Leo's Answers #218 – February 16, 2010

A Weekly Newsletter From
Ask Leo!
Leo Notenboom

Hello!

Do you have a question for me? Don't hit reply! Head instead for the Ask Leo! home page and search the site first - seriously, around half the questions people ask are already answered there. You can also browse the archives, past newsletters and more. If you still can't find the answer you're looking for then by all means ask your question here (it's the fastest way).

Newsletter questions? Check the newsletter administration page. You can also unsubscribe using the link at the bottom of this email.

*** New Articles

Back From Down Under Version!

No new articles this week - I'm recovering from my vacation! See the Thoughts and Comments section, below, for more.

*** Comments

A sampling of some of the comments that have been posted on Ask Leo!

* * *

How can I know that emails I sent were received and opened?

Janet writes:

Most of these comments are re-statements of what Leo has said. The various commercial services which offer "delivery confirmation" are embedding a small-- typically one-pixel and marked transparent-- image that must be fetched from their servers. If the receiver's e-mail program requests that picture, then you know that the e-mail program is trying to display the e-mail. But as Leo said, if the receiver's e-mail program is set to not display pictures, then you won't know that your message has been opened. And, some e-mail programs display a pre-view of the message, which will make it look like the e-mail was read, when in reality is was just partially displayed on the screen. The human recipient might not even be physically present at the terminal when that happens, if he/she left the e-mail client up over night.

Zaher's comment explains how to request a receipt. As Leo said, however, most e-mail servers will ignore the request without notifying anyone. Some companies do enable this feature, but typically for *internal* e-mails only; so this might have some applicability for you.

Russ's comment about the "click the link" e-mails is a version of what Leo said about private messaging. If you look at the details of the link by right clicking on it, you'll probably see a long string of apparent gibberish after the site name. That's a "serial number" if you will, which identifies you as a recipient of a previous e-mail to the server when you click on the link. The server then gives you a custom response-- reset your password, view the important message, whatever. This requires your recipient to click on a link, however-- and we all know that you should not do that unless you're VERY sure that you know what you're doing.

Adding yourself to the "To:" line will tell you if your message was sent to the outbound queue, but it doesn't tell you that any of the other recipients received it. Usually, you can get the same result by looking in your outbox or sent items folder as well. Beyond telling you that your LAN and the backside of your own e-mail server is up, it doesn't tell you much. Although I should say, I use this technique myself fairly frequently, because I like filing copies of my outbound mail in the same folder as inbound mail from each client or project. But that doesn't mean it is a solid proxy for receipt.

Lastly, most e-mail programs have a display setting to inform you whether you have read an e-mail or not-- an open letter symbol, boldfacing, etc. This is a display setting only-- no notification is sent to the sender, and the user can change a message status from "read" to "unread" and back any number of times, with or without actually reading it. I have a BlackBerry and a laptop, and e-mails opened on one will still appear as "unread" on the other device, for example. So that wouldn't help the sender track who has or has not read a message.

In short-- ditto what Leo said. E-mail is just not feasible for highly time-sensitive or legally-binding communications-- for many, many reasons; the lack of delivery confirmation is just one of them.

*

Someone's sending email that looks like it's from me to my contacts, what can I do?

Joao writes:

Leo,

I think the email account does not need to be compromised for this to happen... but correct me if I am wrong:

1st, many people still keep sending emails to loads of people in CC rather than using BCC. That makes those emails easy picking and ripe for the harvest by bots... and they will be added, alongside yours, to spam lists, etc.

2nd, spammers these days have ways (a simple script can do this I think you mention it and it's called spoofing) to have any email inserted in the sent from... and sent to anyone they want, including all those found in not only spammers' lists but also those harvested from your CC fields. The familiar, recognizable email address on the sent from will make your friends trust the email... and get their machines compromised.

I have received emails from myself ~: with spam...

My email accounts have not been hacked into. It's a gamble... if your email has been around long enough, chances are, it will fall in the hands of spammers, even if you take all precautions, because many of your friends may not and will still expose your email on that CC field...

Maybe the best option (and I do not use it because still could not find something I like) is one of those automatic replies, that requires a one time confirmation --- proof that a human, not a bot, is on the other side of the line...

Know of any free PHO or CGI script that does this Leo?

What can also be done is create a "key" that tells your friends the email really is from you, for example, inserting in the subject line, before anything else, a signature of sorts... ex., {JaySafe2read}

Thanks for your time and all the wonderful work you do here.

Joao

The focus of this article is specifically when people can see that it's recipients in their address book that are being spammed. That's happening a lot. Yes, it's trivial for spammers to spoof a From: address, but those emails are typically random and not a blast to your entire address book at once. That's this article, by the way: Someone's sending from my email address! How do I stop them?!

I understand the appeal of challenge/response systems as they're known, but I hate them. They make the sender of an email pay the price in time and inconvenience. Most of the time if I get such a challenge, I ignore it, as I'm sure many people do. You won't get spam, but you also won't get a lot of emails you want. Imagine having a newsletter of 100,000 subscribers and getting challenge response floods every time you send a newsletter. And that's this article: What's this confirmation request I got when I emailed someone?

And for completeness, here's my article on using BCC to reduce spam: How does using BCC help reduce spam?

-Leo

*** Leo Recommends

ImgBurn
Free CD/DVD Burning Tool

There are many CD burning tools out there, including several popular free ones as well as several commercial ones. In fact, there's a good chance you might have a trial version of on of the commercial products on your machine right now - they're often included in the pre-installed software.

I use ImgBurn: it's free, it's lightweight, it does more than I'd ever need, and it's relatively easy to use.

I say that it's "relatively" easy to use, because its interface can be just a tad intimidating to the first time user. To overcome that, let me show you how to do a few common operations using ImgBurn.

Continue reading...

ImgBurn - Free CD/DVD Burning Tool
http://ask-leo.com/C3612

*

Each week I recommend a specific product or resource that I've found valuable and that I think you may as well. What does my recommendation mean?

*** Popular Articles

An extremely simple security setting that's important, and easy to overlook.

Change Your Password - No, not that one...

You probably need to change a password, but not the one you think.

News reports surfaced this week telling of a newly discovered vulnerability. Well, it's certainly not a new vulnerability, and whether or not it's really been "newly discovered" is arguable too. But it's definitely making the news.

As well it should.

Continue reading...
Change Your Password - No, not that one...
http://ask-leo.com/C2937

*

To be honest, this frustrates the heck out of me every time I hear it:

I have a massive malware infection, should I just get a new machine?

I have downloaded much of my music from the piratebay and torrentspy using bittorrent. I recently bought a new computer because my old computer had too many viruses to be repaired and now I want to transfer the music to the new computer. I was wondering if because my old computer was extremely infected with viruses and because my music has come from an untrustworthy source is it safe to put that music on the new computer so that the new computer will not be infected with viruses?

Clearly downloading files from untrustworthy sources is bad. Transferring those files to another computer doesn't magically make them safe.

But that's not why I'm addressing this question.

You should never have to buy a new computer because of virus infections.

Never.

I hear this often enough that I want to address it and clear up the confusion.

Continue reading...
I have a massive malware infection, should I just get a new machine?
http://ask-leo.com/C3654

*** Our Sponsor

THE CURE FOR BORING E-MAILS

Sick of the same tired, stupid old jokes people e-mail around
like the flu? This is True's stories are new every week --
and free! Bizarre-but-true news briefs with off-the-wall
commentary by "The Jay Leno of Cyberspace" (L.A. Times).
http://www.ThisIsTrue.com

Advertisement. Ask Leo about advertising here.

*** Thoughts and Comments

OK, I'm home. Or, rather, if all went as planned, I'm home.

But, to be honest, between travel and jet-lag and time zones and what will no doubt be a huge pile of mail (both electronic and otherwise) that's accumulated while I've been away, I've extended these vacation newsletters for an additional week - just so I can have some time to catch up. If I'm on the ball, the "ask a question" form has been turned back on, though.

You should start seeing new answers trickle out in the mailbag, new articles appear on Ask Leo! this week, and a brand new newsletter a week from now.

I predict that I'm tired and probably happy to be back in my own bed. Smile

Leo
Leo A. Notenboom

*** Administration

Need more help with or have questions about the newsletter? Check out the newsletter administration page.

Newsletter contents Copyright © 2010,
Leo A. Notenboom & Puget Sound Software, LLC.

]]>