Fog Creek Software
Discussion Board




Why should Joel want your E-mail?

Needless to say, that Joel is a crafty clever person. Somehow he wants all of our Emails to be registred in his database. Why?

Vlad
Sunday, March 02, 2003

So he can send you an email when he posts something interesting?

Stephen Jones
Sunday, March 02, 2003

...so he can sell it to a spammer and make $100 and destroy his rep in one smooth move?

Eric DeBois
Sunday, March 02, 2003

... because there can never be enough conspiracy theories on the internet? 

Joe Blandy
Sunday, March 02, 2003

Joel won't lose all of his reputations unless we (his readership) are really smart.

Hypothetically speaking, by selling the addresses to a generic "Evil List Reseller".. Joel will get his 100? dollars, but he has a good chance we'll never trace it back to him.

For example by not ID the list as

"interested in bug tracking software or software development software"

or

"interested in Human Computer Interface or User Interface Designs"

and by not making the mistake of sell them only closely related softwares--how can we tell the next optical mouse spam ad is made possible with Joel's help.

By carefully spam us with some generic ads or two it will add some serious doubt. And most of us have too little time to dwell on any single spam to take the analysis that far.

There are a few ways for you to trace a spam back to Joel should he ever decide to sell the list, here's one:

1. Use a dummy email address hosted on your SMTP server, it should never be used or seen by anyone, and it should be registered only at the mailing list JoelOnSoftware.com. If you start getting email on this dummy email address's inbox-Joel sold his soul to the devil. This dummy email address needs to point to a non-blocking, but non-replying, and perhaps auto emptying inbox and a report should be sent to the monitor on a monthly basis to indicate whether the list was sold or not.

You can automate this and use it at more than one site by setting up a auto email name generator:

two random letters to indicate first and middle name and concatted with a random known lastname or vise versa concatted to your email domain.

So

fcsmith@bigicecreamstore.com

etsmith@bigicecreamstore.com

An auto email name generator is not enough.. you have to then associate that with the list or site you are monitoring. One such site might be Joel on software. Make a web interface and you can start monitoring lists and sites offering any email subscriptions.

If you dope the list on a regularly scheduled period, you can even find out when the list was stolen or sold.

So fcssmith@bigicecreamstore.com was added to the list in October of last year

But etsmith@bigicecreamstore.com was added in March of this year..

etsmith was not spammed although fcssmith was spammed, there fore, the list was sold/stolen before March 2003 but after October 2002...

Some lists are carefully designed to lazily fight against this a bit.. but most are too busy spamming to notice. But one way you can be more anonymous is to use a few more domains or use a highly objectionable domain name. Like @eff.org.

I think this is how major corporations ensure their carefully collection list of company to subscriber relationships aren't being stolen by internal staff.

This is also how some anti-spam algorithms learn to differentiate a genuine spammer from a non spammer.

It's like throwing thousands of little rubber duck into the ocean with radio and tracking them :-)

Li-fan Chen
Sunday, March 02, 2003

As a follow up... a lot of mailing list cleaning involves getting rid of inactive subscribers. Spammers don't do this, they want to spam you as many times as possible, the cost is so little after all.

But major corporates don't send email out the same way. They don't want to spam, they want to build a relationship. So they put a lot more effort into these emailings, using actual serious mailers and taking care of security, privacy and the personalization of the content. Each such email cost much much more, and the consequences of accidentally spamming due to a overzealous marketing drone is nothing short of a few major lawsuits and lots of lost of reputation. So what they do is clean lists often. The best way to clean a list and reduce cost is to get rid of non-interactive users. If you don't click on a HTML web email, you aren't being active. If you don't open a web email, you aren't being active. If your email server bounces for a significant number of time--you are being inactive. If you have asked to be on some big "I don't need any spam anymore!!" clearing house--you are being inactive. Anyway, the point is.. the list cleaners will clean you off the list and you will no longer be getting anymore "crap"--from those specific major companies anyway.

So if you want your rubber ducky to keep floating.. you'll actually have to write a robot to open these messages the way a real person would.. even click on those tracked links the way a real person would.. and perhaps.. even see the crazy pop-up ads like a real person would. An API like Perl::LWP should help you pull this off.

Li-fan Chen
Sunday, March 02, 2003

It proves nothing if you get spam at that joel-only address if that address looks anything like a name. Spammers now send to every possible letter permutation they can think up that might make sense.

This is why my email addresses that are well guarded that look like:

dennis@megalocorp.com

get tons of spam, but

b29o1h3n@megalocorp.com

...gets NO spam.

[not real email addresses - for demonstration purposes only]

On the other hand, I use the name trick to see which charities sell my address and phone number to con artists:

"Hello, is this Pheadukits Atkins? You have won a free time share condo stay in Barbados!"

"Sorry, there is no one my that name here." (Note to self - never trust 'Feed the Kids Inc.' again.)

Dennis Atkins
Sunday, March 02, 2003

Let's make thing clear at this point: I never suspected Joel into being a spammer.

All I understood - Joel wants all of us to register with his mailing list. I think it's a real reason for asking us, to subscribe in order to get the last article.

I would not believe an actual reason: "an article is too hot, to publish it for the masses". One way or another, sooner or later it will leak to the masses.

Vlad
Sunday, March 02, 2003

Why don't we wait for this article? From the excerpt published, it looks as though Joel is about to say something on the nature of online community (which would of course have an effect on the online communicty he hosts, hence the puzzling reference to Heisenburg effects). Maybe its an experiment on the nature of community using email, compared with community by discussion board.

Looking forward to that article.

David Clayworth
Sunday, March 02, 2003

Dennis Atkins: awesome catch, it's true a SMTP visit can probably get away with sending a few bogus emails just to see which will actually make it through. If an SMTP server is too dumb it will actually reply back which bogus email is really real. A smart but cynical SMTP server should answer not so truthfully.

-- David

Li-fan Chen
Sunday, March 02, 2003

Maybe Joel is doing it to reduce bandwidth costs for his service provider? If he posts the article on the website, a bjillion people will bang away at it costing a gazzilion dollars a minute in bandwidth for all the page loads. You sign up for an email -- and not everyone will because it crosses some people's "care factor" boundaries when they have to enter their email address, and the rest are just paranoid -- and instantly a very succinct and deliberate group of people will receive the same article. If they want someone else to see it, they will have to forward it on (not actually permitted, if you read the blurb Joel wrote), but this won't cost Joel's provider an off-white cent.

Quite a simple and elegant solution, if you think about it.

That, or Joel is doing a study on email address user names to see which ones are the weirdest.

Geoff Bennett
Sunday, March 02, 2003

So you mean hypothesize that push uses less bandwidth than pull? Maybe Microsoft should use that model... *smirk*

Li-fan Chen
Monday, March 03, 2003

A mixture of both is best I think. The email will lead people to the pages that actually interest them. That's less clicks (and bandwidth) then trying to get to where you want to go via the front door. And if people keep their email, yes, it will save some clicks. But a stale email will get lost and ignored in the long term. In that case most people will just say forget it, type in joelonsoftware.com, then click search.

If Email don't have to be stored in a chronological order in your inbox.. there's hope yet.

-- David

Li-fan Chen
Monday, March 03, 2003

I seriously doubt that Joel is desparate for our email.

If he really wanted it, then he could make an email address compulsory for the board.  Sure, some people would put false addresses but the majority wouldnt.

Email addresses could be validated by sending out 'Your post has been replied to' messages and monitoring the links.

Don't forget that Joel has gone to lengths to protect us from spanners, by updating the forum so that addresses are hidden.  They used to masked in the HTML as javascript writes.

I think that Joel dislikes navel gazing, but can't resist it because it interests him.  Sending it out as email is a comprimise.  His written an essay on the blue fluff that he always finds on his discussion board without diluting the content of the site.

Then again, he could just be covering up his role in Kennedy's assasination.

Ged Byrne
Monday, March 03, 2003

Maybe he is just trying to use the email adressess to get at your geographical location (more or less). It works reasonably well for al but the "realy globaly big ones" (hotmail etc.). Can you buy geo profile info on those?

Just me (Sir to you)
Monday, March 03, 2003

"Maybe he is just trying to use the email adressess to get at your geographical location (more or less)"

I should think looking at the website logs for ip addresses would be far more accurate for this purpose?

nice
Monday, March 03, 2003

Wow.

Proof that many in IT have entirely too much time on their hands.

Relax. He just wants the email so he can email you when he post something interesting. I really doubt Joel has the time or inclination to deal with trying to sell a mailing list.

Just chill.

Go Linux Go!
Monday, March 03, 2003

If you really are looking for the strangest email address, please share it with us Joel.

David Clayworth
Monday, March 03, 2003

I was bewildered by all this paranoia over giving Joel an email address.

Now I know that Joel was counting on it as part of his filtering policy.  Very clever.

Thats why he's rich and I'm not:)

Ged Byrne
Monday, March 03, 2003

The cynic in me wondered if he was running an experiement to see how long the article would take to get out onto the web anyway (:

Martin DeMello
Monday, March 03, 2003

Joel's not rich because he's clever. Joel's rich because he worked at Microsoft and copped some nicely weighted company scrip. Which I suppose you could say he only got because he was clever, but that would just be proving my own point wrong, don't you think?

Geoff Bennett
Monday, March 03, 2003

*  Recent Topics

*  Fog Creek Home