A friend once said, “Email is not IM”, and he’s right. Email is not instant, and it’s not meant to be. Email is about sending a message, large or small, from one point to another, with complete fault-tollerance. To do that, email can’t be “instantaneous”. It can’t be IM.

Sending email is often so fast, we get lulled into thinking it’s instant. And when we expect it to be that fast, and it’s not, we are frustrated when our expectations aren’t met. So let’s start by setting reasonable expectations, about how fast an email should be delivered, based on how it works.

When you send an email, it goes through your outbound SMTP server. This server receives your email, and starts to try and deliver it. Most times it’s able to connect to the recipient’s inbound SMTP server, deliver the mail, and disconnect in about a second. At that point the email is considered “delivered”, although the recipient needs to use their email client on their workstation to check if the new email has arrived. But note that I said “most times”.

The ugly truth is that email doesn’t always get  delivered on the first try. This could be due to a myriad of issues, many of which are out of the control of the your outbound SMTP server. Assuming the email didn’t get delivered on the first try, it goes back into a redelivery queue that is typically retried every few minutes over the course of 4 hours, and then once an hour over the course of 48 hours. If the email can’t be delivered after 1 hour, the sender get’s a notification, and after 48 hours, the email is returned to sender as “undeliverable”.

So think about an email that can’t get delivered on the first try. Even if only a single retry is needed, the email is delayed in it’s delivery by a few minutes. While that doesn’t sound bad, if you’re waiting for an important email, the wait can seem like hours. To make matters worse, the outbound SMTP server usually won’t dell you there’s been a delay for an hour, so you’re in the dark, wondering where the email is.

It’s aggravating, but there’s not much you can do about it. There are services that will track your email, but they are not 100% reliable, and often just provide another layer of uncertainty. They can only confirm when it got there, and not that it didn’t get there – yet.

So is there anything you can do it help your email get delivered? There are a few, and I’ll be discussing them in upcoming posts to this blog.

[Reported by electoniista.com] A Verizon digital cross connect box that directs network traffic has been damaged due to recent thunderstorms in Manhattan, cutting local landline service and affecting AT&T‘s cellular network. A Verizon spokesperson told the WSJ that technicians are working on repairing the problem, but a fix date is unknown. AT&T primarily operates its own network in New York City but can rely on others for cellular data.

Read more: http://www.electronista.com/articles/10/07/26/verizon.landlines.att.wireless.out.in.manhattan/#ixzz0vSIvfEFB

The Verizon data network suffered an outage from 4am to 8am on March 3, 2010. This outage affected random customers across the US, but did not affect all of them. Verizon officially acknowledged the outage with their Twitter posting here: http://twitter.com/VZWNetwork/status/9926483852

Note the outage only affected data users, and not phone calls themselves.

Starting at about 7:00pm EST, Google’s IMAP and POP services went offline, and are still offline as of 7:21 EST. More updates on this as they come back online. SMTP (inbound email) and their Web interface are still online and fully functional.

Update at 8:00pm EST: IMAP & POP are now online.

There are lots of suggestions out there for choosing a good password, but most are misguided. Before you choose a method, let’s examine a few password “Urban Legends”.

Knowing your Enemy

The reason we use passwords in the first place, is the issue of identity.  A computer program needs to know who you are with reasonably accuracy. So you supply your username, and then a secret password known on to only you. Hackers, trying to access your data (and there’s more of them than you can every imagine) will try and guess your username and password, and thus assume your identity. They are quick and efficient, and can cause you damages that will take years to correct.

Most hackers try and guess your password by using a Dictionary Attack, which is guessing your password by automatically trying thousands of words in a custom directionally they have created. These hacker dictionaries are full of obvious guesses, such as “password”, and “123″. They also include common names like “john” and “sally”, as well as pet names like “rex” and “fluffy”. This means if you use a password that’s the name of your spouse, or your pet, you’re an easy mark. The best way to avoid a hacker is to make your password very hard for a system like this to guess.

Please note there are other methods to hacking into your accounts on various web sites, but most of them are out of your control. You should focus on using good passwords as your best line of defense against hackers.

Should I Use Numbers in my Password?

For years, it’s been a common to advise people on using numbers in their password. After all “fluffy” may be in a hackers dictionary, but “fluffy9″ isn’t a real word, so it shouldn’t be in there – right? Sorry, but just adding a single digit to the beginning or end of a common name doesn’t buy you much. Hackers figured this out a long time ago, and now have software that will generate password guesses based using simple numbers as well. Adding a single number will only slow them down a little. Changing the password to use numbers in various places helps again, but only so much. Example: “123flu456ffy789″. Note that in a Brute Force attack, as described below, even randomly placed numbers only help a little.

How Long Should my Password Be?

Common sense tells us that the longer the password the harder it is to guess. Many web sites require a minimum length for a password, giving us the reinforced impression that longer is always better. Think again. If you’re using an easy to guess name as a password, length isn’t much protection. “ann” it just as easy to guess “edward” at twice the length. Again, it’s about making it hard for a Dictionary Attack. Mixing up letters/numbers is always preferred. Once that method is used, using a long password is better.

How Does a Hacker Guess Passwords That Aren’t Words?

If  you follow the advice in this post, you’ll be using passwords like “shj8ag7iz”; a mixture of letters and numbers. But don’t be fooled that’s good enough. Hackers can still guess your password by a Brute Force attack. Hackers will create software that will try combinations of letters and numbers, in a systematic approach to guessing your password. Assuming most passwords are at least four letters/numbers, they’ll try “aaaa”, and then”aaab”, followed by “aaac”. This technique, which takes much longer to work, is disturbingly reliable.

So What’s the Best Password Method to Choose?

Like a lock on a door, a good password will only keep out most criminals, not all. Understanding that using different passwords on each web site, and using a password that hard to guess, such as a long string of random mixed-case letters and numbers, is your first step.  Then taking the time to implement this method is your next, harder, step. Most hackers won’t bother with the time consuming Brute Force attack, so you’ll be well served by using the long string of letters/numbers. But if a hacker wants to break in, and they have the time to devote, as well  as the money and resources, be assured, they will do it. There are no perfect solutions.

A Closing Note About Using Numbers

In a Brute Force attack, using numbers  doesn’t make it much harder to crack your password. Consider that if your password is all letters, and is five characters long, there are 26^5 combinations (about 12 million) for a hacker to try. Now add in numbers into your five character password. That’s 36^5 combinations (about 60.5 million). Now that’s about five times as hard to guess, but let’s use just letters, and make the password six letters long. This gives us 26^6 (about 309 million). So, if you want to really slow down a hacker, just use a longer password of random letters, and only bother adding in numbers if it helps you remember the password.

There’s been a lot of talk these days about “security”. And while our TSA is making flying as fun as an annual physical, I’d also suggest you think about your computer and it’s lax security. I assume lax, as when I did an informal survey of friends, every single one had embarrassingly lax security tactics, and they all sheepishly knew it. All of them used the same password on most sites, if not on all. One even said they used their numeric banking PIN on other sites, stating it was “easy to remember”.

The theme was consistent. Everyone understood the need to use different passwords on different sites, and the need to make the passwords difficult to guess. The problem was as old as the debate of form vs. function. No one wanted to memorize long, unique passwords for every site. I can’t blame them, as neither do I.

My suggestion to them, as it is to you, is a compromise. Use the most unique passwords that you can easily recall at any time. Perhaps use the acronym for a favorite line in a song (“Yesterday, life was such an easy game to play” becomes “Ylwsaegtp”). Perhaps use the last few letters of your family’s first names (don’t forget pets). The method doesn’t matter as long as it looks like ransom letters/numbers and is easy for you to remember.

If you find the whole process overwhelming, there are many password tools available that take (most of) the pain out of the process. If you’re using a Mac, I’d suggest 1Password as it integrates well into browsers where we use most of our passwords, and saves lots of time in filling out forms. A tool like this will create nearly impossible to guess (and remember) passwords, and can recall them at any time. There’s even a iPhone companion to take them on the road.

In followup posts, I’ll outline a series of reasonable practices around password security, and debunk some common theories as to choosing good passwords.

As if the retailers aren’t having enough problems getting consumers to buy, many of the large retail sites were hard hit by a DoS attack on UltraDNS on Dec 23. The attack was centered on UltraDNS, and thus effected it’s customers, some of whom are large retailers like Amazon and Walmart. As the attack caused the DNS services provided by UltraDNS to stall, non-cached web access to their customers was stalled, making these web sites appear overloaded.

What’s frustrating about these attacks is that Amazon and Walmart did nothing to allow them to happen. All the security in place by these companies could not have stopped the attack, because it occurred at UltraDNS; a risk in outsourcing.

What is surprising is that UltraDNS took almost an hour to stop the attacks. DoS attacks are commonplace, and an experienced ASP should know how to fend them off; such as using large groups of automated firewall rules. Yet again, another experienced ASP shows they are unable to properly defend themselves in an attack, and therefore unable to protect their customers.

For the second time in a week, Blackberry servers have had a major outage; once on Dec 17 and then again on Dec 23. These outages happened during the business day, knocking out email service for hours, effecting millions of Blackberry users world wide.

Having been the CTO for a data center for 7 years, I can appreciate outages. They often happen to fledgeling startups, caused by rookie-mistakes, and services implemented on limited budgets. They happened to my last startup; in the beginning. Like most IT shops, we learned from out mistakes, and stabilized our servers, because when you’re running a service-based enterprise, downtime is not an option.

Clearly the IT staff at RIM seems prone to making the same mistakes over and over. Outages from their data center over the years have been numerous, and continued well beyond RIM’s startup days. Considering the iPhone is eating significant chunks of RIM’s market share, RIM can’t afford to be making any mistakes.

There has been a lot of discussion lately about Google’s new DNS service, and if it’s really any better than popular services like OpenDNS. While there are pros and cons to each, Google’s claim that they are “faster” is clearly a relative term.

Many posts claim each to be the fastest, more reliable, etc. All of the claims I have seen so far are subjective, meaning they are not made over time, from the same location, and include other important information regarding latency.

The following graphs are created from live data, gathered by PulseWise. This data is gathered every 10 minutes, from the same location, and also shows Ping RTA from a single server in Washington State. Please note this data has only begun to be collected, and needs a few weeks of collection before it provides any meaningful data. Taking too small a data sample will result in knee-jerk conclusions; just the opposite of what I am trying to do by exposing this data.

The blue area on the graph indicates the data you should be looking at, and the red line is a rolling average. This data is provided as-is, and has no warranty of any kind. This data may not even be acurate – it’s only what I am measuring. If you’d like to repost this data, please feel free, but note where you got it.

Google’s Scorecard

OpenDNS Scorecard

Sending an email is easy. Getting someone to read and act on your email is another matter. With the ease of sending email comes sloppiness; sending before thinking.

In a series of posts, I’ll outline some common mistakes people make sending emails, causing them to be ignored. By just cleaning up a few bad habits, you’ll notice people will start reading your emails. Emails are just a form of communication, and focusing on how your Reader is going to interpret your email is vital. Writing emails that focus on the reader is key. “Reader-Centered Writing” is a theme coined by Better Communications, a company that specializes in teaching business professionals to write better. If you’d like to learn more about method, contact them for information on their classes.

Good Habit #1: Always use a relevant Subject line

Emails are about communication, and having a clear and concise Subject line will get your emails opened – it’s that simple.  Think of your own Inbox. It’s filled with hundreds of emails all fighting for your attention, and all your eye really scans for are Subjects lines. Since you can’t see the Body of an email until you open it (some email readers allow for this which is often more distracting than it’s worth), the Subject is the only field that gives relevance to the email. Some people leave off the Subject line entirely. Not only does this often get the email tagged as spam, but it also gives the reader no clue as to what your email is about, allowing them to ignore it for the moment, and maybe forever.

Tip: Write your Subject line last

If you  start to send an email, and you can’t instantly think of a relivant Subject line – skip it – write the Body of the email first. Once you’ve finished the Body of the email, read it over once quickly and the correct Subject should come to mind. Ask yourself “What I am asking the Reader about?” or “What do I want the Reader to do?”.

Tip: Avoid vague Subject lines

Subject lines like “Stuff” and “Hello” don’t tell the Reader anything about your email. Subject lines like “New time for Monday meeting” or “Dinner on Saturday” will make more sense, and give the Reader a clue as to what the email is about.

In summary, use the Subject line like the title of a news article. It’s a summary of what’s enclosed, and will allow the Reader to prioritize your email in their busy day.