Saturday, March 22, 2008

Contact details: how can I send you an e-mail?

Vine Study #1 (see end-note)
8" x 10", coloured pencil on Arches HP

copyright Katherine Tyrrell

Today's Techie Saturday post is about e-mail addresses on websites:
  • advertising your e-mail address;
  • leaving your e-mail address; and
  • avoiding e-mail spam.
When writing posts for this blog I often need to contact people, for example - to ask permission to use their image in a post. This can be more difficult than you might expect!
Any e-mail address posted in public is likely to be automatically collected by computer software used by bulk emailers — a process known as e-mail address harvesting — and addresses posted on webpages, Usenet or chat rooms are particularly vulnerable to this.[1] Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a mailing list that is archived and made available via the web or passed onto a Usenet news server and made public, may eventually be scanned and collected.
Wikipedia
Some people are understandably very wary about having their e-mail on a website because of the tendency for the 'evil spiders' to come along and harvest e-mails from websites for use in e-mail spam endeavours such as e-mail spoofing.

I find that often I'm unable to find any e-mail address on an artist's website - always assuming I've actually been able to find a website for them! That, of course, means you're never ever going to get contacted by anyone! However if you're an artist you may want potential buyers, galleries or even bloggers like me to contact you!

People who want to avoid e-mail phishing but do want contacts often use guestbooks or forms instead. Unfortunately, these tend to also be targets for the same sort of attempts at harvesting or phishing which means I personally won't use these at all unless I know it has got reputable security for my e-mail address!

So where do we go from here?

How to avoid abuse of your e-mail address

I think I've solved the problem by including my contact details as an image - check the e-mail address under my photo on my 'About the artist' page on my website. I created a mini banner image of my e-mail address, as an jpeg image, in Photoshop and and then uploaded it as an image to the site. It just needed a few fiddles to get the size right.

The image also includes the other protection I was using which was to avoid writing the e-mail address in the conventional way. Instead I use
  • [AT] in place of @
  • [DOT] in place of .
I then learned that some phishing programmes are set up to look for e-mails coded in this way - which is when I switched to using an image - which I understand can't be read by the nasty spidery things.

There are various anti-spam techniques relating to e-mail. You can find an overview of them on various sites.
  • Address munging - this is what I do. I disguise my e-mail address but do so in a way which is transparent to people who have a legitimate interest in knowing what it is
  • avoid commenting on blogs with inappropriate levels of security. I never leave my e-mail address when commenting on a blog unless I have too and only do so if required when I know that the blogging software is reputable. If a blog you are commenting on has e-mails displayed you know what level of security is being used.
  • avoid responding to spam - but you all know this don't you? Never open an e-mail where you don't know the sender or it looks like spam.
  • contact forms
    • If are using a website service which provides a contact form - ask the service about the sort of security they provide and think about whether they are generally demonstrating a practical and overall good regard for your security (eg privacy policies and statements). For example, if the website owners aren't even aware that this might be a problem you have an indication of the level of expertise they are employing!
    • Only use contact forms if they have good scripts and appropriate security levels. If possible, reassure people who might want to contact you by saying what level of security is used - otherwise people may not use them.
  • disable html in e-mail - most e-mail spam is sent in html and the general advice is to never click links except in e-mails sent to you by people you know.

HTML allows for a link to have a different target than the link's text. This can be used in phishing attacks, in which users are fooled into believing that a link points to the website of an authoritative source (such as a bank), visiting it, and unintentionally revealing personal details (like bank account numbers) to a scammer.

If an e-mail contains web bugs (inline content from an external server, such as a picture), the server can alert a third party that the e-mail has been opened. This is a potential privacy risk, revealing that an e-mail address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some e-mail clients do not load external images until requested to by the user.

During periods of increased network threats, the US Department of Defense converts all incoming HTML e-mail to text e-mail.[14]
wikipedia: html e-mail

  • report spam - the more people actually report spam the faster it gets cleared from everybody's inboxes. I'm always amazed by people who say that they have a lot of spam which they have to clear out of their inbox - and tend to avoid e-mailing such people. It means they're not using security which works! I'd say 95% or more of the spam sent to me is caught and diverted before it hits my inbox.
  • Avoid phishing via pop-ups: Safely close a pop-up ad by pressing Ctrl-W (if you're using a Windows computer) or Command-W (on a Mac computer) to avoid installation of a virus or other malicious software on your computer (Yahoo phishing tips)
  • more ways to stop e-mail abuse on Wikipedia
Further thoughts on e-mail despatch, receipt and response

Incidentally, if you do find a contact e-mail address and do send an e-mail to an artist I suggest that, in order to be avoid being treated as spam, you are careful to:
  • use an explicit headline for your e-mail and
  • make sure that the first few words make you instantly identifiable as somebody who has got the e-mail address from the artist's website.
If you're an artist and have an e-mail address on your website, you might want to think about how often you monitor it - or whether you're still including on your website that e-mail address which you actually stopped using a year ago!

All the artists I contacted this week for this week's posts about the Pastel Society exhibition and the Pastels 100 post responded within hours of me sending my request. Would you have been able to do the same?
_________________________________________

I hope you find this helpful. It's certainly not the last word on this topic. I'm sure there will be people reading this who can also offer good advice too - if so please use the comments function. Please also use the comments function if you have a query although there's no guarantee I can answer it!

You can find more Techie type posts on this blog by clicking the Techies category label in the right hand column.

[Note - Vine Study #1: This is my first go at a rather complicated piece - and it hasn't worked! There's a lot more subtlety and balance required before I'm happy. It has however served its purpose in demonstrating to me how I need to get on with sorting out some new pencils to replace those which were 'culled' following receipt of my lightfastness workbook!]

11 comments:

  1. I really appreciate your blog. Great post! I’m going to add you to my favorite blogs list. Feel free to add me. Have a great one!

    ReplyDelete
  2. All good tips. One question - if you do an email image is it clickable (it should be) and if not then you're still neglecting visitors. I've also started using reCAPTCHA which I'm loving - it doesn't require the user to put in any personal info at all. It's just a code recognition thing, like here on Blogger, except in this case it's being used for a good cause too (transcribing analogue books to digital). It definitely reduced my spam from my website anyway. I find most of my spam comes from registering on other websites and such unfortunately. So be careful where you post your email when you're not really thinking about it! (for example, your profile on all those social networking sites)

    ReplyDelete
  3. Thanks Tina - sounds to me like you should be doing a blog post to explain reCAPTCHA!

    The problem as I understand it with making the image clickable is that you then need to insert code (mailto:) which can still be read by those nasty spidery things which set out to grab as many e-mails as they can fine. So you haven't really reduced the chance of it getting captured.

    I'd be very happy to be proved wrong on that one! But I I read up about this in detail when I was trying to decide what to do re my website and decided then that image and no code was the way to go.

    However having a nice simple easy to remember e-mail address makes writing it into your address book a doddle for anybody.

    ReplyDelete
  4. I have an email contact address in my profile on my blog and I'm not aware of it bringing me any spam. To be on the safe side I do use a special email address for my blog so that I can discontinue it if there is ever a problem, without it impacting on my private email address.

    I actually made a plea in the comment part of my blog this week for people to post an email address. So often I would love to send them a private message of thanks and can't because there isn't an email function on their profile.

    I think your vine drawing is not far off the mark at all. Beautiful drawing that looks to me as if it just needs a bigger contrast of values. Certainly not a failure!

    ReplyDelete
  5. I actually used a code like firstname@lastname.com as my email address and I haven't received any spam to date- though I do admit that some visitors don't tend to 'get it' and it can be a bit frustrating !

    ReplyDelete
  6. Wow! this is an eerily timely post: I just finished updating the "Contact" page on my website! I have both a business card type image and a contact form on that page. It's funny, but I've never had anyone who's e-mailed me say they found my e-mail on my website - they always use the contact form. Anyone who e-mails me mentions reading my blog.

    ReplyDelete
  7. You're exactly right Katherine - a clickable image means your email address is in the html. That was precisely my point - any NON-clickable email address is inconvenient and inappropriate in this day and age. So if you're using an image that isn't clickable that's not good web or business practice.

    People don't expect to have to do anything extra to contact you while they're online, nor should they have to. Nothing should be an obstacle to someone contacting you.

    I deal with my spam on my end, it isn't my visitors' problem. I try not make my customers change their habits of using the internet in a simple click and go way in order to make something easier for me. As best I am able anyway. :) reCAPTCHA is what I felt a fair compromise and using an approach that has become fairly standard.

    ReplyDelete
  8. But Tina - I have to fill in my name and e-mail address on about half the blogs I comment on - in other words I'm typing to communicate with somebody. It's not such a big deal surely to fill in somebody else's for a change?

    ReplyDelete
  9. Do you LIKE having to type your name and email when you want to comment? Wouldn't you rather not have to do that? Wouldn't you rather be able to just click and go?

    ReplyDelete
  10. Oh, and it seems worth sharing - a techie person I follow on RSS and Twitter has criticized captcha forms too. So I'm strongly considering removing that now too.

    ReplyDelete
  11. I've also read captcha forms are useless against spam and just more of an annoyance for the legit user. If you've ever read Lorelle's Wordpress blog, she seems pretty heartily against them.

    But what to do? I have a self-hosted Wordpress Blog and I use the SpamKarma plugin which works wonders for spam comments.

    But for my website I just use a web form and the "scrambled" email code. It's okay, but lately I'm finding nonsense in my web forms, as if someone or someTHING is running a test to verify a valid email address in order to harvest it. *Sigh*. The only thing else I can think to do now is to just use some kind of spam blocker program for my email.

    ReplyDelete

COMMENTS HAVE BEEN CLOSED AGAIN because of too much spam.
My blog posts are always posted to my Making A Mark Facebook Page and you can comment there if you wish.

Note: only a member of this blog may post a comment.