Baby with the Bath Water

“I have a great spam filter.”
At a recent holiday party I asked a friend about an e-mail I had sent him. He pondered for a moment and shook his head. The above was his response, which perplexed me for a moment.

Did he consider my correspondence spam? Was he being facetious?

I grinned and suggested, “Maybe it’s a little too good?”

This scenario is played out every day across America. Consumer confidence in e-mail is in crisis. Our increasing intolerance for unsolicited commercial e-mail has prompted many to launch a diligent attack on spam. Unfortunately are assault is so vicious it risks taking out e-mail as a viable communication tool in the process. If you rely on electronic mail to distribute information this has most likely made your life unpleasant.

User Unfriendly
The biggest problem is the huge number of Internet users who have no idea what may be blocking legitimate messages. Their Internet Service Provider (ISP) has installed some new software they either know nothing about or can’t figure out. While this is troublesome it can be overcome– simple announcements are a great start. The worst part is the bad reflection it casts on parties who have no control over the situation.

When someone visits your web site or contacts your organization they may request information. Many of these requests are transacted via e-mail. Even if they begin as a contact form or blog message, the end result is often in the form of an e-mail message. But let’s suppose a spam filter prevents your acknowledgement or reply from reaching that visitor. Is his first thought to check his “whitelist” or Bulk folder? Does he rush out and call his ISP? Hell no, he’s pissed at you!

Black List, Gray Area

Another trend that really troubles me is the growing number of ISPs and mail administrators that are using Realtime Black Lists to block mail. The idea is to maintain a list of servers and IP addresses that are known to be exploited by spammers. While this is good in theory, it sucks in practice. The problem is, like the Jackson Five song goes, one bad apple don’t spoil the whole bunch, girl.

Imagine a ne’er-do-well signs up for a Yahoo account and starts blasting out Nigerian spam. He is sending this from Yahoo so his address is most likely going to end with yahoo.com (or something similar). Next a blocking list server sees all this spam being sent and decides to blacklist the yahoo.com domain. See any problem there? Like maybe the millions of legitimate Yahoo Mail users?

Now don’t get me wrong- not all of these blacklist guys are so stupid. But, believe it or not, some of them are! And then an even bigger idiot decides to subscribe to one of these half-baked schemes and implement it on his mail server. So now we have legitimate folks trying to send invoices to customers or proofs to publishers or listings to members or news to subscribers or… whatever, it doesn’t matter because it’s bounced or discarded as spam before it reaches anyone.

The Final Solution
A proper solution to the problem of spam is in the works. It basically involves basic authentication to restore accountability. A treatise from the Email Sender and Provider Coalition offers a detailed explanation of the problem and the solution. This is something anyone who administers an e-mail server should read.

But that doesn’t mean Mr. Average User shouldn’t do your part! The ESPC also offers a great little tool on their web site which allows you to test your own e-mail address to see if it complies with the proposed standards. It’s a simple tool, just send an e-mail to the sample address provided. Give it a minute then click the View Sample button to review the results. If your mail doesn’t pass tell your ISP or network administrator about it. Let them know you’re concerned and you think it’s important to consider improving your e-mail authentication. Suggest they visit this link for more information: www.espcoalition.org

Always Searching

Most of us take simple computer tasks for granted. For instance, like visiting a web site we might read or hear about. You open your favorite web browser and type the ubiquitous dubya-dubya-dubyas in the address bar and hit the enter key. Right? Assuming we typed in the web site’s address correctly it will eventually appear on our screen. Seems pretty straightforward to me.

I found just how wrong I was last week while working on a project that would be promoted through a new sub-directory. The project name would thus be added to our normal domain name. So our usual www.companyname.com would become www.companyname.com/project. There was nothing secret about it, so we decided to publish the test site to the live server (also gives the search engines a chance to find it). Pretty common practice, I thought, so there didn’t seem to be any reason to get alarmed. We send it out to our group of testers and they’ll type it into their address bar and have a look at the project test site. What could be easier?

The next day I found just how wrong I was.

Find and Ye Shall Seek
My boss beeps me and says nobody can “find” the test site. Before I had time to realize who I was talking to I asked, “Whaddya’ mean find it?” Turned out he was just as perplexed as our test group.

After a little digging I found out my boss was typing www.companyname.com/project in to Google. Since the sub-directory was less than a day old it didn’t return any search results. It did provide a simple link to the URL, but he didn’t bother to read that part or click the link. I calmly suggested he enter the web address into the box on the toolbar and see what happened. He was amazed.

I later found out there is a very large percentage of Internet users who “search” for web addresses. If you don’t believe me check your web stats. Look at the referring search terms report for your own domain name. I bet you’ll find some. This is the modern equivelent of dialing the operator to connect you- even though you know the number. Do they even do that anymore?

The lesson I learned from this was to publish new directories for a few days in advance of any public test. That allows the search engines some time to discover the new address, and return some sort of result. Also avoid promotions that use a “pre-domain” in place of the typical WWW. Like project.companyname.com. The problem you’ll run into here is people insist on adding the WWW on the front and it will 404. It’s probably best to stick with the simple www.companyname.com/project instead.