Every time that I start to worry that I’m running out of material for this blog, admin comes through for me. I suppose that means that I should be grateful somehow …
… but definitely not in this case.
We all know the drill. Once we set up an e-mail account, the very first and very last e-mail that we receive—as well as a good chunk of all those in between—will be junk. Although the Nigerian princes seem to have long since given their millions away, in their place is a whole raft of opportunities for penis enlargements, anti-snoring remedies, viagra rubs, buying bitcoins on the cheap, giving all your bank account or password details away, submitting your latest research to some obscure journal that’s not even close to your field of research, or simply talking to scantily clad women pushing any or all of these desirable items.
(Is it just me or are most junk e-mails directed at men? Not sure whether this has more to say about the different technical aptitudes of men and women or merely their relative stupidities.)
There are, of course, defences against junk e-mail. Thinking is a good place to start, but also a fair amount of work. And, let’s face it, we’ve all had those brain-dead moments where we’ve clicked on or otherwise believed an e-mail that on any other day would scream NOT IN A MILLION YEARS at us.
Enter the spam filters. Spammers, like many of their prey, are not the most creative of creatures sometimes, so it is possible to teach a machine to recognize their e-mails and to filter them out so as to save us from having to do any hard thinking. The algorithms aren’t perfect, of course, and the odd penis-enlargement e-mail still lands in my inbox and the odd e-mail from one of my even odder friends still lands in my junk-mail folder (which, in retrospect, might be a hint), but they’re still pretty good. And, you can even doubly protect yourself against the threat of thinking by combining the spam filter from your e-mail provider with that of your desktop e-mail program. (Tough luck for those in the cloud though …)
Apparently, this all wasn’t good enough for our Office of Data Protection and Information Safety Management here at the University of Not-Bielefeld. (And I’m not kidding about the name. (At least the one for the office.) That is indeed the official, translated name of this office. (The untranslated name is even worse because informationsafetymanagement is, of course, only a single word in German.) Personally, I think that doing some better management of their name would do a lot more to further “information safety” than the short story that I’m about to tell.) To counter the increasing number of phishing e-mails with spoofed addresses that make it look like they came from the University, all e-mails originating from outside the University are now tagged up top with an exceptionally gaudy (but bilingual!) label indicating this. This e-mail could be from your favourite listserver, colleague, journal editor, funding agency, or even porn site. All of them get tagged.
(In line with this last sentence perhaps, the e-mail proudly announcing this new “feature” also contained the “advice” to be particularly suspicious of literally all external e-mails. Dunno. I’m much more suspicious (if not downright afraid) of most e-mails that actually do come from within the University because they often mean additional admin work for me.)
Anyway, back to the point, which is: really?!
Is this seriously the best that they could come up with? You really do have to wonder just how many late-into-the-afternoon workshops complete with free-for-all brainstorming and superfluous Gantt charts nobly sacrificed their lives for this.
Talk about needless, useless overkill …
Given that a good number of the e-mails that many people at the University receive will come from beyond its ivory confines, that label will appear an awful lot and so slowly fade to become conveniently ignored background noise. People are just like that. Unfortunately, given how much of an effort they put into making the label an absolute eyesore, this is unlikely to occur. Nevertheless, if actually reading the content wasn’t a solution before, then simply adding to that content by indiscriminately flagging nearly everything isn’t really either.
Even better: when replying to one of these highly suspicious, external e-mails, the label remains front and centre, thereby bilingually informing all your important colleagues (even those who do not speak German) what an embarrassment the institution one works for can sometimes be. One can, of course, take the extra time to remove the label, but if some people would take the extra time to actually read their external e-mails in the first place, then all of us wouldn’t be here now.
Even worse: many e-mails come from outside the University and are then bounced down the internal e-mail chain before crashing my inbox. How far can I trust these coworkers of mine that these e-mails (which, now technically are University ones) are really safe? After all, the warning label is still there (albeit buried beneath tons of severed headers) and these could be some of the same coworkers responsible for this entire mess.
Even more ominously: what if the spammers hack into the system and start sending their phishing emails from a legit University address? It could happen. My e-mail account has been hacked in the past with the sole purpose of bothering other people and I doubt that I’m the only one. Hackers even managed a few years back to hack into the printer network of the University and forced many of the printers all over campus to spew out pages and pages of nonsense (the hackers’, not ours) until their paper trays were empty and ultimately until IT Services finally restricted access to the printer network to inside the University only. Blind trust in the non-appearance of that label in the place of actual critical thinking isn’t going to help here.
What boggles the mind though is that this “solution” is even necessary. The internet and e-mail isn’t exactly some shiny new toy anymore and the sheer ubiquity of junk mail out there means that everyone has experienced it by now. Most phishing e-mails also aren’t particularly novel or sophisticated. I can’t count how many warnings I’ve gotten about how my e-mail quota is almost used up or my password is about to expire and how simply clicking here will solve everything (for them). On the same day. All slightly different from one another. Surely one warning is enough, right? And then the grammar in these e-mails is often somewhat suspect. I mean, suspect to the point where even I can recognize the German syntax errors. If I get an e-mail from my University here in Not-Bielefeld, you’d hope that the sender would be able to spell, say, Not-Bielefeld. (Especially when the spoofed e-mail address is my own!)
Which brings me to my final point: we are talking about an Institution of Higher Learning here. If there are some segments of society that might somehow be better able to recognize and ignore junk e-mails (or might simply be more capable of learning to do this), you’d hope that this would be one of them.
The Blog About Fog 