Filed Under (Editorial, Reviews & Opinions) by David Wiles on 07-08-2017

As if the recent ransomware scares and cleverly disguised phishing scams weren’t enough to keep you up at night, password breaches continue to make news.

Although “online safety” feels more and more like an oxymoron these days, there are still steps you can take to protect yourself when breaches like this occur. It all starts with getting rid of those overly used, poorly designed passwords you know are terrible but you use anyway.

The most secure password in the world is useless if a hacker steals it, but the real problem comes if it is the same password you use for every single log-in.

In other words, it’s essential that you employ a different password everywhere you conduct online affairs.

The well-known data breach repository “Have I Been Pwned”, has recently released a database of over 306 million passwords contained in multiple data breaches.

Previously I used the “Have I Been Pwned” website, by entering my work email address to check if one of my accounts had been compromised by hackers in a data breach.

I was shocked to find out that two of my online accounts, one with Adobe and another with vBulletin, had been compromised by a data breach. My username, passwords and other personal information had been obtained and made publically available by hacker groups.


Last week, the process for checking the safety of your passwords was given a helping hand by the creator of the Have I Been Pwned site:

A dedicated Passwords page  has been added to the website, allowing users to check a password against a database of 306 million passwords.

The passwords contained in the list were compromised in various data breaches, making them accessible to hackers and other attackers.

While you may be tempted to enter your current passwords into the Have I Been Pwned website, you should never enter current active passwords into any third-party service.

The Passwords page allows you to compare potential new passwords against the database of compromised keys to determine their security. I found it very useful, giving me the peace-of-mind that my current method of creating passwords was relatively safe – for now!


These days, it seems we have to hand out our cellphone number like sweets at a kids party. Whether it be required for signing up for a new account, entering into a raffle, returning a purchase at a retail store, or registering for a discount, your phone number seems to be like a “skeleton key” for opening up all manners of doors.

Does giving out your cellphone number put you at risk of identity theft?

The answer is both “Yes” and “No”.

Yes, oversharing or giving out your number too frequently can lead to more scam calls, texts or unwanted solicitors. These days, our cellphone numbers are being used increasingly by information brokers to gain access to personal information that’s kept by nearly all corporations, financial institutions, and social media networks.

If someone you had just met asked you for your ID number, you would likely not give it to them. What if the same person asked you for your cell phone number? My guess is that you would readily tell them the ten-digit number, with no questions asked.

No, identity thieves cannot open new lines of credit, apply for benefits or make large purchases with your cellphone number.

However, the real threat is with the device itself.

Your cell phone number – which is unique to you – is the doorway to your identity. It provides an entrance to all the data contained on your phone, and can link your other information to you – your email address, physical address, bank account number etc. If your smartphone falls into the wrong hands and isn’t protected, a thief could access your email account and change all of your account log-ins, get into your Facebook and post malicious links, access your two-factor authentication, or even drain money from your mobile wallet.

What can you do about it?

  1. Safeguard your mobile device: Make sure it has a passcode and is set to lock quickly. You’ll also want to have a phone finder app installed so that if it is lost or stolen you can either find it, or worst case, remotely erase all of your data.
  2. Use common sense: If you’re asked for your phone number, ask why. In general, don’t give it out to people you don’t know see if you can leave it blank on online forms – even if that means it may take a few seconds more to identify you the next time you make a purchase.
  3. Enable two-factor or multi-factor authentication on all your devices: This is what happens every time you go to an ATM: to make a withdrawal you need both your debit card and a PIN number. That’s two-factor authentication, which increases the level of security on your devices.
  4. Sign up for the “do not call” lists, which are helpful for run-of-the-mill solicitations. While hackers don’t subscribe to such lists, you won’t get as many pesky marketing calls.
  5. Get more than one cell phone, and only gives out the number to the phone that contains no data or links to personal information.
  6. Choose which private data you are willing to share: When asked for your cell number, especially at a retailer, you may be able provide an email address, zip code or just your name as a way to identify you. It’s worth asking about.

All of this takes more time and effort, but ask yourself ow much privacy and security are you willing to trade away for a little more convenience?


According to International Business Times, a new study finds more than 80% of Americans reuse their passwords, and many others continue to use inadequate security practices when it comes to the passwords they use to protect their accounts.

The security provider SecureAuth and research firm  Wakefield Research found that not only do people use the same password more than once, they also use the same login credentials for at least 25 percent of their accounts.

While most millennials are more tech savvy and open to new and more secure forms of authentication like biometrics, their password practices are worse than the general population. A whopping 92% of millennials admitted they reuse passwords, compared to 81% of Americans overall.

Even more troubling, more than one in three people – 36% – reported they use the same password for 25 percent or more of their online accounts.

Despite the rampant reuse of passwords – a major security weakness – most Americans are very concerned about the possibility of their account information being stolen. 69% said they were more worried about their online information being stolen than their wallet.

Many Americans have already experienced such a breach of an online account. 35% of people surveyed said they have had an online account hacked – including 50% of millennials.

Of those people who have fallen victim of a hack, 91% reported the account breach carried severe repercussions for them. The biggest issue for those who have been hacked include spam messages (42%), account lockouts and money stolen (38%) or an unauthorized purchase being made from their account (28%).

About one in five people—19%—who had an account hacked reported having personal information stolen, including Social Security numbers, date of birth, photos, tax records and other sensitive personal files.

Despite identity-based detection techniques such as geo-location, device recognition, and phone number fraud prevention, the practice of reusing passwords puts users at increased risk in the case of a data breach. Once passwords are stolen from one site or service—an occurrence that happens regularly—a malicious actor could use that same password to gain access to another account belonging to the same user.

Given the number of massive database breaches, including those from sites like LinkedIn or Yahoo that included millions of users, it is relatively easy for an attacker to cross reference an account and use the stolen credentials to attempt to break into another account.

Additional security protocols like using two-factor or multifactor authentication or using a password manager to generate more secure, unique passwords can provide some additional protection from these types of attacks.

Don’t think for a moment that this survey is only relevant to Americans, in an article recently tweeted by Stellenbosch University’s Information Technology, South Africa has the third highest number of cybercrime victims worldwide and lose in excess of R2.2bn to internet fraud and phishing attacks annually. South Africans are just as bad as the Americans with their poor password practices!

Filed Under (Editorial, Reviews & Opinions, Uncategorized) by David Wiles on 14-04-2013

wordpress-under-attack-cropSince 12 April 2013, the WordPress blog system world-wide is facing its most serious coordinated brute force attack. Some WordPress hosts have reported that they have blocked as many as 60 million requests against their hosted WordPress customers in a single hour.

This attack, which targets administrative accounts, appear to be coming from a sophisticated botnet that may have as many as 100,000 computers, based on the number of unique Internet addresses the attacks are coming from.

…And Internet security experts have estimating that the botnet has the power to test as many as 2 billion passwords in an hour.

WordPress users should always make sure that their passwords, especially for admin accounts, are long and not guessable from a password list. Of course, that’s good advice for just about any password you use, but it’s especially applicable right now.

While it’s difficult to tell what the aggressor is trying to accomplish with this current round of password cracking, the consequences could be disastrous. It has been suggested that the perpetrator could be trying to upgrade a botnet composed of ordinary PCs into one that is made up of servers.

Last year, a brute force attack against Joomla sites created a server-grade botnet, created with a tool called Brobot, that overwhelmed US financial institutions with DDoS attacks.

One risk is that personal bloggers that set up WordPress installations might not have thought to set up a highly secure password. However, it’s not just the blogger’s posts that are at stake, as the attacker could potentially use the login to gain access to the hosting server, a more valuable prize that could cause even more damage.

This botnet is going around all of the WordPress blogs it can find trying to login with the “admin” username and a bunch of common passwords.

If you still use “admin” as a username on your blog, change it, use a strong password, and better still change the name of the admin account to something else, which will certain block the botnet attack.

I personally run 7 WordPress blogs, excluding this GERGABlog, and a year or so ago, after a attack crippled 3 of the sites, I removed the default “Admin” account and had set very strong passwords on all of them.

On Friday evening I installed a small plugin, recommended by my hosting company, which blocks an Internet address from making further attempts after a specified limit of retries is reached. I set the plugin to log all Internet Addesses that had been locked out, and after barely 30 minutes, 3 of my 7 blogs had logged more than 5 Internet addresses that has tried to attack my blog and had been locked out. I could see that the attack was underway and was very glad that my paranoia had paid off!

Filed Under (e-Learning, Reviews & Opinions) by David Wiles on 02-03-2012

Moodle and Blackboard are both popular online LMS solution (Learning Management System) with which the Faculty of Health Sciences can develop complete online courses that can include multimedia content.

How do the two compare to each other and what are the benefits unique to each course delivery system?  Let’s explore some of these benefits of  Moodle and Blackboard.

Firstly let’s clear the deck and note what Moodle and Blackboard are.

Moodle is an Open Source Learning Management System that is provided freely and can be run on many operating systems. According to the Moodle website it is “free to download, change, share, improve, and customize to whatever you want it to be,”. Therefore, any lecturer can use it to build or supplement a course.

Blackboard on the other hand is a proprietary Learning Management System and its use is typically limited to institutions like the university which pay a sizeable fee each year to take on a license agreement for its use. Each and every student at the university pays a small amount every year for the licencing.

Moodle’s is definitely the gawky teenager here. It is constantly in a state of development and improvement, there’s no waiting for the company to fix a bug or impove the program. Being “open source” each and every user has a unique opportunity to contribute to the development of the product.

The new features of Moodle mostly centre around increased usability, these include: easier navigation, improved user profiles, community hub publishing and downloading, a new interface for messaging, and a feature that allows teachers to check student work for plagiarism. Text formats will also allow plug-ins for embedded photos and videos in text (but Blackboard allows for this too).

A major improvement over previous releases is that anyone can set up a community hub, which is a public or private directory of courses. Another notable feature is that Moodle now allows teachers to search all public community hubs and download courses to use as templates for building their own courses. Also, teachers can now see when a student completes a certain activity or task and can also see reports on a student’s progress in a course.

Many small scale open source platforms require that users support the product themselves, getting their “hands dirty” tweaking and improving the hard way – of course using the open source community as their primary resource. However Moodle has an advantage, it has become so popular that a small industry has evolved around it, providing a wide range of support and services. Two of the most popular support and hosting services are  Moodlerooms and Remote-Learner.

Blackboard Learn is Blackboard’s newest and most innovative upgrade to its Blackboard Learn package.

Improvements in its uses for higher education include course wikis (Moodle improved theirs as well), blogs and journals that stimulate conversation and reflection on a course, and group tools that make group collaboration and communication easier than the previous version. Its most notable feature is its Web 2.0 interface, which makes it easy for educators to navigate when adding content to an online course and for students to navigate when accessing course content.

Blackboard Learn now incorporates Blackboard Connect (of course at an additional cost), which alerts students to deadlines, due dates and academic priorities within a course. The new release also allows educators to more easily incorporate videos and photos directly into text for a more complete learning experience.  Finally, Blackboard features Blackboard Mobile Learn (also at an additional cost – and why am I not surprised), which lets students connect to their online courses using various handheld devices, such as the iPhone or iPad.

So, what are the biggest differences?

Features & Functions: Both of these tools have a lot of different functionality available, either natively, or through add-on types of functionality. If different functions are going to be the deciding factor in selecting one of these versus the other, you will really need to drill in and compare and decide for yourselves which features and functions will make the difference for the Faculty.

Cost: This is clearly different. As an open source product, Moodle is simply less expensive. Blackboard is sort of the “Rolls Royce” of today’s LMS, and there are users of the product who would tell you that if you want the best LMS money can buy, you should make the financial commitment to Blackboard. On the other hand, if you want a premier product for a much lower cost, Moodle is really the way to go. Another thing to be aware of is that Blackboard builds substantial annual increases into their pricing model, since they are continually procuring and integration additional products into their offerings, with the intent of adding value for their users.

Product/vendor model: As indicated above, Moodle and Blackboard are very different products with very different vendor models. One is open source, and there are many support and service vendors to choose from, while the other is proprietary and there is just the one company to work with. How that impacts your decision is up to you and your institution to determine.

Filed Under (Reviews & Opinions) by David Wiles on 20-10-2011

If you were born after 1960 or so you will realise how frightengly rapid technology is progressing and changing. In the first half of the 2000s, retailers were buzzing about the wonders of MP3 players and netbooks, but by the end of the decade, those products had largely been replaced by smartphones and tablets.

We will all have to face the facts – some of the gadgets you may currently rely on will disappear or made obsolete by the end of this decade in 2020, no longer be produced for a mass-market audience.

In this largely speculative article we ask the question: Which popular products today will join the likes of VCRs, cassette players and transistor radios disappearing from the shelves and our lives forever? (except perhaps in an antique collection)

Standalone GPS Systems

The days of spending R1500 or more on a standalone GPS device won’t last much longer, analysts say. “Portable navigation devices like those sold by TomTom and Garmin will probably not be sold in 2020, just because mobile phones will have taken on that function themselves and because GPS systems will be standard equipment in cars,” says Charles S. Golvin, an analyst at Forrester, a market research firm. So here won’t be much of a need to buy a product whose only function is to tell you directions. If there is a demand for these GPS systems, it will likely come from a very specific segment of consumers, like mountaineers climbing Mount Everest or long-distance truckers or the military, but for the vast majority of consumers, standalone GPS systems will be irrelevant and redundant.


The e-reader has already undergone significant changes in its short history, evolving from a product with a keyboard to one with a touchscreen and more recently being integrated into a kind of a tablet-hybrid, but according to Golvin, the market for e-readers will mostly disappear by the end of the decade. “The tablet will largely supplant the e-reader in the same way that the iPod increasingly gets displaced by smartphones,” Golvin says. “Tablets will take on the e-reader function of handling magazine, newspaper and book reading.” In essence, spending money on an e-reader that can only handle reading when tablets can do this and more will come to seem as useless as buying a GPS system that can only look up directions when other technology does this as well. Just how small the e-reader market becomes may depend somewhat on advancements in display technology. One of the biggest incentives for consumers to buy a pure e-reader is to have an e-ink display (like reading from a book) rather than a backlit display (like reading from a computer screen), but according to Golvin, manufacturers are already working on ways to merge the two reading experiences and create a tablet that doubles as an authentic e-reader. Even then, there may be still be some e-readers on the market at the beginning of next decade, but not many. “It could be that by 2020 you can still buy a super cheap e-reader for R160, but by and large, the volume of sales will be so close to zero as to be indistinguishable, like CD players are now,” he says.

Feature Phones

A feature phone is a mobile phone that, like smartphones, combines the functions of a personal digital assistant (PDA) and a mobile phone. Today’s models typically also serve as portable media players and camera phones with touchscreen, GPS navigation, Wi-Fi and mobile broadband access.

Several of the products that are likely to be phased out will ultimately be the victim of advances to smartphones, and none more directly than feature phones. Tim Bajarin, a technology columnist and principle analyst with Creative Strategies, predicts that 80% of all phones sold in 2015 will be smartphones and every phone sold in 2018 will be a smartphone. This rapid decline will come about thanks to a drop in prices for consumers and an increase in revenue opportunities for carriers. “Even today, the money that is made is not on the phone itself but on the services,” Bajarin says, noting that carriers will opt to “fade out” their feature phone option in favor of smartphones with more services.

Low-End Digital Cameras

When Apple unveiled the iPhone 4S, smartphone competitors probably weren’t the only ones beginning to sweat. Digital camera makers also have much to be worried about. Apple’s newest phone has a killer 8-megapixel camera that takes in more light and records video at 1080p HD video. Until recently, those kind of specs were unique to digital cameras, but increasingly smartphones are taking over the market. “Flip cameras went bye-bye and now low-end camera functions are being taken over by smartphones,” says Rob Enderle, principle analyst for the Enderle Group. Going forward, consumers will have less incentive to carry around a camera when they already have a phone in their pocket that takes quality pictures. “The point-and-shooters – and particularly the cameras that sell for under R1500 – will eventually go away and be replaced by cellphones that do the same thing.” On the other hand, Enderle predicts more expensive and high-tech cameras may have a brighter future, though not by much, as a smaller market of photo enthusiasts seek out professional-quality cameras that go above and beyond what’s offered on a phone.

DVD Players

DVD players are in the process of being phased out now by Blu-ray players and will likely be erased from the consumer landscape by the end of the decade. “The DVD player should be replaced by digital delivery,” says Ian Olgeirson, a senior analyst at SNL Kagan, who points to streaming movie services like Netflix as being the future. “Blu-rays and whatever the next generation high-end movie format emerges could prolong the lifespan because of challenges around streaming, but eventually the disc is going to be phased out.” The idea of placing a disc into a DVD player to watch a movie will eventually seem as outdated as placing a record on a turntable.

Recordable CDs and DVDs

Using CDs and DVDs to view and store content will soon be a thing of the past. “CDs are clearly not going to make it over the next 10 years because everything will shift over to pure digital distribution, so all those shiny discs will be gone,” Bajarin says. This will be due in part to more streaming options for music and movies and a greater reliance on digital downloads, combined with more efficient storage options for consumers, including USB drives, external hard drives and of course the cloud. “All a CD is is a medium for distribution of content … and within 10 years, you won’t need a physical transport medium,” Bajarin says.

Video Game Consoles

Popular video game systems such as the Wii, PlayStation and Xbox may still be in homes next decade, but they will look much different. Rather than buy a separate console, Enderle expects that consumers will instead buy smart televisions with a gaming system built into it, not to mention tablets and smartphones that will continue to ramp up their gaming options. “It looks like analog game systems won’t make it until the end of the decade,” Enderle says. “You are already seeing the Wii have a tough time holding on to the market and PlayStation has been struggling for a while.” The gaming systems that will succeed in the future will be those that manage to move away from being focused solely on video games and more on other entertainment options such as movies, evolving from a traditional game console into more of a set-top box.

By Seth Fiegerman, MainStreet

Filed Under (Editorial, Reviews & Opinions) by David Wiles on 07-10-2011

Steve Jobs – CEO and co-founder of Apple – who passed away on 5th October – hasn’t even been buried yet and already there are numerous scams using his name and company to extort information and money.

As an example, the site, attempts to collect e-mail addresses for a supposed lottery with a 1-in-15 chance to win a Macbook. And it links to an online store selling Apple products as way to pay tribute to Jobs, by buying Apple products.

Conveniently for the site, this link also contains affiliate advertising info that brings revenue for any purchases made though the link.

It is probably needless to say that people should avoid, which was already registered on September 20th. The vultures have been circling around for quite a while.

Criminals have gotten pretty good at making fake Web sites (for PayPal, eBay, Facebook, etc.) look like the real thing. But what they can’t fake quite as easily is the location of the Web server that’s hosting their fraudulent site. You might be looking at a perfect replica of, say, Bank of America, but if the site is hosted in Uzbekistan, it’s a good bet you shouldn’t input your password.

Flagfox for Firefox makes this kind of detective work simple: it determines the Web server’s physical location and pastes the corresponding country’s flag at the end of the address bar. Clever!

If you’re wondering how it works, Flagfox bases its flag choice on the actual location of the server you’re connected to, rather than just the nationality of the domain name–which may be different.

After installing the plug-in and restarting Firefox, just head to any site and you’ll see the flag at the right end of the address bar. If you click the flag, you’ll get a new tab containing detailed geographic information about the site.

If you right-click the flag, Flagfox pops up a list of other handy tools, including Whois, SiteAdvisor, Web of Trust, and URL-shortener Head to the settings (via Tools, Add-ons) for the plug-in and you’ll find a dozen or so other options you can add to the list.

This is a great little addition to Firefox, one that combines convenience with added security. What’s not to like?

By Rick Broida, PCWorld

So you have gone out and purchased a computer (or a laptop)! Congratulations! It probably cost you a pretty penny and exhausted your bank balance for years to come, and when you start it up, you realise that although you might have a computer, you have no software for it apart from the basic operating system. (like Windows 7) How do you type a document, or create a spreadsheet to manage your budget, or you need to protect your computer against viruses. What can you do when your budget is tight?

Working for the university does has its advantages. You can get this software for really low prices but the licencing terms of that software mean that when you leave the university, you no longer “own” that software. Secondly only you as personnel or a student have the right to get cheap software. Members of your family who are not university students or personnel are excluded!

I did a quick survey of a basic word processing program like Microsoft Word (part of the Microsoft Office suite) and a decent anti-virus software that will protect your computer against viruses and clean up existing infections:

  • Microsoft Office 2010 (Home & Student version – which is as basic as you can get) costs between R550 and R750 retail.
  • An anti-virus program (usually called a security suite) like Norton, McAfee or BitDefender will cost you between R400 and R700 annually (you have to buy an annual subscription so you can download the latest virus definitions to protect your computer)

So you have to fork out between R900 and R1400 for the absolute basic software that you require…Ouch!

But there is a solution – open source or freeware software.

“Open Source” software  refers to any program whose source code is made available for use or modification as users or other developers see fit. Open source software is usually developed as a public collaboration and made freely available. Freeware is software you can download, pass around, and distribute without any initial payment.

Instead of buying Microsoft Office, you might consider downloading and installing LibreOffice.

LibreOffice is the free power-packed Open Source personal productivity suite for Windows, Macintosh and Linux computers, that give you six applications for all your document production and data processing needs: a word processor, a spreadsheet creator, a presentation creator, a vector based drawing program, an equation editor and a database creator. What is more is that it is 100% compatible with Microsoft Office files and can both read and write files that will work and display on computers with LibreOffice…

Cost: R0.00!

Instead of buying an anti-virus program like Norton AV or McAfee, download either the Avira or Avast! free versions of anti-virus software. Both Avira and Avast! are complete anti-virus and anti-spyware solutions for Windows PCs, and they not only protect you from unknown online threats, they also scan your PC to get rid of the junk that’s already there.

Avira and Avast! perform scheduled scans, and provide real-time protection against viruses coming from email, web browsing, instant messaging and peer-to-peer file sharing. Their web shields keeps suspicious websites from loading, and  I like Avast’s “sandbox” that lets you isolate programs and keep them from changing anything on your computer.

Cost R0.00!

That is a good start for now. I will post some more articles on some pretty useful “free” software later on!

Filed Under (Reviews & Opinions) by David Wiles on 02-12-2010

1: There are only 200-300 hardcore spammers worldwide.

They account for the overwhelming majority of junk e-mail. This idea is a staple of mainstream media. But I’ve never encountered anyone able to source this stat—and I’ve asked. DMA head Bob Wientzen cites it often. On a recent panel discussion, he was asked where the figure came from. He replied just that week he’d “talked with the FBI.” This neither answers the question nor addresses the fact he and others have bandied the figure about for years.

My guess is the assertion had its genesis in the ROKSO list of known spam operations. These are spammers who have been booted from ISPs three times or more. Although the list doubtless includes plenty of nasty characters, ROKSO’s methodology hasn’t changed in years. Meanwhile, spammers’ techniques are increasingly sophisticated and elusive. If the figure isn’t wholly untrue, it’s certainly unproven.

2: Most spam comes from outside the U.S.

Maybe it does, maybe it doesn’t. So what? Where spam comes from is of significantly less interest than where it originates. Europeans claim most spam is American. Americans point to Asia, Eastern Europe, and Latin America. It’s reminiscent of Germans dubbing a certain malady “the French disease,” while the French called it “the English disease.” Speaking of English—as long as it’s the broadly spoken international language and the lingua franca of large, wealthy nations, rest assured English-language spam will proliferate, wherever it comes from.

3. Spam legislation can end the problem.

No, it won’t (see no. 2, above). But a federal law can help lay a foundation of rhyme, reason, and consistency. International cooperation will help even more. New technology is also essential. There really is no silver bullet.

4. The definition of spam is…

Congress hasn’t enacted federal spam legislation, in part because a definition hasn’t been reached. Anti-spam absolutists will tell you spam is e-mail from anyone unknown to the recipient (even a friend of a friend). The Direct Marketing Association (DMA) has defined spam as “only porn and scams, sent fraudulently.” (This definition makes a federal law superfluous; these are already covered by legislation.)

Spam will be defined. And redefined. The Supreme Court hasn’t been able to nail the definition of “obscenity” for the past 50 years. As Justice Stewart so infamously said, “I know it when I see it.”

5. Legitimate marketers don’t spam.

Oh, yes they do. This is true only for those whose definition of spam is the egocentric “e-mail sent by others, not by us.” Former ClickZ contributor Nick Usborne coined the term “white-collar spam” in a recent New York Times interview to describe the phenomenon.

Like Mafia capos, white-collar spammers tend to engage henchmen (list outfits, renegade affiliates) to do the dirty work. White-collar spam is why the awful new California law takes pains to indemnify advertisers, not just senders. As Sen. Murray said, “We’re going after Disney, and we’re going after Viagra [Pfizer].” Current and former “legitimate” spammers (many are DMA members) include Kraft Foods, Palm, AT&T, and countless major banks and lenders.

6. Opt-in is a sufficient spam deterrent.

No, it isn’t. Opt-in can cover marketers’ and publishers’ rear ends under state spam laws if they can produce records of opt-in date, time, and IP address. Soon, some clever attorney will think this through to the next step. Anyone who knows your address can opt you in to a single opt-in mailing list (happens to us at ClickZ all the time). Black Hat developers write bots that can opt you in again and again—ad infinitum, literally. One day, someone will prove in a court of law she couldn’t possibly have opted in on a particular date and time from a Fargo, ND, IP address. Double confirmed opt-in is the way to go.

7. Never opt out.

The public’s heard this so often, they accept it as gospel. A recent Bigfoot Interactive study found 58 percent of respondents believe unsubscribing from unwanted e-mail actually results in more unwanted e-mail. Bad as the spam problem is, sometimes good judgment and common sense can prevail. Educated (not just alarmed) consumers are less inclined to report as spammers known and trusted senders just to get off their lists.

(Ed. This is a very debatable and reckless point, and my experience – not what I have been told – tells me that using the opt-out options in most “automated spam” is a one-way trip to futility. If you report legitimate lists as spam just because you are too lazy to “opt-out”, the risk of this having an effect on the “poor” list will be minimal compared to a world-wide spam bot network getting hold of your “opt-out” details for further abuse, is higher!)

8. Microsoft is committed to helping end the spam epidemic.

Its executives are certainly committed to saying they are. These days, Bill Gates is front and center: testifying before the Senate; penning a Wall Street Journal editorial; putting millions up in bounty for spammer arrests; building a Web page for consumers; and forming an Anti-Spam Technology & Strategy Group, “fighting spam from all angles—technology, enforcement, education, legislation and industry self-regulation.”

When I meet members of that group, I always ask the same question. Every version of the Windows OS that shipped prior to XP’s release last year is configured—by default—as an open relay. Millions have been upgraded to broadband. Ergo, most PCs on planet Earth emit a siren call to spammers: “Use me! Abuse me!” Why won’t Microsoft tell its millions of registered customers how to close the open relay?

I usually get a stunned, rather slack-jawed reaction to the query, but never an answer. Yet their boss told the Senate to “capture all bad actors involved in sending unlawful spam, including those who knowingly assist in the transmission of unlawful spam.”

9. A do-not-e-mail database will stop you from getting spam.

Bovine Faecal Excrement!. Do-not-call works because relative to e-mail addresses, there are very few phone numbers (most belong to families and businesses, not to individuals). And every phone number is tied to a name and address. The average Web user has three e-mail addresses, not necessarily tied to any personal identification. These can be acquired and discarded as casually as Kleenex. Many services promote “disposable” e-mail addresses. Once shucked, there’s nothing to stop an address from being used by someone else. As the Federal Trade Commission will tell you, there’s no way this can work under present circumstances. E-mail isn’t the telephone.

10. Spam can take down the whole Internet.

No, say the experts at the Internet Engineering Task Force. But spam can take down your business or ISP. A hacker can cripple a network with an e-mail-distributed DoS attack—or a worm or virus. Servers overload or crash. Networks clog with traffic. Spam doesn’t “break” the Internet, but it can make it seem that way.

by Rebecca Lieb