Saturday, March 22, 2008

Contact details: how can I send you an e-mail?

Vine Study #1 (see end-note)
8" x 10", coloured pencil on Arches HP

copyright Katherine Tyrrell

Today's Techie Saturday post is about e-mail addresses on websites:
  • advertising your e-mail address;
  • leaving your e-mail address; and
  • avoiding e-mail spam.
When writing posts for this blog I often need to contact people, for example - to ask permission to use their image in a post. This can be more difficult than you might expect!
Any e-mail address posted in public is likely to be automatically collected by computer software used by bulk emailers — a process known as e-mail address harvesting — and addresses posted on webpages, Usenet or chat rooms are particularly vulnerable to this.[1] Private e-mail sent between individuals is highly unlikely to be collected, but e-mail sent to a mailing list that is archived and made available via the web or passed onto a Usenet news server and made public, may eventually be scanned and collected.
Some people are understandably very wary about having their e-mail on a website because of the tendency for the 'evil spiders' to come along and harvest e-mails from websites for use in e-mail spam endeavours such as e-mail spoofing.

I find that often I'm unable to find any e-mail address on an artist's website - always assuming I've actually been able to find a website for them! That, of course, means you're never ever going to get contacted by anyone! However if you're an artist you may want potential buyers, galleries or even bloggers like me to contact you!

People who want to avoid e-mail phishing but do want contacts often use guestbooks or forms instead. Unfortunately, these tend to also be targets for the same sort of attempts at harvesting or phishing which means I personally won't use these at all unless I know it has got reputable security for my e-mail address!

So where do we go from here?

How to avoid abuse of your e-mail address

I think I've solved the problem by including my contact details as an image - check the e-mail address under my photo on my 'About the artist' page on my website. I created a mini banner image of my e-mail address, as an jpeg image, in Photoshop and and then uploaded it as an image to the site. It just needed a few fiddles to get the size right.

The image also includes the other protection I was using which was to avoid writing the e-mail address in the conventional way. Instead I use
  • [AT] in place of @
  • [DOT] in place of .
I then learned that some phishing programmes are set up to look for e-mails coded in this way - which is when I switched to using an image - which I understand can't be read by the nasty spidery things.

There are various anti-spam techniques relating to e-mail. You can find an overview of them on various sites.
  • Address munging - this is what I do. I disguise my e-mail address but do so in a way which is transparent to people who have a legitimate interest in knowing what it is
  • avoid commenting on blogs with inappropriate levels of security. I never leave my e-mail address when commenting on a blog unless I have too and only do so if required when I know that the blogging software is reputable. If a blog you are commenting on has e-mails displayed you know what level of security is being used.
  • avoid responding to spam - but you all know this don't you? Never open an e-mail where you don't know the sender or it looks like spam.
  • contact forms
    • If are using a website service which provides a contact form - ask the service about the sort of security they provide and think about whether they are generally demonstrating a practical and overall good regard for your security (eg privacy policies and statements). For example, if the website owners aren't even aware that this might be a problem you have an indication of the level of expertise they are employing!
    • Only use contact forms if they have good scripts and appropriate security levels. If possible, reassure people who might want to contact you by saying what level of security is used - otherwise people may not use them.
  • disable html in e-mail - most e-mail spam is sent in html and the general advice is to never click links except in e-mails sent to you by people you know.

HTML allows for a link to have a different target than the link's text. This can be used in phishing attacks, in which users are fooled into believing that a link points to the website of an authoritative source (such as a bank), visiting it, and unintentionally revealing personal details (like bank account numbers) to a scammer.

If an e-mail contains web bugs (inline content from an external server, such as a picture), the server can alert a third party that the e-mail has been opened. This is a potential privacy risk, revealing that an e-mail address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some e-mail clients do not load external images until requested to by the user.

During periods of increased network threats, the US Department of Defense converts all incoming HTML e-mail to text e-mail.[14]
wikipedia: html e-mail

  • report spam - the more people actually report spam the faster it gets cleared from everybody's inboxes. I'm always amazed by people who say that they have a lot of spam which they have to clear out of their inbox - and tend to avoid e-mailing such people. It means they're not using security which works! I'd say 95% or more of the spam sent to me is caught and diverted before it hits my inbox.
  • Avoid phishing via pop-ups: Safely close a pop-up ad by pressing Ctrl-W (if you're using a Windows computer) or Command-W (on a Mac computer) to avoid installation of a virus or other malicious software on your computer (Yahoo phishing tips)
  • more ways to stop e-mail abuse on Wikipedia
Further thoughts on e-mail despatch, receipt and response

Incidentally, if you do find a contact e-mail address and do send an e-mail to an artist I suggest that, in order to be avoid being treated as spam, you are careful to:
  • use an explicit headline for your e-mail and
  • make sure that the first few words make you instantly identifiable as somebody who has got the e-mail address from the artist's website.
If you're an artist and have an e-mail address on your website, you might want to think about how often you monitor it - or whether you're still including on your website that e-mail address which you actually stopped using a year ago!

All the artists I contacted this week for this week's posts about the Pastel Society exhibition and the Pastels 100 post responded within hours of me sending my request. Would you have been able to do the same?

I hope you find this helpful. It's certainly not the last word on this topic. I'm sure there will be people reading this who can also offer good advice too - if so please use the comments function. Please also use the comments function if you have a query although there's no guarantee I can answer it!

You can find more Techie type posts on this blog by clicking the Techies category label in the right hand column.

[Note - Vine Study #1: This is my first go at a rather complicated piece - and it hasn't worked! There's a lot more subtlety and balance required before I'm happy. It has however served its purpose in demonstrating to me how I need to get on with sorting out some new pencils to replace those which were 'culled' following receipt of my lightfastness workbook!]