This week, I learned that on May 24th, a lot of people tried to subscribe to Now I Know. Few of them were real. That’s a very odd pair of sentences, I know, so I’ll explain as best I can. It’s going to get weirder, though, which I offer more as an invitation to keep reading than as a warning.
When you subscribed to this newsletter, you should have received an automated email asking you to confirm your subscription. That safeguard is there for a few reasons. First, it protects you from getting unwanted emails from me — you have to opt-in twice, first by giving me your email address and then by confirming. Second, it protects random people from jerks; you can’t put someone else’s email address into my form to subscribe them, because they get a message asking them to confirm that they actually did that.
But surprisingly, and unintentionally, it also protects me from international crime syndicates. Maybe. I may be exaggerating a bit as to the identity of the malfeasor here, it’s really not quite clear. In any event, here’s what a tiny bit of my inbox looked like this week.
As a general rule, people don’t reply to the automated “Please Confirm Subscription” email. There’s no reason to unless there’s something broken, which is rare. As seen above, though, I got six in a row on Tuesday. In truth, I’ve received at least a hundred, if not a lot more, this week. And to make matters even more strange, each one is replying to an email I auto-sent on May 24th, which was a dozen weeks ago. That’s a very long time to reply to an automated email that doesn’t anticipate a response in the first place.
So what’s happening here? The short answer is I have no idea. The longer answer is neither does anyone else I’ve asked.
Hackers and other internet bad guys do a lot of bad things; you’ve seen lots of stories, I’m sure. But the motivation there is usually to cause harm to someone you don’t like, to unlawfully enrich yourself, or maybe to see if you can break something thought to be unbreakable. Or something of that ilk. In this case, unless there’s someone out there who really hates me and takes it out on my by flooding my inbox for a few hours every few months (in which case, uh… okay, have fun, I guess?), the motivation here is unclear at best. There’s some financial risk to me, yes, because in theory, I pay Mailchimp to send out this email on a per-subscriber basis, but in practice, these fake people don’t get through the gate, so I never end up paying. (And it wouldn’t have an appreciable effect on my bill anyway.)
When I asked some others as to why this could be happening, the consensus is that no one really knows. The best guess is that the world of internet bad guys is a complex, multi-layered thing, and requires a lot of planning and infrastructure. Part of that infrastructure is having access to seemingly valid email addresses. And because the algorithms behind email filtering are often opaque, you try lots of things — like using an email address that has received and replied emails previously, on a regular basis. When you’re not a real person, that’s hard to do, as no one outside your bot network is sending you emails. But if you can send an email to an auto-response box, you can beat the system a bit.
That seems like a pretty big lift for a rather small benefit. Logically, then, this has to be part of a larger, malevolent operation, right? Maybe, maybe not, okay. But “I’m being targeted by an international crime syndicate” is a fun explanation, so I’m going with it.
Thank you for being a real person, and for confirming your subscription without spamming me in the process.
The Now I Know Week in Review
Monday: Kindergarten Crabs?: Hermit crabs are better at organizing than you’d think.
Tuesday: The Stranger Things About a Scientific Constant: Rhymes that keep their secrets will unfold behind the clouds. No, wait, this has almost nothing to do with that. And if you don’t get that joke, sorry, I’m not explaining it.
Wednesday: Operator Unknown: A really bad idea for a custom license plate.
This one was a re-run and had a dead link. What should have been there was a link to one of my favorite vanity plates, so yes, you missed out. But good news! I found it again! Click here and you’re off to never never land.
Thursday: Why The Zebra Got Its Stripes. I had a silly typo here — I wrote “housefly” when I meant “horsefly.” And of course, none of the automated editing tools I use realized it was a mistake. Houseflies, as far as I know, aren’t bloodsuckers.
And some other things you should check out:
Some long reads for the weekend.
1) “Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in Jail” (Wired, 26 minutes, August 2020). The subhead: “When two men were hired to break into Iowa judicial buildings, they thought it was just another physical security audit—until they were charged with burglary.” Thanks to reader Matthew G. for the tip!
2) “‘Immune to Evidence’: How Dangerous Coronavirus Conspiracies Spread” (ProPublica, 21 minutes, May 2020). I think the headline sums up what this one is about.
3) This Is a Mostly True Story About… Business Cards” (Institutional Investor, 9 minutes, August 2020). I used to be a very big fan of business cards — it’s a tangible leave-behind for the giver, and it’s an easy and tactful way to remember someone’s name as the recipient. My career path has resulted in fewer face-to-face meetings than when I was younger, so they’ve become less relevant. And of course, then there’s the internet, smartphones, etc. Toss in a global pandemic where we’re practicing physical distancing and physical business cards seem even less required. Is the business card doomed?
4) A very short bonus read, and I changed the title a bit to make it a tad more fun: “Homeowner Gets Locked Out When the Nest Doorbell Mistakenly Identifies Him as Batman“
Have a great weekend!