There is an issue that is becoming more acute every day, it seems…the OTR Digest, and other addresses on our server, are being spammed by - no, seriously - actual subscribers.

These users, generally with Yahoo!, AOL, and MSN/Hotmail addresses, have had their accounts hijacked by spammers primarily because of easily-guessed passwords. But the results are seriously bothersome; email coming directly from the subscribers’ accounts, what the server assumes are legitimate messages but are actually mails with spam links in them, are entering the Digest and other mailing lists with alarming regularity. I have been struggling with how to handle this, trying first to alert the users with information on the hijack and suggestions to fix, but I found this more and more work every week. Yet I need to protect the mailing lists from this garbage…even though the real subscriber is technically innocent, their account is being used to send multiple spam emails into our machines targeted to our lists.

So I am currently taking a more draconian approach. First, the user’s address is removed from the Digest subscriber list as soon as the first spam email is found (I say “first” because until the problem is fixed the hijackers continue to send spam out of the account to all addresses in the user’s address book) - hopefully, after not receiving an issue or three the subscriber will realize something is amiss…could be the subscriber’s friends will be alerting him or her to the spam as well. I am also blocking that user from sending any mail into our server, with a rejection note that reads something like:

Fix your AOL problem then contact me via web form

This protects other lists on the server from running spam emails. If you receive this, you will not be able to contact me via email; you need to use one of the web-based forms available on www.lofcom.com, www.oldradio.net, blogs.oldradio.net, forums.oldradio.net, etc., etc. - you’ll see one right here if you click that “Contact the Webmaster” button over on the left sidebar.

If you receive this mail, the situation is serious (the bad guys have access to your address book and your email!), so please contact your provider (AOL, Yahoo!, whoever) for instructions on how to reset your password to something that bad guys can’t easily guess and cannot be hit with a dictionary attack…after your account is secure, then and only after the issue is resolved contact me via one of the web forms and I will remove the block on your email address.

I know this sounds harsh, but I need to protect the mailing lists from receiving this spam while not spending more and more of my own time manually dealing with it. I am, of course, always open to suggestions on a better way of dealing with this; post a comment here, or contact me privately via email (addresses are all in the footer of every Digest issue).

I’m only sorry the slimeball scammers have forced me into such a thing.

P.S. While I’m at it, please don’t add the Digest address to any social-networking “friends” list…the Digest isn’t going to join Facebook, Feed Share, or any other networking service (it’s a computer, after all), but it does require additional work for me to remove/block/deal with the requests. This isn’t happening often, but it does happen sometimes, and I’d like to prevent it from getting any worse.

From The New York Times: Retargeting Ads Follow Surfers to Other Sites

This is my favorite quote from the article: “‘I don’t think that exposing all this detailed information you have about the customer is necessary,’ said Alan Pearlstein, chief executive of Cross Pixel Media, a digital marketing agency. Mr. Pearlstein says he supports retargeting, but with more subtle ads that, for instance, could offer consumers a discount coupon if they return to an online store. ‘What is the benefit of freaking customers out?’”

Still, this is so painfully simple to eliminate…simply don’t accept cookies from marketers, or if you must (when shopping at on-line stores, for example), save cookies only per session and not persistantly; the next time you open your browser, the cookies are gone, and the marketers can no longer associate you with your last browsing session. The Firefox browser, along with add-ons like BetterPrivacy, Cookie Monster, NoScript, and others gives you extremely fine-grained control over what these slimeballs can track about your browsing habits, if you are willing to spend a little time actually setting-up and controlling your cookies.