing that you have services which require x CPU, y RAM, z disk I/O. You can think of the services (which themselves may consist of several services with different requirements) as boxes (or, in Sun or IBM parlance, containers) and assign them to hosts with the appropriate avaible resources. The same could be done for services in a single flat topology but I've found it a very useful mental tool, if nothing else.

The Great Mailstore Migration

The first step of the Great Migration, undertaken last year, moved us:
from Generic x86 servers to Sun X4100 M2s
from Linux to Solaris 10
from ReiserFS to ZFS
from SATA to SCSI

There were a few hiccups here, mainly relating the ZFS Adaptive Replacement Cache. Essentially, ZFS does a lot of really smart things when it comes to prefetching data, and caching it in memory. Depending on the size of your dataset, the ZFS ARC will want lots and lots of RAM. In Mailstore's case, the pretty point is pinned at 6GB min, but tends to hover between 7 and 8GB.

Next, we switched mail backends, migrating from Courier to Cyrus. This move was greatly simplified thanks to Gilles Lamiral's imapsync tool. We also deployed nginx in front of Mailstore, in IMAP proxy mode. These are both very cool, very useful pieces of technology, and we're very happy to have them in our toolkit.

The primary reason for moving to Cyrus were its binary indexes. These are compacted databases which greatly speed access to metadata about the messages in your Mailstore folders. We saw major performance increases here, especially relating to Webmail. We also got push notifications for free here, whereas with Courier we had to utilize FAM at such a performance cost it became untenable.

(Note: this type of push doesn't work with iPhones. As pretty much everyone in the office has one, we really wish it did.)

In Tonight's Thrilling Episode...

This outage is a two-part upgrade. We are deploying Sun J4200 SATA arrays to replace the SCSI arrays Mailstore data currently lives on. We're also upgrading the Mailstore servers to the most recent revision of Solaris 10. This latter gets us on ZFS root pools, greatly mitgating the amount of time it can take to upgrade a system. We're also getting a newer version of ZFS, in which, if it becomes necessary, we can build Hybrid Storage Pools on the J4200s.

Moving to the J4200s and SATA also increases our disk capacity by quite a lot. To the customer, this means we can start storing snapshots for longer. Snapshots are what we use to quickly restore user data when requested. At the moment, we store about a week's worth of snapshots. With the new storage systems in place, storing a month or more becomes reasonable. It has happened, though somewhat rarely, that a customer will ask us if we can restore a specific piece of mail they deleted a few days ago. More rarely still, they want to restore something from more than a week past.

Well, now we'll be able to with a minimum of fuss. This increased snapshot capacity may also save some of our POP users who suffer local hard drive crashes (though we highly recommend moving to IMAP!)

Something I've been thinking about for a while is wrapping a web interface around the snapshots and letting customers restore their own mail. This feature may have to wait for ZFS to get a "diff" ability, but email pobox@pobox.com if you think it's an interesting idea.

Coming Up...

In the final planned Mailstore upgrade task, we'll be moving from the legacy version of Cyrus to the latest version. This move will allow us to incrementally build mailbox databases more easily (for faster searching, primarily in Webmail), easier replication, and another major performance boost due to a database backend change.

So there it is: The reason for the planned outages in the last year, and where the Mailstore backend is going.

As always, if you have any questions, please email pobox@pobox.com.

Thanks, Bryan!

-----

Tax time is coming up. Beware phishing attempts! The IRS does not request information via email.

How do you use your Inbox?

2009-03-18T11:45:00.003-04:00

The Inbox, in many ways, is the junk drawer of people's lives. Everyone has one. You think everything in there is important. But, sooner or later, you realize you can't find anything you need in it, your finger just got snapped in a mousetrap you shoved in there 3 years ago, the crazy glue is completely dried up, and you just want to find a battery so you can play one more round of Wii Sports, and you swear you're going to clean it out first thing tomorrow.

Gmail has tried pushing the idea that your Inbox is your endless repository, "delete" is a thing of the past and searching is the way to get through it. But, a couple years ago, I realized that I was using my email Inbox as my virtual to-do list. And, if you do that, but you follow the junk drawer model, you've (more than once) ended up totally forgetting about something important, because it's scrolled off your visible messages, and, out of sight, out of mind, right?

Last year, I began a campaign to bring my messages down to zero. And I'm not the only one. The suggestions basically boil down to:

Don't make your system more complicated than it needs to be
Delete, delete, delete! It's much faster to delete immediately, than to keep coming back to it, then guiltily deleting it a month from now.
Move things to your calendar or your actual to-do list. Only leave messages that need a reply.
If the reply can be written in under 2 minutes, do it now.
Here's my own personal addition: always separate your work and personal email into two different boxes.

That's basically it! Now, my personal Inbox looks more like an old-fashioned stack of correspondence -- actual honest-to-goodness letters from friends, that are deserving of a lengthy reply. My work Inbox I should be stricter about (there are many more messages that will take more than 2 minutes, but less than a half an hour, and those tend to linger), but I have fewer than 15 messages there, and I could probably knock it down to 7 with about 30 minutes. Then, at the end of the week, I tackle all the ones that have been hanging around. I never *quite* get down to zero, but I've stopped losing emails in the depths of my Inbox!

For all you mega-Inboxers out there, how do you keep track of the things that still need your attention? Let me know in the comments!

-----

ZDnet's security blog reiterates my earlier advice about protecting your passwords, in light of this week's revelation that several thousand Comcast customer username/password combos were posted to the Internet. Check out their recommendations for password security.