Rohit’s Blog

Yahoo provides free SMTP access to all its non yahoo.com domain email addresses. I started using the server around 6 months back. The best part was that the SMTP servers were dumb. They were acting as open message relays for anyone who had a valid Yahoo ID. So I could send an email message as support@yahoo-inc.com using the SMTP server and the Yahoo server would happily send my email message. Worse, the receievr had very few options for detecting that the email message was fake. It came from a Yahoo server and looked like a message from Yahoo customer care and so should be genuine. The reason for this (as I suspect) were Yahoo Plus accounts. They used the same SMTP servers as the free country domain Yahoo accounts. Apparently, Yahoo didn’t verify the FROM address for its paying Yahoo Plus customers and so passed the benefits to the free customers too.

The ramifications for this became apparent. Yahoo servers started sending out spam. I had no proof in the beginning but this post verified my suspicions. Spammers became aware of the golden opportunity and started abusing Yahoo servers to the fullest. This led to really tough times for the Yahoo Mail people and their PR guys as apparent from this post on Yahoo Mail Blog. Not only were the email servers overloaded, but ISPs started blocking mails from Yahoo servers which led to delayed/undelivered mails.

Now it seems that Yahoo has changed the way it routes emails through its SMTP servers. Earlier methods were quite trivial as the mail headers would have shown.

Received: from smtp104.plus.mail.re1.yahoo.com (smtp104.plus.mail.re1.yahoo.com [69.147.102.67]) by rly-ma08.mx.aol.com (v120.9) with ESMTP id MAILRELAYINMA088-8c647354bcb3bd; Sat, 10 Nov 2007 01:12:27 -0400
Received: (qmail 55018 invoked from network); 10 Nov 2007 06:12:27 -0000
Received: from unknown (HELO localhost) (myYahooID@myIPAddress with login)
by smtp104.plus.mail.re1.yahoo.com with SMTP; 10 Nov 2007 06:12:26 -0000

Gradually Yahoo started repairing its servers from the smtp11x.plus.mail.re1.yahoo.com series to smtp10x.plus.mail.re1.yahoo.com as the latter still worked for a long time without FROM address checks.

Now the mail headers are more complicated. It seems that Yahoo does some internal checks regarding whether the FROM address is valid and then only routes the emails.
Received: from n3.bullet.mail.ac4.yahoo.com (n3.bullet.mail.ac4.yahoo.com [76.13.13.29])
by mx.google.com with SMTP id d12si10680167and.24.2008.04.05.08.35.00;
Sat, 05 Apr 2008 08:35:01 -0700 (PDT)
Received-SPF: neutral (google.com: 76.13.13.29 is neither permitted nor denied by best guess record for domain of myYahooAddress) client-ip=76.13.13.29;
DomainKey-Status: good (test mode)
Authentication-Results: mx.google.com; spf=neutral (google.com: 76.13.13.29 is neither permitted nor denied by best guess record for domain of myYahooAddress) smtp.mail=myYahooAddress; domainkeys=pass (test mode) header.From=myYahooAddress
Received: from [76.13.13.26] by n3.bullet.mail.ac4.yahoo.com with NNFMP; 05 Apr 2008 07:31:40 -0000
Received: from [68.142.237.88] by t3.bullet.mail.ac4.yahoo.com with NNFMP; 05 Apr 2008 15:34:24 -0000
Received: from [216.252.111.166] by t4.bullet.re3.yahoo.com with NNFMP; 05 Apr 2008 15:34:24 -0000
Received: from [127.0.0.1] by omp101.mail.re3.yahoo.com with NNFMP; 05 Apr 2008 15:34:24 -0000
X-Yahoo-Newman-Id: 666616.8045.bm@omp101.mail.re3.yahoo.com
Received: (qmail 61052 invoked from network); 5 Apr 2008 15:34:24 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.co.in;
h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID: Date:From:User-Agent:MIME-Version:To: Subject:Content-Type:Content-Transfer-Encoding;
b=1zOo54htnYlA5Gy3kNjQQVpRD8fYyEbgwwejDXI4Jr/RZ32+QDvvwYLxJOdSkbwWyJhA3P5PfBVX+mGGYePhw3TXtmfqdVSUcu/BGnwpyONzF3umcYLylkOzLBu/URre6lF+6gdEnRPsfIE3isy25r9dfELJke0wDDwqEdCEYg= ;
Received: from unknown (HELO Why?are?spaces?replaced?by??BTW?if?you?read?this?you?are?a?G33K) (myYahooID@myIPAddress with plain)
by smtp103.plus.mail.re1.yahoo.com with SMTP; 5 Apr 2008 15:34:24 -0000

BTW I had told this to the Engineering head of Yahoo Atlanta during my internship interview here and he was surprised by this. Unfortunately I couldn’t demo this for him as Yahoo had started fixing this problem starting that day only.

I am really pressed for time in this internship interview, TA, exam, test and assignment scenario. Will post soon about something that interests me (or some new trick I learnt) soon

Spam is usually bad; ‘usually’ because it can be used for fighting crime. Confused? Here’s a novel way in which SMS spam was used to identify a criminal’s location and catch him. It’s the stuff movies are made of

So the next time you curse your service provider for yet another SMS to download a ringtone, remember that they could be actually gathering more data than it meets the eye!

So its not often that my computer is actually infected by a Worm (or Virus). But then when I got an email from an old friend about scrapping when I hadn’t done so, I was surprised. A quick and thorough scan of my PC revealed nothing.

Now I faintly remembered receiving 2 scraps (which obviously looked like Spam) from my friends and that I had deleted them promptly. Could it be a case of Cross Site Scripting? A blog article that I read today confirmed by suspicions.

Now in my previous post I had emphasized my belief that “All input is evil” and even though Google seems to do a pretty good job with Blogger, filtering out bad HTML and unwanted scripts; it has failed to do that with Orkut. Especially when it keeps adding more and more features to make the UI richer and interactive, the importance of such measures increases.

From my Computer Graphics TA

All,
Because of good performance in the course so far, you are exempted from
taking the finals and will still get an A in the course. (Of course, you
are welcome to take the exam if you enjoy finals).
Sincerely,
Sid.

Woo hoo!

At first when I saw this my reaction was ‘huh’ (can they afford to do this?). Then it was ‘wow’ it would be cool if they did that.

Finally when I found yesterday that my account had been upgraded to their RC (Release Candidate version), I couldn’t help but try sending an SMS and guess what ISDN (it still doesn’t work!).

OK, so in the last post I talked about Atlanta being a city where people travel in cars. But day before while going to college, I saw this…

Scooters!

Hmmm, so they do exist in this part of the world. The next thing I wanted to know was the name of the company who made it and guess what! It was “Hamara Bajaj”, the humble Chetak. It seems that there’s a company in Atlanta that gives them out for hire.

I have been wanting to write a post after coming to US but hadn’t got the time to do that. Now that I am in the middle of the semester, I finally got the urge to write about it. partly because there is this Labo( u )r day weekend, when I have almost nothing to do but go through my study notes. A picture that I took just now will tell, how empty the area really looks!

The first thing that struck me about this country was that it is huge. No, wait, everything is huge; buildings, roads, cars, supermarkets, vegetables, Internet connection speeds (yes Europe has more, but they are getting here with fibre-optics) - USA is the place where supersizing started.

Georgia Tech is fine, don’t ask me much about it. I have taken up a course in Computer Graphics (seems a little advanced which is good), course about GPU programming and Multi-core processor programming (cool!, but have yet to start with the fun, I mean, tough part), Software Engineering (yes, I still need to learn how we make software, Microsoft wasn’t good enough ) and High Performance Computer Architecture (similar to ACA in NSIT but more current). No heavy special projects for me yet, am trying to see how this goes and will definitely work on one next semester.

Found two of my relatives living around Atlanta, have been to their place and enjoyed it! Both have young kids and they got along with me pretty well (or did I get along with them well, dunno).

About the title, yes, you would hardly find anyone walking on the streets except perhaps in the morning when they are out for jogging or when they need to reach their car; rest of the time people drive. Now gas (petrol for Indians ) is no longer what one would call cheap here but I guess that people have become so used to driving that they cannot seem to do without it. There is a mini public transport system in Atlanta called MARTA but its so small that it would look like a toy train in front of the Delhi Metro. But then Delhi has n times the population of Atlanta and 1/n times the area of the city. So I guess that such a small train would be OK for the city, especially when half the people live miles away from the downtown area where most of the offices are. 

Oh yes, I got a new laptop. A Dell Vostro 1500 with GeForce 8400 graphics card (OK so its not a good as the 8800, but I don’t have fat pockets you know!). I got the card just for DirectX 10 support (which I learnt has a programmable graphics pipeline) and I plan to keep the laptop for a pretty long time, at least 3 years if not more.

Will stop here or my post, else it will start looking like an article. Will add more later, till then, I hope this blog will stay alive!

Last year, I arrived in Hyderabad to work for Microsoft, without even knowing what group I would be working for. I was assigned to the Education Products Group and I had no inkling about what I would be working on. Thus was my demeanour when I came here.

Now after having spent a year here, I can only marvel at what I have been through. I was involved in the development of a CTP for a V1 product, researching new ways to add value to the product and finally the release of the Windows MultiPoint SDK. What could be a more awesome start to one’s career? Not only this, I came across brilliant people, not only in my team, but in various others and admittedly learnt a lot from them (and made friends with them too )

But life has to go on… and with a deep regret I have to put this behind me for pursuing my Masters at Gatech. Let’s see what life has in store for me.

I have been an avid fan of new services offered by companies, to compare different ones and find the best to use. So for my domain I have been using Google Apps for e-mail and it has been working flawlessly. Needless to say I have been very happy with them (kudos!). Support was quite non-existent but never really had a serious issue with them.

Then Microsoft came with their Windows Live Custom Domains. Even though the package was not as good as Google, a sense of loyalty to my company drove me towards using it. Using it was a no-brainer. Sign up with your Live ID and register your domains. Since I was already happy with Google Apps, I gave it a miss. But when they introduced support for sub-domains I was more than happy to try it out and my mail.smart-techie.com is hosted on it. Not a problem with that ever, yay Microsoft. BTW their support was just great!

Now enter AOL. Famous for its terrible ways (and how it was made to make everything on its site free!). For sometime, they didn’t even have free customer support. When they came with one, it was pathetic. Now, I registered my primary domain with them for their myeAddress service expecting it… to work. Big surprise, it didn’t (actually it wasn’t that much of surprise).

Finally I found a link to contact their live customer care. Live… must be able to solve problems quickly.

Read the rest of this entry »