I’ve been interested in different forms of communication for some time.  It’s part of what makes social networking so interesting to me.  I’ve been reading about others’ experiences too.  Of course there’s Tantek’s CommunicationProtocols page, which inspired my own Communication Protocols section on my main page (and, probably, @seanbonner’s PreferedMeansOfContact).  Trevor Creech recently challenged me on my Twitter usage, calling it “Twitterfail” (in reference to efail).  I would like to discuss some of they ways I’ve started thinking about communication.

First, a tip from my own main page: If you find a solution, from me or elsewhere, blog it. Someone else may benefit.  I have come to think of my Twitter and Ma.gnolia accounts as blogs (especially since they began to manifest their updates in the actionstream on my main page).  If I find an interesting tidbit, or have a potentially interesting thought, I tweet it.  This lead, one day, to >20 tweets in 24 hours, the condition which Trevor complained about.  In response, I have tried to consider first if something is really useful at all before I tweet (I don’t want to be the cause of a signal/noise problem) – but I have also started including better context in my tweets.  Interesting links go to Ma.gnolia.

Searchability has become key for me. This is one of the reasons I love my IM setup – everything anyone says to me, whether I’m online or off, at my computer or not, is archived in Gmail for easy search.  My tweets and blog posts are also searchable – in fact, if you just say “singpolyma” or link to me in a blog post, there’s a huge chance that I’ll see it.

When it comes to factors like immediacy, lifespan,  audience, bandwidth, and sychronity they are all important, but are different for different messages.  If I’m setting up a meeting or working on a project, immediacy and bandwidth are hugely important (thus, face to face or IM are best).  If I’m discussing something of interest to me, asychronity, lifespan, and audience are the most important factors (thus, mailing lists, forums, Pibb, and IRC are best).  There is no “perfect” communication form – all have their place.

I have requested that people use post/page comments for debugging/feature requests on my projects.  This is because a comment is almost as good as blogging something (it can be used by others who may benefit) and is searchable.  It also reduces the chances that I get asked for the same thing a bunch of times – others can see what is being discussed (which, incidentally, in the same reason I love GetSatisfaction).  Pages + comments are almost as good as (in fact, in many cases, I feel are better than) a wiki.

This is a repost of the Pranketh avoid article.

The Problem

If Pranketh’s existence proves anything, it is that email is not the safest medium around. It has always been relatively easy to send an email that says it came from someone it did not, similar to the way one can write any return address on an envelope when sending a letter. So, now that Pranketh has made this problem very obvious, how can one determine if an email is what we call ‘spoofed‘?

Some email providers and programs show warnings on messages that may be spoofed, but the problem is that detecting spoofing is more art than science. A legitimate email may be spoofed (for example, if you write Pranketh and we write you back, we are actually writing you from our GMail accounts, but it will appear as though it came from Pranketh, which, in reality, it did) or a spoofed email may not be detected (because it also spoofs whatever the automatic detection system uses).

Message Headers

First of all, you’ll want to view what we call the ‘message headers’. Some of them (From, To, Subject) are always visible. Depending on your program, different ones will usually be hidden. The option to view them all may be called ‘View Message Headers’, ‘All Message Headers’, ‘Original Message’ or something similar. Below are some screenshots for two popular email services (more will be added as time goes on) :

View Headers in GMail

View Headers in Evolution

View Headers in Eudora

View Headers in Outlook

View Headers in Outlook Express

Now that the headers are visible, there are a few key things to check for. The first is a special header added by Pranketh to all emails it sends. If this header is there, we can be sure the email was sent using Pranketh! The line will likely be near the bottom and will look like this :

X-Joke: This email is not from whom it appears to be from. It was sent from pranketh.com.

What if someone is spoofing you without using Pranketh? Thankfully, there are other things you can check. You should see if there is a Return-Path header, similar to the following :

Return-Path: <singpolyma@sunkist.dreamhost.com>

The email-address-like part of that should be similar to who it says it is from (it does not have to be an exact match, but should be similar). If it is not similar at all (i.e., the above is on an email that says it is from bill@microsoft.com) then the email may be spoofed (see the next section for more on that ‘may’).

Another header to check for is ‘mailed-by’. For example, if an email claims to be from a GMail address it may have a header like the following :

mailed-by: gmail.com

That’s pretty simple.

If none of the above is present, or if it all checks out, you may want to checked the ‘Received’ section. It will look something like the following :

Received: from smarty.dreamhost.com (d06184b1.dreamhost.com [208.97.132.177])
by spaceymail-mx3.g.dreamhost.com (Postfix) with ESMTP id 8EF98188FC7
for <feedback@pranketh.com>; Wed, 16 May 2007 16:29:36 -0700 (PDT)
Received: from sunkist.dreamhost.com (sunkist.dreamhost.com [208.97.175.14])

by smarty.dreamhost.com (Postfix) with ESMTP id 7E510EE2C4
for <feedback@pranketh.com>; Wed, 16 May 2007 16:29:36 -0700 (PDT)
Received: by sunkist.dreamhost.com (Postfix, from userid 1429516)
id 81E63402A3; Wed, 16 May 2007 16:29:36 -0700 (PDT)

Notice how there are many references to dreamhost.com. That is because this email was sent from an address that lives there (actually, it was sent by Pranketh). A GMail email will have gmail.com, google.com, or googlemail.com there instead. A Hotmail email should have hotmail.com, etc.

Maybe Spoofed

Why in the above paragraphs did we say that if any of that was true the email ‘may’ be spoofed? Well, remember, detecting spoofing is more art than science. My email addresses all live on dreamhost.com and I send most of my email through GMail, but my email addresses are all at singpolyma.net. So how can you tell the difference between an email that’s spoofed on purpose by the person that owns it, or an email that is not from who it says it is? The best way is to check emails that you know are really from them. If they are spoofed in a similar way, then the email is likely legit. If they do not normally spoof their emails, or if the spoofing looks a lot different than normal, be very suspicious.

If you are not sure an email is really from someone, write them and ask if they sent it. That way, you can be absolutely sure.

Spread the Word

A lot of people trust email every day. It is our responsibility as people who know how to detect spoofing to spread the word. Link to this article, post it on your site, email it to friends, review it, translate it, anything that you think will get the word out faster!

We only ask that you give us credit and link back to this page according to the terms of a
Creative Commons Attribution-ShareAlike license.

How to Avoid Getting Pranketh’d, Scam’ed, or Phish’ed by Pranketh is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Part of the big buzz surrounding Web 2.0 has been pull alerts as opposed to push alerts.

Push alerts / messages –  I send you a message.  This is how email and IM work.  I choose when, where, and how the message is sent and largely control how you receive it.  I send an email, you get it in your inbox.

Pull alerts / messages – I send a message which may (or may not) be intended for you primarily.  You decide when, where, how, and IF you receive it.  This most common form of this is RSS/ATOM feeds.  I publish to my blog / Twitter / whatever and you subscribe to me if you want to.  You can receive alerts via email, IM, Xanga, Facebook, Google Reader, BoxtheWeb, Sage, or a myriad of other options.

Some have said that push alerts are dying.

This makes some sense.  When I post on a forum, I don’t want to have their system email me every time there is a reply (email/push).  What I really want is to have easy access to a list of posts replying to mine to look over (RSS/pull).

However, this can go a bit too far.  Pull IM does exist to some extent, but it defeats the purpose.  I want you to see something NOW, it’s URGENT, INSTANT.  Pull does not fit this.

Push alert systems, however, just refuse to die!  Facebook/Myspace messages/wall posts.  Blog comments.  New friend-group messaging systems like Pownce.  Push is extremely popular.

The masses are rarely right, but perhaps we shouldn’t brush off push alerting altogether at this point.

Why is it that while we all love IM systems (geeks especially loving our fair Jabber) we still use telephones? Is it that we like the voice aspect? Well, most IMs have that option. I don’t even like that option. So what is it then?

You don’t ‘turn on’ a telephone.

It’s just on. So if someone is home and you call them, you will reach them. No problem. With IM you have to wait for them to be online… what a pain.

Some systems have tried to overcome this with hardware, the Skype phone being a prime example. This works well as long as people can be made to understand that they must leave their computers on ALL the time for it to work. I can’t help wondering though, could this be similarly overcome directly from text-only IM software?

I think it can, but we will have to change the way many people think about IM. It seems that to many people, IM only works when a person is actively at their computer (which is mostly true at this point), so when someone is set to Away, etc, they do not initiate conversation, or even send a message. But what if the programs tried to ‘call’ a person the way a phone does when it rings? What if Jabber clients (or other IM programs) turned the volume up on your machine and played a really loud sound when someone initiated a chat while you were set to Away? They could then send an auto-message to the person telling them that the person they have started chatting with is away and it is trying to call them 1…2…3…4…up to a configurable number, then, please leave a message (easy to do in Jabber).

We would have to retrain ourselves to leave the computer on and signed in during all waking hours (or all hours period for Google Talk where offline messaging still doesn’t work). We would have to retrain ourselves to try talking to people set to away, we would have to be willing to ‘run to the computer’ when it ‘rang’ just as we do with our phone. We wouldn’t have the conveniance of cordless like we do for phones (not at first anyway), but we would save ourselves so much time and effort… and maybe finally kill ‘real’ telephony.