HIS News and Status Announcements

There has been a dramatic increase in spam lately - here’s a chart provided by Postini.

One side-effect has been ‘bouncebacks’ when the spammer has used a forged email address (yours …) to send their spam.

Spammers need to use a real domain for the return address to send their spam, and many of the spambots just use addresses from their To: list to forge the return address.  There’s nothing to stop them from doing this, and they haven’t hacked into your account.  They’ve just send a few hundred (or a few thousand) pieces of spam from some other server (often in China, but could be anywhere) using your address.

Since many, if not most, of the addresses in the spammers’ To: lists are bogus, these messages are often bounced as undeliverable by the receiving servers.   Since your address was used, you get these bounce messages, often hundreds at a time, and while Postini and our spam filters stop most of these, many get through because bounce messages are legitimate and because the message body is often significantly changed and may no longer look like spam.

If you have an alias set up for your email address so you can get mail in the same mailbox for either address, this doubles the odds that you’ll get this junk.  Many people have quite a few aliases set up, and this dramatically increases the odds.  The worst case is when you set up a ‘catch all’ mailbox where all mail for your domain is accepted in your mailbox; when a spammer uses a ‘dictionary attack’ and tries thousands of possible usernames in your domain, you’ll get them all.

If you have aliases set up, you can reduce the junk you’re getting by deleting the aliases you aren’t actually using.  If you have a ‘catch-all’ box set up, you should turn this off and use only the addresses that you actually need; it’s no longer appropriate to use catch-all mail mapping because of the extreme spam problem.

Update 4/30/2008:  some domains get more spam than others, but overall the increase lately has been dramatic.  Cumulative stats for many of the domains we host for the past day shows a 7,000:1 ratio between spam and real mail, with an average of 2,900:1 for the past week.  Between our spam filters and Postini’s we’re able to stop nearly all of this, but people with catch-all mailboxes are getting a lot of spam.

The software that runs the webmail interface at https://mail.his.com has been upgraded.  If you have an account on mail.his.com, give it a try and see if it meets your needs.  

Our other mail.his.com webmail interface is https://webmail.his.com - this site has more features, but some people prefer https://mail.his.com because its simple approach is faster and more responsive.  Try them both and use the one you like. 

Two cables have been cut north of Egypt, which has cut off internet access to/from much of the Middle East and parts of Asia, including Pakistan and India.

There’s more information at:

http://www.renesys.com/blog/2008/01/mediterranean_cable_break.shtml

Analysis of affected ISPs in the area:

http://www.renesys.com/blog/2008/01/mediterranean_cable_break_part_1.shtml 

As of 1/31/2008, estimated time to repair is approximately two weeks.

It is believed that the undersea cables were damaged by a ship’s anchor.

Between 7:36 and 7:46 AM EST on Wednesday, 1/30/2008 some AT&T trunk circuits ‘flapped’ (went down, came back up, went down, came back up) for ten minutes, causing routing instability within the Washington, DC part of our network.  The problem was fully resolved after ten minutes and has not returned.

Postini still hasn’t restored the ‘delete all’ option, but they’ve given us something even better:  the ability to search the quarantine.  This is very helpful when you have thousands of messages in quarantine (it isn’t unusual to have 20,000 quarantined messages during the past two weeks) - now you won’t have to page through the messages looking for the message you expected from joe@xyz.com - you can just do a search and find out immediately if Joe’s message got trapped in your spam quarantine.

You can log on to your Postini quarantine at https://login.postini.com - log in with your email address (suzie@his.com, etc.) and the same password you use to pick up your mail.

Postini is still having issues with web access to user quarantines -as before, spam/virus filtering is working normally, but logging on to view your quarantine may be slow at times.   They’ve temporarily limited view of user quarantines to the past 7 days, even though 14 days worth of spam is still in quarantine, and the ‘delete all’ button has not been re-activated (no word as to when that will happen - Postini’s advice is to just let quarantined spam age off by itself after 14 days and don’t worry about the storage).

QUARANTINE VIEW
Sunday - Monday, November 25-26
Postini Operations have observed abnormally high Message Center use on this fourth Monday in November when employees return to work and log in to view their Postini quarantines. To assure that users have timely access to their Message Center, we will temporarily reduce the VIEW of quarantined items to the past 7 days.

Quarantined emails older than 7 days remain in the quarantine as usual, but will not be visible in the Message Center and Administration Console. The change will be in effect from Sunday night November 25th until Monday night, November 26th Pacific Time.

The backbone routing problem (intermittent  difficulty reaching some parts of the net plus overall performance decrease) that started around 2 AM Wednesday morning have been fully resolved, thanks to the efforts of a very smart AT&T tech who stayed overtime to help test, diagnose and finally resolve the issue.

We are currently experiencing degraded backbone transit performance because of a change made last night by AT&T.  Symptoms are some sites coming up slowly, and intermittent problems connecting to some sites.

AT&T is working this at the highest level and we expect the problem to be resolved soon. We’ll post updates as we get them.

The “Delete All” button has been temporarily removed from the Message Center.

Quarantined messages continue to be automatically deleted after 14 days, and you can delete selected messages as usual.

We understand the impact to customers, and we apologize for the inconvenience.

Recently closed issues:

Beginning late evening PDT, Wednesday October 17, we detected a severe and extended spam attack of large MP3 files advertising a penny-stock scam, and most messages with MP3 attachments were temporarily bounced. On Thursday evening PDT, October 18, we released updated filters to block this and other attacks.

AT&T has fixed the problem that was causing calls to most of our dialup modem/ISDN phone numbers to fail, and dialup service is normal again.