Preventing email spoofing

Been getting a bunch of targeted phishing emails recently. They’re pretending to be my domain registrar, saying that payment is overdue and they’re going to delete my domain permanently. I’ve received similar things before, but this one of the more convincing and aggressive attempts I’ve seen.

This reminded me about a task on my backlog of TODOs, sorting out my domain’s SPF and DKIM. Both are email authentication methods designed to detect forged sender addresses in emails, a.k.a. email spoofing. SPF + DKIM won’t prevent inbound phishing emails, but they do help prevent my own domain from being spoofed in shady outbound emails.

I’d forgotten to add a SPF record so sorted that out. I made sure to add include values for both my email provider and my web host since the web host is responsible for sending things such as password reset emails from the CMS. Unfortunately, my email host Gandi doesn’t support DKIM. 🙁 So that’s a non-starter.

I’ve been considering switching to Proton though, and happily they offer SPF, DKIM, and DMARC. Maybe I’ll make the switch a bigger priority. Gandi has mentioned that they’re working on implementing DKIM though, so maybe I’ll just check back later this year

Eventually I’ll look in to a DMARC policy, but that’s going to come a little later.

A few links that may be useful:

Some background and selected projects

I’ve just added a Work & Background page to this site that provides a bit more context for what I do and some selected projects. It’s a WIP, there are some thumbnails I would like to swap out and I’m sure the text will need tweaking. Nice to have a version up at any rate.

I’m really hoping to explore a few new-to-me bits of tech in the near future, particularly related to our books index. SB has been doing some very cool experiments with that recently.

Seviyan kheer, or spiced rice noodle pudding

We made some vermicelli (rice noodles) for dinner the other day and came across a recipe for seviyan kheer on the packet. I’d never heard of it. Since we had leftover noodles and wanted something sweet, I gave it a try following this seviyan kheer recipe on vegrecipesofindia.com. Differences: I omitted the almonds and rose petals, used oat milk, and fried the leftover, chopped-up cooked noodles instead of broken raw noodles. It was really tasty! A lot like rice pudding, but better IMO.

Pelican, Penguin, The Happy Reader

The folks at Penguin Random House have been sending some particularly strong e-newsletters recently using the system Sam and I created a little while back. Links below.

Some excellent, specific podcast episodes

I often don’t end up listening to podcasts that are recommended to me. It’s a real shame. I think it’s sometimes hard to know where to start, to find a way in. The next time I get a recommendation, I’ll ask if there’s a specific episode I should try.

Along those lines, here’s a list of a few particular episodes I like. These are in date order, most recent first. Might add more at some point.


Risky Business #535, 20.03.19 — Stop giving Cloudflare money

I’m very interested in information security but definitely an amateur, so most Risky Business episodes go a bit (or entirely) over my head. This episode with host Patrick Gray (AU) and guest Alex Stamos (US) is accessible for less infosec-aware people though. It’s heavy, but very worthy of a listen for anyone influenced by the internet (i.e. everyone).

The major topic is the Christchurch, NZ shootings on the Al Noor Mosque and Linwood Islamic Centre where 50 people were killed and 50 more injured by a white supremacist. They focus on the web’s role in the rise of white supremacist communities and propaganda, and what could be done about it. Cloudflare is highlighted as a particularly irresponsible and unsupportable service provider due to the company’s response following the attack. They have refused to pull their services from 8chan, a website that facilitates the spread of white supremacist ideology and the site where the attacker announced his intentions.

Stamos tries to present the difficulties that companies and law enforcement face. Gray understandably gets pretty heated during the discussion, I think initially interpreting Stamos’s comments as an excuse for the inaction of companies like Cloudflare (though I don’t think they were). Ultimately though they seemed to be in agreement. Towards the end of their discussion, around 40:51, Stamos summarises: “We’re going to have to start to treat white nationalists like the Islamic State was treated. To the point that if you’re on 8chan and you’re talking about an attack, you’re actually feeling that there’s some kind of risk, that somebody’s gonna bust your door down. That’s where we got to with the Islamic State. […] We’ve got to get to that same place, but [Cloudflare and other organisations] can make that hard for non-US law enforcement.” He is saying that white nationalist groups need to be classified as potential terrorist organisations so that there is a legal framework forcing companies to adopt stronger policies instead of just hoping they’ll do the right thing. It’s a very good point.

– – –

BBC Earth Podcast 27.12.18 — Hide and Seek

I’ve never finished an episode of BBC Earth… but that’s why I like it. It’s the perfect podcast to fall asleep to if you’re having trouble drifting off. Interesting – but not *too* riveting – facts and stories about nature told by presenter/producer Emily Knight and guests. And great jungle sounds. I’ve put this particular episode on here because I really liked the wildlife calls while they were explaining how to track tigers. Can’t really say much about what happened after that though, I was asleep.

– – –

Darknet Diaries #27, 01.12.18 — Chartbreakers

The tagline for Darknet Diaries is “True stories from the dark side of the Internet”. This episode is a little different, investigating something ongoing rather than covering something that has already occurred. Host Jack Rhysider tries to figure out why shady podcasts with zero reviews or subscribers regularly climb the Top Charts on Apple Podcasts. In doing so, he finds out that it involves dubious promotional activity, and it isn’t just the little guys doing it. He also finds out this isn’t a web-only problem, that a similar thing has happened multiple times with the New York Times Bestsellers list and could still be happening. It’s yet another wakeup call that we should be suspicious of algorithms, particularly those that are meant to be infallibly meritocratic. Rhysider ends the episode by saying that he hopes his listeners recommend the podcast to their friends since he puts no faith in likes or reviews. It made me think about how much I like receiving recommendations from people I care about, and kind of became the catalyst for this list.

– – –

Roderick on the Line #300, 13.08.18 — The Airplane Doesn’t Care

One of Merlin Mann and John Roderick’s weekly Skype calls. Their conversations go all over the place, this one is no different. They always touch a bit on philosophy and mental health, but it’s more prominent in this episode due to a then-recent event. On Saturday 11.08.18, 29-year-old Richard Russell stole an empty turboprop from SeaTac airport, performed difficult stunts with basically no training, and then committed suicide by deliberately crashing in to a small island in Puget Sound (more here). One of those things that made me laugh and cry.

– – –

Syntax #29, 24.01.18 — Hosting & Servers

Wes Bos and Scott Tolinski dive in to hosting. It’s a great primer on a lot of the options out there at the moment, even if you consider yourself relatively familiar with these things. It’s all about the way they walk through it, from Squarespace to Docker, including personal experiences, pitfalls, and use cases.

– – –

Ear Hustle #2, 28.06.17 — Misguided Loyalty

Ear Hustle, stories of life inside prison, is presented by visual artist Nigel Poor and former San Quentin inmate Earlonne Woods. I had no idea which Ear Hustle episode to choose, every one is a jewel. This early episode is about gangs; the pressure, the violence, and the repercussions.

– – –

Adam Buxton Podcast #37 and #38, 06.04.17 — Brian Eno

Adam Buxton having a chat in two parts with Brian Eno. Not much more to say.

“These things I believe”

Might be at a turning point in my career. A lot of my friends are expressing similar feelings. I think it has something to do with working for nearly 10 years.

This frame of mind has made me really interested in manifestos. Not anything strident really, more purpose-driven lists that can help guide everyday decision-making. Here are a few manifesto-y links I’ve identified with recently.

  • These things I believe from “Not the user’s fault”. I think this is Jono Xia’s blog from when he was part of the Mozilla Labs team. I’ve tried to find him elsewhere on the web but haven’t found him anywhere so far. He raises some really good points about software design and development.
  • The Recurse Center’s Social Rules. Such a good, concise set of guidelines for public discourse. “No well-actually’s, no feigned surprise, no backseat driving, no subtle -isms”.
  • Immaculate Heart College Art Department Rules. Also available as a free tear-away poster at the Corita Kent: Power Up exhibition (8 Feb – 12 May 2019) at the House of Illustration.
  • GitLab’s Remote Manifesto. SB and I try to implement a lot of this, though we’re definitely not strict enough about it! We also strive to work this way with clients and collaborators, even those that live in London. Face-to-face IRL meetings are great, but it can be tough to squeeze them in when it takes an hour to get anywhere in this city.
  • Daniel Eatock’s manifesto, particularly “propose honesty as a solution”. See also the Scratching the Surface episode with Daniel Eatock from last September. Off the back of the Corita Kent exhibition, SB and I were talking about the lack of irony and cynicism in her work, about how refreshing that feels even though a lot of it is from over 50 years ago. He mentioned this podcast episode, that Eatock touches on this topic in relation to his kids, how kids just don’t perceive irony. I need to have a listen.

I’ll try to add more here as I come across them. Who knows, maybe I’ll add my own some day.