The US Federal Trade Commission is building a database of spam emails to help it “pursue law enforcement actions against people who send deceptive email”.

Whatever the pros and cons of the actual CAN-SPAM legislation, this can only be a good thing.

If you want to help out, you can use an AppleScript posted on macOSXHints which makes reporting the spam you receive easier.

It will forward selected spam emails to the FTC. The MacOSXHints tip includes the script itself and some instructions for its use.spam, applescript, mail.app, apple mail, FTC, CAN-SPAM

SpamSieve has been updated.

Apple Mail users will experience greater accuracy as SpamSieve gets smarter in general about spammer tricks and as a particular bug affecting accuracy in Mail.app has been corrected.

In addition, the new version features better analysis of attachments, improved phishing detection and faster execution of spam training commands in Tiger and Jaguar.

SpamSieve is available from the developer’s web site and is shareware (USD 25).spamsieve, spam, phishing, mail.app, apple mail, plugins

A tasty assortment of links on the recent security excitment, which also affects Mail.app.

Well-done

Secunia rates the Safari vulnerability as “extremely critical”, a rating the company gives when “successful exploitation does not normally require any interaction and exploits are in the wild.” Secunia is a provider of IT-security services.

Anti-virus company Intego has analysed the Leap-A (“Oompa-Loompa”) Trojan horse. After exhaustive testing, the company reported that “the best protection against this Trojan horse and its variants is Intego VirusBarrier X4″. CEO Laurent Marteau says, “it is clear that antivirus software on a Macintosh computer is as essential as wearing a seat belt in a car”.

Medium

ZDNet Australia carries an interview with Paul Ducklin, Sophos’ Asia-Pacific head of technology. ” “There is not a clear and present danger like there is with Windows but the same risks apply”, he says.

Eric Bangeman on Ars Technica thinks that “the malware may be less destructive, more difficult to find, and less prevalent than on other platforms. But it’s there, and it’s not going to go away.”

Medium-rare

At Wired, Leander Kahney is keeping his cool: “These Mac security holes are a storm in a teacup,” he says.

The Daring Fireball puts it all in perspective. John Gruber writes: “It boils down to this: you can’t safely double-click files from untrusted sources, and you never could. This is no different today on Mac OS X 10.4 than it was a decade ago on Mac OS 8 and 9.”

Stephan Schwab is also fairly relaxed: “Of course this unwanted interference is annoying and it’s far better to let the user decide when to execute something, but it’s not a security threat of any magnitude.”Trojan horse, exploits, virus, mac OS X, security, apple, safari, scripts

On MacWorld Joe Kissell provides a list of 34 software tweaks that will speed up your Mac.

Mail.app gets a speed bump from reducing the size of your mailboxes, spring-cleaning the Previous Recipients list, reducing the frequency of mail-checks and by adjusting your IMAP settings.

iCal gets faster if you weed out old appointments and events.

You might also want to try rebuilding Mail.app’s database, which worked a treat for me.mail.app, apple mail, ical, mailboxes, IMAP, previous recipients, mail-check, tips, envelope index

The New York Times has posted an article on how email is affecting university teacher/student relations in US universities.

It’s not all good.

A Maths professor at the University of Cailfornia, Davis received the following:

“Should I buy a binder or a subject notebook? Since I’m a freshman, I’m not sure how to shop for school supplies. Would you let me know your recommendations? Thank you!”

Some faculty feel pressured by emails, as if they are on call all the time. Others feel that the easy access offered by email diminishes students’ respect.

Read the whole article if you dare.

[Via The Good Reverend ]email, students, professors, university, boundaries, the delete button

Heise Online has a report outlining how the shell script execution flaw in Safari also applies to Mail.app.

Both apps will execute scripts without asking permission in certain circumstances.

As the report explains:

It suffices to disguise a script with the ending “jpg” and assign the Terminal application for opening it. If this script is then sent in the AppleDouble format as an attachment, the information is passed along so that the recipient’s system also opens it with the Terminal.

Apple Mail displays the attachment with a JPG file symbol, but when users click on it, the script executes within Terminal without further prompting. This has been tested on Apple Mail 2 and Mac OS X 10.4. Older versions display a warning.

You can experience the flaw for yourself. The Heise Online site provides an example email which demonstrates the problem. It arrives with what looks like a JPG attachment. Clicking on the JPG file executes a harmless script in Terminal containing the command /bin/ls -al.

It’s in German, but enter your email address in the text box on this page and click the button marked “Anfordern”. Then click on the link in the confirmation email and an example is on its way to you.

An immediate fix is to move Terminal into a different folder. The general fix, of course, is never to open attachments in emails that you are unsure about.

Thunderbird, the article points out, doesn’t fall for this trick.security flaw, scripts, terminal, mail.app, apple mail, attachments, AppleDouble, bugs

Here’s an interesting thing that I stumbled across tonight by pressing the wrong key.

In Mail.app hitting the Escape key pops up an autocomplete dialog.

Arrow down to the word you want, hit Return or Tab, and you have saved your fingers a few keystrokes.

This works in TextEdit, ecto and Yojimbo as well, but not in BBEdit, Mellel or Safari. There will be some obvious pattern here that I haven’t worked out yet.autocomplete, escape key, mail.app, apple mail, productivity