Simon Willison’s Weblog

Subscribe
Atom feed for email

33 items tagged “email”

2024

Whatever you think of capitalism, the evidence is overwhelming: Social networks with a single proprietor have trouble with long-term survival, and those do survive have trouble with user-experience quality: see Enshittification.

The evidence is also perfectly clear that it doesn’t have to be this way. The original social network, email, is now into its sixth decade of vigorous life. It ain’t perfect but it is essential, and not in any serious danger.

The single crucial difference between email and all those other networks — maybe the only significant difference — is that nobody owns or controls it.

Tim Bray, Why Not Bluesky

# 24th November 2024, 2:17 am / mastodon, activitypub, tim-bray, bluesky, social-media, email

Kobold letters (via) Konstantin Weddige explains a sophisticated HTML email phishing vector he calls Kobold emails.

When you forward a message, most HTML email clients will indent the forward by nesting it inside another element.

This means CSS rules within the email can be used to cause an element that was invisible in the original email to become visible when it is forwarded—allowing tricks like a forwarded innocuous email from your boss adding instructions for wiring money from the company bank account.

Gmail strips style blocks before forwarding—which it turns out isn’t protection against this, because you can put a style block in the original email to hide the attack text which will then be stripped for you when the email is forwarded.

# 4th April 2024, 12:43 pm / css, security, email

Budgeting with ChatGPT (via) Jon Callahan describes an ingenious system he set up to categorize his credit card transactions using GPT 3.5. He has his bank email him details of any transaction over $0, then has an email filter to forward those to Postmark, which sends them via a JSON webhook to a custom Deno Deploy app which cleans the transaction up with a GPT 3.5 prompt (including guessing the merchant) and submits the results to a base in Airtable.

# 11th January 2024, 4:40 am / email, airtable, openai, ai, llms

2020

Ok Google: please publish your DKIM secret keys (via) The DKIM standard allows email providers such as Gmail to include cryptographic headers that protect against spoofing, proving that an email was sent by a specific host and has not been tampered with. But it has an unintended side effect: if someone’s email is leaked (as happened to John Podesta in 2016) DKIM headers can be used to prove the validity of the leaked emails. This makes DKIM an enabling factor for blackmail and other security breach related crimes.

Matthew Green proposes a neat solution: providers like Gmail should rotate their DKIM keys frequently and publish the PRIVATE key after rotation. By enabling spoofing of past email headers they would provide deniability for victims of leaks, fixing this unintended consequence of the DKIM standard.

# 16th November 2020, 10:02 pm / security, cryptography, email

Datasette Weekly: Datasette 0.50, git scraping, extracting columns (via) The first edition of the new Datasette Weekly newsletter—covering Datasette 0.50, Git scraping, extracting columns with sqlite-utils and featuring datasette-graphql as the first “plugin of the week”

# 10th October 2020, 9 pm / sqlite, datasette, projects, graphql, email, sqlite-utils, git-scraping

Datasette Weekly (via) I’m trying something new: I’ve decided to start an email newsletter called the Datasette Weekly (I’m already worried I’ll regret that weekly promise) which will share news about Datasette and the Datasette ecosystem, plus tips and tricks for getting the most out of Datasette and SQLite.

# 10th October 2020, 7:05 pm / projects, datasette, email

2013

What’s the best way to reach out to alumni if you’re interested in working at their company?

Yes, it’s fine. Many tech companies have a referral bonus for employees that help them make a good hire, and any alumni you contact will be able to forward your details straight on to the recruiting department.

[... 96 words]

Is there anyway to game unique link verifications?  Like when you get sent a link of the form https:/........com/UID=TYYN04001 How would one change the digits to reproduce another working link?

Not if they’ve been implemented correctly.

[... 42 words]

What company or service sends the most beautifuly designed emails?

Litmus (who provide an excellent email testing tool) send out the most attractive newsletter in my inbox.

[... 36 words]

What email marketing tool does Goop, InsideHook and other popular newsletters use?

You might be able to tell by viewing the full email headers on one of the emails they have sent you.

[... 39 words]

2011

Where can I find a text corpus of English language personal email on the web?

The Enron email corpus is pretty useful, though I don’t know how “normal” you would consider it.

[... 38 words]

Get Lanyrd conference recommendations by email. This is the first time I’ve built a custom email subscription feature, and it’s been a very interesting ride. We’re trying to find the right balance between keeping people informed in a timely fashion with useful information while not overloading their inbox with too many messages. You can opt for daily, weekly, fortnightly or monthly emails and we’ll try to ensure you only hear about events you haven’t seen before.

# 28th January 2011, 11:28 am / email, lanyrd, recovered

2010

tempalias.com development diary (via) tempalias.com is a e-mail forwarding service that lets you create an address that will only work for a few days (or a limited number of messages) and will forward messages on to your real account. It’s implemented using Node.js and Redis and the code is released under an MIT license. Philip Hofstetter, the developer, maintained a detailed development diary throughout which is worth reading if you’re interested in Node.js.

# 23rd April 2010, 7:36 pm / node, javascript, tempalias, redis, email

Stack Overflow Blog: OpenID, One Year Later. Google’s support is a huge deal—61% of Stack Overflow accounts use Google. Google’s implementation of directed identity has caused problems though, since Google provide a different OpenID for each domain making it hard for Stack Overflow, Server Fault and Super User to correlate accounts. Their solution is to require a (verified) e-mail address from Google OpenID users using sreg and use that as a key for the accounts.

# 14th April 2010, 8:46 pm / openid, stackoverflow, google, directedidentity, email, sreg, login, registration

My email contacts list is not a social graph. It is not a group of people I have chosen to follow, but is instead full of people with whom I have a (sometimes very tenuous) professional relationship, as well as my family and some of my friends. Interestingly, my best friends don’t email me very often, so they do not show up as a part of my Buzz following list.

Suw Charman-Anderson

# 12th February 2010, 9:13 am / suwcharmananderson, buzz, friends, followers, socialgraph, email

2009

Yahoo! OpenID: Now with Attribute Exchange! The nice thing about this is that an e-mail address obtained from Yahoo! via attribute exchange has already been verified, so you don’t need to perform the e-mail roundtrip yourself. I expect a lot of OpenID consuming sites will end up with internal whitelists of OpenID providers who they trust to provide verified e-mail addresses, with users of sites not on the whitelist still getting e-mailed a verification link.

# 5th December 2009, 5:25 pm / verification, email, openid, yahoo, attributeexchange

So’s your facet: Faceted global search for Mozilla Thunderbird. Yes! This is the kind of innovation I’ve been hoping would show up in e-mail clients for years. Faceting is a really natural fit for e-mail.

# 4th September 2009, 10:29 am / faceting, search, email, thunderbird

“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”.

# 16th February 2009, 10:22 pm / email, accounts, identity, openid

Google App Engine: A roadmap update! Receiving e-mail, background tasks and XMPP. I predict a bunch of sites will start building small parts of their overall functionality on App Engine when some of these features land (much easier than hosting your own custom XMPP server).

# 9th February 2009, 7 pm / appengine, python, google, xmpp, email, cloud-computing

Changeset 9793: SMTP testing documentation. I didn’t know this trick: running “python -m smtpd -n -c DebuggingServer localhost:1025” will start up a simple SMTP server which dumps received e-mails to the terminal instead of forwarding them on.

# 29th January 2009, 1:35 pm / email, smtp, python, testing, django

2008

Email Address to URL Transformation (EAUT) specification now available! Allows OpenID users to login using their E-mail address, which is converted in to an OpenID URL based on rules specified in an XRDS document attached to the root domain. Seems like a good idea to me.

# 22nd July 2008, 7:30 pm / openid, email, eaut, urls, xrds

Lessons from mySociety conversion tracking. Neat trick: show the user a “subscribe” form with their e-mail address pre-filled for them and there’s a much higher chance that they’ll click the button.

# 17th March 2008, 2:12 am / mysociety, email, conversions, marketing

A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy.

# 8th February 2008, 11:39 am / email, openid, urls, brad-fitzpatrick, yadis

2007

Sorry PR people: you’re blocked. I was added to some PR mailing lists a few months ago and they appear to be spreading my address around like a nasty disease. I’m tempted to contribute some addresses to Chris Anderson’s block list.

# 31st October 2007, 5:22 pm / email, chris-anderson, pr, spam

Email addresses your OpenID via DNS. Sam Ruby has warmed to the idea of making e-mail addresses usable as OpenIDs via a DNS SRV record.

# 30th September 2007, 9:36 pm / dns, srv, sam-ruby, openid, email

Announcing the Dopplr 100. Similar to how Facebook used to only allow college e-mail addresses, Dopplr is now open to holders of e-mail accounts from 100 large corporations. The blog release doesn’t specify if each corporation gets its own special “group” within the application; that would be a neat touch.

# 26th September 2007, 4:34 pm / dopplr, facebook, email, invitations

A typical phishing email will have a generic greeting, such as 'Dear User'. Note: All PayPal emails will greet you by your first and last name.

PayPal's Phishing Guide

# 22nd September 2007, 2:33 pm / phishing, email, paypal, doh, security

... if you're in an email conversation with one other person and you're both using Gmail, don't bother quoting at all.

Charles Miller

# 12th July 2007, 5:18 pm / email, charles-miller

Gmail and Django. I’d never considered using Gmail to send e-mail from applications, but it could be a useful way of avoiding having outbound e-mail falsely flagged as spam.

# 2nd July 2007, 9:46 pm / gmail, django, email, nathan-ostgard

Mailhook. Free e-mail address to HTTP POST bridge—just provide a script URL and you’ll be given a subdomain; any e-mail sent to an address at that host is then posted to your script.

# 31st March 2007, 11:21 am / email, mailhook