 |
|
|
|
|
||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||
Toward a Better Computing Experience |
Collected by Pim Borman, Webmaster, SW Indiana PC Users Group, Inc. Swipcug(at)gmail.com http://swipcug.apcug.org/ |
Banks, mutual funds, credit card companies, utilities, they all want to send me my monthly statements in electronic form over the Internet, “for my convenience,” and incidentally to save on the cost of mailing them out the traditional way. Do I go along with that? No way, José! Just think of all the things that can go wrong.
I already receive regular emails, mostly delegated to spam folders, from fake financial organizations such as PayPal, E-Bay, and banks all over the world. How am I going to distinguish the fishes from the phishes? I do have online access to some of my financial accounts, but I use them strictly one-way: I access them directly by typing in the URL. Some financial institutions have expanded security beyond the usual user name and password check, to let me verify that I'm dealing with the genuine institution. Before I present my user name and password, I am shown a prearranged word and an image to make sure that I am dealing with the genuine Web site, not some phisher in Nigeria. Such two-way passwords are a good idea, and using an image instead of a word adds additional security.
I still have to worry about key grabber viruses that record what I type. An up-to-date reliable anti-virus program may prevent that, or not. Making payments online can also be hazardous, especially if I can't be absolutely certain I'm not addressing a phisher. I have a Citibank credit card account that will provide me online with a one-time credit card number to be used for a single transaction. That minimizes the risk of fraud. But how am I going to archive online statements securely for years to come unless I print them out first? If necessary, does my own printout provide the same level of proof as an original bank statement?
Because spam now makes up the largest part of email crossing the Internet, Internet Service Providers increasingly install spam filters to remove the chaff from the wheat. The problem arises when the spam filter removes legitimate messages without notifying the sender, or even worse, the recipient. It seems to happen all the time and not only because it is easy to misspell an address. Recently I used my local provider, Sigecom.net, to respond to an email from a niece who uses myway.com. Fortunately I was notified by “blackhole.myway.com,” that the response bounced, with an error message indicating that there was a mismatch between sender addresses somewhere along the way. Since Sigecom forwards email via another email provider (Mira-something-or-other), that could have been the problem. I sent the response again, using Google email that time, and all was well.* A week later I sent a SWIPCUG e-mail message to 49 addressees using my Google e-mail account. Two of the mailings, both addressed to members @att.com, were blocked because “it was sent by a system that we have reason to think has sent high levels of spam to our customers in the past.” Maybe other members did not receive the message either but I wasn't notified. Again using Google Mail, I resent the message without trouble to just the two blocked recipients. Maybe att.com balked at the fairly long list (49) of addressees? One of our members, associate director at the local Public Library that hosts our meetings, was unwittingly deprived of messages sent to him and about 10 other members who informally constitute our planning committee. The Library has its own email system, guarded by a properly-named “barracuda” to swallow anything smelling of spam. The system administrator managed to retrieve the messages, belatedly, once he was aware of the problem, and loosened the rules to get our member back in the loop. It goes to show that even if you are not personally plagued by spam woes, your email communications are still affected. Its security and reliability must be paramount if we are to trust it to replace snail mail in delivering important notices. At the least the sender should be notified, and blocked email should be made available to the recipient in a special folder to allow quick verification of its status. Yahoo and Google mail deposit at least some suspected spam in a separate folder. It takes only seconds to check that folder and remove all the spam while being able to save a genuine message.
When an email address is changed, it is difficult to let all the correspondents know, and chances are that some of them will forget to change all their email address folders. Contrary to good old snail mail, there is no friendly post office that forwards email. Also, the slightest typo will make email undeliverable. Add to that the times that the Internet is inaccessible because of hardware, software or network problems and it is clear that email can not be counted on for the timely and secure delivery of financial and billing statements.
Once Upon A Time... in a far away land, when I was still a young lad, clocks sat on mantel pieces and had to be wound every so often. They didn't keep very accurate time, and we kept them running at least five minutes fast so we wouldn't miss the train. You see, trains left the station on the exact second in the schedule and the best place in town to find the accurate time was from the big clock at the railroad station. Now we have clocks and watches that listen at night to the shortwave radio and adjust their time to the nearest second by synchronizing with an atomic clock in Colorado. As a good nerd, I regularly compare the time shown by the atomic clock on the wall with my atomic watch to make sure they agree to the second. And now we travel by planes that sometimes manage to leave the gate within an hour of the scheduled departure time. Or not at all, as the case may be. Progress...
© 2007 Willem F.H Borman. This article may be reproduced in its entirety only, including this statement, by non-profit organizations in their member publications, with mention of the author's name and the Southwestern Indiana PC Users Group, Inc.
This article has been provided to APCUG by the author solely for publication by APCUG member groups. All other uses require the permission of the author (see e-mail address above).