I am assuming that the readers’ e-mail will be accurately represented by the statistics presented in this report. This report will be more or less helpful depending on a wide variety of factors regarding e-mail that vary from person to person, such as:
- Whether they send and receive forwards
- Whether they have a corporate e-mail account or a ‘free’ account
- The level of spam and attachment protection available to them
When you walk down your driveway and put a letter in the mailbox, you expect it to reach its’ destination. The odds are, you have never had anything lost in the mail—or if you have, it hasn’t happened twice. You expect the U.S. Postal Service to deliver your letters, every single one of them. What you do not expect is for them to keep mail from reaching you; in fact, that’s illegal.
You expect the same with phone calls; unless a storm knocks the phone lines out while you’re talking to someone, you expect them to hear what you are saying. Expectations are slightly different with cell phones, however. Sometimes you may be traveling through an area of bad reception and the phone cuts in and out so that the person you are trying to talk to only can only hear every other word.
E-mail is even worse than an old cell phone. You would expect electronic mail to be like the Postal Service, delivering your letters day or night; unfortunately, this is not the case. Most Internet Service Providers (ISPs) block e-mails that they think you don’t want to receive. ACU, for example, blocks e-mails from certain known spam senders, from those sending a lot of e-mails at once to ACU, and those believed to be spam for a variety of other reasons.
This conclusion is supported by research done by Fred Langa of Langa.com. In an e-mail test involving 10,979 volunteers, 40% of e-mails failed to reach a human recipient. The article reporting his results is available from http://www.informationweek.com (‘Search’ for 17300016). He actually had four different test groups.
Group One contained the first 1,500 volunteers. Each received an individual e-mail (sent to only one of them at a time) with instructions to send an e-mail to a different account than the one they received the e-mail from (to avoid auto-reply e-mails and bounced e-mails). The failure rate for these e-mails was 33%; 1005 acknowledgments were received. It is not nearly as reliable as postal mail.
Group Two contained 2,497 volunteers. Each of their sign-up e-mails was replied to and quoted, with the forwarding instructions included at the bottom. Despite the fact that these e-mails contained the actual words of the recipient, Langa received only 749 responses, or a failure rate of 70%.
Group Three had 5,432 recipients. The “To:” address was “Volunteer@Freetune.com”, while the 97 real addresses were put in the blind carbon copy list (BCC). E-mail was sent from a standard desktop e-mail client, such as Eudora or Mozilla Thunderbird. Langa saw 3,667 acknowledgments, a failure rate of 32%.
Group Four had 1,550 recipients. Each e-mailing had 25BCCs, and was otherwise identical to group Three's mailing. The failure rate was 27%; he received 1,130 acknowledgments.
Since groups One, Three and Four all had a similar failure rate of 30%, it is safe to assume that this is close to the real failure rate of e-mail in the real world. Langa suspects that the e-mail domain he was sending from (freetune.com) was listed as having a bad reputation (see Graphic 1), which resulted in the 70% loss rate for Group 2 (Langa).
Fred Langa has several suggestions for helping your e-mail reach its destination. First of all, you should make sure that your spam filtering doesn’t keep you from seeing e-mail at all—it should be put it in a junk mail folder of some sort, so that you can double-check it. Hopefully, the people you are sending mail to have the same sort of system in place.
But you can never be certain about the e-mail system of a person you are sending to, or if they check their spam folder on a regular basis. So keep your message short and avoid any words that may trigger a spam filter, including words like “opportunity” (many bulk e-mails offer “business opportunities”, more on that later), “beauty,” and so on. You should always check your spelling, as some filters look for spelling errors—this helps when Viagra is spelled “V1agra” in the subject line, but is a problem with legitimate messages from poor spellers.
All this applies even more so to initial contact e-mails. Your first message to a person should be very short and identify yourself, and ask them to “white-list” you. White-listing takes place with online e-mail programs when they add you (for example) to their Hotmail.com address book. If they have a spam program for business use, white-listing is done when they put your e-mail address in their spam programs white-list. Of course, you should do the same for them.
Business mailings to large groups of people suffer from the same e-mail filters. Instead of sending long reports on your companies’ recent activities, simply send a link to a web page containing the press release. Shorter is almost always better, but beware; an e-mail that consists mainly of hyperlinks can also be flagged as suspicious.
One of the easiest ways to send and receive viruses is through e-mail attachments. For this reason, many people are wary of e-mail attachments because of viruses they may have received in the past. In order to convince your recipient to open the attachment, you should send a “heads-up” e-mail before you send the attachment to let them know what the attachment is and why you are sending it to them. Better yet, ask them to tell you what format they want the file to be. For example, some people may have difficulty opening WordPerfect documents. Instead of sending them a file that they cannot open, you could save it as a different file type that their computer can handle. Some users may have slow dial-up connections, so they may ask that you send them a compressed, “zipped” file that is a smaller size.
Instead of sending 50 pictures from your latest cruise to your entire address book, you should instead post your pictures online at a free picture-sharing service such as http://photos.yahoo.com. Your family and friends can visit your own personal photos page at http://photos.yahoo.com/your_username, and then view, download, and even order prints of your pictures, but without causing a strain on their e-mail. You can share some folders and make others private. And it doesn't cost you anything; the only part that would cost them money is if they ordered prints.
Similarly, you can use http://briefcase.yahoo.com/your_username to store files. You can use the built-in e-mail function to invite others to download a file from your briefcase. E-mail attachments are untrustworthy; with easy-to-use substitutes like these, you probably don't even have to use them.
One of the main things to consider when sending e-mail is whether or not the recipient actually would want to receive it. This is especially the case with forwards; do you think that every single person in your address book wants to receive every single forward that you do? That seems highly unlikely, especially if you have more than your three best friends in your address book. The majority of adults to not believe that if they don't sent a forward on, they will have bad luck with love or life for seven years, or that they will fall over dead, or whatever other dire warning may be at the end of the forward to coerce people into sending it on. And as a computer professional, I can testify that sending a forward, no matter how many people you send it to, won't make a box appear on your screen with the answer to the riddle, any more than printing it out and handing it to ten people will make a voice whisper the answer in your ear. An e-mail is simply a few lines of text, nothing more.
So please, please, do not send a forward on out of supernatural expectations. Ask your friends what kinds of forwards they would like to receive from you: some would rather receive only personal e-mails and no forwards, some would like to receive every joke you receive, and some might like only the really good ones. If you ask your friends what they want you to send them, they are much more likely to see you as caring for their feelings.
There is more information on forwards in the following section, including details on urban legends and virus hoaxes.
Most likely, you receive more personal e-mail than business e-mail. Some of these e-mails are stories about how life is treating them, photos from their last vacation, and jokes. Other e-mails contain dire warnings about computer viruses, HIV-infected needles stuck into gas pump handles, and other oddities. One of the key steps to becoming a responsible e-mail sender is identifying and stopping these virus hoaxes and urban legends.
According to the Hoaxbusters web site (http://hoaxbusters.ciac.org), the cost of a single hoax can be tremendous. Assuming that all 50 million people on the Internet receive the hoax a single time, and each spends a minute reading the e-mail, the costs would look like: “50,000,000 people * 1/60 hour * $50/hour = $41.7 million” (HOAXBUSTERS). However, the Internet does not have a single hoax; it has dozens of hoaxes floating around it every single day. Just imagine the cost to our society if everyone forwarded information that wasn't true!
Another cost incurred by virus hoaxes is the load on e-mail servers. Let's say that each person sends the e-mail to 10 people (most people who forward these things send a lot more). At the sixth forwarding, the e-mail is sent to 1 million people! This places a strain on the world's e-mail servers, and increases bandwidth costs for e-mail providers. This causes Yahoo and Hotmail to put more banner ads or pop-up advertisements on their web sites. It is in the best interests of everyone to not send forwards.
Quite likely, every single person on the Internet has, at some time or another, received a warning about a virus that would destroy their keyboard, send their credit activity report to their mother, and play polka music loudly. Okay, it is possible that the virus warning did not say exactly that, but many come close. Is it better to be “safe than sorry” when it comes to virus hoaxes? Should we pass them on? The answer to the former is “yes”; the answer to the latter is “no.” Confused? Let me explain.
Many virus warnings instruct us to take action of some sort; all instruct the recipient to “send them on.” They tell us that no anti-virus program can detect this new virus, but that Microsoft and IBM have released warnings about it—a highly unlikely combination, that a hardware manufacturer and a software company would have more information than full-time anti-virus companies. This is the first clue that a virus warning e-mail is actually a hoax. Some virus hoaxes, such as the JDBGMGR and SULFNBK hoaxes, tell users to delete a system file. Here is the text of one such virus warning:
IT IS IMPORTANT THAT YOU LOOK INTO YOUR COMPUTERS AND CHECK IF YOU HAVE THE FOLLOWING VIRUS: sulfnbk.exe
IF ANYBODY HAS THIS VIRUS IN C:\, DELETE IMMEDIATELY BECAUSE IT ATTACKS ON NEXT DAY 25 OF THE MONTH MAY AND WILL DELETE ALL FILES ON YOUR PC.
THIS VIRUS CAME WITH E-MAIL AND IS INVISIBLE FOR VIRUS SCANNERS. PLEASE PASS THIS MESSAGE TO OTHER PEOPLE.
(Sophos hoax description: SULFNBK)
This specific file is installed with Windows 95 and 98 and is a file utility. It is not a virus, and is no more likely to be infected with a virus than any other program on your computer. Back to my questions at the top of the page—it is better to be “safe than sorry” with virus alert e-mails—it's safer to not forward them. It would be entirely too easy for someone to create a virus hoax that tells users to delete critical system files, so that their computer was unable to start. The cost of sending something like this can be enormous.
So what should you do? First of all, do not send the virus alert to everyone in your address book! Instead, take 5 minutes to do some research. An easy place to start is the Hoaxbusters' web site at http://hoaxbusters.ciac.org. You can check a long list to see if the subject line for the e-mail is listed; use the search feature; or search by category. If you cannot find it there, find a keyword (a part of the subject line, file name, or virus name) and search the McAfee Inc. Virus Information Library (VIL) http://vil.nai.com/vil/default.asp. If it's not there, it's (probably) not a virus. The VIL also contains hoaxes, so check your search results to determine whether it is a virus or a hoax that is in the VIL.
Assuming that you have proof that the virus is in fact a virus hoax, you need to stop the spread of the hoax. No, you do not need to e-mail everyone on the Internet. Simply reply to the person who sent you the hoax (and that person alone), give them the link the web page stating that the message they send was a hoax, and send back the following reply:
“You got duped by a hoax and you gave bad information to your friends & family. It happens to a lot of Internet users, so don't feel bad about it. But please don't leave your friends & family in the dark! They trust you, so you need to find the strength to tell them you got hoodwinked by a hoax. If you don't find the strength to do it, then you are pulling the wool over their eyes. You need to do the right thing. Send a follow-up e-mail to everyone right now while you're sitting in front of the computer” (Rosenberger).
Hopefully, the hoax sender is mature enough to warn their friends & family. You may want to send them a copy of this report, so that they have access to all the resources you do. If they repeatedly insist on sending virus hoaxes, then you may be able to discourage them by telling them to visit the following web site: http://www.grossweb.com/no-hoaxes.htm. It should put and end to their forwarding of virus hoaxes, at least in your direction (Gross).
If you receive an actual virus warning, do not send it to ACU students and staff. Team55 and the Helpdesk will handle all virus warnings on campus. If you wish to warn your friends and family, send them a link to the web page describing the virus. That way, they have a link to the most current and accurate information available, and they know that it is a genuine threat.
Urban legends are another commonly e-mailed item. Although fun to send and fun to read, it seems only fair to verify the accuracy of what you send your friends. After all, they would feel embarrassed if they told someone something they read in an e-mail, only to be contradicted. Your friend may even resent you for making them look stupid and gullible. Fortunately, the Internet has plenty of resources to help you find the truth behind the interesting claims sent around the world in eight days.
The first thing to remember is to use common sense. If someone really were putting HIV-infected needles in movie theater seats (or gas-pump handles), wouldn’t you hear about it on the news? Is it even physically possible to…? Asking questions like these is an important first step in deciding whether or not an e-mail is worth sending. It can even be fun to forward a corrected “List of Interesting Facts” as a “Fact or Legend” list, complete with links to prove or disprove each urban legend. The following sites are good places to start on your scavenger hunt:
-
Snopes.com, a private web site that has a green-yellow-red listing of hoaxes by category. The colors represent whether something is true, partly true, or completely false.
-
Hoaxbusters.ciac.gov, mentioned previously as a resource for computer virus hoaxes, also has resources for chain letters and urban legends.
-
Or, simply search your favorite search engine for information on the subject.
A common tactic used in forwards is citing impossible technological claims. Here is a couple for reference:
-
E-mail cannot be tracked. The American Cancer Society is not going to be giving the little girl dying of cancer three cents for each person who receives the chain letter. And no, Microsoft is not conducting an e-mail test, and will not send you $75 for forwarding the e-mail to 10 friends.
-
A magical message will not appear on your screen if you send an e-mail to 10 people. E-mail is the same as a letter; if you photocopied a letter and handed it to ten people, you would not expect a magical box to appear in the air with the answer to the riddle.
The danger of forwarding urban legends and chain letters is not simply because readers may believe their content, as is in the case of virus hoaxes that can cause users to damage their computers. No, the danger is that of spam. It is quite common to see a forward with hundreds and hundreds of e-mail addresses listed on it. A spammer who receives such an e-mail can harvest every single one of those e-mail addresses and know that almost all of them will be
e-mail accounts checked by humans. Every forward you send by putting your address book in the “To:” line results in your entire address book being shared with everyone in your address book. And when they click forward, every single address—and yours—is, by default, added to the message body. Basically, you are giving your e-mail address and those of all your friends to a spammer whenever you send an e-mail using that method. A slightly better way (that still does not protect your e-mail address) is using the “BCC:” (Blind Carbon Copy) field, which makes it appear that you are sending the message to only the recipient. Keep in mind that your e-mail address is still added to the forward and does not help your chances of avoiding spam; it is merely a courtesy towards your friends, and one you should encourage them to use.
The simplest response to forwards is simply to delete them. It is quite likely that all your friends have seen this particular forward before. However, if you permit your friends to keep sending you forwards (most likely using the “To:” field) your e-mail address still gets added to the forwarded e-mail sent to everyone in their address book, once again causing you to become a victim of spam. Ask your friend to stop sending you forwards, perhaps using this report as a reason why. If you really want get forwards without the spam danger, send your friends the paragraph above about using the BCC: field. Ideally, everyone would use this method and remove the line from the forward that says who the e-mail came from, or better yet, cut-and-paste the text of the forward into an entirely new e-mail.
Forwards are impersonal e-mails that some use as a substitute for genuine correspondence. Most should be eliminated because they are untrue, potentially harmful, and increase the e-mailing lists of spammers. Those few forwards that are particularly interesting and enjoyable can be passed on, but they must be sanitized of all previous e-mail addresses and sent using the BCC field.
And finally, the category of e-mails that make up the majority of e-mail sent to ACU in Graphic 1: bulk mail, more commonly known as spam. In the previous section, I said that forwards are a spammers’ harvesting grounds. In this section, I will talk about common scams and why no one should ever buy anything from an unsolicited e-mail. Finally, I will discuss precautions to take to keep from getting computer viruses from e-mail.
The Federal Trade Commission has a list of the top dozen scams that might show up in your e-mail. This list is available from http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm and should give an idea as to what is legal and what is not.
The scams include:
Basically, you should never buy anything from a bulk e-mail. If it was a legitimate opportunity, you could get it elsewhere. Any offer of free or easy money has to be a fake; otherwise, everyone would be using it (FTC Names Its Dirty Dozen: 12 Scams Most Likely To Arrive Via Bulk E-mail).
Many of the things offered in e-mails are illegal. Many of the business opportunities are pyramid schemes, which are illegal; others involve a large initial investment and/or lots of hard work with little in return. Any offer of Viagra or Cialis is illegal because you need a prescription to buy these drugs. Many of the other drug or herb offers are fake or dangerous; anything that really works can and will be sold in stores (FTC Names Its Dirty Dozen: 12 Scams Most Likely To Arrive Via Bulk E-mail).
One common scheme is the 419 scheme, named after the section of Nigerian law that outlaws fraud of this sort. Plenty of details are available from the U.S. Secret Service at this link: http://www.secretservice.gov/alert419.shtml. This form of scheme is a common way of making money in Nigeria, but people from other countries do it as well. The scammer usually poses as a government official who has a large amount of money that is “unusable by the government” that he cannot get out of the country because he is a “simple civil servant”, or perhaps they want the money out of the country for “safekeeping”. The simple fact of the matter is that they are looking to extort a lot of money from you (Secret Service).
Another commonly seen type of e-mail is the e-mail that looks like it is coming from your bank. This e-mail is actually from someone called a ‘phisher.’ ‘Phishing’ consists of pretending to be an actual bank in order to get account details from customers. This information is then used to access the bank account and remove all the money from it. The easiest way to avoid this scam is to not use the link provided in the e-mail to access the companies’ web site because the link usually points to another web site that is set up to look just like the real thing in order to capture your log-in details. Instead, go to the banking web site the way you usually do to sign in (by typing in http://www.paypal.com or whatever your banks’ web site address is) and see if anything is actually wrong (Horowitz). If there really is a problem with your account, your bank should phone you or send you a postal letter, not an e-mail.
E-mail has become one of the most common ways to spread viruses. These viruses masquerade as anything from resumes to pictures of Britney Spears. Yahoo! Mail and Hotmail both provide scanning of attachments, which provide a fair amount of protection. Likewise, ACU scans e-mails and removes any viruses attached to them. NEVER open an attachment without scanning it. Figure 2 shows the attachment scanning provided by Yahoo! Mail.
Figure 2
The above is a picture of a double file extension e-mail attachment. It is masquerading as a text file, but in reality is a PowerPoint file. Always scan all attachments. In this instance, Yahoo! Mail attachment scanning is provided by Norton Antivirus.
One of the easiest ways to “quick-check” a file is to look at the file extensions. File extensions are the part of the file name after the ‘.’; Word documents have a ‘.doc’ extension. Right-click the file after you save the file to your computer but before you open it. Click Properties. On the General tab, look at the file name. If it is something like image.jpg, then it is a real picture and is most likely safe. If it is resume.doc.pif, however, it has a double file extension and is trying to hide its’ true nature. The second extension is always the real one. Always delete any file with a double extension—the only reason to have a double extension is to trick someone into opening it, which means that it is meant to cause harm to your computer. Figure 2 shows a double file extension of “.txt.ppt”—the .ppt (In this case, indicating a PowerPoint presentation) is the real extension. Be wary of the following file extensions, whether they are at the end of a double extension or the only file extension:
-
EXE
-
COM
-
DLL
-
PIF
-
SCR
-
BAT
-
VBS
-
JAR
These are all self-executing (program) files of one sort or another. Most have legitimate uses; for example, Microsoft Paint is called mspaint.exe, and space.scr is a screen saver. Be sure to scan any files with these extensions with your virus scanner before you run them. Many virus scanners add a virus scan feature to the right-click menu. This is the easiest way to make sure that any files you download are free from viruses.
Another thing that viruses do is put themselves inside of zip files (compressed files with a .ZIP extension). Some virus scanners cannot ‘see’ inside zip files, so viruses can go through e-mail undetected. It is safe to open a zip file (as long as it is not a double-extension, ‘fake’ zip file) using your favorite zip program. I like free 7-Zip from http://www.7-zip.org, but the most popular zip program is WinZip from http://www.winzip.com. After opening the zipped file, extract the contents and run a virus scan on the file or files inside.
Paranoia is the best prevention for e-mailed computer viruses. Never, ever open attachments from people you know, and if a friend sends you a file e-mail your friend back and ask them what the file is that they sent you. If they didn’t send it, then a virus had to have sent it, and you must delete the file without opening it. The virus may not have been on their computer, so do not tell them so; the virus could have grabbed their e-mail address from someone else's address book and put it on the “From:” line of the e-mail.
When sending e-mail, try to avoid words commonly used in spam e-mails. Make your subject line as clear as possible so that your recipients know why you are sending them the e-mail and why they should read it. Put all your contacts in your address book and (if applicable) your spam program’s white-list. Mailings to large groups of people should use the “BCC” field and preferably include a link to an online report, rather than including the whole thing in an e-mail.
Avoid sending e-mail attachments, as they are often the source of viruses, and people will be suspicious of them. Instead, place your files in an online file storage location such as Yahoo! Briefcase, and e-mail them a link to the file.
Avoid sending forwards because they place a huge strain on e-mail servers and are no substitute for genuine human contact. E-mailing virus warnings can actually take down a mail server faster than the virus itself. Almost all e-mailed virus warnings are actually hoaxes. Urban legends also spread through e-mail, and e-mailing them shows that you are gullible.
The majority of incoming mail is bulk mail, also known as spam. Do not ever respond to a spam e-mail. Most of them are offering illegal products or services, or are simply scams. Anything that seems too good to be true is too good to be true. Actually buying something from a spam e-mail will also greatly increase the flow of spam.
Another danger is “phishing”, where a scammer pretends to be your bank or something similar. Do not ever send personal data (especially your Social Security number and bank account number) through e-mail or by clicking on a link in an e-mail from your “bank”. The link probably points to another website and is disguised as a link to your bank. Instead, go to the bank web site the way you normally do.
E-mail has become one of the most common ways for viruses to spread. Do not ever open an attachment from someone you do not know. Always e-mail your friends back to confirm that they actually sent you an attachment. Always scan your e-mail attachments for viruses before opening. Be especially aware of “double extension” files, which appear to be an innocent text or image file but are actually programs.
"FTC Names Its Dirty Dozen: 12 Scams Most Likely To Arrive Via Bulk E-mail." Jul 1998. Federal Trade Commission Home. Federal Trade Commission. 30 Nov. 2004 <http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm>.
Gross, Aaron. "Gotcha." 4 Dec 1998. Aaron Gross. 30 Nov. 2004 <http://www.grossweb.com/no-hoaxes.htm>.
HOAXBUSTERS. 30 Nov. 2004 <http://hoaxbusters.ciac.org>.
Horowitz, Michael. "Examples of Bad E-mail Messages." 6 Nov 2004. Michael Horowitz Personal Web Site. 30 Nov. 2004 <http://www.michaelhorowitz.com/bademails.html>.
Langa, Fred. "Langa Letter: E-Mail: Hideously Unreliable." 12 Jan 2004. InformationWeek. 30 Nov. 2004 <http://www.informationweek.com/story/showArticle.jhtml?articleID=17300016>.
Rosenberger, Rob. "Q&A: My friend forwarded a hoax virus alert to everyone. What can I do to help?." 13 Jan 2002. Vmyths.com. Vmyths.com. 01 Dec. 2004 <http://www.vmyths.com/hoax.cfm?id=271&page=3>.
"Sophos hoax description: SULFNBK." Sophos. Sophos. 30 Nov. 2004 <http://sophos.com/virusinfo/hoaxes/sulfnbk.html>.