Instagram advertising is going great
I understand that they use "cookies" to enhance my personalized advertising experience!
Email bounce clustering
At an average of one message a week, most addresses that bounce end up doing so at just about 31 months, or 2.4 years, plus or minus one week.
It's a weird cluster, right? I'd expect it to just be exponential.
This is a graph of how many messages were sent before the address bounced three times. It does not include addresses that have not bounced. Also, the bounce count is reset to 0 if we send a message and it does not bounce, so it's not that old "strikes" never expire. The data goes back about 3 years.
Almost all bounces are "over quota" rather than "not found" or some other error, and 75% of our subscribers are gmail.
Postfix
How do I prevent postfix forgeries in "From:" rather than envelope?
Putting "dnalounge.com REJECT Forgery" in "sender_access" prevents inbound unauthenticated SMTP connections from forging my domain in the envelope, but doesn't reject messages like:
Return-Path: spammer@example.comor
From: example@dnalounge.com
Return-Path: spammer@example.com
From: "example@dnalounge.com" <spammer@example.com>
Looking for a postfix solution, not a spamassassin solution.
Current settings:
smtpd_helo_restrictions =
permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/access,
check_sender_access hash:/etc/postfix/sender_access,
reject_rbl_client zen.spamhaus.org,
permit
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
Update: I have still not gotten an answer to this question that I understand or believe. Is the person below who said "you can only solve this by adding even more nonstandard complexity to master.cf" correct?
Postfix
When Postfix delivers to an unknown user via Dovecot it gets status=deferred but I want a reject in smtpd instead. How fix?
main.cf: mailbox_transport = dovecot:master.cf:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver
-e -f ${sender} -d ${recipient}
Running deliver by hand shows it exiting with status 75.
The oligopoly has won.
Carlos Fenollosa flips a table:Many companies have been trying to disrupt email by making it proprietary. So far, they have failed. Email keeps being an open protocol. Hurray? No hurray. Email is not distributed anymore. You just cannot create another first-class node of this network.
Email is now an oligopoly, a service gatekept by a few big companies which does not follow the principles of net neutrality. [...]
I lost. We lost. One cannot reliably deploy independent email servers. This is unethical, discriminatory and uncompetitive.
*Stares in previously.*
Today in "Google broke email".
To recap, my domain hosts its own SMTP server running Postfix, and /etc/postfix/virtual contains a bunch of entries forwarding "employee_name@dnalounge.com" to whatever their actual email address is, usually gmail.
This has been mostly working fine for a decade or so, but lately there have been more bounces due to "strict SPF". For example, jksound.com's SPF record includes "-all" (dash instead of tilde) which means that when example@jksound.com tries to mail example@dnalounge.com, we forward that along to example@gmail.com, and then Google rejects it with 550 "SPF hard fail".
So, I don't know whether it has recently become more common for people to use dash-all instead of tilde-all, or whether Google recently started actually enforcing dash-all in a way that they didn't before, and while I am curious about that answer, it doesn't really matter.
Another thing that doesn't matter is that SPF is bullshit that solves no problems and should not exist. Let's just take that as a given and move on.
What does matter is, what the fuck do I do about it?
Telling all of these people, "Hey dummy, use tilde-all instead of dash-all" is obviously not practical.
"Provide an IMAP server for all of my employees" is a terrible answer, in terms of both maintenance headache and disk space.
"Turn over your MX record to some third party service" is an even more terrible answer, because so many of our custom internal systems touch email. Order confirmations. Shipment notifications. Calendar mailings. Sales reports. Bounce and unsubscribe handlers. Address verification and password resets.
Is there a third option?
Finally, here's a concrete question: let's say I desired to have a filter plugged into my Postfix that looked at a message, identified it as one that Google is definitely going to reject because of strict SPF and then... did something else with it. Like, say, forward it as an attachment instead. (This would obviously be insane and terrible, and yet still better than bouncing.) Is that a doable thing, or should I just stick forks in my eyes right now?
Update:
-
My current approach is to provide a POP3 server for all of my employees. It turns out that POP3 is a thing that still exists in the Twenty-First Goddamned Century. Gmail provides an option to download mail from external POP3 servers, if you trust them with your password. As far as I can tell so far, Google doesn't penalize my server for spam that is relayed that way, they just process it normally.
But, every now and then, instead of downloading a message, they deliver a message to the recipient that says "The message [...] contained a virus or a suspicious attachment. It was therefore not fetched from your account and has been left on the server." And in that case they leave it on my server forever, which is annoying.
OutHorse Your Email
LITLA STJARNA FRÁ HVÍTARHOLTI
Types fast, but might take a nap.
HRÍMNIR FRÁ HVAMMI
Assertive. Efficient. Shiny hair.
HEKLA FRÁ ÞORKELLSHÓLI
Friendly, trained in corporate buzzwords.
But how did they do all this work and not register a .horse domain?
The Horse replies, "Neighhhh..."
Users mourn the loss of top stolen credit card site
Can you imagine a breathlessly credulous article like this being written about someone who found their path to financial independence through smashing car windows and selling fentanyl-tainted cocaine?When COVID-19 struck Ghana in 2020, the government introduced lockdowns that impacted Player 456's livelihood. "I work in the events industry," he says. "You can guess how business went." Looking to make cash, he spoke to a friend who suggested he get into online fraud. [...]
For Player 456, it was an eye-opener. Alongside the ability to buy access to compromised credit cards, which could be used for illicit online shopping sprees, the site also held a database of stolen U.S. Social Security numbers. Those numbers allowed people to file fraudulently for unemployment benefits, depositing the cash in U.S.-based dupe accounts they gained access to via UniCC. [...]
"UniCC gave me a way out to turn my finances around -- even though I realize it was at the peril of someone else on the other side of the world," he says. "I see people suffer because they have no money. Graduates, people whose jobs they've lost because of COVID. I hoped they'll all get a chance like I did. But now it's gone."
Instagram: How not to do messaging
Sadly, my businesses still have a presence on Facebook and Instagram because choosing not to use those services essentially means choosing not to advertise, and that's not really a stand we can afford to take during this pandemic apocalypse.
And since I still have to manage this shitshow, here's me pissing in the wind again about how terrible it is to try and actualy use it.
I've written before about the mind-boggling unusability of Instagram's inbox-management for business accounts: that the messages are partitioned into four different places with four different interfaces with no rhyme or reason. It's just unfathomable how anyone is able to communicate with their customers through this disaster. [Narrator: "They cannot. They mostly don't try."]
Well, a couple years ago, Facebook integrated Instagram into this "Facebook Inbox For Business Suits" thing or whatever they're calling it today. In theory, now you can use a Facebook web page instead of the postage-stamp-sized Instagram app to manage your messages while typing with your thumbs like an animal.
Take a look at the image to the right. Zoom in. Let the hate wash over you. I'll wait.
- First indignity: you have to make the window be basically full screen width or none of those icons on the right show up, because it's got 3 different sidebars (not shown). And even then, sometimes the message author's profile picture appears on top of the buttons, making them unclickable.
- The "All Messages" tab is not all messages. So the very first words on the page are already a lie. You still have to click through to the four other tabs to see everything.
- When it shows you an Instagram "story", you almost never get to actually see it. Stories usually expire after 24 hours, but I look at this page once a day and I can't remember the last time a story actually showed up as something other than a broken-image box.
- When it does actually show you the contents of an Instagram story or post, it is 240 pixels wide. You can't resize it. You can't click on it to open it in a new window. You can't copy its URL. Hope your eyesight is good!
- When it shows you Facebook messages or replies, it doesn't show you the actual message. It shows you the post on which the messages were made. And it is always set to "Most relevant comments", meaning it's showing you the top-rated 5-of-30 or whatever, in bogosort-order. Because that's what you want to see in your "Facebook Connect Businessy Direct Comments Suite". Not the most recent message, but one that was popular two weeks ago.
-
There is no "mark all read" button. You have a thousand messages in the list, but a couple of them, 700+ messages ago, are marked as unread, making the unread count up top useless? Congratulations, you get to click a thousand times to clear that. Also, the position of the "delete" button changes every time. Sometimes those 5 buttons are horizontal, but sometimes they wrap to 2 or more lines, depending on... I don't even know what. (See "Facebook Cow Clicker".)
- Once you have deleted a message, it is gone forever. There is no Trash folder. The message itself exists, and everyone can still see it, you just have no way to navigate back to it from "Facebook Presents Inbox by Marc Jacobs" or whatever this is.
- That "Exclamation point" button means "Mark as spam". As far as I can tell, it's the same as Trash. It does not even move it to a spam folder, because as I said, folders aren't a thing. There is no Spam folder, nor a Trash folder, not an Archive folder. And it absolutely for sure does not report the message as spam. It's just a handy busy-box for you to click that does nothing, like calling 311 about a blocked bike lane.
- Is there a way to report abusive Instagram messages? Sure there is, there's a "Report" item hidden on a dot-dot-dot popup menu in the "User" sidebar! That takes you to a FAQ telling you to run the Instagram app on your phone, find the message again (good luck with that), and report it from there.
- If it's a Facebook comment, there are context menus for blocking and reporting, that work completely differently. What you want is a button that means "report this abusive asshole and make them go away forever". What you get is three different paths to report comments, delete comments, and block users, which take like 14 clicks,
and if you miss one step, some or all of those things don't happen. Also it's entirely possible that "block" means "don't show this person's abuse to me personally, but do continue showing them to everyone else who looks at my business page." After all these years, I still have no idea.
"This web page is using significant energy. Closing it may improve the responsiveness of your Mac." - My business account manages multiple Facebook and Instagram pages. Do messages to all of them show up in the same place? Hahahahahahahaha no. Each one gets its own separate "Instagram By Facebook Inbox Business Message Console Business" page.
- Oh yeah, those red message count badges at the top? They never change as messages are read or tabs are changed. I mean, that sounds too hard, right?
One might hope that this incompetence indicates that they simply don't have employees who know what they're doing, and one might dream that maybe that's because Facebook is just too embarassing a place for the competent to work. Maybe the people capable of getting jobs elsewhere took my advice and quit. But that's wishful thinking. Ethics are not correlated with programming skill. It's just that they don't give a shit. Tools to allow businesses to use Facebook to intermediate communication with those businesses' customers are not a priority. As a rational, sane person, the things that you expect are part of Facebook's business are not. If you think you are their customer, or even that your customers are their customers, you are wrong.
Previously, previously, previously, previously, previously, previously, previously, previously, previously.
