Getting
the Most Out of E-mail (Part 2)
Protecting Yourself from SPAM and Other Undesirables.
I asked a systems administrator
friend of mine for his take on email.
In
part one I concentrated on how you can better manage the time
you spend reading email. In this essay, my admin friend and I
go into more details on how you can protect yourself and use the
resource more wisely.
Don't Believe Everything You Read
- Just because it's email, doesn't mean it's true. Turn on your
brain before reading. If an undisclosed friend of a friend has
some insider-information on anything (viruses, stocks, improvement
of body-parts, alien abductions), don't always believe it.
- Some places you
can go to verify information are:
- For run of the
mill rumors, go to http://hoaxbusters.ciac.org/ or go to www.google.com
and type in "urban myth." You'll get enough information
to keep you busy for a while.
- For virus hoaxes
try: www.symantec.com, www.antivirus.com, www.mcaffee.com
Pandora, be Careful of What You Open
- Attachments can contain viruses and other nasty things. Don't
open them unless you expect them. How likely is it that your
grandmother will send you a VB-script? If you don't know what
a VB-script is, you have no business opening it. See my article
on viruses for more details.
Beware of Geeks Bearing Gifts
- Microsoft, Norton, HP and other reputable software manufacturers
do not send out updates and patches unsolicited. They may send
out a notice that a patch is available, but you will have to
go to the web site to download it. Make sure you are on a valid
web site.
- One such scam of
this sort had verbiage that was taken from a
Microsoft page, and the other links on the page were back
to the Microsoft site. However the executable program attached
was malicious.
Beware of Unsolicited Requests for Information
- There is a growing business in Financial
Institution Scams and Hoaxes (FISH - spelled "phish"
in web-parlance).
- In one credit-card scam, the email looked like it was from
ebay asking you to "update the account" and give them
your CC-information. The mail looked very authentic. They used
ebay's logo and their email contained almost no grammatical
mistakes.
The "click here"
link even looked as if it would take you to ebay. The readable
text on the page said, "http://register.ebay.com".
However, when hovering over the link with the mouse (pointing
the mouse over it, but not clicking), the bottom my email-program
revealed the real link in the bottom status line of the window.
It didn't look like ebay at all. It's not difficult to create
fake links.
Check Your Mail Settings
- Make sure your mail program is not set to open attachments
automatically. If you can't change this setting, get a new mail
program.
- Even so-called "harmless" HTML (web pages) can get
you in trouble. Try to change your settings so that links to
external resources will not be displayed automatically.
Pictures included in an email should be attachments, not self-loading
URLs pointing to different servers. By loading those pictures
automatically, the sender can determine that you have received
the email, and if the link is crafted well enough can even get
information like your IP-address, email-address, and what time
you read the email.
Where Does SPAM Come From?
The lunch meat comes
from Hormel
Foods; the junk mail comes from a variety of sources.
It costs 1/40 of a
penny to send out an email. So a spammer can send out 400,000
emails for $100. If they can sucker only one fool in every 400,000
to spend $100 with them, they've made money. According to P.T.
Barnum, the odds are on their side.
Spammers get your email
address in a number of ways.
- Check the fine print when you order something on line. There
is usually something you have to do (like uncheck a box) to
opt-out of receiving junk mail from them and everyone else they
sell your email address to. Those privacy statements are long
and boring, but worth while reading.
- There is no reason to give your real email address to anyone
over the phone or in mail when you order something either.
- Read the fine print on that software you download. Downloaded
software can also contain "spyware." That is, data
mining software that not only reads your email address (and
possibly others in your address book), but also reports on your
web browsing habits so they can target mail to you.
- Posting anything on the web almost assures your address will
be "sniffed out."
- Isn't it nice that Aunt Bessie sent you an e-card for your
birthday? Both she and you are now on a mailing list.
- Unscrupulous ISPs and mail providers will sell their account
information.
Reducing Spam
It's pretty hard to dodge
the spam bullet but there are some things you can do to minimize
it.
- Be careful where you browse.
- Have a "garbage account" for fun, and use a business
or personal account only for business or personal matters. Use
the garbage account to post to the web, download software and
order on-line.
- Read the fine print on everything you download.
- Get a program such as AdAware to look at your system and eliminate
spyware. You may have to turn off the anti-spyware software
to install legitimate software.
- Clicking on "unsubscribe" buttons in an email is
a two-edged sword.
- If it's an honorable mailing, they'll honor unsubscribe
requests.
- If not, you've just blasted your valid email-address to
hundreds of spammers.
- You'll have to use some common sense on which is which.
- If you recognize the company name, then there is a
good chance it's reputable.
- If the ad is for prescription drugs without doctor's
orders, bank transfers from African nations, or enhancement
of body parts, chances are it's a scam.
- Ads with misspellings, poor grammar and garbage text
are most likely scammer-spammers.
- Beware of freebies such as e-cards, free credit checks, etc.
Even though these services might be reputable, they will collect
and disseminate your email address.
- Few reputable companies do business using a "normal"
domain name such as AOL or Mindspring. Maybe some "cottage
industries" do. No reputable company does business over
free access programs such as Hotmail or Yahoo.
Help Your Neighbor
- Give them a clue. Use a good subject. Subjects saying "Hi"
are useless. Saying "Meeting" is better, but still
doesn't put it on the top of the pile. If you say "meeting
today", that's better, provided I even get the email "today"
and not "tomorrow". Saying, "Meeting with ACME
1PM 5-7 Boardroom", or "Presentation Files for 5/7
Acme Meeting" puts it right on target.
- Joke lists are
fine but please don't put everybody in the "To" or
"CC" line. If you do that, every recipient sees everybody
else's email address. Use the "BCC" field. BCC means
"blind carbon copy" - each recipient gets the mail
but other people's addresses are hidden. From the recipient's
point of view, it looks like the email was sent solely to him.
- Don't send HTML
mail. My systems administrator friend, who has to maintain the
webservers, loves it when people stay away from HTML-formatted
emails. HTML looks pretty, but it's email for crying out loud!
If you turn on "HTML" in your email, it will get sent
in plain text and as HTML. The html-version is 3-10 times larger
than the text version.
- Limit your attachments.
Binary attachments (photos, Word Documents, Excel Spreadsheets
and such) grow in size by at least 10% as they are "encoded"
for sending.
People have limits
on their email accounts, and the "undeliverable" reply
will likely put your entire email back to your inbox, including
the attachment.
Recently a company's
mail server crashed because someone wanted to email the pictures
from the company picnic to all 100 people in the company. That's
25 pictures, 1MB each for 25 MB times 100 recipients giving
us 2.5GB (2500MB), plus all the addresses that bounced back
because some recipients had 3rd-party email-accounts. OUCH!
A better solution
would have been to use the company's fileserver. Ask your friendly
Network Administrator to put the BBQ-shots on the fileserver,
and then email everybody that the pictures are on the "X-Drive"
on the server. Alternatively, post them on a web page and invite
people to go and browse them there.
- Think before pressing
the send button. Once it's sent you cannot undo it. If you're
in a huff, don't send an email. You send it, they receive it.
They have your statements "black-on-white" for eternity.
Email can and will be used against you in a court of law. Perhaps
the send button ought to have the Miranda statement ("You
have the right to remain silent ...") on it to cause people
to reflect.
- Email messages are
property of the company; not you. There is no privacy in the
workplace when it comes to email. Companies can even monitor
email you use on a third party account from a company computer.
- Most email clients
have a setting that says "check mail every 10 minutes".
Stick with it. The world won't end if an email has a 5-minute
delay, but on the other hand, some email-clients are brain-dead
when you set them to short intervals. They might check email
while they're still downloading email, resulting in 2 or 3 simultaneous
requests to the mailserver. To describe what this does to the
server in technical jargon is, "it barfs."
- Work for the win-win.
Be nice to your mail-administrator / network administrator.
They have to handle multiple requests but still want to help
you. That desire to help you goes up or down depending on how
you treat them. And learn from what they tell you. They can
really be helpful in keeping you out of trouble in the future.
One Last Thing
If you think that any
of these hints are valuable, please help me in a statistical survey.
Please inlcude your name, address, email address, age, gender,
mother's maiden name, bank account numbers, last three years'
tax returns, social security number and driver's license number.
|
