I know some people have sent me e-cards before, and have wondered why I’ve not commented on them. It’s simple: I never open e-cards. It’s not because I’m rude, or obnoxious (I may indeed be those things, but that is not the reason in this particular case). It’s because it’s not worth the effort and/or risk.

There are too many spammers and scammers around who will send you a mail like this:

Sure, it might look relatively official (indeed, all of the images it uses are actually from the Hallmark site: and that’s something worth being aware of too — if you download images from the web in emails, spammers can use it to confirm your email address, if they are hosting the images — in this case they weren’t), but it isn’t. If you hover your mouse over the links on it, the links at the bottom — Hallmark.com, privacy & security and so on, do actually resolve to hallmark.com. Crucially however, the ones you are specifically enticed to click direct you somewhere else:

Somewhere without even a domain. Somewhere where, if you look up the IP address, you’ll find it resolves to a Spanish telecomms company. So this is an email purporting to be from Hallmark.com which is telling me to, instead of visiting the Hallmark.com site, to visit the computer of a private individual in Spain to pick up my card.

I really don’t think so.

If I visited that site, they would no doubt attempt to get me to download all sorts of malicious code (probably injected by javascript simply by browsing the page (unless of course you are using Firefox with the NoScript plugin). I would doubt very much that this IP address actually belongs to a spammer.

It probably belongs simply to someone who has had their PC infected and now their PC has been turned into part of a botnet, churning out spam and trying to infect other PCs.

Of course, there were some clues: it was sent to multiple people (I was not in the “to:” box; obviously it had been sent to people via the “bcc:” field); it did not reference me by name, nor say who had sent it to me. However, looking out for these would only reasonably provide protection unless someone else you knew became infected. Because then if the spammers had their address book details, they could send all their friends a nice personal message from a ‘known’ source. And that is why I don’t open e-cards; because it’s not worth the effort I would go to to triple-check that it was genuine before finding a page with a winking snowman that doesn’t even look right anyway because it is designed for Internet Explorer 6 with javascript, as opposed to Firefox 3 without.

So, in short, if you want to send me a card to wish me a happy birthday, Easter, Christmas, Divali or Samhain, please either stick it in the post, or simply email me the text sentiment. Ringo Starr doesn’t do autographs; I don’t do e-cards.