I hate SPAM, and GoDaddy is Useless!

Submitted by Brad Tombaugh on 12 April 2015 - 3:39pm

After the debacle with my CenturyLink DSL last summer, I had to make a quick decision on alternatives to hosting my own domain, email and web. I ended up being off the network for two weeks when CenturyLink couldn't figure out how to restore my DSL server when they did an upgrade that I had already cancelled.

Many years ago, I used a domain-hosting service called DomainDiscover that registered my domains and DNS, redirected web requests inside of a frame, and relayed email from a virtual domain to my ISP account. After I started running Apple's OS X Server, though, I realized that I could provide most of those services myself, on my own home server. My ISP, NeTrack, who was later acquired by Indra's Net, provided a static IP address, so hosting my own domain was fairly straight-forward.

Once I started running my own services locally, I decided that it wasn't necessary to be paying DomainDiscover for the other services that I wasn't using any longer. All I really needed was a domain registrar. Checking on pricing, it seemed that GoDaddy was about the least expensive, and while nobody had a great customer service record, GoDaddy was large and established, so I transferred my domain registrations to them.

So, when my DSL was down for an extended period of time, I did some quick checking, and discovered that GoDaddy had recently started using CPanel virtual Linux hosting, and had hosting plans on sale for half-price, so it was only about $5/month, as I recall. Since my domains were already at GoDaddy, it was easy to setup the hosting account, and I was able to get email service back up in a matter of minutes. Over the next couple of weeks, I was able to create MySQL databases and restore backups from my home server, and migrate all of the content for Drupal, so I had my websites backup in a couple of hours.

Since that time, however, the amount of SPAM that I receive has increased significantly. While cPanel includes SpamAssassin, it allows very little configuration, so its practically useless. What is worse that the SPAM is the backscatter. These are bounced messages from a forged sender that look like came from me, but didn't. When the SPAM can't be delivered, it sends the failure notice to the forged sender's address, which is mine in this case. I'm getting over 500 backscatter daily!

Let me say at this point that if you have looked up my name or email address on the web, because you're angry that I'm sending you SPAM about something seen on the Oprah show -- I'm not the one sending it, I haven't been hacked or infected with a virus or worm, and it didn't come from my computer!

My domain, or rather my domain's email server, is being spoofed by spammers, who are obviously sending huge quantities of SPAM from a variety of different sources, pretending to be my domain.

What does backscatter look like, and how can you tell where it came from?

Let's take a look at the headers from one of the messages. There different ways to do this in different email applications. In Apple's Mail, I choose "Message -> Full Headers" from the View menu.

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)
(envelope-from )
id 1YhKy8-0002yW-SZ; Sun, 12 Apr 2015 09:42:49 -0700
Subject: from: Brandon Tate
From: Brandon Tate
Content-Type: multipart/alternative;
boundary=Apple-Mail-291EBA29-F9D3-9F3D-1ECC-F30B84161BF8
X-Mailer: iPhone Mail (11D257)
Message-Id:
Date: Sat, 12 Apr 2015 05:42:44 +0000
To:
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)

--Apple-Mail-291EBA29-F9D3-9F3D-1ECC-F30B84161BF8
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit


Hi! How are you?

Have you seen this
before?
Oprah had been using it for over a year!
-----------------

First, let's look at the "From:" line

From: Brandon Tate

If a human were to look at this, its apparent that the name and address don't match. However, many email applications now hide the actual email address, and only show the sender's name, so many people aren't even aware that it has been faked.

Now, let's look at the "Received from" line:

Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)

This shows the IP address making the connection to the SMTP server. You can find who this address belongs to by doing a "whois" lookup, from a website, the terminal or command prompt, or the Network Utility on a Mac. I did a whois lookup, and see that address is assigned to Saudi Telecom:

Whois has started…

% This is the RIPE Database query service.

% Information related to '188.52.0.0 - 188.52.255.255'

% Abuse contact for '188.52.0.0 - 188.52.255.255' is 'registry@saudi.net.sa'

inetnum: 188.52.0.0 - 188.52.255.255
netname: SAUDINET_DSL_POOL
descr: DSL HOME Subscribers
country: SA

role: Saudi Telecom Co. Registry Admin-C contact
address: STC complex, murslat, Riyadh
address: P.O.Box: 295997
address: Riyadh 11351
address: Saudi Arabia
phone: +966-11-4434970

% This query was served by the RIPE Database Query Service version 1.78 (DB-3)

I live in Colorado, and my domain is hosted by GoDaddy in Phoenix, so this definitely didn't come from me!

Next, on the same line, see the "HELO=" which shows the name that the sender proclaimed to be -- mail.tombaugh.org. If you lookup this host name in DNS, it shows:

dig mail.tombaugh.org all

; > DiG 9.8.3-P1 > mail.tombaugh.org all
;; global options: +cmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.tombaugh.org. IN A

;; ANSWER SECTION:
mail.tombaugh.org. 3600 IN CNAME tombaugh.org.
tombaugh.org. 600 IN A 23.229.231.36

;; Query time: 128 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Sun Apr 12 13:29:05 2015
;; MSG SIZE rcvd: 65

;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;all. IN A

;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015041200 1800 900 604800 86400

;; Query time: 16 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Sun Apr 12 13:29:05 2015
;; MSG SIZE rcvd: 96

The DNS query shows that the IP address for mail.tombaugh.org is 23.229.231.36, not 188.52.86.70. In my opinion, this should cause the email to be blocked immediately! Unfortunately, it was accepted for delivery, but bounced, and sent the failure notice back to my account.

What can be done to prevent SPAM?

Unfortunately, it is obvious that the SMTP server that received the message isn't validating the reverse DNS lookup from the HELO, and they aren't checking the SPF record. Who's email server is that not checking these basic parameters? Lets look back at the received by line:

Received: from [188.52.86.70] (port=65247 helo=mail.tombaugh.org)
by p3plcpnl0545.prod.phx3.secureserver.net with esmtpa (Exim 4.85)

Oh my gosh! That's one of the servers in the secureserver.net domain operated by my hosting company, GoDaddy! So GoDaddy's cPanel virtual Linux hosting email servers are not checking that the senders name and address match, nor are they checking their own SPF records in their own DNS for the domains that they host for their customers!

The first line of defense against SPAM is in the SMTP server itself. The SMTP server bundled with CPanel is EXIM. Exim has the helo_verify option which will reject mail if the sender doesn't open with HELO or EHLO, or if the address verification fails. This is obviously NOT enabled. If it were the SPAM would get refused before it was sent.

The second line of defense is to use a blacklisting service such as SpamHaus to see if the sender has been identified as a spammer. I checked the address 188.52.86.70, and its in the SpamHaus Zen blacklist, and several other services as well. This leads me to believe that GoDaddy isn't using a blacklist to validate senders, either...

The next check that should be done would be to verify the authenticy of the sender using a certificate, Yahoo's DomainKeys or DKIM, or Sender Policy Framework. One of GoDaddy's own Support articles suggests creating SPF records in their DNS, which is ironic since their own servers don't seem to check SPF records!. This is what an SPF record looks like:

dig mail.tombaugh.org txt

; > DiG 9.8.3-P1 > mail.tombaugh.org txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.tombaugh.org. IN TXT

;; ANSWER SECTION:
mail.tombaugh.org. 3600 IN CNAME tombaugh.org.
tombaugh.org. 3600 IN TXT "v=spf1 a mx ptr include:secureserver.net ~all"

;; Query time: 154 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Sun Apr 12 13:29:32 2015
;; MSG SIZE rcvd: 107

The SPF record is stored as text, and shows the names of the mail servers that are authorized to send for this domain. In this case, its including any mail server run by GoDaddy.

According to GoDaddy, after wasting an hour talking with their technical support, I should change my email account password, and create an "SPF" record in my DNS... The problem is, the mail didn't come from my account, so changing my password won't affect anything, and I already have an SPF record!

The technical support people at GoDaddy that I talked with today claim that since this email is being handled by cPanel that they can't change the settings to enable helo_verify, set a blacklist, or enable checking SPF records, which I think is bullshit! Even if GoDaddy weren't able to change the configuration for cPanel, they could (and should) relay their inbound email through their own gateway servers which ought to incorporate these kinds of basic filtering mechanisms.

I'm frustrated that not only is GoDaddy not helping to prevent or block SPAM, it appears to me that, in essence, they are enabling the spammers! Any combination of the three simple configurations that I outlined above would prevent this spam from being sent to thousands of recipients, and would eliminate hundreds of backscatter messages per day as well.

The only option that they were able to recommend is to move to a virtual Linux host, instead of cPanel, so that I could do all of the work to setup these things myself. This is what I was expecting to avoid by hosting my domains with a "professional" hosting organization. So, until I decide to host my own server again, I'm going to be deleting ~500 backscatter and a bunch of other SPAM every day...

New Horizons spacecraft to give clearest look at Pluto

Submitted by Brad Tombaugh on 15 December 2014 - 5:36pm

New Horizons launched in 2006 and it is finally closing in on some of the farthest reaches of the solar system. It came out of hibernation last week on December 6, 2014, and is now in active mode. It will make its closet pass by Pluto next summer.

Check out this story on 9news.com: http://www.9news.com/story/life/2014/12/15/new-horizons-spacecraft-to-g…

Here is a link to the mission page as NASA: http://www.nasa.gov/mission_pages/newhorizons/main/

And the Wikipedia article: http://en.wikipedia.org/wiki/New_Horizons

More Home Automation

Submitted by Brad Tombaugh on 11 December 2014 - 12:39am

After moving into our new house at the end of September, for my birthday in October I invested in some "Home Automation" stuff. I had been doing some research periodically over the past year or so, and had been following some of the INSTEON and Z-Wave news. I had decided that Indigo looked like the best option for Macintosh-based home automation, and it supported interfaces for X-10, INSTEON and Z-Wave, so it had lots of flexibility. I had been planning to go with INSTEON, but our new house came with a Schalge lock with a keypad entry that is Z-Wave enabled, so I went with Z-Wave devices instead.

I ordered a copy of Indigo Pro 6, along with an Aeon Labs Z-Wave USB stick interface, an Evolve plug-in lamp dimmer module and two GE/Jasco Z-Wave On/Off wall switches to get started. The Schalge/Nexia starter kit that came with the lockset included a Z-Wave lamp dimmer module as well, so I have two of them to work with now.

After my friend Jerry Nieman helped me install the wall switches to replace the front porch and patio light switches, I was able to install the Indigo software and drivers for the Aeon Labs USB stick on my MacMini server, and start up Indigo as a server process so that its always running. I can connect to Indigo from my MacBook Pro using a "client" installation of Indigo or from my iPad Air using their Indigo Touch app.

Once I had Indigo setup, I linked with each of the Z-Wave switches and modules, so that i could control them through the software. Initially I setup three schedules. The first turns the front porch and garage lights on 30 minutes before sunset. I setup Indigo's preferences with my actual latitude and longitude from a GPS app on my Droid, so its able to calculate the precise sunrise and sunset times for location of my house. The next schedule turns the porch lights off at 11pm, which I figured was late enough. I also created a schedule to turn the porch lights off 15 minutes after sunrise, so if we happen to turn them on in the morning, they will go off automatically after it is light enough outside.

After we got the fence put in around the back yard, I added another set of schedules for the patio light to do the same thing as the front lights. This basic setup works very nicely, especially after the end of Daylight Saving Time, so that the front lights are already on when we get home from work in the dark.

This week, I ordered a GE Z-Wave outdoor module so that I could control the outside Christmas lights. After dinner, I opened the package, and took the module out to the outside outlet on the front porch. I grabbed a 3-way plug block from the garage, as I had two cords to plug in. I also pulled out the Aeon Z-Wave USB stick from the MacMini Server. Once I plugged in the new module, I pressed the link button on the Aeon, then pressed the button on the module to link it.

I came back inside and plugged the Aeon back into the MacMini, and fired up Indigo on my MacBook Pro. I was able to add the new module, which I tested from my iPad Air using Indigo Touch. It let me turn the module on and off while walking around in the house. This let me control the outside Christmas lights through Indigo.

Next, I pulled out the Evolve lamp module out from the outlet behind my recliner that controlled my light. I plugged my lamp into the switched outlet for now, so that I could use the lamp module for some indoor Christmas lights. I took the lamp module to the front bedroom, and plugged it in for the snowflake lights in the front window.

Back at my MacBook Pro, I created a new “action group” in Indigo for “Front Lights Off” and added the light switch for the porch lights, the outdoor module, and my lamp module (temporarily). Then I defined the actions for each module to turn off. I duplicated the action group, renamed it for “On” and changed the actions to turn on each of the lights.

Once the action groups were created, I changed the schedule that turned the porch lights on and off to use the action groups instead of just the one light switch.This will now turn on all of the outside lights 30 minutes before sunset, and turn them off at 11pm. It will also turn them off 15 minutes after sunrise if we happen to have turned them on manually in the morning.

Now that I fixed the schedules, I also created a couple of “trigger” events in Indigo, using the state of the porch light switch. When the wall switch for the front porch lights is turned on, it calls the action group to turn all of the front lights on, and when the porch light switch is turned off, it turns off all of the front lights. There is a momentary delay, so I might need to adjust the polling interval for the switch… This setup lets me turn the Christmas lights on and off manually with the porch light switch!

I'm definitely going to be asking Santa for more Z-Wave switches for Christmas, so that i can automate more things throughout the house...

Apple released a BASH Shell Security Update for Shellshock, kinda...

Submitted by Brad Tombaugh on 17 October 2014 - 8:55am

While Apple has released a security update to address the "shellshock" vulnerability in the bash shell, they have not made it available through Software Update!

See the support page at: http://support.apple.com/kb/HT1222 for links to the downloads and installation instructions.

Update: Apple has rolled the bash shell update into Security Update 2014-005. See the details at: https://support.apple.com/kb/HT6531

Presumably, the fix is also included in OS X 10.10 "Yosemite" (https://support.apple.com/kb/HT6535) which was released yesterday.

Back Online!

Submitted by tombaugh on 25 July 2014 - 7:55am

I've been offline for a little over a week, after a botched Century Link DSL upgrade at home. I've moved to a GoDaddy web hosting plan, and have gotten all of my websites back up and running last night. I still have some fine-tuning to do, but the basic content is back up now.

Madisen Beaty Joining the cast of "Measure of a Man"

Submitted by Brad Tombaugh on 23 June 2013 - 10:30pm

As reported in "Deadline" and other sources, actress Madisen Beaty, who played Joaquin Phoenix’s first love in Paul Thomas Anderson’s Oscar-nominated “The Master” last year, is the first cast member to sign on to indie drama “The Measure of a Man”, according to Deadline. Terry Loane will direct the adaptation based on the novel “One Fat Summer” by Robert Lipsyte.

“Measure of a Man” follows Bobby Marks, a chubby and often bullied teenager, who finds spending the summer at a family lake house sheer torture, until he transforms himself into a confident young man. Beaty will take the role of Michelle, Bobby’s sister who’s used to the spotlight and getting her own way. David Scearce adapted the coming of age novel for the big screen.

The eighteen year old actress may be best known for playing Doris Solstad in PT Anderson’s “The Master” opposite Joaquin Phoenix and Amy Adams, but Beaty made her feature film debut under the direction of a different auteur in David Fincher’s “The Curious Case of Benjamin Button.” She recently wrapped up indie “Jamie Marks is Dead” with “Shameless” star Cameron Monaghan and has a recurring role on new ABC Family drama “The Fosters.”

Madisen Beaty on ABC Family show "The Fosters"

Submitted by Brad Tombaugh on 3 June 2013 - 7:48pm

Watching our friend Madisen Beaty guest starring on "The Fosters" on ABC Family tonight. Madisen will be in (at least) the first seven episodes as "Talya." Below is the text from "About the Show" from the ABC Family website:

The Fosters is a compelling, one-hour drama about a multi-ethnic family mix of foster and biological kids being raised by two moms. Stef Foster (Teri Polo), a dedicated police officer, and her partner Lena Adams (Sherri Saum), a school Vice Principal, have built a close-knit, loving family with Stef's biological son from a previous marriage, Brandon (David Lambert), and their adopted twins, Mariana (Cierra Ramirez) and Jesus (Jake T. Austin). Their lives are disrupted in unexpected ways when Lena meets Callie (Maia Mitchell), a hardened teen with an abusive past who has spent her life in and out of foster homes. Lena and Stef warily welcome Callie into their home thinking it's just for a few weeks, until a more permanent placement can be found.

Callie is quick to observe that the Fosters are an atypical family, and her blunt commentary hits a nerve with Jesus and Mariana who are struggling with their own identities. The twins have the opportunity to meet their birth mother, but they aren't sure if they are emotionally ready, or if they want to share the experience with their adoptive moms. Callie also discovers that Mariana is harboring a secret that could land her in serious trouble.

Brandon, a talented musician with a kind soul, lends Callie a hand in navigating the classrooms and social scene at the Fosters' high school, Anchor Beach Community Charter School. He's faced with a tough decision when Callie decides to ditch school to reconnect with someone from her past. What happens next will determine if Stef and Lena made the right choice in taking a chance on Callie, and whether they have room in their home - and their hearts - for one more.

From executive producer Jennifer Lopez, and created by Bradley Bredeweg and Peter Paige, who will also serve as writers and executive producers, The Fosters stars Teri Polo, Sherri Saum, Jake T. Austin, Hayden Byerly, David Lambert, newcomer Maia Mitchell, Danny Nucci and Cierra Ramirez. Joanna Johnson, Elaine Goldsmith Thomas, Benny Medina and Greg Gugliotta will also serve as executive producers. The series is produced by Nuyorican Productions, Inc., and Prodco, Inc.

Welcome Back!

Submitted by Brad Tombaugh on 25 February 2013 - 11:11pm

After many months in the dark, I have recovered that last of the pieces from my old Mac Mini G4, so that all of my services -- DNS, Open Directory, Email (Postfix, Cyrus, SpamAssassin, ClamAV, MailMan), MySQL, and Drupal with updated PHP, since Apple's default PHP install doesn't include any of the necessary modules.

First my external drive for TimeMachine backups died... I replaced it with a new drive, but it had to complete a new, full backup. During the full backup, the external drive that the server was running from died from old age... After several partially successful attempts to recover the data using DiskWarrior, I tried to reconstruct the old Mini, but wasn't able to get it to boot up... I thought that I had recovered enough of the data that I could use it to migrate to the new server, but the server migration wizard would die partway through.

After manually rebuilding Mail under 10.7 with Server 1.0, I found that when I updated to 10.8 and Server 2.0 that the migration wizard couldn't even move my data and configuration from 10.7... So I had to manually rebuild DNS and Mail once again...

I have since migrated from an old 32-bit G4 Mini, to a newer 64-bit Intel Core 2 Duo, with 8Gb of RAM. I've gone from OS X Server 10.5.8 to 10.7 and on to 10.8.2 Mountain Lion, with Server 2.2.1. I've had to manually install MailMan, since that is no longer included with Server. I also had to manually install MySQL, since Apple dropped it in lieu of Postgresql. I had to reinstall phpMyAdmin, only to find that Apple's installation of PHP 5 doesn't include many of the common modules needed. I used to use Entropy PHP, but its not being supported any longer. Its been superseded by php-osx from LIIP, also in Switzerland. Then I discovered that the Server app insists on reverting back to the default PHP every time it restarts... I had to reinstall Drupal 6.20, and then updated to 6.28. Then I had to update and fix some modules, reinstall MacPorts to load ImageMagick, etc...

But now I'm back online! I still have some formatting issues to work out, as my Zen theme and stylesheets seemed to have gotten a little broken, so bear with me while I do some more fine-tuning...

Driving in the Mountains

Submitted by Brad Tombaugh on 29 May 2011 - 8:22am

We're spending the weekend at our trailer in Buena Vista. It was too windy yesterday to ride our bikes that we brought up, so we decided to drive down Highway 50 over Monarch Pass down to Gunnison. This weekend has been my first chance to drive my new VW Jetta SportWagen TDI in the mountains, so I was interested to see how it handled the higher altitude and steeper grades. The 2.0L TDI makes plenty of power to ascend even a 7% grade at 11,000 feet.

What I was even more impressed with, though, was how well the DSG transmission worked on the descent. I'd already noticed that when braking, the DSG will downshift to help slow down using engine braking. What I had not thought about was how nicely that would work when descending a 7% grade. When coming down from the pass, holding the brake for a moment would cause the DSG to downshift one or two gears. It would hold that gear until I touched the throttle again. It worked perfectly to control the speed coming down a steep grade. I know that I can use the Tiptronic mode to do this manually, and that it will even automatically match the engine speed, but I was impressed that in automatic mode it did this so well on its own.

My previous vehicle, a GMC Sierra K-2500 truck with the Duramax Diesel and Allison transmission would do downhill engine braking, but I think only when it was in Tow/Haul mode. It also worked quite well to control the speed, especially when we were pulling the trailer.

I was also quite pleased to see that for the trip to and from Gunnison, including going over Monarch Pass twice, we still averaged 36 MPG!

VW Jetta SportWagen TDI

Submitted by Brad Tombaugh on 8 May 2011 - 7:59am

Last week I bought my new 2011 Jetta SportWagen TDI, the day before we took a 3,200 mile trip from Denver through Missouri to North Dakota, and back again. The TDI was the perfect car for the road trip, roomy and comfortable, and up to 43MPG on the highway. Based on fill-ups, my best mileage was 39.67MPG, with 486 miles on one fill-up and still a 1/4 tank left. My overall mileage has been about 37MPG, combined city/highway for the first 3,500 miles.

There are quite a few things that I really like about the new Jetta:

  • The fuel economy is fantastic. Even in the first 3,500 miles, I'm getting at least 30 MPG driving to and from work, and over 43 MPG on the highway, if I keep the speed down a little...
  • The TDI makes plenty of power, especially for an engine that gets such great fuel economy. Although its only 140 HP, the diesel makes 236 ft-lbs. of torque, which is really more important. Plenty of power to accelerate onto the highway, or for passing. I'm anxious to get up into the mountains to see how it does at higher altitude.
  • Even though the fuel tank holds only 14.5 gallons, with the great fuel economy that's enough fuel for a range of about 500 miles on the highway, so you don't have to stop to fill up so often.
  • After much internal debate, I finally decided on the DSG automatic rather than the manual transmission. While my previous Jetta has a manual transmission, and I can certainly enjoy driving a stick-shift, I thought that for the long term the automatic might be more comfortable. Since the DSG doesn't use a conventional fluid torque converter, its more efficient than traditional automatics, and in fact is often rated with higher fuel economy than the manual. I also thought that since the diesel has a lower redline and narrower (and lower RPM) power band than a gasoline engine, that with the manual you would need to be shifting constantly to stay in the appropriate gear. I decided that it would be better to let the transmission do that for me! Driving the DSG still feels a little quirky at times, although its generally very smooth and shifts very quickly. At startup it feels a little slow to engage sometimes, which can lead you to open the throttle a bit more. Once the transmission and turbo get engaged, it makes for quite a quick start, often quicker than intended. It can actually be challenging to drive this car slowly! ;-) With a bit more practice and patience, though, I'm getting the hang of making smooth starts. The other thing that is taking some adjustment is that the DSG downshifts for you when braking to help you slow down. It seems like the harder you brake, the quicker it downshifts, so braking smoothly can be challenging if you're not paying enough attention. Again with some more practice I'm sure that I'll have the proper finesse soon!
  • For a compact car, there is plenty of space inside. The Jetta seems almost as spacious as our Passat, and was very comfortable to ride in even for a long trip. The seats are very comfortable, and easily adjustable to keep comfy even on a long drive. The electric heat was handy to have, as it was only 27 degrees in North Dakota on the morning when we left.
  • The car came standard with Bluetooth integration for my cellphone. While this isn't something that I may have ordered if it were an option, I'm really liking the way that it works. Once paired with my phone, it automatically links every time I start the car. If I get a phone call while I'm driving, I can press the phone button on the steering wheel with my thumb, and it mutes the stereo, answers the call, plays it through the speakers, and has a microphone built into the overhead console. It really works quite well.
  • I love the soft leather-wrapped 3-spoke steering wheel, with built-in controls for the stereo, phone, and trip computer. I tend to hold onto the lower portion of the steering wheel when driving on the highway, and many 4-spoke wheels like the one in our Passat don't have enough spacing between the top and bottom spokes to fit my hands into comfortably. The 3-spoke wheel works perfectly.
  • The car I picked out has the panoramic sunroof and 17" wheel package. I love having the sunroof for ventilation, and it makes the car feel much more open and roomier, even in the back seat, since the glass comes back over the rear seats as well.
  • The TDI comes with the Multi-Function Display trip computer, which shows the instantaneous and average fuel consumption, both for the current trip and cumulatively. The trip counters reset after two hours, so it always shows your current activity. It also tracks duration, distance, and average speed for both the current trip and cumulatively. The MFD will also show the phone status, and the current selection on the radio. A new addition, compared with our 2008 Passat, is a simple, large digital speed display. Very nice...
  • The touchscreen AM/FM/Satellite Radio/6-CD Changer is also great. Again, although satellite radio is not something that I would have ordered, we did enjoy it on the trip. It was nice to be able to pick a channel by category, and not have to constantly hunt for local radio stations while traveling. I am having the factory Media Device Interface for the iPod installed by the dealer this week, so in the future I'll be able to control my iPod through the radio as well.

So what's missing? I think that about the only thing that would make this car better, perhaps perfect, would be if it were offered with all-wheel drive. Volkswagen has their 4-Motion all-wheel drive systems, like the Audi Quattro, which is only offered on a few of the high-end trim levels of the Passat and CC. There are European versions of the Jetta/Golf that are offered with both TDI and 4-Motion, but not in the US. Even the Audi A3, which is offered with the TDI, or with Quattro, isn't available with both TDI and Quattro. I would most likely have gone with the more expensive A3 if Quattro would have been offered.

I've heard that with the recent tragedy in Japan, that production of many Japanese auto brands may be severely limited for the near future. While Subaru has a US-based factory in West Lafayette, IN, it has closed a number of its plants in northern Japan, the area that sustained the worst damage from the earthquake/tsunami. I think that if VW were to offer a 4-Motion-equiped version of the Jetta SportWagen in the US that it would likely pick up a fair share of Subaru's market. I would guess that many Subaru buyers make their selection because of the all-wheel drive.

(Photographs from Volkswagen and by Richard M. Baron from Road and Track)