Tuesday, September 27, 2011

Spamming, Phishing, Authentication, and Privacy: it's not 2004 Anymore

I was just reading the Inside Risks column in the December 2004 CACM, and was struck by the opening statement: "It isn't news to most readers that email is becoming almost unusable." This was largely because of spam and phishing.

Kids these days have no idea how good they have it [ insert emoticon ]. Spam and phishing are almost non-problems for me now that both my personal and work e-mail accounts are hosted by Google. Gmail's spam filtering is excellent and even on the off chance that I have a look at a spam message, Google is good about flagging e-mail as possible forgeries, possible phishing, etc. Just a year and a half ago thing were not so good, but that was largely because UMBC was hosting its own e-mail, and occasionally e-mail from legitimate UMBC users would be shuffled off to my spam folder by UMBC's spam filters.

There are two minor annoyances I still have with spam.
  1. One is that there are a number of putative conferences that apparently send to mailing lists harvested from academic web sites. These tend to be in south or east Asia, and fall into two categories: outside my interests, or not prominent enough that I've ever heard of them. It's not that they are necessarily bad conferences, but if they were any good, why not get the word out through legitimate channels?
  2. A former co-worker apparently shared his e-mail address book with a social networking site cum spammer [ yourfanbox.com ] that repeatedly reminds me that Tom U. wants to connect through that site. Or maybe someone broke into his account. Or possibly they are complete forgeries. Gmail categorizes them as spam, but still the first few times I saw the name of this former coworker, I looked at the e-mail. Of course, Gmail doesn't open remote images, so there should be no way for the spammer to know I looked.
Added 2011-10-13: the spam claims to be from yourfanbox.com, which claims to have offices at FanBox  113 West G St, STE 510, San Diego. There is a link to control future e-mails, but no way I'm visiting a spammer's web site. Not from my machine.

No comments: