Thursday, September 3, 2015

How to Re-target a Technical Book

An Actual Book

Rights for the book "Sendmail Milters: A Guide for Fighting Spam" have been returned to the authors and hence to Fool Church Media. Reviews on showed why this book did not sell well when first published:

Anthony Lawrence said in part, "This is a programmer's book. It's heavy on C code, and if you can't at least read C, a lot of this isn't going to mean much to you."
W Boudville added in part, "But as a bonus, there is a superb chapter on spam. It concisely goes into explaining techniques spammers use to obfuscate their mail. You can find out why blocking spam on the basis of checking subjects is essentially useless, for example. The chapter describes methods that other books on spam rarely go into. Actually, even if you have no intention of using Milter, you may want to consider the book for this chapter alone."

Now you have to understand that Milters are used by sendmail and postfix only and not by any other mail transfer agents (MTAs). This meant that the book originally targeted only 1/2 the MTAs and the managers of those machines. This represented a much smaller audience than the whole sweep of programmers and an even smaller part of those interested in fighting spam who might not program at all.

Updating this book to better cover Milters and libmilter would in no way broaden its appeal. Also the libmilter interface and Milters in general are already more thoroughly covered in the O'Reilly sendmail book.

A better plan would be to eliminate the Milter and libmilter chapters and to talk to the much broader audience, those who are interested in fighting spam and phishing and those interested in the more notorious and modern spear phishing.

The choice then becomes one of either producing a slim manifesto about spam, or a how to fight spam book that teaches how to use the existing technologies to achieve that end. We have decided on the second of these two extremes.

The SPF (Sender Policy Framework) is a standard that allows you to tell the world which machines you will use to send email, and SPF can be used to limit that list to only those machines. This standard is good in that it can disallow others from sending email as if it were coming from your machines.

The DKIM (DomainKeys Identified Mail) is a standard that allow you to insure that mail you send cannot be changed in transit.

The DMARC (Domain-based Message Authentication, Reporting and Conformance) is a standard that prevents other from accepting email sent by others trying to masquerade as you. It also can be used to prevent your users from seeing such masquerading email. As a bonus, DMARC can be used to have other sites send you reports on the behavior of your email.

The new book will focus on helping folk install and tune SPF, DKIM, and DMARC records. And underpinning those standards will be several chapters discussing the nature or spam, phishing and spear phishing.

This effort should shrink the book from 330 pages down to 250 or so, and should target it at a broader audience because it will contain no programming.

Your feedback appreciated. Do agree or not with this approach.