Book: 2nd Edition By Brian Livingston
www.WindowsSecrets.com
31 pages, $9.95
Review By Al Harrison and Randy Claridge
Brian Livingston, a highly-regarded expert of matters pertaining to any and all incarnations of Microsoft Windows and the author of the well known Windows Secrets series, has written an informative “e-book” that reveals modus operandi for protecting website-published e-mail addresses from exploitation perpetuated by purveyors of junk e-mail. Known as “spammers” in the electronic vernacular, such purveyors of spam are responsible for consuming daily significant attorney-time which tend to undermine the efficiency of e-mail communications.
A recent estimate of the profitability enjoyed by spammers by Ciphertrust (see, www.ciphertrust.com) is that a return of a mere single spam out of a population of 50,000 e-mails justifies this heinous procedure. That is, if only one spam-recipient unknowingly or inadvertently responds to a junk e-mail, while contemporaneously approximately 50,000 co-recipients properly reject the same junk e-mail, the spammer typically can realize a profit. Furthermore, according to data compiled by the SpamHaus Project, an anti-spam service (see, www.SpamHaus.org) which tracks spammers and also shares its findings with law enforcement, fewer than 200 spammers generate at least 80% of worldwide spam. The urgency for seeking “spam-proofing” protocols is evident.
Mr. Livingston’s thesis for foiling spammers’ dastardly exploits is for the user to affirmatively create an environment that inherently reduces spam. His ideal electronic landscape minimizes or avoids spam-flow on the basis of e-mail addresses being rendered invisible to spammers. Thus, spam-proofing may be achieved by hiding e-mail addresses from the robotic eyes of automatic e-mail “harvesting” applets that collect e-mail addresses for sale to a plethora of exploitative spammers.
He observes that harvesting applets focus on spam targets having predictable format: character strings having the format “your-id@domain name.” Accordingly, search criteria invoked consists of an algorithm that: (1) seeks occurrences of the special character “@”; (2) confirms that this “@” is followed by a domain name having a “.” delimited format such as “isp.com” or “YourDomain.com”; and then (3) copies the (non-blank) characters that precede the “@.” Of course, other top-level domains (besides the com-domain) such as net, org and edu would typically be included in this search strategy.
To prevent harvesters from electronically cumulating email addresses, the author suggests several approaches which he classifies as “Super-Simple,” “Simple,” Moderately Simple,” and “Advanced.” While not assuring success, these methods may significantly improve the usability of preferred e-mail addresses. When posting an e-mail address on a website, the most rudimentary deterrent to being placed upon a spam distribution list is to modify the way the e-mail address is conveyed to the reader. Rather than specifying “myname@isp.com,” it is preferable to present the address as “myname(at)isp(dot)com.” This approach foils harvesters by not displaying what is predefined as constituting a valid e-mail address. A spam bot does not copy every bit of text on a website, but rather scans millions of websites looking for the familiar “@” and “.” combination associated with conventional e-mail addresses. Unfortunately, the author concedes, spammers are beginning to include e-mail address variations such as “myname(at)isp.com” in e-mail scanning algorithms.
Another recommended method involves posting an e-mail address as a graphical image file instead of a textual string. Image files cannot be read by text-scanning routines, but, images provide website visitors a familiar e-mail address. Harvesters are not programmed to perform optical character recognition (“OCR”) on billions of web pages in the pursuit of collecting myriad e-mail addresses. Analyzing the enormous number of images encountered would drastically undermine the bots’ productivity. The primary drawback to relying on image files to depict an e-mail address is that visitors must manually type the address rather than just hot-linking via a single click.
As an aid to enabling website visitors to invoke the familiar point-and-click experience, Mr. Livingston refers to a free applet that embeds an encrypted “mailto:” hyperlink on a website. Then, once incorporated into a website, an email address may be invoked by visitors who can view an e-mail address as an image and establish contact by clicking on the encrypted hyperlink. The invoked hyperlink triggers a new e-mail message in the visitor’s default e-mail program and automatically populates the “To:” field with the e-mail address. Adding the prerequisite code to a website is more technically involved than the previous methods, but it affords website visitors easy e-mail access while simultaneously hiding the e-mail address from nasty bots.
The author introduces the most technically sophisticated method for spam-securing an e-mail address, while still affording convenience to website visitors: incorporating an interactive form into a website. Most website visitors are familiar with web forms, usually found on service support websites and the like. Nevertheless, as Mr. Livingston correctly notes, many businesses fail to design a visually-appealing form. Website visitors may acquire a subpar first impression of a business based upon what appears to be an amateurish form. Cost-effective web-design tools for generating web forms and website designers are available but should be carefully selected.
As yet another approach to avoiding spam, he suggests creating “disposable” e-mail addresses whereby each recipient of an e-mail is allocated a different address. Under this schema, if one such disposable e-mail address is compromised, the user simply ceases any further use, i.e., turns it off. The e-book includes a list of available disposable e-mail services, some of which are free.
Brian Livingston’s “Spam-Proof Your E-Mail Address” is an excellent way to not only become conversant with techniques for avoiding being inundated by spam, but also to experience the nuances of the e-book genre.
Al Harrison is a member of The Law Practice Management Committee and a former Chair of the Computer & Technology Section of the State Bar; he is a patent attorney and intellectual property lawyer practicing with the firm of Harrison Law Office, P.C. In Houston.
Randy Claridge is a recent graduate of South Texas College of Law who is an associate attorney practicing with the firm of Harrison Law Office, P.C.; he has extensive background in computer and Internet technology.
No comments:
Post a Comment