interface cobalt

Have you set up SPF records for your domain names yet? Even if SPF isn’t able to defeat spam completely, it is in my opinion a pretty good way of at least helping to do so.

SPF is, in case you haven’t heard about it before, meant to reject emails that claim to be sent from certain domain names without the authorization of the owners of those domain names. That is, SPF is designed to stop email spoofing.

I’ve heard that the main SPF website is a bit confusing, and that’s probably right. Here is a HOWTO that might be better at explaining the syntax of SPF, and a good place for more detailed information is the Internet Draft.

Here is the SPF record for erikisaksson.com:

v=spf1 a ptr:swip.net ~all

That SPF record allows email to be sent from erikisaksson.com and any domain under swip.net (the domain my ISP uses for e.g. their SMTP servers), while email sent from anywhere else should softfail. For all of my other domain names, I’m using the following SPF record:

v=spf1 -all

…which means that all emails sent from those domain names should fail (because I’m never sending any emails from those domain names).

For those of you who use the excellent Url Rewrite Filter, a Java Web Filter which allows you to rewrite URLs before they get to your code, here are a couple of more-or-less useful rewrite rules that I’ve created.

The first rule redirects access made through a non-preferred domain or subdomain name to the preferred one. For example, if you’re using the example.com domain name for your website, you might want to redirect http://example.com/page.jsp to http://www.example.com/page.jsp.

<rule>
 <name>Domain Name Check</name>
 <condition name="host"
  operator="notequal">www.example.com</condition>
 <!–
     Needed if using a version prior to 2.0-alpha:
     <condition name=”host”
      operator=”notequal”>www.example.com</condition>
 –>
 <from>(.*)</from>
 <to type=”redirect”>http://www.example.com/context$1</to>
</rule>

Obviously, just replace www.example.com with the domain name that you prefer, and context with the context which your webapp is deployed at, or if using the root context, remove /context altogether.

I should mention that I didn’t write the same condition twice by mistake. There seems to be a bug in UrlRewriteFilter (version 1.2) which causes such conditions to be ignored unless written twice. If somebody hasn’t filed a report on that one already, I guess I better do it. Update: Paul Tuckey, the creator of Url Rewrite Filter, emailed me to let me know that this problem has been fixed in version 2.0-alpha.

The second rule blocks access to JSPs (or anything you want) that you don’t want to be accessible by anyone, and shows the 403: Forbidden error page which you’ve configured in your web.xml file.

<rule>
 <name>JSP block</name>
 <from>^/jsp/.*$</from>
 <set type="request" name="status_code">403</set>
 <to>/jsp/sendError.jsp</to>
</rule>

Where /jsp/sendError.jsp contains the following:

<%
 response.sendError(Integer.parseInt(
  (String)request.getAttribute("status_code")));
%>

Note that you could use any status code you want; if you want to give the user a 404: Not Found error, just write 404 instead of 403 in the rule configuration.

Now, what’s the best RegExp to find out whether a given user-agent is from a cell phone? Hmm.

While spending some time in the lovely public transportation system, I played a bit with mReader which I had installed on my cell phone (Sony Ericsson T630). mReader is a J2ME RSS reader created by Mark Allanson.

It really worked quite well. Having added a feed from Wired News, I could read through the summaries of their latest articles. Hey, it’s probably more interesting than reading one of the free newspapers, don’t you think?

Reading entire articles (or long blog entries) on that rather small display might get tiring, I guess, but for short summaries and excerpts, I think it works fine. By the way, my subscription provider is Vodafone, and they currently charge fees for reading news on their mobile site (in addition to the GPRS transfer costs, that is). There are no such fees for downloading feeds and reading them instead, which means you have more options of what to read while it’s also cheaper.