google SPF bounces

Google’s gmail MX is doing the right thing by enforcing SPF rules, but the wrong thing by sending bounces (backscatter) to the address that those SPF rules indicate is forged.

I got the following message from the google mailer daemon (addresses obscured, of course, but xxx@xxxxxxxx.com does list google’s mail domains in its MX DNS records):
Continue reading “google SPF bounces”

SourceForge.net Marketplace spam

It came with the header:

Subject: Turn your skills into cash at SourceForge.net Marketplace

At the very least it was annoying bacn, but it’s really spam.

In May 2007 there was an invitation to register interest in SourceForge’s new Marketplace product. I declined. Evidently sourceforge (or at least the Marketplace product manager) was disappointed in the uptake among developers, and started an opt-out bacn campaign, consisting of sending the same message to developers every few months telling them to check out the new service.

Well, bacn is one thing, but the most annoying thing was the obfuscated unsubscription procedure. The relevant sentence being:

… if you would prefer not
to receive information about SourceForge.net Marketplace, please update your
communication preferences by visiting the Profile Center.

When these emails were sent, there was no text “Profile Center” on the SourceForge marketplace page. There have been some frustrated bug reports as a result.

So it turns out that the “Profile Center” text in the original email (which was small, light grey on white, and had no decorations differentiating it from the surrounding paragraph) was an indirect link (via click.marketplace.sourceforge.net) to the Profile Center. The Profile Center leads to the Subscription Center, where

If you wish to unsubscribe from ALL publications
from SourceForge.net Team, check the box and click the update button
below.

Except that it’s not “ALL publications from [the] SourceForge.net Team”, it’s just the spam from Marketplace.