So I’m going through my inbox to my personal email account and find this gem…

Hi, my name is Monica Calderon. I am writing you to personally ask you to vote for my husband, Richard Calderon, for Sheriff of Santa Clara County.

Richard will partner with public schools in addressing crime in your community, and enhancing public safety in a variety of ways. We need a Sheriff who has more to offer than 12 years of law enforcement bureaucracy. My husband has a successful career of working with educational, law enforcement community and business leaders. Through community work he has developed youth crime prevention programs with schools. Richard is well known for his work in structuring programs aimed at keeping children of the street and out of trouble.

As a police officer and sergeant, Richard worked closely with many community groups to prevent gangs from victimizing the community. He taught himself how to speak Vietnamese to be the most effective investigator of serious crime. Richard taught at multiple law enforcement academies throughout the state of California for 29 years. He trained law enforcement personnel on gangs and their subculture, cultural diversity, racial profiling and ethics. Richard worked 30 years for the San Jose Police Department and retired as a Captain in 2008. In 2009, Richard worked as the City of Gustine Chief of Police. As Chief, he was the chair of the Merced County Police Chief’s and Sheriff’s Association.

Richard touches the hearts of troubled youth by serving as their mentor. Many elected officials and organizations have endorsed Richard because they know he is a true leader and he works directly with community members and groups. This is what Mayor Chuck Reed said about Richard:

“I believe Richard has the experience and commitment to lead our County as we address regional law enforcement issues. He has worked hard in the past in his role with the Mayor’s Gang Prevention Task Force and he has shown his desire to reach out in the community to engage with community members and groups county-wide. We need his leadership moving forward.”

Twelve years ago I voted for the incumbent because she was a woman. I, like many others, believed she would live up to the expectations of the voters and community. She has not. Her tenure has been one of missed opportunities and unfulfilled promises. It’s time to bring back accountability, principles and integrity to the Sheriff’s office. Our elected officials are entrusted to serve and protect the public they represent. We the people deserve a Sheriff who is worthy of that honor and privilege. I ask you now to join me and countless other women supporters to vote for Richard for Sheriff of Santa Clara County.

Monica Calderon

So let’s start out with the obvious… I live in Paulding County (Georgia) on the other side of the country and have been a registered voter since 2007 when I bought my house. I haven’t been a registered voter in Santa Clara County (California) since May 2004 when I moved into Contra Costa County (California) and the to Fulton County (Georgia) in July 2006. So where are they getting their information? If they’re getting it from the Santa Clara County voter registration then they’re being given data that’s half a decade old and making no attempts to verify it. If they’re searching the internet for people listed in Santa Clara County they fail equally hard in their data collection. Worse off is that this into the only Santa Clara County campaign spam (and use it falls under every definition of spam I know of) I’ve received this year and even last election round in ’08.

So, I’m encouraging anyone who is in Santa Clara County to vote against Richard Calderon for Sheriff and give the other guy who isn’t out spamming people your vote! Let’s educate them that spam isn’t the right way to reach their constituents and even then they need to verify the data the receive before sending it out.

There are so many methods out there to try and curb the amount of spam out there but never seems to be enough adoption of them. I try my best to implement what I can as I’ve fallen victim of several “joe jobs” in the past. As a result of that I looked at Sender Policy Framework (SPF) before it got introduced into the IETF track and became spf2.0/mfrom,pra. I’m still running my spf1 classic records and it has helped a bit, but I wonder just how many servers really bother to check and honor the policies published.

Likewise, recently I’ve taken the time to implement DomainKeys and DKIM on our servers. On our newest domain which hasn’t even been put to use yet so there are no email addresses in the wild I’ve actually been working to set the policy stating all emails will be signed. As I maintain the only legitimate servers that should be sending email out with the domain it shouldn’t be a problem and should hopefully limit the use of it for phishing and spam.

Another tool in the aresenal that has helped considerably has be greylisting. It’s simple, it works with existing protocols and I’m surprised more sites don’t use it. So you incur a small delay in email delivery time but it eliminates untold amounts of spam just by simply delaying the inevitable. For the longest time greylisting and SPF were more than enough to help keep my inboxes clean of most spam although I still dealt with a handful or so.

The other tools I’ve found invaluable but some consider controversial is use of DNS RBLs. While not all RBLs are created equal there are some very good ones out there that have reputable organizations behind them. I do limit the number of RBLs I check but the ones I check eliminate a fair amount of the spam that once made it through to my mailbox. The composite RBLs are even nicer as they cover more with a single query which helps speed up performance when you have multiple RBLs along with DK, DKIM and SPF all making DNS queries as well.

A good metric that things were working for me was when I had it down to less than a handful of spam messages getting through to my inbox a day. I then updated one of my forwarded email addresses on a server that had no RBLs in use to my regular mailbox address. Within 24 hours the number of spam messages that had gotten through numbered in the hundreds. I worked quickly to get that address using the same blacklists as my main mail servers and the volume of spam nearly disappeared.

Bottom line is with existing technologies it’s easy to curb the spam if more mail servers made use of them. When we can finally get authoritative authentication with the messages being delivered that will help even more. Although sadly as it’s already shown all too well, as the technologies advance to reduce the spam the spammers themselves have evolved to get around them.

Never a slow day when you’re wearing the postmaster/abuse hat but it comes with the job.