Intuition Not Enough to Spot “Spammy” Sites
Posted by Hannah Rosenbaum on September 26, 2006 09:40 AM
Watch out for your inbox! The results of the McAfee SiteAdvisor Spam Quiz reveal that users are unable to distinguish between safe sites and sites that sent our robots spam. Last month McAfee SiteAdvisor issued a challenge to users: Can you spot Web sites that cause spam? Over 7,000 users have taken the quiz and the results are alarming. The decisions of the average quiz taker would have led to the receipt of over 1,000 e-mails per week.
If you haven't yet tested your spam detection skills, you may want to take the Spam Quiz now before reading on.
• The average score was 55%. The average quiz taker got 3 to 4 out of 8 questions wrong. The average user's decisions could lead to 1,000 e-mails per week. If the user got the 3 "worst" sites wrong, he could receive as much as 2,000 pieces of e-mail per week.
• 97% of quiz takes got at least one question wrong. Even just one e-mail submission to an unsafe site can cause an inbox to become inundated with spam. When we submitted our e-mail address to spammy e-card site funnyreign.com, for example, we received 1,075 e-mails per week as a result.
Business models and brand names
Users performed the worst on the online dating and credit card categories. Only 40% of quiz takers correctly selected plentyoffish.com rather than cupidjunction.com as the dating site that respects e-mail privacy. Some quiz takers were probably skeptical of plentyoffish.com's free membership. They may have tried to intuit the site's business model, perhaps concluding that the only way the site could make money was to sell customer e-mail addresses. But our inbox of only 1 e-mail per week supports their privacy policy statement that they do not share personal information with third parties.
The poor performance on the credit card question could have been due to the use of the word "Visa" in wiredplasticvisa.com. Users might have assumed that the use of the word Visa signaled that it was a safe site or sanctioned by the brand. Users' decisions may also have been impacted by the streamlined design of the wiredplasticvisa.com Web site. Surveys have found that the design of a Web site influences user behavior relating to privacy. Only 44% of quiz takers correctly selected creditcardmenu.com as the safe site in this category.
Do the homework
Users performed the best evaluating the games and scholarship sites. 68% of quiz takers correctly selected miniclip.com as the safe game site over bullseyesgames.com. Significantly, approximately twice as many quiz takers viewed the privacy policies for this question as compared to any other. While time consuming, reading a site's policies can help boost quiz performance and make for safer surfing.
68% of quiz takers correctly selected scholarshipexperts.com as the safe scholarship site. Users may have chosen scholarshipexperts.com because its homepage appears informational while freecollegescholarships.net's homepage promotes a drawing to win a free $10K scholarship, which users may have perceived as a vehicle to obtain e-mail addresses.
Who's to Blame?
The debate about personal responsibility and Web safety usually starts with "read the privacy policy" but the policies are often long and densely written with legal terminology. One study of privacy policy readability found that 54% of privacy policies require a reading comprehension level equivalent to more than 14 years of education and 13% require the equivalent of a postgraduate education. When PC World writer Narasu Rebbapragada took our spam quiz, she read the sites' privacy policies, but admits that she "couldn't always differentiate between language that allowed spam from the language that didn't." Most people don't bother to read them: surveys show that 50% of users never or rarely read privacy policies. In our quiz, approximately half of users clicked on our links to the sites' privacy policies. But who can blame users for not reading privacy policies if Web sites don't make them easy to understand? Even if privacy policies properly disclose that personally identifiable information might be shared with third parties, the impact is diminished by the fact that many people do not read them or can't understand them.
Our quiz informs users that aarons-jokes.com does not even have a privacy policy, but only 56% of users correctly selected ajokeaday.com as the safe jokes site. This may imply that some users don't pay much attention to the existence of a privacy policy on a site or they don't regard it as a useful means of evaluating a site's privacy practices.
What about other methods of delivering unsolicted commercial e-mail? More technically savvy users know to create complex e-mail addresses that are better protected against dictionary attacks. But is it reasonable to expect casual Web consumers to know this? Perhaps. What about screen scraping where an e-mail address is harvested after being posted to an unsecure Web site? Short of having access to the server and the skills to test it, consumers simply can't know which sites have taken the appropriate steps to secure themselves.
Time to Let Down Your Guard
Some users responded to this quiz by saying that they would never give out their e-mail address to any of these sites. That's one way to protect your inbox. But we'd like to point out that there are many sites where you can safely submit your e-mail address, so such restrained behavior is not necessary. Other users claim to always use throw-a-way e-mail addresses. That's another preventive measure. But having multiple temporary accounts can be tedious should users decide to check them, and if users never check them, they risk missing some e-mails that may have actually been of interest to them (e.g. relevant newsletters, daily horoscopes or matches from a dating site). Defensive e-mail behavior may be effective, but it would not be necessary if users knew ahead of time which sites will protect their e-mail addresses. With McAfee SiteAdvisor, users can see what happened to our inbox before they decide to submit their own e-mail addresses. We get spammed so they won't have to.
Comments
One of our members has said that by having links to the webstandardsgroup.org site on their website it caused your software to show a warning, presumably because your robot joined WSG and WSG is in it's primary form, a mailing list for web professionals. Members have the choice (when they confirm their email address completing the join process) to NOT receive the list if they so choose.
The whole join/confirm process is to stop spammers from joining the list.
Can you please remove and references to our site in your database. WE DO NOT SPAM.
Posted by: Peter Firminger | October 13, 2006 01:47 AM
What do you plan to do when companies sue you for misrepresenting their websites?
Posted by: Montoya | October 13, 2006 03:03 AM
Websites can't sue site advisor as it is mostly telling the truth. If it is legit then they could contact them to test it again and make it green!
Posted by: Jeremy | October 19, 2006 08:28 PM
I think this quiz is very unfair. Most people would never visit e-card, joke, petition, scholarship and online dating sites, especially the unknown ones you've mentionned.
Posted by: Anonymous | October 20, 2006 08:17 AM
I recently Signed up to become a reviewer, for site advisor. On my first try, without even reading the privacy policys I aced it 8 out of 8 right. I was surpised to find out that only 3% of people managed to do that. The trick I used, was I compared the 2 sites, I Picked the sites that had less advertiesing, Seemed to have better content(Ex. No win a Free Ipod or whatever) A sure sign of a bad site is advertising, if they share there site with banners chances are they'll share you email 2.
Posted by: Metheds | October 29, 2006 01:18 AM
I thank you, because you are performing a great service to us "NEW" PC users. Charles Williams 619-691-1380
Posted by: Charles Williams | October 29, 2006 04:13 PM
Yeah I agree about the unfair part. Some of the sites I wouldn't even consider even signing up. Even though Site Advisor gave them a good rating I still don't trust some of them. That one with the toolbar download got a good rating but I wouldn't download that toolbar because of how their contract states the updates. There automatic, I like updating myself unless I trust the software.
Posted by: Russell | October 31, 2006 09:58 PM
Good job McAfee, keep it up!
Posted by: Williams | December 4, 2006 04:36 PM
I was surpised to find out that only 3% of people managed to do that. The trick I used, was I compared the 2 sites, I Picked the sites that had less advertiesing, Seemed to have better content(Ex. No win a Free Ipod or whatever) A sure sign of a bad site is advertising, if they share there site with banners chances are they'll share you email 2.
Posted by: Chris | March 6, 2007 09:13 PM
I got 3 of 8 right. But it was unfair! TWO (2)of the sites that I got wrong were right on my computer because by going to the policy window only brought up a window claiming no content found! Glictch in the site? I wonder.
Posted by: blind1 | April 13, 2007 02:55 AM
I was with Chris, I looked at the amount of ads on the websites, and then chose from their. I got 7-out-of-8 correct!
Posted by: Elliot THomas | July 6, 2007 11:27 AM
I got score 7/8.
I read thoroughly the policies of sites presented in the first question. Then I derived my next 7 answers relying only on the site design. It become obvious for me - the more free offers the bigger chance of email abuse.
Posted by: Marcin | July 9, 2007 03:40 AM
i WISH I KNEW EVERY SITE THAT IS KNOW FOR HACKING SO WE COULD ALL AVOID THEM.Anybody agree?
Posted by: AVALON | July 23, 2007 02:57 PM
We should just get some awareness when we want to subscribe for some unknown thing so we won't get much spam. I think that firewall and all those protection would slow down your computer processes.
I could've shored the last question but I didn't care much about this crap I have to go throungh. Score: 7/8
Posted by: Li Yee | August 22, 2007 05:25 AM
I havent been on a computer long yet I correctly answered 8 of 8 spam quiz as fast as I could answer !I humblely went on intution!
Posted by: Rodney | October 3, 2007 11:00 AM
I think the quiz showed me where I showed the weakest as well as the strongest. I can only get better from here. 6/8
Posted by: Jackie | October 26, 2007 06:17 AM
I got 6 out of 8! It made me look at websites in a way I have never consdered in the past.I found this survey very enlightening! Well done McAfee for keeping us on our toes. More of these tests please!!
Posted by: sistrene | December 12, 2007 04:49 AM