Korova Multimedia § Drop-dead Internet Alerts

e-v-mail

Drop-dead Internet Alerts

'Net of The Living Dead

In the brief time that I've been writing the "Hoax du Jour" columns, I've seen examples of hoaxes and bona fide bulletins staggering around the Internet long after the original cause has expired. Once an e-mail alert is sent out, it's almost impossible to stop it.

Some of these "e-mail undead" mutate during rebirth. Result? An innocent, one-time alert can live on as a zombified "thought virus," traveling the Internet causing hysterical and misinformed action, regardless that such action is entirely futile.

Here are some well-known examples:

Aging alert: "809" phone scams

Aging alert: 90# phone scams

Aging alert: No Urban dictates

Chain letter: Craig Shergold cards

Chain letter: "Free stock" scams

Chain letter: Mill Cove 5th Grade project

Misfire: Avert a heart attack by coughing

Misfire: Blacks lose the right to vote in 2007

Misfire: FCC Internet Tax (various hoaxes)

Misfire: Gay Jesus film (hoax)

Misfire: Jessica Mydek (hoax)

Misfire: Save AOL/ICQ instant messaging (hoax)

Misfire: Save Sesame Street

Misfire: Save the USAF chimps (hoax)

Petition: FCC requested to ban religious programming

Petition: Plight of women in Afghanistan

Petition: Save PBS / NPR / NEA

Save a child: Amanda Bundy

Save a child: Andrew Russell Steinmetz

Save a child: Krystava Patients Schmidt

In all but a few of the cases above, there was a tiny grain of truth to the alerts, but that was all. In all cases, there is little or nothing that you can now do to further the causes.

Recipe For A Better Internet Alert

If you are in a position to generate Internet bulletins, you CAN do something. It doesn't take much more effort to write a more effective alert that lasts only as long as it is valid. I call such a bulletin a "drop-dead alert," because it is authentic ... and ephemeral. By design, it will only last as long as it's meant to.

To be clear, a drop-dead Internet alert needs no exclamation points, no ALL CAPS, no request to send out more copies. The reader is given more than ample evidence of the authority of the writer (and his information), and further data is only a mouse-click away. A drop-dead Internet alert informs, and empowers, quietly.

If you're writing Internet information bulletins, compare your work with the following checklist. If you received one, compare it to this checklist, and see how it measures up.

Use "beginning" and "end" markers. Clearly identify the boundaries of your alert. Use high-visibility lines of asterisks or dashes to show where your alert begins and ends. This way, if your alert is forwarded subseqently with someone's "sigline" (a signature file appended to e-mail messages), the sigline will not appear to be part of your alert.

Keep it intact. Include a clear disclaimer that politely requests the alert be left intact if forwarded. That's why you put the markers at the top and bottom....

Establish credibility. Clearly identify yourself, your group, your sponsors, your mission. Who are you, why are you providing this alert, and -- here's the trick -- what is your expertise in this field? Writers often presume that their return address infers clear authority. Fallacy! Do so in your alert.

Establish context. Who (or what) is effected by the alert? Clarify who among your audience will need this information. Ask yourself basic questions while you're writing: Does this effect every man, woman, and child on the planet? Is this something that only effects users of 32-bit Windows? Will general computer users understand this, or is it a topic of interest only to system administrators? Is the proposed regulation relevant to U.S. citizens only? Is your alert specific to your community, or does it highlight a countrywide problem?

Date your alert. E-mail chain letters and petitions have survived for years after their topics have expired. They're preserved almost indefinitely in cyberspace, like virtual Twinkies. When in doubt, specify an expiration date for your alert. This way, if it is forwarded out of your sphere of control (which is quite likely), attentive readers will know to "kill" it without reading (or forwarding) further.

Limit your alert to only one topic. Take a tip from the Lone Star state's premier law enforcement agency: "One riot, one Ranger." Include only one incident/vulnerability per mailing. The newsletter format may be a nice way to consolidate various bits of information, but the typical alert is a dated, "time critical" announcement. If portions of your newsletter are later quoted out of context, most of your hard work establishing credibility will be edited out of the forwarded excerpt.

K.I.S.S.: "Keep it simple, stupid." In the same spirit as the last tip, keep your alert brief and self-explanatory. Make it especially plainspoken. Don't presume that your reader knows what you're talking about, so use common use language and provide any necessary background. Suggest to the reader easily available references for further information.

Added tip: use good DTP (desktop publishing) techniques to make your e-mail easy to read. Keep paragraphs short, use topic sentences. Leave enough white space to break up text visually. When you quote from another source, indent it (I prefer the <BLOCKQUOTE> tag for Web pages); put it into a contrasting table or frame. For more ideas, review John Morkes and Jakob Nielsen's ideas that I present in my "Lessons Learned" page.

Use facts, back them up. Discard any polemics, supposition and anecdotal information. Only cite facts and reports that you can document. For added credibility, clearly cite your sources in a form that your readers can check for themselves. Double-check your facts, since your alert will become a matter of record -- forever. (Remember the cyber-Twinkie.) Your credibility rests on the dependability of your references.

Added tip: keep your own copies of any Web pages or FAQs that you quote. If the original succumbs to the dreaded "Error 404 - Document not found" syndrome, you will still have your copy.

Give credit where due. No one's a universal expert. Where other sources have contributed facts, cite them with clear attribution. When you take care to explicitly divulge "who" said "what," readers can see and trust the foundation upon which you've based your alert. Murky, or missing, references dilute your credibility, and drown your alert's chances of being heeded.

Be wary of ephemeral references; avoid "dead links." References pages may be available when you draft your alert, but other sites (over which you have no control) may remove the pages later, while your alert is being distributed. (I've found that smaller newspapers are notorious for this.) In addition to archiving a copy for yourself (see above), reconsider including the link in your alert. Why? If a reader trys to confirm your claims, and finds your reference is no longer there ("Error 404"), your entire alert may come under suspicion. Limit your quoted links to those you are confident will remain "alive."

Simon says,... Make clear what action, if any, is needed. Don't assume that this is self-evident. Users may need to update their software, check their phone bill, consult their physician, or contact the local authorities. Leave no question as to what action you suggest your readers take. If none is needed, say so.

Solicit action, not emotion. Some alerts sound fabulously terrifying: costly legislation, regulations that violate civil rights, reports of child abduction, violence against women, threats of deadly diseases spread by mischievous villains. (Review my "Hoax du Jour" columns for more juicy tales.) There should be no need to "dramatize" the issue for your reader. Don't use excessive punctuation, or emphatic capitalization ("THIS IS A VERY REAL DANGER!!!"); on the 'Net, these tactics equate to shouting. Regardless of the topic, ensure that you are providing reasoned information for the purpose of informing, not inciting.

Provoke thought, not a riot. Your alert is not going to single-handedly resolve the problem globally (trust me on this). Don't usurp power from your reader. Instead, write your message for an audience of thoughtful readers who will weigh your words, then "do the right thing" within their own sphere of influence. Leave it to the reader's judgement to act appropriately.

Gently, politely, discourage chain e-mail. Don't ask the reader to "Forward this to everyone you know." Chain letters (petitions, "forwardables") have come to be almost as unpopular as Web banner ads and unsolicited, commercial e-mail ("e-j-mail"). E-mail petitions, regardless of their limited effectiveness, are viewed with only a little more charity. Isolate your alert from the mob by eschewing any resemblance to these practices. Gently dissuade your reader from turning your alert into another 'Net rumor.

Don't wear out your welcome. As the Internet matures, netizens are becoming savvy about privacy and netiquette issues. If you e-mail your alert, don't abuse the privilege of sending to your readers. At all costs, avoid "mail bombing," or "spamming." On USENET, only cross-post while specifying an appropriate Followup-To newsgroup. Polite USENET posts can be as brief as an invitation to visit your Web alert page, with a "teaser" summary of the topic and the top-level URL. (Definitions courtesy of The Jargon File, http://www.netmeg.net/jargon/)

An Annotated Alert

Enough theory, okay? Lecture's over, class, now let's do a lab.

Below I've written a sample e-mail alert to illustrate my points. As you read through it, reflect on the suggestions above, and tally up how much of my own advice I heed. (If you feel the need to peek, click the footnotes.)
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-¹ Korova Multimedia E-mail Alert 11 September 1999² http://www.korova.com/virus/³ nemo@korova.com⁴ This e-mail alert is distributed by Korova Multimedia (www.korova.com) to alert the Internet community to a potential hazard. This alert is distributed to "opt-in" participants in the Korova Multimedia "e-v-mail" pages, an ongoing commentary on the phenomenon of misinformation on the Internet.⁵ If you forward this alert to another address, please do so in its entirety. Please do not quote portions out of context, or edit any text between the dotted horizontal lines ("~-"). FOR INTERNET RELEASE⁶ ALERT #01-99⁷ - "E-v-mail" SUMMARY:⁸ The Internet is being flooded with e-mail messages that contain misinformed warnings and uncorroborated facts. Some messages are hoaxes, apparently written to create needless confusion, paranoia and hysteria. RISK:⁹ Anyone who receives e-mail at work or at home may may be exposed to unsolicited e-mail which contains misinfomation. DESCRIPTION:¹⁰ The Internet has become a breeding ground for misinformation and hoaxes. Users who are inexperienced with e-mail (electronic mail), and e-mail "netiquette," are regularly encouraged to forward uncorroborated messages to others. These messages may contain factual errors; many appear to be intentional hoaxes. The U.S. Department of Energy's CIRC office (formerly CIAC) asserts that online hoaxes and chain letters generally feature three basic features: The Hook, The Threat, and The Request. These components act to appeal to the reader, incite paranoia (or sympathy, or greed), and encourage the reader to forward the message indiscriminately. Several commentators have suggested that a message that falsely warns of an e-mail virus, and asks the reader to forward the warning to everyone each reader knows, IS the e-mail virus. Korova Multimedia calls this e-mail phenomenon "e-v-mail." The success of e-v-mail depends upon a reputed "thought virus," an e-mail borne contagion. The message, when read, "infects" the reader and induces symptoms such as needless panic, and an involuntary urge to forward the message via e-mail. The user who succumbs to the thought virus "infects" others by forwarding the e-mail, thereby "spreading the disease." Many observers feel that e-v-mail has become an Internet "epidemic." One of the first documented e-mail virus hoaxes was called "Good Times." Variants of "Good Times" continue to be distributed today. Other popular e-v-mail messages include various "free" giveaways, false electronic virus warnings, the "90#" and "809" phone scam alerts, health scares, missing children alerts, and petitions for various causes. Many of these examples fit the description of e-v-mail. When you receive a message containing a warning, a possible hoax, or a chain letter, we suggest you read the message with reasonable skepticism. Messages from unknown or obscure sources (even a "friend of a friend") should be viewed with high suspicion. Rather than forward the information promiscuously, we ask readers to confirm the information in a message before resending it, and discard without further action any e-mail which makes unsubstantiated claims. Forwarding a message without thinking contributes to the e-v-mail problem, and negatively impacts the Internet community as a whole. REQUESTED ACTION:¹¹ This is an advisory. No further action is necessary. Sent:¹² 15 September 1999 Expires:¹³ 15 December 1999 DECL: OADR¹⁴ This alert is for information only. E-mail inquiries to nemo@korova.com.¹⁵ This document is available online at http://www.korova.com/virus/alerts.htm.¹⁶ ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
Footnotes

Horizontal lines are used to enclose the alert, and separate it from any siglines which other recipients might add when they forward the alert.

Dated, so there's no confusion about when this was written.

A easily accessed Web URL to find out who the originator is.

I've also provided an e-mail address for individual inquiries. (This address is invalid, since junk e-mail to my domain has been a nasty problem lately.)

I've clearly identified who sent this alert, why, and to whom it was written for.

This is a cute trick I learned in the U.S. Coast Guard. If the alert is intended for a limited audience, clearly mark it; for example, "COMPANY CONFIDENTIAL." In this case, I've made clear that it can distributed to the Internet at large.

This alert has been numbered for accurate reference. Someone can write in and ask about "Alert 01-99." If it is one of a series, a subscriber can inquire if one was missed, as the sequence would be out of order.

A summary is a thoughtful convenience for anyone who has to skim large volumes of e-mail. This summary clearly encapsulates the topic of this alert. Also, I've kept the alert to a single topic.

This section makes clear who is effected by this alert. Those who aren't effected can stop reading and click DELETE.

Generally, I feel that one should write an alert in five hundred words or less. Any more detail can be provided on a referenced Web page. Note that I've broken the narrative down into six small paragraphs, allowing the reader to pause and absorb the material at his, or her, own pace.

Requested action should be specific steps that readers must take. (Note that my last two narrative paragraphs were only suggestions.) If no action is needed, a standard boilerplate comment will suffice. If it isn't clear by now, we should never see "Please forward this to everyone..." in this field.

To be particularly exact, I've even specified when this alert was distributed. You need not be quite so particular, but your organization may have a requirement to log when alerts are sent. Using this field may make subsequent inquiries simpler.

This alert didn't need to expire, but many do. Since I've specified that this alert could go out the entire Internet community, I assert that it will expire in a short period of time. This will allow me to send out a later revision, and minimize the chance that my current alert will be forwarded indefinitely.

If you understand this entry, then you shouldn't be surprised by many of the suggestions I've made on this page!

This is an optional disclaimer, protecting the author from certain liability. Depending on your authority, you may wish to include a copyright notice, or a similar liability statement. As a courtesy, again, I've included an e-mail address. If multiple authors are responsible for your alerts, perhaps you should have the name and contact information for the author here (e.g., "Please contact SGT Tony Burgess of the Korova Police Department for inquiries about this alert.").

There is nothing, I repeat nothing, you can do to stop someone from abridging or sabotaging your alert once it's been released. But ... you can post a copy on your own Web or FTP site, and refer to it in your alert. A link on your home page (see above, 3.) to an archive will ensure that visitors can find old, authentic copies of your alerts. If someone receives a questionable copy of your alert, it will take little or no time to compare the contents with the copy on your Web site.

Other examples:

DOE-CIRC
CERT
US-CERT

EPIC

See also:

Korova "e-v-mail" page
Korova "Hoax du Jour" columns

David Spalding

18 September 1999

Public links to this specific article: http://www.korova.com/virus/alerts.htm. Also: this page, print-friendly.

This page was written for the public information or IT professional who is preparing a general interest warning for a wider audience. Several of my own suggestions are based on my background in Coast Guard Intelligence, drafting and reviewing tactical information reports for field commanders. I based some of my text upon Phil Agre's excellent article, Designing Effective Action Alerts For the Internet, which I highly recommend. Phil's guide is directed towards those who distribute political action alerts, but nevertheless has a lot to offer to anyone doing mass communications on the Internet.

Many infosec colleagues have given me insight into these issues over the years. Immediate and long-term thanks go to Dave Brown, Tom Latta, Pat Nemeth, Rob Rosenberger, George Smith, Willie Viarnes. Others whom I've excluded by omission of memory are hereby deemed included.

Korova.com sales on Amazon help support this site's expenses.
Go ahead, search for something, anything....