why i only accept plaintext email (and why you should, as well)

a couple days ago, a friend mentioned the fact that i only accept plaintext email, and asked if HTML email was against my religion. i said “yes”, and this is why i don’t accept rendered, HTML-formatted email. it is a story with a moral at the end, so pay attention.

today, i got an email that said it was from “DHL Customer Support <support@dhl.com>” and the subject line was “DHL Shipment Notification”…

keep in mind that the “From:” address is one of the easiest things about any email message to forge. among the other easy things to forge are the “Subject:” line, the “To:” line, and the body of the message, which is one of the reasons it’s not uncommon to get spam from “yourself”.

the spam i got contained the following message:

Notification for shipment event group “Delivery Exception” for &email&;
Dear Customer,

This is a notification that your package has experienced an exception, kindly follow the link to update your address: https://www.dhl.com/address_update

however, because of the fact that i only accept plaintext email, this is what i saw:

<p align=”LEFT”><span style=”font-size:12px;”><span style=”font-family:times new roman,times,serif;”>This is a notification that your package has experienced an exception, kindly follow the link to update your address:</span> <strong> </strong><font color=”#0000ee”><strong> <a href=”https://chicagoturfpros.com/wp-includes/css/dhl/login.php?login=ganesha@hybridelephant.com”><span style=”font-family:times new roman,times,serif;”>https://www.dhl.com/address_update</span></a></strong><span style=”font-family:times new roman,times,serif;”> </span></font></span></p>

for those who look carefully, particularly at the bigger sections of the text, you will discover that there’s a link — a href= — and the target of that link is chicagoturfpros.com…

BUT the apparent target of the link is actually dhl.com. this is compounded by the fact that SOMEONE has taken a lot of time and care to make it look like the dhl.com web site, even though it isn’t.

180513 badware
180513 badware

if i accepted rendered HTML-formatted email, i, very likely, would not have seen the fact that, instead of going to dhl.com, i was actually going to chicagoturfpros.com — WHICH IS EXACTLY WHAT THE SPAMMERS WANT TO HAPPEN!

because of the fact that the link also includes my email address, there is also the very strong probability that: 1) i would have clicked the “update address” button without noticing that i’m giving my personal information to “chicagoturfpros.com” or whoever is controlling their web site, and 2) even if i didn’t click the “update address” button, my email address is now a part of the web log for “chicagoturfpros.com” (or whoever is controlling their web site), which means that, even if they didn’t get my personal information, they have what is now a “valid” email address, with which they can, then, send me more spam.

because of the fact that i DO NOT ALLOW rendered, HTML-formatted email on my computer, they (whoever “they” is) don’t get ANY information from me.

which is precisely why you should NEVER allow your email client to render HTML-formatted email.

if you have a regular email client, not accepting rendered HTML-formatted email should be as simple as going to the settings and deselecting “Use HTML by default” or whatever your email client has (this is one of the differences in all email clients). if you use IMAP (web mail) you may or may not have that capability, so your mileage may vary. i very strongly recommend that you use an email client which is compatible with IMAP, and reply from that, even if you do use web mail. it makes things a hell of a lot easier, especially when you’re dealing with spam and identity theft.

i realise this is a lost cause, and that pretty much everyone sends, and receives HTML-formatted email by default, these days, but identity theft is still a MASSIVE problem, and it’s only being made worse by the default preponderance of HTML-formatted email. if you don’t want to have your identity stolen, ONLY ACCEPT PLAINTEXT EMAIL. it won’t guarantee that your identity won’t get stolen, but it will go a long way to make it a lot more difficult to do so.

this has been a public service announcement.

ETA: wordpress is concerned enough about my security that, yesterday, it sent me three notices concerning the fact that the link i provided above, which isn’t even a link, but just a text representation of what the link looks like, is a security risk, and offered to delete the page for me. THAT’S why i only accept plaintext mail. 👍

for further information, read In Apple Mail, There’s No Protecting PGP-Encrypted Messages which gives a contemporary example of why HTML-formatted email is evil.

maque asked me to build a bullroarer

maque asked me to build a bullroarer. i may have gone a little bit overboard…

i built a 30″ bullroarer. it’s big enough that i had to order special rubber bands to finish it. then, when i realised that i had to wait for the rubber bands to be delivered, i went crazy and spent two days going various places searching for a suitable alternative.

180506 30 inch bullroarer
180506 30 inch bullroarer

it’s a lot quieter than i expected. i’m going to have to build a smaller one, like this:

to see if smaller helps it be noisier.

केत्छुप्

i got new glasses about 2 months ago. they’re round, for the first time since the 1990s. they also came with polarised brown “clip-on” sunglasses. i thought they looked really cool, and they matched the brown cap that i had been wearing…

but i quickly noticed that i was feeling REALLY depressed… like last year, when the smoke from the forest fires was so prevalent. i looked up and the sky was the same colour brown, and it felt like i was being opressed and couldn’t get away.

i did some research, and talked to a few people, and came to the conclusion that there is a modicum of truth to the old aphorism about “looking at the world through rose coloured glasses”… only these were crap coloured glasses.

so i ordered a set of grey clip-on sunglasses, and when i first put them on, i noticed a PROFOUND difference, almost immediately.

i moved stuff around in my office, in an attempt to make things easier to access. i’ve now got my main desktop computer, my amplifier and my printer on shelves, right next to the monitor, and i moved the speakers so that i’m more in the “sweet spot” when i’m sitting at my desk than i was before. i still have to figure out where my laptop is going to live, because it had been on the desk where the desktop computer is, now. for the moment, it’s folded up and sitting in one of the shelves, to my left. it’s okay there, for now, but i’m fairly sure that, when i actually have to use it for more than a few minutes, like a couple of days in a row, i’m going to have to figure out a new spot for it, because where it is now is not good in the long term. i have been thinking of going to ikea and seeing if there are some half-shelf inserts for the expidit (now called “kallax”) bookshelves, because i could probably make better use of some of the shelves if there were half-shelf increments in a couple of places.

i celebrated moving stuff around in my office by spending a few days digitising vinyl records. the turntable fits a lot better on the right side of my desk than it did on the left side, and it is ORDERS OF MAGNITUDE easier to connect to the amplifier and computer. however, for some, unknown, reason, my internal CD/DVD ROM is not working correctly, so i can’t archive anything, once i have digitised it.

i sent out three emails to different agarbathiwalas that i know, who had expressed interest in the HPOI when i got it, but now that i actually have it in hand, i haven’t heard anything from them for a couple of weeks. i figure i can wholesale them for $25 a dozen and still make a profit, but if i haven’t heard anything from my email contacts soon, i’m going to try places like the Pike Place Pipe Palace, Tenzing Momo, and Zenith Supplies.

the weather has gotten nicer, and i am walking more, but i like to walk at sunset, and sunset is getting later and later as spring progresses. i like walking at sunset in my burnoose and djellaba, and being invisible. i’m also taking a basic circus skills for handicapped adults class, at SANCA, which is really cool, but i’m getting worn out by it really quickly. i really want to start going to the gym again, but i haven’t done it yet. 😕

politically, things continue to get worse, on a minute-by-minute basis. the probability is very high that congress will flip in november, which will mean that #drumpf will, in all likelyhood, be impeached, which will mean that mike pence will become president, which is an even worse proposition than #drumpf, in terms of human rights and the environment. whatever happens, we’re screwed, and will continue to be screwed for the forseeable future. when they said “emanentise the eschaton” i didn’t think it meant “by any means possible”. 😠

Rule 3

an example of Rule 3, spammers are stooOOpid…

at 3:24 pm, today, this happened:

180501 stupid crack attempt
180501 stupid crack attempt

at 3:26 pm, today, i blocked 88.99.0.0/16 from accessing my web site.

you may not fit the definition of a spammer, but you are definitely stooOOpid. is it possible that you are a machine? you have not done your owner a favour, you know.

HPOI have arrived!

and there was much rejoicing…

180423 75kg of incense
180423 75kg of incense

it actually doesn’t look like that much incense, but remember… 75kg = 165.3467lb — these boxes are dense

180423 package numbers
180423 package numbers

they have weird packing in india… all of them are labeled “CNT:NO1/3” but each of them have a different CNT:NO… i would have thought that CNT:NO1 would be labeled CNT:NO1/3, and CNT:NO2 would be labeled CNT:NO2/3… but i have never shipped anything from india before, so who knows. what i do know is that i had to pay ANOTHER fee before i was able to pick them up, which brings the grand total cost to $1,815.75, or $1.12 per package…

which is still pretty respectable, considering that, as far as i have been able to tell, nobody else in the united states sells these incenses online, and i can probably retail them for $4.00 a piece, or wholesale them for $25 a dozen. 😉

180423 contents
180423 contents

i haven’t opened them all, yet, but i opened this one because it’s one of my favourite incenses. they used to make 999 Lord Krishna Puja Dhoop, but they don’t any longer. fortunately they use the same recipe to make sticks, so i’ve got my supply. 😉

i understand why mr. joy wanted to send me more incense. the three boxes didn’t even fill up one pallet, and it would cost pretty much the same to ship three boxes or thirty boxes. i can see that, now… of the $1,815.75 that i paid for it, only $771.00 went to MSDF, and $1,044.75 went to various different freight companies. it would have been much better for me to order twice or three times as much incense, because i would have had to pay the same amount to ship it…

next time…

or not… 😕

the enlightened rantings of a brain damaged freak