blog guide: Email

Blogger have made it very simple to offer an email-subscription to your blog, with the "Follow by Email" gadget. This article describes adding it to your blog, and how it works for your readers.

Previously, I've explained why RSS is important for your blog, and how to give your blog a subscribe by email option using Feedburner.

The Follow by Email gadget that Blogger provide makes this even easier: you can add an email subscription option to your blog by following these steps:

How to add the Follow by Email Gadget

Log in to Blogger
Use a Google account with admin rights to the blog, and which you want to use to get statistics about your email subscribers.
Go to the Design tab
Select Add a Gadget in the area where you want to put the email subscription option
Choose Follow by Email (it's current at the top of the list)
Enter the title that you want displayed on your blog (initially it's "Follow by email")
Press Save.

This puts the gadget onto your blog. But there are two more things that you should do:

Check that your blog's RSS feed is enabled: it should be either "Full" or "Until Jump Break", not "None". You need to do this because the Follow-by-email tool will only send out emails if your feed is turned on.

Subscribe to it yourself- by entering your own email.
This isn't absolutely essential - the tool works even if you're not signed up to it. But it's a good idea to try to see your blog from the reader's perspective.
And some items in your posts (eg slideshows or PowerPoint presentations) may not work as expected in the emailed version - and you won't know about it unless you're getting the emails.

What your readers see:

On Your Blog:

The Follow by Email gadget looks like this:

The title was set when you were adding the gadget: you can change it by editing the gadget in the usual way.

The background colour, button colour, title underline and font are based on the settings for your template: you can only control them by editing the gadget colours in your template.

You cannot put text immediately before our after the place where people can enter an email address: though you could put a text-gadget before or after the Follow-by-email gadget.

When they enter an email address:

When your visitor enters an email address and presses Submit, a new window opens:

This window:

Welcomes them to Feedburner
Acknowledges their Google account, if they are logged in at the time - remember, not all your visitors will be Google users
Tells them about the feed that they are asking to subscribe to
Warns them that a confirmation message will be sent to the email address they entered
"will receive a verification message once you submit this form" and that "FeedBurner activates your subscription to ... once you respond to this verification message"
Asks them to solve a text-catpcha puzzle, to prove it's a real person (not a computer) setting up the subscription.

The colours, design and content of this window are totally controlled by Feedburner. You can't influence them in any way.

After the anti-spam-test is successfully completed, a second screen opens. This tells the reader that

Your request has been accepted! Please check your inbox for a verification message from �FeedBurner Email Subscriptions�, the service that delivers email subscriptions for <<your-blog-name>>. You will need to click a link listed in this message to activate your subscription. If you dont see a confirmation e-mail in a reasonable amount of time please check your bulk/spam folder.

Again, you have no control over the color, format or placement of this window, it is totally up to Feedburner. You also don't control the message text, which many people are likely to ignore.

In their email in-box, today:

Your potential subscriber gets an email from Feedburner, usually within 2-10 minutes, asking them to click a link to complete the subscription process.

If they click the link, they become a verified subscriber.

If they don't click the link, then they stay on the subscribers list as unverified.

You can customize the "click the link to subscribe" message, using some fairly simply settings in Feedburner.

In their email in-box, when you post:

On days when you have posted to your blog, every verified subscriber is sent one email message, with all your posts during the day.

The message may include the full post or just a summary, depending on what settings you have for your blog's RSS feed (Settings > Site Feed > Blog Posts feed).

Feedburner provides a number of options for controling how this email looks, and when it is sent: see the Publicize > Email Subscriptions > Email branding tab in Feedburner for these. (full article coming soon).

More information about the gadget:

This new gadget has been widely requested, and is an exciting addition to Blogger. But there are some challenges with it, which are discussed in Understanding the Follow-by-Email gadget.

You can get a list of the people who have signed up to receive your blog-posts by email - be aware that this is all people who have subscribed, not just ones who used the widget.

What happens if you delete the widget

Even if the follow-by-email gadget is deleted from your blog (by accident or deliberately), the Feedburner subscription that it created, and the list of people who have subscribed, is still kept in Feedburner.

However to add the gadget to your blog again, you need to use Feedburner's gadget tool to make sure that you access the feed that you created when you added the gadget the first time around.

(Thanks to reader +Mary Bostow whose question got me thinking about this.)

Why RSS is important for your blog,

How to get a list of people who are subscribed to your blog by email

An alternative to "Follow-by-email": giving your blog a subscribe by email option using Feedburner.

Customizing Feedburners verification message

This article is about email phishing, and spam-links in emails: how you can recognize them and what to do about them.

Understanding Spam vs Phishing

Most people know what regular spam is. Phishing is a more sophisticated type of spam, which combines information that the spammer knows (or guesses) with conventional spam techniques. Often phishing emails are addressed directly to you, and offer a "product" or "service" that you might realistically want. For example, they may offer to fix a security problem with your on-line banking (just as soon as you have gone to their website and given them your real on-line banking details).

Bloggers are particularly susceptible to phishing emails, because we write websites where we share information about ourselves. For example, anyone who reads Blogger-hints-and-tips should have no trouble guessing that I use both Amazon Associates and Chitika, and that I have a domain hosted with DomainDiscount24. It's not much harder to work out that I'm interested in folk-music, and know a lot about public transport in my city. And even though I don't display my email address on the blog, it isn't that hard to guess from some of the screen-shots I use, or by subscribing to my RSS feed. And you might be even more vulnerable if you link your blog to your Facebook profile instead of a Page.

Protecting yourself from Phishers

ISPs and email services detect and delete most regular spam emails before they are delivered. But this is harder to do with phishing emails, because they often look genuine. So you need to protect yourself against phishing.

The best way to do this is to be curious-and-cautious about any email you receive. There are lots of suggestions below about what this means, and what characteristics to look for. None of them can give a 100% certain answer about whether a message or offer is dodgy. But being aware of the sort of things you need to check, and in particular the "single-slash-double-dot" rule for checking links, is a an excellent start.

How to spot phishing emails

An email message may be a phishing attempt if some of the following are true:

You were not expecting the message, or any contact from the organisation it apparently comes from.

You've never heard of the organisation or company that it comes from - or you don't have any dealings with them.
(That said, sometimes unknown organisations do contact you - try to establish their legitimate website or phone number from another source, to check if they're "for real" or not).

The message asks you to confirm account details by giving some personal information: no reputable company will ever want you to do this by email. Intelligent reputable companies will not expect you to do so by clicking on links in their website.

The message tries to make you respond quickly, to stop something bad from happening. (Basically, they're trying to stop you from thinking about the message before you respond to it.)

An email doesn't have your address in the To field - or it has your address and many others which you don't know.

The message-body doesn't start with your name (eg if it says "Dear Customer" instead of "Dear Joe Soap")

The from address, or the name as the bottom of the message (like the "signature" in a paper-based letter) is missing, or seems strange given where the message came from.

Bad spelling. Bad grammar. Poor formatting. Odd looking graphics / pictures / logos. Strange sentence structures (either to try to trick you, or because the author doesn't know your language well).

None of those features guarantee that a message is dodgy. But any of them should be enough to make you a little suspicious.

But there are some features that are more of a give-away:

The URL / hyperlink in the message isn't the right one for the company (eg it's from www.ebay.org instead of www.ebay.com)

The message contains a link which doesn't match the website show when you hover the mouse over it eg www.amazon.com - notice that it's linked back to Blogger-HAT instead of to the real Amazon.
NB Even if a link looks like a link, ALWAYS check where it goes to by hovering your mouse over and seeing what the "tool tip" text is.

The message uses an URL shortening service (eg tinyurl.com, bit.ly, goo.gl) which stops you from checking where the link really goes.
(This is a good reason why you shouldn't use link shortening services yourself: they make it look like you have something to hide. Whenever I tweet about a post, I always put in the full URL: even though Twitter doesn't display all the characters in the message, they are available to anyone who hovers over the link).

A simple rule for evaluating links:

The last three points are the most helpful - but they rely on you being able to look at a website-link and know if it's spammy or not.

And spammers know that it's easy to confuse people by showing them long, complicated real links, that superficially look like real ones. For example, consider

www.cnn.com.newslist.2013-01.headlines.trouble.com/headline-listing/xx03/index.html

Lots of people will look at this, see the "cnn.com" and think "ahh, that's a reliable news site, it must be fine." But that's not actually true.

Fortunately there's a simple rule that you can use to find the real website that a link points to. It is

Single-Slash, Double-Dot

To use it, look at where the the link really goes (by hovering the mouse above it) and:

Find the first single forward slash
Look at the words between the two or three dots just before the slash
Decide if the link is genuine, based on these words.

The Single-Slash Double-Dot rule explained

In the example above, the first single forward slash is actually half-way through the link:

www.cnn.com.newslist.2013-01.headlines.trouble.com/headline-listing/xx03/index.html

So the website that it is pointing to is actually trouble.com - which might not be a place that you want to visit. Compare this with

http://www.bbc.com/future/story/20130129-blue-heart-of-the-planet

where the first single-slash is quite near the start, just before the very genuine www.bbc.com.

In summary, the website name between these two or three dots should match the one that is shown in the email, and should be the right one for the company. For example, one of these points to the real TradeMe, and one doesn't:

TradeMe

(Yes they look the same: remember you need to start by hovering your mouse over the links, to find out where they really point to.

Two vs three dots?

You sometimes have to check back three dots because some countries have two-level internet addresses. For example, instead of .com you will find

.co.uk - in the United Kingdom (two level, so you need to check three dots)
.com.au in Australia (again,two level, so you need to check three dots)
.ie - in Ireland, (single-level, so you only need to check two dots).

So like the many internet security issues, there are still judgements you need to make, and knowledge you need to apply. But still, it's fair to say that you can ...

Use the single-slash-double-dot rule to work out where the link in an email message really goes to.
[Tweet this quote].

What do to if an email or link is suspicious

With old-fashioned spam, the rule was always to delete the message, no questions asked.

With suspected phishing emails, it's a little harder. You need to make a judgement:

What are the chances that this is genuine?/

What are the consequences if it is genuine, but I ignore it?

Is there some other way that I can check out this out, without clicking on the link in the email? For instance by going directly to the banks' website by typing in the address myself - or by phoning the person to ask if they really did email me.

You need to weigh up these three factors, and based on them decide whether to investigate further (eg by going to the website directly, or emailing the sender for more information, whether to trust the email message, or to just delete it.

TL/DR:

Phishing emails use information about you to personalize spam.

Apply common sense and intuition to every email that you receive. Check that links go where they are supposed to - and don't click them if they don't.

Use the single-slash-double-dot rule to work out where the link in an email message really goes to. [Tweet this quote]

Displaying email addresses on your blog

Offering an RSS feed

Linking your blog to your Facebook profile

How to make a "tweet this quote" option.