Coping with e-mail in 2005 - spam, viruses, phishing, security and privacy
Now that we're all dependent on e-mail, it's taking over our lives. Here's some advice on dealing with spam and other e-mail cons, dangers and irritants over the next year - until it gets worse.
By Gillian Kerr, RealWorld Systems
The information in this article is current as of February 10, 2005.
Remember life without e-mail? Ten years ago, in
1995, Compuserve and AOL connected their proprietary bulletin board systems
to the Internet, making a unified e-mail standard available to everybody.
The explosive growth of e-mail has been at least as transformative as the
World Wide Web, and represents one of the fastest proliferations of innovations
in history (along with television and radio). [See
this pdf article for more detail.]
Unfortunately, as e-mail use has spread, the usual parasites, criminals and cons have followed it, and are doing their best to suck money out of the online population. Life online is feeling more and more like an arms race between prey and predators.
SPAM
Nonprofits suffer in several ways:
- Consumer rage against spammers is going to be directed against any messages asking for money, even messages that consumers originally agreed to. People forget that they asked for updates from charities, and just react against the endless stream of requests. Nonprofits need to keep updating their e-mail fundraising and communication strategies to minimize anger from donors and potential donors.
- Spam filters are getting tougher, to the point where legitimate bulk messages
are routinely rejected. For a while, I couldn't send e-mails to a colleague
at a Canadian university because the overloaded IT staff had decided to
reject all e-mail coming from Sympatico servers. Apparently sympatico.ca
wasn't filtering out spam messages so all of their users were penalized.
More recently, I'm seeing my e-mails rejected if I include words like 'free',
'service' and other spam-like words (as in "immigrant services are free
for government-sponsored refugees but not for refugee claimants"). And the
problem with spam filters is that mail just disappears; the sender is not
notified that the e-mail isn't delivered. Robin Good purposely misspells
many of the words in his excellent and informative newsletters to fool spam
filters, but he must keep updating them to keep up with the latest ones.
And some filters block all messages from developing countries using IP blocking.
- Individual users are acting as their own spam filters. Increasingly, I'm finding that e-mails are deleted if the recipient doesn't know the sender, even when the recipient has asked for information. E-mail users go through so much junk, they just delete most e-mail without reading it. Nonprofits pay two ways: their e-mails are being rejected, and their staff are spending way too much time going through junk e-mails. If you haven't heard, "Oh, sorry, I deleted your message because I didn't recognize your name," get ready for it.
- The cost of dealing with spam is horrendous, in terms of wasted time, storage space, bandwidth and so on. Nonprofits who have their own IT staff are using precious IT support time fighting the spam arms race. Nonprofits without IT support are wasting staff time by restricting e-mail use or going through endless junk e-mails.
Viruses are a weird variant of spam. They prey on the Internet population but
instead of money, their creators get fame among their own community. Social
networks, human ingenuity, voluntarism, and community-building have their negative
sides. It's fascinating to read about the culture of hackers/crackers,
but the impact of viruses is terribly destructive to the civic space of the
internet.
PHISHING & SECURITY
Phishing is a popular - and effective - con in which victims get an e-mail from
a 'legitimate' web site asking for password verification. When they click on
the e-mail's link and log onto the web site - apparently PayPal or their own
bank or whatever - they are actually giving their username and password to a
con artist. It's a huge problem and it's astounding how many people fall for
it.
Nonprofits are penalized in two ways:
- Donors are getting more suspicious of e-mail as a way to respond to fund solicitations. It's a similar problem to spam, but it attacks the legitimacy of e-mails by making knowledgeable users question whether e-mails from your agency are really from criminals.
- Nonprofit staff who fall for phishing schemes may be revealing more than
their own bank accounts. Most people use the same passwords for multiple
web sites, including intranets and databases with client information. And
someone who falls for a phishing attack will be the same person who uses
the name of their cat as a password. (You know who you are.) Phishers often
capture usernames and passwords for a trivial web site and then try them
out on more important services. Good
password policies are extremely hard to implement and monitor, and with
online-accessible databases we are creating a system that is wide open for
abuse. If nonprofit staff aren't using strong passwords that are unique
for each service (which requires training, discipline and an encrypted password
list like the free Password
Safe), your agency's information is vulnerable.
PRIVACY AND BACKUP
Imagine that all of your work-related telephone conversations and many of your
personal phone calls over the past few years was taped and transcribed, and
could be instantly searched by your boss, even after you left the organization.
That's what is happening with e-mails and instant messages. Our dependence on
e-mails means that a big part of our relationships are being captured in text.
The launch of excellent free
desktop search programs are creating great anxiety among people who thought
that personal e-mails (and documents) could stay hidden in their computers.
Confidential information takes only seconds to locate.
Implications for nonprofits? Confidential client or donor information, as well
as embarrassing reminders of past errors, may be searchable in old e-mail archives.
On the other hand, it can be really helpful to have information from old communications.
Document management policies should describe how long people should save e-mails,
how they are backed up, and who may have access to them. Many staff are unaware
that their e-mails are backed up centrally and may be subpoenaed or used in
human resource actions.
Speaking of backup, you do know how often your data is being backed up, right? And when it is deleted, and who has access to it?
CONCLUSIONS
The big technology companies like Microsoft and, well, all of them, are concerned about the threat of spam and viruses to the viability of the internet as a safe place to interact and buy things. Expect to see interesting responses to spam and other problems, but prepare for disruption to your e-mail services while solutions are tried out.
Despite these problems, I believe that e-mail is a boon to most organizations,
in the same way that telephones are a vital tool for most workers. Problem is,
its strength - the ability to communicate with many people at once - is also
its vulnerability. It's going to take us a while to figure out how to minimize
its disadvantages while using its potential to connect with each other.
**********
Gillian Kerr, Ph.D., C.Psych.
President, RealWorld Systems
gkerr at realworldsystems.net
Read my weblog at http://blog.realworldsystems.net
