Hugo’s blog

Ever since we moved back to the US, we’ve been receiving tons of mail. Not only that, but every letter is accompanied with tons of other stuff: bills usually come with pages of fine print terms, and often with some ads. Basically, advertising is everywhere in the US.

Anyway, in addition to normal mail, standard ads, endless pre-approved credit cards applications – it’s funny, when I didn’t have a credit card, nobody wanted to give me one, but now that I managed to get one, everybody is proposing me another one –, I started receiving a new kind of spam.

We purchased a new car when we moved here, and it seems that there is an industry that is very eager to hear our feedback on the car, so much so that, with the lengthy questionnaire that they sent us, they send a dollar bill to motivate us to reply:

In France, it’s illegal to send cash by mail. I thought that it would be the same in the US, but apparently not. Anyway, they obviously are trying to make me guilty by giving me money:

I’ve now received three different questionnaires, and three dollar bills. And I actually am starting to feel guilty for not replying, not because of the dollar bill actually, but because of all this paper that the forms are printed on and that is going to waste. Fortunately, I recycle religiously.

I discovered the CAN-SPAM act today. How? Well, I received a spam, I was curious to see what they were trying to sell me, and I discovered a CAN-SPAM logo proudly displayed on the Web site, indicating full compliance:

I actually was not familiar with CAN-SPAM, and Wikipedia explained to me the CAN-SPAM act of 2003:

CAN-SPAM Act of 2003 (15 U.S.C. 7701, et seq., Public Law No. 108-187, was S.877 of the 108th Congress), signed into law by President Bush on December 16, 2003, establishes the United States’ first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.

It goes on to describe the requirements for unsolicited emails:

The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it contains all of:

• an opt-out mechanism;
• a valid subject line and header (routing) information;
• the legitimate physical address of the mailer; and
• a label if the content is adult.

So let’s have a look at the email I received:

• an opt-out mechanism: no
• a valid subject line: no, pouch more chicago
• header (routing) information: no; received from athedsl-124852.home.otenet.gr, and from Norris with a forged address in my own domain
• the legitimate physical address of the mailer: no
• a label if the content is adult: not applicable

So that’s the CAN-SPAM act for you. Interestingly, it looks like the US congress is about to look into this issue again. I guess that they can only be more successful.

I am always entertained by the cat and mouse game that spammers play.

At first, we had a few rules to catch spam. But spammers got smarter. So we started using Bayesian filters to tell which emails are legit and which are unsollicited. And of course, spammers started working around it by using Bayes poison.

And as spam filters started getting better at detecting those, spammers started using images for the content of the message, and Bayes poison for the rest of the message. So spam filters started reading into those images to see if they were containing spam.

The next logical step was obviously for spammers to try to block the optical character recognition step. Not surprisingly, I received today my first spam as an image with diagonal text:

Let’s look at the next possible steps:

1. Spammers introduce Bayes poison in images
2. Spammers start using CAPTCHA technology for their messages
3. Spammers give up on images, and start using videos

That’s obviously one of the many possible scenarios, but the bottom line is that the story goes on until we find a better way to do email. Considering how electronic signing has failed until now, the future of email is looking rather grim.

After reading about Norm’s move to math CAPTCHAs, I decided to try it myself. I actually did not have to implement it myself, as there was already a WordPress plugin for this: Did You Pass Math?.

The result is that I have not gotten a single spam comment since I installed it. This goes to show that visual CAPTCHAs and all their accessibility problems are not the only solution to stopping spammers.

I just received an interesting spam which managed to go around all my spam filters. It starts with:

This email is:    [ ] actionable   [x] fyi        [ ] social
Response needed:  [X] yes          [ ] up to you  [ ] no
Time-sensitive:   [ ] immediate    [X] soon       [ ] none

It’s nice for them to classify it as fyi. I’ll pass on replying to it though. And I’m dealing with it in a time-sensitive manner as advised: I’m deleting it and making my filters learn about it right now. Thank you.