Low-Watt Net Admins - or: why you didn't receive your license key
as all ouf our valued customers know, purchasing
from cf/x involves a rather simple process: you download a product, try it out,
and if you like it, simply purchse a registration code on-line. cf/x sends a
personalized registration key as soon as it processes the payment. the process
is rather painless, and works remarkably well. recently, however, we seem to
have encountered a curious problem.
the
past months have seen a marked increase of returned license mails. these mails
never reach their owners. rather, the ISP blocks the mail before it enters their
system, and sends back a block notification (this is how we learned about the
problem). our customers, after waiting a few days, write to enquire about the
whereabout of their keys. we answer them, only to be notified that, again, our
email was blocked. our customers become angry, and we lose reputation, and
business.
after the refusals started to
increase, we investigated what was going on. the result was as astonishing as it
was disturbing (to say the least), and it does not reflect well on the overall
ability of some ISP's 'experts'.
you
see, when you send an email, it goes though many different servers before it
reaches your inbox. at the least it goes through our outgoing mail server, into
your ISP's incoming mail server and then into your inbox. because of the
incredibly large amount of spam that circulates on the net, ISPs try to quickly
discard spam even before it reaches the inbox of their clients. but how do they
do that? there are many ways to go about this, but the most effective ones work
on the same basic principle: blacklists. you see, on the internet all emails
when sent are tagged with the sender's server address. this is just the way it
works, and a good thing, too. because if you happen to be a known spammer, your
emails can be identified quickly. if you spam, you get blacklisted, and any
email that originates from your server gets discarded. there are well-respected
external services (e.g. SpamHouse - http://www.spamhouse.org) that keep large
lists of known spam offenders.
since
this may not be enough to effectively block spam, providers usually combine
external blacklists with additional in-house rules. for example, an ISP might
set up a complaint service, where it keeps a list of all external "eddresses"
(electronic address) about which it received complaints from customers.
some ISPs go even one step further,
where they try to come up with their own rules to blocking spam. and this is
where things went wrong for us. the block notification we received sometimes
contained a link through which we were able to determine why our email was
blocked. they usually linked to a web pages that would perform an audit of our
email, and tell us why it was refused. invariably, all external checks, as well
as internal complaint blacklists would give our email address a clean bill of
health. it was always that last, ISP-specific 'special rule' check that denied
permission.
at first we where baffled.
contact with 'specialists' at these providers where inconcluseve at first (plus
the fact that some of our enquiring letters to them where also blocked didn't
help). but after a while a certain pattern emerged: some ISPs have taken to
blocking whole address ranges, and our email address fell into one of these
ranges. an address range is simple to block because internet addresses are just
numbers, and there is an inherent structure in them. by blocking a range you can
effectively block a whole segment of the world, or a certain ISP from your
servers.
we took a closer look at the
range blocked, and found out that the rule in place at these providers
effectively blocked all emails that originated from switzerland (we are located
in, and hosted from, switzerland). but why would anyone want to block all
incoming mail from here? after all, there are less than 10 million people living
here, and the amount of spam originating from here is minuscle. it took us some
time, but eventually we figured it out. one hint (one we initially did not
understand) was that one of the network administrators (whom we shall not
mention to prevent further embarrassment) told us that our range was blocked
"because of the large amount of spam" originating from
here.
we contacted our provider immediately
to find out about this. a few days later we received word that, even though
there might be some spam originating from our provider (who is, after all, the
biggest provider in switzerland), outgoing email traffic (i.e. leaving
switzerland) was almost non-existant compared to incoming, and has been like
that for the past year. again, we were
baffled.
we contacted the network
administrator again, to receive further information. after some time, we
suddenly understood what was going on. in 2005, the top 3 spam offenders by
country were USA, South Corea, and China. now, the connection isn't immediately
appearent, but it is there. in order to block all mail from a specific region,
you simply take the 'top-level domain', and look up it's address range. for
example, all addresses that end in '.xyz' are registered in the top-level domain
'xyz'. each top-level domain has a range of addresses that they can assign to
their customers. to block all traffic from a certain domain, you simply look up
it's address range, and add it to your black
list.
and this is what happened - or,
rather, what went wrong. eager to block all spam from china, this network expert
looked up the address range of the '.ch' domain, and blocked it. the problem
here is, of course, that '.ch' is not china, as he thought (but did not bother
to double-check). Rather, '.ch' stands for switzerland (the reason, of course,
being that 'CH' is the internationally accredited country signature, just as UK
is for England (United Kingdom), or USA for, well, the USA. incidentally, CH
stands for 'Confederatio Helvetica' -- which is latin for 'helvetic
confederation'. yes, switzerland is that old a country. and no, it's not
sweden. some people - e.g. Tom Clancy in his 'Sum of all fears' novel - have
trouble keeping these two countries apart. as far as stupid clichees go, we are
supposedly the 'chocolate and clocks' country, while the swedes apparently are
the 'blondes with boobs'.).
so, if you
have purchased a key from us, and never heard from us it may well be because
some rather uninformed network admin at your ISP was not as smart as he thought
he was.
Posted: Fri - October 14, 2005 at 12:05 AM