Hello, everyone. Sorry for the delay in posting another Blog entry... Things have been somewhat hectic around here. I'm currently "between jobs" and have been for most of the past 6 months or so. I may have alluded to that in my last post.
My latest rant... Spammers who forge my domain name and the idiot sys-admins who bounce that spam back to me!
When the idea was first proposed, I was opposed to things like Domain Keys because I figured it would cause problems for people like me who own a domain, but don't run a mail server. Actually, I have about 3 domains and I'm the only user, so I'm free to use whatever email address I want when signing up for things on the web. Makes it easy to figure out who sold my email address.. for example, I sign up for announcements from BestBuy and use the email address "BestBuy@mydomain.tld" (not a valid email address, by the way, due to the ".tld" extension grin.) Then if I start getting a bunch of spam to "bestbuy@mydomain.tld" I know that either BestBuy sold my email address or their server got hacked. Actually that's quite a nice thing to be able to do...
However, the *problem* occurs when spammers harvest "mydomain.tld" and start using bogus email addresses such as "jimbob@mydomain.tld" to sell V1@Gra and stuff like that. What usually ends up happening is that the sysadmins will accept that email for processing and then, after the fact, realize it's spam or decide that the recipient doesn't exist, so they "return" it to "jimbob@mydomain.tld." Unfortunately, since my domain host accepts email for all email addresses on "mydomain.tld" it gets sent on to me.
Then, when I use Spamcop to complain that these admins are sending me junk, they have the gall to suggest "well, sorry about that... your domain was in the reply-to, so we just sent it where it appeared to come from." See, that's just not right. What they should do, in my not so humble opinion, is either check the recipient against their userlist when accepting email and reject anything that's not a valid user right then, BEFORE the message is accepted for processing, or if they can't do that, silently delete the message. Further, and this would hurt people like me who own a domain but don't run a mail server, they could check to see if the IP address of the mail server that's trying to deliver mail to them matches the domain it claims to be. i.e if 1.2.3.4 is trying to deliver email and is claiming to be "mail.example.tld" they should check to see if it really is associated with "example.tld." It doesn't even have to be an exact match (some mail servers have different "names" that they identify themselves by, so only accepting an exact match would be problematic sometimes.) If, for example, 1.2.3.4 is really identifiable as mail.hijacked.tld (another invalid domain) you could reject it as "not matching" who you say you are. I don't know that there's an actual specification or rejection code, but there could easily be one created for this.
Anyway, my point is that mail admins need to work harder to prevent what's known as "blowback." That's just my 2 cents' worth.
Friday, December 1, 2006
Tuesday, November 21, 2006
My Pet Peeves
Hmm...What to say, what to say...
Well, let's get started here. One of my friends used to gripe about not being able to even get a job interview because he never finished high school or even got his GED. I used to think he was over reacting. Lately, however, due to my own circumstances, I'm beginning to see what he means. What do I mean by that? It's like this -- I've been mostly unemployed for about 6 months now and I've been trying to get a job. The problem is that most employers don't bother trying to find out what you can actually do, they just ask for certifications.
Certifications, what am I talking about? Well, as a PC Technician (which is what I do) you can go to various certification companies, like Comptia (http://www.comptia.org) take a test and get a piece of paper saying you know how to fix a computer or whatever. My feeling is that one shouldn't need a piece of paper stating you know how to fix a computer.
One of the certifications you can get is called an MCSE. I'm sure there are a lot of good Microsoft Certified System Engineers out there. The problem I have with that certification is that there is nothing to prevent you from using that title from now until you drop dead without getting any continuing education. Doctors and other professionals have to certify to the state licensing boards that they are keeping up with the latest techniques and treatments, etc but there's no agency that does anything like that for technical people like myself.
That is to say, you could become a Windows 2000 Server MCSE and while you're supposed to get re-certified when the next generation of Microsoft Windows comes out, there's just no way to know for sure.
Now my previous employer, when I was hired, at least took the time to do some testing and find out if I knew anything about doing the job I was being hired to do. They had a sample certification test that they had me take. That's all I'm asking for, is a chance to prove that I can fix a computer.
In my not so humble opinion, too many employers rely solely on whether one has these certifications and don't bother looking beyond that to see if 1) you really can do the job you're applying for and 2) If you are certified, whether you are up-to-date on your certifications.
Anyhow, that's just my considered opinion! Feel free to let me know what YOU think.
Well, let's get started here. One of my friends used to gripe about not being able to even get a job interview because he never finished high school or even got his GED. I used to think he was over reacting. Lately, however, due to my own circumstances, I'm beginning to see what he means. What do I mean by that? It's like this -- I've been mostly unemployed for about 6 months now and I've been trying to get a job. The problem is that most employers don't bother trying to find out what you can actually do, they just ask for certifications.
Certifications, what am I talking about? Well, as a PC Technician (which is what I do) you can go to various certification companies, like Comptia (http://www.comptia.org) take a test and get a piece of paper saying you know how to fix a computer or whatever. My feeling is that one shouldn't need a piece of paper stating you know how to fix a computer.
One of the certifications you can get is called an MCSE. I'm sure there are a lot of good Microsoft Certified System Engineers out there. The problem I have with that certification is that there is nothing to prevent you from using that title from now until you drop dead without getting any continuing education. Doctors and other professionals have to certify to the state licensing boards that they are keeping up with the latest techniques and treatments, etc but there's no agency that does anything like that for technical people like myself.
That is to say, you could become a Windows 2000 Server MCSE and while you're supposed to get re-certified when the next generation of Microsoft Windows comes out, there's just no way to know for sure.
Now my previous employer, when I was hired, at least took the time to do some testing and find out if I knew anything about doing the job I was being hired to do. They had a sample certification test that they had me take. That's all I'm asking for, is a chance to prove that I can fix a computer.
In my not so humble opinion, too many employers rely solely on whether one has these certifications and don't bother looking beyond that to see if 1) you really can do the job you're applying for and 2) If you are certified, whether you are up-to-date on your certifications.
Anyhow, that's just my considered opinion! Feel free to let me know what YOU think.
Subscribe to:
Posts (Atom)