Home / Blogs

The Mainsleaze Blog

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Mainsleaze is nerdy slang for spam sent by large, well-known, otherwise reputable organizations. Although the volume of mainsleaze is dwarfed by the volume of spam for fake drugs, account phishes, and Nigerian 419 fraud, it causes work for mail managers far out of proportion to its volume.

The new MainSleaze blog at http://mainsleaze.spambouncer.org/, run by long time anti-spam activist Catherine Jefferson is all mainsleaze all the time, and she’s having no trouble finding plenty of examples.

The problem with mainsleaze is that it is generally mixed in with mail that the recipients asked for, and there’s no way to tell the difference mechanically. Since it is legal in the US to send spam until people tell you to stop, although it’s against the terms of service of every ISP in the country, poorly informed or ethically challenged marketers beef up their lists by buying lists or by e-pending, trying to guess the e-mail address of customers for whom they have other contact info. Or sometimes, they decide to reactivate lists of addresses so old that some of them have been abandoned and later reassigned to other people.

As a result, if a mail system filters out all the mail from a mainsleazer, they’ll get complaints from the people who signed up. If they don’t filter, they’ll get complaints from the people who didn’t. Most mainsleaze is CAN SPAM compliant, so if you tell them to stop they generally will, at least until they buy another list with your address or e-pend it from someone else.

One ray of hope is the new Canadian anti-spam law, now expected to come into force in early 2012. It requires that commercial e-mail be sent only to recipients who have asked for it, or who have a demonstrable existing relationship, that is, no mainsleaze. Any large mailing list in the US is almost certain to contain addresses that are delivered to mail servers in Canada, either of Canadians (many of whom do not have .CA addresses), or of Americans who use a mail service hosted in Canada such as Tucows’ hosted e-mail.

If a mailbox is in Canada, Canadian law applies, and the new Canadian law allows spam recipients to sue the sender, even if the sender isn’t in Canada. So mainsleazers who don’t clean up their acts are likely to be on the receiving end of some expensive lawsuits. With any luck, after a few settlements, they’ll start to get the hint.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Alas the law is so vague... Alessandro Vesely  –  Oct 21, 2011 7:44 AM

Canada is certainly different from Europe, both in the laws they make and in how they relate to the US.  However, the Canadian AntiSpam Act, as well as the European Data Protection Act in 1995, fail to specify the means of expressing consent in technical terms.

In order to mechanically tell the if a user opted in, we’d need an opt-in protocol.  Why don’t these Governmental law-making bodies set up apposite IETF working groups to work out the technical details, when it comes to to legislate about the Internet?

Laws are interpreted by people, not by software John Levine  –  Oct 21, 2011 5:05 PM

All an "opt-in protocol" would accomplish would be to add an extra level of argument in front of the judge about whether they implemented it right, whether the logs are real (you do know that spammers fake opt-in logs all the time, don't you?) and other technical trivia that distracts from the real issue of whether a recipient asked for the mail he got.

Yet, software could provide indisputable evidence Alessandro Vesely  –  Oct 23, 2011 1:17 PM

A "triple opt-in" protocol can provide for a user-trusted server, e.g. a mail server, that accepts the authenticated-user's consent, signs it, and delivers it to the list server which started the three-player handshake. The resulting evidence would be much stronger and more usable than currently accepted proofs of consent such as double opt-in logs, or hand-signed papers or taped dialogs transmitted in low resolution digital forms. Judges have to cope with current practices. Spontaneous practices don't venture into multiplayer interactions. Law-makers' product is not quite at the state of the art.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix