Personal & Sillycon Valley Biz & Spam12 Aug 2008 10:29 am

Word has already gotten out — in no small part due to my screwing up on LinkedIn — so I might as well post about it: August 1 was my last day at Habeas, and August 11 was my first day at Responsys. (The official announcement will be coming soon, so act surprised please!)

I will be serving in the role of Director of Privacy and Industry Relations. This is similar to what I was doing at Habeas, so all of those folks with whom I have interacted in the industry will probably see me doing all the same sorts of things, just wearing a different brand of hat.

To some of my colleagues at Habeas, my departure came as something of a surprise. I actually gave two weeks notice, but Des asked me to keep my impending departure confidential until my last day so as to not add further confusion or speculation to the internal office atmosphere during the pre-merger due diligence phase. So I had to forgo the lavish, tearful going-away party that I’m certain would have otherwise been scheduled. ;-)

While I am very much looking forward to my new opportunity, I do have some regret that I won’t be around to share in the excitement and adventure of merging Habeas and Return Path. I have known many of the folks at RP for many years and they’re a good group of people. I’m sorry I won’t have the chance to work directly with them — and to continue working with all of the great folks at Habeas. However, over at Responsys, we will still be travelling in all of the same circles and I look forward to seeing some of you at various industry events, conferences, etc., going forward.


Sillycon Valley Biz & Spam12 Aug 2008 09:52 am

As some folks know, August 1 was my last day at Habeas. I told a number of folks that the “other shoe” would be dropping soon, and indeed today it was announced (and discussed here and here): Habeas will be acquired by Return Path in a deal to be closed by the end of this month.

I’ve had a number of folks reach out to ask for insights, juicy details, etc. Having watched Habeas for many years, and having spent the last year working there as the company approached this crossroads, I have a unique perspective.

First and foremost, I think this acquisition is the best outcome for as many of the smart and hard-working employees of Habeas as possible. Some stakeholders are getting the fuzzy end of the lollipop, but that’s to be expected. My biggest concern has always been for the employees, and it looks like the Return Path acquisition will preserve a lot of jobs.

Generally, I think the choice to enter into this acquisition makes sense for Habeas. But “makes sense” doesn’t mean that it was inevitable. Habeas did not have to be in the position it found itself in.

I’ll refrain from airing the dirty laundry of where I think Habeas *could* have been had the executive team made some different choices at some critical moments. Suffice to say that I’ve made my peace with “what might have been” and once it was clear that those new directions weren’t going to be pursued, I did my best to pitch in and row towards the destination chosen by the glorious leader. ;-)

I’m a little dismayed — but not surprised in the least — by the classless comments of some industry observers. Many of those folks have personal axes to grind, and because I too occasionally have my own axes to grind, I understand that impulse. But I try to keep the schadenfreude to a minimum, since I know that the karmic boomerang is a real bitch. Others? Not so much, apparently.

A mentor of mine likes to say: “The best revenge is living well.” For me, life is looking just fine, as I hope it is for my friends and colleagues at Habeas and Return Path.


Return Path buys rival junk-mail fighter Habeas –

Return Path to acquire Habeas – DM News

Behind the Habeas Fire Sale – Direct Magazine

Return Path Acquires Habeas – ClickZ

Spam22 Apr 2008 10:40 am

After years of tweaking anti-spam filters on my personal email server, I have all but banished Nigerian dictators ads for “viagkra” from my mailbox. But almost every week I find dozens of emails, allegedly from various friends and business colleagues, exhorting me to join every new social networking site under the sun.

As if the thicket of companies out there trying to build the next MySpace or Facebook weren’t annoying enough, each new venture seems to have gotten even more aggressive than the next in making its users crack open their email address book and launch invitations to everybody they got business cards from at a cocktail party in 1997.

The earliest social networking sites learned the hard way – by being blocked as spam and reviled by would-be customers as pests – that aggressive viral marketing can cause explosive growth, but can also blow up in your face.

To read more, click here.

Law & Mobile Tech & Spam26 Sep 2005 09:12 pm

It’s been a bad couple of weeks for spammers in courts around the U.S.

On September 20, an Arizona appeals court upheld a lower court decision which found that the Telephone Consumer Protection Act (TCPA) of 1991 does indeed apply to Short Message Service (SMS) spam sent to mobile phones.

The case, Joffe v. Acacia Mortgage Corp., is another victory for Rodney Joffe, my friend and a fellow co-conspirator in

According to the AP:

Acacia argued that it had only sent a message and did not “call” Joffe, but the Court of Appeals said that was an incomplete description of what the company did when it used e-mail to indirectly connect to Joffe’s cell phone and place a text message.

“Even though Acacia used an attenuated method to dial a cell phone telephone number, it nevertheless did so,” Judge Patricia K. Norris wrote for the panel.

Then, on September 22, we learned in late word from Oklahoma that one of today’s most prolific spammers, Robert Soloway, was ordered by a federal judge to pay more than $10 Million in statutory damages and has been permanently ordered to stop his spamming ways. Failure to heed the judge’s order can result in arrest, extradition to Oklahoma, and jail for contempt of court.

Careful readers of PrivacyClue will remember that Robert Soloway recently got on my bad side by sending out the text of a column I wrote, making it appear as if I had sent the spam. As a result of the court’s injunction, if Soloway sends any more spam in violation of the CAN-SPAM Act, he’s looking at jail time.

I’m sure his Mom is so proud!

Punditry & Spam04 Aug 2005 08:10 pm

Almost exactly 6 months to the day, after flying me to New York City for an interview with John Hockenberry in the luxurious Waldorf Towers, my Dateline NBC interview about spam is airing on Friday night.

You’ll have to check your local listings. And of course, the airing is contingent on there not being any new missing girls in Aruba, no plane crashes, or other more newsworthy event.

But after some false alarms, it appears to actually be happening this time. A friend of ours called excitedly this evening to say she was standing in her kitchen and heard my voice booming from a Dateline promo on her living room television. So it’s definitely happening! Unless it doesn’t. :)

Here’s a cameraphone picture of what I saw while sitting in the hotseat!

Spam29 Jul 2005 09:58 pm

“SPAMIS.COM/.ORG/.CC/.INFO”, a/k/a Robert Soloway, has continued to send out spam containing the text of my monthly column for eSecurity Planet. It was not sent by me. It was not sent with my permission or authorization.

And please don’t send me complaints, copies of the spam, etc. I’m getting enough as it is, thanks!

In fact, looking at the spams that I have personally received (yes, the twit is spamming me with my own article…), he’s using a network of “spam zombies” — virus-infected and hacked PCs that are hijacked to relay spam. It’s a sign that this guy is a pretty sophisticated criminal. I’m sure his mother is very proud.

According to the SpamHaus “Registry of Known Spam Operations” here’s his latest info:

Mr. Robert Soloway
1200 Western Avenue
98101 Seattle
Tel: +1 (206) 226-9558 (206)223-1270

Robert Alan Soloway
SPAMIS, PO Box 1259, Seattle, WA 98111, USA
Fax: (206)260-2409 or (503)213-6416

As of Nov 6, 2004, Robert Soloway’s NIM/Newport Internet Marketing is an active corporate entity in Washington State. This corporate name was registered in WA in Dec, 2003. Soloway’s “corporation” is run out of his apartment at the Harbors Apartments in Seattle.

Washington State Dept of Revenue
State Business Records Database Detail


SEATTLE, WA 98101-2964

SEATTLE, WA 98101-0000

ACCOUNT OPENED:…………12/01/2003

Have fun!

News & Culture & Spam25 Jul 2005 10:59 pm

According to Russian news agency Interfax (reported via, notorious Russian spammer Vardan Kushnir was found beaten to death in his Moscow apartment yesterday.

It’s not exactly the sort of penalty you wish on even the most incorrigible of spammers, but there must have been something more going on here. Even in what, by many accounts, is a lawless and out-of-control Russia, it’s difficult to believe that people would be so infuriated by spams for English-language training courses (the main business of Mr. Kushnir, apparently) that they would beat someone to death. A nickel says we’ll learn later that there was some Russian mob connection… just you watch.

Thank goodness that I live in America, where the morons who have been blaming me for spamming them this past week (which, of course, I didn’t!!!), are content to simply send whiny emails.

Miscellany & Spam20 Jul 2005 09:28 am

Spammers at “SPAMIS.COM/.ORG” have been sending out an email message containing the text of an article I wrote. It was not sent by me; it was not sent with my permission or authorization. Complaints have been filed; it’s not necessary to complain to me… I’m not happy about this either.

Update: I’m told that the spam may have originated from Robert Soloway, a spammer who recently lost a court battle to Microsoft. The folks at have some more info about Robert Soloway. All I know for certain is that the spam originated at a cable-modem connection by Shaw Cable.

PS: To whoever felt the need to leave me that ranty voicemail at my office, you need to switch to decaf, man…

Malware & Spam18 Jul 2005 02:41 pm

Pulling together two of my recent blog postings, my monthly article for eSecurity Planet discusses recent moves by Microsoft that raise some significant questions about their efforts to promote trustworthiness and authentication in computing.

Punditry & Spam23 Jun 2005 03:07 pm

I was quoted in today’s CNet article about Microsoft’s deployment of Sender ID.

I’ve been working on email authentication issues for many years, including helping to develop a technology that Microsoft was once a beta-tester of. That technology, called Trusted Sender, turned out to be tremendously effective, which must be why Microsoft torpedoed it in favor or their lame “Caller ID for Email” scheme, which morphed into Sender ID.

Lest you think my complaints are just sour grapes, I’ll just say this. I’m not the only one who thinks Sender ID is a bad idea, and that Microsoft’s tactics in this space have been counter productive. I also note that we revoked the patent applications on our Trusted Sender technology and publicly released the standard for anyone to use.

Parenthetically, Sender ID has largely been pushed by the Exchange team at Microsoft, a group of well-meaning engineers who have, unfortunately, designed one of the most dysfunctional email infrastructure technologies to ever be foisted on the world. Not only is Exchange a resource pig, but it is designed to thumb its nose at many critical email standards. For example, it commits a cardinal sin: it rearranges and occasionally even rewrites email headers. For those who aren’t steeped in email technology, just understand that fiddling with headers is like randomly changing numbers on your tax return… there’s just no telling how it’ll screw things up.

But the larger issue is that during the course of my many years of work on email authentication issues, I have constantly watched Microsoft attempt to bully and coerce the world into adopting its myopic view of email authentication. Microsoft started out its involvement in the authentication space by attempting to organize a consortium of companies that would collaborate on a common standard, but Microsoft insisted that the standard be patented and owned by the collaborating companies.

This would have assured that they, as the only real enterprise software company in their hand-selected consortium, would have had the corner on the market. Seeing through the ruse, few of the participants wanted anything to do with Microsoft’s vision of how to control email. So Microsoft was on its own.

In considering which of the various authentication schemes Microsoft could actually support, they seem to have decided to crib from Meng Wong’s “Sender Policy Framework” (SPF), only they instead chose to make it even more cumbersome and obtuse. At one point SPF and Microsoft’s original “Caller ID” proposal were merged into what became known as Sender ID. Unfortunately SPF has its own problems, most of which are unhelped, and in some cases exacerbated, by the combination with Caller ID.

The current morass that is the email authentication debate is too long and convoluted to detail here. Suffice to say, the world still isn’t very close to a workable standard. My gut reaction to the Microsoft move is that they’ll make this big announcement, find out that tons of legitimate email is getting marked as spam, and have to make drastic modifications to the plan. Of course they’ll never admit that it was a mess, claim it’s all working beautifully despite any evidence that they realized their screw up, and continue to obstruct real progress in the space.

Next Page »