Pobox Blog

Diary, Datebook, Ledger: Email is your Historical Record.

2011-11-10T12:58:00.000-05:00

I was helping my mother clean out the office of my great-aunt, who recently passed away. After spending the afternoon tackling three filing cabinets of old bank statements, receipts and ledgers, we were expecting more of the same from the fourth cabinet. Instead, we were astonished to find her personal letters, spanning more than 60 years. Even more incredibly, she had typed all her correspondence using carbon paper, so both her letters and their responses were included.

My mother spent many months poring over those letters. Both the revelations of family history, and the minutiae of how her aunt had spent the days fascinated her. She said she wished she had been a more diligent letter-writer -- that some historical record had been formed of her years besides photographs.

At that moment, and during many others over the years, I was happy I started archiving my email in 1995. I reflect from time to time on what kind of record those archives are forming. The personal correspondence varies from brief "want to grab dinner?"s to multi-page ramblings; notices of births and photos and links to sites and pages that have long since been shut down.

In recent years, it's also become a chronicle of many more details. As more services, online and off, send email confirmations, patterns emerge -- what I buy, where I travel, my interests, the wisdom of the day. I get emails about restaurant reservations, clothing purchases, newsletters chronicling milestones for my baby. Imagine finding a cache of papers detailing how they thought babies should be raised at the turn of the century, how much your ancestors spent on items from the Sears Roebuck catalog (surely the Amazon.com of their day) or the restaurants they dined at.

Will anyone ever go back through these archives? I don't know. (I might end up deleting years of the most cringe-worthy material if I did.) The immediacy of a box of paper, versus files on a hard drive, is certainly undeniable. On the other hand, it's far easier to search email!

Do you keep your old email? Do you expect anyone besides you will ever read it?

If you don't keep an archive of your mail, but you wish you did, check out Mailstore Archive.

What to do if you get hacked.

2011-07-26T17:16:00.003-04:00

A friend of mine had her Hotmail account hacked today. A message went out to everyone in her address book, telling them she had been mugged in London, and could they possibly help her get back to the states? Needless to say, she was safe and sound in New York. However, scams that prey on your personal contacts are incredibly effective for quick scams. So, what can you do if your email account is compromised by scammers or hackers?

1. I can't overstate enough the importance of good, single use passwords for your email account. Keeping people out of your account will always be the best way to protect yourself.

2. Assume you won't have access to your primary email account. The first thing the scammers did was change the password on her account, so she couldn't log in. She had a second account set up, so she could still access her email, and tell people that she was ok. As a Pobox customer, you can always send mail out through us. You can also forward mail to more than one account. And, of course, if your forwarding address is compromised, you can always log in to your Pobox account and change where we send it (or keep it with us by upgrading to a Mailstore account.)

3. Make sure you have a copy of your contacts on your computer. Especially if you use a webmail provider as your primary email account, you may have many addresses that only appear in your online address book. Keeping an up-to-date copy on your computer means you can tell as many people as possible that everything is OK. (Find out how to export your contacts from Gmail, Yahoo! Mail and Hotmail.)

4. Set up security questions for all email accounts that are open. The scammers in my friend's case used her old Hotmail account, which was still active, even though Gmail is her primary email address now. She has still not been able to get back into the account, because she did not have secondary verification information set up. Update your Pobox security question.

5. Shut down your old accounts. An account you don't log into is the one you won't notice getting compromised, until someone calls you from out of the blue to tell you you're spamming them.

What should you do if you get an email from one of your contacts, asking you to send them money in a hurry? The best and easiest way to verify that they're ok is, as AT&T used to say, "reach out and touch someone." Pick up the phone and call; until voice replicators become common, someone's voice will be the hardest thing for a scammer to fake.

Getting hacked can happen to the best of us. Open wireless networks, getting online in a cafe, using an open terminal to print out a boarding pass from your hotel -- there are many, many ways a malicious user could get access to your password. Taking some simple steps now can help take the pain out of recovery if something should happen in the future.

Introducing Mailstore Archive!

2011-07-07T11:19:00.001-04:00

We're pleased to announce a new feature for Mailstore accounts today -- Mailstore Archive! Archive offers two new options, in addition to the standard delivery to your Inbox:

Inbox + Archive: to have your mail to go to both your Mailstore Inbox, and to your Archives folders
Archive Only: Don't send messages to your Inbox, just store them in your Archives folders

Archives can be separated on daily or monthly basis. We've been testing them in-house, so I'll tell you how we've been using them by way of example.

I read all my mail on Mailstore. I'm using Inbox + Archive, and storing my archived mail in monthly folders. Now, when I read my email in my Inbox, I only move messages that I need to be able to find quickly by topic into folders, and delete other messages as I deal with them or respond to them, and use my Archives folders as my stored copy.

Otto uses his Mailstore account as a secondary backup account. He reads his mail at one of his forwarding addresses, and uses his Mailstore account in case his forwarding address is unavailable. He uses Archive Only, and stores mail in daily folders, so he can quickly look at messages from the last day or two only.

Tim prefers managing his mail manually. After testing Archives, he switched back to Inbox Only, so his mail just goes to his Inbox, and he moves it to folders as he likes.

The standard behavior for all Mailstore accounts is Inbox Only right now, but we hope you'll check out the Archive options. If you turn on Inbox + Archives, we'll begin putting all mail that comes to your Mailstore into Archives folders. If you use Archives Only and you also use email filters to direct messages into specific folders, messages that are not assigned to another folder will go into the Archives folders.

If you have any questions about the new Mailstore Archive feature, or need any assistance, please let us know!

All About Email: How to Read Message Headers

2011-06-17T14:24:00.001-04:00

When we at Pobox Customer Service get a question about a particular message, one of the first things we usually ask is, "Can you send us the full headers of the message?" The full headers are a treasure trove of information, reflecting (nearly) everything that happened to the message from the time it was sent to the time you received it.

This week, we've rolled out a new Help section, How to Read Email Headers, to provide a map of sorts, so you can mine that treasure trove yourself. From the very basic question of "What are email headers?" to the super-advanced problem debugging of how to use email headers to figure out why you're getting two copies of messages, there's information at every level. Please check it out. If you have other questions about email headers you'd like to see featured there, just let us know!

Accounts get hacked. Don't let yours be next!

2011-06-07T13:58:00.000-04:00

Last week, I notified you about a policy change to our SMTP relay. We got a fair number of questions about it, so let me clarify why we made the change. Over the last few months, we have seen more than 30 paid, active-for-many-years accounts compromised and used to send spam.

At least once a month, a major web service announces that their email database has been hacked. (Most recently has been Sony; Gawker Media, which includes Gizmodo and Lifehacker; and Fox TV.) Analysts estimate that 20% to 35% of people use the same password for nearly every website. If you use the same password for your Pobox account for other accounts on the Internet, you have an excellent chance of your account being used to send spam at some point in the near future.

So, what should you do? Go change your Pobox password now. While you're at it, go change the passwords for any other email accounts you still have open. (Yes, that means the old Hotmail account you never closed down, too. Haven't you gotten apologies from your Facebook friends yet about the spam they've sent out?)

Make sure you use different passwords, or this post will be up again in another 6 months. But how are you supposed to remember different passwords for all the different sites out there? Like you, I do not have an endless memory for passwords, so I use 1Password. Prefer to go for a non-software solution? Here are some suggestions for alternate methods of generating site-specific passwords.

I know I harp on the topic of password security a lot. But it's a big, bad Internet out there, and there are a lot of folks who are interested in using your good name to spread viruses and botnets, sell Viagra, and scam your friends. Keeping your password safe is more than just good for you. It's good for everyone whose email address you have, from the person who last corresponded with you in 1996, to your boss, mother, and best friend.

Spam and Security: Changes to Pobox Outbound Mail

2011-05-27T15:18:00.003-04:00

You can use Pobox to send your mail, by setting up your email program to send messages through smtp.pobox.com. If you use smtp.pobox.com, I wanted to make you aware of a recent change.

When you run an email service, you are constantly doing battle against spam. There's the spam that people try to send to Pobox accounts. And then, there's the spam people try to send FROM Pobox accounts.

The Pobox SMTP server has always filtered mail from trial accounts, as spammers and phishers love to try to take advantage of the reputations of legitimate email providers. Of late, though, we've seen an increased number of active, paid Pobox accounts being abused by spammers. (So you don't worry, "increased" here means from a couple a year, to a handful a month. Hardly a rash.) Whether it's caused by a virus getting installed on their computer or a phisher stealing their password, a compromised account can quickly send enough spam to cause a problem.

As such, we have recently changed the policies for mail sent through smtp.pobox.com. All outbound messages are now being checked by Cloudmark, which looks for "signatures" (URLs, phone numbers, email addresses, domain names, unique phrases, etc.) found in messages that have already been reported to them as spam. Accounts that have several messages flagged by Cloudmark in a day have their SMTP privileges automatically suspended.

This change is for your protection, as well as the protection of all customers who send mail from the SMTP server. Even a small number of spam complaints can adversely affect our ability to get the messages you send delivered to your correspondents' Inbox. And the accounts actually compromised by spammers could see their email address's reputation severely maligned.

However, Cloudmark, like all spam filters, is never 100% accurate. If you send a couple of messages misidentified as spam, your account shouldn't be affected. But, if more than a handful of your messages are misidentified as spam, you may see your SMTP privileges temporarily suspended. You'll be notified via email, and copy of the message will be sent to Pobox Customer Service for their review, and we will reinstate accounts that have been incorrectly deactivated. But, feel free to email us if you think the situation warrants an explanation.

Because this change can cause your SMTP privileges to get suspended, I will take this opportunity to remind you that the SMTP server is never to be used to send bulk messages. If you are CCing enough people, even a single message identified as spam is sufficient to get your SMTP privileges suspended. If you have a CC list that you regularly send mail (and it's more than a few people), we strongly encourage you to set up a mailing list.

Email Etiquette: on the Subject: of (no subject)

2011-05-06T16:43:00.000-04:00

In November, Facebook announced Messages, their email-that's-not-email. They specifically touted how it didn't have subjects, CCs or any of the other overhead or required bits of email -- just you, the name of your correspondent, and what you want to say. Yet, when I was surveying the staff for new blog topics, Mark offered this idea:

How about this? The fastest way to get me to ignore your message is to send me an email with no subject... or even worse, Subject: (no subject)!

I can see both sides of the issue. On the one hand, I've sat there with a fully written message, agonizing over a subject line, or just wanted to send someone a link, and ended up with the "I thought you'd find this interesting" subject. On the other, I've gotten an email with no subject, and had a moment of worry about whether I was about to open a virus or spam message.

I also do customer support for our email marketing service, Listbox.com. In email marketing, you would never send a message without a subject. Your subject line is your tiny billboard, your hook, your teaser to get people to open your message. In the same vein, when following up with Mark, he clarified that what he really meant was he would never open a message from a stranger without a Subject. But those are precisely the Subjects that are most difficult to write! If I could convey my entire thought in a line, I would just tweet at you, not email.

I spend a lot of time writing for other people -- email, IM, texting, with customers, business associates, family and friends. You learn to read the cues that other people are sending, and adjust appropriately. But when you send messages out into the void, there's no history to draw on... hence the sweaty-palmed subject agonizing.

How do you feel about Subject: headers? Are you grateful to Facebook for freeing you from their tyranny? Are they a critical part of the email experience for you? Or are you perfectly ok with getting an occasional Subject: (no subject)?

Spam and Security: What the Epsilon breach means for you

2011-04-07T15:37:00.001-04:00

Last week, I started getting notices from websites I use (Tivo, Target, one of my credit card providers) saying, "Our email provider has been compromised. Your email address may have been stolen." Epsilon, one of the largest providers of online marketing services, including email marketing, had been hacked. See a list of more affected brands.

All the emails were quick to say, "No account information has been stolen! They don't have your password!" So, you might be inclined to just delete them without a second thought. But this should actually give you a reason to worry -- about spear phishing. Some of the tips we generally give you about avoiding phishers, like look for personalized information, is exactly what has been compromised. So, if you get an email "from" your bank, that looks just like all their other messages, and addresses you by name -- it still might not be safe.

So, what should you do? The best advice I can give you comes from the X-Files: Trust no one.

The information you want to be most cautious about protecting, your passwords, is something you might not even think about giving out. For many of us, it's second nature to click on a link in email, then fill in our username and password at the page it takes us to. That's exactly what scammers count on.

What will protect you?

Typing in the URL of the website in your web browser. (Yes, you can use a bookmark, too.) In fact, if you always do this.... I won't guarantee that you never give up your private information, but you've gone a long, long way towards avoiding it. The way phishing works is by tricking you with visuals -- making the email and the web page they direct you to look like one you trust, when it's actually one the scammers control. If you don't click the links in their emails, you're off the hook!

Can you ever click a link in an email safely? Maybe. There are lots of links that direct you to pages (help pages, product pages) that aren't asking you for login information. But, remember, target.com, target2.com and target3.com could have totally different owners, so just because the URL of the page you're at looks almost right doesn't mean it's legitimate. And once you've visited a page or two, if they ask you for login information, you may not think about how you've gotten there.

Never email your account password, credit card or bank information. That's right. Never. No legitimate organization should ever ask you for your password. If they need to ask you about your credit card or bank information, the most they should ever do is provide card type and last 4 digits, and ask you to confirm it. If you need to make a payment, type in the URL of the site, and go to their pay page. They don't have a pay page? They should be able to accept a payment via PayPal. Still no? Then you're not dealing with a legitimate business.

What doesn't help?

Pages that know your username/email address. This is the big fallout from this security breach! Now, the parties who hacked the Epsilon database know that you are a customer of TD Ameritrade, Chase Bank, Citibank, [insert your financial institution here] AND they know what email address you use to log in. So, just because some piece of uniquely identifiable information is in the page doesn't mean that it's legitimate.

Looking for the "lock" icon in your browser. A lock icon on your web browser just indicates that the page is sending its information securely. Scammers can use encrypted traffic just as easily as a legitimate site, and a lock in NO way indicates that you're dealing with a legitimate business.

Pages that "look right". Scammers can, and do, replicate every element of a web page trying to fool you into thinking you're on a legitimate site. Logos, graphics, banners, fave icons.... none of these are indicators that the page you're on is associated with the business you're looking for.

A Valentine from Pobox Customer Service

2011-02-14T16:37:00.000-05:00

After last week's post about spreading love with email, Pobox's own Kate Marstin was inspired by someone she really loves -- you!

Dear Poboxers,

Valentine's Day seems like the best time to tell you all what I've been thinking. I've been keeping my true feelings to myself. I think that I might love you, customers.

When I first got this job many years ago, you intimidated me. Being part of the public face of Pobox was nerve wracking. I was never sure where I stood with you.

I still remember the first day I thought I could do this long-term. I had been down all day after a rather mean message came in from a customer, after I had worked very hard on her problem. I remember thinking, "perhaps, I'm not cut out to do this job." Then, she wrote back to tell me that one of my solutions had worked after all! She also apologized for her other message and thanked me. A couple of days later, a card arrived at the office -- via postal mail. She had written again to thank me. I saved that card as a reminder to myself to never give up on your problems.

When I was working every day, I felt a thrill when I'd help you with an issue that was difficult to track down and resolve. I'd notice happily when you sent a thank you email and tell my family about it later.

If I got one of your ideas implemented, I'd be glad that I had made you happy. If our technical staff turned down an idea, I'd try to go to bat for you. If they still said no, I'd be upset and sympathize. My coworkers and boss were my friends, but you were my priority. You were the ones who made it possible for me to get up every day, happy to go to work.

Even though we don't get to spend as much time together now that I'm only handling tickets on the weekend, I wanted to let you know how important you are to me. Thank you for making me happy to talk to you every day for so long. You all deserve my best support just for being customers. I made the cookies, though, because your kindness keeps you in my heart always.

Love and cheers,
Kate Marstin
Pobox Customer Service
pobox@pobox.com
http://www.pobox.com/

Kate, those cookies are incredible -- and she made enough for us to share with you! Have a valentine for Pobox Customer Service that you'd like to share? Put it in the comments. We'll pick a random customer to get a package of Kate's homemade treats. Happy Valentine's Day!

Spreading Love with Email

2011-02-03T16:13:00.006-05:00

Valentine's Day could be the official holiday of Pobox -- we've been loving email so long, we're due to send it a silver teapot. Valentine's Day isn't just about flowers, chocolates, and stuffed teddy bears, though. Why not use technology to give the Valentine's gift that can touch even the most jaded cynic, the love letter? I'll even give you a few ideas to get you started.

1. Start today, and send your sweetie "10 things I love about you" by the 14th.

2. Do you save your old email? Go back through your archives, and forward some favorite messages from your early courtship.

3. Email the lyrics to "your" song.

4. Send a picture. In the age of digital cameras and smartphones, a picture can say a thousand words, so be effusive about your love. Or, for another take on idea 2, scan in photos from your first months together, if your love goes back to the pre-digital era.

5. Ask his or her friends, via email, about your valentine's best trait. Then compile and send to your loved one.

Let's see how easy it is to write a short and sweet note, by examining one I've written on behalf of us all to something we hold dear around here.

Dear Email,

You're still our #1 main squeeze after all these years! You're there for us all day, every day, handling all the details of our lives without complaint. But you can also still send a thrill through our hearts with those 3 little words -- you've got mail.

XOXO,
Pobox

It's not just cupids and hearts, though. Email can help you handle the practical side of love, too. Pobox Plus and Mailstore users can use Delivery Groups to set up an address that forwards to both members of a couple. Lots of customers have used them to set up addresses when planning their wedding. They end up keeping them because it's awfully handy to give out one address that can reach you both, without having another mailbox to check.

How do you use email to spread love -- sweet or practical? Share it in the comments (or just let me know if you use any of my ideas for your own e-valentine!)

The Spam section: an Anatomy of a Downtime

2010-11-04T15:51:00.006-04:00

For those of you who weren't following along on Twitter, the last 2 days were a bit of a rocky road for the Spam section. At this time, virtually everything has been restored to its proper state, but for those of you who would like to know more, here's what happened.

On Tuesday, November 2nd, the primary server for individual users' spam databases (which is what feeds the Spam section of the website, and the emailed reports) suffered a partial disk failure. All our servers have redundant hardware, but a reboot was required to get everything running again, which caused an outage of about an hour.

In order to more permanently fix this problem, we scheduled a maintenance window for early morning November 4th. Unfortunately, it didn't fix the problem. In fact, it broke harder, with a partially failing disk becoming a completely failing one.

When dealing with a hardware problem that also has a software solution, you always end up asking the same question. Will it take less time to fix the hardware (even if that time is an unknown number of hours) than it would take to write a software solution?

In the case of the Spam section, we know there is really one critical feature: let you release any misidentified spam. There are other nice features -- see what we've picked up for you, let you mark messages reviewed, search, get an overall count of messages identified. But, if you can release a misidentified message, then the section is working, and if you can't, well, it's just broken.

So, after several hours of working on the hardware, we ended up saying, "ok, it's time to try a software solution." This led to the most recent 7 days of spam becoming available at approximately 1 PM EDT (approximately 12 hours after the outage began.) We wanted to make sure than any real mail you had received this morning or late yesterday was available quickly, since we still weren't sure how long it would take to fix the hardware.

As is often the case, though, once the initial crisis is resolved, the permanent fix comes shortly behind. By 2:30, the hardware problem had been resolved. By 4 PM, a full restore of all spam data had been completed. At this time, the Spam section should be its old self again, and, if you hadn't logged in to check your Spam in the last few days, you'd probably never realize anything had happened.

If you have been logging in though, you may experience a few small issues as a result of this problem.

1. Messages you marked "reviewed" or deleted between 1 and 4 PM on November 4th will have their status reset to unreviewed.
2. If you received an emailed report between 1 and 4 PM on November 4th, the "View this message on the web" link, as well as the "Mark this Report Reviewed" button will not work. (The per-message "Release" link will work, though.)

There was even an unexpected upside as a result of this problem. In order to make the spam from the last 7 days available, some changes had to be made to how incoming spam was processed. These changes significantly boosted the processing speed of incoming messages. So, we hope that this will lead to an overall reduction in the time it takes from when we catch a message, to when it appears for review on the web. It's a small change, but a welcome one if the message in question is one you're itching to release.

As always, we appreciate your patience and understanding during this outage. If you see any further issues, please let us know. If keeping up-to-date on outages is important to you, I would encourage you to keep an eye on our Twitter feed (which we have been updating throughout the day today). When the Pobox site is up, you will see our most recent tweet at the top of the Services page, but even when the site is down, our announcements are available on Twitter's website, as texts to your mobile phone, through RSS, and, of course, through the many Twitter applications out there.

New filter feature for Mailstore customers: filter to Mailbox!

2010-09-22T12:00:00.000-04:00

I'm excited to announce a new option we've just added to Email Filters: Deliver to folders! Mailstore customers can now set up filters that will immediately direct mail to specific folders in their Mailstore account.

To use it, just create a filter, specifying what we should look for in your message. Then, when choosing an action, select "Save The Message In Folder" and specify the name of the folder where it should be delivered.

This should make it easier for you to sort and categorize mail, before it hits your Inbox. For customers who access their Mailstore account from multiple email programs or devices, this means you can get consistent filtering, no matter which email program reads the message first.

Some details about how it works:

If the folder doesn't exist when the message is received, the folder will be created when the first matching message reaches Mailstore.

If you want to save the message to a sub-folder, like, Friends > Joe, just specify the folder path with dots(.) separating them, like Friends.Joe.

Special characters are not permitted in filterable folder names (even if you've already set up folders using those names.) Folder names can be numbers, letters, and dashes. Dots (.) cannot be used as part of the folder name, as that is reserved to indicate sub-folders.

We hope you enjoy this new feature! We're very excited about it (and about the changes to email filters from earlier in the year that made it possible to add, too.) If you have any questions or comments about using it, please let us know!

See something? Say something!

2010-08-04T14:15:00.006-04:00

When we make major site changes, we keep access to the old pages available, in case there's some unusual situation that causes the new pages to fail for someone. But minor changes can sometimes bite just as hard.

Site changes are tested in IE, Firefox and Safari before they go out in public. But differences between versions and setups, and the fact that our testers reload style sheets religiously means that, sometimes, what you see is not what we see. Here's an example I got just the other day:

We removed the Login text boxes from the top of www.pobox.com. (This change was the result of changes to Internet Explorer 8's security settings, which said that page was insecure because it was loading the blog headlines.) Looks fine, right?

But the next day, questions started coming in about the login box being "missing". We thought people wanted to know where the text boxes to put in their username and password went, and we told them about the reason for the change, the security alerts in Internet Explorer, etc. After almost a week, someone sent me the following:

Ouch! That was all it took to realize that all those messages about the "missing login" were not about missing text inputs ... people couldn't see the button! (Thank you again, Debbie.) Most people told us, "I assumed you knew, and you just hadn't gotten around to fixing it."

That's why we love to ask for screen shots when people report a problem. It's amazing how many questions/debugging sessions can be short-circuited by simply seeing what you're seeing.

So, if you're seeing a persistent display problem with the site, please let us know! The grass may actually be greener on our side of the fence, and we just don't know about the issue you're seeing.

All About Spam: Phish Food for Thought

2010-07-08T18:44:00.006-04:00

All About Spam is a series of blog posts about common spammer techniques. Have a question about a type of spam that you'd like to see in a future blog post? Leave a comment, or send an email to pobox@pobox.com!

A phish is a type of spam designed to gain access your secure information, like login/password combinations, credit card numbers or Social Security numbers. Phishers use social engineering to get you to reveal this information -- rather than using computers to hack their way into the data store, they use tricks of human nature to get you to give it to them.

Unlike most spam, which is just annoying, phishing has a real threat. Though estimates of the final total vary, everyone agrees millions of dollars are lost by consumers each year due to phishing attacks. So, how can you protect yourself?

1. Question unsolicited emails. Obviously, if you go to your bank's website, and click the "Forgot password?" link, you should expect an email shortly. If you get an email from your bank (or Amazon, or any other organization) out of the blue, asking you to log in to your account, view it with a critical eye.

2. View links with suspicion. The number 1 method for phishers is a link that directs you to a page that looks legitimate, but isn't. The easiest way to get around this method? If your bank emails you and asks you to log in, type in the URL you know is good (or Google for it, if you don't know it), rather than using the link in the email.

3. Look for personalized information. This method isn't foolproof ("spear phishing" refers to more focused messages, attempting to get information from more specific groups -- which allows for more customized messages), but it's a good starting place. For instance, most banks will include your name when sending you a message, plus some portion of your account number. Transactional emails, like receipts, are also generally safe bets -- you can recognize, "is this something I ordered?"

4. Keep a close eye on details. Many phishing messages have somewhat obvious problems. Misspellings, poor grammar, bad addresses, colors that are slightly off, formatting that doesn't quite match the usual messages you see ... all of these should be tip-offs that something not quite right is afoot.

5. Never enter your financial information on an insecure web page. Credit card numbers, bank login credentials, account numbers and any other secure data should only be entered on secured web pages. Look for https:// URLS and a lock icon on your browser.

The most important thing to remember is, just because a message looks like it's from a legitimate organization, doesn't mean it is. The first phishing schemes revolved around a few large organizations -- AOL, Wells Fargo, Bank of America. It was easy to detect these as fakes, if you didn't have an account at one of these places. Using the same level of suspicion when dealing with emails from organizations where you do have an account could protect you from a very painful error.

Lock it down: Good (and bad) security questions!

2010-07-01T14:17:00.013-04:00

In order to retrieve your Pobox password, we ask you to answer (among other things) the security question you set up when you created your account. But are you using a good question? Your account is only as secure as your security question.

Pobox lets you specify the question yourself, so you don't have to use the classic "What is your mother's maiden name?" Fully 10% of Pobox customers use some variant on this question -- but research indicates it's not a very safe way to secure your account. (Neither is "What is my pet's name?", if you ever talk about or post pictures of your pet online.)

Your security question and answer can be updated at any time, so go take a look at what yours is. If you can use any question, though, how do you pick a good one?

1. The answer should be hard for someone else to find out. This is a security question, and knowing the answer to it provides access to your account. Like a good password, that means it should be hard for someone else to figure out. So, "What is my high school's mascot?" is not secure at all. "What was on the cover of my sticker book?" is much better (though using it would probably would still have let my sisters break into my account.)

2. The answer should be hard to guess. Any question where the answer is a month, a color, a day of the week, a number under 10 or basically any other limited list of answers is a bad question. "What month did I get married?" only has 12 possible answers. Same with "What color is my bedroom?" Unless you know you'll always remember the paint was called "Deep Sea Diving", guessing "blue" would only take 5 or 6 tries, max.

3. The answer shouldn't change over time. The Pobox default security question is, "What is your favorite book?" This is great for me -- my favorite book has been the same for 15 years, or as long as I've been using that as my security question! But, if your favorite book changes every few years, this might not be a good choice for you. Per question 2, "The Bible" would also be a bad answer to this question, because so many people use it. If the Bible is your favorite book, consider a different security question, or using your second favorite.

We have also had more than a few uncomfortable customer service situations over questions like, "Who is my lover?", with respondents having to go back to girlfriends 5 or 6 back to come up with the correct answer.

Another problem is that many, many customers find it difficult to answer their security question correctly. Also consider these factors when writing your question.

4. Write the question so it's easy to always give the same answer. So, "Who was my kindergarten teacher?" could be Susan Jones, Ms. Jones, or Miss Jones. "What was my kindergarten teacher's last name?" only has one answer -- Jones.

5. Give a real answer. Some customers will tell us, "Security questions aren't secure, so I just put in random letters and numbers as my answer!" That's great, if you're writing them down and keeping track of them, or using a password crypt like 1Password. But, if you just hit whatever random keys you like, and don't keep track of them, we have no way to confirm you are who you say you are. If you forget/lose your password, and need to gain access to your account, you have basically made it impossible for us to grant it to you.

So, what are some questions that are hard to find out, hard to guess, unlikely to change over time, but easy to always type the same? A good list of questions is different for everyone, but try one of these real questions on for size!


Who was your first crush? (unless the answer is "my spouse")
Who knit your baby blanket? (unless the answer is "my mom")
What was your childhood stuffed animal's name?

Another good choice is something that wouldn't mean something to someone else, but makes sense to you. So, for instance, I have a piece of furniture in my house. It's not a cabinet, it's not a table, it's not a buffet or a curio cabinet. It's something in between. So, I call it Joe. For me, "What is the furniture with a name called?" would be a good question, though you probably shouldn't use it yourself. One of the best security questions I ever saw was "Who has skinny feet?" I'm sure the person who used it could answer that question in a second, but it would be very difficult to guess if you weren't them.

Even if you're 100% positive you used an awesome security question when you created your account, go look at yours now, and make sure you know the answer. If you are using an insecure security question, change yours today. Though no one likes to believe that someone would want to crack their account, it can and does happen. Be your own best first line of defense, and make sure your security questions and passwords are strong and secure.

Welcome, Aliencamel! Which Pobox account is right for you?

2010-05-24T16:07:00.008-04:00

Pobox offers a warm welcome to Aliencamel customers! You may have recently received an email detailing your migration options. Let me tell you a little bit more about Pobox.

All accounts include email forwarding, spam filtering, and vacation autoreplies. If you already have another place you want to read your email, then a Pobox Basic account will let you forward your aliencamel.com mail to the email address of your choice for USD$20/year.

Want to add email filters? Pobox Plus accounts include email filters that let you redirect, block, send autoreplies, send a condensed version to your mobile phone, or tag the subject of your message. Plus accounts are USD$35/year, and include all the Basic features, as well.

And if you're looking for a new home for your aliencamel.com address, Mailstore accounts support IMAP and POP for nearly all current email clients, plus webmail! It's 10GB of storage, plus all the features of Basic and Plus, for USD$50/year.

Once you've selected an account type and signed up, there are two other things you'll want to do: add your aliencamel.com address, and import your whitelists (some of you have 10,000 and counting!) You should already have your code and URL to add your aliencamel.com address -- just remember, you can't add it if you're using aliencamel.com as your forwarding address. So remove that as a forwarding address first, then use the URL to add it as an alias. To import your whitelists, just send an email to pobox@pobox.com, including your pobox or aliencamel address, and your whitelist attached as a file, and we'll import it for you!

With 15 years and counting, we hope that Pobox can be your email home for a long, long time. If you have any questions about the service, please contact Customer Support; we'd be happy to tell you more about ourselves and the best option for you!

Please don't email your credit card number!

2010-05-13T18:23:00.002-04:00

When someone is hatching a secret plan in a movie, you might see them ask, "Is this a secure line???" The average telephone call is transmitted as-is, which means, as it travels through the many lines and machines necessary to tranmit the call around the world or down the street, someone with the right equipment could listen in.

Email works the same way.

You might have the impression, given how fast email works, when you send an email that it just goes from your computer to the recipient's mailbox. In fact, even simple setups usually pass your email through 4 or more computers.

Email is like a postcard; for the most part, people aren't interested enough in what you're saying to bother looking at it. But credit card numbers are an obviously-identifiable string, making them easy to look for in a stream of content going by.

How do you prevent your credit card number from being picked up? Encryption. That's why you're never supposed to type in your password or credit card number to a web browser that doesn't show a secured lock or key. That lock indicates that your data is scrambled while in transmission; the website then has the information necessary to unscramble it on the other end.

Ok, then, why don't we just encrypt email, too? Well, it's not that simple. Companies pay a security provider for that encryption service. The security provider generates the information, and verifies that it's accurate, and provides the key to you that's necessary to scramble your data. And, over the years, the security provider has made sure that all the web browsers out there work with their service, so you never have to think about it.

For email, you would need a similar scrambling key for everyone who emails you, and you'd need to distribute your key to everyone you email. And you need a secure way to do that. And most people don't want that way to cost a lot of money. There are ways, and they work, and they've been around for a long time. They just aren't used by most people.

Think of email as a conversation you might have walking down the street. Generally, no one would bother to listen in. But if you started saying your credit card number repeatedly, well... it only takes one nasty person to cause a problem. So, please don't email your credit card number.

15 Years of Pobox: The Wired article that got it all started!

2010-04-14T15:31:00.001-04:00

Do you recognize this magazine cover?

If so, you might be one of our very first customers! The May 1995 issue of Wired magazine included the following sidebar in first page of the Scans section:

Email Trail

A new service called pobox.com offers an easy-to-remember e-mail address that you can use for the rest of your life (or the life of the company, anyway.) For example, any mail sent to mengwong@pobox.com is forwarded to pobox.com founder Meng Weng Wong's CompuServe account (71552.1674@compuserve.com). This way, if you switch online services, you don't need to message everyone you know informing them of your new e-mail address -- just e-mail your new information to pobox.com. --Mark Frauenfelder Price information: pobox@pobox.com, http://pobox.com/pobox/signup.cgi

Well, Meng's CompuServe address is long gone, but you can still email him at mengwong@pobox.com. And for those of you who took the chance that "the life of the company" was going to be a timespan that was useful to you, a very hearty thank you.

15 Years of Pobox: Memorable Customer Service Requests

2010-04-05T17:10:00.011-04:00

Not to toot my own horn, but I think Pobox Customer Service is great. I'm so proud to be able to work at a place where, by and large, we can actually help people resolve the issues they're having, not just give them canned responses or read off a script.

We think customer service is so important that virtually every staffer, no matter what job they've been hired to do, spends their first week doing email customer service. It helps new staffers get an idea of who you guys are, what you think is important, problems that people are worried about, areas of the service that need improvement, and the kinds of areas people are interested in us spending more time on.

That being said, because so many of you use your Pobox address (or URL!) for your own businesses, we get more than a few customer service questions or complaints about services we have NOTHING to do with, like the time we were asked for a refund for our guinea pigs. We've been told our kittens were insufficiently cute (I forwarded that one to the kitten cuteness complaint department), and our muesli lacks the requisite number of sultanas. We've been asked for help rescheduling people's travel plans, and for processing returns of products too varied to mention.

It's not all complaints, though! We've also gotten requests to join our band, from piano players in the Ukraine. He may have actually been looking for this band, but it did spur many a discussion about what instruments we would all play. Thankfully, Rock Band came out, and only our friends and loved ones have been subjected to the stylings of the Pobox house band.

There are many support emails that have stood the test of time, but one in particular is frequently cited in tales of Pobox CS history. I have reprinted it below.

logmeoutofthisaccountbecausesomeoneisusingmynameillegallyibelieveitis
venuswilliamsthetennisproandhergangongtheirtourstalkingmeongalveston
islandintexastheyareinvisibleasholographs,abusingassualtingmeandmywife
thatsaholographto.tiamowerythedisneystaranactorofsistertosisterthey
arethreatinghernottogetoutoftheholographtheywillkillherandmethatswhy
theyaremessingovermyemailandstealinginfothatimightgetwithinaemail
accountanytimeeventhoughihavebeenemailingthepresidentfromtimetotime
abouttheieractivityeverydayfollowingmesunupsundownevenwhileisleepstill
filmingthemselvesabusingmeandfilmingpronoabuseofandontheassualtofmy
wifealways.pleasereporttrhisimportantoftheiractivityasapthisis
importantwhereeverigetfreeemailwithinanacountstatusvenuswilliamsand
gangathreattoeveryonesystemwithintheinternetsystem.theyarerealslick,
getyourlawyersonthem.okiamtypinginrosenberglibrarygalveston,texasand
theinvisiblearewatchingmetypethisrightnowthatshowmuchathreattheyare
tomedamsomeonejusthitmewiththierfistandifeelthatpunchinvisiblepunch
thatsallisignbackuptommorrowok

So, remember, if you're on Galveston Island, beware the invisible punch!

15 Years of Pobox: The day of the generator

2010-03-22T18:36:00.009-04:00

Can you believe that Pobox has been around for 15 years already? It seems like just yesterday the website was only one or two pages, and we were still trying to figure out how to keep track of the checks people were mailing us.

How quickly times changed! And yet, there were still plenty of ups and downs ahead. In commemoration of 15 years of Pobox, I asked current and past staffers if there were any stories they'd particularly like to see on the blog. Mark asked to hear the story of the water main break, after he found a CNet article on it.

On Friday customers of POBox.com, an email forwarding service, were baffled by an outage in what they say has otherwise been a highly reliable service. It turned out that the eight-hour shutdown--in which no email was lost--was not caused by a faulty router or programming error, but by the kind of a common building problem that faces "brick and mortar" companies every day: a water main break.

I asked Helen Horstmann, our CEO, if she would tell us about that day, way back in September 1998.

I refer to it as "the day of the generator." Back then, we had a T1 in the office, and virtually all of the important servers were there. I walked up to the building, where a small crowd of people was hanging around, waiting to be told they could go in. A water main had broken under the street. The basement was flooded. The elevators weren't running, because the power was out. WAIT. "The power is out?!"

We waited for about 30 minutes before panicking. Maybe it was a little water main break. Maybe we everything would be fine in just a few minutes. But more and more PECO workers kept showing up, and finally, one of them announced, "You all might as well go home -- the power's going to be out all day."

I was floored. I ran over to him, and said, "All day? What does that mean? Like, 3 or 4 hours?" He said, "Maybe. Maybe 12 hours. It will definitely be fixed by tomorrow morning, though."

I asked if the building was still open, and the desk guy told us we were welcome to walk up, but the building's emergency generator only powered the Exit signs, so the stairwell would not be lit. Using our cell phones as flashlights, we hiked up the nine flights of stairs to the office, where our battery backups were beeping madly. Two people started shutting down the non-critical servers, to reserve as much power as possible for the important ones.

We needed a plan, and fast. We needed our own emergency generator.

I asked if it was possible, any way, any how, name your price, to piggyback off the building generator. But they hadn't had an outage in years, and hadn't been keeping the tank full of gasoline. They figured they had no more than 6 hours of power, and they needed it all for the emergency workers.

The building had sealed windows, so running a generator in the office was also a non-starter... but we had to have power! What if we were down for 12 hours? What if we were down LONGER?!

I found an equipment rental company 30 minutes away that had a generator they were willing to rent for 24 hours. We were all early twentysomething city dwellers, so the only staffer with access to a vehicle was a customer service agent who was also in a band. He and I headed over to his apartment to grab the band van. No drums to schlep today -- we're schlepping a generator!

In the meantime, someone else was getting access to the roof, and estimating the distance from the roof to our office with ethernet cable. Even after we got the generator, we were going to need a 47 foot, 220 volt extension cord (or 15 meters, for our metric friends).

Luckily, the generator guy referred us to an electrical supply company that was on our way back. The cable was on a 3 foot wooden spool (which we later used as a stand-in coffee table, in commemoration of the event). We rolled it out of the store and into the band van.

When we got back to the office, the desk guy took pity on us, and used a fireman's key to turn on the elevator -- I don't even want to think about having to carry those things up 15 flights of stairs! We carried it the last flight to the roof, and started unspooling the power cable.

Did I mention the windows of that office didn't open? We had to drill a hole in the window frame to get the power cable in. Thankfully, we realized that before we attached the plug head to the cable -- drilling the first hole took almost 20 minutes; making it twice as big could have eaten up nearly an hour.

By now, the batteries had long since died, and all the machines were off. It was quieter than the office had been for years. We wired up the power cable, plugged in our main UPS, called up to have the guys on the roof start the generator and ....

Nothing happened.

The battery wasn't charging. We checked everything we could think of. The power inversion on the generator. The cable. The plugs. The UPS. Nothing. Nothing worked. This may have been the point where I went into the stairwell and shouted obscenities.

We started calling electricians. One after another told us they couldn't come until tomorrow. (At this point, it was nearly 3 in the afternoon.) We started calling friends who knew anything about electricity. We knew we were at the end of the line.

How many times did I walk up and down those 9 flights of stairs? How many times did I bug the PECO guys for a new estimate? I know someone tore me away from the building at some point to eat. There was nothing left to do but hope that the power would be back on shortly.

Around 6 PM, we were sitting on the floor when the overhead lights flickered on. Everyone jumped up and started turning computers on. Within 20 minutes, everything and everyone was running -- watching logs to make sure everything was moving as quickly as possible, answering the piles of customer service mail that was coming in.

That was back in the day when Pobox cost $15/year. So, if you're wondering what that extra $5/year is buying you, well, you could say that it's a low cost for a lot of extra peace of mind. :)

Nowadays, of course, Pobox has redundant datacenters in world-class facilities, running on enterprise-grade hardware. Things can still go wrong, but now we're counting on our vendors and partners to solve the problem, not the local electrical supply store. Thanks for sharing that story, Helen!

Do you have a story to share about Pobox? Drop me a line at nessie@pobox.com, and it just might end up on the blog!

How to ask questions to strangers, part 3

2010-03-12T18:05:00.006-05:00

Mark Dominus concludes his series of articles on how to send email to strangers asking for help. Read his previous entries about picking the right expert and using an informative subject.

In the past couple of articles, I covered the two most important rules of asking a stranger for help. There are also several minor-seeming mistakes you can make that will sink your chances of getting a reply.

Use correct spelling and grammar.

Yes, this is boring and tedious. And yes, I know you have heard it before. And yes, I know that only fussy old people care. But some of those people you are asking for help are as old and as fussy as I am. And some of those fussy old people will throw your message in the trash if it starts with:

i hope that u would be able to help me.

or ends with:

You wouldnt by any chance have any info on B+ & B* Trees would u ???

Maybe in another twenty years we'll write everything in SMS abbreviations. Until then, the fussy old folks like me will still be alive, and the writer of a line like these will appear to be either:
illiterate,

too lazy to press the three extra keys required to get it right, or

A GODDAMN JACKASS.

Excuse me, lost my patience there.

Related to this is that you should have your real name in the "From" line of the message, or at least a name that is not obviously a fake name. Seeing "Smoove B" in the header of a message is not going to help convince a stranger that you are worth emailing.

Don't make the recipient do any work.

Of course, to answer a question, the recipient will have to do the work of answering the question. But your aim is to make them do as little work as possible. For example, I once got a message with the subject "your article" asking me "What is meant by 'forkish'?" Huh? What article? Did I say "forkish"? How should I know what I meant?

I eventually dug up the article, which I had written several years earlier. If I had been a little busier that day, the question would have gone straight to the trash bin.
It would have been a big help if my correspondent had written something like this:

In your article "..." at URL http://... you said "Blah blah blah forkish." What did you mean by "forkish"?

Then I would have known right away what I had meant, or at least I would have been able to look at the article easily.

Experts are busy people. The more work you ask them to do, the less likely you are to get a response. Try to provide all the relevant information that you can. Don't ask them to look stuff up for you in books; say "I didn't understand this thing I looked up in a book. Does it mean X or Y?"

Don't appear impatient

I don't know about other people, but when I get a message that says something like one of these:

Please respond ASAP!

I need the answer right away!

This is very important.

I want to unleash a torrent of sarcasm. "Gosh, I'll be sure to clear my schedule to work on this important project for you!" You're asking a stranger to do a favor for you, so it's not appropriate for you to put conditions on when or how they do it. Here's that "forkish" example in full:

what does forkish mean? this is very important. thank you. please respond.

"This is very important" spoils the effect of "please" and "thank you". It says "please", but it doesn't mean "please". Some time ago, I tried rewriting that message in a form I would have liked better, and came up with:
Could you take a moment to explain what you meant by 'forkish' here?
I didn't notice until after I had written it that I had eliminated "please". But the rewrite communicated "please" anyway, whereas the original one didn't.
That's all the advice I have. Good luck writing to strangers!

Thanks, Mark! I recently took his advice, and wrote to some experts on one of my favorite topics... Pobox! I asked them for tips and tricks that they use that they would like to share with other Pobox customers. If you've got something that you think other customers would be interested in, just drop me an email to pobox@pobox.com with the subject "blog tip".

Pobox Best Practices: Changing ISPs

2010-02-26T16:33:00.008-05:00

We want you to get as much value as you can out of your Pobox account. Pobox Best Practices will share our methods for using Pobox features for common problems, tips and tricks from other customers, and the ways Pobox staffers use their accounts to manage their own email.

One of the most frequent tickets we see at Pobox Customer Service is, "Help! I just changed my email address, and now I can't log in to Pobox!" Ouch. But the bigger problem, as we see it when we're helping you, is that your Pobox account didn't make that seamless.

One of the best features of a Pobox address is the ability to change your forwarding address, whenever you want, without having to tell all your friends and contacts about your new address. Most people change where they read their mail every 2 years. (If you're sick of your current provider, you can always keep your mail at Pobox by upgrading to a Mailstore account.)

It's no big deal if you're switching between Yahoo and Gmail (or back again), because both addresses will stay open. But, if you're switching from Comcast to Verizon, your access to your Comcast mailbox gets cut off with your last bill. So, how can Pobox help smooth the transition, and make sure you don't lose any mail?

First, as soon as you get your new address, log in to Pobox, and add it as one of your forwarding addresses. (All Pobox accounts can forward mail to up to 5 places.) Don't wait until your current forwarding address goes away. In fact, don't even remove your current forwarding address from your Pobox account just yet.

Now, your mail is going to two places. Why? We know your email is important to you, so you'll want to makes sure your mail is actually arriving at your new address. You may not have the address you thought you did. (I once had a support agent over the phone set up my address as vanessa.canon@example.com, instead of vanessa.cannon... took 2 calls for them to figure out what was wrong.) Your password may be wrong, and so even though the mail is getting there, you can't log in to read it. No matter what the reason, losing access to email has been known to cause irritability, headaches, bloating and irrational behavior.

So, go ahead and send a test message, from your old account to your Pobox address. It should show up in both of your mailboxes. If it doesn't show up in the new address (and it isn't in a spam or junk mail folder), let us know. But this way, you still have access to your email while we work out any problems with your new address.

Also, if you keep old mail, like most people do, you'll probably want to move it to your new address. This is really easy if you're using an email program like Outlook or Mac Mail. Just set up a second account for your new address. Then, when both accounts are set up, just drag and drop the files from your old account, to your new one. Your email program will move everything for you in the background! If you have a lot of mail, don't shut down your computer. It could take a while for everything to get moved.

Once you know you have access to all your existing mail at your new address, kill that old account! Log in to Pobox and remove it as a forwarding address. Send a nasty cancellation letter. Go and leave a bag of your shredded old bills on their doorstep. They were hoping to lock you in with your email address, and they would have gotten away with it, too... if not for your meddling Pobox address!

How to ask questions to strangers, part 2

2010-02-19T16:40:00.001-05:00

Mark Dominus continues his series of articles on how to send email to strangers asking for help. Read the previous entry.

Last week, I told you the one big rule of asking email questions to strangers. This week, I'll discuss a smaller rule:

Use an informative Subject

We all get a lot of junk mail. We all throw away most of it. If the a message doesn't have an eye-catching subject, we may throw it away without opening it. And "eye-catching" here means "does not look like spam". Spammers are very stupid, and they have a very stupid idea of what sort of subjects will be eye-catching:
Please reply ASAP
Seeking your expertise
Help me!
READ THIS!!!!!!
You must be cleverer than a spammer. Just adding more exclamation marks is not clever enough. Good subjects in messages I have received and replied to are:
Question about apache module
Length of day question
how to optimize for speed
The key property here is that each subject contains something specific that makes clear what the message is actually about, and that it is something that might reasonably be directed to me, rather than to someone else, or to one million someone elses. Do you remember the important rule from last week? Experts want to be consulted in the area of their expertise. They do not want to be consulted about random garbage. If you can make clear in the subject line that you sought them out for specific knowledge that only they can provide, the expert is much more likely to read your message.

Here the subjects of some messages that I have sent to famous people that have received prompt and detailed replies:
Computing with lattices: An application of type classes
Hegelian Taco
Octopus anatomy
Each of these is good because it instantly tells the recipient two things. First, it tells them what the message will be about. "Hegelian Taco" may not mean anything to you, but it does mean something to the author of the paper about the Hegelian taco that I was asking for. And second, it tells the recipient that the message was intended for them, and for them alone. Anyone else might throw away a message titled "Hegelian taco" in puzzlement, but the author of the Hegelian taco paper is certain to read it, and that's all you care about.

Similarly, the "Computing with lattices" message was sent to the author of a paper with that title, asking for a copy of the paper, and "octopus anatomy" was sent to an octopus expert.

Once you've gotten the recipient to open and read your message, you still have to get them to answer it. I'll return in three weeks with an article about how to keep the expert from throwing away your message in disgust.

How to ask questions to strangers

2010-02-11T15:22:00.009-05:00

Pobox is proud to have several very active members of the open source community as staff or alumni, which means they get many questions about how their software works (and not just from me!) Today, Mark Jason Dominus, Perl expert, noted author and Pobox staffer, offers his thoughts on how to ask a good question.

I once emailed Dr. Mark Norman, one of the world's foremost experts on octopuses, to ask some questions about octopus anatomy. I once wrote to a well-known writer of computer programming books asking for advice on how to choose a publisher for my own book. I once bugged one of the inventors of the Unix operating system for information about the early technical details of Unix. Last month I wrote to a famous mathematician to ask for a copy of a paper he had written that was too old to be available on the web.

Maybe you're not interested in octopus anatomy or in digging up copies of obscure mathematics papers. But I know some of you are interested in emailing some sort of questions to well-known experts on something, because I'm a well-known expert on computer programing, I get email from strangers all the time, and I know I can't be the only one who does. Someone must be sending those messages. Maybe it was you.

Sometimes I'm really happy to get the messages, and I answer quickly and at length. Other times, I snort and throw the message away, or save it to chuckle over with my friends — or worse, I save it to ridicule in a blog post years later. Here are some easy rules to follow if you want to know how to send the first kind of email, the kind that gets a reply, and not the second.

The rules are pretty simple. Probably the biggest one is:

Pick the right expert for your question.

Only ask the expert questions about an area in which they actually have expertise. If you write to the octopus expert with a question about advanced mathematics, or to the mathematician for advice about octopus behavior, you'll look like a fool, a lunatic, or both. And even if the mathematician is feeling indulgent and is willing to help you, she can't, because she doesn't know the answer to your question anyway.

Does that seem obvious? About ten years ago I received this awesome specimen:

I am a student of Romance and Germanic philology faculty,
I am getting my Master's degree, so I have to write a thesis.
The theme I have chosen is "Lexico-grammatical peculiarities of
the language of constitution" I have to compare the UK(magna
karta)and US Constitution. . ... Will you provide me with the
information, or give a hint about those sources where I can read
about my topic?

I didn't bother replying to this message. I'm a computer programmer. What do I know about lexico-grammatical peculiarities?

But really, there was nothing wrong with the request itself; the only problem was that it was sent to the wrong person. Somewhere out there is a professor of linguistics who specializes in the study of legal documents. That professor would probably have been delighted to offer this poor schmuck some pointers.

People I meet often worry that the expert will be annoyed that a member of the general public is taking up their time. But if you observe this rule, you won't have to worry. I promise you that the expert on the history of knitting would love to get your email inquiring about the origin of the slip stitch. The education expert who wrote about penmanship education in last week's local paper will be thrilled to hear from you. People become experts because they are interested in their topics. Getting email from another interested person brightens their day. People write papers and articles because they want other people to read them attentively. Their great fear is that nobody is listening. Hearing from someone who not only read their article but who cared enough to follow up is a shining joy.

But even if you send your question to the right person, there are still a few ways to go wrong. Next week, I'll discuss some of the other mistakes people have made in asking me for help.

The Wonderful World of Emailed Reports

2010-02-05T19:53:00.002-05:00

I love Pobox spam protection, and I think it's wonderfully accurate. Still, I do identify with Ronald Reagan. Trust, but verify. And getting an emailed spam report every day makes that really easy.

The emailed report provides a list of all the messages the spam filters have picked up for my account since the last report 24 hours ago (approximately). You can get a report that includes both the messages we've held for you, and the sending addresses of everyone who's been bounced. But I use the Aggressive pre-set, so the only messages that are bounced are the ones that we're really confident were spam. So, I set my report to only include the held messages, which makes it easier to review (read: shorter.) The emailed report also has a "Mark This Report Reviewed" button, which lets you delete all the messages in that report, right from your Inbox!

Unfortunately for some users, if your ISP uses content filters (like Comcast), you may end up finding your emailed report in your Spam or Junk Mail folder. That makes sense -- it is a report full of the email addresses and subjects of spam! While having a list is great, some people also just like having a daily reminder to go have a look at the spam we've picked up. So, we're testing out an emailed summary report. It doesn't have a list of all the messages, just a note about how many messages we've picked up, and a button to go check it out on the web. If you'd like to be part of our tester group, just contact Customer Support, and tell us that you want to switch your emailed reports to the summary version!

If you want to keep an up-to-the-minute eye on your spam, you can also get an RSS feed of your messages! That's customized per-person, so I can't give you a link, but head over to the Spam section if you want to grab one. The feeds are customized per view, so you can subscribe to just the view you want to see.

And, of course, some people are happy just knowing the Spam section is there if they need it, but don't need to be reminded just how many people in the world want to sell them a degree. (Only 10 this month, thank you!) If that's you, you can turn off your emailed reports at any time. Please don't report them as spam. That can cause your ISP to think they are spam, and other Pobox customers who do want them may not see them.

Signing off from snowy Philadelphia -- I hope all of you East Coast residents stay warm!