Spam: recognition

Two things:

1. I know this is spam
2. I know the kind of folks who this is targeted at

Anyway, a lot of folks have asked me “how do I know if something is dodgy?” It can be a difficult question to answer as a lot of IT “things” are intuitive, it’s obvious. But end users (friends too) don’t want to hear that, they want to know what they can look out for.

Sometimes it’s easy, sometimes end users (and friends) visit dodgy sites, downloading toolbars on they way. Here’s a tip, if a web-site opens a pop-up window and offers you a great new search toolbar, ignore it, click on the red close icon in the top left of the pop-up (or, better still, shut the machine down). The same goes for anything that offers to rid your machine of adware, spyware or other such nasties: it’s very likely that your machine was relatively free from such things…until you click “yes, please scan my computer for adware, etc.”

I’m working on a rather lengthy article/blog posting that covers my suggested security tips, but to keep my writer’s block from setting it, I thought I’d push this out now.

Here’s a typical example of a dodgy e-mail…my comments are in bold italic…they should be enough to get you started.

Return-path: < rmoore> there’s a space after the ‘moore’ and before the ‘r’
Received: from by mailstore
for id 1E7Big-0000Uk-Lm;
Mon, 22 Aug 2005 12:48:06 +0000
Received: from [] (
by with esmtp id 1E7Big-0000Uk-Lm
for ; Mon, 22 Aug 2005 12:48:06 +0000
Received: from [] (
by with esmtp id 1E7Big-0002rC-Ik
for ; Mon, 22 Aug 2005 12:48:06 +0000
Received: from [] ( no space
by with smtp (Exim 4.52)
id 1E7Big-00087e-RE
for ; Mon, 22 Aug 2005 13:48:07 +0100
From: “Director Moore”
Subject: Congratulations: Vernus Millionaire Lotto winner !!! Sounds like a famous name UK-based gambling group…
Mime-Version: 1.0
Content-Type: text/plain; charset=”iso-8859-1″
Date: Mon, 22 Aug 2005 14:48:09
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname –
X-AntiAbuse: Original Domain –
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain –



Good day,

This is Mrs Rita Moore the Director of vernus Millionaire Lotto in the NETHERLANDS. Vernus Millionaire Lotto is an independent lotto

Suddenly, vernus is lower-case, previously it was sentence-case
Surely The Netherlands?

organization in the Netherlands that is conducting several online lotto programs on the internet. However,we wish to congratulate you

it’s organisation here in Europe, thank you

over your success in our computer balloting sweepstake held on 20th August,2005 in which your email address attached to ticket number
LNT456780909893 and drew the lucky numbers 4-10-12-55-25-87,batch number 4978/NL and consequently won the lottery in the 1st category.
This is a millennium scientific computer game in which email addresses were used and it is a promotional program aimed at encouraging
internet users;so you do not need to buy a ticket to enter for our online lotto program. Note that this program was largely promoted
and sponsored by a group of philanthropist, industrialists from the internet ware industry and some other big multinational firms who
wish to be anonymous. Therefore,you have been approved for a lump sum amount of U.S

Throughout this e-mail, there is no space after each comma: there should be! If this was legit, the use of language would be spot on.

$1million dollars credited as Bond into your security file LOTTERY REF NUMBER Amt/nt/423275/01 with our security agent. This amount
is from the total prize money of $15,800,000 shared among the seventeen international winners in categories C with serial number:
This email is not one of those numerous lotto email scams you might have received in the past which always require you to sign out a
blank cheque or give out your bank information in order to perpetrate their illicit lotto scams.

The give-away. If you believe this, please cut up your credit cards now!

Please note that this winning is very
real and legitimate and your exercising good faith in this our lottery program will enable us remit your winning funds to you in your
preferred mode of payment without any further delay. Therefore,to confirm the legitimacy of our lottery program, the below website is

The Dutch speak and write better English than some of us…

one of the websites we are running over the internet concerning our lottery programs in the Netherlands.

However,to begin your claim,being non-netherlands resident or citizen,you are required within two days to officially notarize your

uh oh, you want me to go to The Netherlands in person? Surely you’ll just bash me over the head with a baseball bat, take my passport, my Euros, my cards, etc. and leave me with nothing but a sore head?

winning claim at the Dutch Court of Justice in the Netherlands to sign the Release Order and the clearance papers that will enable the
paying Creft Consulting Agency release your winning funds to you. But in case you cannot come to the Netherlands within the stipulated
two days,do inform your claim officer to make proper arrangement regarding your claim notarization. Once your claim is fully notarized
and a copy of the Notary receipt from the court is forwarded to us,we will provide you with your Award winning Certificate. Please for
more information concerning the claim of your winning funds,we advise you to forward a confirmation email to your claim officer at the
paying Creft Consulting Agency and as well follow their claim instructions. Below is the contact details of your claim officer:


Wot, no street name and postal district?

TELEPHONE: +31-622851045
EMAIL: – hang on, a consulting agency, I think not!

Conclusively,vernus Millionaire Lotto is not a scam organization therefore this mail should not be treated as a scam scheme or be
taken for granted,we are backed up by the appropriate lottery law in the Netherlands and only the successful winners in this our
online lotto program receive this congratulation mail and because you won that is why this mail is being directed to you.

That’ll be right. Not a scam, not to be treated as a scam scheme…yeah yeah. Pull the other one, it has got bells on.

Remember that all prize money must be claimed not later than 7 working days. After the last day, all funds will be returned as unclaimed.
Congratulations once again from our team of staff and thank you for being part of our promotional program.

Rita Moore
(Lottery Coordinator)

This mail was sended with unregistered version of Zmei Mail Sender.Visit for free download of Zmei Mail

“Sended” – wrong tense, another giveaway!

Unregistered? What? A huge commercial lottery outfit like this? Surely they would have their own domain and their own e-mail software. More evidence.


If you receive an e-mail with any of these characteristics, I suggest you delete it without so much as a second glance (I take no responsibility if you delete a legit lottery winning notification!)

Better still, I can recommend a program that can weed out such spam and prevent it from getting into your mailbox in the first place: check out MailWasher Pro. It “sits ahead” of your e-mail client (application) and uses known databases of spam to intelligently mark incoming e-mail as either legit or possible spam: it’s a boon if you’re still on dial-up.

Technorati Tags: , , ,

Back in business again…

My old 40gb IBM Deskstar hard drive finally gave up the ghost on Sunday. It had been threatening to do so for a while now – even a low-level format earlier this year failed to map out the bad bits that caused it to make the kind of noises hard drives shouldn’t. I can’t say I’m all that bothered by its loss, it was slow, had a small capacity by today’s standards and it ran like a boiler (so much so, I could afford to keep my radiator turned off).

So, being the prepared kind of guy I am (more about preparation in later posting), I had the replacement hard drive arrive on the Friday before the Sunday. I’m sure there’s some prophecy to take into account here, but no, for real, I knew it was going to happen so the new drive was all ready to be installed. It’s a nice 250gb Maxtor Diamondmax 10 with 16MB cache – boy is it fast. Considering most drives have 2mb or 8mb caches, this drive should fly. And it’s really quiet too.

Anyway, the purpose of this post was to mention an RSS feed reader for Outlook: I’ve moved away from TheBat, largely for performance problems, and also because I’ve got way too much e-mail to manage so I figured a clean start in a new e-mail client would help. And I can synchronise Outlook’s schedule with my PocketPC, which is good – I need to get even more organised.

The RSS reader is intraVnews. It integrates with Outlook, so any blogs or RSS feeds that you read regularly appear in the same format as Outlook’s e-mails. First impressions are very favourable. Previously I used RSS Reader, then RSS Bandit, then Omea – none of which “floated my boat”. Omea suffered from performance issues. RSS Reader was a bit of a memory hog. RSS Bandit was fine, and I’ll be revisiting it soon. If I choose to stick with intraVnews I’ll write a fuller commentary here.

DeveloperDeveloperDeveloper 2

I’m pleased to report that after no marketing whatsoever (apart from blogging and word of mouth), registrations for DDD2 have exceeded 400. They actually exceeded 400 a few weeks ago, it’s only now that I’m getting around to blogging about it!

So, if you’ve registered to attend DDD2 (on October 22nd, Saturday) and now you’ve found something better to do (shame on you!) can you please let us know so that we can allocate your place to one of the 55 folks on the waiting list.

Here’s how you can let us know that you can’t make it:

Via msevents.

Or via ‘phone 0870 166 6680 and quote 1886.

Thanks in advance!

Joel#1: Better, Faster, Cheaper

In an earlier posting I mentioned that I had been reading Joel On Software and that I might make the odd reference to it. Well, here we go…

For me, Chapter 35 (you can read the original posting here) has something very important to say:

If it’s a core business function — do it yourself, no matter what.

Actually, that’s a succinct way of putting it: the remainder of this post merely pollutes the eloquence of Spolsky’s quote (sorry!)

Spolsky suggests that we pick our core business competencies and goals, and do those in-house. Of course, this does suggest that you’re capable of identifying your core business competencies in the first place (although I’m sure that there are plenty of consultancies who will offer to help you identify them…for a fee and a retainer). What this means, in a nutshell, is this:

1. Keep all the good stuff that you do close to you, i.e. in-house

2. All the bad stuff that you have to do in order to do the good stuff, get somebody else who is good at it to do it, i.e. outsource it or find ways to do it better, faster, cheaper (more here)

Identifying the good stuff is simple: it’s the stuff that makes you money – it’s the stuff that’s on the invoices that you send to your clients. Invoices – that’s important too: don’t classify your invoicing process as part of the bad stuff. It’s a process that should be lean, agile, flexible and very efficient. The earlier your invoice goes out, the sooner you’ll get payment in (I know this is obvious, but I’ve read about some organisations who don’t understand this concept).

The bad stuff is anything that costs you money, and it’s something that you should optimise as much as possible. If you are able to reduce the cost of the bad stuff, it’ll make the profit margin on the good stuff even sweeter. This means that you’ll have to identify bottlenecks: any process that involves a single-point-of-failure (this might be a single person being responsible for dealing with too many requests, or it might be a process that involves double or triple handling of decisions/information) is a candidate for outsourcing or optimisation (faster, better, cheaper). It’s important to recognise that outsourcing the bad stuff might not be cost-effective, e.g. don’t outsource your IT function

However, it’s also important to recognise that some of the good stuff relies on the services and knowledge from secondary functions (these functions often produce a “value add service” that augments the client offering, sometimes to the extent that the good stuff can’t take place without the value add service). Once you’ve identified these secondard “good” functions, you may wish to start doing more of them (which should equate to either more profit or more client satisfaction: both are good, but there is a trade off – you need to get the balance right).

An example
If you are a hypothetical company that specialises in building industrial weighing equipment (perhaps for weighing a lorries and trucks), that’s your primary function. Your secondary function might be developing software that incorporates some intelligence into the weighing process, it might know about a lorry’s unladen weight for example. The secondary function might also extend into the client’s own management information system, perhaps feeding it with important information that can be used to verify the lorry owner’s credit worthiness, generate an automatic invoice (I told you they were important), post to ledgers, etc. You might think that it’s not part of your primary function, but the value add from being able to integrate with the client’s system is part of the good stuff – it’s something that should be nurtured and extended.

Spolsky’s closing paragraph presents a health warning that may have more truth in it that you believe:

The only exception to this rule, I suspect, is if your own people are more incompetent than everyone else, so whenever you try to do anything in house, it’s botched up. Yes, there are plenty of places like this. If you’re in one of them, I can’t help you.

If that rings a bell with you, then I too can’t help you. Sorry.

Joel On Software

At my recommendation, a good friend and colleague purchased Joel On Software, and, after reading it himself, he lent it to me (I had, of course, received the recommendation myself via other sources, hence I didn’t have my own copy)

It’s jolly good read. I won’t review it here, but will make reference to some of its more catchy points over a series of postings.

Now that I’ve had my grubby paws on a physical copy of the book, I’m off to Amazon to place an order for my own copy!