It doesn’t surprise me that I haven’t received an email from Suncorp before, given the prevalence of phishing attacks these days. For those unaware, phishing is an attempt to fraudulently acquire personal information from someone by getting them to enter it into a web site that looks familiar, that is in fact just a shallow replica of a real site. Phishing attacks are one of the reasons you’ll read and hear major institutions state that they will never ask you for your username and password, ever.

Just to checkout what the latest phishing attempt looked like, I thought I’d investigate the email to see if the spammers had gotten any smarter over the years. First thing I noticed was it was from an email address that was clearly related to their online banking system and at the correct domain. Secondly, the subject had to do with BPay – so I though how fantastic that the spammers now use brands or products related to the local country to garner trust with the user.

After opening the email, I suddenly realised that the email was legitimate and I couldn’t believe it! It turns out that Claire had just paid our rates online, through the Suncorp internet banking web site using BPay. The email was a notification, to let me know that a large payment had just been processed and if I hadn’t arranged it to call them immediately.

What I love about the email though:

1. The subject was clear, it was a BPay notification
2. They sent it to both of the email addresses I’d provided Suncorp, not just my primary one in case I didn’t check it immediately.
3. It was a plain text email, so no fancy images or design – just the message. That meant that you needed to read the content of the email to see what it was about and not blindly clicking on something because it used the familiar Suncorp branding.
4. The first line stated what it was about (high value BPay transaction), the second contained what action to take (phone Suncorp) and for full details you could check the transaction on their site.
5. Suncorp include their business name, address, ABN, contact information in the footer
6. Most importantly, there isn’t a single hyperlink anywhere to be seen in the email. As such, you can’t just ‘click the obvious link’ to go to their site.

A lot of the things above seem pretty small things to a lot of people, however I’m really impressed that they’ve chosen a lot of those options – especially the plain text email. Nefarious individuals and companies that use phishing attacks prey on people reacting to a familiar company and brand, such as from their bank to take an action. By providing it in plain text, it removes the familiarity aspect away to make you read the email. By not providing any hyperlinks, you need to open your browser yourself and go to their web site.

All round, a great email from Suncorp and they should be congratulated for doing their part in helping keep their clients information private and their money safe. If I were to make a single change to it, it’d be to remove the phone number and direct the user to their web site (no hyperlink) to get the phone number if they don’t already have it on hand. That way, all of the contact information needs to be entered by the user on their own behalf, which would all but remove the risk of a phishing attack.

Related posts:

1. Suncorp Bank Anti-Fraud Department Saved Me $686.73

While it sounds like a small change, the longer term plans were for search engines to not include those links when ranking a given web sites content. It was common place for spammers to comment spam thousand or millions of blogs, leaving a link to their preferred sites. Before the rel=”nofollow” attribute was introduced, the search engines had no way of knowing if a web site owner trusted that site and as such had to use other methods of measuring trustworthiness.

The intention is clear, by removing the incentive for a spammer by using rel=”nofollow” in the links – it was hoped it would have an impact on the insidious and incredibly aggressive spam ecosystem online. Unfortunately, spammers aren’t the kind of people that just roll over at the first sign of a battle and the war on spam raged on. As the rel=”nofollow’ attribute gained momentum over the years, spammers have subsequently sought out web sites which were considered dofollow – in that they have clean links that the search engines will count when ranking a web site.

As I’ve upgraded WordPress over the years, I’ve been carrying the same set of themes or templates forward through the upgrades and hadn’t bothered to upgrade to a newer base theme. Of course this meant that links from my site were dofollow links and were valuable to the spammers. So valuable in fact that my site has been listed countless times on different forums as being a dofollow blog – essentially proclaiming to the spammers of the world that they should target my site for high quality backlinks.

I’m happy to say that after a recent upgrade to WordPress 2.9.x, I ported my current theme over to a new base theme provided in the 2.9.x code base which uses rel=”nofollow” links by default. In fact, if I want to allow people to have clean links – I’ll need to specifically allow them by use of a plugin – which is fine by me.

This will no doubt upset the spammers out there that thought they’d be getting easy, free dofollow links from my site. While I understand why they want my clean links, I also hate having to deal with comment spam – so I’m going to leave my comments rel=”nofollow” from now on.

Related posts:

1. Rel=”nofollow”
2. Combating Website Spam
3. Winning The Fight Against Spam

When I first came across the advertising, I thought it was very creative. Instead of bothering with professionally printed signs, they were hand written using a wide tipped Nikko – black writing on a plain white plastic cardboard. The sign said something to the effect of ‘executive income from home, phone x or visit y’.

It wasn’t long before I started seeing more and more of these little advertising boards, stuck up at intersections all over the Gold Coast – so one day I thought I might as well check out what they are going on about. Shortly after visiting the site in question, I realise they aren’t selling anything specifically – but are offering business coaching. Sounds like a good idea to me, a little further reading and the business coaching they are offering is based on the magic of the stupidly cult popular “The Secret”. At that point, I began to become disinterested in anything they had to offer; sorry to say it but willing your home business to grow and earn you six and seven figure sums of money isn’t going to happen – no matter how far you put the good vibes out into the world.

Recently, more and more of these types of banners have shown up over the Gold Coast – except now they are varying in style – some printed professionally, some hand written and so on. The web site addresses being promoted are different, however there is a common theme – all pushing the home business opportunity and executive six figure plus income from home.

Further investigation shows that the web sites are strangely similar – the same cookie cutter style sites, but with different people telling you how their home business opportunity will change your world forever. Lots of personal photographs of the person in question around the world, all inferring that it was a derivative of the power of awesome service. That lead me to find out where the cookie cutter sites are coming from, the same business in each case. Throwing their web site address into Google returned huge volumes of results and looking through the URL’s of the sites, you could easily spot a common theme.

Looking into their business further and it would appear there are a lot of unhappy people getting around the internet about them. They are embroiled in a huge scam, how it works I’m not quite sure but I’m guessing it involves duping a client into believing that willing their business to grow through positive thinking and good vibrations will work, all of which can be your for a tidy sum of money.

I’m wondering how many people on the Gold Coast have seen their guerrilla advertising and followed through?

Related posts:

1. Google Acquires DoubleClick
2. Windows Vista Business Double Clicking On Single Click
3. Best Home Phone Plan & Telstra

For those that aren’t aware what a gravatar is, it’s a globally recognised avatar. I can hear the question already, what is an avatar and stop speaking Greek. An avatar is a little image or animated icon that people often have displayed beside their names in online forums. A gravatar is generally meant to unique to a user and is used with the intention that it’s easier of recognise a user by glancing at an image rather than by having to read their name.

Automattic acquiring Gravatar is an excellent move for the community in my opinion. In the last year or so, the Gravatar service has been failing after having a solid adoption rate throughout the blogging community. It was a vicious cycle really, as the more exposure they received the more users signed up and the more the service struggled to manage that load. The Automattic crew have quite a bit of experience scaling web sites and services out, after successfully delivering services such as Akismet for fighting spam and the massively popular hosted WordPress.com blogging platform.

A quick message by the founder of Automattic, Matt Mullenweg, points out that since migrating the services into the Automattic infrastructure, that it’s already three times faster. It seems they’ve got some pretty cool plans for the Gravatar service in the future as well:

• Rewrite the service in PHP, the programming language of choice for Automattic
• Move the image delivery into a Content Delivery Network, reduces their load and lowers end user latency as well
• Push the 1,000,000 plus avatars currently in WordPress.com into the Gravatar platform so they are available everywhere
• Integrate the newly rebuilt Gravatar services back into WordPress.com
• Implement cleaner URL’s for each gravatar

There are a bunch of other features that are coming but those are the ones that I thought were most interesting. Congratulations has to go to Tom Werner for developing a great specialist product to start with that was worth an acquisition. I’m excited to see how that all unfolds now under the management and guidance of the Automattic team.

Related posts:

1. Google Acquires DoubleClick
2. Google Malware Warning
3. Google Acquires Feedburner

I appreciate that it might be difficult to manage the problem, however if a site like Squidoo can’t get it under control then it completely erodes the usefulness of the site in my opinion. The Squidoo spam problem has been happening for quite some time and the owners are aware of it, however it seems that they have yet to find a way to curb it.

It’s a shame really, as I hate spam so much that it has now tainted my opinion of Squidoo as a useful service. Fortunately, I find the site pretty much useless, so at least I don’t have to put up with it while browsing their site.

Related posts:

1. Offline “Home Business Opportunity” Spam
2. Winning The Fight Against Spam
3. Snail Mail Spam

For a long time, I have struggled with comment spam on this site up until I installed Akismet, which has been my knight in shining armour to help combat comment spam.

Over the last year, the rate that this site has been getting spammed has increased every single month, without fail – relentlessly. The spam statistics for the Akismet service indicates that the rate they are receiving and filtering spam has also been increasing.

At the moment, the graph doesn’t show any particular sign that the rate of spam has slowed at all. For some reason though, the rate that this site is receiving spam has definitely decreased. Over the last few months, I would delete between 350 and some times over 1000 per day while at the moment it is averaging a number less than 200.

That got me wondering what has changed around these parts, nothing in particular. I’m still running the same blogging software, still using Akismet to filter spam on the site and the search engine rankings of the site haven’t decreased such that it might make it a less likely target for spammers.

Is it possible that enough people are combating spam efficiently these days that at least some portion of the spamming community have called it quits? I don’t know if there is a way for anyone to answer that question with any sort of certainty however I can only hope that it might be the case.

Die filthy spammers, die.

Related posts:

1. Akismet, Stopping Website Comment Spam The Easy Way
2. Akismet Spam Filtering, The Bringer Of Light
3. Akismet, How I Love Thee

Being the diligent computer user, I uninstalled MSN Messenger 7.5 and the original Windows Messenger that comes with Windows XP Professional. Not knowing the web address for MSN Messenger, I googled msn messenger to be presented with the search result to the left.

After glancing at the advertisement and seeing “Msn Messenger” as the advertising text, I clicked the link expecting to be taken to the Messenger home page on the Microsoft web site. No, that isn’t what I got at all – instead it redirected me to the new Microsoft Live Search web site, with my “MSN Messenger” search already performed. Not only that, they had a nifty JavaScript sliding panel with some useful advertising promoting Microsoft Live Search and telling me that it is “the ducks nuts”. After a few seconds, the useful advertising panel automatically slided away to leave the standard Microsoft Live Search page.

When the biggest software company in the world is required to participate in pay per click advertising on a competitors network to drive traffic to their own search engine, I think it is a pretty sure sign that their competitor is doing something right. I can understand that someone like Google and Yahoo! might advertise on their competitions web sites for pay per click marketing services but I’m yet to see an advertisement on Google or Yahoo! telling me that I should be using their competitors search engines.

Related posts:

1. Microsoft Invests USD$240 Million In Facebook
2. Google, Yahoo! & Microsoft Collaborate For The Greater Good
3. Yahoo! Search Marketing Launches Sponsored Results

The basic idea behind a splog is to generate lots and lots of content, throw on some sort of advertising – maybe Google Adsense and hopefully watch the money come in. Of course, since spammers are bottom feeding filth, it is far too much effort for them to produce the content they want to whore for a dollar themselves. The clear and obvious solution is to rip off other internet users content and republish it as their own, simply to produce content on their site and an opportunity for someone to click a piece of advertising.

My problem with splogs, is that the owners are aggregating and/or republishing other peoples work to make money for nothing. Reporting on the happenings online and around the world is fine, if you’re adding your own point of view and it’s in your own words; ripping someone else’s work is just plain rude.

Typically, if someones content is being republished without notification/permission and it’s attributed properly – most content authors don’t have a problem with it. Since sploggers are bottom feeders, not only do they not ask permission – they generally don’t provide a link back to the original content. It isn’t fair to tar all bottom feeding sploggers with the same brush, some do take the time to attribute the content, which is less of a slap in the face.

Personally, I’d prefer it if they’d write their own unique content; however in the absence of that I guess for the moment we’ll have to graciously accept the odd inbound link from the ‘nice’ spammers.

Related posts:

1. IIS & Invalid Folder Names
2. DoFollow No Longer

Physically setting up an affiliate program is quite straight forward and you have two choices in handling the inbound links and referral tracking:

Single entry point

Using a single entry point in your site, where everyone links to with their respective referral code which then shunts the user to the desired page. Using this method, you might end up with:

• http://mydomain.com/tracking.php?ref=abc&destination=1
• http://mydomain.com/tracking.php?ref=abc&destination=2
• http://mydomain.com/tracking.php?ref=abc&destination=3

Multiple entry points

Allowing multiple entry points facilitates deep linking. If you allow multiple entry points, you might end up with:

• http://mydomain.com/page-1/?ref=abc
• http://mydomain.com/page-2/?ref=abc
• http://mydomain.com/page-3/?ref=abc

Both of these methods will work but which one is better for search engine optimisation? If you use a single entry point, you end up in a position where you’ll have hundreds or thousands of inbound links to a particular page. Unfortunately, the page that they are linking to isn’t useful to a search engine for indexing – it simply redirects to another page. You do however get the benefit of being able to effortlessly reorganise a web sites structure and only have to worry about updating destination URL’s in a single location.

Using multiple entry points allows your marketing or affiliates to link directly to their intended page with their referral code, which can make a difference on various levels:

• it’s convenient for the people linking to the page
• it’s less error prone, as the linker can simply copy the URL from the browser
• the linked URL will begin to gain inbound links, which is critical for effective search engine optimisation
• the person clicking on the URL can hover the URL and see where it is going

The last point might seem like something you might otherwise gloss over, however as internet users become more savvy – they are becoming acutely aware of their online actions. Letting the user clicking on the link see the destination URL will help build trust between your web site and them, as they will be less inclined to think the link is spam.

My personal preference is towards deep linking, it’s just so convenient. If you allow deep linking, the next problem you have is your affiliated links making their way into the search engine result pages; which is definitely not what you want. Fortunately, through the use of a robots.txt file it is possible to drop the affiliated URL’s from being indexed. In the above multiple entry point example, you could stop those URL’s from being indexed by including the following line into your robots.txt file:

1. User-agent: *
2. Disallow: /?ref

Unfortunately, your work isn’t quite done, as all of the inbound links are linking into distinct URL’s (ie, with the referral code). As far as a search engine is concerned, these are totally separate web pages which could/should have unique content. To leverage the most out of your inbound links, you want to make sure the link ends up pointing to the permanent URL for the content (ie, without the referral code).

Remembering that you are tracking referral codes, the web site must first do something useful with the referral code. Useful might be placing the referral code in a cookie for later use or storing it in a database, but something generally needs to happen with it. Once the useful action has been completed, you need to send a standard HTTP redirect to the user agent (browser, bot, ..) to tell it the permanent URL for that content exists at a different URL – in this case the same URL without the referral code. Consult the documentation for your favourite server side language about handling HTTP response codes.

By implementing these two simple techniques, you now only have a single copy of any of your web pages indexed in the search engines and any inbound referral links will ultimately be attributed to the permanent URL for the actual content.

You can now sleep easily at night knowing you have search engine optimised referral tracking.

Related posts:

1. Search Engine Optimisation (SEO): Dashes Versus Underscores
2. Search Engine Optimisation (SEO): Demystifying The Black Art
3. Search Engine XML Sitemap Improvements

• Snail mail spam
• Akismet, friends forever
• Akismet, how I love thee
• Akismet spam filtering, the bringer of light

This time around it is no different, as Akismet just keeps on keeping on. I first installed Akismet toward the start of August 2006 as I was being overwhelmed by the volume of comment spam I was receiving. Initially, it was just one or two website spam messages but it soon increased at a rapid pace. I was receiving so much comment spam, I just couldn’t handle it manually anymore and I needed a way of stopping the spam for good.

After looking around at various WordPress comment spam filtering solutions, such as Bad Behaviour and Spam Karma; I ended up deciding on Akismet. There were a couple of reasons that I felt that Akismet was going to perform a better job stopping website spam, the main one being it was driven by the community. Spammers just love to prey on the masses and there sure is a mass of blogs on the internet. If the blogging community backed Akismet, then it seemed reasonable that as soon as enough bloggers flagged something as being spam – I wouldn’t have to worry about it either. As it turns out, this is absolutely the case as very few comment spam messages actually get through the Akismet filtering. I hate web site spam so much that I have comment moderation on as well; I know it might frustrate some commentors but I would prefer to vet a valid comment than see spam land on my site.

Akismet has now been protecting this site from website comment spam for approximately nine months and in that time it has successfully axed about 100,000 spam messages from ever appearing on the site. I can only imagine how hard it must be for people running web sites or forums these days that don’t have easy plugin access to a service like Akismet to stop website spam.

Pretty significant milestone I thought, go Akismet go!

Related posts:

1. Akismet Spam Filtering, The Bringer Of Light
2. Winning The Fight Against Spam
3. Akismet, How I Love Thee