http://mysite.verizon.net/frautsch/e-mail_request.html
http://www.bfndevelopment.com/cgi-bin/home/Members/fMail/Contacts/134/
I
respectfully
request...
In 2003 I lost my
e-mail address to the spammers. Since them I have
increased my activism in defending my digital identity against theft
and my e-mailbox against the flood of SPAM.
I respectfully request that you refrain from sending me certain types
of
e-mail and or adding me to any list:
- Please do not send me anything
you
did not write entirely yourself and just to me:
- Please do not send content you have sent, or will send, to others.
- Please do not forward
material written by others in your messages to me.
- Please do not paste
other's material into messages
you send to me.
- Please do not attach files
written by others in your messages to me.
- Please do not attach files
unless we agree beforehand.
In other words please send me what only you wrote only for me.
- Please do not add me
to any electronic list or give my e-mail address to others:
- Please do not To: me
in a message to others.
- Please do not CC: me
in a message to others.
- Please do not BCC:
me in a message to others.
- Please do not add me to any distribution list.
- Please do not sign me up for your newsletter.
- Please do not add me to your Listserv, eGroup, or mailing list.
- Please do not give my e-mail address to any corporation, organization
or individual.
- Please do not provide my e-mail address to anyone without my
permission.
My e-mail address is mine alone to give out. If it's important
enough for you to want to provide it to another, then it's important
enough to contact me first!
I am very much
interested to hear what you
have to say to me. What you write to me alone I welcome. Grouping my e-mail
address with others, or forwarding what others have written is what I
do not want from you or from
anyone. I realize that the vast majority of this is well intended and
even valuable. Yet, because of the security and identity theft
potential of others' casual use of my e-mail address, I prefer to go
without these benefits due to the risks that go with them. If it's that
important for you to communicate something to me, then it's worth an
individual message written in your own words. Otherwise, please leave
me out. Save yourself the trouble of adding me to your lists. I'll
forgo forwarded content and e-mail lists for the risks they bring to my
digital identity and to my computers.
I am making
these requests to deter identity theft and to protect my
e-mail address from SPAM or other unsolicited commercial bulk e-mails.
The reason for
(1.) is that spammers and thieves can search for the content
of e-mail messages as they travel the Internet or on the computers of
each recipient - they can do this much more efficiently if
they know what to
search for.
If your forward
something to me, it may be, for lack of a better word "popular". The
more popular, the greater the chance it's on the spammer's search
lists. (Nothing prevents spammers from spreading messages designed to be
popular, including various hoaxes. Indeed, these hoaxes are one way
spammers compete with one another to be the first to harvest fresh
e-mail addresses.) If they find that content in their
search, then they find the message containing it. Once they have the
message, they also harvest all of the
e-mail addresses you have attached to it. You have - in effect, though
not intent - vouched to the spammer that these addresses are
syntactically valid and attended by a human - exactly what the thief is
looking for.
The reason for
(2.) is that lists are what spammers search for. They
can harvest many names with the effort to search for one message. Lists
make it too easy for everyone on the list to have everyone else's
e-mail
address deposited on their hard drives. Once this happens, it takes
only
one person on the
list to be sloppy with their security and the entire
list
goes to the spammer. In effect, the security of the entire list now
depends on the member with the least knowledge
of basic security, the least up-to-date
antivirus software, the least up-to-date
security patches and the least up-to-date spyware
prevention. The more
people you add to a list, the greater the chance that someone on that
list will suffer a security breech. Lists offer a tremendous force
multiplier
effect to spammers,
which is why they target them. Further, the larger the list, the
greater the chance that
someone on the list will use it for their own agenda.
This is a wicked problem.
One need look no further that my requests to uncover some of the
inherent contradictions; I am sending everyone a
request that they send original content written only to me.
(This is only one reason why I have refrained from using a signature
file as a vehicle for making these requests for years.) Further, the
enemy is adaptive. Once the social uptake on these and similar
practices has a noticeable effect the harvesting of fresh e-mail
addresses, they will change their tactics, perhaps even attacking this
strategy, much as spyware writers now seek to destroy competing spyware
on the Windows platform by adopting spyware fighting techniques from
legitimate efforts.
Please
note
that I am not asking you to solve this difficult problem for me. Please
do not implement a fix and then circumvent my requests. Please
continue to honor them. More importantly, none
of us can solve this alone. The problem exists
in the connections between us and with the small number of people and
organizations who exploit these for gains that are often small measured
against the damage they do to others. This is a community problem and
it requires a community solution. I think that we must begin with the
recognition that we are all our brothers' and sisters' keepers. More
than ever in the digital age, much of who we are rests outside us - in
the community, just as copies of our e-mail address, the cornerstone of
our digital identity, rest on the hard drives of those with whom we
share a connection. The digital identity of another is not to be
treated casually, just as one would not treat the reputation of another casually. In
both cases there is potential to cause enormous damage; recovery is
often arduous.
My unorganized public working notes (not yet a paper) on these issues
are here.
I'll leave you
with these thoughts.
- What can I do to be a model in my community for respecting the
digital identity of others?
- What requests can I make that will assist others in
protecting their digital identities?
- What requests can I make that will assist others in
raising their awareness of responsible stewardship of their own digital
identities?
- What service or resource can I provide in my community that will
assist others in raising their awareness of responsible stewardship?
- What practices can I invent, adapt, adopt or alter that will
improve the
stewardship of my digital identity?
- What requests can I make that will assist them in their
role in protecting my digital identity?
- How can I make these requests in a way that elicits empowerment,
rather than
invalidation, confusion, fear or anger?
Thank you,
Mark Frautschi
DISCLAIMER: Nothing in this
note is news to spammers. It is intended to
illustrate, in broad terms, only two from an ensemble of scenarios
through which the social use of mass forwarding of e-mails may be
exploited by spammers. It is not a technical recipe. No new tools are
being provided to spammers. Further, "security through obscurity", i.e.
"let's not talk about this" in the hopes that adversaries will not
think of it themselves and that it will therefore "just go away" - has
never been shown to be an effective basis for a security policy.
Indeed, just the opposite: openly and cooperatively sharing
information, for example the detection of new viruses in the wild,
security vulnerabilities and exploits, has been shown to be highly
effective. Any references to persons, organizations, web pages, etc.,
made here are for reference purposes only and do not confer any
statement of suitability or other endorsement. To protect your own
systems, identity and privacy, as well as that of your friends and
associates, I recommend that you consult professional sources and
exercise common sense.
http://www.eff.org//Privacy/eff_privacy_top_12.html
ABSOLUTELY NO PERMISSION IS GRANTED TO
COPY, EDIT OR FORWARD THIS
DOCUMENT IN WHOLE OR IN PART. With the author's written
permission,
brief passages may be quoted for journalistic and academic purposes,
according to the doctrine of fair use.
FORWARDING OF THIS MATERIAL USING
E-MAIL OR OTHER DISTRIBUTION MECHANISMS IS STRICTLY PROHIBITED.
This prohibition is intended to prevent this document, in whole or in
part, from becoming the basis for the social collection of e-mail
addresses by spammers encouraging its dissemination, using techniques
similar or different from those described in its body. If after reading
this document, you have a desire to forward it to others, please
consider that you may have utterly missed its major points.
IF YOU HAVE BEEN FORWARDED THIS MESSAGE,
inform the forwarder (not this author) that it has been sent
illegitimately and against the express instructions of its author and
in all likelihood has been exploited by spammers for harvesting e-mail
addresses or by hoaxers pretending the same.
PERMISSION IS GRANTED to link
to this
site's URL.
I answer questions and welcome corrections and other improvements and
feedback from friends, clients, associates, information technology
professionals, journalists, academics, etc., however I do not in
general dispense free computer advice and consultation to the public.
This
is simply a matter of economic necessity and time management discipline.
Copyright 2005 by Mark A. Frautschi