In the brief time that I've been writing the "Hoax du Jour" columns, I've seen examples of hoaxes and bona fide bulletins staggering around the Internet long after the original cause has expired. Once an e-mail alert is sent out, it's almost impossible to stop it.
Some of these "e-mail undead" mutate during rebirth. Result? An innocent, one-time alert can live on as a zombified "thought virus," traveling the Internet causing hysterical and misinformed action, regardless that such action is entirely futile.
Here are some well-known examples:
Aging alert: "809" phone scams
Aging alert: 90# phone scams
Aging alert: No Urban dictates
Chain letter: Craig Shergold cards
Chain letter: "Free stock" scams
Chain letter: Mill Cove 5th Grade project
Misfire: Avert a heart attack by coughing
Misfire: Blacks lose the right to vote in 2007
Misfire: FCC Internet Tax (various hoaxes)
Misfire: Gay Jesus film (hoax)
Misfire: Jessica Mydek (hoax)
Misfire: Save AOL/ICQ instant messaging (hoax)
Misfire: Save Sesame Street
Misfire: Save the USAF chimps (hoax)
Petition: FCC requested to ban religious programming
Petition: Plight of women in Afghanistan
Petition: Save PBS / NPR / NEA
Save a child: Amanda Bundy
Save a child: Andrew Russell Steinmetz
Save a child: Krystava Patients Schmidt
In all but a few of the cases above, there was a tiny grain of truth to the alerts, but that was all. In all cases, there is little or nothing that you can now do to further the causes.
Recipe For A Better Internet Alert
If you are in a position to generate Internet bulletins, you CAN do something. It doesn't take much more effort to write a more effective alert that lasts only as long as it is valid. I call such a bulletin a "drop-dead alert," because it is authentic ... and ephemeral. By design, it will only last as long as it's meant to.
To be clear, a drop-dead Internet alert needs no exclamation points, no ALL CAPS, no request to send out more copies. The reader is given more than ample evidence of the authority of the writer (and his information), and further data is only a mouse-click away. A drop-dead Internet alert informs, and empowers, quietly.
If you're writing Internet information bulletins, compare your work with the following checklist. If you received one, compare it to this checklist, and see how it measures up.
Use "beginning" and "end" markers. Clearly identify the boundaries of your alert. Use high-visibility lines of asterisks or dashes to show where your alert begins and ends. This way, if your alert is forwarded subseqently with someone's "sigline" (a signature file appended to e-mail messages), the sigline will not appear to be part of your alert.
Keep it intact. Include a clear disclaimer that politely requests the alert be left intact if forwarded. That's why you put the markers at the top and bottom....
Establish credibility. Clearly identify yourself, your group, your sponsors, your mission. Who are you, why are you providing this alert, and -- here's the trick -- what is your expertise in this field? Writers often presume that their return address infers clear authority. Fallacy! Do so in your alert.
Establish context. Who (or what) is effected by the alert? Clarify who among your audience will need this information. Ask yourself basic questions while you're writing: Does this effect every man, woman, and child on the planet? Is this something that only effects users of 32-bit Windows? Will general computer users understand this, or is it a topic of interest only to system administrators? Is the proposed regulation relevant to U.S. citizens only? Is your alert specific to your community, or does it highlight a countrywide problem?
Date your alert. E-mail chain letters and petitions have survived for years after their topics have expired. They're preserved almost indefinitely in cyberspace, like virtual Twinkies. When in doubt, specify an expiration date for your alert. This way, if it is forwarded out of your sphere of control (which is quite likely), attentive readers will know to "kill" it without reading (or forwarding) further.
Limit your alert to only one topic. Take a tip from the Lone Star state's premier law enforcement agency: "One riot, one Ranger." Include only one incident/vulnerability per mailing. The newsletter format may be a nice way to consolidate various bits of information, but the typical alert is a dated, "time critical" announcement. If portions of your newsletter are later quoted out of context, most of your hard work establishing credibility will be edited out of the forwarded excerpt.
K.I.S.S.: "Keep it simple, stupid." In the same spirit as the last tip, keep your alert brief and self-explanatory. Make it especially plainspoken. Don't presume that your reader knows what you're talking about, so use common use language and provide any necessary background. Suggest to the reader easily available references for further information.
Added tip: use good DTP (desktop publishing) techniques to make your e-mail easy to read. Keep paragraphs short, use topic sentences. Leave enough white space to break up text visually. When you quote from another source, indent it (I prefer the <BLOCKQUOTE> tag for Web pages); put it into a contrasting table or frame. For more ideas, review John Morkes and Jakob Nielsen's ideas that I present in my "Lessons Learned" page.
Use facts, back them up. Discard any polemics, supposition and anecdotal information. Only cite facts and reports that you can document. For added credibility, clearly cite your sources in a form that your readers can check for themselves. Double-check your facts, since your alert will become a matter of record -- forever. (Remember the cyber-Twinkie.) Your credibility rests on the dependability of your references.
Added tip: keep your own copies of any Web pages or FAQs that you quote. If the original succumbs to the dreaded "Error 404 - Document not found" syndrome, you will still have your copy.
Give credit where due. No one's a universal expert. Where other sources have contributed facts, cite them with clear attribution. When you take care to explicitly divulge "who" said "what," readers can see and trust the foundation upon which you've based your alert. Murky, or missing, references dilute your credibility, and drown your alert's chances of being heeded.
Be wary of ephemeral references; avoid "dead links." References pages may be available when you draft your alert, but other sites (over which you have no control) may remove the pages later, while your alert is being distributed. (I've found that smaller newspapers are notorious for this.) In addition to archiving a copy for yourself (see above), reconsider including the link in your alert. Why? If a reader trys to confirm your claims, and finds your reference is no longer there ("Error 404"), your entire alert may come under suspicion. Limit your quoted links to those you are confident will remain "alive."
Simon says,... Make clear what action, if any, is needed. Don't assume that this is self-evident. Users may need to update their software, check their phone bill, consult their physician, or contact the local authorities. Leave no question as to what action you suggest your readers take. If none is needed, say so.
Solicit action, not emotion. Some alerts sound fabulously terrifying: costly legislation, regulations that violate civil rights, reports of child abduction, violence against women, threats of deadly diseases spread by mischievous villains. (Review my "Hoax du Jour" columns for more juicy tales.) There should be no need to "dramatize" the issue for your reader. Don't use excessive punctuation, or emphatic capitalization ("THIS IS A VERY REAL DANGER!!!"); on the 'Net, these tactics equate to shouting. Regardless of the topic, ensure that you are providing reasoned information for the purpose of informing, not inciting.
Provoke thought, not a riot. Your alert is not going to single-handedly resolve the problem globally (trust me on this). Don't usurp power from your reader. Instead, write your message for an audience of thoughtful readers who will weigh your words, then "do the right thing" within their own sphere of influence. Leave it to the reader's judgement to act appropriately.
Gently, politely, discourage chain e-mail. Don't ask the reader to "Forward this to everyone you know." Chain letters (petitions, "forwardables") have come to be almost as unpopular as Web banner ads and unsolicited, commercial e-mail ("e-j-mail"). E-mail petitions, regardless of their limited effectiveness, are viewed with only a little more charity. Isolate your alert from the mob by eschewing any resemblance to these practices. Gently dissuade your reader from turning your alert into another 'Net rumor.
Don't wear out your welcome. As the Internet matures, netizens are becoming savvy about privacy and netiquette issues. If you e-mail your alert, don't abuse the privilege of sending to your readers. At all costs, avoid "mail bombing," or "spamming." On USENET, only cross-post while specifying an appropriate Followup-To newsgroup. Polite USENET posts can be as brief as an invitation to visit your Web alert page, with a "teaser" summary of the topic and the top-level URL. (Definitions courtesy of The Jargon File, http://www.netmeg.net/jargon/)
An Annotated Alert
Enough theory, okay? Lecture's over, class, now let's do a lab.
Below I've written a sample e-mail alert to illustrate my points. As you read through it, reflect on the suggestions above, and tally up how much of my own advice I heed. (If you feel the need to peek, click the footnotes.)
Korova Multimedia E-mail Alert 11 September 19992
This e-mail alert is distributed by Korova Multimedia (www.korova.com)
to alert the Internet community to a potential hazard. This alert is
distributed to "opt-in" participants in the Korova Multimedia
"e-v-mail" pages, an ongoing commentary on the phenomenon of
misinformation on the Internet.5
If you forward this alert to another address, please do so in its
entirety. Please do not quote portions out of context, or edit any
text between the dotted horizontal lines ("~-").
FOR INTERNET RELEASE6
ALERT #01-997 - "E-v-mail"
SUMMARY:8 The Internet is being flooded with e-mail messages that
contain misinformed warnings and uncorroborated facts. Some messages
are hoaxes, apparently written to create needless confusion, paranoia
RISK:9 Anyone who receives e-mail at work or at home may may be exposed
to unsolicited e-mail which contains misinfomation.
DESCRIPTION:10 The Internet has become a breeding ground for
misinformation and hoaxes. Users who are inexperienced with e-mail
(electronic mail), and e-mail "netiquette," are regularly encouraged
to forward uncorroborated messages to others. These messages may
contain factual errors; many appear to be intentional hoaxes.
The U.S. Department of Energy's CIRC office (formerly CIAC) asserts
that online hoaxes and chain letters generally feature three basic
features: The Hook, The Threat, and The Request. These components act
to appeal to the reader, incite paranoia (or sympathy, or greed), and
encourage the reader to forward the message indiscriminately.
Several commentators have suggested that a message that falsely warns
of an e-mail virus, and asks the reader to forward the warning to
everyone each reader knows, IS the e-mail virus. Korova Multimedia
calls this e-mail phenomenon "e-v-mail." The success of e-v-mail
depends upon a reputed "thought virus," an e-mail borne contagion. The
message, when read, "infects" the reader and induces symptoms such as
needless panic, and an involuntary urge to forward the message via
e-mail. The user who succumbs to the thought virus "infects" others by
forwarding the e-mail, thereby "spreading the disease." Many observers
feel that e-v-mail has become an Internet "epidemic."
One of the first documented e-mail virus hoaxes was called "Good
Times." Variants of "Good Times" continue to be distributed today.
Other popular e-v-mail messages include various "free" giveaways,
false electronic virus warnings, the "90#" and "809" phone scam
alerts, health scares, missing children alerts, and petitions for
various causes. Many of these examples fit the description of
When you receive a message containing a warning, a possible hoax, or a
chain letter, we suggest you read the message with reasonable
skepticism. Messages from unknown or obscure sources (even a "friend
of a friend") should be viewed with high suspicion.
Rather than forward the information promiscuously, we ask readers to
confirm the information in a message before resending it, and discard
without further action any e-mail which makes unsubstantiated claims.
Forwarding a message without thinking contributes to the e-v-mail
problem, and negatively impacts the Internet community as a whole.
REQUESTED ACTION:11 This is an advisory. No further action is necessary.
Sent:12 15 September 1999
Expires:13 15 December 1999
This alert is for information only. E-mail inquiries to firstname.lastname@example.org
This document is available online at http://www.korova.com/virus/alerts.htm.16
This page was written for the public information or IT professional who is preparing a general interest warning for a wider audience. Several of my own suggestions are based on my background in Coast Guard Intelligence, drafting and reviewing tactical information reports for field commanders. I based some of my text upon Phil Agre's excellent article, Designing Effective Action Alerts For the Internet, which I highly recommend. Phil's guide is directed towards those who distribute political action alerts, but nevertheless has a lot to offer to anyone doing mass communications on the Internet.
Many infosec colleagues have given me insight into these issues over the years. Immediate and long-term thanks go to Dave Brown, Tom Latta, Pat Nemeth, Rob Rosenberger, George Smith, Willie Viarnes. Others whom I've excluded by omission of memory are hereby deemed included.