Spam Prevention Tips #2
We can’t say it enough times. Sometimes we’re in such a hurry to complete the sign-up process that we don’t stop to read the warning signs. Personally, I can’t remember the last time I actually read the terms and conditions before clicking the submit button. However, it’s often the terms and conditions that determine whether or not you are going to receive marketing spam from this company at a later time or not.
Having said that, most reputable companies do conform to the industry standard of allowing registrants the option to opt-in or opt-out of their email subscriptions. In actual fact, the industry has been moving away from the opt-out method as an acceptable form of registration and now most services are requiring opt-in. Confused?
Well the key thing here is to remember to check for the tick boxes which either sign you up or sign you out of receiving emails from the company whose web site you are currently on. The trick is to carefully read the text next to the tick box as some will ask you if you wish to be added to their mailing list whereas others will ask you if you do NOT want to be added to their mailing list. To confuse you even more, sometimes the box will already be ticked and other times it will be empty. There is no standard convention, so you can’t just assume that it’s working in your favour.
Here at Remote Anti Spam we would like to see a situation where web sites agree to conform to a single form of sign up with a single approach understood by everybody. All forms should simply ask
- ‘Do you wish to receive our products newsletter?’
The options should simply be to tick either of the Yes or No boxes. The default option should be ‘No’ so that users have to opt-in to receive messages. If the company wants to offer to send you carefully selected offers and news from their partners (i.e. other people’s spam) the wording should be as simple as
- ‘Would you be happy for us to pass on your email address to our partner companies?‘
Again the default option should be ‘No’. While it is unlikely, however, that this position is going to be arrived at anytime soon, we are writing this guide to advise Internet users to carefully read the wording before clicking that submit button. Remember that the definition of spam hinges on the fact that an unwanted message you receive is ‘unsolicited’. If you got the tick box wrong, i.e. if you misread the wording, or didn’t understand it, and selected the wrong option, you may have unwittingly opted-in to receive spam messages from that company. In that case, the message(s) you’re receiving are not technically spam, even if they are heavily encouraging you to buy non prescription, endurance delivering, erotic drugs from their online pharmacy in Hanoi.
Spam Prevention Tips #1
In the first of this 10 part series, we will be providing some advice about how to prevent your email address getting into the hands of spammers. Prevention is better than cure so it’s always a good idea to practice safe browsing online and get into some good habits early on to safeguard your privacy and identity online.
Now we all like to receive a few funnies in our inbox from time to time. Photos, jokes, funny video clips or hilarious song mashups and even the odd good luck charm to give you a lift on a dull Friday afternoon. But did you know that forwarding these messages onto everyone in your address book is one of the best ways to guarantee your email address ends up on spam lists? Yes, it’s true.
The fact is that no amazing good luck will happen to you by sending that message to 15 people you love within the next 5 minutes, no matter how convincing the sender makes it sound, and don’t believe their promises that it happened to them. Yeah right! You are not going to win a free iPod by sending that viral marketing email to everybody you know who listens to music. This one is excellent actually because, who do you know that doesn’t listen to music? That email petition going around is not going to prove or change a single god dam thing! In fact, email petitions are probably the worst type of spam gathering email you can get yourself involved in (more on this later). And for the last time, it does not take guts to say Jesus! See, I just said it!
The sole purpose of these messages is to get you to send them on to everybody in your address book so that eventually, this huge great list of live and valid email addresses ends up with the spammers. Luckily, there is a way you can keep yourself and your friends out of most of these email spam traps – except for the email petition which, as mentioned before, is particularly nasty. If you really do feel compelled beyond rational rhyme or reason to forward that message on to everybody you know, then instead of adding all their names in the TO box, add them to the BCC box instead.
BCC means Blind Carbon Copy and what it does is hide the names and email addresses of everybody who is in that box. So you can forward your latest antivirus alert hoax onto all 200+ of your eager contacts safe in the knowledge that not only will they take immediate responsive action by promptly deleting your message for wasting their time, but also that they won’t secretly chastise you for exposing their email address to spam! Now, when you’ve added all your friends’ email addresses to the BCC box, just add your own in the TO box before clicking Send, as some email programmes don’t like to send messages without at least one address in the TO box. They think it looks like spam.
All well and good, but this advice doesn’t work with email petitions because people filling these out actually type their names and email addresses into the main part of the email message, known as the email body. Imagine how thankful spammers are when such messages, full of several thousands of self annotated email addresses, land in their inboxes. It’s Christmas come early. If the cause for which you’re petitioning is a just and worthy one, no doubt they will have a web site where you can go to sign their online petition or contribute in some other way. These online petitions will generally have safeguards to protect your identity and email address from being abused.
So the lesson learned today? Use the BCC field to send or forward jokes and amusing, non important stuff to your friends and contacts, if you really have to send them at all. They’ll thank you for it.
To put this into practice, why not send this article to your friends using the BCC field now. Let’s start to pread the word.
Microsoft and Google are facing renewed challenges in their fight against spammers who abuse their webmail services to send out spam. Earlier this year spammers successfully used bots (software that automatically signs up with online services) to break the CAPTCHA security systems at Hotmail and GMail. Once penetrated these bots proceed to create several accounts, and then use them to send high volumes of spam messages. Both Microsoft and Google responded by strengthening their CAPTCHA systems, but it seems that the spammers have found another way in.
We are all now familiar with CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the extra step we must all take when submitting almost any type of form on the web. The process involves entering the garbled, often illegible, text displayed on screen to prove that a human is completing the form and not a robot.
While it is relatively easy for humans to decipher the text on screen, computer bots find it much more difficult as the distortion of the text makes it difficult for them to identify the letters using their optical character recognition capabilities. However, in recent weeks it has emerged that Microsoft’s CAPTCHA has been breached by spammers again, and it has been suggested that spammers are getting it right between 10-15% of the time.
If spammers are successfully breaking CAPTCHA on huge services like Hotmail and GMail, who have the resources to implement the most secure techniques available, where does that leave the average webmaster who uses CAPTCHA to prevent the abuse of their contact forms, order processes or blog articles?
Well, some are suggesting that CAPTCHA in its current form is now rendered useless and just not viable anymore. Some industry experts are suggesting a wholesale switch to alternative forms of CAPTCHA, such as Microsoft’s Asirra image based format where users are required to identify and distinguish between photos of cats and dogs. Others, such as Terry Zink, are suggesting a second CAPTCHA challenge post sign up which would statistically reduce the overall success rate of the spammers’ bots.
Nobody quite yet has the perfect solution, and though many believe it’s just a game of cat and mouse, the anti spam industry continues to seek the most effective measures of preventing spam reaching our inboxes.
In a move that could have wide reaching implications in the anti spam effort, US state Nevada – famous for it’s ‘Sin City’ of Las Vegas – today becomes the first to require that all transmissions containing personal, identifiable information sent over the internet be encrypted. Key wording from the new law reads,
“NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.]
1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission”
At Remote Anti Spam, we believe that this is a bold and progressive move and will monitor developments there closely to see how it is enforced. Having said that, we acknowledge the massive headaches this will give small businesses in Nevada, as they must scramble to ensure compliance.
It is conceivable that many small businesses in Nevada will not have prepared and could find themselves breaking the new law from the outset on 1st October. It is unclear at this point how vigorously the Nevada state government will go after such small businesses, particularly in the period shortly after 1st October.
The state of Nevada originally passed this law in 2005 thus giving industry almost 3 years to prepare for today’s 1st October 2008 deadline. This law is designed, not specifically to prevent or filter spam, but as a move to protect citizens from identity theft, phishing and other similar crimes which can result in the leaking of personal private data over a public medium, such as the internet.
If other states observe and follow suit, we may be so bold as to speculate that we could see some sort of reduction in spam for that region as well as better digital protection for personal data on the internet.
Despite the inherent implication difficulties and the inevitable teething problems that will arise, we applaud Nevada for this pioneering and giant step forward.
Full details of the Nevada state law
Over the weekend it emerged that Google had performed a major deep crawl and updated PageRank (PR) data for sites in their index. Many webmasters seem to be as confused as ever as to why in particular their sites have seen PageRank increases or decreases, but one thing seems to be ringing a resounding bell across many SEO (Search Engine Optimisation) forums.
Webmasters in the SEO forum at Digital Point, for example, are expressing their surprise that sites which they spent considerable time optimising and promoting seem to have had their PR decreased while sites they relatively neglected saw PR go the other way.
Some webmasters are suggesting that the only possible reason for this is that Google could now be taking a dim view on the excessive promotion of websites using social bookmarking sites like Digg, Stumbleupon and Technorati.
Google may now be considering the over marketing of sites within these channels as attempts to spam their index in order to unfairly rank higher in search results. The search giant is constantly tweaking its algorithm in order to filter spam and ensure the integrity of its search results continues to remain the most relevant and most highly regarded in the industry.
Spam filtering measures such as this, if the claims are founded, are just another in a long line of major directional changes Google have implemented into their search engine results spam filter to prevent the poisoning of their index. In the past they have dropped the relevance of the keyword tag, penalised sites which enter into controversial link exchanges and, even developed measures (allegedly) to prevent spammers who create short term sites benefiting from high search result placements in order to sell their dubious spamvertised products (search engine poisoning). These are just a few.
If it is indeed true that Google have rewritten their algo to weed out social bookmarking spam, could this spell the end of the social bookmarking phenomena which has surged in popularity in just a few short years, heavily due to the popularity of the medium with SEO experts and webmasters?
We will be watching developments closely and welcome your comments in the meantime.