Facebook spam for grinches like me

My friends know that I'm not a big fan of exposing myself on Facebook. Yet I still have an account and log on to see what my friends are up to, mostly when I'm bored or too tired to do something else. My "security" settings are as tight as can be, I rarely share anything, post anything or "like" anything, and I do not have applications installed. As far as Facebook is concerned, I'm a grinch.

And they don't seem to like that. Recently, they have seemed desperate to make me log on. After about not even more than 1 or 2 days of not visiting the network, I would get an email trying to lure me into believing incredibly important things had happened there while I was away. Somebody must have told them that they were bugging people and actually turning them off, because they're now acknowledging they'd been a little zealous in hitting the send button.

Facebook should be happy with me for a little while now: I actually logged on and updated my status today! What's on my mind? This very blog post.

Take that, spambot!

Did you know that one third of your daily dose of spam may well never reach you anymore? How sad is that!

Apparently, you can thank a guy called Oleg Nikolaenko for all those fake luxury watches you ended up buying believing that would stop the flow of unsolicited mail. Now that Nikolaenko's botnet has been shut down, let's reclaim the space/time/bandwidth the junk was using up!

Wait. Has this translated into a noticeable decrease in the number of spam email you receive daily? A highly unscientific statistical experiment run on a small and non-representative data sample yields the following results. Over a 10-day period extending from Nov 21 to Nov 30, 2010, my gmail account spam folder received about 100 mails. This number drops to about 75 between Dec 11 and Dec 20, 2010. Not quite a 30+% drop, but there's a noticeable improvement from last month.

(Picture found here)

Have some of the bots become headless zombie computers on a vengeful quest of their own to fill the world's inboxes with spam?? Have you really seen any difference since this guy was arrested?

Bring out yer dead

Thanks for checking in on me, United Nation. I haven't been very actively blogging these past few months, but I'm not dead yet. And if I were, would you stop sending out your spam my way?

Many of you will have noticed the title of this post is a line from a well-known Monty Python movie — and you may well have been lured to this page by it, who knows. Fear not, I will not leave your expectations unfulfilled. This video clip should make your visit worth it. Here's the scene from Monty Python and The Holy Grail. Oh, and it's OK if you've already got one, you can still watch it.

Relevance

Relevance is what makes people notice you, isn't it? Unfortunately for them (and fortunately for us), spammers don't seem to have gotten the memo yet.

I'm always amazed, as I skim through my spam folder, at the lack of variety in the "topics" broached by spam messages. Maybe one day I should take a little statistical snapshot of my spam folder and look at the proportion of messages about male enhancement pills, bank loans, improbable lottery draws or luxury watches compared to the rest.

I honestly don't understand how people can still fall for those (even if the suckers amount to less than 1%). I am convinced that spammers would fare better if they tapped into less hackneyed, more "relevant" topics. By relevant, I don't mean something narrowly targeted that really resonates with few people and leaves the rest of the crowd indifferent (although that could be an option too). I understand that spammers want to cast as wide a net as possible. For that net to be more effective, I'd suggest using highly visible sporting events as bait, or at least something that catches the eye because it is currently making the news (an election, a natural phenomenon, even a major software release or a celebrity's wedding).

The media was all about the FIFA World Cup last month, and I only got one spam message acknowledging it. The message was sent to me in BCC, the main addressee being some soccer club in France. I received it on the day of the final game, with the following subject line:

alors qu'en penses tu du resultat de la coupe?
(so what do you think of the results of the cup?)

Now wasn't that cleverly done? Wouldn't you be more inclined to click on a message whose subject line is "Get 20% off original price at Tour de France winner's pharmacy" rather than "Get 20% off original price at our online pharmacy"? I believe you would if you received it today, because it is relevant in summer time, when the Tour de France is on. You probably wouldn't notice it as much in the winter, where you'd be more attuned to winter Olympics news or holiday shopping discounts and special offers.

Potpourri

Don't you love it when spammers try new tricks? The following emails stood out among the usual ones about male enhancement pills or winning lottery tickets that make up the bulk of my spam folder these days: Surely spammers couldn't care less if they passed for name-dropping poseurs? Yet they didn't even bother signaling the quotations as such, let alone giving their sources. So I thought I would.

"Tis past that melancholy dream"

from "I Travelled Among Unknown Men" by William Wordsworth, first published in 1807.

---

"And your head so large doth grow"

from "The Courtship of the Yonghy-Bonghy-Bo" by Edward Lear, first published in 1877.

---

"Hither come thou back straightway"
"He is come to claim his right"

both from "The Horn of Egremont Castle" by William Wordsworth, first published in 1807.

---

"Still she weeps and daily moans"

from "The Courtship of the Yonghy-Bonghy-Bo" by Edward Lear again.

"In a beautiful pea green boat"

from "The Owl and the Pussy Cat" by Edward Lear, first published in 1871.

This literary hodgepodge is nothing more than lipstick on a pig, but I am somewhat grateful to my spammer friends for giving me the chance to actually read the poems they borrowed from. I am also amused to see how poetry has its place in insensitive mass communication (although apparently you have to either be Wordsworth or Lear to get such massive exposure).

I guess my soul didn't get transported (or confused) enough to let my earthly fingers click on the links at the end of these messages. This potpourri (which literally means "rotten pot" in French) didn't bode too well...

Valentine's day hotness

A bidding contest seems to have started on Valentine's day in my spam folder. Who will give me the best discount on the hotness pill?

Currently, "Pfizer (tm) Viagra (c)" is the highest bidder, with 84% off. "Pfizer VIAGRA eService" hasn't budged from its initial bid for 80% off. "Me" is trailing, with 76% (what a cheap bastard I am!).

How much hotter can the race get?

Back with more spam recipes!

Spam is always in season. Since it is so readily available, it lends itself to innumerable variations.

GMail serves my spam email together with not-so-mouth-watering spam dishes. Among the recent ones:

Spam Swiss Pie
Creamy Spam Broccoli Casserole
Vineyard Spam Salad

I wonder if some spam recipes call for any of the meds typically advertised in spam emails. The chef's suggestion du jour could be:

Spam and Viagra Salad
Vicodin and Spam Fajitas
Today's special: Chandeleur Crepes with Xanax Ice-Cream and Spam Shavings

Bon appétit!

First spammy comment

Yesterday, this blog received its first spammy comment. Marcus left a note regarding a post published last month when my email address won the UK National Lottery. I guess he just wanted to suggest new outlets for my address's gambling addiction.


Sorry, Marcus, this blog will not be a promotional platform for your online casinos. Interestingly enough, though, this comment is somewhat relevant to the post to which it was destined. Also, Marcus and co did not attempt at flooding all my other posts with the same type of comment. Good effort! This is in keeping with this older post described, by the way.

To this day, I have been restricting comment posting to "registered users", i.e. people willing to identify themselves using a Google, LiveJournal, WordPress, TypePad, AIM or OpenID account. I also chose to enable word verification (a step which is automatically skipped if you signed in as a blog author, apparently). Last but not least, I set my comment moderation settings to "always" and get notified by email each time someone leaves a comment.

On various occasions, while trying to leave a comment, the whole identification and word verification process struck me as cumbersome and frustrating. Since Marcus's comment only got caught at the comment moderation stage, why not make it easier altogether for normal people to share their thoughts in the comments section?

Let's give it a try: I just changed my settings to allow anyone to post comments to my blog. If I get flooded with spammy comments (which you will hopefully never get to see), I'll switch back to more restrictive settings.

Spiderman's pedipalps

If you're wondering what pedipalps are (not what they stand for here, obviously), the Merriam-Webster online dictionary gives the following definition:

either of the second pair of appendages of an arachnid (as a spider) that are borne near the mouth and are often modified for a special (as sensory) function

The appendage, according to the Wikipedia article, is also where the male spider's reproductive organs are located, which makes it relevant in the context of your average spam message.


Considering what one looks like with enlarged pedipalps (see above), though, it is safe to say that you and your family can pass on this and save.

"Be the Tasmanian Lovemaking Devil..."

To be honest, I didn't know Tasmanian devils made the ideal lover.

Judging from real world pictures (see above) and from the general features of the animal's incarnation in the Looney Tunes cartoon (see below), I am tempted to believe that they are to be avoided at all costs. In fact, "lovemaking" and "Tasmanian devil" sound so far apart that combining them in a single noun phrase should normally be considered oxymoronic — unless of course the attributes of the ideal lover (or even the basic traits commonly expected in a tolerable partner) dramatically changed with the most recent partial lunar eclipse.

Viciousness and aggressivity on the one hand, tornado-style destruction and utter stupidity on the other — is this really something to be looking forward to???

Summer is watch season for everybody after all

This is an erratum to my previous post (Summer time is watch season), in which "losers" were denied the privilege of buying a tacky watch from a dubious website. Well, it turns out that I was mistaken, and that self-identified losers too deserve to fall for that!

See the last line of this screenshot of my spam folder, featuring a sample of the watch related spam I received:

"Our watch will look great even on any loser"

Hurray for non discriminatory, equal opportunity scams!

Summer time is watch season

All of a sudden, over the summer, I got flooded with spam wanting to sell me a watch. Watches seemed to be the new pills.

The pitch typically went like this:

With our [select your style] watches, [select who you are] will look [select your desired look]. Buy our [select your style again] watches, they are [select your price range].

With the following options to choose from:

[select your style]
stunning
trendy
designer
stylish
classy
fashionable
cool
luxury, luxurious

[select who you are]
a local or international customer
a teenager
an adult
a loser

[select your desired look]
irresistible look
look great
proud
stylish
classy
trendy

[select your price range]
low-priced
cheap
great savings
very low price

Summer has passed, and so has the wave of watch related emails. I wonder what the fall's fad will be.

Hotmail passwords

Oooops. Not clear how all this happened, though... A phishing scam able to fool 10,000 users at once sounds fishy.

Antithesis

Rxpills_support_online makes the following claim:

"Impotence is not good. Viagra is Good"

Therefore impotence is not Viagra, right? Er, no, that probably isn't where this was going...

I love it when the argumentation reaches that level of simplicity but can still be described using very elaborate-sounding words. Viva la abstracción!

Polysemy, ambiguity and spam recipes

Once in a while, I check my mail sent to my Gmail account using the online interface. I generally go directly to the spam folder to make sure that the spam filter has not been over-zealous, and sometimes just for laughs.

Some advertising makes it through my default Adblock Plus config but what keeps me from blocking the frame is the (certainly limited but not non-existent) entertainment value of this sponsored links section. Most of the text ads deemed "contextually" relevant to the mail classified as spam have to do with unsolicited mail. Some, however, are pretty much off target and that makes them way more interesting: the relevance computation is evidently based on "spam" construed as gelatinous mystery/porky meat.

Spam Confetti Pasta
French Fry Spam Casserole
Spam Vegetable Strudel
Spam Veggie Pita Pockets
Spicy Spam Kabobs
Savory Spam Crescents
Spam Primavera
Spam Imperial Tortilla Sandwiches
Spam Fajitas
Spam Skillet Casserole
Spam Quiche
Spam Hashbrown Bake
Ginger Spam Salad

Yikes.

Resolving ambiguity originating in polysemy is no easy task. And yet, one could assume that the engine used by AdSense to process keywords and calculate ad relevance would know what "spam" means when it is a label associated by Gmail itself to an electronic message, don't you think?

Synaesthetic

Last week, Zimbolli sent me a message entitled "synaesthetic", which Thunderbird classified as Junk. Attracted by the unusually learned subject line, I did open the message body, only to find the not-so-unusual male enhancement promises and the following URL:

www[dot]pill22[dot]com

Isn't it ironic that a spammer would try to make it difficult for a robot (and to some extent for a human being) to figure out the website they are rooting for? Usually, it's email addresses you disguise by spelling out the dots, not URLs.

Anyway, while idly looking around for examples of synesthesia in poetry (Rimbaud, Verlaine and Baudelaire first came to my mind, but I was looking for examples in English), I stumbled upon something I had never heard about in all those years I spent studying/playing early music: the "ocular harpsichord" and the "color organ". It turns out that sound and light shows are not a 20th century invention at all! Jean-Michel Jarre's musical family tree includes people like Telemann or Rameau (late 17th-18th centuries), who wrote pieces for keyboard instruments capable of producing sound and light to go with the sound. Of course, it's not like musicians until then had ignored the emotional power of simultaneous sensory perceptions from different sources (auditory and visual in this case), but I thought it was interesting that it would be synthesized in a single instrument.

Something that I surely must have heard about in all the years I spent studying literary theory and cultural history but just "re-"discovered is Newton's theory of color and music. The theory compares the vibrations resulting in the different color shades on the spectrum and the vibrations resulting in the different musical notes in Western scales. It is schematized in the color wheel, published in Opticks in 1704, on which you can see letters corresponding to a Dorian mode scale starting on D separating the sectors displaying the spectral colors.

Many thanks to Zimbolli (or whoever that was) for piquing my interest and for reminding me that Google, YouTube and Wikipedia are my friends.

Customer service

Dijon1 sent me the following email the other day:

In large print:

You're a jerk You are sleeping on your working place? Visit Canadian Health and Care Mall

I assume the email provided a way to reach that online pharmacy, but I did not feel inclined to inquire further after such a welcoming greeting.

About.com has compiled a list of eight rules for good customer service, specially targeted at small businesses in Canada. Dijon1, may I point you to rule #6? A corollary to this rule would be: "Don't insult your potential customers", and it should also apply to yourself, not just to your staff.

Swex From a Chriistian Perspective

Despite Faber's pseudo-proselytizing or in any case spammy attempt, the email remained unopened and went directly to trash. From what I could gather, though, the aforementioned perspective cometh wiith quiite a fjew twypos.

Interestingly, the Open Office dictionary for American English offers more alternative spellings than its British counterpart.

Here's the dialog box with the suggestions for American English:



Here's the same dialog box with the "English (UK)" option selected:



Why is that???

Studying? Why bother?

In the 10+ years that I worked in the higher education sector, it never occurred to me that bribery was a skill students could practice in school and actually use to advance from year to year and eventually graduate with a degree. By this, I mean that it didn't cross my mind even once that anyone among my co-workers was ever likely to take—or even receive—a bribe. Also I'm pretty sure that if anything like a bribe had ever been suggested by a student, they would have immediately been reported and the student would have been in for a very unpleasant chat with the members of the disciplinary board...

But maybe I'm naive.

I did receive letters and emails from students. Typically they would ask me to allow them to submit a mid-term paper even though they had been too busy to come to school after week 1, or they would beg me to give a couple of extra marks to their term paper so they would not have to repeat the class. However, those letters never suggested that their authors were ready to give me anything in exchange for a favor that, in any case, I was never ever going to grant them.

So, when once in a while an email like the following somehow caught my attention, I'd dismiss it as yet another scam:

WHAT A GREAT IDEA!

We provide a concept that will allow anyone with sufficient work experience to obtain a fully verifiable University Degree.

Bachelors, Masters or even a Doctorate.

For US: 1.845.709.8044
Outside US: +1.845.709.8044

"Just leave your NAME & PHONE NO. (with CountryCode)" in the voicemail.

Our staff will get back to you in next few days!

What a great idea indeed! It looks like a similar "concept" has been put in practice in Toulon, France. I don't think "sufficient work experience" was even a pre-requisite. A nice fat bundle of banknotes was, instead. See here (Le Monde article, in French), or here (France 24 article, in English).

Despicable.

Ever heard of email obfuscation??

I just found out that the institution I (used to) work for has created a contact page for me, exposing my (old-but-still-in-use) professional email address in plain HTML! They just refactored the whole website—for the better—and could have taken a minute to think about email harvesters and their spammer friends. Their mail server is already almost choking to death with unsolicited mail, but they thought it would be a good idea to invite more spam to the party. Tss.

The easy way to advertise your email address on a webpage is to enclose it in an a href HTML tag with a mailto directive, like this:

< a href="mailto:your.login@your.domain-name.com" >Send me spam!< \a > (without the non-breaking spaces)

The syntax is fairly simple. Check out this site at the University of Nebraska (among others) if you'd like to see how you can fill out the subject field of the message or specify multiple recipients (more people to send spam to, yay!).

This is all very nice, but it means a very simple crawler can open the page to suck out your email address and have some fun with it. Note that the site I just pointed you to has the following recommendation:

"It is recommended that you use a process other than MailTo [to] handle the e-mail process from your web site." [quoted from here]

The process the site is mentioning is a way to display your email address without having it exposed in plain HTML and lying around for everyone to see. This process is called obfuscation. Of course, crawlers will eventually learn how to read through the obfuscating code and run away with your email address, but why give out the info they're looking for right away when you can keep it protected for a little longer?

There are lots of clever ways to obfuscate an email address. From what I've seen, there are three types of approaches.

• Some advocate encoding the content of the HTML tag, using Unicode code points (m would be U+006D), for instance, or numeric character references (m = &# 109;). This solution is certainly a good deterrent for the human eye, but I doubt a bot would have much trouble figuring out how to read the string. (Incidentally, the email address encoder at the University of Nebraska is called Spam-me-not!)
• The second solution implies using a script to scatter the information needed to reconstruct your email address dynamically (this information can be encoded too!). Here again, lots of people are publishing their own solution, but I thought this one was particularly interesting (simple and readable). However, even if harvesters can't process javascript, they can try their luck at assembling the bits of information contained in the script and see if they obtain a valid email address...
• The best solution, then, is probably a site-wide rewrite of email addresses, like the one Roel Van Gils proposes on A List Apart (scroll down to the Putting it together section).

What do you think? How far should webmasters go to protect the email addresses you can find on their websites?