Email links are symmetric
Email links are symmetric in two ways.

First because both the sender and the recipient use the same communication protocol. This implies the possibility of conversations (two-way communication) rather than the broadcast of a message to an unknown and unnamed recipient.
As it is always possible that I mistyped my email address in the form, I'm not even sure that the other party will be able (or willing) to reply.

Second, as a side effect of sending a message I retain an exact copy of it. So I can refer to this copy later to either refresh my mind about what exactly I wrote or to prove that I actually sent the message in the first place. Sending an acknowledgment email after the submission of a form may achieve the same effect, but only if it contains the original message.

Note that some websites allow web users to create free contact forms.

This e-mail and its attachments are confidential and intended solely for the addressees. If you are not the intended recipient of this message, then please delete it and notify the sender. Since the integrity of this message cannot be guaranteed on the Internet, Example, Inc. cannot be considered responsible for its content.

The reason I say this is lamentable is that ensuring the confidentiality of message and the authentication of its sender requires very little effort. All you need to start sending secure emails (S/MIME) is a regular email client such as Thunderbird and a digital certificate.

Several certification authorities (CA) give personal email certificates for free. Thawte has scheme that allows accredited individuals to check your identity so that your full name can be included in your digital certificate. From this point you'll be able to digitally sign all your emails; thus allowing your correspondants to:

1. trust that a message was really sent by you and not someone pretending to be you
2. verify that a message hasn't been changed by a third party, and therefore that its content can be trusted

In order to ensure the confidentiality of messages, you will additionally need that all recipients also own a digital certificate, so that messages can be encrypted.

Digitally signed emails are accepted as legally binding in the US and many countries in Europe.

You buy trust and brand image.

A SSL certificate is a guarantee from a certification authority that the server presenting the certificate to a browser is indeed who it claims to be, but this means different things for different SSL certificates:

• for low cost certificate that means assuring your browser is indeed connecting to the host www.example.com


• for expensive certificates that means assuring your browser is connecting to www.example.com, which is operated by Example, inc. ; an organization that the authority has checked existed.

In the first case, all the authority validates is that the person who is delivered a certificate has also some administrative rights on the domain example.com. In the second case, they also manually check that the organization Example, inc. has a legal existence.

Beyond that, big names like Verisign and Thawte (now part of Verisign) give you a logo to show on your site, using their brand name to help you build confidence with your customers.

How much?

High-assurance certificates cost hundreds of USD. Comodo sells simple domain validated certificates for $15/year.

Can you get SSL certificates for free?

If you only need a secure SSL connection without the authentication aspect because you are just trying to secure your webmail access and know your users, you can generate a self-signed certificate, or get one from CAcert.org. In either cases, users will be asked to accept your certificate before they can proceed. If this is likely to be a problem, go for the $15 option. Some large institutions use self signed certificates and that's really a shame.

1. After changing the URL of your blog's comment executable, encode the new URL here. For this, enter your URL where indicted "Step 1: enter your e-mail address". Copy the code given to you and extract the strings string1 and string2, which look respectively like FPZEVPKWZXDS2M and %27%23%3E%237%23/1%3C7+1S%3F.
2. Place the following code after the <head> tag of the page, after replacing string1 and string2 by their actual values:

   <script type='text/javascript'><!--
   function blurl(){var v2="string1";var v7=unescape("string2");
   var v5=v2.length;var v1="";for(var v4=0;v4<v5;v4++)
   {v1+=String.fromCharCode(v2.charCodeAt(v4)^v7.charCodeAt(v4));}return v1}
   //--></script>

3. Locate the comment form in the template of your blog, and remove the action attribute specifying the URL of the executable used to process the form results.
4. Finally, add this.action=blurl() to the onsubmit handler of the form:
   

   <form method="post" onsubmit="this.action=blurl()"> ... </form>

   
   

A study shows that out of the many ways email addresses are collected online, 97% of spam originates from addresses harvest on websites or blogs. Our own study shows that it takes as little as two days after an email address is published online before it gets spammed.

It's of course legitimate to publish you email address on a personal blog, but there are few reasons why you should not protect it from spam. This page shows you to generate an encoded link and integrate it with your template.

Obviously, the hosting plan must technically fit your needs, and there is a wide choice of offerings ranging from expensive dedicated server hosting to cheap PHP/MySQL hosting.

What makes the differences between the hosting companies has little to do with the disk space you get or how many free software they allow you to use. In my experience, there are two elements that make the difference: how fast is their network, and how responsive and qualified is their support staff. I have seen in this respect huge variations.
Big names are not a guarantee you'll get a good service. For example, although I've never tried Yahoo hosting, Yahoo domains is notoriously very bad. So, if you consider buying the service of a hosting company, I suggest you contact their support staff to find out what kind of reply you get, and how long it takes.
If you can't find how to contact them: run.

Speed information is available for most hosts from websites like Alexa and Netcraft, so do your homework and check this as well.

Being mostly an automated system however, Adsense is being abused by both publishers and advertisers. The case of publishers is well know. Some sites automatically generate thousands of pages by aggregating search results, replicating content from the Open Directory, Wikipedia, RSS feeds, etc. and generously including Adsense banners among these. Google is certainly working on ways to reduce this particular type of spam, being doubly involved as a seach provider and an advertising network.

The second type of Adsense spam is the act of some ad publishers, and as Google gets revenues from publishers spam, it seems they are far less concerned about it. Type any keyword of no commercial value in Google and you'll see ads like the one below:

Adwords allows Ebay and others to buy hundreds of low-value keywords and automatically generate text ad banners. You'll find these not only along Google's search results, but also on other sites publishing Adsense ads. The problem with these ads, of course, is relevance. I'm not aware of idiots being sold on Ebay, but this is what the ad says. Is it what the publisher wants us to believe? probably not. They just are just using those ads as cheap bates to attract you into their site.

Those ads have a negative impact on the content of the hosting site, so that's bad for content publishers that value more the general quality of their site than the cent they'll get for the click.

Some publishers are buying those cheap keywords to publish unrelated ads. That's how I got ads for a religious group on a foreign languages website, and ads for adult content alongside Google search results.

There is a simple thing you can try to prevent spammers from posting to your blog: make it more difficult for them to find how to post to your site using automated means. The HTML code for submitting a form looks as follows:

<form method="post" action="http://www.example.com/bin/comment">...</form>

The action attribute above specifies the web address (URL) of the executable used to process the form results. Simply remove it and add an onsubmit attribute as shown below.

<form method="post"
onsubmit="this.action='http://www.example.com/'+'bin/post-a-comment'">
...</form>

I have made two changes. I now use a trivial JavaScript snippet to build the URL of the executable, and I have renamed it. The reason for using JavaScript is because comment-spamming programs are most unlikely to be sophisticated enough to understand it. Since once spammers have found a comment posting URL they will keep it and reuse it every now and then, I have also renamed the executable to start with a fresh URL.

Update: The code above is shown for demonstration purposes only. if you are thinking of implementing this setting, you should use a more serious procedure. It doesn't involve much more work.

Update: You can now get free comment spam protection with FormSmarts. Plus, an easy form builder, a form handler, form hosting and more. All free.

First Yahoo! is not an accredited domain registrar, but simply a reseller for the Australian domain registrar Melbourne IT. If you ever have a problem with you domain registration however, you'll have to deal with Yahoo!, and their support is appalling to an extent I have never met before. They consistently and repeatedly reply to emails with irrelevant pre-made messages: this did not happen to me once or twice, but about fifteen times.

Given my first experience with their support staff, I rushed to transfer my domain to another registrar as soon as the 60-day no-transfer period after registration was over. The transfer was systematically denied. Whenever I got a human to reply, their answer showed a striking ignorance of .com transfer procedures, replying with transfer requirement only applicable to other types of domains (.info,…).

After three days, I ended up calling them and I was told that they could not do anything and referred me to Melbourne IT. Emailing and calling Autralia several times, I was told that I had to deal with the reseller (Yahoo!) directly.

I don't know at this point if my transfer will finally go through, but I have already spent much more in international calls than even the most expensive domain registrar around (e.g. Network Solutions sell domains at USD35).

If you want a cheap domain registrar with capable support staff, I recommend, for having tested them for years:

• If you only want the basic registration with no options (e.g. private registration), GoDaddy will do the job. But beware, these people are master marketers and they will try every trick to sell you additional products.


• Gandi is a bit more expensive mostly owing to the low rate of USD, but their service includes at no extra cost features sold under "private registration" by some other registrars, allowing e.g. to hide your email address in the WHOIS database to avoid spam. They also include virtually unlimited email and web redirections.

Speed
Alexa rates SMS.ac as "very slow".

Robustness
When using the site, you should expect to occasionally get crude messages reporting "ASP Exceptions", "SQL Server Errors" and other technical faults. It's amusing that Yahoo crawlers caught one of these while indexing the site…

Useability
They don't seem to be aware that 10% of web users don't use Internet Explorer. With Netscape/Mozilla the site is barely useable, with a tiny font.

All trademarks, names, and services referenced above belong to their respective owner.

• this person has made the effort to read and understand the small prints and believes it's fine
• he finds sms.ac so good—even before trying it (remember, we are still in the signup process)—that he wants to tell everyone.

• Alice knows Bob, and believes that he—individually—would be interested in the information or service referred
• Bob's email address is manually entered in the referral form
• the email is sent once when Alice submits the form
• Alice's email address is not kept by the referral system, since further emails would not be legitimate
• the message makes the circumstances in which the email was sent clear and explicit, so that Bob knows from reading the message that Alice visited a site and genuinely thought he would be interested.

• operate a bulk, automated, and non-discriminative collection of email addresses
• they keep Bob's email address and send him recurring emails on behalf of Alice, without Alice being aware of it
• they imply Alice was involved in sending the messages
• Bob has to take explicit action to stop receiving emails.

Some actions we can take to oppose and help publicize sms.ac's fraudulent practices are:

1. systematically report their mails as spam ("report spam" button) if you are using a webmail service (Yahoo!,...)
2. post an appropriate review on Alexa and/or blog about it
3. make sure the person who gave out your email address to SMS.ac is aware of the scam.

If you have also been spammed by SMS.ac, please post a comment below.

All trademarks, names, and services referenced above belong to their respective owner.

More surprising is the fact that there are some people out there spending their days manually gleaning email addresses on the web. They are mostly connecting from Internet cafés in places like Ivory-Coast or Nigeria and use tools such as Google, Yahoo or search engine aggregators to look for email addresses using queries like “contact john 2005” or “email me 2005”. Look for “2005” in your webserver log and chances are you will find evidences of this happening on your site.
There are ways to help avoid automated email harvesting without sacrificing too much web usability (i.e. using encoded email links). There are also ways to help prevent manual email address collection: a simple thing to do is to remove the year appearing in the copyright notice of your contact page, and replace it with a simple script:

<script type="text/javascript"><!--
document.write((new Date()).getFullYear())
//--></script>