Tag Archives: spam

E-mail like it’s 2012: revisiting my Gmail filters

Posted on by
Reply

Several months ago, I spent too many hours hacking away at the 18 years’ worth of messages piled up in my Gmail account–because while I could live with paying for extra storage for Google’s backups of my own photos, I’d be damned if I was going to pay to warehouse random companies’ marketing pitches that were eating up far more of my free storage.

Screenshot of Gmail's filter, showing a menu of options that

That experience evidently wasn’t enough fun for me, because over the last couple of weeks I’ve dived into a corner of the Gmail interface I hadn’t spent any sustained time in since… 2012? Fortunately for me, Gmail’s filter interface hasn’t sustained any notable changes in at least that long, judging from how rarely it’s earned a mention in Google’s Gmail blog over the last decade.

Much as in 2012, this dialog lets me choose a message by factors like sender, recipient, subject, content, size and the presence of an attachments. Its next pane allows me to amplify the message’s importance by starring it or marking it as important, apply a label or file it under a category tab, or forward it to to an outside address registered with your Gmail account using an even more fossilized interface.

Those are the basics of e-mail management, and they did suffice to help me craft updated message rules that make my Gmail inbox less chaotic and keep my more consequential correspondence filed away neatly. Less e-entropy is a good outcome.

But the limits of the filtering user experience loom large among Gmail’s missing features. The one I keep coming back to is an equivalent to the “sweep” function in the Microsoft’s Outlook.com that automatically whisks matching messages into the trash 10 days after they arrive. But it’s also crazy that the entire filter UX is imprisoned in Gmail’s Web app–you can neither create nor edit nor view filters in Gmail’s Android and iOS apps, as if the last 10 years of mobile-first computing never reached whatever Googleplex building houses the Gmail developers.

Compare that thin gruel to the thoughtful mail-management tools surfacing in apps that actually have to win customers–I’m thinking here of a new Gmail front end called Shortwave that a team of former Google developers just shipped, but also of the Hey mail service. It’s not hard to think that Google could do a lot more with Gmail if it put serious effort into that work. It’s also not hard to think that Google must feel as comfortable in the e-mail market as Microsoft and Yahoo did before Gmail showed up in 2004.

Advertisement

Keeping a Facebook page would be less work if Facebook were less tolerant of scammers tagging my Facebook page with other Facebook pages impersonating Facebook

Posted on by
Reply

Living a public work life on social media can be tiresome under many conditions, but my occupational outpost on Facebook–facebook.com/robpegoraro–has been feeling especially tedious lately.

And I can’t even blame random Facebook commenters for that! Instead, it’s the random Facebook scammers that have been nibbling away at my social-media attention span by staking out fake Facebook pages that impersonate Facebook itself, and which then tag my page with grammatically-iffy posts threatening to have my page suspended (for example, “someone has reported you with non-compliance with the terms of service”) if I don’t click/tap to verify my page ownership at a site that is obviously not at Facebook.

(Pro tip: Facebook is an American company and, AFAIK, does not have any substantial presence in Vanuatu that would require it to point users to a .vu domain name for terms-of-service compliance.)

I resent being treated like an idiot and I resent having my time wasted, but I also resent seeing a gigantic social network with country-sized resources fail so badly at stopping its own tenants from impersonating it. Every single time, the scam page has a big blue “f” icon matching Facebook’s and calls itself something like “Pages Identity Policy Issue,” which combined should seem like easy bait for a company with Facebook’s machine-learning capacity to quash or at least quarantine.

Instead, I get to play Whac-a-Mole with these idiotic impostors, and Facebook doesn’t even make that efficient.

Here’s the workflow on my iPad if I want to report the tagging post itself: Tap the ellipsis menu at the top right, select “Find support or report post,” select “False information” from the menu (“impersonation” isn’t an option), select “Social Issue,” (other choices being “Health,” “Politics,” “Something Else”), confirm that the post goes against community standards, then tap “Submit.” That last step doesn’t remove the tag, which takes another tap or two to zap.

If, however, I tap the fake page itself (which, in the most recent incident, had been set up for a construction firm in 2013 and then renamed this week, presumably after a hack), I tap the ellipsis menu at the top right, select “Find Support or Report Page,” select “Scams and Fake Pages,” then choose “Misleading Page Name Change” (had I not seen that switcheroo, I would have picked “Pretending to be Another Business” or “Fake Page”). Then it took another tap to block the page’s tag from my own page.

My gripe here isn’t so much with the number of clicks Facebook required but with the gap between its apathetic enforcement against con artists ripping off its own identity and its aggressive and punitive reaction against the New York University researchers who invited readers to install a browser extension that would track which ads Facebook served them, so that we might learn a little more about how that advertising gets targeted. What’s the priority at Facebook?

It’s yet another reason–on top of of the recurring nags to spend money on Facebook ads–to make me wonder why I keep up that Facebook marketing output when it’s so much more work than my other social-media presences. And yet if I want to see how the advertising machinery works, I feel like I have to stick around, scammers and all.

Two ways your mailing list could be less terrible

Posted on by
1

Monday’s USA Today column on cleaning out an overloaded Gmail inbox required me to spend an unpleasant amount of time scouring my own inbox to find the most prolific senders. The experience left me mostly convinced of the grotesque selfishness of many e-mail marketing types, but it also yielded some grounds for optimism.

Photo shows a series of bulk-mail stamps

As in, the user experience with some of these companies’ mailing lists let me at least think that they recognized concepts like cognitive load, limited attention span and finite storage space. Here are two practices in particular that I liked:

  • Don’t send promotional e-mails from the same address as order confirmations. This makes it so much easier to find and bulk-delete the sales pitches that no longer carry any relevance–or, if you use Microsoft’s Outlook.com, to set up a “sweep” filter that automatically deletes those messages after a set period of time. Ecco, Macy’s and Staples all seemed to follow this polite, filter-friendly custom.
  • Let me choose how often to get emails–a message a day is often just clingy, but one a week could be less obnoxious–and let me specify what kind of pitches might interest me. Best Buy (“Receive no more than one General Marketing email per week”) and Macy’s (“Let’s Take It Down A Notch—Send Me Fewer Emails, Please”) get the frequency thing right, while L.L. Bean not only lets people choose between weekly, monthly or twice-monthly frequencies but invites them to request only messages about departments like Men’s, Home, or Fishing.

I’d like to close by writing something like “see, it doesn’t have to be this hard”–but a look at my Gmail inbox shows that some of my visits to the mail-preference pages of some retailers hasn’t led to them putting a smaller dent in my inbox. I guess they’d prefer I click their unsubscribe link–or use Gmail’s “block” command.

Weekly output: spotting fakes in e-mails and text messages

Posted on by
Reply

Spending most of this week knocked out by a cold had the predictable effects on my productivity, but at least my schedule was clear. That’s not the case this week, which features one day in which I won’t be able to do any work between 5 a.m. and 9 p.m.–Tuesday, when I’ll be working as an election officer for Arlington.

2/25/2020: Here’s how hard it is to spot a fake email address or phone number, Fast Company

This post started with an interesting talk I saw at the ShmooCon security conference at the start of February. I’d meant to write up this EmailRep system for automatically rating the credibility of e-mail addresses right after, but breaking news kept intruding. That worked out in okay when a pitch from an old PR rep about did not land in my inbox–because Google thought it belonged in my spam filter, thereby providing the perfect demonstration of how hard it can be for software to decide if an e-mail is suspicious or not.

When I will delete your e-mail

Posted on by
5

I’ve been making one of my periodic attempts to catch up on my e-mail (read: if you wrote me three weeks ago, your odds of getting a reply sometime this coming week are less worse than usual). That process has required me to think about something I normally avoid: deleting e-mail.

Paper in trash canMy usual habit is to keep everything that’s not outright spam, just in case I might need to look it up later on. Messages from friends and family are of obvious importance, reader e-mail may provide early evidence of a problem that becomes widespread months later, and correspondence from co-workers can have documentary value about a company’s progress or decline. Even PR pitches can have lingering usefulness, by providing the contact info that too many companies can’t think to post on their own sites.

And yet if a search will yield hundreds of messages including the same keyword, I’m going to have a hard time locating the one or few messages I had in mind. Something’s got to go.

The easiest items to delete are the automated notifications and reminders I get from various services I’ve signed up–Twitter, Eventbrite and Meetup, I’m looking at you. The utility of those messages to me usually expires within 24 hours, tops. When those notifications duplicate the ones that already pop up on my phone. my tablet or OS X’s Notification Center, they’re pointless from the moment of their arrival.

(You may have seem this kind of requested, not-spam mail labeled bacn. Not long after that term came about, I wrote that “dryer lint” would be more descriptive and less cutesy, but everybody seems to have ignored that suggestion.)

 

Then come newsletters that attempt to recap headlines in various categories. Even if I read these almost every day–the American Press Institute’s Need to Know and Morning Consult’s tech newsletter come to mind–they’re little help to me the day after, much less six months down the road. I look for day- or months-old news headlines on the Web, not in my inbox.

Ideally, I could set a filter in my mail client to delete designated notifications and newsletters 24 or 48 hours after their arrival. But although Gmail will let you construct a search like that using its “older_than” operator to scrub stale Groupon offers from your inbox, its filters don’t seem to include that option. And the filters in Apple’s Mail, which don’t seem to have been touched by any developers in the last five years, are of no use in this case either.

Do any other mail clients offer this capability? If not, any interested mail developers are welcome to consider this post a formal feature request.

 

Mail merge? Work, home and other e-mail addresses

Posted on by
1

I keep telling myself that one of ways I maintain what’s left of my work/life balance is to have separate home and work e-mail addresses. And yet I have to ask who I’m kidding when these two Google Apps accounts, each at its own domain name, constitute separate lines or windows in a mail client, and when I’m sometimes corresponding with the same person from each address on alternate days. Meanwhile, many people I know seem to function perfectly fine with one all-purpose e-mail address.

MailboxIn a prior millennium, it was an easier call. After having lost a bunch of messages from friends during a transition from one e-mail system to another at the Post–and then discerning the dreadfulness of the new Lotus Notes system–I had little interest in trusting personal correspondence to my employer’s IT department.

I also figured that I would have less trouble staying on top of friends-and-family e-mail if it weren’t competing for space and attention in the first screen of my inbox with random PR pitches, interoffice memos and chit-chat with other journalists. And the address that wasn’t listed on a major newspaper’s Web site should, in theory, get vastly less spam.

(Because I am this persnickety about my communications tools, I also have a regular Gmail account that I use for almost all of my online commerce, financial transactions and other things that are neither personal- nor work-related. I don’t mind the ads there, while my Google Apps inboxes have no such distractions, courtesy of Google ending ad scanning for Apps users–even those on the free version it no longer offers to new users.)

It’s been years since I’ve had to worry about IT-inflicted mail misery. What about the other virtues of this split setup?

  • Being able to flag messages for follow-up means I’m now less likely to forget to answer an important message, whatever address it was sent to.
  • But I don’t need 11 different folders to sort my home e-mail after I’ve dealt with it. Less cognitive load is a good thing.
  • Having to ask myself nit-pick questions like “since I’m asking a friend about something that may lead to him being quoted in a story, should I send this message from my work address?” increases my cognitive load.
  • Searching for messages and then looking over the results is faster when I’m excluding an entire account’s worth of e-mail. But when I ask Mail for OS X to query all of the gigabytes of messages that have accumulated at both addresses… ugh.
  • My anti-spam strategy has been a total bust. When I checked earlier this morning, Google had quarantined almost 1,500 spam messages in my home account, about 100 of which were messages on my neighborhood mailing list that shouldn’t have been screened as junk.

On that last note, here’s a question for you all to ponder: That mailing list will soon be moving to a commercial hosting service subsidized by ads, and of course I haven’t yet read its privacy policy. Should I switch my subscription to my Gmail address, where I can read those messages alongside those from my neighborhood’s smaller Nextdoor group, or should I keep using my home address there?

 

The spam alphabet

Posted on by
1

Yahoo Mail spam iconI have a lot of words for spammers, but “creative” isn’t one of them. The same subject headers come up every time, such that I have to wonder about the basic life skills of anybody who clicks on one. And at some point, I realized that these recurring lures constituted their own distinct a-to-z lexicon, one that speaks to a certain internationalization of junk e-mail and that must also annoy a few large companies’ brand managers.

AIG Direct Life

Bank Lottery

Credit Score

Debt Consolidation

Expert Annuities

Free [fill in the blank]

Grandes novidades

HARP

International Monetary Fund

JunkCarCash

Know Your Neighbors

lotto.nl

Make Money Online

National Lottery

Online Doctorate

Payment information

Qualicorp Saúde

Refinance Now

SEO

Target Voucher

Updated Notice

Vehicle Protection

Walmart Voucher

xxnoxben

Your Score Check

zphzkzywq

(Okay, the “x” and “z” entries are a stretch. But those gibberish subject headers do keep showing up in my spam folder. If you have a less-nonsensical candidate for each letter, please suggest it in a comment.)

 

 

 

Weekly output: e-mail hijacking, orphaned apps

Posted on by
1

Thursday’s delightful snowfall took a chunk out of my productivity this week, like that bothered me all that much. Except it kind of does–Saturday evening, I start my journey to Barcelona for Mobile World Congress. Which means Monday can’t be much of a holiday for me.

2/10/2014: Why the Bad Guys Want Your Email, Yahoo Tech

This was originally going to explain the business models behind e-mail hijacking (I felt vaguely insulted to be told that in most cases, a hijacked e-mail gets used for nothing more ambitious than sending spam) and then critique the Computer Fraud and Abuse Act. But my editor said the CFAA parts read like a separate column, and I had to admit he was right. I’ll get back to that, but not next week: There’s a certain gigantic proposed cable merger that calls for my attention first.

USAT orphaned-app column2/16/2014: How to hang on to an orphaned app, USA Today

This was a somewhat shameless case of my taking advantage of the fuss over Flappy Bird (sorry, I don’t care about that game) to address a reader query I’d received months earlier about a different app. But Apple’s decision to boot a Bitcoin-wallet app from the App Store also factored into the timing here. The tip here about how developers keep less of the price of an app sold at the Mac App Store revisits a topic I’d last addressed in a January 2011 Post blog post.

At Sulia, I shared two sets of quotes from a great panel discussion among teenage social-media users led by my Yahoo Tech colleague Dan Tynan, recounted a tech startup’s testimony about its experience beating a patent troll in court, listed two questions left up in the air about Comcast’s proposed purchase of Time Warner Cable, complained about NBC Washington’s reportedly strong but now-unwatchable over-the-air signal, and provided an update about the fake Facebook account I’d set up when writing a privacy cheat sheet about the social network for Yahoo.

Weekly output: SideCar, Internet sales taxes, group-play apps, Do Not Call, Android screen lock

Posted on by
Reply

Nothing too dramatic this week, but first thing Monday morning I’m on the plane to SFO for two conferences: Influence HR on Monday, where I’m speaking on a panel about media relations (disclosure: the organizers are picking up my airfare), and Google I/O Wednesday through Friday.

SideCar DisCo post5/6/2013: SideCar Approaches A Regulatory On-Ramp, Disruptive Competition Project

This ride-sharing service aims to match drivers with time to spare on their existing routes with people heading in the same general direction. The D.C. Taxi Commission, along with other local regulators, sees it as an illegal taxi service. SideCar is pleading its case with the public but also with elected representatives: my interview with CEO Sunil Paul was delayed 45 minutes because he was finishing up a breakfast meeting with Ward 3 city councilmember Mary Cheh.

5/8/2013: Expert: Online sales tax would make real difference to main street, Voice of Russia American Edition

Harvard Business School professor Benjamin G. Edelman and I talked about the Marketplace Fairness Act, the bill that would require most Internet retailers to collect sales taxes for states that simplify their tax regimes.

5/10/2013: Group-Playback Apps Let You Choose Your Own Copyright Adventure, Disruptive Competition Project

I thought there might be an interesting piece about the copyright-law implications of Samsung’s Group Play app, which lets you play one song through multiple devices at once; after encountering a similar, Web-based app at the Day of Fosterly event last weekend, I decided there was.

5/12/2013: Will spam calls ever stop?, USA Today

A query on my neighborhood’s mailing list about a clearly illegal telemarketing call we’ve received a couple of times led me to revisit the topic of spam calls–and spam texts. There’s also a tip about two ways to strengthen the pattern-lock option on Android phones.

On Sulia, I noted two unexpectedly gutsy tech-policy bills–one from Sen. John McCain that would basically blow up much of the TV business, another from Reps. Zoe Lofgren, Anna Eshoo, Jared Polis and Thomas Massie that would repair the Digital Millennium Copyright Act’s anti-circumvention clause–and shared Rep. Jason Chaffetz’s low opinion of Congressional tech literacy. I also related news about United Airlines’ upcoming switch from drop-down screens to streaming media on its A319s and A320s, at the cost of its Channel 9 air-traffic-control audio. And I wrote a sponsored post about Betabeat’s startup-pitch webisode series that, apparently, almost nobody read.

Why are random spammy sites pointing to here?

Posted on by
1

Spammy referrersI never mind people reading this blog, but lately I’ve been getting a little antsy over some of the sites that seem to be sending people here. Over the past few days, a motley assortment of spammy-looking pages have been showing up as referers in my stats.

As you can see in the screen grab I took Tuesday morning, most seem to reside at domain names that suggest some sort of substance. But when I’ve clicked through I’ve found nothing but a list of search links, in some cases categorized and in other cases pretty much random. And the searches that I can see in some of those referring links–today, for example, “star hotel roma” and “blog for make money online”–have little to nothing to do with what I write about here.

Spam happens because people think that it will help them make money online. But just what kind of business model am I looking at here? The only way I can see the spammers profiting from sending people to my site is if they’ve got a business connection to a WordAds advertiser, but the ads I see have almost always been from name-brand companies–this program is deliberately limited to “high-quality,” national advertisers. So what’s the deal? If you have a theory, I’d like to read about it in the comments.