Jennlog

For the latest example of a business causing no end of insanity and aggravation due to their inability to correctly verify and/or validate the ownership of email addresses submitted by their members, I present the game company — BioWare.

Bioware Spam

Whenever BioWare email escapes my anti-spam appliance’s blackhole, I send a fresh complaint to remove my email address from their system to the newsletter@bioware.com and privacy@bioware.com email addresses. After over ten attempts, I’ve never received a response or noticed any action.

BioWare claims to provide a “do it yourself” method of “Changing the community updates and information preference” (aka Unsubscribing) for your forged email address, but the instructions are impossible to follow:

Impossible Instructions

If you follow the instructions provided in the above image and visit accounts.bioware.com/my_account/newsletter.html, you are told that you need to be logged in to their system. The login requires you to know both the forger’s Community Name and the forger’s Password.

Ooops, BioWare needs you to be psychic.

So, not being the person who created the account with your email address, you visit BioWare’s Community Name and/or Password Recovery page at http://accounts.bioware.com/login/retrieve.html:

Hey, you said you were psychic, right?

While this exercise seems easier than Yahoo’s impossible request of trying to guess the forger’s location and birthdate to recover the account info connected to your email address, guessing the forger’s user name or password is just as unlikely.

So, you are left with the opportunity to contact BioWare at whatever email addresses you can find, to request they remove your fraudulently collected email address from their systems. And as experience has shown me time and again, BioWare ignores all email.

Again, sadly the final solution is adding email servers to my anti-spam appliance blackhole list as a result of some Internet service’s inability to verify their own users’ information.

Hopefully this is the last time that Yahoo contacts me about this Yahoo Photos account that they allowed a forger to create with my email address.

Yahoo marketing email to some random person who forged my email address

Yahoo has always been one of the worst when it comes to authenticating eyeballs into members.

Not only does Yahoo make it dead easy for their eyeballs to submit forged email addresses while completing the account sign-up process, they make it impossible for email address forgery victims to have these fraudulently created accounts closed (by requiring the email address owner know the account user id, physical location and date of birth of the forger).

On June 11, I wrote about receiving a response from Americangreetings after my latest complaint about their “service” allowing and enabling random people to forge my email address to send their”greetings”.

Their response suggested that I should reply to their email message and my email address would be banned from their system within three days. Sounds like a sweet deal, huh? To solve their abuse of my email address, I need to send them an email request to ban me.

So, I replied to their email thinking it would finally stop their abuse of me within three days. (oh, and in an additional “customer service” email, they added that if I didn’t reply to the block request email, they would not be legally responsible for continuing to facilitate the forgery of my email address ** … WTF?)

Well, it’s been five days and all I received for following their directions to rid myself and my email address from americangreetings.com was a bounce message from Postini or american greetings, I’m not sure.

Date: Sat, 16 Jun 2007 14:34:48 -0400 (EDT)
From: Mail Delivery Subsystem
To: jenn@jenn.com
Subject: Returned mail: see transcript for details
Parts/Attachments:
1 Shown 10 lines Text
2 Shown 298 bytes Message, “Delivery Status”
3 Shown 2.4 KB Message, “Re: STOP EMAIL ADDRESS USE”
3.1 Shown 18 lines Text
—————————————-
The original message was received at Mon, 11 Jun 2007 14:23:31 -0400 (EDT)
from exprod8mx36.postini.com [64.18.3.136]

On Mon, 11 Jun 2007, blocksend@americangreetings.com wrote:
>
> To confirm and finalize your request to STOP EMAIL ADDRESS USE from AmericanGreetings.com for
> jenn@jenn.com , follow these instructions:
>
> 1) Click on your email REPLY button
> 2) Send the email message
>
> Once we receive your confirmation, greetings will no longer be sent or received from the above
> mentioned email address within 3 business days.
>
> If at any time you wish to use this email address again on AmericanGreetings.com, please contact
> http://www.americangreetings.com/customer/emailus.pd.

It would seem the email address that americangreetings.com tells people to reply to, doesn’t exist.

And after looking at americangreetings.com email headers, the server name they use to connect to other email servers is forged and doesn’t exist either:

Received: from orca.agcom.amgreetings.com (incoming.netdesign.com [204.225.134.252])
by wazoo.netdesign.com (8.13.1/8.13.1) with ESMTP id l5BIRrvG019977
for ; Mon, 11 Jun 2007 12:27:53 -0600
Received: from kana4.ag.com ([10.10.1.82]) by orca.agcom.amgreetings.com with Microsoft
SMTPSVC(6.0.3790.1830);
Mon, 11 Jun 2007 14:27:47 -0400
Message-ID: <24653489.1181586467442.JavaMail.root@kana4.ag.com>

American Greetings’ commitment to customer service clearly rivals the effort they expend on authenticating the ownership of their customers’ email addresses or their interest in providing real address information to other people’s email servers.

I guess the only path to resolution for me, as someone who’s email address is commonly forged by their users and will continue to be forged by their users, is to prevent the spam and notices from annoying me — to become blissfully ignorant about americangreetings.com continuing need to render services in my name without my knowledge or permission.

Therefore, I should probably remove the old americangreetings.com network blackhole entries and replace them with new americangreetings.com network blackhole entries … done.

** “Should you choose not to respond to this notification, please be advised that AmericanGreetings.com cannot be held legally responsible for the unauthorized use of your email address if the problem continues.” — from the accompanying AmericanGreetings email.

Several years ago, after a rather annoying week of having one of my email addresses used to send many americangreetings.com “greetings” to unknown masses, having my email address added to americangreetings’ spam list and then wasting a bunch of time complaining bitterly to americangreetings.com with no results, I added americangreetings’ IP blocks to my anti-spam appliance’s blacklist.

I guess they’ve changed IP address blocks since, because I received an email last week saying that I’d sent some person a “greeting” from americangreetings.com. Of course I complained bitterly, noting that in all this time, I was disappointed to experience that they hadn’t implemented any sort of email address validation that would authenticate their user’s ownership over an email address used to generate “greetings”.

A few moments ago, I received a response from americangreetings.com proposing a solution (an evolution from 1999). Their method to prevent email address forgery is to ban everyone, including me the owner, from using their product with my email address. Elegant.*

I suspect that americangreetings.com neglects to authenticate their users because they realize that if they did implement a real email validation step before allowing anyone to send a “greeting”, they’d lose 50% of their traffic because the barrier to use vs. usefulness would be too high for most of their users.

When I wrote the mailing list sign-up routine for Yallery’s Alpha home page, I made sure that all the email addresses submitted to us are validated. About 70% of the email addresses in the list have been validated and will receive email from us as soon as we have something to say. The remaining unverified email addresses will be culled after 30 days.

I wish more Web businesses would value real members vs. eyeballs. Eyeballs forge my email address, members do not.

* This is the same solution used by AOL after I learned that the maximum number of AIM accounts allowable had been created by my email address (and none of them were owned/created by me).

Update:

The original message was received at Mon, 11 Jun 2007 14:23:31 -0400 (EDT)
from exprod8mx36.postini.com [64.18.3.136]

—– Transcript of session follows —–
451 4.4.1 reply: read error from ag28.americangreetings.com.
<blocksend@americangreetings.com>… Deferred: Connection reset by
ag28.americangreetings.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

heh.
sigh.

My car was towed back the body shop as of 10pm tonight.

In my now never-ending saga courtesy of the accident and lingering repairs, my car died as it was climbing one of the roads near my house, west of 9th. It made it half way up… revved up until I took my foot off the gas and then rolled backwards as if it were in neutral.

Based on a few google searches, and going by the color of fluid pooled on my driveway and tracing my 1000′ travels tonight — My 2002 Subaru Outback’s transmission is now goo.

This after nearly $16,000 in repairs, all beginning in October when I was cut off on Baseline, sending me and my car into the air and over a 5′ ledge.

Pre-blog Car Drama
I suspect that it was to the insurance company’s benefit that collision estimates are done incrementally, as they “peel the onion back”. Because once work begins on a $5000 job, if the job cascades into a four month, $16000 job it is still cheaper for them than paying for a “write-off”. Also, it would be worth taking the chance that the car owner would want to pocket the first check offer and “drive off” with their car, unfixed.

I was offered a chance to take the first $5000 check based on the first insurance work assessment. If I would have accepted the offer, I would have got the $5000 and a severely damaged car as it was, without having any work done on it. Apparently that would be the last and only cash I would have seen. Even I figured there was more than $5000 damage to my car. Silly insurance company.

Beginning in November, the body shop has gone back to the insurance company to get permission to work on three rounds of incremental $5000+ work orders. I was able to drive my car out of the bodyshop for the first time since the accident in February.

Working the Numbers
My ex-perfect car, now with just over 28,000 miles on it, has been in the shop for unscheduled “maintenance” twice in the last two weeks. The last time was after Subaru discovered “a damaged Y-Pipe pushed in from what looked to be a collision. And, they’d be happy to fix it for $550.” So, the body shop and the insurance company agreed to replace it.

I’ve gotta say though, that the car looks cosmetically perfect. Almost as good as it did before the accident. But it’s never run the same since and now I don’t have a car again.

I guess I’ll find out what the real story is between meetings tomorrow. I suspect there’s another thing that they neglected to find in their many superficial inspections in/near the engine or transmission that just decided to blow up when I started my car tonight.

At this point, even though the insurance company valued my car at $21,000, taking the $16,000 and my dead car is beginning to look like it might have been a better outcome had they not been, say, $11,000+ (!!!) off on their initial repair estimate.

Sigh.

It seems I can’t read a web page now without downloading some 3mb flash or video broadway production about my bills, some pills or a newly annoying product that twitches in a desperate fight for my attention. If a Web producer or advertiser wishes to reach for the SuperAnnoying trifecta, they can add audio that congratulates me on winning their FREE*(tm) prize of the day.

Why do advertisers, and seemingly content owners & producers, feel that I must endure the download of a 3mb full motion video or Flash game to view their text? If this is to be the meaning of “multimedia” or “rich media” or whatever the buzz term is this month, then “the Web” is no longer an economical or efficient medium for (ad-supported) text distribution.

I’ve just had my streaming radio (Virgin Radio Classic Rock to the livingroom Squeezebox) interrupted yet again by a web site that decided that the 30K of text on its page was worth a monsterously sized ad download at whatever rate they felt was expeditious enough to dominate and degrade my connectivity.

I’ve had browsers lock up and be unusable until the entire 3mb of some forgettable Flash ad has been downloaded for display in one of its windows or tabs.

The asymmetric use of bandwidth for ads vs content doesn’t seem to be on a lot of people’s minds. I think the introduction of banner ads caused more of an uproar (and Wired magazine/HotWired is mostly to blame for that) — a common question was “Why are you doubling the size of my download by inserting a 10K gif at the top of your page???”.

I’ve started closing webpages whenever a 3MB ad starts selfishly messing with my whole Internet experience. Hopefully, in time, other Internet users may too. Then, and only then will the advertisers begin to think of the Internet experience rather than gaining “impressions” through monopolizing people’s Internet connectivity.

Gauging by the amount of energy required to serve a 3mb ad for 30k of content, Google text ads may be the most economical and environmentally friendly way to financially support web sites ever developed — maybe even Google’s “greenest” product innovation in comparison to the alternatives.