everyone else is doing it, and may I interest you in some replica watches?

Anyone know who Liz Allen is? I don’t. She, or the nefarious spammer robot hackery person behind her programming wants me to be her friend on Facebook, I guess.* But I think Facebook really wants me to be her friend — and others’ — on Facebook.

facebook_peer_pressureThere are a few names on the peer pressure org chart shown here I know well, a few I recognize but have only had limited contact with via email, and a few that are complete mysteries to me. I guess it’s not a problem that these people all have my email address. I mean, I gave it to them (at least the ones I recognize). I don’t even really have a problem with people letting services like Facebook and flickr and dopplr and many others mine their contacts from other services. Indeed, I have done that on occasion as well (like when I finally caved and joined LinkedIn a few months ago — still scratching my head on that one).

But what’s the result of that? Through replication, eventually my email address and relationship to users allowing this sort of contact mining is known to organizations with which I (at least initially) wanted nothing to do, all over the big cloud of replicated contact lists. And if these services become vulnerable to manipulation, as apparently was the case here, is that a problem? I keep looking for the harm here, because something seems extra creepy about a spammy email message with pictures of people I know in it, but I can’t find anything more harmful than yet another kind of spam to watch for in my email.

Besides, were I to cave in and become a Facebook user, what is the risk of becoming Liz Allen’s friend? Or what does the hackery person get out of me becoming Liz Allen’s friend, anyway? Is there a hope that I will become her friend and then lend “her” money for her uncle, the deposed West African nobleman? Visit “her” website and get tricked into divulging my bank details or downloading a trojan horse? I guess if just a handful of the thousands of Liz Allen’s potential new friends fall prey to that sort of thing, it’s a big payoff to “her.”

*Liz, if you are a real person, drop me more than a line via my email address, which you obviously already know, and remind me why I should recognize your name and/or picture. I assume, however, from your terse “personal message” as part of the Facebook invitation you sent me, that this plea will fall on deactivated audio sensors.

K THX BAI

breaking my own rules

I’m doing a sort of experiment here of sorts. It’s pretty nerdy, so read the the next couple of lines and then call it quits if you like. There’s a link to an email address below; please click it and send me email. I’ll be happy and send you a friendly response back — IF you’re not a scum-sucking spammer or email-harvesting spam-enabler. Please briefly tell me who you are and how you got here if your name or email address is not one that I’ll recognize immediately on sight.

november18th2007@cliff1976.com

Okay, on with the nerd show!

I’m so pleased with the Bad Behavior plug-in for WordPress over the last day or so with regard to blocking comment-spam that I want to give it a real test-drive in the realm of harvester blocking as well. It’s supposed to prevent harvesters from sifting through my blog looking for email addresses to be collected and bombarded or sold for further bombardment.

That’s Part I.

Part II is in conjunction with my awesome hosting company, NearlyFreeSpeech, whose staunch policies about only accepting email from well-configured servers do a good job of cutting down on spam…so good, in fact, that occasionally legitimate mail from ill-configured servers is incorrectly flagged as spam and it never makes it to me. I’m talking about mail servers owned by organizations such as Google and my mom’s employer and my parents’ cable internet service provider at home.

It would seem that the world of server administrators is getting lazier and lazier every day. NearlyFreeSpeech.NET has identified that most spam comes from servers whose IP addresses fail a reverse-lookup test. Put simply, every computer on the internet sending email should be identifiable via both a name AND a number, and anyone should be able to ask what the corresponding name is for a given number, and vice-versa, and get corroborating answers to those questions.

It’s kind of like me saying to you,

Hey, I’m Cliff. Here’s my mobile number: (212) 555-1234.

and if you call that number, you expect me, and only me, to pick up (because it’s my cellie!).

If NearlyFreeSpeech.NET gets email addressed to me where the server’s number doesn’t match the name it’s reporting, they assume it’s spam and throw it away for me. This has worked great, except for the growing number of apparently legitimate server administrators who are too lazy to make sure their servers names corroborate their numbers. Apparently I’m not the only who’s been affected by this.

So, I’m beta-testing a hybrid email filtering service of theirs. They still prevent suspicious-looking emails from reaching my email inbox, but there will be a quarantine area where I can look to see what the spam traps have caught should I ever seem to be missing an important message (like from the car rental company sending us the confirmation about our rental in December). I would prefer that the rest of the world simply properly configure their email servers: that would totally preclude the need for a quarantine area or filter queue or whatever you want to call it. However, that is sounding less and less realistic over the years. I mean, even Google can’t consistently identify themselves on the internet!

Here’s the dirt on my little test: I want to see if Bad Behavior keeps the harvesters from finding the email address above and NearlyFreeSpeech.NET correctly allows messages from you, my loyal and non-spammy readership, to arrive at my inbox unencumbered by ideals of the 1980s, back when everyone pretty much trusted his cyber-neighbor to know his phone number.

Oh yeah, and I’ve disabled comments on this post. Just send me an email using the unmissable address above (click it or copy it into your favorite mail program), please. I may do a follow-up post here with comments enabled depending on how well this test goes. Thanks for helping with the test!

blogspam / German-class show

Last week while killing time at Frankfurt am Main’s central station on my way back from a meeting with the new masters (who actually so far have all seemed quite pleasant to work with), I picked up the book pictured at left. Pure language nerd stuff. I’d already read the first volume of the book, and liked it enough to amuse myself with volume two while waiting for a train.

Then last night while surfing German TV we came across a game show featuring audience members (who are also participants) in groups of teachers, government employees (Beamte), school-aged students, Austrians (not kidding, they are measured separately), and a panel of celebrities from all walks of German life (TV stars, athletes, even politicians). The goal: get a good grade on their German language homework. Categories included vocabulary, dictation, capitalization, and the especially tricky Punctuation Round.

I’m proud to say — I rocked. Having just read the above-mentioned book helped a lot. I’m still weirded out by the concept of the show, though. Want to play along at home (or wherever you are?) Try it online yourself: der große Deutsch-Test.

In other news, even with the Akismet anti-spam plug-in on ye olde Regensblogge, which usually works like a champ, we’ve been getting spam like crazy recently. Hate that. I’m trying an additional anti-spam measure (another plug-in, specifically designed to augment Akismet) programmed by the guy who did the flickr plug-in I use for embedding images. I’m hoping you won’t have any trouble posting your comments and all here as a result of the extra security measure. As long as you post some real content and not stuff that appears to be spam, there should be no trouble. Still, please contact me if anything seems amiss.