Spam War

By Leon Erlanger

Besides being the year of war, terrorism, corporate fraud, and blackouts, 2003 was also the year of spam. As more users found their legitimate e-mail vastly outnumbered by spam, spammers and antispam vendors played a constant Tom-and-Jerry game, frantically coming up with evermore-sophisticated techniques to outfox each other.

As recently as a year ago, many antispam solutions relied on keyword recognition to separate spam from legitimate e-mail. Spammers outwitted such strategies by interspersing commas, spaces, exclamation points, and deliberate misspellings (such as V!agra) in headers and message content to get through. We’ve all seen such tricks, but you may not be aware of less obvious ploys that rely on HTML features to foil spam filters. For example, a spammer may intersperse white-on-white text or zero-font-size characters in between visible text. You won’t see such characters unless you select them with your mouse, but filters take them into account. Other tricks include using the &nbsp HTML entity to place a space between letters, adding phony HTML style tags, or indicating each letter with an HTML entity. When a keyword filter sees HTML entities and style tags, it simply reads them as text. So if a spammer uses HTML entities for letters and spaces, the filter reads V i a  g r a

What a user sees is Viagra.

Spammers also place columns of letters in each cell of an invisible HTML table, so that the filter reads cell by cell, but the recipient reads across the cells. And if that’s not enough, many spammers simply render text as an HTML image. According to Chris Belthoff of antispam vendor Sophos, more than 80 percent of current spam is HTML-based.

Antispam vendors have countered with more sophisticated spam-fighting techniques. For example, Bayesian filtering rates each word and feature of a message for the likelihood it is spam, based on careful analysis of past spam and nonspam e-mail. This is very clever, but spammers have responded by packing messages with lots of legitimate text and features—visible or invisible. Highlight a spam message, and you may find an entire hidden short story, sufficient to thwart such filtering. Another tactic is to put as little information in an actual message as possible or to disguise the entire message as a topic that should interest the recipient, then link to a URL about the real spam topic.

Antispam vendors have added signatures, blacklists, and rule-based filtering to their arsenal. They set up spam honeypots to catch as much spam as possible, then create a signature to identify each. Signatures work particularly well for HTML images, according to Ken Schneider of antispam vendor Brightmail. Vendors often combine this method with blacklists of proxy sites that spammers use to hide their source IP addresses and URLs that spammers use as links. Or they may simply match a URL claiming to be a particular well-known site against its known true URL. Rules-based techniques match messages against a list of vendor rules that identify suspect e-mail. All of these techniques require frequent updating.

The contest continues. Spammers test, retest, and fine-tune their e-mails against real antispam products. They use e-mail bugs, in which one pixel links to a specific URL that tells the spammer which message got through antispam defenses and was opened by which users. They set up Web sites to test their spam against a variety of antispam solutions.

The lesson in all this is to make sure your antispam solution doesn’t rely on a single technique and that vendors demonstrate a commitment to outwitting new spam tricks as they appear. For more information on spam, see “Can E-Mail Survive?”.

A Guide to Graphics File Formats

By Luisa Simone

You can gain more control over the quality and size of your images by picking the right format for the job.

Graphics files usually contain one of two types of data: raster—colored dots (or pixels) arranged in rows, and vector—images composed of lines, polygons, and text. Raster formats are ideal for photos, and vector formats are best for logos and diagrams. Vector formats use smooth outlines to create objects, maintaining quality even when an image is enlarged or reduced.

Generally speaking, there are three factors to weigh when considering graphics formats: the output media (print or Web), the format’s specific features, and your workflow. Typically, the only Web formats worth using are those supported by most browsers: GIF, JPEG, and SWF. Large raster images are more download- and memory-friendly if they’re compressed, but lossy compression schemes (such as JPEG) shrinks images by discarding data. Also, some formats support simple transparency (where designated pixels are opaque or clear), and others offer gradient (or alpha channel) transparency effects.

Workflow is also crucial: You can’t choose a format if your equipment doesn’t support it. The information below will help you make the right decision.

JPEG is a full-color raster format supported by all popular Web browsers and digital cameras. Its compression can produce very small files for speedy downloads. But JPEG employs lossy compression, so it can degrade image quality (notice the blocky interference pattern). Each time you save a JPEG file you further degrade the image.

GIF is a Web-ready raster format. GIF files use a limited palette (256 simultaneous colors at most) but they often use fewer colors to reduce file size. Small color palettes (see the inset), lossless compression, transparent colors, and frame-based animation makes GIF a fine choice for Web graphics such as icons or logos.

TIFF is a great choice for raster images intended for print. TIFF encompasses many different color modes. In addition to RGB color, TIFF supports 8-bit gray-scale or 32-bit CMYK data (for commercial offset printing). TIFF offers advanced features, including gradient transparencies, multiple layers, and several compression methods.

PNG (Portable Network Graphics) is gaining acceptance as a raster format for the Web. PNG supports palette-based and full-color images, plus lossless compression and a true alpha channel. The helmet in the image has a clear background as well as a soft, semitransparent drop shadow that can interact with other page elements. Note that not all browsers can display PNG’s multilevel transparency.

Native files are specific to particular programs. Proprietary formats support features essential to image development. The Photoshop file (PSD) shown here contains multiple layers, transparency masks, editable text, and automated shadows effects (as shown in the Layers palette).

Vector—or metafile—formats involve pictures composed of discrete objects. In the image, the blue highlighting of the fish on the left shows that the drawing comprises hundreds of individual shapes. On the Web, Macromedia Flash offers crisp text, smooth lines, and transparent objects, so it’s a good choice for static images. The new FlashPaper output option lets you zoom in without degrading quality (see the inset).

TechTV | Photoshop Tip: Replace the Sky. Here is a dvd burning util worth checking out: DVD tools

TechTV | Keep Your CD-Rs Alive

Instantly create a large file in dos:

Use Windows Calculator in Scientific mode to convert a number in bytes to hex. IE: 1 million bytes. Enter 1000000 in the calculator and click on the Hex option to convert it (1 million in hex is F4240.) Pad the result with zeroes at the left until the file size reaches eight digits—000F4240.

Open a dos window:

-run: DEBUG BIGFILE.DAT (ignore the File not found message.)

-Type RCX and press Enter. Debug will display a colon prompt.

-Enter the last four digits of the hex #(4240, in this example).

-Type RBX and press Enter

-Enter the first four digits of the hex #(000F, in our example).

-Enter W for Write .

-Enter Q for Quit.

You’ve just created a 1-million-byte file using Debug.

Getting Paid: The Dark Side of eBay

You don’t auction stuff off for your health. Find out what it takes to get paid using eBay.

By Toby Malina

You give things to charity out of the goodness of your heart. You auction your used stuff off to make money. But what happens when the check in the mail never shows up? On today’s “Call for Help,” I’ll tell you which payment options you should accept for your online auctions and what to do if a check bounces or a buyer backs out.

Payment options

Online payment services

You’ll get your money fast with an online payment service. PayPal, for example, offers several types of accounts, including free personal accounts for sending and receiving payments. In most cases you’ll need to upgrade to a pay service if you want to accept credit card payments. Though PayPal seems to be the most popular, you may want to look into Western Union Payments and CheckFree Auction Payments.

Money order or cashier’s check

A money order or cashier’s check can only be payable to a specific recipient — you! It’s like getting cash in the mail without the risk.

Personal check

Buyers love paying with personal checks, but they’re more of a risk for sellers. You need to wait for payment, deposit the check, and wait for it to clear before shipping an item. If a check bounces, you could get hit with bank fees, which may be hard to pry out of the buyer.

If a check bounces, contact the buyer immediately and give him or her a chance to pay via PayPal or overnight mail. If the buyer doesn’t make good, bomb’s away with the negative feedback.

Cash

Just say no! Cash doesn’t leave a paper trail, making it a risky option for buyers. I know you’d never sell stolen property, but the people bidding on your stuff don’t know that.

Cash on delivery (COD)

When the shipping company delivers your goods, the buyer produces payment. The buyer needs to be at home when the delivery guy shows up and must have an accepted form of payment on hand, causing a hassle for everyone. Why bother?

The waiting game

Responsible buyers respond shortly after an auction closes and soon pay via an online payment service or contact you in response to your invoice.

If you don’t hear back from someone within three days, send a friendly reminder with “Reminder” in the subject line. Politely remind the buyer that he or she was the high bidder in your auction, the date of your expected payment, and the payment methods you accept. You should also check users’ feedback to scan for negative patterns. If they seem like good buyers, be patient. They may have a problem on their end. Life happens.

If you don’t hear back within three days of sending your reminder email, consider your buyer a problem child and send a firm but diplomatic final reminder.

When buyers balk

When a buyer backs out, use your best judgment to assess the situation. If the reason seems legitimate, don’t go for the jugular. Only leave negative feedback when someone flagrantly backs out.

If your auction had several bids, consider making a Second Chance Offer in which you offer your item to any of the underbidders. Just don’t jump the gun. Make every effort to work things through with the original buyer first. If the original winner steps forward, you’ll have an awkward moment explaining why you sold your item to someone else.

Begin the Second Chance Offer process from your auction page or My eBay page. You won’t need to pay additional insertion fees and a new final value fee will be assessed when a buyer accepts your offer. (You can also use Second Chance if you have an identical item you want to sell.)

No more Mr. Nice Guy

A time may come when you can’t sell your item to another person and you still don’t hear back from the original bidder (or get an email that says something like “cancel my order”). Since you’ll probably get pretty ticked off, consider filing a Non-Paying Bidder Alert.

A NPBA gets eBay formally involved. You can file one eight to 45 days after the close of an auction and it’s mandatory if you want to collect a Final Value Fee credit.

Go to the Non-Paying Bidder Program page armed with your user ID and item number.

File your complaint.

Once you and your buyer receive notification, eBay requires you to wait 10 days before filing for a Final Value Free credit. Buyers often pay or contact you within this period.

If you work things out, go back to the NPBA page and click the Non-Paying Bidder Warning Removal link.

EBay will suspend buyers with three alerts. You can also ask eBay for the buyer’s contact information on the Find Members page if you feel comfortable calling the buyer. Again, I’m sure you’re a nice person. Never threaten, stalk, or harass other eBay users.