I was looking at two fake e-mails today -- one from someone proporting to be Trion (Rift) who spelled World with two V's, and another pretending to be Blizzard. While the e-mail was caught, I saw a heuristic that is so simple -- that I can't believe it's not already implemented.

So there's this link, right? And it's an anchor element in the HTML version of the message. Now here's the check:

Does whatever is inside the anchor look like a URL?

See what they're doing is putting the real URL as the text in the anchor (http://battlebazaar.net), but then putting a different URL (http://battlebazaar.net.x=some-other-site.someother-tld.fake/string-o-garbage) in the HREF of the URL. This makes it so the URL that it shows in the e-mail is the real one, and when you click, that's what's displayed in the leftmost. Now, I've previously stated the web browsers should provide a separate box for the host, domain and path -- because doing so would greatly help with the phishing problem (because most people don't understand how the hostname or path work -- those are just magic values -- and so split them off so that the part they *do* generally understand is visible).

But what I'm going to say is this. There should never be a time, ever, where there's a URL pattern as text in a link and clicking that URL takes you anywhere other than what the text says. And so any message that ever has that pattern (an anchor element where the text is a URL pattern, http://whatever, www.whatever, etc.) and where the href doesn't match, should be deleted automatically. That simple step would go a long way (and splitting the address bar into three pieces -- host, domain and path as three separate bars -- would help even more).

If you're going to do electronic delivery of products, always use a valid reply address -- or verify the e-mail address before you ship.  Send a "click here to activate" link, send an account key, generate and send a one time password, w/e.

But if you're going to just blindly send, you might be sending to the wrong person.  If you send to the wrong person, they might not even speak the language that you speak.  Going to your website and struggling through a 20 part reply form written by your marketing department isn't a good experience, and you almost certainly want to know that you've delivered a password and a bunch of CD keys to the wrong person so that when your customer calls and says "WTF," you have an answer for them.

I filter tons of spam every day, but I still am going to maintain the support, parental guidance, etc. mailboxes at easily identifiable and easily contactable addresses.  I mean, it's just the right thing to do -- what spam gets by SpamAssassin and the other filters, we can deal with that.  So what there's an e-mail for viagra sitting in there.  If we keep just one, single, solitary customer because they can e-mail us, that's worth it. 

Just because people say Windows is the source of all spam:

Author information

Due to continued spamming after I enabled comment moderation, I've installed a plug in to check against a shared database.  We'll see if that cuts it down a bit.

I have both the main computers that I use converted to Windows 7 x64 now.  On the one, I have an adaptec SCSI card that is not recognized, but both systems are working at this point in time.

After waiting for 7 days for the slow computer to do an upgrade from Vista x32 to Windows 7 x32, I just did a reload instead.  The reload completed successfully in under an hour and a half (I was patient because even after a week, the installer was still animating but -- there's a limit to how long I was going to give it, especially since the computer had not had a clean install for many, many, many releases of Windows).

It's up and happy on both of the computers here.