Internet Changes Everything: email Archives

Category Archive

November 01, 2006

Strategic Security: Developing a Secure E-Mail Strategy

Strategic Security: Developing a Secure E-Mail Strategy - Security - Network Computing

Message encryption, along with other measures, should be a critical part of your overall security strategy. But poor planning could leave your organization compliant and yet still unprotected. Here's how to choose the right combination of encryption and protection technologies to suit your needs.

Introduction
Encryption Options
Stop Viruses, Can Spam
Securing Mobile Devices

Oct 26, 2006 - By Christopher Beers

As an IT manager, your professional life is a balancing act in which you weigh the needs of your department against the reality of your budget. The range of potential purchases that makes up your budget proposal includes “critical” products, as well as not-so-urgent pet projects. Before you finalize next year’s capital budget, better be sure you’ve included funds for e-mail encryption in addition to virus scanning and content filtering.

E-mail security encompasses a wide variety of initiatives that attempt to reduce risk to employees, IT networks, intellectual property and customers. Recent legislation has forced businesses to implement various e-mail security initiatives that might not have been deployed voluntarily. Although virus scan-ning is old hat to most IT shops and content filtering is becoming just as common, encryption–a broad topic that is often overlooked by small businesses–is becoming increasingly important, especially given the rise of Wi-Fi hot spots and the use of handheld devices, such as Treos and BlackBerrys. The three types of e-mail encryption–boundary, staging server and end-to-end–offer varying levels of security. The type of encryption that makes sense for your company will depend on the kind of business you’re in and the type of content you need to lock down.

Bolt Down Your Email

Nearly half of 149 IT decision-makers for North American small companies surveyed by Forrester Research said they plan to spend capital in 2006 to secure e-mail. They’ll focus their capital on securing e-mail at the gateway, concentrating on spam, viruses and regulatory compliance. This trend is likely to continue and will probably increase in the coming years as companies realize the importance of e-mail security to their overall security strategy.

So which combination of encryption and protection is right for you? There’s no single answer. It’s safe to say, however, that a blind drive to meet bare-minimum compliance standards is a poor method for choosing an encryption-security solution–such a strategy could leave your organization compliant but still insecure.

Encryption Options

A variety of technologies have emerged in the encryption field. Boundary, or gateway, products attempt to encrypt e-mail before it leaves the corporate network. This method seems to have the most traction given its ease of implementation compared with that of other technologies. Staging-server encryption captures and stores secure e-mail locally on the network for remote users to retrieve over secure Web portals. Finally, end-to-end encryption offers the most secure scenario, encrypting the message immediately after the user clicks the Send button (see “Encryption Models,” right).

Large-scale deployments of completely secure e-mail are seen mostly in military, financial, health-care and government organizations. And growing businesses are more likely to deploy secure e-mail solutions for specific departments, such as finance, accounting and HR, according to Gartner. These highly secure e-mail systems are expensive, costing $20,000 to $200,000 for a 2,500-user installation, on top of the cost of an existing e-mail platform, Gartner estimates.

» Boundary Encryption

Boundary solutions work well for communications within the corporate network, but may not work for external e-mail, particularly to general consumers. In the boundary model of e-mail encryption, secure relationships are established with the boundary servers of both partner entities. This is typically a manual process, though it’s possible to configure some devices to automatically attempt to deliver the e-mail securely, and then fall back to normal mode if secure channels are unavailable. When a secure connection can be established, all e-mail sent between the two gateway servers is encrypted, which means when the data is most vulnerable, it has already been encrypted as it passes over the Internet. In this model, e-mail transiting within your corporate e-mail infrastructure is not encrypted.

Companies with encryption products in this arena include IronPort, Tumbleweed and Voltage Security. These vendors provide devices that serve as a barrier, residing on the edge of the network, filtering all incoming and outgoing messages for spam, malware and phishing.

More important, to address compliance issues, these devices also can provide encryption using a variety of technologies, including PGP, S/MIME and TLS (Transport Layer Security). TLS adoption continues to rise, and it’s likely to remain the preferred method through 2009. This is due to its popularity, acceptance and maturity as a secure transport. PGP (Pretty Good Privacy) is a free technology developed by the company of the same name and is effective and easy to use. It’s a public-key technology; servers share their public key and encrypt the message with a private key. Using the public key found and managed by Internet keyservers, receiving e-mail servers can decrypt messages. S/MIME (Secure/Multipurpose Internet Mail Extension) is similar to PGP. Encryption products operating at the boundary are best-suited for small companies that send sensitive data from one corporate entity to another. This solution gives them the most bang for the buck and secures e-mail where it’s most vulnerable.

» Staging-Server Encryption

Staging servers are used to store sensitive e-mail that can be retrieved later by the recipient on your secure network. If a user sends an e-mail to a domain that’s listed as secure by your outbound security filters, it’s routed to a server on your network. E-mail is then sent to the recipient notifying him that he has received a secure message. To read the message, the recipient must log into the secure server, usually using a secure Web portal, to view and respond to the message. This solution can be implemented using gateway devices or can be configured in certain software applications: PostX and Tumbleweed offer good products in this arena. For companies, such as banks, HR firms or credit-card companies, that want to notify customers their attention is needed–for instance, to ascertain that a transaction took place–this method works well.

There are some disadvantages to staging-server encryption, however. If end users correspond often with external recipients, each of those recipients will be forced to maintain yet another in-box and sent-mail box. And forgotten-password resolution for occasional users and automated password recovery must be well-thought-out to prevent additional work and unauthorized access.

» End-to-End Encryption

End-to-end encryption does what its name suggests: Data is encrypted by the sender and remains so until decrypted by the recipient. Typically, software agents are deployed that let users send encrypted mail by pressing a “Secure Send” button. There are products from PGP, Voltage Security and others that work with all major desktop clients. End-to-end encryption is suitable for environments–such as finance, accounting and HR– in which sensitive information must be kept secret and transmitted securely.

End-to-end encryption can be configured per user, per department or enterprisewide. It typically works using public-key encryption, with end users storing their public keys on servers that anyone can access–most frequently on servers maintained by the Massachusetts Institute of Technology or PGP. When a user sends an e-mail message, it’s immediately encrypted using the recipient’s public key found on key servers located on the Internet. Once the message is received, the recipient uses a private key to decrypt and view the message. This technology is getting easier to install and implement, but to encrypt a message, the recipient’s public key is required, so if a recipient doesn’t have one (and most don’t) e-mail messages sent to that recipient will not be encrypted. There is, of course, a mechanism by which users are notified whether their e-mail was sent securely.

Stop Viruses, Can Spam

Eliminating virus threats from e-mail is a two-fold process. First, you must prevent viruses from entering your e-mail infrastructure by using software or hardware. Then, you must ensure your solution is updating its virus-definition files–year-old definition files are useless. And it’s not sufficient to simply deploy protection that scans incoming e-mail for viruses; you must prevent users from spreading the infection among internal e-mail servers as well as to computers outside your IT networks. Second, each desktop computer must have virus-scanning software that searches e-mail attachments to remove the threat of infection.

McAfee, Symantec, Trend Micro and other security vendors all offer add-on software that downloads regular updates to ensure you have the latest signatures for current viruses. You also can replace your inbound gateway e-mail servers with an appliance capable of removing virus content from e-mail. IronPort, Sonicwall and Symantec offer e-mail security in hardware devices that do more than virus scanning; these appliances also find potential malicious content.

As we mentioned last November, legislation such as the CAN-SPAM Act of 2003 has not led to a decrease in the amount of spam a typical end user receives (see “Spam Filters: Still Sick of Spam”). Content-filtering software, however, can reduce the number of spam and phishing messages that make their way to e-mail in-boxes. Our Network Computing Barracuda spam filter tagged 86.7 percent of all our mail as spam earlier this year–that’s 7,348,391 messages. That ratio was relatively unchanged from testing we did in October 2005 and May 2004. (Barracuda won Network Computing’s 2005 Well-Connected Award in the Antispam Tool category.)

Most spam is now blocked at the boundary, before it reaches the messaging server, by devices such as Tumbleweed’s MailGate Email Firewall, which uses the company’s DAS (Dynamic Anti-Spam) technology, and IronPort’s C600 appliance with Symantec Brightmail Anti-Spam. You can also buy software that runs on a corporate mail platform to protect gateway server devices.

Today, the greater threat comes from spyware and phishing attacks rather than conventional spam. In extreme cases, instances of spyware, especially key loggers, can compromise a company’s intellectual property. Besides the increased risk of losing data when spyware is installed, it can be difficult and time-consuming to remove. And, productivity can suffer when employees spend company time fixing credit reports harmed during a phishing attack. So filtering only for spam is clearly not a wise choice.

One area of content filtering that doesn’t get enough attention is that of intellectual property in outbound e-mail. Nearly 50 percent of network security attacks come from within the so-called secure boundary of the corporate network, according to Deloitte’s 2006 Global Security Survey (see “Data Drain”). People have different incentives for accumulating corporate information illegally. They might be paid handsomely for stealing data, or they might simply take data because they can. We’ve all come across the end user who, knowing he’ll be leaving the company soon, decides to forward all e-mail in his in-box to his personal e-mail account. We’re also familiar with the more damaging scenario of the employee who takes all of her contacts–including valuable sales leads–with her to her next job. Creating an effective e-mail security policy that includes scanning outbound e-mail for sensitive content can help protect your corporate secrets and keep information from getting to where it shouldn’t. But content scanning is still not as accurate as virus scanning. False positives, mistuned policies and e-mail mistakenly held up as “potential” threats on outbound servers will cause business delays.

Policing Your Setup

Combating viruses, spyware and phishing attacks does not stop with the selection and implementation of one of these technologies. Your security policy must be clearly defined to match the sensitivity of your data, and it must be enforced; it must convey who owns e-mail and how it is used. Undesirable e-mail security scenarios can be avoided through awareness campaigns and personnel training. Make sure your end users log out of their Windows sessions when leaving their workstation to prevent unwanted browsing of their in-boxes. Work with HR to ensure that employees are aware that all corporate e-mail is the express property of the company, not the employee. Take measures to make sure passwords aren’t written down and placed on monitors or under keyboards. These sound like common-sense measures, but we all know how often these guidelines are ignored. Finally, be wary of visitors to your offices, and make sure they are chaperoned when appropriate. Based on these concepts, create e-mail education seminars for your users. Training your end users will allow them to police themselves.

One of the more deadly delusions in the IT world is that the systems administrator or security officer can somehow maintain control over the network and all the information in it. The fact is, though IT professionals create and enforce policy, end users’ actions ultimately dictate how technology is used in the enterprise.

Securing Mobile Devices

Many executives, managers and even IT personnel carry handheld devices so they’re never out of communication. These devices have consumer versions of software that handle e-mail synchronization using POP and even Microsoft Exchange. For better security, all enterprises must consider acquiring the enterprise software versions of these devices.

BlackBerry’s BES (BlackBerry Enterprise Server), for example, gives systems administrators the flexibility and control they desire while providing the encryption necessary to achieve compliance with federal and state mandates. BES offers the option of using AES (Advanced Encryption Standard) or Triple-DES (Data Encryption Standard) to encrypt data sent from the messaging server to the handset. Additionally, BES lets systems administrators make changes to end users’ handheld devices remotely. Devices can be entirely disabled, passwords can be changed and, in cases where the device is lost or stolen, data can be wiped from the device–all by remote administration.

If your corporation uses Treo devices, there are solutions for synchronizing e-mail over secure POP or Exchange synchronization, including third-party programs to send specially crafted text messages that will wipe the data from the device. Good Technologies offers a similar secure Exchange synchronization product for Palm OS and Windows Mobile users.
From Dark Reading (http://www.darkreading.com/document.asp?doc_id=109262&print=true)

Christopher T. Beers is an NWC contributing editor and manager of systems operations for a large broadband ISP, where he oversees daily operations of high-speed data and VOIP for the Northeast United States, including Solaris and Linux administration. Write to him at cbeers@nwc.com.

OCTOBER 30, 2006

November 1, 2006 at 09:24 PM in email | Permalink | Top of page | Blog Home

September 12, 2006

E-mail authentication: The choices

June 12, 2006 (Computerworld) -- Some observers criticize IT vendors for not agreeing on a single, standard way for dealing with evil e-mail. The key e-mail authentication protocols are Microsoft's Sender ID Framework (SIDF), with its Sender of Policy Framework (SPF) records, and the rival Yahoo/Cisco DomainKeys Identified Mail (DKIM).

But a good case can be made that e-mail senders, Internet service providers and e-mail recipients should use both SIDF and DKIM.

"Domain owners are well advised to publish information using both standards, and e-mail recipients can use both standards to help filter spam," says Richi Jennings, an e-mail security analyst at Ferris Research Inc. in San Francisco.

But, he adds, "DKIM is better because the methods used to verify that the sender was authorized to use that domain are stronger. SPF/Sender ID has issues with mail lists and other things that autoforward mail."

DKIM is stronger, Jennings says, because it generates cryptographic hashes of content using keys owned by the e-mail sender's domain, while SIDF is simply based on which IP address the message comes from. "This means that DKIM is harder to set up and a little more expensive in terms of computing horsepower," he says.

John Scarrow, Microsoft's general manager of antispam and antiphishing strategy, agrees that the approaches are complementary. "By utilizing both, e-mail senders receive optimal protection and functionality across the board," he says. He acknowledges that DKIM is better for automatic forwarding by servers, such as when a user configures his Hotmail account to automatically forward messages to his Microsoft account.

But Scarrow argues that DKIM requires users to upgrade to both outbound and inbound message-transfer agents (MTA), such as Microsoft's Exchange Server, and affects "about 10% to 15% of computing cycles, while SIDF has no outbound impact to the MTA and negligible impact to any computing resources."

September 12, 2006 at 02:17 AM in email | Permalink | Top of page | Blog Home

The Future of E-mail

une 12, 2006 (Computerworld) -- Your company scans incoming e-mail for viruses and outgoing messages for confidential information. Your spam filter snags most of the garbage, and it gets better as it learns the latest spamming and phishing spoofs. You're encrypting sensitive e-mail now, and you recently completed a project that keeps your messages safely archived in case federal regulators come knocking.

Indeed, with the right technology, the right policies and a little slice of your budget, you can pretty much manage the messaging madness. And new technology likely to emerge from the labs in the next year or two will help bring a little more civilization to the world of e-mail, ensuring its continued place among the most popular and important of all corporate applications.

However, e-mail's problems will accompany it into its second act, especially as users deploy a growing variety of mobile devices and discover new ways of communicating -- such as instant messaging, blogs, wikis and virtual reality spaces you've never even dreamed of. These will offer green pastures for hackers, spammers and phishers, and will require a whole new round of defensive tools, techniques and policies.

While today's efforts to improve e-mail are aimed mostly at curing its ills, research in vendor and university labs points to brave new uses for the humble e-mail message, from knowledge mining to workflow enhancement. Interviews with researchers, futurists and IT managers yielded the following conclusions about the future of e-mail.

1. New technologies, plus economic and political pressures, will eventually tame the malware.

Ray Tomlinson, a principal engineer at BBN Technologies in Cambridge, Mass., calls the struggle against spam, phishing and malware "pretty much a draw" at present. He has a good deal of perspective on these issues, having sent the world's first network e-mail message in 1971.

Tomlinson points with hope, but some exasperation, to alternate -- some would say competing -- proposals for stemming the tide of offensive, malicious and deceptive e-mail.

"It's not so much a hard technical problem; it's a hard business and political problem," Tomlinson says. "The players have vested interests in the various approaches, and they are fighting tooth and nail to get their approaches adopted. It's not the end users who are the bottleneck here."

Microsoft Corp. is pushing its Sender ID Framework, which verifies that a message was actually sent from a server authorized to send mail for the domain owner. John Scarrow, Microsoft's general manager of antispam and antiphishing strategy, says Sender ID has been adopted by 73% of Fortune 100 companies and is used for 31% of all e-mail messages.

An experimental system at HP Labs shows actual e-mail paths (the gray lines) overlaid on the lab's formal organizational structure (the black lines).
An experimental system at HP Labs shows actual e-mail paths (the gray lines) overlaid on the lab's formal organizational structure (the black lines).
"We are seeing the amount of spam now starting to plateau," he says. "It's a good indication the industry is starting to take a good bite out of the economics of the business."

More good news, Scarrow says, is that while IM and other modes of electronic communication also need to be protected, the technology for doing so is similar to that for e-mail.

Meanwhile, Yahoo Inc. and Cisco Systems Inc. last year submitted to the Internet Engineering Task Force a proposed standard called DomainKeys Identified Mail (DKIM), which, like Sender ID, is designed to guard against spoofing and phishing by authenticating an e-mail sender. DKIM verifies the domain of the sender and also cryptographically verifies the integrity of the message.

In addition to Sender ID, Microsoft has the SmartScreen filter, which uses statistical techniques to learn what's spam and what isn't, and the Phishing Filter add-in for the MSN Search Toolbar. But those tools are not enough, say the folks at Microsoft Research, where some 40 people work on new e-mail technology.

For example, researcher Joshua Goodman says the ultimate solution could be a four-pronged defense against spam called SmartProof. Here's how an experimental version of it works:

* First, a machine-learning filter, similar to SmartScreen, snags the obvious spam and quarantines it or throws it away. The filter passes on to the user's in-box any message that is from someone on the user's "whitelist."

* Messages suspected of being spam trigger replies to the senders, challenging them to prove they're not spammers.

* Senders may respond to the challenge by solving some kind of a puzzle -- one that's easy for a human but hard for an automatic spam generator.

* Alternately, senders can ensure the delivery of their messages by making credit card-based "micropayments." The payments may go to the recipient, the Internet service provider or a charity, or they can be refunded to the sender if the message turns out not to be spam.

"We thought if we could put all that together, we'd have a great long-term solution," Goodman says. "Obviously, it's a very ambitious plan, and I don't think we ever thought it would happen quickly."

Elsewhere at Microsoft, researchers are working on a prototype called MailScope that monitors e-mail routes and alerts users when significant delays are expected. If MailScope sees persistent delays between, say, Microsoft.com and Berkeley.edu, it warns users on those servers that delays are likely, much as a traffic report notifies drivers of congested routes.

In a related Microsoft project called SureMail, when a message is sent, a system posts a tamperproof notification to a table somewhere on the Internet. E-mail recipients periodically query the table and match notifications with messages received. If they find a notification for which there is no message, they know the message has been lost. Microsoft calls these "silent" losses because they so often go undetected. In controlled experiments over two months, using a variety of e-mail systems and carriers, Microsoft found that one in 140 e-mail messages disappeared without a trace. Delays averaged four minutes but lasted as long as 27 hours.

Despite the extensive research and development, some observers say technology can never completely cure e-mail's ills. Economic and regulatory tools will be needed as well, they say.

"Ultimately, I believe there will be a pay-per-message type of service that charges to ensure that e-mail is spam-free," says CIO Matthew Lynch at ShopKo Stores Inc. in Green Bay, Wis. E-mail carriers will charge companies a penny or two per message and will in exchange certify those messages as legitimate, he says. Lynch also predicts "stronger legislation around this topic."

A combination of technology, policy and market measures will keep e-mail among the top of all corporate applications, most users say. "E-mail will continue to be an integral form of communication," says Matthew Marks, head of integrated user services at Aetna Inc. "The capability to quickly and easily distribute a message with an attachment -- documents, links, objects, etc. -- to a large, dispersed audience with tracking and audit cannot be matched by IM, fax or snail mail."

2. E-mail -- just one of the many communications streams in the workplace -- will become part of a "puddle," or "activity thread."

Although e-mail seems unlikely to be supplanted by alternatives, the job of the IT manager is nevertheless complicated by the emergence of other options.

E-mail is in its "pimply adolescence," says futurist Paul Saffo at the Institute for the Future in Palo Alto, Calif. The problems of spam, phishing and e-mail-borne malware will be conquered, he predicts. In the meantime, he cautions, "you can't treat e-mail in isolation. All of our communications forms are melting away, and we are creating new things out of the puddle of old stuff."

Richard Golden, vice president for IT infrastructure at Circuit City Stores Inc. in Richmond, Va., says these threats will cause corporations to augment their technology defenses with strong policy defenses. He says it's relatively easy to protect e-mail systems with spam filters, virus scanners and the like because the systems are well defined, with discrete messages going from Point A to Point B through corporate IT assets.

"But things are converging into a world that is not as clearly definable as a corporate e-mail system," he says. "I think you'll see more policies about things like blogging, for instance. As the lines blur on the means for communications, it's going to require more focus on the information conveyed, regardless of the means used to convey it."

IBM Research is looking for ways to combine e-mail with other functions and integrate it seamlessly into users' daily activities. "It's not enough to help people manage their e-mail; it's important to help them manage their work," says Dan Gruen, a research scientist at the company's facility in Cambridge, Mass. That involves "connecting all the communications and information feeds around a topic or activity," he says.

For example, an IBM Research proto-type called Activity Explorer is a collaboration tool that pulls together e-mail messages, synchronous communication such as instant messages, screen images, files, folders and to-do lists. A project team can establish "activity threads" containing these feeds and can switch easily between asynchronous and real-time collaboration. An activity thread might include the messages, chats and files exchanged among members of a team that's writing a contract bid, for instance.

A more advanced experimental tool from IBM called Unified Activity Manager does all that and more, linking into other corporate applications such as workflow systems. It not only combines the elements of a current activity but also pulls in those elements from past similar activities. These notions of "activity-centric collaboration" will show up in the next release of Lotus Notes, dubbed Hannover, which is expected to ship next year, Gruen says.

Meanwhile, Microsoft Research has developed a way to combine e-mail, files, Web pages, calendar entries, to-do lists and other materials into one searchable archive. Called "Stuff I've Seen," the prototype uses MS Search to index a user's important content and then offers it through a unified interface with sorting, filtering, previews and thumbnail views.

3. New e-mail applications will emerge, including tools that mine message archives for corporate intelligence.

Even as e-mail yields turf to upstarts like IM, especially among younger users, new uses for e-mail are on the horizon. As companies and individuals begin to systematically archive messages, the e-mail becomes available for data mining, and researchers at a number of companies and universities are developing ways to make these archives more accessible.

For example, Hewlett-Packard Co. researcher Bernardo Huberman is devising ways to "harvest organizational knowledge" by mining the e-mail messages and PowerPoint presentations of employees. His techniques go way beyond the searching and categorization of messages that products do pretty well now. Huberman looks at the strengths of communication bonds among employees and patterns of communication that can reveal both hidden problems and opportunities.

"You can look at an organizational chart and make all sorts of inferences about how people work, but when you look at e-mail patterns, you see how they work in a different way," he says. "You discover leadership roles, such as who's the hub through which most of the e-mails go, that you wouldn't identify from the organizational chart."

The result of such pattern or network analysis might be to reorganize departments, projects or activities around those hubs, Huberman says.

HP Labs is now prototyping a tool called Knowledge Navigator that's based on those principles. It applies text mining, clustering algorithms and statistical analyses to employee e-mails and presentations stored on HP's servers. It could handle a query such as, "Who are the top five experts on topic x?" Huberman says, even when such expertise is not explicitly noted in org charts or personnel records.

Huberman says this kind of knowledge harvesting will be used by companies internally on their employees and externally on customers, resulting in the ability to generate messages and pitches aimed at both groups. "What we will see in the next few years is a very targeted way of placing information in the hands of relevant people," Huberman says. "Sure, it can be annoying, but it's better than getting spam on things you don't care about."

Despite the benefits, he acknowledges that mining messages raises ethical and potential legal issues. "In the next few years, we will see a blurring of the boundaries between what is considered private and public," Huberman says.

Mining employee e-mails is "something the company has an interest in, and we are starting to see that interest grow," says Carl Jones, director of collaboration services at The Boeing Co. in Chicago. He says the company has a knowledge management pilot project that, among other things, examines e-mail messages.

"If you have a business problem, you may be able to mine across the e-mail spectrum and find out, hey, there are people out in the field who are subject- matter experts that can help you," says Jones. But, he adds, "we'll have to be very careful about policies on privacy and so on."

Jon Kleinberg, a professor of computer science at Cornell University , says much can be learned from the networks created by people's activities on the Internet.

"How can you infer that someone is influential?" he says. "Is it the obvious things, like they send and receive the most messages, or is it more subtle things, like they operate at the periphery [of a group] but pull together groups that are otherwise weakly connected?"

Kleinberg says answers to such questions may have profound importance for companies that sell online and rely on word-of-mouth recommendations via customers' e-mail. He's looking into two competing theories as to why that kind of e-mail sometimes leads to snowballing sales and other times fizzles.

"Is it the attractiveness of the product, or is it something about the community of people who are into those kinds of products?" Kleinberg wonders.

He says e-mail pattern analysis could help a company answer questions such as, "Who are the key people to influence?" and "For which products is it worth it, and for which is it not?"

"Social network analysis is one of the great tools for productivity going forward, and very few people understand it," says Thornton A. May, a Computerworld columnist and dean at the IT Leadership Academy at Florida Community College at Jacksonville. "People tend to think of social network analysis as a list of people -- an address book. But it should tell you not just who knows who, but who knows what as well."

Users should see social network analysis as more than a way to find dates or customers. It can "solve problems, create teams or recombine organizations," May says.

IBM's Unified Activity Manager

IBM's Unified Activity Manager combines e-mails, files and schedules associated with a multiperson effort to respond to a request for proposals. This kind of capability will ship in IBM's next version of Notes, dubbed Hannover.
(Click image to see larger view)

September 12, 2006 at 02:15 AM in email | Permalink | Top of page | Blog Home

February 24, 2006

Security of email

SECURITY OF PUBLIC WEB SERVERS

Shirley Radack, Editor

Computer Security Division

Information Technology Laboratory

National Institute of Standards and Technology

Electronic mail (email) is an essential communications tool for many industry, government, and academic organizations. Email is popular and convenient for exchanging messages, data files, images, and sound clips over computer networks and especially over the Internet. Two principal components, mail servers and mail clients, support the email processes. The mail server is the computer host that delivers, forwards, and stores the mail. Users interface with the mail client software to read, compose, send, and store email messages.

Because they are vulnerable targets for attack by malicious intruders, both mail servers and mail clients must be protected. In September 2002, the National Institute of Standards and Technology (NIST) issued NIST Special Publication (SP) 800-45, Guidelines on Electronic Mail Security, by Miles Tracy, Wayne Jansen, and Scott Bisker, to help federal agencies improve the secure design, implementation, and operation of their electronic mail servers and clients.

NIST SP 800-45 describes secure practices for the installation, configuration, and maintenance of mail servers and clients. Topics discussed in the guidelines include the security aspects of email standards, use of encryption standards, the security of the underlying operating systems, and the filtering of email content. The publication gives details on the use of devices such as firewalls, routers, switches, and intrusion detection systems to protect networks, and offers recommendations for managing the mail server in a secure manner using backups, tests, updates, patches, log reviews and records management practices. The appendices provide a glossary and information on mail-related standards and security tools. Also included in the appendices are discussions of the secure use of Microsoft, UNIX, and LINUX mail systems, references that are available in print and electronic format about protecting email systems, and a security checklist.

Along with other guidelines and recommendations, NIST SP 800-45 provides agencies with comprehensive information about protecting the computer and network systems that interact with and serve the public. NIST publications are developed primarily for the federal community, but should be useful to individuals, the private sector, and other public sector organizations. Other recent publications covering the security of publicly accessible systems include NIST SP 800-44, Security of Public Web Servers, and NIST SP 800-46, Security for Telecommuting and Broadband Communications. Summaries of these publications were featured in the November and December bulletins in this series. Information technology security publications and ITL bulletins are available in electronic format from the NIST website:

http://csrc.nist.gov/publications/

Vulnerabilities of Mail Servers and Clients

After web servers, an organization’s mail servers are typically the most frequent targets of attack as both mail servers and public web servers communicate to some degree with unknown parties, who may or may not be trustworthy. Attackers, with their thorough understanding of the supporting computing and networking technologies, have been successful in exploiting weaknesses in mail servers and clients.

Mail servers and clients can be vulnerable to events such as:

· Denial of service (DoS) attacks that are directed to the mail server or its supporting network which can deny or hinder access to the mail server by valid users.

· Sensitive information on the mail server may be disclosed or changed in an unauthorized manner.

· Sensitive information that is transmitted unencrypted between mail server and email client may be intercepted. For example, the email software may default to sending usernames, passwords, and the email message itself without the protection of encryption.

· Information within the email message may be altered at some point between the sender and recipient.

· A successful attack on a mail server can be used to gain unauthorized access to resources elsewhere in the organization’s computer network, including user passwords and other computers on the network.

· A mail server that has been attacked can be used to attack another organization’s network, perhaps creating liability for damages to the sending organization.

· Attackers may use the organization’s mail server to send email-based advertisements (commonly referred to as spam).

· Viruses and other types of malicious code may be distributed to computers throughout an organization via email.

· Users may send inappropriate, proprietary, or other sensitive information via email. This could expose the organization to legal actions.

What Can Be Done to Improve Email Security

Mail servers, mail clients, and the network infrastructure that supports them must be protected to avoid the conditions that can lead to damage, compromise of information, and inconvenience. With good planning and rigorous implementation of secure configurations and operational procedures, organizations can operate successful electronic mail operations while protecting their networks and information resources.

The following actions will help organizations to improve their email security:

· Plan carefully and address the security aspects of the deployment of a mail server.

Careful planning is the essential first step to assuring that mail servers have been installed, configured, and implemented in a secure manner. It is more difficult to address security issues once deployment and implementation have been completed. A detailed and well-designed deployment plan enables the organization to make prudent decisions regarding the tradeoffs between usability, performance, and risks. A deployment plan makes it possible to maintain secure configurations and identify security vulnerabilities.

All mail server activities should be carried out in compliance with the organization’s plans and policies. Plans and policies should support the application of consistent management controls across the entire organization. This is essential in order to avoid variations in controls that can result when the information technology support staff becomes fragmented within the organization.

The following items should be considered when planning a mail server:

· Identify the purpose of the mail server and the information to be processed on or transmitted through the mail server.

· Identify the security requirements of the information.

· Identify other services to be provided by the mail server and their security requirements.

· Identify the location of the mail server, the network services to be provided, and the network service software on both the clients and the server.

· Identify the users or categories of users of the mail server and any support hosts.

· Determine the privileges that each category of user will have on the mail server and support hosts.

· Consider issues such as authentication methods, enforcement of access rules, cost, and compatibility with the existing infrastructure, employee skills, and vulnerabilities.

· Work closely with vendors in the planning stage.

The deployment plan should address the human resource requirements for both the deployment and the operational phases of the mail server and its supporting infrastructure. The following issues should be covered in the deployment plan:

· The types of personnel required, including the system and mail server administrators, network administrators, and information systems security officers (ISSOs).

· The skills and training required by assigned personnel.

· The levels of effort required of specific individuals and of the entire staff involved in deploying and operating the mail server.

· Implement appropriate security management practices and controls to assure that the mail server is maintained and operated securely.

Protecting the operating system helps to protect the mail server from exposure to danger. Appropriate management practices are essential to operating and maintaining a secure mail server. Security practices include the identification of an organization’s information system assets and the development, documentation, and implementation of policies, standards, procedures, and guidelines. The goal is to ensure the confidentiality, integrity, and availability of information system resources.

The following practices are recommended.

· Create an organizational-wide information system security policy that states the basic policy and outlines responsibilities within the organization for carrying out the policy.

· Control and manage the modifications to a system’s design, hardware, firmware, and software to assure consistency in handling changes and protection against improper modifications.

· Establish risk assessment and management procedures to collect and analyze data about assets, threats, and vulnerabilities. Based on the analysis of risks, select and implement controls to reduce risks to a level acceptable to the organization.

· Develop standardized software configurations for widely used systems and applications. This will provide guidance to mail server and network administrators on secure configurations that satisfy the information system security policy of the organization.

· Use security awareness and training programs to make users and administrators aware of their security responsibilities, correct practices, and individual accountability.

· Carry out contingency planning, continuity of operations, and disaster recovery planning to maintain operations if there are disruptions.

· Apply certification and accreditation techniques to analyze how well a system meets its security requirements. Document management acceptance of the analysis and the extent to which the system meets the technical requirements for security.

· Ensure that the mail server operating system is deployed, configured, and managed to meet the security requirements of the organization.

The operating system that supports the mail servers must be secure. It is important to check the hardware and software configurations, which may have been set originally to emphasize features, functions, and ease of use, rather than the security of the system. Since each organization has unique security needs, the mail server administrator should configure new servers to meet the organization’s requirements. As requirements change, systems should be reconfigured. NIST SP 800-45 provides references and information about automated tools to help mail server administrators develop and maintain operating system security. To secure the operating system, follow these steps:

· Patch and upgrade the operating system to correct known vulnerabilities.

· Remove or disable all unnecessary services and applications, and enable only those services that are required by the mail server.

· Configure the operating system to authenticate users.

· Configure access controls to specify access privileges to files, directories, devices, and other resources.

· Test the security of the operating system periodically to identify vulnerabilities and to validate the effectiveness of security measures.

· Be sure that the mail server application is deployed, configured, and managed to meet the security requirements of the organization.

In general, the same steps that are recommended for protecting the operating system also apply to the secure installation and configuration of the mail server application. The goal is to install the minimal amount of mail server services required and to eliminate any known vulnerabilities through patches or upgrades. The following steps should be followed to secure the mail server application:

· Patch and upgrade the mail server application to correct for any known vulnerabilities.

· Remove or disable unnecessary services, scripts, applications, and sample content.

· Configure mail servers to require authentication of users.

· Configure mail servers to implement the same or more restrictive controls on access to resources as those enforced by the operating system.

· Test the security of the mail server application.

· Consider implementing and using cryptography to protect user authentication and mail data.

Cryptographic functions have been added to standard email protocols to allow for encryption of the message, authentication of sending party, non-repudiation of the message, and integrity of the message. Mail protocols can be attacked when they default to unencrypted user authentication and send email data in the clear (unencrypted). Attackers can intercept this data, compromise a user’s account, and alter unencrypted messages. At a minimum, organizations should consider encrypting the user authentication information even if they do not encrypt the email message. Encrypted user authentication is now supported by most standard and proprietary mailbox protocols.

There are many issues to be considered regarding the encryption of email. Encrypting email places a greater load on the user’s computer and on the organization’s network infrastructure. Encryption may complicate virus scanning and mail content filtering, and usually entails significant administrative overhead. However, for many organizations, the benefits of email encryption will outweigh the costs.

· Use the network infrastructure to protect the mail servers.

The network infrastructure, including the firewalls, routers, and intrusion detection systems that support the mail server, plays a critical role in maintaining the security of the mail server. In most configurations, the network infrastructure will be the first line of defense between potential attackers using the Internet and the mail server. Network design alone, however, cannot protect a mail server. Attacks have been too frequent, sophisticated, and varied. The best defense is through the application of diverse and layered protection mechanisms.

· Continue to maintain the security of mail servers in an ongoing process.

Maintaining a secure mail server requires continued effort, resources, and vigilance from an organization. Daily attention to the administration of a mail server is essential. The following steps are recommended for maintaining the security of mail servers:

· Configure, protect, and analyze the log files of information about access and use of the mail server.

· Back up the data on the mail server frequently.

· Analyze intrusions and protect against malicious code (e.g., viruses, worms, Trojan horses).

· Establish and follow procedures for recovering from compromise.

· Test and apply patches in a timely manner.

· Test the security of the system periodically.

About Standards for Secure Electronic Mail

Standards are critical to the successful exchange of email. Standards for electronic mail have been developed by the Internet Engineering Task Force (IETF), a large open international community of network designers, operators, vendors, and researchers, who are concerned with the evolution and operation of the Internet architecture. The standards cover the composition, formatting, transmission, delivery, and storage of email, and they often reference other standards issued by the International Organization for Standardization (ISO) and the International Telecommunication Union (ITU). The handling of an email message involves many complex steps, and the use of standards makes it possible for different systems to interchange messages. The relevant IETF documents for standard electronic mail are listed in Appendix B of NIST SP 800-45.

· Standards for Encryption

Pretty Good Privacy (PGP) and the Secure Multipurpose Internet Mail Extensions (S/MIME) are the principal mechanisms used to secure email content from end to end. Both techniques are based, in general, on public key cryptography processes. A user has a pair of related keys: a public key that is available openly and a private key that is held exclusively by its owner. The recipient’s public key is used to send encrypted information that can be decrypted only with the private key. The sender’s private key is used to send digitally signed information that can be verified for authenticity by anyone holding the corresponding public key. Digital signature techniques use a cryptographic hash function to create a digest of the message being sent. This digest can be signed more efficiently than the entire message.

PGP and S/MIME differ in their approach to key management. Some versions of PGP have no central key issuing or approving authority, and its users exercise management and control. S/MIME and newer versions of PGP use a hierarchical model involving a master registration and approving authority, and subordinate local registration authorities. This Public Key Infrastructure (PKI) provides a mechanism to authenticate users and protect the confidentiality of email. See Chapter 3 of NIST SP 800-45 for details about the advantages and disadvantages of PGP and S/MIME systems.

NIST SP 800-49, Federal S/MIME V3 Client Profile, issued in September 2002, provides specifications for adding cryptographic security services to the standard mail protocol. Based on the Multipurpose Internet Mail Extensions (MIME) standard, S/MIME allows for the addition of services, such as authentication, non-repudiation of origin, message integrity, and message privacy.

· Federal Information Processing Standards

Standards for the cryptographic techniques used for encryption, key management, and digital signatures within the secure email end-to-end process include the following Federal Information Processing Standards (FIPS):

· FIPS 46-3, Data Encryption Standard (DES), in triple DES mode (3DES) for data encryption.

· FIPS 197, Advanced Encryption Standard (AES), for data encryption.

· FIPS 186-2, Digital Signature Standard (DSS), for digital signatures. The DSS specifies the Digital Signature Algorithm (DSA) and allows the use of digital signature techniques specified in American National Standards Institute (ANSI) X9.31, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), and ANSI X9.62, Elliptic Curve Digital Signature Algorithm (ECDSA).

· FIPS 180-2, Secure Hash Algorithm (SHA-1), for hashing (effective February 2003).

Information about these and related FIPS is available at:

http://csrc.nist.gov/publications/fips/index.html

Summary

Organizations and individuals benefit when electronic mail and mail systems are protected. Mail systems available to public access can be vulnerable to misuse, unauthorized access, and denial of services. However, the risks of operating, implementing, and maintaining electronic mail systems can be managed through careful planning, secure configuration of systems, and continued attention to implementation and maintenance.

Disclaimer
Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST nor does it imply that the products mentioned are necessarily the best available for the purpose.

February 24, 2006 at 11:13 AM in email | Permalink | TrackBack (541) | Top of page | Blog Home

February 05, 2006

Googling Google Survey: Part II

» Googling Google Survey: Part II | Googling Google | ZDNet.com

Posted by Garett Rogers @ 6:59 pm

gmail_logo.gifOne of my readers sent an article that explains how GMail changed the way he uses email, and that got me thinking — I wonder what people I know think about this service and how has it changed the way they use email? Enter the second part of the Googling Google survey.

'll start by explaining how I use GMail as my primary email client. It is my communication portal that encapsulates every email address I own, providing an easy, heads-up view of my accounts. My GMail address is used for personal communication between friends, family and my blog readers. Besides my @gmail.com address, I have a few others for domains I own — all of which are hosted on a server I operate. Incoming messages to that server are automatically forwarded to GMail — this takes care of most spam too. My work email also forwards to gootch2@gmail.com.

For outgoing mail, I set up accounts corresponding to these addresses. For people who don't know about this feature, setting up accounts gives you the ability to impersonate email addresses that you control. For example, when I'm at work I can send mail that appears originate from there rather than gootch2@gmail.com — even though GMail is used to compose the message.

Here are the results of the informal, non-scientific survey I conducted with close to fifty friends, family and random strangers who use GMail as their primary client.

Where did you hear about GMail?

Two answers to this question came up time and again. The most common answer was a referral — a friend or someone else they know got them to sign up. The second most common answer was seeing @gmail.com addresses more frequently around the Internet — for some people this caused enough curiosity to investigate.

Before you signed up, which single feature did you find most appealing?

Most people said they were impressed by the very large storage size. To me this makes sense because storage is the easiest feature to explain, understand and appreciate. For example, explaining the storage size to someone who doesn't use GMail involves a simple comparison to the mail service currently being used.

People who had a Hotmail account in the days of the 2MB limit know exactly what it's like to run out of space. Now imagine someone like that hearing "GMail gives you over 1000 times more storage than Hotmail used to, and is continually growing". It's easy for them to understand the benefit — that's what makes it a success.

Do you like GMail?

Yes. People who have made the switch generally like the service on one of two levels. In most cases, they like it better than their previous mail client, and others find it to be a suitable replacement.

What makes GMail different in your eyes?

People who use the service as their sole email client often confirm that the "message grouping" feature is quite addictive, and is surely missed when forced to use something like Hotmail, Yahoo or a client like Outlook. "It is a little weird at first, but give it a week of actual use and you will be hooked" says one of the surveyed.

Some users say they receive less junk using GMail. That, coupled with the ease of reporting messages gives people a sense that they are actively taking part in the fight against spam.

In more of a negative light, people recognize that the file structure is quite a bit different compared to traditional mail clients. Folders really don't exist, and labels are confusing for some people. The average user doesn't quite understand the concept or benefits of labels until they are explained by someone who knows.

Has GMail changed the way you use email?

The majority of people surveyed simply use GMail in a very basic way. Only a handful of people surveyed even knew about the more advanced features like setting up multiple accounts for outgoing mail, web clips, contact groups, labels, and mobile viewing capabilities.

I did run into a couple people however that used GMail in almost every way it can be. They both said that GMail has absolutely changed the way they use email. Like myself, they use it for every email address they own, have filters set up, labels for all kinds of things, etc. These fellows even use the mobile viewing capabilities. In general, they said, GMail makes them more organized, productive and reachable.

What do you wish GMail did better?

The majority find that GMail does most everything they want, but there were a few complaints. The ability to drag and drop messages into folders and labels came up a couple times. MSN Live Mail and Yahoo Mail beta both sport some nice drag and drop capabilities — could it be that far away for GMail?

A number of people switching from Hotmail and Yahoo were annoyed with the lack of a "choose recipients" feature. When composing or forwarding messages, it would be nice to see a selectable list of contacts. Many users decide where to forward messages on a case by case basis. Contact groups don't quite fit the bill in this type of situation.

I am a huge fan of services like GMail, Hotmail and Yahoo Mail as they provide a portable solution that makes it simple to carry around email. In the last couple months, Google added even more portability by giving users the ability to view email on mobile phones with http://m.gmail.com.

Keeping data online is very important, and I am sure Google will continue to develop products and services with this in mind. To emphasize this fact, I recently purchased a new computer. The painful process of transferring data from my old computer amplified my gratefulness of portable data. I didn't have to create a backup of my email and import it into a new system because everything was conveniently stored on the Internet for me.

There will be a day when Google makes storing your files as easy and portable as storing your email. Files that I want to keep portable could be stored on Google's G: drive so that switching computers (or even operating systems) would be extremely simple and worry free.

As rumors spread that Google is working on a version of Ubuntu called Goobuntu, even if just a rumor, I can't help but think that an online storage service isn't far away. People don't want to leave their whole life behind and start fresh with a brand new operating system — so why should they?
1 Comments | Blog This | E-mail This | Print This | Permalink
Categories: Gmail

* Previous Post

* Google VPS / VM Desktop on the Net Dietrich -- 02/04/06
* Add your opinionAdd your opinion

Trackbacks

The URI to TrackBack this entry is: http://blogs.zdnet.com/Google/wp-trackback.php?p=88

No trackbacks yet.

Popular white papers, webcasts, and case studies

* File Fragmentation, SANs, NAS and RAID Diskeeper Corporation
* Transforming Discrete Manufacturing Supply Chains Hewlett-Packard
* Successful Server Consolidation: It's All in the Preparation Hewlett-Packard
* Footwear Company, Dr. Martens, 'Steps Up' with ShoreTel ShoreTel
* ITIL: What It Is and Why You Should Care Global Knowledge Network
* Preparing Your Windows 2000 Network for an Upgrade to Windows 2003 Global Knowledge Network

February 5, 2006 at 12:26 AM in email | Permalink | TrackBack (584) | Top of page | Blog Home

February 04, 2006

Postage Is Due for Companies Sending E-Mail

Postage Is Due for Companies Sending E-Mail - New York Times

By SAUL HANSELL
Published: February 5, 2006

Companies will soon have to buy the electronic equivalent of a postage stamp if they want to be certain that their e-mail will be delivered to many of their customers.

America Online and Yahoo, two of the world's largest providers of e-mail accounts, are about to start using a controversial system that gives preferential treatment to messages from companies that pay from 1/4 of a cent to a penny each to have them delivered. The senders must contact only people who have agreed to receive their messages, or risk being blocked entirely.

The Internet companies say that this will help them identify legitimate mail and cut down on junk e-mail, identity-theft scams and other scourges that plague users of their services. The two companies also stand to earn millions of dollars a year from the system if it is widely adopted.

AOL and Yahoo will still accept e-mail from senders who have not paid, but the paid messages will be given special treatment. On AOL, for example, they will go straight to users' main mailboxes, and will not have to pass the gantlet of spam filters that could divert them to a special bulk e-mail box or strip them of images and Web links.

Yahoo and AOL say the new system is a way to restore some order to e-mail, which, because of spam and worries about online scams, has become an increasingly unreliable way for companies to reach their customers, even as online transactions are becoming a crucial part of their businesses.

"The last time I checked, the postal service has a very similar system to provide different options," said Nicholas Graham, an AOL spokesman. He pointed to services like certified mail with return receipts, "where you really do get assurance that if what you send is important to you, it will be delivered, and delivered in a way that is different from other mail."

But critics of the plan say that the companies risk alienating both their users and the companies that send e-mail. The system will apply not only to mass mailings but also to individual messages like order confirmations from online stores and customized low-fare notices from airlines.

"AOL users will become dissatisfied when they don't receive the e-mail that they want, and when they complain to the senders, they'll be told, 'it's AOL's fault,' " said Richi Jennings, an analyst at Ferris Research, which specializes in e-mail.

As for companies that send e-mail, "some will pay, but others will object to being held to ransom," he said. "A big danger is that one of them will be big enough to encourage AOL users to use a different e-mail service."

In a broader sense, the move to create what is essentially a preferred class of e-mail is a major change in the economics of the Internet. Until now, senders and recipients of e-mail — and, for that matter, Web pages and other information — each covered their own costs of using the network, with no money changing hands. That model is different from, say, the telephone system, in which the company whose customer places a call pays a fee to the company whose customer receives it.

The prospect of a multitiered Internet has received a lot of attention recently after executives of several large telecommunications companies, including BellSouth and AT& T, suggested that they should be paid not only by the subscribers to their Internet services but also by companies that send large files to those subscribers, including music and video clips. Those files would then be given priority over other data, a change from the Internet's basic architecture which treats all data in the same way.

This Tuesday the Senate Commerce Committee will hold a hearing to consider legislation for what has been called Net neutrality — effectively banning Internet access companies from giving preferred status to certain providers of content. The concern is that companies that do not pay could find it hard to reach customers or potential customers, threatening the openness of the Internet.

AOL and its parent, Time Warner, which also owns a large cable system offering high-speed Internet access, have not taken a public stand on the principle of Net neutrality. Neither has Yahoo, which has close relationships with AT& T and Verizon. The issue of e-mail postage has not yet come up in the debate over Net neutrality. In the next two months, AOL will start accepting e-mail processed by Goodmail Systems, a company in Mountain View, Calif., that will collect the electronic postage and verify the identity of the sender. Goodmail has tested the system with the participation of a few companies, including the American Red Cross and The New York Times.

Paying senders will be assured that their messages will be delivered to AOL users' main in-boxes and marked as "AOL Certified E-Mail." Unpaid messages will be subject to AOL's spam-filtering process, which diverts suspicious messages to a special spam folder. Most of these messages will also not be displayed with their original images and links. Users will be able to specify that unpaid messages from a particular person or company should never be treated as spam, as they can do now.

Yahoo will start trying out Goodmail's system in coming months, but it has not decided how paid mail will be differentiated from unpaid, said Brad Garlinghouse, vice president of communications products at Yahoo. Goodmail will charge 1/4 cent to 1 cent per message, with high-volume mailers getting the biggest discounts. It will give more than half of that amount to the e-mail service provider.

When AOL started to explain the details of its plan last month to companies that send a lot of e-mail, many quickly raised objections.

"No one wants Goodmail or any other provider to set up a tollbooth that makes it cost-prohibitive for legitimate mailers to reach the in-box," said Matthew Moog, the chief executive of Q Interactive. The company runs a marketing service called CoolSavings that sends e-mail to 10 million people a month who have requested it.

Mr. Moog said that he was very much in favor of systems that helped distinguish the mail he sent from spam. But Mr. Moog added that he wanted AOL and other Internet providers "to offer several competing services to ensure that innovation continues and there is a competitive market to drive fair pricing for the service."

For example, he said that CoolSavings already works with Bonded Sender, a company used by Microsoft's Hotmail service and other providers to identify sources of legitimate mail. Bonded Sender charges a flat fee of no more than $20,000 a year to the highest-volume senders, a fraction of what they would pay through the Goodmail system. Mr. Moog said that the Goodmail system would at least double the cost of an e-mail campaign. "I don't think the economics work," he added.

Matt Blumberg, the chief executive of Return Path, the New York company that runs Bonded Sender, said there was no need for the Goodmail price to be so high.

"From AOL's perspective, this is an opportunity to earn a significant amount of money from the sale of stamps," he said. "But it's bad for the industry and bad for consumers. A lot of e-mailers won't be able to afford it."

But Mr. Garlinghouse of Yahoo said that by making senders pay for each message, they will be forced to be more discriminating in whom they send e-mail to, which will benefit users.

"Because the cost of sending e-mail is so low, some players are not as good at keeping their lists clean," he said. "I still gets e-mails from lists I signed up for three years ago, but I haven't responded to a single one."

As spam has started to clog millions of mailboxes, particularly over the last five years, some people have suggested that requiring all e-mail senders to pay some sort of postage would drive out spammers, who can profit even if they sell their wares to a very small percentage of mail recipients.

But in recent years the volume of spam has leveled off, in part because of a new federal law that imposes penalties for many deceptive e-mail practices. Moreover, most major e-mail providers have built sophisticated filters that divert much of the spam. AOL says that spam complaints from its members are down 75 percent since their peak in 2003. (These filters also capture about 20 percent of legitimate mail, according to Ferris Research.)

A more troublesome problem now is phishing, messages that appear to be from a bank or an online payment service and that seek to fool recipients into divulging their passwords or credit card numbers. Phishing has led Internet providers and other companies to look for ways to help people identify legitimate mail.

Goodmail was founded several years ago with the idea that it would charge postage for all mail, but it has narrowed its focus to mail sent by companies and major nonprofit organizations, which will pay a reduced rate. It does not envision that individuals will pay to have their e-mail delivered.

"The e-mail in-box is a potentially dangerous place," said Richard Gingras, the chief executive of Goodmail. "There is a tremendous need for a class of certified e-mail that can convey to consumers that a message is authentic."

Mr. Gingras argued that companies will be glad to pay the postage fee because their customers will have more trust in their e-mail and thus will buy more from them.

And Mr. Graham of AOL added that the portion of the postage it will receive is justifiable compensation for the costs it has incurred in developing systems to combat spam.

"We have some prerogative to move to a system that asks for other people to participate and share the financial burden in making a clean e-mail environment on the Internet," he said.

February 4, 2006 at 04:25 PM in email | Permalink | TrackBack (30) | Top of page | Blog Home

Postage Is Due for Companies Sending E-Mail

Postage Is Due for Companies Sending E-Mail - New York Times

By SAUL HANSELL
Published: February 5, 2006

Companies will soon have to buy the electronic equivalent of a postage stamp if they want to be certain that their e-mail will be delivered to many of their customers.

When AOL started to explain the details of its plan last month to companies that send a lot of e-mail, many quickly raised objections.

Matt Blumberg, the chief executive of Return Path, the New York company that runs Bonded Sender, said there was no need for the Goodmail price to be so high.

But Mr. Garlinghouse of Yahoo said that by making senders pay for each message, they will be forced to be more discriminating in whom they send e-mail to, which will benefit users.

Mr. Gingras argued that companies will be glad to pay the postage fee because their customers will have more trust in their e-mail and thus will buy more from them.

And Mr. Graham of AOL added that the portion of the postage it will receive is justifiable compensation for the costs it has incurred in developing systems to combat spam.

"We have some prerogative to move to a system that asks for other people to participate and share the financial burden in making a clean e-mail environment on the Internet," he said.

February 4, 2006 at 04:24 PM in email | Permalink | TrackBack (17) | Top of page | Blog Home

Yahoo! to test email upgrade

Yahoo! to test email upgrade - Breaking - Technology - smh.com.au

San Francisco
September 14, 2005 - 3:00PM
Page Tools

* Email to a friend
* Printer format
*
*

Yahoo! is set to begin testing a sleeker version of its free email service, shifting to a more dynamic design that mimics the look and feel of a computer desktop application like Microsoft's Outlook.

The Sunnyvale-based company plans to invite a "sizeable" portion of its current email account holders to experiment with the retooled service, Yahoo! spokeswoman Karen Mahon said.

If the test goes well, all Yahoo!'s email users - an audience that spans tens of millions - eventually will be converted to the new system.

Yahoo! imported most of the changes from Oddpost, an email start-up the company bought for an undisclosed amount last year.

The overhaul, described as the most extensive since Yahoo! began offering free email accounts eight years ago, represents the latest salvo in a technological tug-of-war for online traffic.

For the past two years, Yahoo! and its main rivals - Google, AOL and Microsoft's MSN.com - have been unveiling a series of upgrades aimed at attracting and retaining their web audiences so they remain appealing outlets for advertisers.

Google shook things up in the email market last year by introducing a free service that included 250 times more storage than some of its rivals. Yahoo! and MSN subsequently matched Google, which responded by more than doubling its email storage limit to 2.5 gigabytes.

More recently, the major email providers have been introducing other bells and whistles to keep their users happy and coming back for more ads. Yahoo's upgrade follows recent AOL improvements meant to make its email service quicker and easier to use.

Yahoo!'s email service is leading the pack, with 63.6 million unique US visitors during July, according to the most recent figures from comScore Media Metrix, a research firm. AOL ranked second with 48.7 million visitors followed by MSN's Hotmail (44.4 million), Comcast's Webmail (5.6 million) and Google's Gmail (5.4 million).

With its changes, Yahoo!'s email will look more like a traditional inbox that operates through a software program installed on a computer instead of being hosted on the internet. Yet Yahoo!'s redesigned service still relies on a browser and users will not need to install anything on their computers.

Using "dynamic" html, Yahoo!'s email accounts will feature an inbox containing all emails on the top of the page with a separate pane for reading email below it. The feature is meant to enable users to scroll through an email folder without having to click back and forth between web pages.

Yahoo!'s test audience also will use a computer mouse to "drag and drop" emails from one folder to another and search all the content, including attachments, stored in the inbox.

"Our competition has been doing some interesting things in email, but we think we have leapfrogged them all with all these new features," said Ethan Diamond, an Oddpost co-founder who works for Yahoo! as a director of product management.

February 4, 2006 at 02:02 AM in email | Permalink | TrackBack (30) | Top of page | Blog Home

December 21, 2005

The Men Who Came

WSJ.com - Portals

December 21, 2005; Page B1

The three programmers spend their days developing what each hopes will be the world's best email program -- and trying to beat the pants off each other. They spent an evening last week at my dinner table, talking about it all.

Email is one of the liveliest niches in tech right now. Google, Microsoft and Yahoo all view it as a key to winning new customers and making money off current ones. And so they are innovating with new email programs and services all the time.

Since all three companies' email teams are in my neck of the woods, I thought it would be fun to have the heads of each team come over one night for dinner and conversation. The three companies were good sports and agreed, in part because I said I wasn't interested in a shouting match.

As it happened, Google's Paul Buchheit, 29 years old; Kevin Doerr, 39, of Microsoft (no relation to the venture capitalist) and Ethan Diamond, 34, of Yahoo were all on their best behavior. Whatever they may say about their competitors at work, at my table they were gracious and complimentary. Gentle teasing was about as far as they would go.

The evening began with even the Microsoft and Yahoo delegates agreeing that much of the current excitement in the email world can be traced back to last year's debut of Mr. Buchheit's Gmail. The program had a fast user interface with a fresh new look, along with a then-remarkable gigabyte of free storage.

Mr. Buchheit said he started working on Gmail after observing that other email programs were getting worse, not better. Microsoft's Mr. Doerr said that at his company, Gmail was a thunderbolt. "You guys woke us up," he told Mr. Buchheit. Yahoo's Mr. Diamond, then at a startup with its own hot, new email program, said Gmail was the final impetus that Yahoo needed to buy his company.

Mr. Buchheit responded with a victory lap. "We were trying to make the email experience better for our users," he said. "We ended up making it better for yours, too."

The evening wasn't all a Gmail love-in, though. The Microsoft and Yahoo representatives said their many millions of users might not accept some of Gmail's departures from email norms, such as the way the program groups messages into "conversations." The two men also razzed Mr. Buchheit a bit, saying that it had been easy for Google to promise a lot of storage to its users because it carefully controlled how many users Gmail would have by requiring an invitation to get an account.

Indeed, more than 18 months after its unveiling, Gmail is still a beta, or "test" product. But so are the new email versions the Microsoft and Yahoo programmers are working on. And no one is saying when any of the beta periods will be over.

Whatever early lead Gmail may have had in creating a next-generation email program, both Microsoft and Yahoo have more than caught up. I wondered out loud to Mr. Buchheit if Gmail, the pioneer, might now be falling behind. "There is a lot more we want to build," he responded.

I asked each to say what in his product he was most proud of. Mr. Diamond noted that in Yahoo's mail program, users can see their entire inbox in a single screen, rather than having to page through it screenload after screenload. It was a hard feature to add, he said. The other two men nodded their heads in agreement; neither has yet matched it.

Mr. Buchheit said what he most liked about Gmail is the ease and fluidity with which it lets him work with his messages.

Mr. Doerr noted the powerful desktop-like features of his Microsoft product, such as the on-the-fly spell checking of messages as they are typed.

The men reported similar pressures: cranky users of Web browsers with tiny market shares demanding that their browsers be supported, while not appreciating how much work is involved. And the struggle to find a way to innovate with a product -- but not so much that existing customers will be alienated.

At one point, Mr. Doerr wondered when the new Yahoo mail program would have the whimsical touch of other Yahoo products. "It's not Yahoo yet," he said to Mr. Diamond. "It's not fun."

The latter concurred, replying, in effect, "Just you wait."

While all three talked about the pressure of having to present the product to the big boss, Mr. Diamond had the best such story. He told of nervously showing his software to Yahoo co-founder Jerry Yang, who at the time was pacing around the room gripping a golf club. Mr. Diamond said that all the while he kept thinking of a similar scene in "The Untouchables," but one involving a baseball bat and, in the end, considerably more violence.

When the end of the evening came, everyone seemed sated with good food and pleasant company, to the point where there was talk about gathering again in a year to look back on the email events of 2006.

Who knows? Maybe the three products will be out of beta by then. And maybe a glove or two will come off as a result.

Write to Lee Gomes at lee.gomes@wsj.com

December 21, 2005 at 10:41 PM in email | Permalink | TrackBack (67) | Top of page | Blog Home

December 17, 2005

When e-mail becomes tool for reporting

The Seattle Times: Personal Technology: When e-mail becomes tool for reporting

By Charles Bermant

Special to The Seattle Times

As e-mail has evolved into the preferred communication path, fewer people need the handholding and guidance that was necessary a few short years ago. Most occupations have customized the platform to suit their peculiar needs. Spies always use encryption, and lawyers add a little paragraph on the end threatening a lawsuit if you divulge this information. And if we are still making some of this up as we go along, instinctive behavioral decisions are generally correct.

Which is why I was a little surprised to see a lengthy piece in the current issue of American Journalism Review that examined the ethical and procedural issues that face journalists who use e-mail as a reporting tool. Author Kim Hart tackles the subject in some detail, taking more than 3,000 words to present various case studies and opinions about the topic.

Considering the source, it is all rather technical, and no one other than a journalist could wade through all this detail. What rises to the top for people who don't work in the field, from my perspective, is the notion that an article that relies on e-mail interviews lacks spontaneity and warmth. Another pertinent question — which Hart doesn't really answer — is whether readers need to be alerted whether a quote originates from a standard conversation or an e-mail message.

Additionally, there are several peripheral issues and questions: If someone sends along an e-mail as an interview answer that rambles on or misspells words do you edit and correct or quote them "exactly" and make them look stupid? And how do you know, receiving one of these messages, whether it originates from the source or someone else, such as an angry spouse?

I hadn't thought about these questions for a while. I'll admit to a low tolerance for rules; the only journalistic guidelines I regularly follow are tell the truth and check the spelling. Beyond this, it's all instinct. I usually indicate when a quote comes from an e-mail message, unless to do so would seriously impair the flow of the story. Perhaps this displays a certain conceit, that journalism is an art form that will suffer if there are too many distractions.

This piece tried to achieve a consensus but ended up all over the map. In fact, journalists don't all think and act alike. A skilled writer covering a compelling story using only e-mail interviews may get killer results, while someone else with the same tools will need to meet their source for lunch in order to pull it together.

The Internet has also democratized the "art" of journalism. Anyone with a keyboard and a connection can "report" on events. Any good writer can get his or her message and viewpoint across, and the public can only benefit. That is, if they don't blindly believe everything they read.

Where it concerns e-mail, journalism is like any other occupation. The technology is only a tool. Some reporters can adequately "cover" a meeting by reading an online transcript — a story about a city-council action doesn't always need color or compassion. But a reporter — or a lawyer, or a spy — needs to use the right tools for the right job. Which in most cases, requires a certain degree of variety.

If you have questions or suggestions for Charles Bermant, you can contact him by e-mail at cbermant@seattletimes.com. Type Inbox in the subject field. More columns at www.seattletimes.com/columnists.

December 17, 2005 at 01:39 PM in email | Permalink | TrackBack (14) | Top of page | Blog Home

October 13, 2005

Seven rules for a tidy inbox

CNN.com - Seven rules for a tidy inbox - Oct 12, 2005

By Laura Morsch
CareerBuilder.com
Wednesday, October 12, 2005; Posted: 7:46 a.m. EDT (11:46 GMT)

Editor's Note: CNN.com has a business partnership with CareerBuilder.com, which serves as the exclusive provider of job listings and services to CNN.com.

If you're like most workers, the e-mail message icon is a regular fixture on your office computer.

Now the preferred medium of communication in many workplaces, Americans process 76 e-mails each day, according to a study by the Radicati Group, a market research firm.

By 2007, the survey found, Americans will be sending and receiving an average of 100 messages per day.

With all of those messages flooding your inbox, it can be almost impossible to find the ones you actually need. Fortunately, a few simple rules can help tame your escalating inbox, say David Teten and Scott Allen, co-authors of "The Virtual Handshake: Opening Doors and Closing Deals Online."

Teten and Allen researched effective systems that workers have used to tackle their inboxes. Although everyone has his or her own best way of dealing with e-mail overflow, the duo's book outlines these seven rules for keeping your inbox under control:

1. Keep your inbox empty: "If you do not quickly respond to every e-mail you get, you will rapidly lose control over your entire work flow," Teten and Allen write. David Allen, in his book "Getting Things Done: The Art of Stress-Free Productivity," says you have three choices to handle each e-mail you receive: Do it, delegate it or defer it.

If the task can be done in two minutes or less, do it right away. Otherwise, give it to the most appropriate person or place it in your organization system to do later.

2. Organize around action, not data: Organizing your e-mail with a folder for each project you're working on may seem like the obvious choice, but it's not the most efficient way to plan your workday. This type of arrangement makes it impossible to look at e-mails quickly and decide what to do next, Teten and Scott Allen say.

Instead, organize your folders around the required action. Teten and Allen recommend organizing your e-mail into these folders, which can help you prioritize your tasks:

# Inbox

# Deadline-driven

# As soon as possible

# Delegated

# Archive

3. Save everything: "Disk space is cheap," Teten and Allen write. You never know when you'll need to look up an old acquaintance or find a file, so think twice before hitting delete. The only e-mails you should send to the trash bin are spam, e-zines you're done reading and notifications of new messages elsewhere.

4. Organize just enough: What's worse than looking for something you've already deleted? Looking for something because you've forgotten where you put it. Instead of having a multilevel folder system, stick with a few high-level categories. "As a rule of thumb, you want to have no more folders than you can see on one screen," Teten and Allen write. "This allows you to properly file any message with a single mouse motion."

5. Review regularly: Organizing your inbox once isn't enough. You also need to keep up with the daily onslaught of messages. Teten and Allen recommend these review cycles:

# Daily: Empty your inbox.

# Weekly: Review your ASAP folders and review your deadline-driven items when planning your week.

# Monthly: Update your folders and move completed projects into the archive area.

# Yearly: Go through your archive and move obsolete files to a separate folder.

6. Keep your file sizes manageable: If you file all your e-mails to the same few folders, they're bound to get huge after a year or so. If your files are getting too big, sort your old e-mails by date, Teten and Allen suggest. For example: "Archive 2005 -- January."

7. Filter spam: Set up your automatic spam filter and then review the suspected spam folder once a week. Once you've reviewed it to ensure there's nothing in there that you want to save, delete all the messages.

Laura Morsch is a writer for CareerBuilder.com. She researches and writes about job search strategy, career management, hiring trends and workplace issues.

October 13, 2005 at 10:25 PM in email | Permalink | TrackBack (27) | Top of page | Blog Home

October 07, 2005

Mobile e-mail will change the world, says T-Mobile

http://www.techworld.com/news/index.cfm?newsID=4524&printerfriendly=1

But mobile VoIP not ready apparently.
Peter Judge, Techworld
06 October 2005

T-Mobile has launched a mobile Internet package it claims will drag people away from PCs to browse and send e-mail by phone.

"Mobile Internet usage will displace fixed-line Internet usage," said chief executive Rene Obermann. "It will change the way we live and work even more than mobile voice."

The Web'n'Walk service is actually closer to dial-up than broadband, with a basic monthly fee of £30 for 100 minutes of voice and 40MB of data, and speeds up to 384Kbit/s where 3G is available, but usually much less.

The price breaks down to about £10 a month for the data, according to UK managing director Brian McBride, who claimed this was more than most users would require: "That's about 2,500 emails or 500 web pages."

T-Mobile did not offer any extra incentives, like the free six months' introduction O2 offered with its i-mode service, which launched last month. T-Mobile Executives were unwilling to compare their services, but implied that O2's i-mode is a traditional "walled garden" approach, where users will be persuaded to remain on tailored i-mode sites, while Web'n'Walk will give them "the whole Internet in their pocket". "Walled gardens will not bloom," said McBride.

Despite this, T-Mobile's own walled garden, T-zones, will continue to exist, and will be linked from the Web'n'Walk home page, said Obermann.

Despite what it claims is a low price, T-Mobile has stopped short of unmetered access, because mobile Internet is still an untried market, said McBride: "There will always be some premium for mobility. This is early days and we're going to monitor how it works." He added: "We are not here to rip people off - we're here to create a new mass market." The company also said it won't be pushing VoIP because it's not ready for the mass market.

Although the MDA can handle Wi-Fi and mobile data, any users adding a VoIP client such as Skype will have to do so under their own steam. "We have demonstrated seamless handover, but there is no mainstream demand for VoIP," said Obermann. "Customers that use VoIP will experience a significant number of challenges." Next year, the company will introduce handsets that can handover seamlessly, for corporate customers, he said. "In future, if and when VoIP becomes mainstream, we would expect to introduce QoS and additional security.

"There is a perception that VoIP is free," added McBride, but pointed out that a Wi-Fi connection may cost money. "By the time VoIP hits the mass market, prices will be so converged that arbitrage is not an issue."

The launch included the much-heralded MDA, launched by T-Mobile in Germany earlier this year, and by Orange in the UK last month. Other phones include the MDA Compact, the SDA II, the Nokia 6630 and N790. Later in the year, the Danger Sidekick will arrive, a keyboard-based handheld aimed at consumers wanting to do instant messaging.

T-Mobile will be including remote management with the service, which can upgrade and fix firmware in the device remotely. These updates will be free, said Obermann, and could be extended in future to include an anti-virus service. "We can also offer users a complete remote back-up of their data," he promised.

In Germany, mobile substitution may not be so popular with T-Mobile's fixed-line parent, Deutsche Telekom, admitted Obermann: "But substitution is a fact of life. We are all grown up people." The company will also be keen on fixed-mobile convergence, in which phones with Wi-Fi (such as the MDA) will be able to take voice away from the PSTN: "In Germany, we are set up to take the benefit of fixed mobile convergence," said Obermann. "In the UK we are set up for mobile solutions that attack fixed telecoms."

This article was printed from Techworld : www.techworld.com
The UK's infrastructure & network knowledge centre
© 2005 : All rights reserved

October 7, 2005 at 08:28 AM in email | Permalink | TrackBack (31) | Top of page | Blog Home

September 07, 2005

Japanese Internet mall Rakuten expands into US

Japanese Internet mall Rakuten expands into US - Yahoo! News UK

TOKYO (AFP) - Japan's biggest online shopping mall, Rakuten, said it had struck a deal to buy New York-based Internet marketing agency LinkShare, laying the foundations for a launch in the United States.

Rakuten, which offers on-line shopping, travel, auctions and financial services, will pay 425 million dollars for the US affiliate marketing firm.

Affiliate marketing aims to boost Internet retailers' sales by placing links and advertising banners on small websites. When visitors click on the link and buy something the small website operator gets a commission.

"LinkShare's performance-based marketing expertise across affiliate, search and e-mail capabilities provides Rakuten with an excellent first step to launch our US operations and continue our international expansion," Hiroshi Mikitani, chairman and chief executive of Rakuten, said in a statement.

"We can leverage LinkShare's client relationships and technology advantages worldwide so that LinkShare will be able to achieve significant growth in the future."

LinkShare says that about two percent of US retail commerce, or 1.4 billion dollars of trade, passed through its network in 2004. Its clients include American Express, Avon Products and Dell.

"By partnering with a successful portal with global aspirations, LinkShare has positioned itself to take advantage of the increasingly universal nature of the Internet and e-commerce," said LinkShare chief executive Stephen Messer.

"Our merchants and our affiliates will benefit because taking the network worldwide can only increase volume, which means growth for everyone."

Rakuten said last month that it had returned to profit in the six months to June as the purchase of a professional baseball club boosted its brand recognition.

It was the first interim profit in two years for Rakuten, which in March established Japan's first new professional baseball club in 50 years following an unprecedented strike.

September 7, 2005 at 11:14 PM in email | Permalink | TrackBack (27) | Top of page | Blog Home

August 31, 2005

ClearContext 2005 Email Usage Survey Overview

Its not clear to me, what the population / source used for this survey of 300 respondents, but the skew is clearly towards gmail for web mail access.

ClearContext 2005 Email Usage Survey

Here are the preliminary, raw results of the ClearContext 2005 Email Usage Survey. Thanks to the over 300 survey respondents and our partners who helped get the word out. See our survey summary page for more detail.

Question:
Which, if any, webmail providers do you use?
Responses
Gmail 33.4%
Hotmail 26.3%
Yahoo! 25.5%
MailBlocks 0.2%
Other 14.7%

August 31, 2005 at 10:50 AM in email | Permalink | TrackBack (38) | Top of page | Blog Home

Privacy Issues Plague Google's Gmail (apr 2004)

PCWorld.com - Privacy Issues Plague Google's Gmail

Search giant may be willing to make changes before the service is launched.

Laura Rohde, IDG News Service
Thursday, April 15, 2004

Since announcing Gmail two weeks ago, Google has been forced to defend the planned Web-based e-mail service against accusations that it may violate users' privacy. In the face of the attacks, especially vociferous in Europe, which has strict privacy regulations, Google has begun to express willingness to be flexible about how it offers the service.

Advertisement

"This is one of the hottest issues we've ever dealt with in terms of Internet issues," says Simon Davies, the director of Privacy International, a privacy advocate group.

Gmail, announced April 1, is planned as a free, Web-based e-mail service, similar to Microsoft's MSN Hotmail and Yahoo's Yahoo Mail, though its 1GB of storage is much more than these other popular free services offer. But Google is planning to scan e-mail and add advertisements that it thinks are relevant to the messages. Additionally, the Gmail privacy policy warns that messages, even if "deleted" by a user, may still be stored in the system, even long after users have closed their account--something that some privacy campaigners believe may be in conflict with U.S. and European data protection and privacy laws.

Since the Gmail announcement, Spymac Network has launched a free online e-mail service that matches the 1GB of storage that Google is offering, but has pointedly said it will not do keyword searching and will not tie advertisements to the service.

Stiff Opposition

Last week, Privacy International filed a formal complaint with the U.K.'s information commissioner office (ICO) requesting that action be taken against Gmail. Additionally, California state Democratic senator Liz Figueroa says the privacy issues are leading her to consider proposing legislation to stop Google from launching its Gmail service in its present form.

In the face of such opposition, Google has given signs that it may be rethinking how the Gmail service is structured. The service would require all users to participate in the ad service--that is, users would have to accept the display of ads and the scanning of their e-mail messages--but that could change, as could many other things, since Gmail is in early testing phase, a Google spokesperson says.

"Google has the highest regard for the privacy of our users' information. We have taken great care to architect Gmail to protect user privacy and to deliver an innovative and useful service. While we're still in a limited test of Gmail, we welcome and appreciate feedback on how we can improve the offering for our users," he says.

The technology that presents users with relevant Gmail advertisements operates in the same way as all popular Web mail features that process e-mail content to provide a user benefit, such as spam filtering or virus detection, the spokesperson says.

"We are confident that Gmail is fully compliant with data protection laws worldwide. Google actively solicits user feedback on our privacy policies. If they can be made clearer or otherwise improved, we want to hear about it. We look forward to a detailed dialogue with data protection authorities across Europe to ensure their concerns are heard and resolved," he says.

Mixed Reaction

A spokesperson for the ICO says that as long as Google makes the conditions of its service transparent to people when they sign up, the proposed service should not violate U.K. data protection laws. "As long as Google makes it clear that it is monitoring e-mail usage and passing that information on for marketing purposes, there shouldn't be a problem. But I want to make it clear that Google has not even launched the service yet, and has agreed to work with us to make sure that its notification process is very clear," she says.

The ICO spokesperson adds that representatives from Google working with the ICO have been surprised by the reaction to its proposed e-mail service. "I don't think they thought this was going to be a problem," she says.

Not only has the data privacy issue cropped up as a potential problem for Gmail, it appears to be a problem that won't easily go away.

"I'm a bit angry at the ICO because they've been putting around the idea that the Gmail service as planned is okay, simply if you make it clear that they are going to scan and then permanently store your information: That is not the point. This is about having rights over your own e-mail and Google is going to have to give you control over your own e-mail. This is virgin territory," Privacy International's Davies says.

Privacy International is concerned that Google is treating a serious privacy issue purely as a public relations issue and has vowed to press the matter further if the ICO doesn't pledge to gain a series of guarantees and protections from Google for potential users of Gmail.

"We will be filing simultaneous complaints with the data privacy regulations of every other European nation on April 22 should we not receive a satisfactory response from the IOC," Davies says. "Germany, for example, has much stricter policies regarding privacy and they wouldn't blink at taking severe action. Sweden, as well, has shown a willingness to addressed similar issues."

Watching and Waiting

Jeanna Thorslund, senior information officer of Sweden's Data Inspection Board, says that though the board has not received any complaints about Gmail, it is aware of the planned e-mail service and would continue to monitor the situation. Representatives from the data privacy agencies in Germany, the Netherlands, and France could do immediately be reached for comment.

In a similar fashion, representatives from the European Commission--the European Union's executive body--say that they are also aware of the proposed Gmail service and are ready to look into potential legal conflicts should the need arise.

"We are not in an active stance of waiting for complaints about Gmail and we are not at the moment investigating anything specific but we will keep an eye on the situation," says Commission spokesperson for enterprise and information society issues Peter Sandler.

As an example of a potential problem with Gmail, Sandler points to the "opt-in" directive that was added to the statute books of the E.U. member states last October. The measure puts the onus on companies to obtain permission from individual users to send them unsolicited commercial e-mail. Additionally, theoretical issues about confidentiality may also arise with Gmail, he says.

"The EC has a framework in place that requires confidentiality. There is an obligation of member states to make sure that the confidentiality of messages are insured. So that could have implications for companies that are scanning and tracking information," Sandler says.

Juan Carlos Perez of the IDG News Service contributed to this report.

August 31, 2005 at 10:42 AM in email | Permalink | TrackBack (13) | Top of page | Blog Home

Google Expands Gmail Access

PCWorld.com - Google Expands Gmail Access

For the first time, site visitors may be able to try the free e-mail service.

Juan Carlos Perez, IDG News Service
Wednesday, March 16, 2005

Google opened up its Gmail Web mail service to a wider scope of users this week by randomly offering, for the first time, accounts to some visitors of the main Google.com page.

Until Monday, to get a Gmail account, a user had to be invited to the service by either Google or an existing Gmail user.

"We just started offering Gmail accounts to a randomly selected sample on Google," says Marissa Mayer, Google's director of consumer Web products. "It's a natural step to leverage the wider user base of Google.com to grow Gmail."

About one in 20 Google.com visitors are getting the Gmail account offer, Mayer says. "Based on the success of this one-in-20 scope, we'll be ramping it up over the next couple of weeks," she says.

Generating Buzz

Gmail, a free service, is still in a beta, or test, phase, but there has been much speculation about when it will be launched officially and opened up to Web users in general.

Gmail rocked the Web mail market when it was announced in April 2004 due to its then unprecedented 1GB inbox storage. Since then, Web mail providers large and small, including big players Microsoft and Yahoo, have reacted to Gmail by increasing significantly their inbox storage capacity.

Google defended itself by saying that the ads are generated automatically with text-scanning technology and without human intervention.

August 31, 2005 at 10:40 AM in email | Permalink | TrackBack (33) | Top of page | Blog Home

Google's Gmail could be blocked

BBC NEWS | Business | Google's Gmail could be blocked
Tuesday, 13 April, 2004, 10:55 GMT 11:55 UK
Gmail, the planned free e-mail service from Google, could be facing strong legal opposition in California

A draft law is being drawn up by local Democratic Senator Liz Figueroa, who calls Gmail "an invasion of privacy".

Google is being asked to rethink the product, which plans to offer 100 times the storage offered by some rivals.

The problem, Ms Figueroa says, is Google's plan to make revenue from users agreeing to their incoming e-mail being scanned for targeted advertising.

Objections

Californian Senator Figueroa describes the service as being a bit like "having a massive billboard in the middle of your home".

The targeted adverts would use key words after scanning your private e-mail - posting adverts for pharmaceutical products, for example, if a message mentions a medical condition.

Google's plans have already come under fire from privacy campaigners objecting to adverts linked to the content of messages, and to the permanent storage of email.

UK-based campaign group Privacy International has complained to the UK's Information Commissioner about Google's plans to send users links to advertising based on a computer scan of their correspondence, and presumed interests.

It also pointed out that Google's terms of service did not allow users to delete their emails permanently, despite European data protection legislation which gives users full control over their own communications.

Current practice

At present, users of Google's internet search engine receive advertisements for commercial sites linked to their search topic arranged down the right-hand side of their screens.

Gmail would use similar technology to scan emails and offer advertisements.

Other websites - including rivals such as Yahoo - use similar methods to select which banner adverts appear on top of a search page.

Google said in a statement that it intends to work with data protection authorities across Europe to ensure concerns are resolved.

It says the content of users' email would remain private because the process would be fully automated.

The internet search engine company has promoted free storage for each user of the equivalent of 500,000 pages of email among Gmail's benefits.

Google says this will enable users to retrieve vast amounts of old emails, and that it will back this up with superior spam filtering.

Google is privately-owned, but expected to float on the stock market later this year, a deal that could value Google at up to $25bn (£14.7bn) - slightly more than listed online retailer Amazon.

The California-based company was founded in 1998 by Larry Page and Sergey Brin.

Your comments:

I don't think your privacy can be invaded if you know what the service is doing before you sign up. It's a free service and nobody forces you to use it and have your e-mails screened.
David Cox, Southampton, UK

This is no different to Google's search engine giving you advertisements based on what you search for. As long as information on which adverts have been picked for you is not stored, and the process remains entirely automated, I wouldn't have any problem with using a service like this.
Alex Oughton, London, UK

If anyone has a problem with the service offered they can choose not to use it. This seems to be 'nannying' of individuals. If the user base does not want this sort of targeted advertising in exchange for free storage, the product will die a death. If it proves popular regardless of or potentially because of the advertising - what's the problem?
Andrew Foster, UK

People should get a grip. Our personal "privacy" is already invaded at a far more intrusive level by tele-sales, direct marketing and most worryingly by government. If a company offers a product in exchange for an advertisment platform as long as the rules are made clear where is the problem?
David Price, USA

Yes it's an invasion of privacy but you have the choice to use GMail or not - in other words, you have the choice to have your privacy invaded or not. So I think it's a good idea but it's not a service I'll be using.
Robert Stephenson, Altrincham, England

Anything that scans emails for content / key words is an invasion of privacy. It would be like the Royal Mail opening letters and placing adverts inside the envelope
Allan Jacques

Of course it is an invasion of privacy - just imagine somebody asking you to give them the right to read all your letters, keep a copy of each and flood you with advertising leaflets based on what they think you might buy! Nobody would ever say yes to such an "offer". But then there is a simple way around this: just don't use Google's Gmail; nobody is forcing you to use it, so just don't. If everybody were just to ignore them, Gmail would soon disappear again.
George, Cambridge, UK

Yes. It is the equivalent of having someone open your post and putting some junkmail inside. I don't think I will be using it!
Nick, Madrid, Spain

Gmail sounds excellent and I have no problem with targeted ads. The Gmail advertising method will be much less intrusive than the ads found on Yahoo or Hotmail. People should read the terms and conditions and if they are not happy with what they must agree to to use the service, then don't use it.
Stephen, London

No doubt in my mind that Google has already shown itself to be a leader in snooping. They already make public EVERY post you make on newsgroups/discussion groups. They may be big and powerful but I will never use their email system and if any of my friends do, I will notify them that I will not reply or write to a Google email system.
Robert, St Louis MO USA

Assuming the ads would be displayed in a similar way to that employed on the search engine (i.e. that they would not send me spam, merely add ads into my regular email) I would be happy to sign up to such a service. For once, the adverts being displayed may actually be something I am interested in, and it would be a much better way of targeted advertising. I realise very little is truly "free", and the only way they can offer such an immense amount of storage is by charging more for the ads, as they can assure advertisers that the ads are targeted well. As for the storage, anyone who uses a free online email system should expect it not to be perfectly private, and if Google really want to keep copies of my jokes, forwards, daft comments, innuendos, and indeed the spam I receive, good luck to them! I have no problems with the service at all, provided the T&Cs are clear when the user signs up.
Philip Holbourn, Coventry, West Mids, UK

This has nothing to do with invasion of privacy and stinks of politics. A bit like "having a massive billboard in the middle of your home"? Has the good senator not noticed the number of homes with TV sets showing 24/7 adverts with occasional short 'programme' breaks?
Dave P, Frome, UK

No more than it is already invaded by the authorities. It is a bit rich for a legislator from the USA to attempt to block Gmail on the grounds of invasion of privacy when we all know that the US government has a facility monitoring and reading all and any e-mails it pleases. Ditto GCHQ in the UK.
Mike Edwards, Blackpool UK

Junk mail drops through letterboxes, TV programmes interupt every 15 minutes, billboards everywhere. Most is poorly targeted. Google does target scientifically and as e-marketing begins to dominate over TV and paper this will eventually save many trees and us all many wasted hours. Importantly, research show us that people accept targeted ads. As for privacy, this probably is a technical and privacy issue. Forcing it should bring clarity and a legal framework. Google will never be the sole email provider, but good on them, we hope to be @gmail one day.
iMakeWebSites Ltd, Manchester Lancs

I don't have such a high opinion of myself to think that anyone would want to read my email, and even if they did I wouldn't care. Due to the way email works, it is far from private anyway. If I have anything to send that I want kept private I use PGP. My only concern is that with the amount of junk mail advertising certain body enlargements, the GMail system might think that's what I am into, and then display even more adverts for it!
Marc, Reading, UK

Google shouldn't be allowed to scan e-mails for any purpose. It's like Royal Mail opening everyone's mail, personal and business, reading the mail, making a note of any 'key words' and then resealing the mail including any applicable adverts. This is quite clearly not only an invasion of privacy but to my mind it would amount to opening up the channels for any kind of 'snooping' of mails. How can we as a culture expect to move forward by depending upon technology if we cannot be assured of its security, even at the most basic of levels? If G-mail was to go ahead then the user should be given an 'extremely' clear choice of whether their mail can be scanned for these alleged 'key words' and the implications of such scanning. Additionally once the mail has been 'downloaded' from the G-mail server then the stored server mail should be deleted.
Jason , Basingstoke, England

August 31, 2005 at 10:35 AM in email | Permalink | TrackBack (20) | Top of page | Blog Home

Update: Google expands access to Gmail

Update: Google expands access to Gmail | InfoWorld | News | 2005-03-16 | By Juan Carlos Perez, IDG News Service

Google ramps up user base by offering Gmail accounts to random visitors on Google.com

By Juan Carlos Perez, IDG News Service
March 16, 2005

Google (Profile, Products, Articles) opened up its Gmail Web mail service to a wider scope of users on Monday by randomly offering, for the first time, accounts to some visitors of the main Google.com page.

Until Monday, to get a Gmail account, a user had to be invited to the service by either Google or an existing Gmail user.

"We just started (on Monday) offering Gmail accounts to a randomly selected sample on Google," said Marissa Mayer, Google's director of consumer Web products. "It's a natural step to leverage the wider user base of Google.com to grow Gmail."

About one in 20 Google.com visitors are getting the Gmail account offer, Mayer said. "Based on the success of this one-in-20 scope, we'll be ramping it up over the next couple of weeks," she said.

Google's move to expand the scope of Gmail users is a noteworthy step, considering that Gmail registrations have been so restricted, an analyst said.

"Gmail has been like a club to which you need to get invited, so this is a step in opening it up to the public," said Su Li Walker, a Yankee Group analyst.

Gmail, a free service, is still in a beta, or test, phase, but there has been much speculation about when it will be launched officially and opened up to Web users in general.

Gmail rocked the Web mail market when it was announced in April 2004 due to its then unprecedented 1GB inbox storage. Since then, Web mail providers large and small, including big players Microsoft (Profile, Products, Articles) and Yahoo, have reacted to Gmail by increasing significantly their inbox storage capacity.

Some have said that the longer Google waits to launch Gmail to the general public, the more Gmail loses its initial buzz and momentum. However, others believe Web mail isn't a core service to Google and that, as such, it shouldn't be a priority.

"Google doesn't need e-mail. There are more important products for Google to work on, such as toolbars, local search and advertising programs," said David Card, a Jupiter Research analyst. "E-mail is an interesting opportunity for them to increase user loyalty, but I don't think Google should feel any anxiety in hurrying up a Web mail offer."

Gmail also brought Google, in Mountain View, California, a good amount of controversy due to its inclusion of contextual text ads in the messages based on their content, which prompted privacy advocates to criticize the practice. Google defended itself by saying that the ads are generated automatically with text-scanning technology and without human intervention.

August 31, 2005 at 10:33 AM in email | Permalink | TrackBack (40) | Top of page | Blog Home

Gmail Steals Users From Hotmail

Personal Tech Pipeline | Gmail Steals Users From Hotmail

Courtesy of TechWeb News

Most of the gains in users by Google's free Gmail Web-based e-mail service have come at the expense of Microsoft's Hotmail, an e-mail switching service said Wednesday.

Consumers who used Return Path's e-mail change of address tools were almost twice as likely to switch to Gmail from Hotmail than from Yahoo, the New York City-based company said.

Fifty-seven percent of the users with a new Gmail account were changing from Hotmail, said Return Path's 2004 data, while just 27 percent were switching from Yahoo. The remaining 16 percent was split between AOL, MSN, and Comcast.

The prominence of former Hotmail users in the Gmail ranks isn't due to a higher number of Hotmail users overall, said Return Path, since across the board, former Hotmail and former Yahoo users are consistently even.

Gmail, which is still in beta -- Google is known for labeling products as "beta" for years -- was the first free service to offer a gigabyte or more of free storage space. When it debuted nearly a year ago, it set off a space race among rivals. Microsoft Hotmail, for instance, upped its storage allowance to 250 megabytes for its free accounts beginning last summer.

August 31, 2005 at 10:32 AM in email | Permalink | TrackBack (33) | Top of page | Blog Home

Media Alert: EmailLabs Tells Marketers to Prepare for Future Impact of Google's Gmail

REDWOOD CITY, Calif. (Nov. 30, 2004) - EmailLabs (www.emaillabs.com), the leading Web services provider in the email marketing space, announced today that despite the hype around Gmail, Google's free e-mail service, marketers have time to prepare for its future growth.

As outlined in recent ClickZ.com E-Mail Delivery columns by EmailLabs' Loren McDonald and Kirill Popov, the company's analysis of B2B and B2C email lists indicates that while Gmail has received an overwhelming amount of media attention and overwrought concern among email marketers, Google's free email service (still officially in "beta") actually has an extremely low "list penetration" of well under half of a percent. This compares to a typical B2C list penetration by Hotmail and Yahoo of around 15 percent each.

"Gmail's estimated user base of 1.5-2 million is quite impressive for an email service that is still in beta, but our list analysis reveals that these users are not yet switching their current subscriptions away from their Hotmail, MSN and Yahoo accounts," noted Loren McDonald, EmailLabs' VP of Marketing.

"In the next few years Gmail will clearly become a force to reckon with, likely reaching at least 10 million users, and taking some market share from Hotmail, MSN and Yahoo," adds McDonald. "Because of Gmail's current low penetration, now is a good time for email marketers to begin taking necessary steps, including testing and tweaking their emails, to prepare for Gmail's future growth and specific challenges."

For now, according to McDonald, the reality is that marketers' concerns about Gmail are overblown. Except for Gmail's displaying of ads in marketers' emails that may compete with their own ads or offers, most of the concerns about how Gmail treats and renders emails are identical or similar to issues presented by Hotmail, MSN, Yahoo and email clients such as Outlook. In recent ClickZ.com E-Mail Delivery columns, EmailLabs has outlined these issues and strategies for dealing with them, including:

-- Contextual Ads -- Email recipients may see an ad from a competitor inserted alongside the body of the email message.

-- Blocked Images -- Images in HTML messages are not automatically displayed, users have to click on a "Display External Images" link to have images rendered.

-- Content Formatting -- Gmail strips virtually all CSS (Cascading Style Sheets) code out of HTML messages.

-- Spam filtering -- It is unknown which spam filtering technology Google is using with Gmail, but EmailLabs analysis suggests that Gmail is deploying a content-based filter.

-- Gmail Notifier and Snippets -- Gmail's Notifier and Snippets present users excerpts from emails on your desktop and within the Gmail client to help users determine if they should open individual emails.

-- Subject Line Length -- Gmail limits the subject line length to 57 characters, but adds the snippet text after the subject line.

To read more about EmailLabs' perspectives on Gmail, visit:

Gmail Concerns? Don't Press the G-Panic Button Yet www.clickz.com/experts/em_mkt/email_delivery/article.php/3426321

Gmail's Coming -- Are You Ready? www.clickz.com/experts/em_mkt/email_delivery/article.php/3365031

August 31, 2005 at 10:23 AM in email | Permalink | TrackBack (8) | Top of page | Blog Home

August 30, 2005

Email users get a reputation

Email users get a reputation - Yahoo! UK & Ireland News

By Joris Evers, CNET News.com

Data about how much spam various email servers, and other machines, send out is now available on the Web

A new Web site aims to help determine whether a specific computer has been sending legitimate email or spam.

The TrustedSource Web site uses data from reputation filters, which are billed as the next big thing in email security. Makers of spam-fighting tools collect data on email senders and use that to assign "reputations" to email sending computers and Internet domains. Those who send a lot of spam get a negative rating and their messages are more likely to be filtered out.

CipherTrust is one of those email security vendors. The company has sold more than 4,000 of its IronMail appliances to customers worldwide. CipherTrust is now sharing some of the reputation data it has gathered through those machines with the public through the TrustedSource Web site, the company announced on Monday.

The Web site is designed to be a reference tool. Entering a domain name generates a list of the IP addresses of machines that send email for that domain. Users can then drill down and click on each sending address to see if the specific machine has been sending junk mail or legitimate messages.

TrustedSource could be useful for the occasional check, for example when configuring a spam filter or just to learn the reputation associated with a specific domain. It may be more helpful for organisations to identify which systems on their networks are sending email, said Dmitri Alperovitch, a research engineer at CipherTrust. Typically, on a corporate network, only designated email servers should be sending email.

"Often companies don't realize that they have zombie machines on their network that have been sending email," Alperovitch said. Zombie machines are computers that have been commandeered by cybercriminals and are often used to send spam.

The Web site also provides information on the adoption of fledgling email authentication technologies. There are lists of Internet domains that send email using DomainKeys Identified Mail and Sender ID. Both technologies are designed to improve spam filters and prevent the spoofing of email addresses.

TrustedSource can help IT staff implement Sender ID, or to make sure that the implementation was done properly. Sender ID requires a so-called Sender Policy Framework record. This record should list the IP addresses of computers that may send email on behalf of a domain. TrustedSource lists all the IP addresses that are actually sending mail.

In addition to the TrustedSource Web site, CipherTrust on Monday also released two new anti-spam products, which both use reputation services to filter out unwanted mail:

* The IronMail Gateway 6.0 is an improved version of CipherTrust's e-mail scanning appliance. It offers better enterprise integration, implementation, management and reporting features than its predecessor, according to CipherTrust.
* IronMail Edge is a new first line of defense against bad e-mail. The appliance — designed for large enterprises — scans e-mail at the outer edge of a company's network, preventing unwanted traffic from using up valuable bandwidth.

August 30, 2005 at 01:31 PM in email | Permalink | TrackBack (17) | Top of page | Blog Home

August 23, 2005

How I ''Imported'' archived email into Gmail

From Jims tips ..... an excellent site incidentally for gmail users.

Jim's Tips | Gmail Tips | Moxi Tips - How I ''Imported'' archived email into Gmail

I have a large number (about 1000) of archived emails that I have saved over the years, and I am looking for a way to "import" them into Gmail so that I can leverage Gmail's excellent Search and Label features. Over at the Gmail forum at Webmaster World is a posting on how to "import" emails into your Gmail account using Eudora. Well, I had some problems with Eudora, so I decided to use Outlook Express. Here's the message that I posted...

Well, I spent some time last night "importing" all of my archived emails into Gmail, and it really wasn't too bad. After several failed attempts with Eudora, I decided to go in a slightly different direction. The problems I was having with Eudora were two-fold:

1. Gmail kept giving me that "Relay" error", so messages couldn't be delivered. (I COULD re-direct manually, on message at-a-time, but for some reason, using the Filter gave me the "Relay" error. Go figure.)

2. I couldn't figure out how to import .eml files into Eudora. If anyone has any suggestions to these, I would be most greatful...

That said, I decided to use Outlook Express instead. It really worked like a charm, with two major idiosyncracies:

1. OE uses whatever "Name" you set up in OE's account properties as the "From" instead of the original email address. This is a HUGE advantage of Eudora--it retains the original address when you re-direct. This means that in Gmail, that name is what you see in the From column. More on this later.

2. OE uses the date you process as the email date, not the original email date, so that bit of data gets lost. I don't know how Eudora handles this, but I think it's the same as OE. To me, this was more of an annoyance than an issue.

End result? I now have almost 1100 emails in my Gmail account occupying 15MB (2%) of my space. The messages are now very easily searchable, labelable, and managable. Before I improted them into Gmail, there was simply no easy way to manage my old messages to find relevent information.

OK, so here's how I did it using Outlook Express (OE):

First, I opened OE and created an email account that pointed to my primary POP3 provider. In the "Name" field, instead of using my full name as normal, I used "Archived". This way, I can easily see that it's an archived email. Gmail will display this in its "From" column. I also set the "Leave messages on server" function checked for safety--didn't want to lose anything.

Next, I logged onto my Primary POP3 provider's webmail account and moved all emails from various folders into my Inbox. This way, OE would simply retrieve all emails. Yes, I just lost the organization I had to all these messages, but I'll take the time to use Gmail to quickly re-label them.

Next, I initiated a "Receive" in OE and retrieved all the emails from my POP3 provider. It retrieved about 650 emails.

I next went back to me Webmail account and moved all the messages into a "hold" folder clearing out my Inbox so that I wouldn't re-retrieve them.

Next, I opened Windows Explorer and opened the folder that contained 310 old ".eml" files that I had previously archived offline. I highlighted them all and then simply drag-and-dropped them into OE's Inbox. OE nicely imported them with all information (dates, original email addresses, etc.) intact. This simple task was something that I couldn't get Eudora to do. If someone knows how, PLEASE let me know!.

I now 960 emails in my OE Inbox.

Side note: I found out that my particular POP3 provider won't allow a "send" of more than 100 emails at-a-time, so I had to work with batches of 100 or less emails. So I created three folders in OE: "Hold", "Temp", and "Processed". These would be my work folders. I then moved all the emails from the Inbox into the "Hold" folder.

Next, I created a "Message Rule" in OE that would look for all messages whose subject line DIDN'T contain a unique string forward those messages. I chose the string "{[!ThisWillNeverMatchAnything!]}" and I chose the email address of "jim.barr+import@gmail.com".

I then moved batches of 100 emails from the Hold folder into the Temp folder, opened the message rule, and clicked "Apply Now", browsed to the Temp folder and clicked "Go". OE selected all the emails and began sending them. Once all were sent, I moved the emails in the Temp folder to the Processed folder. I then repeated this process for all emails. With 960 emails, this took some time.

OK, over to my Gmail account.... This resulted in 960 emails now in my Gmail Inbox view. All had a "From" address of "Archived", and the email date was last night's date. I next created a new Label called "Mail Archive" and did a Search on all emails that had a "From" of "Archived". This way, I wouldn't inadvertently select anything that might have come into my Inbox while I was "processing" all the "Archived" emails. I then proceeded to select "All", then applied the label "Mail Archive", and then selected "Archive" from Gmail's "More Actions" dropdown. This really was tedious, because for some reason, despite setting Gmail to display 100 conversations at-a-time, Gmail only displays 20 conversations at-a-time in the Search results view. Yes, I know, I could have set up a Filter prior to doing this to auto-label and archive the messages, but I forgot...

Anyway, I now have a very clean and virtually empty Inbox and a new Label with 960 "archived" messages. Over time, I'll simply apply additional Labels to the archived messages to better organize them. Yes, it'll take time, but Gmail makes it so easy...

Now, if I just can figure out how to get past Eudora's "Relay" issue as well as figuring out how to import ".eml" files, I wouldn't hesitate trashing all the messages I imported last night and re-doing it letting Eudora apply the proper "From" name. But for now, I'm very satisfied with the results.

August 23, 2005 at 12:25 PM in email | Permalink | TrackBack (119) | Top of page | Blog Home

August 18, 2005

Study: Half of Gmail Switchers from Hotmail

BetaNews | Study: Half of Gmail Switchers from Hotmail

By Ed Oswald, BetaNews
February 16, 2005, 12:02 PM

The results of a study released Wednesday indicate that new Gmail subscribers are about twice as likely to come from MSN's Hotmail as they are from Yahoo Mail. Return Path, a company that offers tools to ease the switch between e-mail services based the results on data collected from clients during the period of June through December 2004.

Between 52 to 56 percent of customers switching to Gmail came from a Hotmail address each month, said Return Path. This compares to only 24 to 34 percent being from a Yahoo account. The rest of Return Path's clients were switching from MSN, AOL and Comcast, though at much smaller numbers.

One possible explanation for the disparity is that Google's Gmail has offered 1 gigabyte of storage free to its users since the service was put into public beta. On the other hand, free Hotmail users were only given 2 megabytes of storage until late last year.

But Jupiter Research senior analyst warned about making predictions based on third-party data. "While the switch rates appear to be high, I would caution against making trend predictions based on a single vendor's service," he said. "What if higher Net-tenured or tech-savvy users primarily use the service and also happen to be the most-likely Google switchers?"

For its part, Return Path says more than 700,000 people use its services each month, and the company is the official "Email Change of Address" provider for the United States Postal Service.

Nate Mook contributed to this report.

August 18, 2005 at 01:15 PM in email | Permalink | TrackBack (32) | Top of page | Blog Home

August 11, 2005

Intercepted E-Mail Indictment Revived

Intercepted E-Mail Indictment Revived - Yahoo! News

By MARK JEWELL, AP Business Writer 2 hours, 24 minutes ago

BOSTON - A federal appeals court Thursday revived the government's online eavesdropping prosecution against an executive of a company that offered e-mail service and surreptitiously tracked its subscribers' messages.

The case, closely watched by Internet privacy groups, had been dismissed in 2003 by a judge who found it was acceptable for the company — an online literary clearinghouse — to make copies of the e-mails so it could peruse messages sent to its subscribers by rival Amazon.com Inc.

An executive of the now-defunct clearinghouse, Interloc Inc., was indicted in 2001. Prosecutors argued that intercepting e-mail before the messages were transmitted to recipients amounted to an offense under the federal Wiretap Act.

But the executive, Bradford Councilman, argued that no violation of the Wiretap Act had occurred because the e-mails were copied while in "electronic storage" — in the process of being routed through a network of servers to recipients.

A District Court judge in Boston agreed and dismissed the case. Then a three-judge panel of the Boston-based 1st U.S. Circuit Court of Appeals upheld the dismissal in June 2004, prompting the government to appeal to the full appeals court.

In Thursday's 5-2 decision, the full court said the e-mail interception could be considered illegal and reinstated the indictment, sending the case back to the District Court.

The decision was applauded by one of the advocacy groups that intervened in the case.

"It reaffirms the fact that e-mail is a protected medium under privacy laws, protected from government wiretapping without a warrant and misuse by service providers," said David McGuire, spokesman for the Washington-based Center for Democracy and Technology.

The wiretapping law — passed in 1968 and amended in 1986 to address emerging computer technologies — protects the privacy of messages in transit. But the appeals court said Thursday it believes Congress intended the wiretapping prohibitions to apply broadly and include messages in temporary storage "intrinsic to the communications process."

In a dissenting opinion, Appeals Court Judge Juan Torruella noted that consumers who sign up for e-mail services like the one offered to Interloc's customers typically consent to privacy agreements. Congress didn't necessarily intend such privacy rights be controlled by law, he wrote.

"If Interloc did intercept its customers' messages in breach of a privacy agreement, the remedy lies in contract, not in the Wiretap Act," Torruella wrote.

Samantha Martin, a spokeswoman for the U.S. Attorney's office, said the office "was obviously pleased with the decision," but declined further comment.

An attorney for Councilman, Andrew Good, said he was reviewing whether to appeal to the
U.S. Supreme Court or to go to trial. Thursday's split ruling "tells you how difficult this law is to understand and to abide by," Good said.

He said Councilman denies taking part in any interception of e-mail.

According to the indictment, Councilman directed employees in 1998 to write computer code to intercept and copy all incoming e-mails from Amazon.com to Interloc's subscribers, who were dealers seeking buyers for rare and out-of-print books. Amazon.com did not then offer used books, but offered customers help in tracking down rare books.

The government alleged that Interloc tried to exploit the Amazon e-mails "to develop a list of books, learn about competitors and attain a commercial advantage."

Although Councilman fought his indictment, prosecutors did win guilty pleas from two other defendants, including Alibris Inc., an Emeryville, Calif.-based online rare-book broker that acquired Interloc in 1998. Alibris paid a $250,000 fine.

The other guilty plea came from Interloc's former computer systems administrator, who was placed on probation.

August 11, 2005 at 09:05 PM in email | Permalink | TrackBack (39) | Top of page | Blog Home

July 27, 2005

E-mail is for older people, teens say in survey

E-mail is for older people, teens say in survey - Yahoo! News

Wed Jul 27, 7:16 PM ET

WASHINGTON (Reuters) - E-mail is for grown-ups and U.S. teenagers now prefer instant messaging to communicate with each other online, according to a survey released on Wednesday.

Internet users from 12 to 17 years old say e-mail is best for talking to parents or institutions, but they are more likely to fire up IM when talking with each other, the nonprofit Pew Internet and American Life Project found.

E-mail is still used by 90 percent of online teens. But the survey found greater enthusiasm for instant messaging.

Three-quarters of teen Internet users use instant messaging, compared with 42 percent of adults, Pew said. Nearly half of teens said they exchanged IMs daily, and some said they spent more than two hours each day using instant-messenger programs.

Half or nearly half of the 1,100 teenagers surveyed said they used IM to send Web links or photos to each other, while nearly one-third said they had sent music or video clips over IM. Adults were much less likely to do any of those things, the survey found.

Nearly nine out of 10 teenagers say they use the Internet, up from 74 percent in 2000. Those are who still not online are likely to be so poor that they have limited access to technology, the survey found, and are disproportionately black.

The survey, conducted in October and November 2004, has a margin of error of 4 percentage points.

July 27, 2005 at 10:51 PM in email | Permalink | TrackBack (59) | Top of page | Blog Home

July 19, 2005

Nigeria jails woman in $242 mln email fraud case

Nigeria jails woman in $242 mln email fraud case - Yahoo! News

By Tume Ahemba Sat Jul 16,11:17 AM ET

LAGOS (Reuters) - A Nigerian court has sentenced a woman to two and half years in jail after she pleaded guilty to fraud charges in the country's biggest e-mail scam case, the anti-fraud agency said on Saturday.

Amaka Anajemba, one of three suspects in a $242 million fraud involving a Brazilian bank, would return $48.5 million to the bank, hand over $5 million to the government and pay a fine of 2 million naira ($15,000), the agency said.

Scams have become so successful in Nigeria that anti-sleaze campaigners say swindling is one of the country's main foreign exchange earners after oil, natural gas and cocoa.

Anajemba's sentencing by a Lagos High Court on Friday is the first major conviction since the Economic and Financial Crimes Commission (EFCC) was established in 2003 to crack down on Nigeria's thriving networks of email fraudsters.

The agency said in a statement that the judgment was "a landmark achievement by EFCC in the fight against advance fee fraud, corruption and other related crimes."

Typically fraudsters send out junk e-mails around the world promising recipients a share in a fortune in return for an advance fee. Those who pay never receive the promised windfall.

Anajemba, whose late husband masterminded the swindling of the Sao Paolo-based Banco Noroeste S.A. between 1995 and 1998, was charged along with Emmanuel Nwude and Nzeribe Okoli.

The prosecution said the three accused obtained the $242 million by promising a member of the bank staff a commission for funding a non-existent contract to build an airport in Nigeria's capital Abuja.

All three accused pleaded not guilty, but Anajemba later changed her mind to enter a guilty plea in order to receive a shorter sentence.

Her prison term was backdated to start in January 2004 when she was first taken in custody. The trial of the two others who maintained their not guilty pleas was adjourned to September.

Ranked the world's second most corrupt country after Bangladesh by sleaze watchdog Transparency International, Nigeria has given new powers to the EFCC which is prosecuting about 200 fraud and corruption cases.

The anti-fraud agency has arrested over 200 junk mail scam suspects since 2003. It says it has also confiscated property worth $200 million and secured 10 other convictions. ($1=132.70 Naira)

July 19, 2005 at 12:03 AM in email | Permalink | TrackBack (126) | Top of page | Blog Home

June 18, 2005

BlackBerry users suffer email withdrawal

TheStar.com - BlackBerry users suffer email withdrawal

HICHAM SAFIEDDINE
STAFF REPORTER

The BlackBerry crowd in parts of North America had to go cold turkey for a few hours yesterday.

From New York to Washington to Ottawa, the wireless email service was down in some areas temporarily, leaving business people, traders and political figures without their accustomed communication. Service interruption lasted up to almost four hours in the United States.

MeeJin Annan-Brady, spokeswoman for Research In Motion Ltd., the Waterloo-based company that makes the popular devices, said the exact cause of the disruption was not clear. The company had not yet released an official statement last night.

RIM has an estimated 3 million BlackBerry subscribers, and two-thirds of its $1.35 billion (U.S.) revenue was generated in the United States last year.

Since their launch several years ago, BlackBerrys have become widely used among financial analysts, political figures and professionals in communications-intense businesses.

"I've always thought of it as infallible," Jennifer Myers, director of strategy for consulting firm Interbrand, told Bloomberg News in New York. "It has never happened to me before. It concerns me because there was no indication of what was going on."

The impact in Canada of yesterday's unusual occurrence appeared to be less severe than that in the U.S. Some Rogers customers experienced delays for about an hour early in the day, said spokeswoman Heather Armstrong. She said the delay in relaying messages was due to a server and not a network problem. "My understanding is that RIM conducted some maintenance last night," she said. "I think it was not until early today when people started using them that (RIM) recognized there might still be a problem."

Rogers provides networking services for its BlackBerry clients. Other mobile carriers of BlackBerrys affected were T-Mobile, Nextel Communication and Cingular in the United States. Armstrong said updates about service problems were available at the company's subscriber helpline.

RIM runs its email paging service by operating data centres that direct email between BlackBerry devices and a company's internal network.

On Parliament Hill, fierce BlackBerry users in Prime Minister Paul Martin's office found themselves with off-and-on service for a couple of hours in the morning.

Yet after an intense few weeks in federal politics, sitting at the precipice of a snap election, the breakdown was more of a refreshing break. "We were down for two hours or so. Didn't cause any disruptions to the business of government," said Scott Reid, Martin's communications director.

With files from Susan Delacourt and BLOOMBERG

June 18, 2005 at 11:11 AM in email | Permalink | TrackBack (10) | Top of page | Blog Home

February 06, 2005

E-Mail Race Is Picking Up the Pace

Yahoo! News - E-Mail Race Is Picking Up the Pace

By Rob Pegoraro

Does anybody care about e-mail anymore?

ou might think not, looking at the sleepy state of the market for consumer mail software in Windows. One of the two most widely used programs in this category, Microsoft's Outlook Express, has not had a meaningful update since 1999, save security fixes for its appalling history of vulnerabilities. The other is Microsoft's bloated, corporate-centric Outlook, normally sold only with its Office suite for $150 and up. These are not exactly programs that inspire love.

That kind of situation ought to be ripe for exploitation by competitors offering better programs. Yet for several years running, the only serious challenge to Microsoft's not-so-dynamic duo has come from Web-mail sites such as Yahoo Mail and Google's Gmail (which, since they don't work as quickly as a stand-alone program and can't be used offline, don't amount to a viable alternative for many users).

This dormant market is finally waking up. One of the oldest mail programs, Qualcomm's Eudora (Win 98 or newer, Mac OS X (news - web sites), www.eudora.com), is coming off a string of recent updates. The program (named after the writer Eudora Welty) comes in three versions: a free but limited release, a more capable free download subsidized by easily ignored ads in a corner of the screen, and a $50 ad-free edition that adds spam filtering.

Another, Mozilla Thunderbird (Win 98 or newer, Mac OS X, Linux (news - web sites), www.mozilla.org), debuted in December as a refined version of what's built into the Mozilla browser. Thunderbird is free and open-source.

Both programs offer some extraordinarily well-done features. But as a whole, they could use more time in the oven.

Trouble commences with a move from Outlook Express or Outlook. Neither Eudora nor Thunderbird ever managed a full transfer of anything beyond e-mail stored in the Microsoft programs. Eudora routinely mangled address books and settings, sometimes ignoring any second or third e-mail accounts. Thunderbird imported Outlook contact lists accurately but didn't copy any Outlook account settings; when reading Outlook Express data, it missed many secondary details.

Eudora and Thunderbird can connect to the two main types of e-mail account, the Post Office Protocol (POP) service almost every Internet provider offers and a better but harder-to-find one called Internet Message Access Protocol (IMAP). But each feels at home in only one of these standards. Eudora is terrific with POP but slow and clumsy with IMAP; Thunderbird's near-peerless IMAP performance contrasts with POP support that omits a few options handy when checking one account from two computers.

A similar imbalance exists in their writing and replying tools. Eudora is the fastest game in town, thanks to an extensive array of keyboard shortcuts and time-saving features such as "stationery," prefab replies you can dash off with two mouse clicks. Thunderbird lacks those refinements -- until a 1.1 update arrives in March, it can't even check your spelling as you type -- but offers easier ways to liven up messages with text styles and graphics.

In everyday operation, Eudora, first released in 1988, shows its age badly. It routinely locks up briefly while processing messages and too often crashes outright. The software is confusing to learn, between its peculiar jargon (it calls accounts "personalities") and its Options window's puzzling list of 31 often-redundant categories.

Even Eudora's interface -- vast amounts of blank space and toolbar icons that appear to have been drawn with crayons -- looks ugly.

Thunderbird is a hot rod in comparison. I haven't seen it crash in months of use, and the only thing that seems to slow it down is a balky mail server. Routine operations also show some of the same elegant simplicity as Thunderbird's better-known sibling, the Firefox Web browser. But dig deeper and you'll see major components in need of rewrites, such as a cluttered "Account Settings" interface and a help file that exists only on the Mozilla Web site.

Thunderbird and the paid version of Eudora try to filter out spam, but neither has nailed more than about half of my junk mail. Eudora also suffers from a foolish default setting that doesn't exempt people in your address book from this filtering. And because Eudora will display any linked images in e-mail unless told otherwise, spammers can tell when you've read their junk; Thunderbird automatically blocks such images unless they're in messages sent by people in your address book.

Eudora's ad and paid versions do, however, introduce an overdue defense against "phishing" e-mails that try to lure users to give their financial data to fake Web sites. "ScamWatch" warns you in a yellow pop-up box if a Web link in an e-mail will send you to someplace besides the address displayed in the message. ScamWatch can be fooled, but it's better than what other mail readers do about phishing -- nothing. (Thunderbird 1.1 will add a similar feature.)

Once you've gotten rid of spam and phishing e-mail, Eudora excels in keeping track of the messages you do want with its message filters. You can have the program sort your messages by dozens of criteria, then undertake a dizzying variety of actions in response -- beyond just color-coding or filing a message in another mailbox, Eudora can print it, forward it or even speak its sender and subject in a synthesized voice.

Thunderbird's filters are capable, if not as comprehensive. But it blows past Eudora with a slick message-finding system. It's like finding a song in iTunes: Start typing a query into the search box, and results appear below in place of the normal mailbox view, changing as you continue to type.

Thunderbird normally scans both the subject and sender lines of messages, but you can focus a search on other parts of a message. You can also store queries for quick reuse.

Thunderbird offers a couple of non-mail features absent from Eudora: It doubles as a reader for Usenet newsgroups and can subscribe to and display RSS news feeds from Web sites (though it can't bring over news-feed subscriptions set up in other programs).

There is a great deal to like in both programs, either of which I can recommend over Outlook Express. Use Thunderbird unless you make intensive use of a POP account; otherwise, go with Eudora. If you employ IMAP, Thunderbird also beats Outlook (that Microsoft program does IMAP badly enough for me to have switched to Thunderbird long ago). But if, like most people, you use a POP account, Eudora and Thunderbird can't compete with Outlook in one crucial way: their address books.

It's not just that these two challengers are so awkward at managing non-mail address data, such as phone numbers. It's that their address books are islands in themselves, offering no easy way to share their data with other programs, handheld organizers or cell phones. (For the same reason, they also don't match up against Apple's Mac OS X Mail.)

I have the most hope for Thunderbird, thanks to the flexibility its open-source development allows. Eudora, by contrast, spent a year or so in limbo when Qualcomm couldn't decide whether it wanted to stay in the e-mail business. Considering how Thunderbird has evolved so far, it looks like the e-mail program of the future.

But until Thunderbird gains a real address book, I can't blame users who conclude that Outlook, for all its defects, remains the e-mail program of the present.

Living with technology, or trying to? E-mail Rob Pegoraro at rob@twp.com.

February 6, 2005 at 01:36 AM in email | Permalink | TrackBack (20) | Top of page | Blog Home

January 24, 2005

It's The End Of The Web As We Know It And I Feel Fine

VentureBlog: It's The End Of The Web As We Know It And I Feel Fine

I'm at the RVC SoftEdge Conference, where I'll be speaking tomorrow. RVC is the former venture arm of Reuters and this is its technology conference. The discussion here is wide ranging but generally around the evolution of information technology.

January 24, 2005 at 12:57 PM in email | Permalink | TrackBack (34) | Top of page | Blog Home

January 17, 2005

Encryption makes e-messages secure

TheStar.com - Encryption makes e-messages secure

Prickly CIBC case spotlights legitimate privacy concerns
People are urged to use security features on PCs, Blackberrys

RACHEL ROSS
TECHNOLOGY REPORTER

In the era of paper and pen, keeping a message private was easy.

You simply read the message, then ate it. Those with weak constitutions could burn or shred the document.

Discretion in the digital world can be far more challenging.

Many people don't know how to keep electronic messages private, judging by a recent lawsuit launched by Canadian Imperial Bank of Commerce against a group of employees who left to join the upstart firm Genuity Capital Markets. CIBC alleges some former employees used corporate resources, including the bank's e-mail system, to help form the firm. Some of the e-mail sent via Blackberry handheld devices has been entered into evidence. The Genuity people deny the allegations, but the case has left many executives wondering how to keep private conversations private.

Experts in electronic security agree that the best way to secure digital messages is with encryption, be it a regular e-mail or a message sent with a Blackberry.

Encryption is a process of "scrambling messages" using special keys, explains David Yach, senior vice-president of software at Research in Motion. The Waterloo company makes the Blackberry devices that countless executives use to swap messages.

The keys used for encryption aren't like the grooved pieces of metal we use to secure our homes. Encryption keys, which are generated by software, are more like the secret rings that let children decode messages from their friends.

With common encryption methods, each user has two keys. One of the keys is private and known only by the owner. The other is public. Say a broker wants to send his client a private message and both parties already own a set of keys. The broker writes his e-mail as usual, then scrambles the message using his public key. The client unscrambles the message using his private key.

Unlike the secret decoder rings of childhood, encrypting or decrypting a message doesn't involve a lot of patience and reference tables. With e-mail software such as Microsoft Outlook, encrypting a message only requires a couple of clicks of the mouse.

Once the correct clicks have been made and the message encrypted, it can be sent to the client over the Internet. The message is unintelligible in transit and to anyone except the client with the right key. When the message lands in the client's inbox, her e-mail software automatically deciphers the message using her private key.

For most people, using encryption won't require learning new software, but they will have to obtain ad-on software that works with their existing e-mail software. Those already using well-known programs such as Microsoft Outlook can still use it to send and receive mail, as many encryption systems can be integrated with the software.

Secure Multi-Purpose Internet Mail Extensions (S/MIME) is arguably the most common way to make e-mail messages private using encryption.

If a broker sends his e-mail using S/MIME the message is not only encrypted but also sealed with a digital certificate. It authenticates the message so the recipient is assured the message has not been altered during its online travels.

"Internet e-mail without security protection is much like sending a postcard over the Internet," said John Weigelt, chief security adviser for Microsoft Canada. "S/MIME is like putting an e-mail into an envelope and putting a wax seal on the back of it, so you could ensure it was sent from a particular individual."

While S/MIME can be used with Microsoft products such as Outlook Express, the software giant has its own solution for keeping e-mail private, called the Windows Rights Management Service. This ad-on system lets the writer set parameters on who can read a message and when. Users can even set expiry dates on e-mail so it self-destructs.

Another popular security system is called Pretty Good Privacy, or PGP. It works in much the same way as S/MIME � using a two-key system � and can be used with many different kinds of e-mail software. PGP and S/MIME are normally installed by corporate information technology workers across the company's entire computer network.

Those who can't convince their company to set up such a privacy system, or wish to secure e-mail sent from their home computer, might want to try PGP Personal Desktop (http://www.pgp.com) software that is designed for such applications.

Lone wolves might also want to try one of a handful of Web-based e-mail services, such as Hushmail, which provide an accessible means of sending secure e-mail. As with more traditional encryption systems, a free Hushmail account automates the scrambling and unscrambling process so that the user can concentrate on writing the e-mail instead of securing it. Ideally, both the sender and recipient should use Hushmail so that the e-mail resides on a single, encrypted server.

Blackberry handheld devices, which are a bit like pagers with keyboards, add complexity to the security conundrum because they can send messages different ways: via e-mail or the Blackberry PIN system.

Every e-mail message sent via a Blackberry is encrypted, but only while travelling outside of the corporate network. This encryption is used so a third party can't read the message if it is intercepted during its flight through the air to the wireless device. But the same message likely travels around in an unscrambled, readable form earlier on in its journey, as it is routed by the corporate e-mail server.

Yach said companies that use S/MIME for regular corporate e-mail can use it on their Blackberrys, for end-to-end security. With S/MIME, the message remains scrambled throughout its journey, until it reaches your in-box.

"It's appealing to those who are hyper-paranoid," he said.

Research in Motion itself processes a large proportion of messages sent by Blackberry. Interestingly, Yach said the company doesn't keep copies.

"We have the encrypted messages long enough to get them to your device, but then they are deleted," Yach said. "We certainly don't have any means of knowing what happened last week or month ago."

A brokerage firm might, however. Some firms choose to keep copies of all transmissions that travel over the corporate network, including e-mail messages sent via Blackberry.

Many consider Blackberry PIN messages more secure than e-mail messages sent by Blackberry, because there are fewer links in the chain.

PIN messages (so named because messages are addressed to a personal identification number) are sent directly from one Blackberry to another instead of going through e-mail servers.

For total privacy, Yach said sender and recipient should delete PIN messages after they are read. Otherwise it will be saved in a readable format on the device and to their computer the next time the user backs up data.

Mark Fabro, a senior manager with Bearingpoint Inc.'s security solutions practice, said the best rule of thumb is to avoid using corporate networks and devices for private business.

As a security consultant Fabro said he'd never advise anyone to perform an unethical act, such as undermining an employer using secret messages sent from a corporate computer or Blackberry.

Moreover, the scheme likely couldn't be kept a secret forever if you're using company resources.

"There is no such thing as absolute security," Fabro said. "What has happened with this Genuity lawsuit is a fantastic wake-up call for the community at large."

S/MIME and PGP both provide a very strong layer of added privacy for e-mail. It would take an unreasonable amount of time and resources for a company to decipher an encrypted message without the key.

Legally, however, a company could make the argument that they have a right to an employee's key if it was stored on a corporate computer. With access to the keys all those private messages would be easily unlocked, read and possibly used in court.

Additional articles by Rachel Ross

January 17, 2005 at 08:41 AM in email | Permalink | TrackBack (45) | Top of page | Blog Home

December 13, 2004

The finer points of e-mail etiquette

The finer points of e-mail etiquette | csmonitor.com

By Christa Case | Correspondent of The Christian Science Monitor
When Diane Darling's frustrated e-mail exchange with a co-worker in Australia was inadvertently passed on to a boss, she found herself in the CEO's office.

"He handed me a copy of my e-mail and said, 'I just want to know your thoughts on this,' " recalls Ms. Darling, who had critiqued her manager. "It's something you hope happens in your 20s. Heaven help you if you do that later in your career!"

Like Darling, who wasn't fired but left the company shortly afterward, many employees have learned the dos and don'ts of e-mail the hard way. Some workers get tripped up by e-mail etiquette, or "netiquette." Others fall into a black hole of inefficiency because of ineffective electronic communication habits.

With the volume of e-mail growing rapidly, good e-mail skills have become more important than ever, some workplace experts say. For example: 1 in 10 employees spends more than four hours a day handling electronic missives; nearly half spend at least two hours, according to a survey of 840 companies conducted this year by the American Management Association and the ePolicy Institute.

Junk e-mail contributes to the problem. But another more deeply rooted issue is ineffective communication practices. Employees' poor writing skills cost American corporations $3.1 billion annually in training costs, the National Commission on Writing estimated in a September report.

That's why companies - and individuals - are beginning to coach workers on how to use the medium effectively.

With upwards of 800 e-mails pinging her inbox daily, Sharon Clay would be overwhelmed if she didn't focus on efficient e-mail techniques with laserlike intensity.

"People should go through their e-mail in the morning like calisthenics," says Ms. Clay, an architecture manager at Nvidia Corp. While she offers one-on-one e-mail coaching, her Santa Clara, Calif., company, which makes graphics and digital-media chips for computers, has begun holding e-mail training classes for employees.

Clay suggests that workers go through their in-boxes methodically and thoroughly every morning, and more often if necessary. Being predictable in one's response time is an essential part of being a good communicator, she adds.

Here are strategies Clay and others employ to handle the electronic flood:

� Don't forget the phone. If your e-mail has more than three points or questions, you're probably better off calling or meeting someone, when you can tailor the discussion based on his or her answers.

� Create an alert system. Use color-coding, fonts, and styles to prioritize your inbox. These visual cues enable you to recognize and respond to critical e-mails quickly. Lower-priority items can be moved into folders to be dealt with later. Clay combs through most of these folders at least once a week..

� Remember your grammar. It's not just a courtesy; it ensures clear communication - and may determine your business success. Half of all companies surveyed by the National Commission on Writing took an employee's writing skills into account when making promotion decisions. So while it may save you time to leave out nouns and use cryptic abbreviations, don't do it. It can confuse co-workers. Also, use clear and concise subject lines.

� Watch whom you copy on e-mails. Make sure your recipients have the necessary context to understand an e-mail or exchange of e-mails. If not, write a quick summary or add some clarification. Taking these steps will also help when referencing archived e-mails.

The corollary is also important, as Darling found out when her e-mail got passed on to her employer: Don't send sensitive information to someone you can't trust to keep it confidential. E-mail "is an excellent technology," says Darling, now a networking consultant in Boston. "It's just so often misused."

Admittedly, all of this can be difficult to keep track of. Some companies have stepped in with software that analyzes employees' communication patterns and identifies when they're using e-mail unproductively, says Andrew Wolff, vice president of products at DYS Analytics in Wellesley, Mass., a software company.

More advanced software can also identify employees who violate company policies by using e-mail for personal reasons. Some 30 percent of total workplace e-mail is personal, according to some estimates.

Bottom line? E-mail guidelines should be written into company policy and enforced with software that can monitor e-mail and instant messaging records, says Anthony Sanchez, vice president of marketing at Waterford Technologies in Irvine, Calif. "Everybody's problems boil down to education, policy, and enforcement," he says. "We can't really change the people until there are policies that are going to be enforced."

December 13, 2004 at 07:32 PM in email | Permalink | TrackBack (21) | Top of page | Blog Home

September 01, 2004

More Sender ID Adoption Expected

ComputerWire Staff
Microsoft Corp (NASDAQ: MSFT - news) is expected to today announce more traction for the Sender ID email authentication specification. A handful of email and web hosting service providers are expected to announce they have adopted the forthcoming standard.

At a Sender ID Framework Implementation Summit in Microsoft's hometown of Redmond, more companies will say they will publish Sender ID information, and some will say they will enable their customers to do likewise.

Sender ID is a specification formed from the merger of Microsoft's Caller ID for Email and Pobox.com's Sender Policy Framework. The Internet Engineering Task Force is currently fast-tracking the spec on the standards path.

The spec asks that companies publish the IP addresses of their outgoing email servers in their publicly accessible domain name system records, so recipients can do a lookup to check that mail they receive does not have a spoofed sender address.

Go Daddy Software Inc, a large domain registrar and email service provider, will today announce that it has committed to publish its own Sender ID records by October "two months earlier than the requested January 2005 deadline".

It was not immediately clear who suggested such a deadline, and Go Daddy could not be reached for comment at press time. Microsoft has said that its email services, Hotmail and MSN, will start checking for Sender ID records in October.

Go Daddy also said it will offer a wizard to let the registrants of about six million domain names add Sender ID information to their own DNS records, regardless of what ISP they use to send emails.

September 1, 2004 at 01:06 AM in email | Permalink | TrackBack (127) | Top of page | Blog Home

August 18, 2004

Calif. Assembly Backs E-Mail Monitoring Disclosure

Yahoo! News - Calif. Assembly Backs E-Mail Monitoring Disclosure

Tue Aug 17, 7:46 PM
SAN FRANCISCO (Reuters) - California's Assembly on Tuesday voted to require the state's employers to inform their workers in writing if e-mail and other Internet activity is monitored at work.

If it becomes law, supporters said the bill would place the state at the forefront of protecting employee privacy online and may serve as a model for similar bills in other states.

Critics said it would burden employers and is unnecessary because employees already assume online activities at work are monitored. Business groups also opposed the bill because any violation of it would be considered a misdemeanor.

The legislation, sponsored by Debra Bowen, a Democrat from Redondo Beach, California, was modeled on a state regulation requiring employers to disclose whether they monitor employee telephone calls.

The Assembly, which is the lower house of the California legislature, passed the bill with a 42-30 vote.

The bill must go to the state Senate for a final vote, and it requires Gov. Arnold Schwarzenegger (news - web sites)'s signature to become law. A spokeswoman for Schwarzenegger's office said he had not taken a position on the bill.

Connecticut has a law similar to Bowen's bill, but it requires employers who electronically monitor employees to put a notice in a conspicuous place where workers may read it.

Minnesota considered, but did not pass, a law that would have required notice before employers monitor workers electronically.

Massachusetts is considering a bill to require employers who engage in any electronic monitoring to provide prior written notice to all employees, customers or consumers who may be affected.

August 18, 2004 at 03:11 PM in email | Permalink | TrackBack (15) | Top of page | Blog Home

July 07, 2004

You've Got Mail (and Court Says Others Can Read It)

The New York Times > Technology > You've Got Mail (and Court Says Others Can Read It)

By SAUL HANSELL

hen everything is working right, an e-mail message appears to zip instantaneously from the sender to the recipient's inbox. But in reality, most messages make several momentary stops as they are processed by various computers en route to their destination.

Those short stops may make no difference to the users, but they make an enormous difference to the privacy that e-mail is accorded under federal law.

Last week a federal appeals court in Boston ruled that federal wiretap laws do not apply to e-mail messages if they are stored, even for a millisecond, on the computers of the Internet providers that process them - meaning that it can be legal for the government or others to read such messages without a court order.

The ruling was a surprise to many people, because in 1986 Congress specifically amended the wiretap laws to incorporate new technologies like e-mail. Some argue that the ruling's implications could affect emerging applications like Internet-based phone calls and Gmail, Google's new e-mail service, which shows advertising based on the content of a subscriber's e-mail messages.

"The court has eviscerated the protections that Congress established back in the 1980's," said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a civil liberties group.

But other experts argue that the Boston case will have little practical effect. The outcry, said Stuart Baker, a privacy lawyer with Steptoe & Johnson in Washington, is "much ado about nothing."

Mr. Baker pointed out that even under the broadest interpretation of the law, Congress made it easier for prosecutors and lawyers in civil cases to read other people's e-mail messages than to listen to their phone calls. The wiretap law - which requires prosecutors to prove their need for a wiretap and forbids civil litigants from ever using them - applies to e-mail messages only when they are in transit.

But in a 1986 law, Congress created a second category, called stored communication, for messages that had been delivered to recipients' inboxes but not yet read. That law, the Stored Communications Act, grants significant protection to e-mail messages, but does not go as far as the wiretap law: it lets prosecutors have access to stored messages with a search warrant, while imposing stricter requirements on parties in civil suits.

Interestingly, messages that have been read but remain on the Internet provider's computer system have very little protection. Prosecutors can typically gain access to an opened e-mail message with a simple subpoena rather than a search warrant. Similarly, lawyers in civil cases, including divorces, can subpoena opened e-mail messages.

The case in Boston involved an online bookseller, now called Alibris. In 1998, the company offered e-mail accounts to book dealers and, hoping to gain market advantage, secretly copied messages they received from Amazon.com. In 1999, Alibris and one employee pleaded guilty to criminal wiretapping charges.

But a supervisor, Bradford C. Councilman, fought the charges, saying he did not know about the scheme. He also moved to have the case dismissed on the ground that the wiretapping law did not apply. He argued that because the messages had been on the hard drive of Alibris's computer while they were being processed for delivery, they counted as stored communication. The wiretap law bans a company from monitoring the communications of its customers, except in a few cases. But it does not ban a company from reading customers' stored communications.

"Congress recognized that any time you store communication, there is an inherent loss of privacy," said Mr. Councilman's lawyer, Andrew Good of Good & Cormier in Boston.

In 2003, a federal district court in Boston agreed with Mr. Councilman's interpretation of the wiretap law and dismissed the case. Last week, the First Circuit Court of Appeals, in a 2-to-1 decision, affirmed that decision.

Because most major Internet providers have explicit policies against reading their customers' e-mail messages, the ruling would seem to have little effect on most people.

But this year Google is testing a service called Gmail, which electronically scans the content of the e-mail messages its customers receive and then displays related ads. Privacy groups have argued that the service is intrusive, and some have claimed it violates wiretap laws. The Councilman decision, if it stands, could undercut that argument.

Federal prosecutors, who often argue that wiretap restrictions do not apply in government investigations, were in the somewhat surprising position of arguing that those same laws should apply to Mr. Councilman's conduct. A spokesman for the United States attorney's office in Boston said the department had not decided whether to appeal.

Mr. Baker said that another federal appeals court ruling, in San Francisco, is already making it hard for prosecutors to retrieve e-mail that has been read and remains on an Internet provider's system.

In that case, Theofel v. Farey-Jones, a small Internet provider responded to a subpoena by giving a lawyer copies of 339 e-mail messages received by two of its customers.

The customers claimed the subpoena was so broad it violated the wiretap and stored communication laws. A district court agreed the subpoenas were too broad, but ruled they were within the law. The plaintiffs appealed, and the Justice Department filed a friend of the court brief arguing that the Stored Communications Act should not apply.

In February, the appeals court ruled that e-mail stored on the computer server of an Internet provider is indeed covered by the Stored Communications Act, even after it has been read. The court noted that the act refers both to messages before they are delivered and to backup copies kept by the Internet provider. "An obvious purpose for storing a message on an I.S.P.'s server after delivery," the court wrote, " is to provide a second copy of the message in the event that the user needs to download it again - if, for example, the message is accidentally erased from the user's own computer."

Calling e-mail "stored communication" does not necessarily reduce privacy protections for most e-mail users. While the Councilman ruling would limit the applicability of wiretap laws to e-mail, it appears to apply to a very small number of potential cases. The Theofel decision, by contrast, by defining more e-mail as "stored communications," is restricting access to e-mail in a wide range of cases in the Ninth Circuit, and could have a far greater effect on privacy if courts in the rest of the country follow that ruling.

July 7, 2004 at 08:29 AM in email | Permalink | TrackBack (18) | Top of page | Blog Home

May 24, 2004

You've Got E-mail, but Will It Cost You a Job?

FOXNews.com - Foxlife - You've Got E-mail, but Will It Cost You a Job?

Monday, May 24, 2004
By Robin Wallace
"Babydoll," "Pryncess," "Pinkie" and "Angelgirl": These are all current, peppy, cute e-mail handles you might expect a teenager to have — but would you hire one of them?

Maybe if you were forming an all-girl pop band or planning a photo shoot for Lap Dancer Quarterly, but in corporate America? Maybe not so much. Yet, these oh-so-adorable names are just some of the silly, suggestive e-mail addresses employers have seen attached to resumes coming from job applicants with otherwise impressive credentials.

With an increasing reliance on technology to communicate, human resources professionals and employers say young job-hunters are stumbling into some major pitfalls by failing to realize what's cool � and what's not � when applying for work.

Pamela Holland, chief operating officer of Marjorie Brody Communications (search), a Philadelphia-based executive development and corporate training firm, was thinking about such un-savvy behavior when an applicant included his personal Web site on his resume. It didn't matter if the site displayed design and technical skill, Holland said � because she couldn�t get past the content.

�There were party pictures of him that didn�t convey him in a professional way," said Holland, who was stunned the applicant sent the site address to a potential employer. "It really called into question his judgment.�

Holland said she and her co-workers had a good laugh looking at the site � but the applicant didn�t get an interview.

�If someone puts a Web site on their resume, I�m going to look at it, but unless it is an example of their work, I�m going to say, �What a buffoon,�� said Holland.

Workers over 30 or so will remember the days when job seeking was a labor-intensive project of scouring newspaper want-ads, making the rounds of employment agencies and typing and mailing resumes and cover letters.

These days, technology has reduced the task of applying for work to little more than a few point and clicks. This also means the all-important first impression an employer gets of a potential employee is often an electronic one � and it's not always pretty, according to employment experts.

�It�s definitely on my radar whenever I present to a university � you have to have a professional e-mail address and a professional voice mail message," said career consultant Diane Darling.

Applicants should try to see themselves through the eyes of a possible employer, she said. What does your kooky e-mail address or prank voice mail message convey about you?

�It speaks to�how you present yourself in your job search,� said Rosemary Haefner, a senior career adviser with CareerBuilders.com (search).

While Haefner hasn't heard many complaints specifically about candidates' e-mail addresses, she said plenty of job seekers have had their chances torpedoed by inappropriate voice mail messages.

�Professionalism is the name of the game,� she said.

Experts say the big problem with e-mail is not just the wacky addresses, but the slang, jargon and sloppy spelling and grammar. You want the recipient to hire you, not LOL @ U.

�Never, ever would I recommend sending an informal e-mail as a cover letter. It�s one of the biggest mistakes people make,� Haefner said. �That needs to be a professional document and very well written."

The advances that revolutionized job-hunting in the 1990s corresponded with an economic boom that put workers in high demand. People snubbed their noses at many traditional protocols, and employers were forgiving. But now that the job market has contracted, employers no longer excuse lax standards.

"The vehicle for getting the information out has changed, but the rules are still the same," said Holland. "When jobs become tighter, standards become stiffer. There is a tremendous resurgence in traditional business [protocols]."

Thanks to technology, writers, photographers, graphic artists and other professionals can easily provide a sample of their work be creating Web sites that function as on-line portfolios. But as Holland's unfortunate applicant found out, a personal site can also backfire.

"Everyone is trying to find that leg up to stand out," Haefner said. "But the risk is that a lot of managers would see that as a negative."

Of course, every company has its own style. A hiring manager of a cutting edge tech firm may admire creativity that would likely be unwelcome on Wall Street.

"There's no way we'd ever consider hiring someone with a silly e-mail address," said a human resource manager at a major financial institution, who wished not to be identified.

The bottom line, experts say, is that job seeking is a sales game, and resumes, cover letters, e-mails, Web sites and voice mail messages are all part of the ad campaign applicants put out about themselves.

"People have to remember that they are a product," Holland said. "You are the most important product you will ever represent."

May 24, 2004 at 08:37 PM in email | Permalink | TrackBack (40) | Top of page | Blog Home

May 19, 2004

Yahoo Submits DomainKeys to IETF

ComputerWire Staff
Yahoo! Inc has published the specification for its DomainKeys email sender authentication system and has submitted it to the Internet Engineering Task Force for possible ratification as an internet standard.

The firm is also working on a reference implementation of the spec, which will be released under a royalty-free license as a plug-in for mail transfer agent (MTA) software. Yahoo will shortly carry out interoperability trials.

DomainKeys is a way of authenticating email senders, using public and private key pairs and the domain name system, to give email-handling software better information with which to make spam filtering decisions.

The idea is that organizations create their own key pair and publish the public key in their DNS records. Outgoing email, including the headers, would be signed with the private key, and recipients would be able to verify the signature by looking up the public key.

In this way, email filters could make security decisions knowing with a high degree of certainty that the sender is who they say they are. This could help protect against spam and viruses, both of which often spoof their From header.

The idea has been compared to Microsoft Corp's Caller ID For Email and the independent Sender Policy Framework project, but Yahoo anti-spam product manager Miles Libbey said there's no reason the three cannot interoperate.

"They do both share a common goal, to authenticate email senders," said Libbey. "But what Caller ID and SPF have come up with are more general policy frameworks. I see no reason why DomainKeys could not interoperate with them."

Libbey said that an SPF field could be set aside for DomainKeys policies, for example. SPF has already submitted its work to the IETF for possible ratification. Microsoft is still playing its Caller ID cards closer to its chest.

Sendmail Inc, a major MTA developer, is already committed to supporting DomainKeys. The company's CTO told ComputerWire recently that Sendmail will support any of these authentication specs that gains traction.

May 19, 2004 at 09:32 PM in email | Permalink | TrackBack (37) | Top of page | Blog Home

Yahoo Releases E-Mail Standard to Fight Spam

Yahoo! News - Yahoo Releases E-Mail Standard to Fight Spam

Tue May 18, 5:07 PM
By Andy Sullivan
WASHINGTON (Reuters) - Internet portal Yahoo Inc. (Nasdaq:YHOO - news) on Tuesday released an e-mail standard that prevents "spam" marketers from hiding unwanted messages behind legitimate e-mail addresses.

The technique, if widely adopted, could help Internet providers more easily block the unwanted bulk messages that currently account for up to two-thirds of all e-mail traffic.

Yahoo's proposed standard, known as DomainKeys, would embed outgoing messages with an encrypted digital signature matched to a signature on the server computer that sends the message.

Internet providers could check the signatures on incoming messages and block those that do not match up.

The procedure would be invisible to regular e-mail users because it would be implemented by e-mail providers, Yahoo said on a Web page describing the standard at (http://antispam.yahoo.com/domainkeys).

Internet providers deploy a barrage of filters to weed out spam and large providers like Time Warner Inc.'s (NYSE:TWX - news) America Online block up to 2.5 billion spam e-mails each day.

The technique could also block fraudulent "phishing" attacks, in which scam artists attempt to collect credit card numbers and other sensitive information by posing as companies like Citigroup (NYSE:C - news) and eBay Inc.(Nasdaq:EBAY - news), Yahoo said.

DomainKeys, first announced last December, is one of several attempts to help legitimate messages stand out from the flood of spam.

Microsoft Corp.'s (Nasdaq:MSFT - news) Hotmail and MSN services recently adopted a "whitelist" program by IronPort Systems Inc. that would allow legitimate marketers to put money up front if they wish to evade spam filters. Microsoft has also said it is working on another technique to verify e-mail.

Such techniques rely on widespread adoption for effectiveness. Yahoo said it had submitted DomainKeys to the Internet Engineering Task Force, a standards-setting body, and will allow developers to implement it for free.

Sendmail Inc. also has agreed to incorporate the technology into its e-mail software, Yahoo said.

A Yahoo spokeswoman was not immediately available for comment.

May 19, 2004 at 07:52 AM in email | Permalink | TrackBack (17) | Top of page | Blog Home

April 01, 2004

Google Gets the Message, Launches Gmail

Google Press Center: Press Release

User Complaint About Existing Services Leads Google to Create Search-Based Webmail

Search is Number Two Online Activity – Email is Number One; "Heck, Yeah," Say Google Founders

MOUNTAIN VIEW, Calif. - April 1, 2004 UTC - Amidst rampant media speculation, Google Inc. today announced it is testing a preview release of Gmail – a free search-based webmail service with a storage capacity of up to eight billion bits of information, the equivalent of 500,000 pages of email. Per user.

The inspiration for Gmail came from a Google user complaining about the poor quality of existing email services, recalled Larry Page, Google co-founder and president, Products. "She kvetched about spending all her time filing messages or trying to find them," Page said. "And when she's not doing that, she has to delete email like crazy to stay under the obligatory four megabyte limit. So she asked, 'Can't you people fix this?'"

The idea that there could be a better way to handle email caught the attention of a Google engineer who thought it might be a good "20 percent time" project. (Google requires engineers to spend a day a week on projects that interest them, unrelated to their day jobs). Millions of M&Ms later, Gmail was born.

"If a Google user has a problem with email, well, so do we," said Google co-founder and president of technology, Sergey Brin. "And while developing Gmail was a bit more complicated than we anticipated, we're pleased to be able to offer it to the user who asked for it."

Added Page, "Gmail solves all of my communication needs. It's fast and easy and has all the storage I need. And I can use it from anywhere. I love it!"

Today, a handful of users will begin testing the preview version of Gmail. Unlike other free webmail services, Gmail is built on the idea that users should never have to file or delete a message, or struggle to find an email they've sent or received. Key features of Gmail include:

* Search: Built on Google search technology, Gmail enables people to quickly search every email they've ever sent or received. Using keywords or advanced search features, Gmail users can find what they need, when they need it.

* Storage: Google believes people should be able to hold onto their mail forever. That's why Gmail comes with 1,000 megabytes (1 gigabyte) of free storage – more than 100 times what most other free webmail services offer.

* Speed: Gmail makes using email faster and more efficient by eliminating the need to file messages into folders, and by automatically organizing individual emails into meaningful "conversations" that show messages in the context of all the replies sent in response to them. And it turns annoying spam e-mail messages into the equivalent of canned meat.

According to Page and Brin, Google will make the preview test version of Gmail available to a small number of email aficionados. With luck, Gmail will prove popular to them – and to the original user who sparked the idea.

Those interested in learning more about Gmail can visit http://gmail.google.com.

About Google Inc.
Google's innovative search technologies connect millions of people around the world with information every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major global markets. Google's targeted advertising program, which is the largest and fastest growing in the industry, provides businesses of all sizes with measurable results, while enhancing the overall web experience for users. Google is headquartered in Silicon Valley with offices throughout North America, Europe, and Asia. For more information, visit www.google.com.

###

Google is a trademark of Google Inc. All other company and product names
may be trademarks of the respective companies with which they are associated.

April 1, 2004 at 11:58 AM in email | Permalink | TrackBack (11) | Top of page | Blog Home

February 21, 2004

Financial Services Customers Warmed by E-mail

By Zachary Rodgers | December 8, 2003

Internet users who have opted in to receive regular e-mail from a business derive more satisfaction from the relationship than those who do not, according to a consumer poll from e-mail firm Bigfoot Interactive.
Bigfoot reported 94 percent of Web users receiving account services e-mail from a credit card issuer express overall satisfaction with the company, compared to 89 percent of general respondents. The poll was the first in a series of polls Bigfoot plans to conduct to look at e-mail and the consumer experience in several industry verticals.

The financial services poll also found 78 percent of consumers who opted in to receive e-mail from a credit card issuer were likely to recommend the issuer to others, compared with 69 percent of general respondents. And they were 25 percent more likely to buy additional products from the company.

Findings from the study, which was conducted by NOP World Research, are based on a poll of 483 adults with Internet access at home and 282 adults who indicated they personally own a credit card. Users polled receive service messaging, marketing communications and newsletters.

While the poll results make clear the recipients of financial services-related e-mail demonstrate greater loyalty than non-recipients, it's not clear whether that loyalty is driven by e-mail. It is also possible these customers opted in for e-mail communications because of a pre-existing satisfaction with their financial institution.

Bigfoot CEO Al DiGuido said even in cases where consumer satisfaction pre-dates the e-mail relationship, the channel deepens loyalty and brand interaction.

"If I build a relationship based on trust and then begin to suggest other services and up-selling opportunities to consumers, and they say yes, that suggests not only that they're loyal, but also interested and active with the brand," said DiGuido.

The poll also found that many users are concerned about the growing issue of false positives � e-mail caught erroneously in spam filters.

Four-in-ten respondents who receive e-mail expressed concern that e-mail from their credit card issuer is being caught in spam filters, and 47 percent said they would consider switching their ISP or e-mail service provider if they do not receive critical e-mail communications from their primary credit card issuer.

DiGuido said the study highlights "the need for ISPs and e-mail service providers to ensure delivery of such highly-regarded and anticipated messaging."

February 21, 2004 at 11:24 PM in email | Permalink | TrackBack (31) | Top of page | Blog Home

February 16, 2004

FTC Warns of No-Spam Registry

FTC Warns of No-Spam Registry (TechNews.com)

By Leslie Walker
Sunday, February 15, 2004; Page F07
The Federal Trade Commission is warning people not to fall for a Web site claiming to offer an e-mail version of the federal do-not-call registry. The "Do Not Email Registry" invites folks to submit their e-mail addresses to stop getting junk e-mail. Trouble is, the site has no affiliation with the government, despite what its Web address (www.unsub.us) might suggest.
That ".us" domain was once mainly the province of local governments and schools, but it now can be used by any business or individual in the United States.

The FTC (www.ftc.gov) issued a press release Thursday saying the site appears to be a scam that could be collecting e-mail addresses on behalf of spammers.

Responding quickly, the Registry site on Friday added a disclaimer across its home page: "THIS WEB SITE IS PRIVATELY OWNED AND OPERATED." It also posted an "about us" page saying the site serves "legitimate direct marketers" who want to make sure their mailings don't go to spam opponents.

In a phone interview Friday, the owner, who requested anonymity, said he created the service at his own expense and is offering it for free to direct marketers. In the few weeks it has been up, the site has collected more than 300,000 e-mail addresses, he said. That list is made available to bulk mailers in an encrypted form that lets them check for any overlap with their own mailing lists without seeing the actual addresses.

While saying the FTC's action shocked him, the owner said he has no plans to back down from offering his "do-not-spam" service.

Teaching a Computer System How to Reason

Google may provide a good imitation of a human brain today, but the race is far from over to create smarter computers. Microsoft co-founder Paul Allen announced Thursday he is funding the second phase of an ambitious effort to create a "Digital Aristotle" -- a computer system that can reason and analyze like humans.

Allen's investment company, Vulcan Inc., first developed this program last year in a six-month pilot called "Project Halo"; on Thursday, Vulcan announced it had hired three teams of industrial and academic researchers to compete to make Digital Aristotle brighter.

One first measure of success will be how many questions the computer program can correctly answer from Advanced Placement exams in chemistry, physics and biology. In tests last year, Digital Aristotle scored 3 out a possible 5 on those tests -- on par with the average student's results, said Noah Friedland, the computer scientist managing the project.

The project's goal, however, is not just to build a database of scientific knowledge that can answer test questions, but to create a computer that can reason about all these facts.

"Once upon a time there was a man named Aristotle, and he knew all the science in the world. You could walk up to him and ask him any scientific question and he could answer it, whether it was about physics, chemistry or biology," said Friedland. "The problem today is there is so much knowledge out there, it's impossible to have a human Aristotle."

Friedland declined to say how much money Vulcan is spending on Digital Aristotle. Participating researchers include scientists at Carnegie Mellon University, the University of Texas at Austin and the University of Southern California.

www.projecthalo.com

E-mail Leslie Walker at walkerl@washpost.com.

February 16, 2004 at 10:52 PM in email | Permalink | TrackBack (22) | Top of page | Blog Home

February 13, 2004

An e-mail evolution

The Globe and Mail

Most of us have mastered basic e-mail etiquette at work.
We don't, for example, use all-capitals for typing or add exclamation points to underscore our original position. Our workplace e-mails usually have subject lines and we are forwarding fewer chain mail and joke messages.

Thanks to spam and viruses, we're also much more aware of the challenges of e-mail management. We're deleting non-essential messages faster and filing the keepers in separate folders to keep our inboxes more manageable.

Now it's time to move on and hone our e-mail skills. Here are some tips to help:

Use descriptive subject lines: The subject line announces the core nature of your message and helps to keep your writing focused. You benefit from taking advantage of some advanced planning in crafting your message.

The receiver is better able to prioritize and select your message at a time of day appropriate for them. For example, if you want to set up a meeting with someone don't just insert the word "Meeting" in the subject line, as this is too ambiguous and forces the reader to open your message. Use a more specific approach such as "Can we meet this week?" to make your intentions very clear and permit the reader to select your message with advance knowledge of its content.

As an added benefit, descriptive subject lines help us sort legitimate messages from the virus and spam varieties.

State your purpose first: As with the subject line, this is another area that requires greater attention. In our time-starved workplaces every minute counts, especially when it comes to dealing with high e-mail volumes. By stating at the start of the e-mail what you expect the receiver to do with your message, you reduce the time it takes the recipient to figure out what you expect, so your message is certain to receive greater attention. Examples of stated expectations and receiver actions are information requests, decisions, approvals, advice, feedback or "sent for your information." Tell your readers up front what you want.

Reread messages before sending: This may seem like a less-efficient method to deal with e-mails, but it pays many dividends. Rereading your message before sending serves two purposes: First, it allows you to check the tone and content of the message from the reader's perspective, that is, is it clear and concise? Is it formatted for easy reading? And second, spellcheckers cannot discern mistyped words such as feel versus fell, you versus your or seat versus sat or set. We value clean, error-free messages more than the speed we use to send them.

Keep your inbox clean: Using electronic folders is a very efficient way to store messages. It is also an important strategy for e-mail time management, allowing us to reserve our inboxes for dealing with current items. Too often our inboxes are cluttered with old messages. We know we should be dispensing with them but time or technique preclude us from doing so. A fat inbox is like an overstuffed cupboard - neither are a pleasure to open andboth make us feel guilty.

Are you afraid you'll be filing your messages into a vortex, where you won't be able to locate them or remember enough of the details to source the contents months later? The best way to retrieve with confidence is to file in a similar manner -- either change the message's subject line or add your own key words to the existing one prior to filing it.

With most software packages, all you need to do is resave the changed message and it's ready for the electronic stacks.

Be wary of attachments: The proliferation of cleverly disguised virus messages has meant that you should never open an unsolicited attachment. Viruses are not spread through the message itself, so your system cannot be harmed if you open an e-mail and realize you're dealing with something suspicious. It's the next step you take that is most critical. Always default to deleting the message -- never launch an attached file, no matter how colourful, how interesting, or how intriguing it is, unless you are absolutely certain of its provenance and its contents. There should be a new adage for attachments: Curiosity killed the computer.

Avoid controversial content: We're all supposed to know this one by now, but it bears repeating. One of the more difficult situations faced with workplace e-mail is establishing what constitutes appropriate content. Whether it's an outpouring of dissatisfaction or an e-mail meant to be kept private, you put yourself at considerable risk when you use electronic communication.

In the first instance, putting e-mail ahead of what should have been a conversation tends to worsen the situation. The receiver, who in these cases is usually in authority, wonders why the message was sent in the first place -- it really weakens the sender's negotiating position. In the second instance, thanks to the ease of forwarding, your e-mail can end up in the strangest places imaginable. Disparaging remarks and office in-jokes, those juicy e-mails, often travel around offices and countries like boomerangs, eventually making their way back to the original sender, usually creating embarrassment and dismay. The best way to control message content is to never take what you put on the e-mail system lightly.

Insert the receiver's address last: This prevents you from accidentally launching an incomplete, incorrect or unedited message. This is an especially good idea when wrestling with a controversial e-mail, but it is a good habit to develop for all electronic messaging. It's easy to do when creating a new message.

When dealing with a reply, simply cut the receiver's address out of the TO: line and paste it back in after rereading the final message (or paste it in the body of the e-mail if you need to use your mouse for other functions in between). Learning to consider the receiver's address as the icing on the e-mail cake, not the starting point, will guarantee accident-free messaging and save potential discomfort.

The goal is to be efficient and productive in using your e-mail systems. And it's worth the effort.

First, you are more confident that your messages are well-crafted and properly conceived; you save time in creation and save our readers' time with easily understood messages. Second, sending better messages can become infectious and you'll soon begin receiving equally succinct, relevant ones in return, saving you time in handling your inbox. So, take control and begin your own e-mail evolution.

Christina Cavanagh is a professor at the University of Western Ontario's Richard Ivey School of Business and author of Managing Your E-mail: Thinking Outside the Inbox.

February 13, 2004 at 01:48 PM in email | Permalink | TrackBack (158) | Top of page | Blog Home

January 17, 2004

Google Developing Ad Service for E-Mail -Sources

Looks like Google will come out with a competitor to Hotmail, which will also address some spam issues, but will have sponsored ads.

Yahoo! News - Google Developing Ad Service for E-Mail -Sources

By Lisa Baertlein
SAN FRANCISCO (Reuters) - Google Inc., which dominates the market for Web search, is developing a service that could dramatically extend the reach of its lucrative keyword-based advertising by linking such ads to e-mail, people familiar with the matter said on Friday.

Privately held Google, which is expected to go public later this year, faces rising competition in its core search business from e-mail providers including Yahoo Inc. (Nasdaq:YHOO - news) and MSN, Microsoft Corp.'s (Nasdaq:MSFT - news) Internet unit.

Adding an e-mail service would provide a potential boost to Google as its technology lead in the search market seems destined to narrow and it prepares to answer to growth-hungry shareholders, analysts said.

The Mountain View, California, company, which has recently made several e-mail related acquisitions, is working on a way to serve advertising to an e-mail at the moment it is opened, people close to the company said.

"I'm sure Google is getting more and more concerned about locking in users. It wouldn't surprise me if they did something very sophisticated with e-mail," said Danny Sullivan, editor of SearchEngineWatch.com, who tracks the industry.

By moving into e-mail -- the Web's most-used program -- Google would open up a huge new market for its lucrative "sponsored links" advertising business that delivers ads tied to keywords in Web searches or on content pages, analysts said.

Offering its own branded e-mail -- whether for free or with enhanced services like spam filtering -- would also enable Google to tie users more closely to its search site and to steal customers from rivals, they said.

In an e-mail response to questions from Reuters, spokesman David Krane said, "Google has a number of projects in the works to test monetization in various scenarios.

"In fact, Google's AdSense contextual ads are already used in a number of e-mail newsletters," he said.

GOING PORTAL?

Google has for years said it would not turn its site into a full-service Internet portal like Yahoo or MSN. However, since it opened in 1998, Google has added portal-style discussion groups and is testing a comparison shopping site called Froogle, as well as a news site.

Google late last year purchased rival Sprinks, which had technology to deliver ads to e-mail as the messages were opened. Such real-time ad serving is important because it keeps ads fresh and insures that Google will not be giving away free ads or delivering ads nobody will see, industry participants said.

Kanoodle, a small privately held search company, in the coming weeks will roll out its own e-mail advertising product as part of its deal with CBS MarketWatch.com, Lance Podell, Kanoodle's president of search and content, told Reuters.

Under that deal, "sponsored link" ads will be served to MarketWatch's opt-in subscriber e-mails, including newsletters.

Google already knows how to deliver its sponsored link ads -- which are in the form of Web links and appear on the perimeter of Web pages -- to e-mail newsletters and content sites.

Furthermore, Google last year purchased an e-mail management software maker and in 2001 registered the domain name googlemail.com.

Some in Silicon Valley also believe Google could be preparing to launch free e-mail to compete with offerings from Yahoo and MSN's Hotmail.

"If they were to go the e-mail route they'd have to provide an offering that competes with free (e-mail). Anti-spam is one form of strong differentiation," said Jim Pitkow, chief executive of Moreover Technologies, whose personalized search company Outride was acquired by Google in 2001. (Additional reporting by Reed Stevenson in Seattle)

January 17, 2004 at 10:39 AM in email | Permalink | Top of page | Blog Home

January 15, 2004

Survey: Net Campaign Tactics Can Turn Off Young

I never ceases to amaze me that todays internet marketers, still don't get it that you CANNOT use traditional marketing approaches for online; email is a "traditional" marketing method - the corollary to direct mail, so marketers continue to fall on it, rather than immerse themselves in blogs, RSS feeds and approaches which address consumers stated need for privacy, "opt-in" and an experience tailored to their needs.
Yahoo! News - Survey: Net Campaign Tactics Can Turn Off Young

WASHINGTON (Reuters) - Political candidates looking to attract Net-savvy young voters should avoid burying them in a blizzard of e-mail and instead concentrate on chatrooms and "Web logs," according to a survey released on Thursday.

The Internet can be a powerful tool for organizing young people but can just as easily alienate them as well, two nonprofit groups found.

Presidential candidates have used the Internet since at least 1996 to augment traditional media campaigns. Democratic candidate Howard Dean (news - web sites), in particular, has used it to build a base of younger supporters this season.

But a slick Web site and a blizzard of e-mails will not automatically lure young people to a campaign, according to the survey of 1,000 15- to 25-year-olds.

Online communication techniques such as sending text messages to cell phones and buying "banner ads" on Web sites, were more likely to alienate young people rather than win them over, the survey found. E-mail updates and "get out the vote" messages were likely to turn off young people as well.

Other approaches, such as online chatrooms to answer questions, issue-specific e-mail messages and "Web logs" with information about the campaign were more likely to attract attention, the survey found.

"The Internet can be an important tool for getting young people politically engaged, but it's not a silver bullet," said David Skaggs, executive director for the Center for Democracy and Citizenship, which sponsored the survey with the Center for Information and Research on Civic Learning and Engagement.

The survey was conducted from Nov. 17 to 24 last year.

January 15, 2004 at 06:02 PM in Politics, email | Permalink | Top of page | Blog Home

December 26, 2003

Microsoft aims to make spammers pay

BBC NEWS | Technology | Microsoft aims to make spammers pay

A unique approach to fight spam.

The basic idea is to make a sender to pay for e-mail, but the payment is not made in the currency of money, but in the memory and the computer power required to work out cryptographic puzzles.

Microsoft aims to make spammers pay
By Jo Twist
BBC News Online technology reporter

Despite efforts to stem the billions of spam e-mails flooding inboxes, unwanted messages are still turning e-mail into a quagmire of misery.

Spammers send out tens of millions of e-mails to unsuspecting computer users every day, employing a myriad of methods to ensure their pills, loans and "requests for our lord" pleas fox e-mail filters. Some are even turning to prose and poetry to fool the technological safeguards people put in place.

But a group of researchers at Microsoft think they may have come up with a solution that could, at least, slow down and deter the spammers. The development has been called the Penny Black project, because it works on the idea that revolutionised the British postage system in the 1830s - that senders of mail should have to pay for it, not whoever is on the receiving end.

Stamp of approval

"The basic idea is that we are trying to shift the equation to make it possible and necessary for a sender to 'pay' for e-mail," explained Ted Wobber of the Microsoft Research group (MSR).

The payment is not made in the currency of money, but in the memory and the computer power required to work out cryptographic puzzles. "For any piece of e-mail I send, it will take a small amount computing power of about 10 to 20 seconds."

For this scheme to work, it would want to be something all mail agents would want to do

Ted Wobber, MSR
"If I don't know you, I have to prove to you that I have spent a little bit of time in resources to send you that e-mail.
"When you see that proof, you treat that message with more priority."

Once senders have proved they have solved the required "puzzle", they can be added to a "safe list" of senders. It means the spammer's machine is slowed down, but legitimate e-mailers do not notice any delays.

Mr Wobber and his group calculated that if there are 80,000 seconds in a day, a computational "price" of a 10-second levy would mean spammers would only be able to send about 8,000 messages a day, at most.

"Spammers are sending tens of millions of e-mails, so if they had to do that with all the messages, they would have to invest heavily in machines." As a result of this extra investment, spamming would become less profitable because costs would skyrocket in order to send as many e-mails.

All this clever puzzle-solving is done without the recipient of the e-mail being affected.

Bogging them down

The idea was originally formulated to use CPU memory cycles by team member Cynthia Dwork in 1992. But they soon realised it was better to use memory latency - the time it takes for the computer's processor to get information from its memory chip - than CPU power.

That way, it does not matter how old or new a computer is because the system does not rely on processor chip speeds, which can improve at rapid rates.
A cryptographic puzzle that is simple enough not to bog down the processor too much, but that requires information to be accessed from memory, levels the difference between older and newer computers.

It all sounds like a good idea, said Paul Wood, chief analyst at e-mail security firm MessageLabs. "One of the fundamental problems with spam is that it costs nothing to send, but has associated costs for the recipient which include loss of bandwidth, problems with usage, and lost productivity," he said.

"Microsoft's idea is to shift this cost burden from the recipient to the sender, which in itself seems like a reasonable sentiment." But, he said, for such a scheme to be all-encompassing, there would have to be some provision for open standards, so that it is not proprietary to Microsoft.

Work for all

MSR is in talks with various people to put the system into a useful anti-spam product. It could easily be built into e-mail software like Outlook, e-mail servers or web browsers, said Mr Wobber.

"For this scheme to work, it would want to be something all mail agents would want to do," explained Mr Wobber.

And because it is the receiver who sets the puzzle requirement, spammers will not have any advantage by using non-Microsoft products. It is certainly not going to stop all spam for good, admitted Mr Wobber.

"I don't think any one spam scheme is a panacea, we have to use a wide variety of schemes to be successful in stopping spam." "Spam is probably going to get worse before it gets better, and I really hope it does not get to a point that it deters people using e-mail."

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/3324883.stm

Published: 2003/12/26 03:29:14 GMT

� BBC MMIII

December 26, 2003 at 09:17 AM in Microsoft, Spam, email | Permalink | Top of page | Blog Home

December 18, 2003

Forest Service shifts e-mail plan

Yahoo! News - Forest Service shifts e-mail plan

By Paul Rogers , Mercury News

In a victory for groups that use the Internet to lobby the government, the U.S. Forest Service has decided to drop a proposal to ignore mass e-mails from people commenting on its pending rules and regulations.

The Mercury News first reported in April that the agency (news - web sites), which manages 190 million acres of public land nationwide, was considering blocking bulk e-mails and pre-printed postcards from the public on the grounds that they provided little meaningful comment on decisions about logging, grazing, forest fires and other issues.

But organizations from the American Cancer Society (news - web sites) to the National Wildlife Federation protested, saying the government would be shutting the public out of decision-making.

Wednesday, the Forest Service said it got the message.

"We didn't have any intention of cutting the public out. We want to have responsible government," said Heidi Valetkevitch, a communications specialist with the Forest Service in Washington, D.C. (news - web sites) "And we didn't want people to think we don't care what they say."

The decision not to ignore form e-mails and postcards means that other federal agencies that had been considering similar actions are now less likely to do so.

High-tech civil liberties groups, along with liberal and conservative organizations, hailed the news.

"What they are calling `form letters' is the best and easiest way for people who have busy lives and cannot afford their own personal lawyers and lobbyists to still have their voices heard," said Cindy Cohn, legal director for the Electronic Frontier Foundation, a digital civil liberties group in San Francisco.

Since the 1990s, hundreds of groups, including the Sierra Club (news - web sites), the National Rifle Association and the AARP, have used bundled e-mail and their Web sites to lobby Congress and federal agencies.

In most cases, interested people simply go to a group's Web site, type their names on a form letter and hit a button to send an electronic letter to Washington, D.C.

The Forest Service tried to stem the flow a year ago.

It crafted a proposal to ban "substantially similar" comments from portions of its rule-making process.

The issue received little notice at first because it was tucked into a 48-page item in the Dec. 6, 2002, Federal Register -- part of a wider proposal by the Bush administration to eliminate rules dating to the 1970s that require the government to write regular environmental-impact studies on national forests.

Environmentalists mounted an unprecedented e-mail campaign three years ago when the Clinton administration proposed rules to ban new logging roads on 58 million acres of national forests.

Now, as they try to keep the Bush administration from rolling back those rules, environmentalists regularly note that the Forest Service received 2.5 million comments on the policy, with more than 95 percent in support. They don't advertise that the vast majority were their identical e-mails and preprinted postcards.

Any show of interest by the public in the government is a good thing, they argue.

"The Forest Service finds it difficult to get masses of Americans to e-mail their support for creating stump fields out of national forests," said Niel Lawrence, a senior attorney with the Natural Resources Defense Council, in Olympia, Wash. "So they have a natural bias against e-mail comments."

Conservative groups said the issue isn't about ideology.

"When they say we are getting bombarded and the response on a particular issue is overwhelming, that is a reflection of real passion from a lot of people," said Ian Walters, communications director for the American Conservative Union, which sends out 120,000 e-mail messages a year to Congress and federal agencies advocating lower taxes and fewer gun laws.

December 18, 2003 at 12:00 PM in email | Permalink | Top of page | Blog Home

November 10, 2003

Yahoo! News - E-Mail, Net Abuse Increases in UK Workplace--Study

Email and internet access continues to cause companies new employee managment issues.

Story

November 10, 2003 at 07:43 PM in email | Permalink | Top of page | Blog Home

September 19, 2003

Deluged Telecoms Boss Bans Staff E-Mails

Yahoo! News - Deluged Telecoms Boss Bans Staff E-Mails

Rather interesting response to a productivity problem by eliminating staff to staff email, which I presume were personal in nature.

LONDON (Reuters) - The owner of one of Britain's biggest mobile phone chains has declared war on e-mail, banning staff from sending electronic missives to co-workers in a move he says will save the company millions of pounds each year.
"We have e-mail paralysis," John Caudwell, the owner of the high street retailer Phones4U, told Reuters on Friday. "If you have a cancer you have to cut it out. That's what I've done."
Caudwell, who described himself as a slow typer who has yet to send an e-mail on his own, introduced the measure this week because staff were spending too much time with internal e-mails rather than dealing with customers.
He calculated three hours per day off e-mail multiplied by the number of staff affected by the ban (600-700) multiplied by the average employee wage will translate to monthly savings of 1 million pounds ($1.63 million).
"The policy came from me. The staff was initially slightly shocked that I should make such a revolutionary move," he said.

September 19, 2003 at 08:58 PM in email | Permalink | Top of page | Blog Home

July 2009
Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31