Studying? Why bother?

In the 10+ years that I worked in the higher education sector, it never occurred to me that bribery was a skill students could practice in school and actually use to advance from year to year and eventually graduate with a degree. By this, I mean that it didn't cross my mind even once that anyone among my co-workers was ever likely to take—or even receive—a bribe. Also I'm pretty sure that if anything like a bribe had ever been suggested by a student, they would have immediately been reported and the student would have been in for a very unpleasant chat with the members of the disciplinary board...

But maybe I'm naive.

I did receive letters and emails from students. Typically they would ask me to allow them to submit a mid-term paper even though they had been too busy to come to school after week 1, or they would beg me to give a couple of extra marks to their term paper so they would not have to repeat the class. However, those letters never suggested that their authors were ready to give me anything in exchange for a favor that, in any case, I was never ever going to grant them.

So, when once in a while an email like the following somehow caught my attention, I'd dismiss it as yet another scam:

WHAT A GREAT IDEA!

We provide a concept that will allow anyone with sufficient work experience to obtain a fully verifiable University Degree.

Bachelors, Masters or even a Doctorate.

For US: 1.845.709.8044
Outside US: +1.845.709.8044

"Just leave your NAME & PHONE NO. (with CountryCode)" in the voicemail.

Our staff will get back to you in next few days!

What a great idea indeed! It looks like a similar "concept" has been put in practice in Toulon, France. I don't think "sufficient work experience" was even a pre-requisite. A nice fat bundle of banknotes was, instead. See here (Le Monde article, in French), or here (France 24 article, in English).

Despicable.

Ever heard of email obfuscation??

I just found out that the institution I (used to) work for has created a contact page for me, exposing my (old-but-still-in-use) professional email address in plain HTML! They just refactored the whole website—for the better—and could have taken a minute to think about email harvesters and their spammer friends. Their mail server is already almost choking to death with unsolicited mail, but they thought it would be a good idea to invite more spam to the party. Tss.

The easy way to advertise your email address on a webpage is to enclose it in an a href HTML tag with a mailto directive, like this:

< a href="mailto:your.login@your.domain-name.com" >Send me spam!< \a > (without the non-breaking spaces)

The syntax is fairly simple. Check out this site at the University of Nebraska (among others) if you'd like to see how you can fill out the subject field of the message or specify multiple recipients (more people to send spam to, yay!).

This is all very nice, but it means a very simple crawler can open the page to suck out your email address and have some fun with it. Note that the site I just pointed you to has the following recommendation:

"It is recommended that you use a process other than MailTo [to] handle the e-mail process from your web site." [quoted from here]

The process the site is mentioning is a way to display your email address without having it exposed in plain HTML and lying around for everyone to see. This process is called obfuscation. Of course, crawlers will eventually learn how to read through the obfuscating code and run away with your email address, but why give out the info they're looking for right away when you can keep it protected for a little longer?

There are lots of clever ways to obfuscate an email address. From what I've seen, there are three types of approaches.

• Some advocate encoding the content of the HTML tag, using Unicode code points (m would be U+006D), for instance, or numeric character references (m = &# 109;). This solution is certainly a good deterrent for the human eye, but I doubt a bot would have much trouble figuring out how to read the string. (Incidentally, the email address encoder at the University of Nebraska is called Spam-me-not!)
• The second solution implies using a script to scatter the information needed to reconstruct your email address dynamically (this information can be encoded too!). Here again, lots of people are publishing their own solution, but I thought this one was particularly interesting (simple and readable). However, even if harvesters can't process javascript, they can try their luck at assembling the bits of information contained in the script and see if they obtain a valid email address...
• The best solution, then, is probably a site-wide rewrite of email addresses, like the one Roel Van Gils proposes on A List Apart (scroll down to the Putting it together section).

What do you think? How far should webmasters go to protect the email addresses you can find on their websites?

The weight of bulk and junk mail

We just got back from three weeks away from home. In order to avoid letting our mailbox overflow while we were away, we used the Hold Mail service offered by the US Postal Service. Thanks to that free service, your mail does not get delivered but accumulates at your local post office until you pick it up in person or request it to be delivered again as normal.

Here's a picture of what awaited us:



I separated the wheat from the chaff and was appalled by how much bulk mail and junk mail there was compared to normal, legitimate mail. To get a sense of that, I weighed each pile of mail:

• about 320 grams (11+ oz) of regular mail (mostly bills)

• a little under 1400 grams of bulk and junk mail (1.4 kilos, or 3 lb 1.4 oz!!)

Over the time we were away, we received three times more bulk and junk mail than legitimate mail. The second pile went directly to the recycle bin. What a waste of paper...