Tuesday, 27 April 2004

I know there are some people in the world that never get spam email, but unfortunately I am not one of you. Between my email being publicly available on the Internet for the past few years and the fact that I have to sign up for all sorts of random things with a real email address, it’s just added up, and I get inundated. It’s funny to talk to others about spam email. Either they understand because they, too, have fallen victim to the scourge of the Internet, or they look at you like your advanced-stage leprosy has caused you right ear to fall off and your left leg to rot.

So, in the interest of protecting the reputations of those of us who unwillingly receive tons of junk mail a day, let’s take a look at how and why spam reaches our inboxes. Hopefully some who read this will learn something new, others will realize the errors of their ways and stop calling their spam-laden friends perverts, and still others will pick up a few hints about how to avoid becoming a victim (in the cases where it can be avoided, that is).

Remember one thing walking into this: Spam is almost completely about money. If there wasn’t a potentially big payoff in sending spam, no one would do it. If people did not reply to spam email messages and offers, no one would do it. It’s a business, albeit one that most of us hate with a passion.

Before I get too far down this road, let me say that every day I receive in excess of 200 junk mails in just one of my email accounts. I have other email accounts that get none. So, since I am one person with multiple accounts, something tells me the issue here is not me personally, but instead about how the world of email and spam works, and how the spammers started using my email address in the first place.

The fact of the matter is, much of what many people believe about spam and how one starts getting it is patently false. Certain assumptions are correct, although often the facts are twisted around, and people often wear blinders, assuming there is one root cause or one simple solution. It’s not that easy, friends. So, here are a few (admittedly random) things I think everyone should know about spam:

Myth Number One: If You Get Spam, You Must Be One Of Those Porn Surfers

Just like in junior high school, where your friends laughed at you and pointed in the hallway when they found out you did THAT (never mind that it wasn’t true, of course), people tend to assume that if someone gets spam email, it’s because they went to an “adult” web site and registered with their credit card and email address. As a result, you were added to an email list, and so now you get tons of junk email about V1agra and S3X – but hey, if you get that kind of email, it’s entirely your fault and you got what you deserved.

Not true. As someone who has *never* registered for online porn or anything even resembling such, especially with my work email address (I mean, come on, how stupid can a person get?), I can tell you that you don’t need to be a perverted Internet sex addict to become a spam victim.

I can also tell you that people really do think along the lines of this particular myth. Not many, but at least some do: A couple of years ago, I was standing in front of the entire company, showing off the new secure, web-based email interface. I switched from the PowerPoint slide to the browser where I had my email account open, and sure enough, right there on the screen was a spam email with the words “XXXPORN SUPERSTORE” in bold red letters. Luckily it was just text in the email, and while surprising to many, there was nothing vulgar displayed. Needless to say, many laughed and I still get (lighthearted and friendly) comments about it to this day. A few people followed the pattern of the myth and assumed I *must* have signed up for porn using my work email account (uh, yeah, sure), while others stopped by to see me later and tell me privately that they, too, had a problem with nasty, offensive spam and that they had no idea why or where it came from. It wasn’t long before we started working on ways to combat the spam at work. More on that later.

Myth Number Two: It’s Completely Your Fault

Another assumption people make is that if you get spam, it’s because you signed up for *something* somewhere on the Internet and voluntarily made your email address available when you filled in a registration form. If you had not done that, they say, you would not get the spam email.

Similarly, some say that if you get spam, it’s because you must have posted your email address somewhere on the internet, like on a web page, and so you advertised it for spammers to eventually find (this is one form of a technique called email address “harvesting”). And so – again – it’s all your fault.

Ok, so it is true that if you register with your email address on a web site that does not respect privacy, or if you put your email address on a web site somewhere, you could end up becoming a spam victim. It’s reasonable to say that these are two ways email addresses might get on a spammer’s list. However, it’s important to understand that you don’t *have* to do these things in order to get on a junk email list. There are many other ways, and some take no action on your part. More on that below.

Myth Number Three: People Who Get Spam Are Irresponsible, Don’t Think Ahead, and Cannot Be Trusted

This sounds almost comical, I know, but I actually stood on the edge of a conversation where one person said to another (seriously), “I would never hire anyone who gets spam email. It’s just an indicator they don’t know what they’re doing and that they’re basically stupid.” Wow. If there was ever a false, way-over-the-top generalization made about junk email, this has to be the one. The guy who made the statement was serious as a heart attack, and went on to explain that because people can completely avoid spam if they would just be more careful and use common sense in the first place, spam was an example of how you can tell whether or not someone will be a good employee. He even includes the question, “Have you ever received spam email, and if so what do you think about it?” in his interviews. I’m just glad this guy doesn’t work at my company. If he wasn’t actually serious, I’d laugh, but the fact of the matter is there are people out there who make off-the-cuff, uninformed decisions about lots of things based on completely irrelevant data. Amazing.

Myth Number Four: Spam is Totally Preventable – You Just Didn’t Do Enough

People just don’t seem to get it. Spam is *not* totally preventable. While there are ways you can protect your email address from getting on spam lists, there is no sure-fire set of things you can do that will guarantee your account will stay junk-mail-free.

By way of example, I set up a catch-all account on a domain I own recently. Any email sent to any email address on the domain was all funneled into this one email account. I did not set up a web site, did not set up or submit any email addresses anywhere. I just set up the brand new domain with it’s single show-me-everything email box and waited.

Within a few days I started receiving spam at random addresses on the domain. Some of them you might expect: admin@domain.com and support@domain.com for example. But others were more creative and sneaky. Random first initials and last names, first names followed by last initials, common first and last names combined, etc.

So, there’s the proof – you don’t have to sign up for anything, post your email address anywhere, or take any action at all to start getting spam. Now, granted – if you are not prudent about how you handle your email address or if someone else mishandles it (intentionally or otherwise), you are more likely to fall victim. But sometimes you just have to do nothing.

Myth Number Five: Out-of-Office Auto-Replies Are Totally Cool and Make My Life Easier

Ah yes, the ol’ OOF autoreplier – You know, it’s that thing that shows up in your mailbox when you send a friend or colleague an email and they happen to be, say, on vacation, or maybe at the mall shopping instead of working.

What, you ask, is so bad about that? And what does it have to do with whether or not I receive spam email?

Glad you asked.

Let’s say someone sends a spam email that happens to be directed at your email account. Here’s what happens.

1.       Email sent by sorry, good-for-nothing spammer

2.       Arrives at your email box

3.       Your server sends your out-of-office autoreply back to the reply address specified in the spam email

4.       That reply address is monitored

5.       Spammer checks the account your server replied to, sees your autoreply, and thus has confirmation your mailbox is legitimate, working, active and – therefore – valuable to him/her.

6.       Spammer adds your address to the list of email addresses confirmed to be good – the gold list, so to speak

7.       Spammer sells gold list of known-working email addresses to other spammers for a premium

8.       You get more (and more and more and more) spam

Fun eh?

Moral of the story: Don’t use Out of Office autoreplies, or configure them so they only work for internal emails. And yes, I know there are legitimate business reasons for wanting to use them – it’s a trade-off decision that has to be made. You just need to understand the potential effects.

Myth Number Six: Antivirus Software Has Nothing to Do With Spam

Wrong again. AV software certainly can protect your computer and its data from damage, theft and a lot of other nasty things, but what you may not have known is that it can also protect you from becoming a spam victim. The only problem is, everyone has to use AV software (and use it correctly) for it to really work.

For the uninitiated: A “Worm” is a virus-like application that replicates via email. Generally speaking, once they get on your computer they scan your system in a few common places (address books, cached web pages from sites you have browsed, text files, documents, etc.) for email addresses. *Any* email addresses. They then use those email addresses to send emails (which generally include an attached copy of the same worm) to the email addresses found on your computer. So, you see how it works – the worm sends itself all over the place, to thousands of people, and each step of the way it collects email addresses so it can send itself again to more victims.

But wait a minute – that’s not always the extent of what they can do. In addition to installing other software that might, for example, allow a hacker to gain access to the files on your computer or to use it to launch attacks against other computers, some worms take those email addresses and (as long as they are being gathered) send the addresses off into cyberspace where spammers and others can get them.

So, in other words, if you don’t use anti-virus software on your computer and you get infected with one of these harvesting worms, you’re not only making yourself a victim – you’re dragging along all the innocent people listed in your address book and the other files where the worm does its harvesting, as well.

Using current AV software is part of being a good Net citizen. By doing so you protect more than just yourself.

Myth Number Seven: Well, That’s All Fine and Good, But There’s Nothing You Can Do About It Once It Starts

Again, not true. There are a number of companies out there that sell software that is quite effective at blocking spam from reaching you or your end users.

Why would you want to use it?

If you’re an individual, then you want to rid yourself of the mess. Maybe it offends you (depending on what kind of spam you get). At least you’d like to segregate email that is determined to be likely spam so you can filter through that separately from your legitimate email.

If you’re a person with responsibility for a company’s information systems, the reasons are bigger and more important. You have a responsibility as an employer (or the agent of an employer) to make sure the working environment is positive (or at least not offensive or hostile). Depending on the type of spam email your end users are receiving, you may have a responsibility to them to make sure you are doing what you can to combat the problem. Remember, ignorance is not bliss. And as easy as it is to put measures into place to help curb spam these days, not doing something when there is a problem is – truly – ignorant.

Where I work we use Mailfrontier’s anti-spam gateway. There are a number of other products from a variety of vendors that also do a good job. But for our part, we like what we’re using just fine; Mailfrontier is highly customer-oriented as a company, and continually combats the latest techniques spammers are using to get their junk through to you.

Myth Number Eight: If I click the link to remove myself from the spammer's list, I will stop getting spam from that sender

Please hear me on this one. I know people would like to believe that spammers are good, honest, ethical people just trying to make ends meet, and that they follow industry-accepted standards for conducting business. We all want everyone to be good and wholesome people, concerned primarilly with doing the right thing, always telling the truth and helping old ladies across the road.

But in the real world - not true.

Spammers want to know if you receive their email, because if you do, they can sell your email address to others and make more and more money. The best spammer email address list is the one that contains the highest percentage of known-good email addresses.

So, when you click to “unsubscribe,“ more often than not you are not actually unsubscribing. Yes, I realize you may be shocked at the dishonesty of it all, but there's a good chance the spammers are simply tricking you into clicking a link that simeply lets them know you received their spam email. You never get taken off the list.

On a related note, people who are using Outlook 2003 (and when Windows XP SP2 comes out, Outlook Express will also include this behavior) have probably noticed that Outlook blocks images from being loaded from Internet servers unless you specifically allow them to be loaded. Why? Because the address used to contact the server and load the image can contain a code that uniquely identifies you, thus (again) validating your email address.

UPDATED: My friend Travis emailed me with some valid comments about Myth Eight:

I think the validity of the unsubscribe link is directly proportional to the legitimacy of the spammer's business.  If you get porn spam, or "V1AGRA" ads, you're probably better off not clicking the link, sure, but ads from job posting sites and such generally do actually unsubscribe you if you click.

That's a good point. Travis continues with his own opinions about spam:

Spammers should be punished by death.  A brutal, painful, horrible death.  Something that's probably specifically in the "cruel and unusual punishment" class.

Spam sucks. There’s no one root cause. You can’t always prevent it. But there is something you can do about it.

Anyhow, when it comes to spam, that’s about all I have to say about that.



Add/Read: Comments [1]
Tech | Things that Suck
Tuesday, 27 April 2004 12:05:08 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 26 April 2004

Rory Blyth, who is one of the funniest and (he said seriously) most thought-provoking people I have ever read, is one year old today. Or, rather, his blog is one year old.

And to celebrate, he chronicles his favorite posts from the first year.

(I can't believe the assFeed machine still works. Cooool. :-))

If you have not had the pleasure of reading Rory's unique perspective on the world, you're missing out.

But if you get hooked like I did, don't blame me.

Blame Rory. ;-)



Add/Read: Comments [0]
Blogging | Humor
Monday, 26 April 2004 20:43:18 (Pacific Standard Time, UTC-08:00)
#  Trackback

The other day I was trying to get a OneNote blog post to work, and had some problematic results. True to OneNote team style, Peter Baer with Microsoft emailed me directly and asked me to send him the .one file that was causing problems. So, I did and he wrote back (quoted with permission):

“I can repro the bug as well, using your file.  I’ll look into it – great bug, I don’t think we've seen this before.”

“Great bug.” Now, there's something you don't hear too often. But if you think about it, a bug is either a lump of coal or a nugget of gold, and it's all in the approach. I like the gold approach, myself. :-)

I also inquired about whether there was an ability to control whether or not OneNote does text-to-graphic conversion - sort of a way to tell OneNote not to convert no matter what. I pointed out to Peter that I had seen different results publishing from OneNote to email vs. doing a copy-paste from OneNote. Peter's reply was interesting, and sheds some light on the way OneNote deals with HTML content:

“As to your question: no, you can’t control it directly, but we do produce different HTML when copying to the clipboard vs. publishing to an MHTML file or email.  The in the 'publish' case, we attempt to preserve the original 2D layout as much as possible – hence the possible conversion of text to graphics, absolute positioning of divs, etc.  In the 'clipboard' case, because our main target destination apps are traditional word processors, we produce serialized content – mostly out of simplicity, since we don’t know just how the user will want to repurpose the data (and if the user really wants WYSIWYG fidelity, she can insert it as a picture).  So in that case, all text (including recognized ink) really will appear as text.”

That makes good sense, and the fact that Peter took the time to interact was really very cool. OneNote has quickly become a powerful and useful application that seems to care about its users just as much as its users care about it.

All this brings me to my real point: I have recently come to realize that the OneNote application itself is my second-favorite thing about OneNote.

The OneNote team at Microsoft is my first. I've learned more from meeting smart people at conferences, reading truly interesting blogs and using their application than from any other Microsoft program.



Add/Read: Comments [0]
Office 2003 | OneNote | Tech
Monday, 26 April 2004 19:55:59 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 25 April 2004

One of the other new things in OneNote SP1 Preview is added funcionality that allows programmers to build connectors that will import content into OneNote from other applications. Andrew May has a couple of entries on his blog that provide an early look at using the new Type Library:

“The new OneNote 1.1 Type Library includes functionality which enables you to programmatically import images, ink, and HTML into OneNote.”

Andrew also posted the OneNote Simple Import XML Schema.

Chris Pratley outlines a few ideas about what kids of power-toys for OneNote might be interesting to see some day, and offers to collect real, practical ideas from users and developers about what we think the OneNote dev team should build into the product:

“We're also interested in hearing details of any kind of extensibility you would actually use if we were to add it. The details are important - we plan to add extensibility only to support real scenarios, not just allow anything to be extended.”

SideNote: It's great to see this kind of two-way communication in the blogosphere. Thanks to Chris and the OneNote team for watching the user community and soliciting input!



Add/Read: Comments [0]
OneNote | Tech
Sunday, 25 April 2004 22:26:00 (Pacific Standard Time, UTC-08:00)
#  Trackback

Motorola MPxLooks like maybe the future is starting to look up for PocketPC-based phones.

I used a Motorola SmartPhone (MPX200) for a while, but gave up on it because of poor performance in the Exchange sync department (on the part of the phone, which bogged down under the pressure).

As far as T9 text input has come, it drove me crazy trying to type email on a phone keyboard, so I switched back to the Blackberry Phone, which does a great job for me and others where I work. It just doesn't run the Windows Mobile OS.

MPx keyboard viewBut, looks like Motorola has some new models up its sleeve. While the new SmartPhone (MPx100) looks interesting, the new MPx PDA-Phone looks very cool. With a full keboard built-in, a true HTML browser, WiFi built in, etc., I'll be all over this (if it ever makes it to the US, that is). Availability is set for 2nd half of 2004 according to Motorola's press releases.



Add/Read: Comments [0]
Mobile | Tech
Sunday, 25 April 2004 21:39:31 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 24 April 2004

First Glance at the OneNote SP1 Preview

Saturday, April 24, 2004

11:40 AM

 

 

So, I figured I'd just jump in and take a first look at the new OneNote SP1 Preview and see what stands out. So far, a lot. Too much to play with this morning, and some of it I'll need to try at work with the team.

 

The above image was clipped directly into OneNote using the new "Capture Screen Clipping" tool, which lets you activate the function, and then use the pen or mouse to drag a rectangle around what you want captured. The clip is saved to the memory clipboard and/or to a SideNote (your choice).

 

Sharing with Others:

 

This is a big improvement area, and I think it will be a popular item in the future where I work. The previous OneNote email capabilities appear to be improved, as are the SharePoint capabilities, and newly added in this preview release are Shared Sessions - live note-taking sessions on the network between multiple participants. Password protect the sessions if  necessary, and share the OneNote sections relevant to your need. Chris Pratley described it well in a web log entry he made describing the new preview release: See  http://weblogs.asp.net/chris_pratley/archive/2004/04/20/117053.aspx

 

Audio and Video recording:

 

Support for webcams is added (uses WinMedia 8 and 9 codecs configured for typical PocketPC optimization, but you can tweak that, too). Found some weird behavior in the video player interface, but hey, it's complicated and this is a preview release. But at least people who care can see my cat (see below for the video file). :-)

 

Video recording started: 11:49 AM Saturday, April 24, 2004

 

Integration with Other Devices/Apps:

 

Ability to create appointments, contacts and tasks are in the Tool menu, and PocketPC integration is there, as well - You can copy your notes manually or automatically from your  PocketPC device.

 

Wish-List:

 

Odd behavior and bugs don't get listed here (since I am reporting those anyhow elsewhere), but rather the few things I can think of that I don't see in the program just yet. In fact, for now I can only think of one glaring thing. Hyperlinks.

 

It appears there is still not an option to insert a hyperlink on one or more words of text (which you can do in other office apps, so was hoping to see that here in the service pack). This image is from Microsoft Word:

 

 

Screen clipping taken [from Microsoft Word]: 4/24/2004, 10:38 AM

 

You know - highlight a block of text, right click, choose "Hyperlink" from the menu and from their either add or edit the hyperlink associated with the text block. Link to a web page, or whatever. Maybe there is something about OneNote that makes this difficult to do, or maybe it's there and I just can't find it. But I have definitely tried!

 

Verdict:

 

Very cool. OneNote is already a great example of smart product building by a clearly talented team. It's a power-productivity tool, is able to be used by a wide variety of end users for an equally wide variety of purposes. The SP1 preview has addressed not only the top problems in the initial 1.0 release, it's added the low-hanging-fruit functionality that a) people are asking for and b) the product team could realistically deliver in the context of the service pack.

 

It's pretty nice. Will be interesting to see what the blog entry looks like.

 

More later.

 

Created with Microsoft Office OneNote 2003 (SP1 Preview)
One place for all your notes

Download: First Glance at the OneNote SP1 12.one
Download: Side Notes - First Glance at the OneNote SP1 Preview.WMV



Add/Read: Comments [3]
Office 2003 | OneNote | SharePoint | Tech
Saturday, 24 April 2004 11:26:47 (Pacific Standard Time, UTC-08:00)
#  Trackback