August 18, 2003

Making good FOAF files is a pain. There’s the foaf-a-matic web page, that lets you type stuff in and formats it for you, but who wants to re-type all that data? There’s a Java-based successor, but that’s overkill, and still doesn’t have any way to import data, as far as I can tell.

Thanks to Address Book Exporter, it’s easy for me to extract data from my address book in a tabular form. I suspect that most people interested in using FOAF probably already have their data typed in somewhere, and would be able to extract it in this form if needed. From there, it would be pretty easy to use GREP to mark up the file into a usable FOAF file, except for the sha1 e-mail address encoding (which is not required, but is the responsible thing to do). And not everyone would be comfortable writing a GREP pattern, for that matter.

What we need is a little web utility that ingests tab-delimited text files and spits out FOAF files. I know it can be done–it’s just out of my reach.

I recently discovered that some spam was being sent with my address as the return address–the bounces were coming to me.

Other than pissing me off, I wasn’t sure what those smegma-sucking spamming scumbags hoped to accomplish by doing this. Now I have an idea: it may be to undermine challenge-response spam-blocking systems.

These challenge-response systems are a klunky way of dealing with spam: if Alice sends Bob an e-mail, and she’s not on Bob’s whitelist, the system sends Alice an automated response asking her to visit a web page and prove that she’s a real human being worthy of Bob’s valuable attention. This usually involves looking at a graphic showing distorted text, and typing the text into a box.

Even if this all works according to plan (and there are plenty of reasons why it might not), it’s very annoying. But as soon as spammers start sending out e-mail purporting to come from real people, it really goes to hell:

• If I am already whitelisted with a C/R service, the spam gets a free pass.
• If I am not already whitelisted with a C/R service, the challenge comes to me. Maybe I’ll respond correctly, in which case the spam gets a free pass
• Or maybe I won’t respond, or (acting mischievously or perversely) respond incorrectly, in which case the spam is blocked, but so is any e-mail I might want to send to any person using that system in the future.