| LED Digest 1908: Challenge-Response for Business Email? |
|
|
|
================================================== The LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" pair Networks: The LED's Web Host Hosting and Domain Reg. from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam,led-digest.com http://www.led-digest.com ............................................... December 14, 2004 Issue #1908 ............................................... .....IN THIS DIGEST..... ==== CONTINUING ================= --== The Challenge-Response Approach ==-- ~ Brian Risman "I have not found any loss of business when using challenge-response." ~ Ken Evoy "[Challenge-response] is a good idea and okay at very low levels. But it scales badly..." ~ Dan Thies "There is absolutely no way that I would put something like this in place for my business email." --== Norton's Ad Blocking ==-- ~ Linda Buquet "I am glad the media is putting a spotlight on this issue, FINALLY." --== The PayPal vs Merchant Accounts Debate ==-- ~ Martha Retallick "Moral of my story: It pays to take 'plastic'." ~ R. Neilson "If you can set up a merchant account the savings on rates can be substantial if you have volume." ==== BILLBOARD =================== --== Theft of Copywritten Material ==-- ~ Kenny Lau ~ Shari Thurow --== Browser Wars ==-- ~ Tom Aman ===== CONTINUING ================================= From: Brian Risman Subject: Challenge response > The only way to block spam 100% is to > use a challenge-response system - Scott Wang, LED 1906 > I'd love to hear from other business owners about > whether they think this type of [challenge-response] > email system makes sense. - Kathryn Martyn, LED 1907 I have not found any loss of business when using challenge-response. Nor have I had any complaints. Clients understand about spam and automated mailing systems. I have dealt with many corporate websites that use a form of challenge-response (e.g. entering a text string). I am used to it now -- and it seems so are others, including my clients. As for someone spamming with your ID, if you put your ID in the reject file of the challenge-response, then there should be no problem; or, review the messages with your own ID if you really think you sent the note to yourself. And you can pre-approve newsletters such as this one to avoid any need for challenge-response. Challenge-response has reduced my spam load from 300+ a day to zero. Literally zero. That's freedom to run my own business again, and no time wasted as before. Of course, I have no doubt that an entrepreneurial spammer will find a way around challenge-response. It is an ongoing battle... Regards, Brian Risman The Law Journal UK http://www.thelawjournal.co.uk brian.risman, thelawjournal.co.uk ------- new post - same topic ------- From: Ken Evoy Subject: Challenge response Kathryn Martyn asked if challenge-response made sense and John Barendrecht replied... > Terrific - now every time some spammer fakes my email address > as the FROM, Scott's challenge-response system spams me 200 > times per day asking me if I am a human. No spammer uses his > own email address as from or return. Please get a real spam filter > rather than adding to the spam problem. I'd disagree, partly. John... SPF yourself and folks won't forge your address. We did that the last time a major spam ring nearly destroyed us. We've actually put up a piece about how to protect yourself against all kinds of nasty anti-spam issues that can bite you when you do NOT deserve it... http://deliver-my-mail.sitesell.com Anyway, forgeries are now a thing of the past. SPF is discussed at... http://deliver-my-mail.sitesell.com./deliver-my-mail-3.html As for challenge-response ("C-R"), the very fact that "No spammer uses his own email address as from or return" is what actually makes challenge-response so attractive -- only humans would reply to it and in fact, they do. But John also rightly points out that a problem with C-R is that it REPLIES to spam. Think this through -- if some spammer (or saboteur) bangs us, sitesell.com, thousands of times from fake hotmail addresses and if we REPLY to those e-mails, how long do you think it would take for Hotmail consider us as an irresponsible sender of mail. If you answered, "not long"... RIGHT! :-) The correct way to do C-R is at an SMTP level and only within a larger anti-spam program that manages ALL the issues. We are about to do that with a new module for Site Build It! called "Spam 'n Virus Blast It!" but we CAN do that because of the nature of our SBI! Web hosting product -- everything in SBI! is integrated by a single database. So I'll restrict the rest of this purely to C-R... If you do C-R at an SMTP level instead of the way they do it now, you never actually ACCEPT the e-mail, so you do not reply to it. Therefore, you are not causing a problem by sending more mail. Instead, you are essentially telling the sending mail server, "sorry, you're sending us junk and we don't want it -- give it back to your customer who sent this" -- AND you CAN add a custom message (only "hotmail" won't publish it, but at least they will know that the mail that was sent was THEIR "fault," not yours). Now, I don't know about you, but when I send e-mail and I get a bounce-back, I check to see what it says. If I saw a message to do something to prove I was a human sender ONCE, I'd do it. (What I really HATE is the way those services SPAM me with their confirmation message, but that is yet another story. Ugh. But, like I said, this should not be first-line defence for a small business, for many reasons. I agree with John there. But I would not blanket-condemn C-R. It's a good idea and OK at a very low levels. But it scales badly, and the way it is done now merely increases the load of bad mail floating around. C-R should be done at an SMTP level -- just refuse the junk until a human proves he sent it. Together with a well-rounded program, this "last resort" (which is how we'll use it), can make good sense. Hope this made some sense, too. :-) All the best, Ken Evoy, President SiteSell.com http://searchit.sitesell.com/ ------- new post - same topic ------- From: Dan Thies Subject: Challenge response Challenge-response is nutty enough for individuals, but at least understandable. There is absolutely no way that I would put something like this in place for my business email. The amount of time it takes to simply delete the spam that makes it through will never be worth losing a potential customer, or worse failing to provide service to an existing client. We receive between 700-1500 email messages per day. With less than 50 mail filtering rules (most of these are just patterns for the most common spams we receive) in MS Outlook, perhaps 100-200 emails actually land in anyone's inbox. Of those, perhaps 20-30 are spam, and with very few exceptions can be deleted by the recipient in less than 1 second simply by reading the subject line. Those that we can't identify as spam from the subject line (perhaps 2-3) add an extra 10-15 seconds per day to our workload, because the nature of the message is immediately apparent from Outlook's preview pane. Dan Thies SEO Research Labs http://www.seoresearchlabs.com ------- new post - new topic ------- From: Linda Buquet Subject: Norton's Ad Blocking > Imagine my surprise when suddenly several medium size > graphics were missing from two different unrelated pages... - Lanell Grant, LED 1905 > It sounds to me like the ad-blocking setting in Norton's > firewall. It identifies any images of certain common sizes > as ads, and removes them -- whether they are ads or not! - Veronica Yuill, LED 1904 The way that Norton Internet Security blocks site content and strips source code from sites that is not even ad related is in-excusable. I was interviewed for an article that was just published by Internet.com about Norton blocking links, banners and revenue. My biggest contention is that ad blocking should not be ON by default, especially since the software is not being marketed as an ad blocker - Norton Internet Security is for "security". Pop-ups are one thing, but unobtrusive text links and site logos are not "threats" to anyone! Here is the article which focuses on the impact Norton is having on affiliate and e-commerce sales from Internet.com's Small Business Computing Magazine: "Affiliate MarketersBlocking Software Is Killing Us" http://www.smallbusinesscomputing.com/emarketing... I am glad the media is putting a spotlight on this issue, FINALLY. I have been trying to spread the word about the issue for months. A friend that's an editor at About.com also wrote an article regarding this as well. This is the original article with lots of information, examples and potential solutions that may help prevent site content from being blocked. http://www.5staraffiliateprograms.com/norton-blocks-revenue.html Hope this helps and best of luck! Linda Buquet, Affiliate Management Consultant 5staraffiliateprograms.com ------- new post - new topic ------- From: Martha Retallick Subject: PayPal vs other > To me, if you are in business for the long haul like most > of us are, using a 3rd-party processor simply does not > make sense... fixed monthly fees for your own merchant > account... are not that expensive. - Todd Sumrall, LED 1905 Before my publishing business had the monthly sales volume that it does now, I used a third-party processor for my online transactions. The processor, Digibuy, was very good about getting the monthly checks, less their 14% processing fee, to me on time. But as my publishing business grew, I found that 14% was a real bite out of my profit margin. So I got myself a merchant account. To make the decision to get the merchant account, I used the yardstick that Ralph Wilson set out in one of his e-books: If your monthly sales volume gets above US $1,000 and stays there, get a merchant account. In addition to the publishing business, I also do Web and graphic design and consulting. Let me let you in on a little secret: Tell your clients that you take "plastic" and watch the reaction. It's somewhere between happiness and euphoria. Moral of my story: It pays to take "plastic". In addition to purchasing my own live / work space and upgrading my Internet connection to "always on" broadband, getting a merchant account was one of the best things I've done for my business. I'll bet it can do good things for your business too. Martha Retallick "The Passionate Postcarder" ------- new post - same topic ------- From: R. Neilson Subject: PayPal vs other If you can set up a merchant account the savings on rates can be substantial if you have volume. I have a merchant account I pay 2.75% with no transaction fees. Monthly Minimum is $30 per month for fees. But I average $1500+ a month in credit card sales. Initial equipment setup can be a problem if you have to buy a card swipe and printer. But many banks like Wells Fargo have set up special internet merchant accounts and with a secure site can be done over the internet with know extra equipment. Change is coming in the banking industry you just have to shop around. If your business volume is very low say under $500 a month then you may want to go the Pay Pal route till you can build up sales to justify a merchant account. The key thing I have found is that customers want a reliable company that knows how to run a business. Those that don't have a merchant account are sometimes considered to be fly by night, even if they aren't. Appearance is what the customer looks at. As an example I will not do business with any online company that does not have a phone number & business address shown somewhere on their website. If they don't I feel they are hiding something and not to be trusted. R. Neilson H. L. Supply www.hansons.net hansons, succeed.net ==== BILLBOARD =================================== From: Kenny Lau Subject: Copy theft > I have discovered that a competitor has stolen > the logo and words from my websites... Any > suggestions? - Beth Vance, LED 1906 Write them a letter saying that if they don't comply with your request by a certain date, you will inform their local newspaper. The reporters will certainly do a good job teaching them a lesson. Or you might consider giving them a great big surprise! Kenny Lau www.ecopurewater.com ------- new post - same topic ------- From: Shari Thurow Subject: Copyright violations Hi all- This is in response to Beth Vance's post in LED #1906 regarding stolen copyrighted materials. My heart goes out to her since materials from our site are stolen all of the time. We wrote a 3-part article about this topic. Maybe this will help: http://www.grantasticdesigns.com/siteprotection1.html We will be updating it with new material next year, but this can help you get started. Recently, one of my colleagues (Jill Whalen) discovered that another search engine marketing firm had stolen one of my articles and one of hers. My first reaction was to gather the evidence. I called the company and told them to remove my stolen (and copyrighted) content. If I had to involve my attorney, they would begin to owe us money. As expected, they said that they did not respond well to threats. In my case, it's never a threat; it is a promise. They did not take down the content, and I did get my attorney involved. Usually, a nasty note from your attorney and the promise of reporting the copyright violation to the major search engines gets the desired response. Here are the URLs to some of the forms: http://www.google.com/dmca.html http://docs.yahoo.com/info/copyright/copyright.html The funny part? The site owner told me I was being a pain in the behind. Do not fall for that sort of complaint. The site owner stole our content. He did not have permission to republish our content. A firm and direct response is called for. Best wishes, Shari Thurow, Webmaster/Marketing Director ~ See us at the Search Engine Marketing Road Show http://www.semroadshow.com/ ------- new post - new topic ------- From: Tom Aman Subject: Browser wars > On the other hand, I think Microsoft has done a good job allowing > web developers to make a minor mistake (like forgetting to close > a tag) without crashing the entire web page. These so-called bugs > may have been intentional. - Scott Wang, LED 1907 Be careful what you wish for. ;) Lenient browsers are a double-edged sword. While it is great for the surfer to have the browser display a page in spite of HTML errors, the existence of these browsers tends to result in a lot of sloppily coded pages. If all browsers were a bit stricter, surfers would encounter fewer bad pages. Tom Aman Aman Software amant, cyberspyder.com ------------------------------------------------------- The LED Digest is sponsored by pair Networks: pair.com for Hosting | pairNIC.com for Domains Copyright 1995-2004 Adam Audette. All Rights Reserved. ----------------------------------------------------------------- "Every problem has a gift for you in its hands." - Richard Bach |
