Received: from mail.vividdreamqb.name (milestone.clevervistakb.com [170.130.167.11])
From: Dicks Rewards Team <dicksp0@vividdreamqb.name>
Subject: Final notice: YETI Beach Lounge Wagon unlocked by your gear score
Message-ID: <RUxA2tTL-gy3-hDiWXM33jfhjh3zp@vividdreamqb.name>
X-Request-ID: d36d3311-8a4b-4ac9-91b0-4afeee106923
Feedback-ID: jhkmk:vividdreamqb.name:mail
X-Spam-Report:
    * 0.0 HTML_MESSAGE BODY: HTML included in message
    * 0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

I can't even tell who has been popped here. "clevervistakb.com" and "vividdreamqb.name" have the same IPs but different registrars (maybe that's a TLD thing?) It's also not clear to me which of those domains sender_access matches on.

I have, however, come to the conclusion that that there are simply too many web sites.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2026/04/i-just-like-saying-dicks-rewards/feed/ 9 https://www.jwz.org/blog/2026/04/sms-chatbots-are-going-great/ https://www.jwz.org/blog/2026/04/sms-chatbots-are-going-great/#comments Sat, 04 Apr 2026 18:53:57 +0000 https://jwz.org/b/yk5t

1. "Show Reader Automatically" in 2010;
2. "Hide Distracting Items" in 2024.

Everything else has either been a waste of goddamned time, or actively malicious. Mostly the latter.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2026/02/plonk/feed/ 65 https://www.jwz.org/blog/2026/01/zipbomb-json/ https://www.jwz.org/blog/2026/01/zipbomb-json/#comments Sun, 01 Feb 2026 06:25:50 +0000 https://jwz.org/b/yk2x Update: Ok fine, since you have all failed me, I wrote a JSON bomb generator. With a 10GB file, "jq" 1.8.1 takes a full minute to produce no output.

Previously, previously, previously.]]> https://cdn.jwz.org/blog/2026/01/zipbomb-json/feed/ 34 https://www.jwz.org/blog/2026/01/ca-drop-is-finally-live/ https://www.jwz.org/blog/2026/01/ca-drop-is-finally-live/#comments Tue, 13 Jan 2026 20:00:51 +0000 https://jwz.org/b/yk1v California residents can use new tool to demand brokers delete their personal data:

While state residents have had the right to demand that a company stop collecting and selling their data since 2020, doing so required a laborious process of opting out with each individual company. The Delete Act, passed in 2023, was supposed to simplify things, allowing residents to make a single request that more than 500 registered data brokers delete their information.

Now the Delete Requests and Opt-Out Platform (DROP) actually gives residents the ability to make that request. Once DROP users verify that they are California residents, they can submit a deletion request that will go to all current and future data brokers registered with the state.

I signed up for this, despite it being a red-flag factory. It makes sense that to tell data brokers to fuck entirely off, you would have to identify yourself to them, but giving information to the enemy still goes against my every instinct.

Again, it makes me twitch to ever upload a photo of my ID, but I guess sending the ID to the same government that issued it should be fine? But signing up for login.gov is a complete shitshow.

You can't just upload a photo of your ID: desktop browsers are "not supported". You have to take the photo in-browser on a phone, and it took me literally 15 times to succeed at that, because iOS Safari kept crashing so hard that I had to kill the app. Repeatedly. Sometimes it would crash at the front scan, sometimes at the back, but restarting meant you had to start over with the front again. Also it somehow drained 40% of my battery in 15 minutes. Amazing technology. Great work everybody.

And you have to consent to "something something AI something something" and there was also some "binding arbitration" nonsense in there too. (I could hear Cory's head exploding from here.)

"Powered by Socure" who I guess are the AI-blah-blah also-ran trying to get whatever government contracts id.me didn't already get. Apparently they are burrowed in to Docusign as well ("your second most favorite source of phishing emails!")

I guess people who don't have iOS or Android are expected to go to the post office to do this in person. I was seriously considering it.

At least they didn't demand that I give them a facial.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2026/01/ca-drop-is-finally-live/feed/ 13 https://www.jwz.org/blog/2026/01/fail2ban-gc/ https://www.jwz.org/blog/2026/01/fail2ban-gc/#comments Thu, 08 Jan 2026 08:30:44 +0000 https://jwz.org/b/yk1e Previously, previously, previously.]]> https://cdn.jwz.org/blog/2026/01/fail2ban-gc/feed/ 35 https://www.jwz.org/blog/2026/01/my-50-most-popular-blog-posts-in-2025/ https://www.jwz.org/blog/2026/01/my-50-most-popular-blog-posts-in-2025/#comments Fri, 02 Jan 2026 22:06:15 +0000 https://jwz.org/b/yk1N For example, this year the number one hit was a blog post from 2022, that never had a large number of hits in any previous year, and also wasn't particularly interesting or controversial. An absolutely "mid" post, as the kids say. It had more than twice as many hits as the number two post. 99.5% of those hits came from the user agent:

which is what all modern Apple Safari browsers now claim to be. (Yes, they all claim to be Intel.) So either these hits are from lying Apple browsers, or from lying AI bots repeating Apple's lie, and there's no way to tell.

"Popularity" here is based on page loads, not on comments or likes or boosts or whatever.

50: Blade Runners needed

49: jwz mixtape 254

48: Sax, possibly violence

47: Great moments in the internet service industry

46: Four way stop versus $100 billion valuation

45: Gavin Newsom Actually Sucks

44: Pi 4 SPI lossage

43: Poopin' Putin

42: Atomic Keyboard

41: Tempest, Pac-Man

40: Fucking Python

39: The Cringeocracy

38: CIA

37: Waiting For The Worms

36: RTMP / HLS segment corruption

35: Perennial "Fuck the Blue Angels" post

34: Qualifying Conditions

33: Wayland and screen savers (2023)

32: Under Attack, Please Stand By

31: 0xACAB8647

30: Werewolf Futures

29: Crosswalks hacked to imitate Musk, Zuckerberg

28: XScreenSaver 6.12

27: "An off switch? She'll get years for that."

26: Today in "Google broke email"

25: Basecamp alternative

24: Cube

23: XScreenSaver, Wayland and locking

22: Marc Andreessen, Murder Enthusiast

21: E-bikes

20: User agent blocking

19: Motherfucking Wind Farms

18: Now I have two problems

17: The Mothership Vortex

16: Fucking Python

15: "I prefer to meet people where they are"

14: On Blocking, Mastodon HOA Edition

13: Pro Tip

12: Exterminate all rational AI scrapers

11: You MUST listen to RFC 2119

10: The original Mozilla "Dinosaur" logo artwork

9: Today in Email Hegemony

8: Ambient age verification

7: Unpopularity Contest

6: Under Attack, Please Stand By

5: Wayland screenshots

4: Signal

3: Netscape Navigator 2.0 was released 30 years ago today

2: DMARC and SPF

1: Mosaic Netscape 0.9 was released 30 years ago today (2024)

Previously, previously, previously, previously, previously, previously, previously, previously.

Apparently Google is dropping support for Gmail accounts being able to fetch mail from outside accounts. At all. And they announced this change less than 60 days ago. (The announcement was in the basement, stairs, leopard, etc.)

What I want to accomplish is simple:

1. When email arrives for employee@dnalounge.com, have it delivered to the inbox of dna_employee@gmail.com.
2. When that employee is logged into that gmail account, have them able to send email with employee@dnalounge.com in the From: header.

This cannot be accomplished by simply having mail.dnalounge.com forward messages for employee@dnalounge.com to dna_employee@gmail.com because SPF destroyed email forwarding. Specifically:

1. customer@example.com sends mail to employee@dnalounge.com.
2. The SPF record of example.com includes "-all" (strict) as is now common.
3. mail.dnalounge.com forwards that messages to dna_employee@gmail.com.
4. Gmail says, "example.com does not permit dnalounge.com to send email on their behalf" and rejects it with "550 SPF hard fail".

My current email flow is this:

1. Inbound mail:
   1. Email for employee@dnalounge.com arrives at my server.
   2. Message is stored in my server's Dovecot/Maildir.
   3. dna_employee@gmail.com has "Import emails from my other account (POP3)" selected, and Gmail has a saved plaintext copy of their mail.dnalounge.com email password to accomplish this.
   4. Gmail polls and downloads their email over POP3 every 30-90 minutes, sometimes longer. ← This is the thing that is going away.
   5. Gmail runs their aggressive spam filtering on that, and puts some subset of it into their Gmail inbox.

2. Outbound mail:
   6. dna_employee@gmail.com has its outgoing From address configured as employee@dnalounge.com (via "Add another email address").
   7. When they use Gmail to send mail from their employee@dnalounge.com address, Gmail delivers it to mail.dnalounge.com, authenticating with the saved plaintext copy of the employee's mail.dnalounge.com password.
   8. mail.dnalounge.com delivers it to customer@example.com, so the SPF record matches mail.dnalounge.com as the origin (and I don't have to have my SPF record say "any spammer on gmail.com is allowed to send mail pretending to be any dnalounge.com address.").

The linked article says "Gmail will continue to support IMAP" which sounds like: "Gmail can still poll your server to download email, you just have to switch from POP to IMAP". That would be fine if it were true, but it is not. Gmail does not and has never supported importing email via IMAP into the Gmail MDA/MTA. It only supports adding an IMAP server as a second account in the MUA, which is not the same thing at all.

Now that Google is removing the ability to have Gmail poll my server to download messages, what are my options?

Here are some things that people will suggest that are unacceptable:

1. Have the dnalounge.com MX record point to some Google thing and let them take over 100% of my company's email. Fuck no. Also it wouldn't integrate with our internal systems, store, transactional emails, bounce processing, etc.

2. Have my employees' official business email addresses end in @gmail.com. Obviously no. (Maybe @aol.com though.)

3. Use "Sender Rewriting Scheme" to have dnalounge.com rewrite customer@example.com to customer%example.com@dnalounge.com before forwarding it to dna_employee@gmail.com, which is insane, but also will cause any forwarded spam to be tallied against dnalounge.com and Google will just stop delivering them. At some point, Google's "best practices for forwarding" document specifically dis-recommended SRS.

4. Find some other third-party email provider that still offers the POP3-download service that Gmail used to, and tell my staff, "Great news everybody! You have to switch from Gmail to Hotmail now."

So the only options that I think I have left are:

5. Self-host IMAP.
   1. Every employee gets their own IMAP account, hosted on my own server.
   2. They can add that account to the Gmail mobile app or whatever, as a second IMAP account that is not Gmail. Which is apparently still supported. For now.
   3. My server is now responsible for storing all of their messages, including all of their spam. It is a vast amount of data. I will have to implement quotas.
   4. My employees will be wasting a bunch of time trying to find and delete emails with the same giant attachment in each of the 30 messages in the same thread, and if they don't, mail to them will bounce.
   5. "I can't find that old email any more" is a conversation that we will be having all the time.
   6. My employees will be receiving way more spam, since Gmail's spam filtering is (presumably?) still more effective than what I can accomplish with some stock set of spamassassin rules.

6. Walk North until I reach the nearest fjord, board an ice floe, lie down, and wait for my bones to turn to dust. The ocean will sequester my carbon. I hope this email does not find you.

Do I have other options?

In summary, everything is terrible.

Previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/12/today-in-google-broke-email-2/feed/ 196 https://www.jwz.org/blog/2025/12/under-attack-please-stand-by-2/ https://www.jwz.org/blog/2025/12/under-attack-please-stand-by-2/#comments Fri, 12 Dec 2025 15:26:16 +0000 https://jwz.org/b/yk0T Since yesterday my server has again been getting absolutely obliterated by AI scrapers. This time, though, load is below 1, but I'm getting up to 10 requests a second and all of my Apache workers are in state "R". "apachectl restart" fixes it... for a while. And fail2ban is banning IPs full-tilt.

What levers do I have to pull on this? E.g. maybe it would be sensible to drop connections if they stay in "R" for more than a couple seconds?

This 12 year old post suggests some sysctl.conf changes, but I have no idea whether those suggestions are sensible today. My current settings for those are the defaults:

net.ipv4.tcp_fin_timeout = 60 net.ipv4.ip_local_port_range = 32768 60999 net.core.somaxconn = 4096 net.core.netdev_max_backlog = 1000

In httpd.conf, some vhosts have "Timeout 240" because I really do have some CGIs that take that long to run, and you can't make exceptions on a per-URL basis.

I have reqtimeout_module loaded, with the default settings, which I believe are:

handshake=0 header=20-40,MinRate=500 body=20,MinRate=500

Previously, previously.]]> https://cdn.jwz.org/blog/2025/12/under-attack-please-stand-by-2/feed/ 96 https://www.jwz.org/blog/2025/12/today-in-email-hegemony-2/ https://www.jwz.org/blog/2025/12/today-in-email-hegemony-2/#comments Tue, 09 Dec 2025 03:05:22 +0000 https://jwz.org/b/yk0O Here are the 2025 top ten domains from orders placed on the DNA Lounge store. Remember this the next time someone uses email as an example of a federation success story.

73.0%	gmail.com
8.5%	yahoo.com
7.1%	icloud.com
2.6%	hotmail.com
0.7%	outlook.com
0.6%	aol.com
0.5%	comcast.net
0.5%	me.com
0.4%	sbcglobal.net
0.3%	live.com
5.8%	everything else

Previously, previously.]]> https://cdn.jwz.org/blog/2025/12/today-in-email-hegemony-2/feed/ 101 https://www.jwz.org/blog/2025/10/exterminate-all-rational-ai-scrapers-redux-redux/ https://www.jwz.org/blog/2025/10/exterminate-all-rational-ai-scrapers-redux-redux/#comments Thu, 23 Oct 2025 03:11:44 +0000 https://jwz.org/b/ykwy infinite-nonsense honeypot to poison LLM scrapers.

Today, it comprises 69% of my total URLs served. (Nice.)

Normally it feeds junk after a few seconds delay, but in "high-load mode" it bans IPs for 30 days instead. High-load mode is entered when the free-worker count is low, and ends when it has been calm for 15 minutes.

This month it has been in high-load mode 50% of the time: 15 out of 30 days of traffic.

Previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/10/exterminate-all-rational-ai-scrapers-redux-redux/feed/ 39 https://www.jwz.org/blog/2025/10/soma-nature-walk-challenge/ https://www.jwz.org/blog/2025/10/soma-nature-walk-challenge/#comments Fri, 10 Oct 2025 00:13:20 +0000 https://jwz.org/b/ykwR Difficulty level: extreme.

Previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/10/soma-nature-walk-challenge/feed/ 7 https://www.jwz.org/blog/2025/09/today-in-ticketbastard/ https://www.jwz.org/blog/2025/09/today-in-ticketbastard/#comments Fri, 26 Sep 2025 19:32:01 +0000 https://jwz.org/b/ykv3 The SIM Farm Hardware Seized by the Secret Service Is Also Popular With Ticket Scalpers:

The technology used, which can be seen clearly in photos released by the Secret Service, are regularly used by SMS scammers, spammers, and marketers, yes, but the tech is also extremely widely used by ticket scalpers seeking to create lots of Ticketmaster accounts with which to buy tickets. [...]

Like many "anti-scalping" and anti-fraud measures taken by Ticketmaster, relatively recent updates that require SMS verification to create a new Ticketmaster account and immediately before buying tickets hasn't actually stopped scalping. Instead, it has created a new underground market for tools that make SMS authentication at bulk easier. By adding this barrier to entry, Ticketmaster has ensured that normal fans have one single attempt to buy tickets, while motivated ticket scalpers with specialized tech can have many attempts at buying tickets. [...]

"Proxies" and real SIM cards that can receive SMS messages have become critical to the ticket scalping industry. The way ticket scalping works now is that big time brokers will create many (hundreds or thousands) of unique Ticketmaster accounts, each associated with their own phone number.

Previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/09/today-in-ticketbastard/feed/ 12 https://www.jwz.org/blog/2025/08/algorithmic-sabotage-research-group/ https://www.jwz.org/blog/2025/08/algorithmic-sabotage-research-group/#comments Mon, 11 Aug 2025 19:14:14 +0000 https://jwz.org/b/yks4 I mean WTF, WTAF? The rest of this Internet Web Site has extreme "ALL ARE ONE IN TIME CUBE" energy, but this is a good list of tools:

Sabot in the Age of AI:

The list catalogues strategically offensive methodologies and purposefully orchestrated tactics intended to facilitate (algorithmic) sabotage, including the deliberate disruption of structures and processes, as well as the targeted poisoning and corruption of data within the operational workflows of artificial intelligence (AI) systems. Each approach delineated herein has been meticulously designed to systematically subvert the integrity of training pipelines, derail data acquisition procedures, and fundamentally undermine the foundational pillars that uphold the efficacy, reliability, and functionality of AI-driven frameworks.

Table 1: Offensive Methods and Strategic Approaches for Facilitating (Algorithmic) Sabotage, Framework Disruption, and Intentional Data Poisoning

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/08/algorithmic-sabotage-research-group/feed/ 16 https://www.jwz.org/blog/2025/08/the-mothership-vortex/ https://www.jwz.org/blog/2025/08/the-mothership-vortex/#comments Mon, 04 Aug 2025 23:37:10 +0000 https://jwz.org/b/ykse hypothesized that all Democratic Senators are using the same text-spam contractor, and wondered whether there was some way to block the entire network. This resulted in many, many replies from people incorrecting me and each other with their zero-information theories.

Well, I was right. They are all using the same contractor. But the reality is even more horrible than you probably imagined.

I hesitate to link to someone who doesn't have the good sense to stop holding court in the Nazi Bar (Substack is the Nazi Bar) but here we are:

To understand Mothership's central role, one must understand its origins. The firm was founded in 2014 by senior alumni of the Democratic Congressional Campaign Committee (DCCC): its former digital director, Greg Berlin, and deputy digital director, Charles Starnes. During their tenure at the DCCC, they helped pioneer the fundraising model that now dominates Democratic inboxes -- a high-volume strategy that relies on emotionally charged, often hyperbolic appeals to compel immediate donations. This model, sometimes called "churn and burn," prioritizes short-term revenue over long-term donor relationships. [...]

The core defense of these aggressive fundraising tactics rests on a single claim: they are brutally effective. The FEC data proves this is a fallacy. An examination of the money flowing through the Mothership network reveals a system designed not for political impact, but for enriching the consultants who operate it. [...]

After subtracting these massive operational costs -- the payments to Mothership, the fees for texting services, the cost of digital ads and list rentals -- the final sum delivered to candidates and committees is vanishingly small. My analysis of the network's FEC disbursements reveals that, at most, $11 million of the $678 million raised from individuals has made its way to candidates, campaigns, or the national party committees.

But here's the number that should end all debate:

This represents a fundraising efficiency rate of just 1.6 percent.

Previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/08/the-mothership-vortex/feed/ 69 https://www.jwz.org/blog/2025/07/i-have-glitchpegged-the-ai-bots/ https://www.jwz.org/blog/2025/07/i-have-glitchpegged-the-ai-bots/#comments Fri, 11 Jul 2025 23:32:32 +0000 https://jwz.org/b/ykrG Just a little fuzz testing for them. Absolutely free of charge.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Top ten user agents:

8984 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0 5459 Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36 4092 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 2437 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0 490 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 284 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0 Unique/97.7.7286.70 281 Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) AvastSecureBrowser/5.3.1 Mobile/15E148 Version/17.0 Safari/605.1.15 280 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Agency/98.8.8175.80 265 Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/120.0.2210.86 Version/17.0 Mobile/15E148 Safari/604.1 263 Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1 OPX/2.1.0

Previously, previously.]]> https://cdn.jwz.org/blog/2025/06/under-attack-please-stand-by/feed/ 194 https://www.jwz.org/blog/2025/06/null-slash-null/ https://www.jwz.org/blog/2025/06/null-slash-null/#comments Mon, 16 Jun 2025 06:58:51 +0000 https://jwz.org/b/ykpc "/null" on the end, and this just makes me so, so sad. I deserve a better class of attacker.

Previously, previously.]]> https://cdn.jwz.org/blog/2025/06/null-slash-null/feed/ 11 https://www.jwz.org/blog/2025/06/exterminate-all-rational-ai-scrapers-redux/ https://www.jwz.org/blog/2025/06/exterminate-all-rational-ai-scrapers-redux/#comments Wed, 11 Jun 2025 09:13:20 +0000 https://jwz.org/b/ykpL infinite-nonsense honeypot to poison LLM scrapers.

Today, it comprises 25% of my total URLs served.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/06/exterminate-all-rational-ai-scrapers-redux/feed/ 35 https://www.jwz.org/blog/2025/05/spamassassin-3/ https://www.jwz.org/blog/2025/05/spamassassin-3/#comments Mon, 19 May 2025 17:16:12 +0000 https://jwz.org/b/ykoI Previously, previously.]]> https://cdn.jwz.org/blog/2025/05/spamassassin-3/feed/ 11 https://www.jwz.org/blog/2025/05/rewrites-and-error-logs/ https://www.jwz.org/blog/2025/05/rewrites-and-error-logs/#comments Tue, 06 May 2025 20:54:04 +0000 https://jwz.org/b/yknN Dear Lazyweb,

How do I do an Apache rewrite but also have it show up in error_log? E.g. the following has the side effect that it is not logged, making it unavailable to fail2ban:

RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^.*$ - [GONE,LAST]

Previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/05/rewrites-and-error-logs/feed/ 11 https://www.jwz.org/blog/2025/05/user-agent-blocking/ https://www.jwz.org/blog/2025/05/user-agent-blocking/#comments Tue, 06 May 2025 20:41:45 +0000 https://jwz.org/b/yknL

What is your strategy for blocking user agents that are attempting to impersonate browsers?

There are many, many botnets out there sending implausibly old user-agent strings. Now, I'm just an unfrozen caveman, your modern protocols confuse and frighten me. But there's one thing I do know: if I were trying to be stealthy, I would be forging up-to-date UAs.

But, they don't.

I have a long list of UAs that are obviously and 100% illegitimate. Disregard those. It's the UAs that are somewhat plausible that I am asking about.

I'm currently blocking Chrome < 2023, Firefox < 2017, Windows < 2013, macOS < 2013.

If you are here to tell me that:

• People can change their user agent strings;
• Blocking user agents is wrong and bad;
• It is important to cater to the kinks of Vintage Microsoft Windows Retrocomputing Enthusiasts;
• Poor people have old phones, you Imperialist Monster;
• You know what you ought to do, let some third party Clown service MiTM all of your traffic;
• Anything that starts with "Well Actually";

please understand that your opinion has already been noted and will be given all due consideration.

Previously, previously, previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/05/user-agent-blocking/feed/ 54 https://www.jwz.org/blog/2025/03/opendmarc-redux/ https://www.jwz.org/blog/2025/03/opendmarc-redux/#comments Wed, 26 Mar 2025 16:51:02 +0000 https://jwz.org/b/yklC yesterday's post asking questions about using OpenDMARC with Postfix got, basically, crickets, I am led to the conclusion: nobody uses OpenDMARC with Postfix.

So let me ask instead:

• Is your Postfix configured to reject mail from outsiders pretending to be you?
• Is your Postfix configured to reject messages that fail DMARC?
• If so how?

However, OpenDMARC seems to be doing just crazy nonsense. Can anyone explain to me how to actually debug it? E.g.:

• What IgnoreHosts and TrustedAuthservIDs match against. Be specific.
• Why those are not just using postfix mynetworks instead.
• Why "opendmarc -t" is ignoring my HistoryFile option and writing nothing.
• Why -vvvvv doesn't seem to make it print anything more.
• WTAF I'm supposed to make of: "opendmarc: /tmp/a: mlfi_envfrom() returned SMFIS_ACCEPT. Exit 70."
• How IgnoreAuthenticatedClients works. How does it know they are authenticated?

I have an example of a spammer mailing me with my address in the from field and opendmarc seems to think it's just fine.

Previously, previously.]]> https://cdn.jwz.org/blog/2025/03/opendmarc/feed/ 5 https://www.jwz.org/blog/2025/03/dmarc-and-spf/ https://www.jwz.org/blog/2025/03/dmarc-and-spf/#comments Sun, 23 Mar 2025 18:21:46 +0000 https://jwz.org/b/ykk8 Then I noticed that one of them was received from gmail, so their mail probably works fine so long as they only mail gmail users. But another was via Yahoo, so that doesn't track.

Previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/03/dmarc-and-spf/feed/ 173 https://www.jwz.org/blog/2025/03/spam-pro-tip/ https://www.jwz.org/blog/2025/03/spam-pro-tip/#comments Fri, 14 Mar 2025 20:51:29 +0000 https://jwz.org/b/ykkV When a spam message gets past my shields and lands in my inbox, the first thing I do is look at the SpamAssassin headers to see if some rule fired whose priority I should bump up. Usually the answer is "Uggggghhhhhh no".

It used to be that my second step was to add another phrase to the "body" rule (recent hits include "eligible for Verified Badge", "Qatari Investor", "Construction Estimation" and "Performance E-Bike"). But that's exhausting.

These days there tend to be a lot of repeats from the same popped hosts, so I've begun shitcanning whole domains (recent hits include ru.com, co.in, sa.com, gov.bd and com.ai). And here's a fast way to do it from the shell:

/etc/postfix/sender_access: com.ai REJECT /etc/postfix/main.cf: parent_domain_matches_subdomains += smtpd_access_maps function bandomain() { sa=/etc/postfix/sender_access ( for d in $@; do printf "printf '%s\\\tREJECT Spammer\\\n' >> %s\n" $d $sa done echo postmap $sa ) | ssh mailhost sudo -S bash }

Previously, previously.]]> https://cdn.jwz.org/blog/2025/03/spam-pro-tip/feed/ 4 https://www.jwz.org/blog/2025/03/email-image-loading/ https://www.jwz.org/blog/2025/03/email-image-loading/#comments Wed, 12 Mar 2025 23:36:36 +0000 https://jwz.org/b/ykkQ If you are a recipient of either the DNA Lounge weekly mailing (that went out yesterday) or previous-ticket-buyers emails (some went out today) can you tell me if the images in those messages loaded?

And if not, can someone help me figure out what fresh hell this is?

Previously, previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/03/email-image-loading/feed/ 21 https://www.jwz.org/blog/2025/03/credit-card/ https://www.jwz.org/blog/2025/03/credit-card/#comments Tue, 11 Mar 2025 01:30:39 +0000 https://jwz.org/b/ykkE Welp, my credit card finally got popped. I think that's the first time this has happened to me! There were about $2k worth of charges over about a six week period, mostly to Blizzard, Steam, EA and some other game shit, mostly $49 each. They also tried and failed to buy cryptocurrency, which is what finally triggered a fraud alert.

Previously, previously, previously, previously.]]> https://cdn.jwz.org/blog/2025/03/credit-card/feed/ 17 https://www.jwz.org/blog/2025/02/im-clicking-a-cow-4/ https://www.jwz.org/blog/2025/02/im-clicking-a-cow-4/#comments Thu, 27 Feb 2025 20:33:36 +0000 https://jwz.org/b/ykip +1 (305) 419-4869
+1 (305) 419-4875
+1 (305) 419-4908
+1 (305) 419-5020
+1 (305) 419-5054
+1 (305) 419-5056
+1 (305) 419-5082
+1 (305) 419-5103
+1 (305) 419-5104
+1 (305) 419-5152
+1 (305) 419-5233
+1 (305) 419-5291
+1 (305) 419-5373
+1 (305) 419-5399
+1 (305) 419-5417
+1 (305) 419-7933
+1 (305) 419-7934
+1 (305) 419-7936
+1 (305) 419-7939
+1 (305) 419-7941
+1 (305) 419-7953
+1 (305) 419-7954
+1 (305) 419-7958
+1 (305) 419-7964
+1 (305) 419-7974
+1 (305) 419-7975
+1 (305) 419-7976
+1 (305) 419-7980
+1 (305) 419-7986
+1 (305) 419-8214
+1 (305) 419-8215
+1 (305) 419-8221
+1 (305) 419-8305
+1 (305) 419-8327
+1 (305) 419-8459
+1 (305) 419-8464
+1 (305) 419-8468
+1 (305) 419-8472
+1 (305) 419-8494
+1 (305) 419-8504
+1 (305) 419-8510
+1 (305) 419-8515
+1 (305) 419-8523
+1 (305) 419-8528
+1 (305) 419-8529
+1 (305) 419-8534
+1 (305) 419-8547
+1 (305) 419-8552

+1 (312) 680-0021
+1 (312) 680-0870
+1 (312) 680-1004
+1 (312) 680-7357
+1 (312) 680-7491
+1 (312) 680-7821
+1 (312) 680-7832
+1 (312) 680-8451
+1 (312) 680-8471
+1 (312) 680-8529
+1 (312) 680-8635
+1 (312) 680-8719
+1 (312) 680-8724
+1 (312) 680-8741
+1 (312) 680-8798
+1 (312) 680-8814
+1 (312) 680-8815
+1 (312) 680-8818
+1 (312) 680-8819

+1 (312) 820-0956
+1 (312) 820-0957
+1 (312) 820-2014
+1 (312) 820-2015
+1 (312) 820-2016
+1 (312) 820-2315
+1 (312) 820-2316
+1 (312) 820-3781
+1 (312) 820-3782
+1 (312) 820-3850
+1 (312) 820-3851
+1 (312) 820-3854
+1 (312) 820-3855
+1 (312) 820-3874
+1 (312) 820-3875
+1 (312) 820-3876
+1 (312) 820-5047
+1 (312) 820-5048
+1 (312) 820-6955
+1 (312) 820-6956
+1 (312) 820-6957

+1 (332) 238-0978
+1 (332) 238-0980
+1 (332) 238-0982
+1 (332) 238-1138
+1 (332) 238-1144
+1 (332) 238-1189
+1 (332) 238-1196
+1 (332) 238-1956
+1 (332) 238-2033
+1 (332) 238-2162
+1 (332) 238-2163
+1 (332) 238-2164
+1 (332) 238-2615
+1 (332) 238-2617
+1 (332) 238-3195
+1 (332) 238-4169
+1 (332) 238-4176
+1 (332) 238-4199

+1 (469) 517-4440
+1 (469) 517-4443
+1 (469) 517-4445
+1 (469) 517-4462
+1 (469) 517-4464
+1 (469) 517-4465
+1 (469) 517-4467
+1 (469) 517-4473
+1 (469) 517-4474
+1 (469) 517-4478
+1 (469) 517-4479
+1 (469) 517-4480
+1 (469) 517-4482
+1 (469) 517-4483
+1 (469) 517-4484
+1 (469) 517-4485
+1 (469) 517-4486
+1 (469) 517-4487
+1 (469) 517-4489
+1 (469) 517-4490
+1 (469) 517-4491
+1 (469) 517-4492
+1 (469) 517-4494
+1 (469) 517-4495
+1 (469) 517-4497
+1 (469) 517-4498
+1 (469) 517-4499
+1 (469) 517-4551
+1 (469) 517-4553
+1 (469) 517-4556
+1 (469) 517-4558
+1 (469) 517-4560
+1 (469) 517-4564
+1 (469) 517-4565
+1 (469) 517-4566
+1 (469) 517-4569
+1 (469) 517-4570
+1 (469) 517-4572
+1 (469) 517-4574
+1 (469) 517-4575
+1 (469) 517-4577
+1 (469) 517-4579
+1 (469) 517-4580
+1 (469) 517-4581
+1 (469) 517-4582
+1 (469) 517-4583
+1 (469) 517-4584
+1 (469) 517-4585
+1 (469) 517-4586

+1 (520) 675-1563
+1 (520) 675-2158
+1 (520) 675-3721
+1 (520) 675-4510
+1 (520) 675-7629
+1 (520) 675-7656
+1 (520) 675-7676
+1 (520) 675-7692
+1 (520) 675-7711
+1 (520) 675-7736
+1 (520) 675-7743
+1 (520) 675-7764
+1 (520) 675-7770
+1 (520) 675-7813
+1 (520) 675-7859
+1 (520) 675-7873

+1 (520) 679-1607
+1 (520) 679-1632
+1 (520) 679-1769
+1 (520) 679-1811
+1 (520) 679-1907

+1 (520) 680-3737
+1 (520) 680-3855
+1 (520) 680-3861
+1 (520) 680-3938

+1 (520) 681-0076
+1 (520) 681-0570
+1 (520) 681-0623
+1 (520) 681-0666
+1 (520) 681-0787
+1 (520) 681-0923
+1 (520) 681-0954

+1 (520) 683-3599
+1 (520) 683-3615
+1 (520) 683-3627
+1 (520) 683-3722
+1 (520) 683-3724

+1 (520) 688-2143
+1 (520) 688-4451
+1 (520) 688-4499
+1 (520) 688-4510
+1 (520) 688-4719
+1 (520) 688-4742
+1 (520) 688-4824

+1 (763) 301-5068
+1 (763) 301-5412
+1 (763) 301-5706
+1 (763) 301-5790
+1 (763) 301-7309
+1 (763) 301-8815
+1 (763) 301-8847
+1 (763) 301-8962

+1 (763) 307-7054
+1 (763) 307-7260
+1 (763) 307-7392
+1 (763) 307-7398
+1 (763) 307-7426
+1 (763) 307-7458
+1 (763) 307-7460
+1 (763) 307-7618
+1 (763) 307-7668
+1 (763) 307-7669

+1 (763) 309-2313
+1 (763) 309-2376
+1 (763) 309-2391
+1 (763) 309-2603
+1 (763) 309-2637
+1 (763) 309-3212
+1 (763) 309-3363
+1 (763) 309-3634
+1 (763) 309-3924
+1 (763) 309-4874
+1 (763) 309-4932
+1 (763) 309-4970
+1 (763) 309-6343
+1 (763) 309-7109
+1 (763) 309-7612
+1 (763) 309-8123
+1 (763) 309-8124
+1 (763) 309-8135
+1 (763) 309-8154

+1 (768) 301-5376
+1 (768) 301-5387
+1 (768) 301-5706

+1 (768) 307-7011
+1 (768) 307-7425
+1 (768) 307-7618
+1 (768) 307-7668

+1 (768) 309-2436
+1 (768) 309-2581
+1 (768) 309-2603
+1 (768) 309-2637
+1 (768) 309-3356
+1 (768) 309-3363
+1 (768) 309-3534
+1 (768) 309-3545
+1 (768) 309-3923
+1 (768) 309-3924
+1 (768) 309-5422
+1 (768) 309-7824

+1 (804) 602-7511
+1 (804) 602-7521
+1 (804) 602-7538
+1 (804) 602-7551
+1 (804) 602-7560
+1 (804) 602-7563
+1 (804) 602-7568
+1 (804) 602-7569
+1 (804) 602-7574
+1 (804) 602-7580
+1 (804) 602-7581
+1 (804) 602-7590
+1 (804) 602-7605
+1 (804) 602-7622
+1 (804) 602-7623
+1 (804) 602-7631
+1 (804) 602-7637
+1 (804) 602-7638
+1 (804) 602-7645
+1 (804) 602-7654
+1 (804) 602-7664
+1 (804) 602-7677
+1 (804) 602-7679
+1 (804) 602-7680
+1 (804) 602-7687
+1 (804) 602-7696
+1 (804) 602-7702
+1 (804) 602-7708
+1 (804) 602-7715
+1 (804) 602-7716
+1 (804) 602-7720
+1 (804) 602-7724
+1 (804) 602-7735
+1 (804) 602-7746
+1 (804) 602-7748
+1 (804) 602-7761
+1 (804) 602-7762
+1 (804) 602-7767
+1 (804) 602-7772
+1 (804) 602-7773
+1 (804) 602-7779
+1 (804) 602-7781
+1 (804) 602-7782
+1 (804) 602-7792
+1 (804) 602-7793
+1 (804) 602-7794
+1 (804) 602-7798
+1 (804) 602-7803
+1 (804) 602-7826

+1 (860) 743-7798
+1 (860) 743-7815
+1 (860) 743-7818
+1 (860) 743-7822
+1 (860) 743-7827
+1 (860) 743-7836
+1 (860) 743-7837
+1 (860) 743-7845
+1 (860) 743-7846
+1 (860) 743-7857
+1 (860) 743-7862
+1 (860) 743-7865
+1 (860) 743-7871
+1 (860) 743-7884
+1 (860) 743-7890
+1 (860) 743-7896
+1 (860) 743-7907
+1 (860) 743-7911
+1 (860) 743-7913
+1 (860) 743-7918
+1 (860) 743-7919
+1 (860) 743-7932
+1 (860) 743-7933
+1 (860) 743-7934
+1 (860) 743-7935
+1 (860) 743-7936
+1 (860) 743-7940
+1 (860) 743-7942
+1 (860) 743-7946
+1 (860) 743-7956
+1 (860) 743-7960
+1 (860) 743-7968
+1 (860) 743-7983
+1 (860) 743-7985
+1 (860) 743-7988
+1 (860) 743-8005
+1 (860) 743-8016
+1 (860) 743-8019
+1 (860) 743-8031
+1 (860) 743-8035
+1 (860) 743-8047
+1 (860) 743-8048
+1 (860) 743-8051
+1 (860) 743-8052
+1 (860) 743-8054
+1 (860) 743-8056
+1 (860) 743-8059
+1 (860) 743-8078

+1 (872) 204-2215
+1 (872) 204-2294
+1 (872) 204-2385
+1 (872) 204-2550
+1 (872) 204-2561
+1 (872) 204-2731
+1 (872) 204-2736
+1 (872) 204-2741
+1 (872) 204-2763
+1 (872) 204-2768
+1 (872) 204-2785

+1 (872) 210-5006
+1 (872) 210-5039
+1 (872) 210-5041
+1 (872) 210-5068
+1 (872) 210-5074
+1 (872) 210-5077
+1 (872) 210-5091
+1 (872) 210-5092
+1 (872) 210-5139
+1 (872) 210-5255
+1 (872) 210-5291
+1 (872) 210-5298
+1 (872) 210-5301
+1 (872) 210-5305
+1 (872) 210-5306
+1 (872) 210-5341

+1 (872) 213-7080
+1 (872) 213-7191
+1 (872) 213-7208

+1 (872) 215-9241
+1 (872) 215-9242
+1 (872) 215-9353
+1 (872) 215-9474
+1 (872) 215-9516
+1 (872) 215-9639
+1 (872) 215-9646
+1 (872) 215-9653
+1 (872) 215-9654
+1 (872) 215-9655
+1 (872) 215-9672
+1 (872) 215-9681
+1 (872) 215-9687
+1 (872) 215-9688
+1 (872) 215-9698
+1 (872) 215-9703
For no reason at all, here are some phone numbers.

Left as an exercise to the reader:

1. Identify the owner of these numbers;
2. Generate a list of all the other numbers they own;
3. Figure out how to bulk import numbers into the Messages.app blocklist without clicking "plus" for each one.

Previously, previously.]]> https://cdn.jwz.org/blog/2025/02/im-clicking-a-cow-4/feed/ 50 https://www.jwz.org/blog/2025/02/im-clicking-a-cow-3/ https://www.jwz.org/blog/2025/02/im-clicking-a-cow-3/#comments Sat, 08 Feb 2025 20:00:55 +0000 https://jwz.org/b/ykhf Dear Lazyweb,

I think this is impossible, but I'll ask again anyway:

What I have:

An iOS 15.8.3 Shortcut Automation that does:

• When I get a message containing 'stop2end'
• Send 'STOP' to 'Sender'

What I want it to also do:

• Block caller 'Sender'
• Delete this conversation

Part 2:

How this currently works is, the message comes in, and the "Shortcut" banner notification pops up. If I do not click on that banner and then click 'Run' within 5 seconds, it just goes away forever and there is no way to tell it to re-fire.

This is not what I consider to be "automation". I want it to just run.

Doing all of this automation from Messages.app on macOS 14.7 would also be acceptable, but I suspect that would be even harder.

Previously.]]> https://cdn.jwz.org/blog/2025/02/im-clicking-a-cow-3/feed/ 10