Lotus Notes Spam

Tags: :

Let me make a risky prediction for 2009: Spam Volume will increase next year. Wow, that was a tough one!  


Other "risky" predictions for 2009:

• - IT budgets will be static or declining in 2009
• - IT Staffers will be expected to do more work
• - More companies will apply for bailouts
• - Gasoline prices will rise
• - The cost of a Senate seat in Illinois will increase
• - Bernie Madoff will not take on any new investors in 2009
• - Some wrong facts will be posted on the internet
• - Apple will introduce a new iPod model

I probably missed a few, so add your own predictions below.

Posted by Frank Paolino At 11:13 AM Location Boston | Permalink | Comments (0) |      

Tags: :

As a Christmas wish, I will quote Charles Dickens who portrays two different sentiments of love, friendship and caring through his marvellous caricature of Scrooge.

First, as the owner of a business, I email this quote to all employees as a joke, but it is a great representation of Scrooge's miserliness:

"You'll want all day tomorrow, I suppose?'' said Scrooge. "If quite convenient, Sir.'' "It's not convenient,'' said Scrooge, "and it's not fair. If I was to stop half-a-crown for it, you'd think yourself ill-used, I 'll be bound?'' The clerk smiled faintly. "And yet,'' said Scrooge, "you don't think me ill-used, when I pay a day's wages for no work.'' The clerk observed that it was only once a year. "A poor excuse for picking a man's pocket every twenty-fifth of December!'' said Scrooge, buttoning his great-coat to the chin. "But I suppose you must have the whole day. Be here all the earlier next morning!''

Second, Scrooge's nephew sharing his joy for the Christmas season:

There are many things from which I might have derived good, by which I have not profited, I dare say,'' returned the nephew: ``Christmas among the rest. But I am sure I have always thought of Christmas time, when it has come round -- apart from the veneration due to its sacred name and origin, if anything belonging to it can be apart from that -- as a good time: a kind, forgiving, charitable, pleasant time: the only time I know of, in the long calendar of the year, when men and women seem by one consent to open their shut-up hearts freely, and to think of people below them as if they really were fellow-passengers to the grave, and not another race of creatures bound on other journeys. And therefore, uncle, though it has never put a scrap of gold or silver in my pocket, I believe that it has done me good, and will do me good; and I say, God bless it!'

Merry Christmas and Happy Holidays from all of us:

Frank
 

Allison


Nick


Chris


Dan

Anthony

Carol


Sharon


Duke

Posted by Frank Paolino At 4:15 PM Location Boston | Permalink | Comments (0) |      

Tags: : Scams

Lately, a new technique, predicted by the University of Indiana talks about gaining the trust of the recipient by putting recognized names and other familiar details into the email body. This makes the email look "genuine" and significantly increases the chance that the recipient will act on the message (the action rate increases 5 times over a "normal" Phishing scam, according to the study).

Social Phishing is a type of highly targeted "spear Phishing" attack that could be made on a few thousand people with high success rates. The University of Indiana study showed a 74% response rate. The control group has a 16% response rate. Correcting this for the typical 3% control response rate (university students are more trusting or less risk averse than the population at large), gives a success rate of about 12%, which would be very productive for the Phishers.

In the on-line world, Phishing has been very successful (for the Phishers). But users are becoming much more savvy, so they are not getting "hooked" as much. For example, the Nigerian email scam is laughably lame now. I have to believe they continue these out of habit, like a dog barking to get a bone. People recognize the fact that there is no personal information in the email. That is the main flaw with "generic" Phishing attacks.

Lotus Notes User Network Penetrated
Fast forward to today.  Take the Lotus users' various networks. Searching PlanetLotus.org, various blogs and the IBM Notes/Domino 8 Forum would enable anyone to find many names, and quickly identify the popular names based on the number of times it is mentioned. Without a lot of work, you could build a web of connections to be able to pretend to part of the network, or pretend to be referred by someone you know. (A friend of a friend).

That is how Bernie Madoff (pronounced Made-Off, which in English means "to steal") worked his Ponzi investment scheme. Trust. People trusted him because other people trusted him. That is how the "confidence" game works.

Once a network is penetrated, it will be pretty easy to get users to act on emails. Crafting an email would be easy. Even a non-Notes users could take a blog or forum posting from an individual who is frequently mentioned and use it to simulate subject matter expertise. Finishing it off with a request or other action and you have a powerful tool for fraud.


An Email "from" Volker Weber
To penetrate a community, a Social Phishing attack would start by spoofing the name most often mentioned in our Lotus Notes world. Based on PlanetLotus.org's list of Hits in the last 20 days the person most likely to be spoofed would be Volker Weber. Using his name means trust. So, I did what a Social Phisher would do and grabbed a blog posting from Volker's blog to create an example of how said Social Phisher could infiltrate a community and wreak havoc. For simplicity, I shortened it, but it can be seen in its entirety on vowe.net

I then fabricated a plausible story around the blog posting. A real attack would weave real details relating to Lotus Notes with false information or Malware links. I wrote the additions to the blog posting in red, for demonstration, but the Social Phisher would not be so kind to point out the Phishing section!

(Note: This is just a demonstration email. It was not written by Volker. You could take any Lotus Notes or Domino blog and do the same, targeting users in that space, especially those, like me, who freely post their email addresses on-line).

From: volker@vowe.net To: frank_paolino@maysoft.com Subject: Winners of the 2009 Lotus Awards Winners of the 2009 Lotus Awards by Volker Weber Best Industry Solution 1.        Winner: e-On Integration S.A. 2.        Finalist: iEnterprises 3.        Finalist: Ascendant Technology Best Lotus Energy and Environment (Green) Award 1.        Winner: KLG Systel, Ltd. 2.        Finalist: Alphalogix 3.        Finalist: Enterprise Information Management, Inc. Best Mid-Market Solution Award 1.        Winner: iEnterprises 2.        Finalist: Pavone AG 3.        Finalist: Nortel ... ... ... Congratulations to all the winners!  Click on the links to learn  more about the winners and see these excellent Lotus Notes products! Volker Find me on-line at: vowe.net (these links are the actual links and are harmless.... those in a Social Phishing Attack would not be!)

A spoofed message "from" Volker Weber in this context would be likely to be opened. And the relevant, topical nature of the email would make it widely read.

In a Social Phishing scam, the links would really be Malware such as keyboard loggers. As such, they would be very helpful in gathering all types of information such as PayPal accounts, LinkedIn logins, etc. to continue the scam.

The point is that the Social Phishers are getting a lot smarter, using

• context,
• recognition
• familiarity

to get people to read and act on the emails.


Like spam, these attacks prey on our open protocols (SMTP) and our open Lotus communities. I am not advocating any change in these community sites. PlanetLotus.org, the IBM Forum and all the Lotus Notes blogs are open, and should remain so.

But beware of emails from trusted sources. If you are not sure, reply and ask if they sent it. Do not give personal information in any link provided in an email. With all of these precautions, many of us will still fall prey to these scams.

Posted by Frank Paolino At 10:40 AM Location Boston | Permalink | Comments (0) |      

Tags: : Email Policy

A University of Michigan student disagreed with a proposed policy change concerning the length of the school week. Deciding to make her views known, she sent an email to about 400 faculty members arguing against the change. The result? Well, instead of responding to her concerns, they brought her in for disciplinary charges (and possible suspension) for sending spam.

Here is the email from Kara Spencer, representing Associated Students of Michigan State University (ASMSU) and the University Committee on Student Affairs (UCSA).

Is this spam or ham?

Date: Mon, 15 Sep 2008 From: Kara Spencer Subject: Changes to Academic Calendar The Provost has proposed changes to the Academic Calendar and Fall Welcome schedule which are slated for final approval on September 23, 2008. Faculty, administrators, and students have voiced concerns regarding the process of the proposal. As concerned students we feel that adequate time has not been given to address the multitude of issues the proposed changes raise. In discussions with members of the university community, we have discovered that many are unaware of the impending changes, or the likely repercussions, which will greatly affect both faculty and students alike. The shortening of Fall Welcome may impact the organized activities of colleges and impede the acclimation of freshmen, international, and out-of-state students to the University. The loss of instructional time due to shortening of the semester will create a burden for class schedules and syllabi that are already compressed and thereby compromise academic quality. The proposed change of shortening finals week to Wednesday-Saturday evening  raises a number of concerns: the implications of overlapping instructional days with finals week, the impact on those within the community who observe Saturday as a religious day, and the fact that even with the current schedule many students encounter multiple exams on a single day and narrowing the time frame will only increase this likelihood. Delaying the start of classes until mid-week (Wednesday has been proposed) will not deter non-academic activities of students or provide a solution to the health and safety concerns cited by the Provost's office as the chief reason for the changes. Instead, it will extend the non-academic/welcome period for students living off-campus whose move-in will still occur a week prior to classes. The inability of students to have adequate time to settle in prior to the start of classes will likely drive more students to opt for living off-campus, undermining one of the main objectives of the University…increasing retention of students in on-campus housing. We believe that an inclusive dialogue among members of the University community and a comprehensive evaluation of all available information are imperative before any proposal can be adopted. Such a review would require that the Provost's proposal not be implemented for the 2009-2010 academic year. Given the immediacy of the situation, we request that any faculty wishing to be heard on this issue contact their https://www.msu.edu/unit/acadgov/faculty/FacutlyCouncil07-08.html Faculty Council representative or the Provost's office.

So, what does the University say about respectful free speech? This is an excerpt from the president Lou Anna K. Simon's desk:

As the university’s general policy on outside speakers states, “It is the policy of Michigan State University to foster a spirit of free inquiry and to encourage the timely discussion of a wide variety of issues, provided that the views expressed are stated openly and, therefore, are subject to critical evaluation. Restraints on free inquiry should be held to that minimum which is consistent with preserving an organized society in which peaceful, democratic means for change are available.” While we may disagree with one another’s positions, as a learning community we must respect the rights of individuals to express their positions – without fear of intimidation and physical harm. http://president.msu.edu/desk/index.php?/site/upholding_the_right_to_free_speech/   (emphasis added)

And from the Academic Freedom for Students at Michigan State University, section 1.5.7:

"Regulations shall respect the free expression of ideas and shall encourage the competition of ideas from diverse perspectives ... Lawful and peaceable public demonstrations are permitted by the University and are protected by the law, without regard to the point of view being expressed. Members of the University’s community of scholars are free to organize, debate, pass resolutions, distribute leaflets, circulate petitions, picket and otherwise express themselves regarding issue of political and social interest. However, no individual or group of individuals may disrupt other campus activities or programs.   http://president.msu.edu/dissent_vs_disruption.php   (emphasis added) Also: 1.3 The University cherishes many values, modes of thought, and standards of behavior that are better taught by example, persuasion, social pressure, and rewards than by the threat of penalties. http://www.vps.msu.edu/SpLife/afr1.htm

Here is the policy statement about bulk email:
http://lct.msu.edu/guidelines-policies/bulkemail.html

Permitted uses for broad cross-University mailing. Bulk e-mailing may be used only by University offices to send communications necessary to the normal course of business and which typically require some official action be taken individually by recipients.

But the Faculty Council list is located on their website
(https://www.msu.edu/unit/acadgov/faculty/FacutlyCouncil07-08.html)

So, I can send this targeted email without a problem, but a student with direct interest in an issue cannot send it, due to the MSU email policy statement.

The email was sent to a selective group of 400 faculty (out of about 4,000 total faculty), so the selection of the recipient list was thoughtful. But, the university has a policy against sending email to more than 30 people.  This makes some sense, but it sure looks like they were hiding behind the IT policy to stop opposing opinions, not uncommon in many American universities, where the general attitude is "Free speech! (as long as I agree with what you are saying)". If Kara Spenser had sent an email to these professors trying to sell her car, she most likely would have received a copy of the email policy guidelines with a request to stop these types of emails and that would have been the end of the matter.


This selective enforcement of the email guidelines has to send a chilling message about freedom of speech to all students. Disagree with the faculty at your own risk. When any powerful group (government or an employer) pretends to support free speech but then uses its formidable power to attack those whose speech is does not agree with, that is hypocritical and, frankly, dangerous.

Posted by Frank Paolino At 11:30 AM Location Boston | Permalink | Comments (0) |      

Tags: : Lotusphere 2009 T-shirt

Make sure your language is on the t-shirt!

Here are some of the initial responses to the Notes Floats My Boat t-shirt translation. We are working to finalize this for Lotusphere 2009. If you make a suggestion that is chosen, we will give you a t-shirt at Lotusphere (or mail it if you cannot attend Lotusphere). I marked the current "best" answer in bold red, but we are still missing languages and input. So, please reply with any suggestions.

German
Notes ist mein Leben    (Notes is my life)

Ohne Notes nichts los  (Nothing happens without Notes)


Dutch
Een keer Notes, altijd Notes   (one time Notes, Notes forever)

Notes is het beste wat me ooit is overkomen   (Notes is the best thing ever happened to me)
Eenmaal notes nooit meer wat anders   (Once you have seen notes you never want something else)


French
Notes Plane pour moi   (Notes flies with me)

Notes c'est de la balle   (Notes is like a bullet)


Norwegian
Notes er nr 1 for meg   (Notes is #1 for me)


Spanish
Notes y ya!  (I only need Notes)

Notes es mi gallo  (I bet for Notes)



Russian
без Notes, я не могу жить  (I cannot live without Notes)


Chinese
Notes 讓你悠遊自在 !  (Notes floats easily, care free)
 
Notes 讓你得心應手!   (handy, in ease, smooth operation and going)
 
Notes 很酷!  (Notes is very cool)
 
Notes 很棒 !  (Notes is very great)

Posted by Frank Paolino At 10:20 AM Location Boston | Permalink | Comments (11) |      

Tags: : Lotusphere 2009

With Lotusphere 2009 coming soon, and with Lotus Notes gurus coming from many different countries, I thought this Domino video celebrating 30 different national flags would be appropriate. No, not IBM Lotus Domino, the other kind of Dominos, the fun kind (well that might be debatable).

It took 2 boys 24 working hours setting up 32,130 Dominos, representing 30 national flags.

Posted by Frank Paolino At 10:18 AM Location Boston | Permalink | Comments (2) |      

Tags: : Malware Spam

Given the imminent holiday season I was not surprised to find this in my personal Hotmail Inbox today. For those of you who have used the Hallmark service to send and receive e-cards I'm sure you'll agree that this one (almost) looks just like any other, except for the spelling mistake in the title (received is spelled recieved). Maybe you won't notice that, but I did however expect to see my name at the top of the message (it is not there):



My suspicions were confirmed in the status bar once I hovered the cursor over the link:



Needless to say I did not click the link, but you can bet your last dollar that the result would not have been a Season's Greeting card!

Posted by Nick McCann At 11:52 AM Location UK | Permalink | Comments (0) |      

Tags: :

So here is my prayer for Thanksgiving:

I want to give thanks to all the people that I associate with via the blogosphere. Like the Pilgrims and the Indians, we often come from different backgrounds. And like them, we don't always agree, but we need to find a way to get along, even when we disagree (especially when we disagree). We spend a lot of on-line time working together in all forms of groups. These groups often become polarized, and much anger and vitriol is spewed against those who are "less" enlightened than us. I love passion, and passionate arguments, even when I disagree. It is energizing to have a strong passion for what we do, otherwise why get out of bed?

Thanksgiving is an opportune time to reflect about our relationships to others. As Charles Dickens said so well in "A Christmas Carol" that it is a time to "think of people (around us) as if they really were fellow-passengers to the grave", which should give us pause to reflect on the shortness of our time here.

We are all on this planet for only 78 round trips. Some get a few more, many get a lot less. So above all, the first thing that I am (and all of us should be) thankful for is good health. Without it, all the rest really does not count for very much.

So, I would like to summon this spirit to wish everyone a Happy Thanksgiving, and hope that we can re-learn what we were taught as young children: to be nice to others. This is especially needed in the blogosphere, where anonymity and distance cloaks civility and open discourse which oftentimes provokes needless harsh words and enmity.

In that spirit of brotherhood (or should I say community), I give thanks to all the people in my life, associates, fellow workers, and fellow bloggers everywhere for the chance to spend a few moments, in person or virtually, together, enriching our shared experience here on earth.


Isn't that, after all, what the Indians and Pilgrims were doing at the first Thanksgiving in the year 1621?


"The First Thanksgiving", painting by Jean Leon Gerome Ferris (1863–1930).

Posted by Frank Paolino At 9:00 AM Location Boston | Permalink | Comments (0) |      

Tags: : Kaizen

Kaizen (改善, Japanese for "continuous improvement") is a very interesting concept. I attempt to apply Kaizen to product development at Maysoft. For me, this means going over each product feature and looking for areas for improvement.

For example, the most obvious feature that needs attention in the world of SpamSentinel and spam blocking in general is the need to continuously improve the block rate. When we released SpamSentinel in 2003, it blocked 70% of spam, and we were ecstatic. 2004 brought us to 90%. 2005 saw 95%. In 2006, we passed 98% block rate. In 2007, we hit 99%. Now, with SpamSentinel v7.6 we added some more blocking logic.


We are at 99.44% block rate, and we are working towards 100%. An external proof of success in the new version block rates comes from one customer comment that we recently received:

We are seeing significantly less mail & spam volume now that we are running 7.6. I have received many comments on how small spam reports are now. Very effective update. Lee Keener, Knoxville Utilities Board

It may not be possible to achieve 100% spam blocking, but Kaizen does not say "do not try until you are sure you will succeed". In fact, just the opposite. Try little things, every day to build up to a success. Some other sayings come to mind, which I believe support our approach: "If at first you don't succeed, try, try again". And Edison's famous "Genius is 10 percent inspiration and 90 percent perspiration" If you substitute "Kaizen" for "Genius" you get

Kaizen is 10 percent inspiration and 90 percent perspiration

which to me means that we need to think of good ideas for improvement 10% of the time and actually work on implementing these good ideas 90% of the time.

Which brings me to urgency, another concept that I believe is intimately linked with Kaizen. Improvements that are conceived need to be implemented right away, now. There needs to be a sense of urgency. If not, Kaizen loses its focus on results and moves into the category of discussion, which produces nothing except words. Tom Peters, in his Search for Excellence book talks about "A bias for action, active decision making - 'getting on with it'. I believe you cannot have improvement without action. The risk and costs of "not thinking it through" are smaller, in my experience, than the risk of "doing nothing" or "delaying until the perfect solution is conceived".


Kaizen is a great way to guide one's thinking. You can apply it to every aspect of a product design, not just product features. For example, this blog is part of my personal Kaizen to improve how we communicate with resellers and customers about SpamSentinel and Maysoft. It was right after Lotusphere 2008 was finished that I decided to download a blog template (thanks Declan Lynch) and start writing about all the things that we were doing to help stop Lotus Notes email spam. I did not really discuss blogging, I just did it, writing the first posting, titled A Successful Lotusphere. Now this blog is an important part of the product, announcing features and explaining new options, and telling a little about how we work here at Maysoft.

For me, Kaizen is fun, as every time I attempt to improve something, I learn something new. Blogging was a whole new world for me, but I learned a lot and now I really enjoy writing these blogs.


So, my overall thought on how to apply Kaizen to work is to never stop asking the question:

Posted by Frank Paolino At 8:45 AM Location Boston | Permalink | Comments (0) |      

Tags: : Business Principles

Someone asked me why I don't hire cheaper help for our support staff. You see, we only hire experienced Lotus Notes administrators or excellent Lotus Notes developers in our customer support. So I did a little bit of math on the subject of Customer Support. Having majored in Chemistry, I like equations and formulas. These equations are beautiful, in that they are simple and precise. Today, I attempt to translate some business principles related to customer support into mathematical equations to explain the three laws of customer support.

First Law of Customer Support

(Time to Completion) =

(Problem Difficulty)   (Skill Level)

Explanation: We know that (Time to Completion) is proportional to (Problem Difficulty) and inversely proportional to (Skill Level) of the problem solver.

So, the greater the skill level, the faster the problem will be resolved. The denominator, as it increases, reduces the Time to Completion element. Which brings me back to cost. Our top notch support people cost a lot more per person but they perform most jobs in a fraction of the time, so they actually cost less than mediocre talent.


Here is an area everyone likes to discuss, customer satisfaction.

Second Law of Customer Support

(Customer Satisfaction) =

( Skill Level )         (Time to Completion)

Explanation: We know that (Customer Satisfaction ) is proportional to (Skill Level) and inversely proportional to (Time to Completion).  If the time to completion approaches infinity, the (Customer Satisfaction) approaches 0. As (Time to Completion) approaches 0, then (Customer Satisfaction) approaches ∞ , meaning the customer is infinitely happy.

The greater the skill level, the greater the customer satisfaction. Otherwise stated:
Faster service (done well) = Happier Customers



Now for some advanced mathematics, with substitutions. We already saw in Law #2 that:

(Customer Satisfaction) =

( Skill Level )         (Time to Completion)

and we know from Law #1 that

(Time to Completion) =

(Problem Difficulty)   (Skill Level)

So, substituting #1 into #2 gives us:

(Customer Satisfaction) =

( Skill Level )          (Problem Difficulty)   (Skill Level)

Simplifying terms gives us our third law:

Third Law of Customer Support

(Customer Satisfaction) =

( Skill Level )  2  (Problem Difficulty)

So, Customer Satisfaction is improved with the square of the Skill Level! This means that a person who is twice as good will deliver 4 times the Customer Satisfaction!

This Third Law amplifies the importance of (Skill Level) as the single most critical factor in (Customer Satisfaction).

These Three Laws are quite simple and are the reason why all of the people who handle customer support are experienced Lotus Notes administrators or excellent Lotus Notes developers.


I know these items cannot be measured in units like weight or volume, but the Three Laws are still true, and they help explain results that many of us know empirically, and helps me justify paying a lot more for talented people to talk to our customers, who, by the way, ultimately pay all of the bills!

Posted by Frank Paolino At 9:16 AM Location Boston | Permalink | Comments (4) |