Automatic generated birthday wishes

Happy birthdayA few days ago I celebrated my birthday. During the day, I received several birthday wishes through different media. This included several e-mails from both friends and different companies. Getting greetings is something I appreciate, but what is the point of getting auto generated greetings? This comes down to what the meaning of sending a greeting to someone is. Essentially the sender is showing friendliness and respect. However, I always had trouble appreciating greetings from a machine and found these kinds of greetings to be an illusion. Clearly no one is actually greeting you, it’s simply a scheduled job fully automated and executed by a machine like any other automated task. Two of the auto-generated messages I received were even identically since both companies happen to use the same e-mail provider. This strengthens the feeling of ‘industrialized’ greetings. The only plus is that sometimes these auto-generated birthday greetings will contain a coupon code or link to some special offer or gift even though this was not the case this year.

“Help users recognize, diagnose, and recover from errors”

Outlook password changeAt my organization, Aalborg University, it is a requirement to change the campus account password once every 90 days, a security imitative implemented last year. This is a widespread security policy used in many organizations, but also a policy whose significance has been questioned for more than a decade. I have very mixed feelings about this security measurement. A major advantage is of cause that leaked passwords will be unusable at some point (not considering the option that backdoors etc. can have been installed.) However, this approach is also associated with several obstacles from a user perspective. These include: coming up with a new easy to remember secure password and the hassle of changing password on all associated services requiring authentication. At Aalborg University, this applies to basically all IT-services such as access to WiFi, e-mail, printers, databases, etc. The new password has to be changed manually in several of these services.

Perhaps it’s because I’m a Mac user, but no notice is given about the upcoming expiring password. When I suddenly no longer can access different services I know it’s time to create a new password (after some frustration about trying to figuring out what the problem is.) Our passwords are changed through the Outlook Web App. To make sure that the password meets a certain security standard some requirements are in place. If the new password does not match this standard, the following error message is displayed:

“The password you entered doesn’t meet the minimum security requirements.”

Unfortunately, this error message does not tell anything about what the requirements are or how to get this information leaving the user in the unknown. This is a textbook example of a usability problem directly linkable to one of Jakob Nielsens’s ten heuristics:

“Help users recognize, diagnose, and recover from errors”.

I’m surprised to find this classic usability problem in software such as Outlook managed by a large organization with thousands of users. This must make the support phones glowing (update: after talking to our IT support department it actually does increase support requests.)

Two reviews submitted to NordiCHI 2016

Submitted reviews for two papers submitted to NordiCHI 2016 (formally known as the 9th Nordic Conference on Human-Computer Interaction.) I have now been reviewing papers for several years and have (finally) found somewhat of a review routine. Both papers are interesting and concerned with timely and relevant topics. Despite that the papers are not exactly related to my current research focus, the overall research focus and approach of both papers are known to me, so all in all this was some interesting and pleasant reviews to do.

In the past, I have had the pleasure to attend NordiCHI 2012 and 2014. This conference is one of my favorite HCI conferences (probably my overall favorite conference) due to the size and the research presented. The latest NordiCHI conference had around 550 attendees from 34 countries. In comparison to the 3000+- attendees normally attending the (also very interesting) CHI conference, NordiCHI is less “hectic” and more manageable to navigate.

I have also myself submitted a paper to NordiCHI 2016 so crossing fingers and hoping to be able to be part of this conference again this year.

The theme of this year’s NordiCHI conference is “Game-Changing Design”, and is further explained as:

Firstly how design and designs can completely change how we perceive and act in the world, but secondly – and just as importantly – whether and how we can change our perception of what design really is, and how it should be done.

NordiCHI 2016 will be held in Gothenburg, Sweden, October 23-27, 2016 and hosted in unity by Chalmers University of Technology and University of Gothenburg.

Fighting spam with fake MX records

No junk mailSpam is a well known problem to all users of the Internet, especially technical administrators of Internet services. I own several domain names for different purposes. Some are used for websites, some are used for e-mail, some are used for both, some are used for infrastructure (e.g. mapping easy to remember hostnames to IP addresses), and some are just sitting for future use. Most of my domains are not used for receiving e-mail. However, spammers don’t care and will still send spam mails to these domains. Even without Mail eXchange (MX) records a domain is still not safe as many e-mail servers will instead tryout the A record of the domain. With several domains not used for e-mail, this can at times be annoying to manage and causes extra server load.

To minimize the problem, using fake MX records, known as ‘nolisting‘ has been proposed as a trick to reduce spam.

I’m currently using a free service offered by Junk Email Filter Inc. They are running the project Tarbaby, essentially a cluster of fake MX servers. The project has two goals: 1) to help reduce incoming spam, and 2) to support the ongoing work of maintaining the Junk Email Filter blacklist of known spam sources.

The service is very simple to setup and use. Simply add the following hostname as the only MX record of the given domain:

You can set any value as the priority, for example, 10.

Every time a mail is received the system will respond with the code 550, which means that the message was not deliverable. Genuine senders will receive a reply with an error message and know that a given address is not available, and spam bots will move on and get registered in the blacklist.

Another free service is Fake MX. Add the following hostname as the MX record of the given domain:

Set any value as the priority, for example, 10. If you use more than one MX record, set the Fake MX record with a higher priority than the primary MX record. Also remember to read their terms of use before adding their mail server.

Using fake MX records is no ultimate solution to avoid all spam from getting in touch with your severs, but anecdotical experiences reported from different forums indicate that fake MX records significantly reduces spam.

More information about using fake MX records can be found at “Nolisting: Poor Man’s Greylisting” and “Other Trick For Blocking Spam.

As it is the case with most tricks also the nolisting strategy has some drawbacks. Especially if using a fake MX setup on a domain intended for receiving e-mail. Some of the drawbacks can be found at the Wikipedia page ‘Nolisting‘.