I have been getting undeliverable emails sent back to me to email addresses that I do not recognize. In the last three days I have received emails from two individuals asking me if I was a spammer. Can you please tell me what the heck is going on??????

Imagine 3 people A, B, and C. A knows B, and B knows C, but A and C do not know each other. In this scenario, B has both A's and C's email addresses stored on his computer. Now person B gets a virus on his computer, and the virus creates an email message, randomly grabs two email addresses, puts one of them (A) into the "from" line, and the other (C) in the "to" line, and sends the email off.

Now person C gets an email from A, a person he doesn't know, and assumes A is a spammer. He sends a nasty email to A saying "are you a spammer?" That answers the second part of your question. To answer the first part, imagine that person C has changed his email address, so the email address the virus sends to is invalid. So what happens? Since the virus has forged A into the "From" line, it is A who gets the "delivery failure" notifications, even though he never sent out an email. Is there anything you can do about it? Not a thing. Sorry.

Somebody, maybe more than one somebody, is faking my email address and sending out potentially illegal spam. You said to grin and bear it when somebody forges your email address but I don't want the authorities knocking at my door over this. Is there any new technology to help me out?

Remember that every email has a path it travels, which can be found by looking at the "options" for the email. For example, the email you sent me has the following path: [Email information snipped] Now, that may look like a lot of garbage to you (it certainly does to me) but the fact is, once the email leaves the forger's computer, he has no control over that information. So the "authorities" could always tell whether or not this really came from you. You only have something to worry about if you really are the sender.

Someone told me something about something called Bobby...I guess it has to do with making sure your site is handicapped accessible, or something. Do you know?

Bobby is a software tool designed to determine whether your site meets standards for accessibility. It looks for things like ALT text in your images, context irrelevant links (such as "Click Here"), text which is set apart based on color, and many other accessibility issues. The best part is, Bobby is a free tool*. Just type in your URL, and Bobby will tell you if you pass. If you don't pass (which you probably won't!) Bobby will tell you all the things that are wrong with your site.

If you work hard enough, you can make your site entirely Bobby Approved, and you can get a little logo saying so. Even if you don't want to take the time to make your site fully compliant, using Bobby and studying the results will help you get a much better idea of the problems disabled persons may have trying to access your site. At the very least, you should try to take care of the most glaring problems.

* 2016 Update: Bobby was shut down several years ago, but has lived on in various incarnations. Rather than linking to it here, since it'll probably change locations again, just go to Google and search on "web accessibility evaluation tool".

A year after responding to this question, the following question was received:

Dear Professor Puzzler I was reading your blog, and in particular I saw your answer to the question about "Bobby." Can you tell me why YOUR website does not pass Bobby's analysis? 

This is a good question! In my previous Bobby post I said:

"Even if you don't want to take the time to make your site fully compliant, using Bobby and studying the results will help you get a much better idea of the problems disabled persons may have trying to access your site. At the very least, you should try to take care of the most glaring problems."

This is exactly how I use the Bobby tool, for a variety of reasons:

• This site has design features that serve no practical purpose for navigation, but are purely for visual aesthetic. For instance, if you go to the home page and hover over any of the game links, they will slightly change color. This is just an attention grabber, and serves no real purpose. Bobby complains that the code doesn't run when the element has keyboard focus. Except...it's not possible for that element to have keyboard focus, so Bobby's suggestion is not practical or sensible, because he doesn't know the purpose of the code.
• Similarly, I have features that run off either a mouse click event or a link click. Bobby recognizes that I have mouse-click events that aren't keyboard accessible, but has no way of knowing that I have accessible links that do exactly the same thing.
• By the nature of this particular site, which contains a lot of educational games, some of the features may not be accessible to someone with certain disabilities, and it would be virtually impossible to make them so (in some cases it might be possible, but because this is a free site, and we would need a sizeable grant in order to be able to afford to incorporate handicapped accessibility into the games!)
• There are some links on this site which have no text in them. For a very specific purpose. They lead to secret, hidden, "easter eggs" on the site.  Adding text to the link defeats the purpose of the link. Besides, since these links are designed to be non-obvious, they're actually more accessible to someone who navigates by keyboard, since the focus will stop on the link.

For the most part, the reasons have to do with the fact that an automated tool can't guess at the purpose of an element on the page, and therefore I consider it to be more important to follow the spirit of the law instead of the letter.

Good grief! What is up with this? My friend emailed me a database file, and Outlook tells me it won't let me receive it. Have any suggestions?

This may be moderately annoying, but it is in your best interest to have Outlook do everything it can to protect you from malicious code which may be hiding in database files and executable files. So you may not be able to open that MDB or EXE file your friend sent you.

But don't despair, you can get around Outlook if really need that file. Email your friend back and tell him "I need you to change the file extention to .MDX (or anything else besides .MDB) and then resend it to me."

Your friend changes the file extension, Outlook no longer recognizes it as a database file, and it lets it through. Now, when you save the attachment, you've just got to remember to change the extension back to .MDB and you're good to go!

2016 Update: This is not just an Outlook issue anymore. E-mails tend to get checked for potential viruses at every step along the delivery process. And some services are downright scary in how sophosticated their checking algorithms are. I have a client that I do VB.net development for, and occasionally they need me to update a single *.aspx file and e-mail it down to them. But their mail server rejects as hazardous any e-mail with the *.aspx extension.

No problem, right? Just change the extension to something like *.asz.

No dice; their server still rejects it.

Okay, so let's try zipping the *.aspx file. Nope. Still no joy.

Change the file extension, then zip it?

Their server is smart enough to still recognize as potentially hazardous.

Change the file extension, zip it, change the zip file's extension from *.zip to *.ziq. STILL no luck.

Give up and mail the updates to my contact person's personal e-mail address.

Your site addressed http versus https, but I'm still a little nervous about something. When I go to my bank's site for example, I immediately see https in the URL window (& get a little locked padlock image on my browser frame), but they still ask me to log-in with a user ID and a password. That is what I'm used to with sites asking for my financial information to place an order. However, a yarn site I am interested in ordering from, while having the https appearing in the address and asking for me to create an account with a password, does not trigger that little padlock icon on my browser frame. They have some security company related links on their site making it appear as if they are taking security measures, but having worked at a large insurance company and having seen viruses make their way across monumental security efforts and proliferate in that network, I'm still nervous about doing business on-line at a personal level. I sent an email query about this and received the following response: "Hi Beverly, Our site is very secure. I put a lot of effort into making sure and I am audited by my merchant bank and an independent agency (Security Metrics) to insure security. Both my internet connections (broadband and router) and my site (Volusion) are scrutinized. If you see "https://" in your browser address bar, the page (site) is secure. The "lock" icon on the page is window dressing. It is the address bar that tells the true story. Thank you, John" Why doesn't their site trigger the icon and would you say that it is still reasonably safe to do business with an https site that doesn't trigger the icon? Beverly

You have a good eye and a good instinct, Beverly. You're right; this site doesn't behave exactly as you expect most secure websites to behave.

On my web browser (firefox) the padlock icon does appear, but it has a warning message attached to it. What is the warning? The warning is that even though the page itself is on a secure server, it draws resources from non-secure servers: "Parts of the page you are viewing were not encrypted before being transmitted over the internet. Information sent over the internet without encryption can be seen by other people while it is in transit."

What sorts of resources might those be? Well, the most likely culprit is image files that exist elsewhere, in non-secure locations, and are called up as components of this secure page. What does that mean? It means that when you are loading up that page, it's possible for people to "eavesdrop" on some (but not all of the content) being loaded.

Is it going to cause problems? Mmm...probably not. It doesn't mean that your financial information is unsecure. But, honestly, the fact that they haven't bothered to secure all of the content on that page would make me think very long and hard about giving them my credit card information, and I would choose against. But of course, you need to make your own choice on that matter. Hope that is helpful!

Doug - I read your note about phony offers for web site hits, but could you recommend something legitimate. I am starting [some new websites], and would like to show some hits to start pushing the site up in ranking - in addition to doing some pay-per-click, etc. Any ideas for me? Thanks,

First, let me start off by saying that you shouldn't count on Pay Per Click systems raising your rankings in the search engines. Yes, they will drive traffic to your site, but there's no guarantee that it'll help you get a higher ranking in Google, MSN, Yahoo or the other big boys. I'll explain more about that in a minute.

Let me give you three suggestions for getting your site better rankings in the search engines.

First, you need to make sure that your site is optimized well for search engines. This means dealing with your Title tag on each page, as well as your meta description and meta keywords tags. Here's an explanation of those tags: Meta Tags - Description and Keywords. What are they? Now, you can hire someone to do that work for you (I'd even consider taking on the project myself) but you probably have someone in house who can study up on the details of optimizing your tags, and do it without paying an outside contractor.

Second, get your site listed in as many search engines and web directories as possible. The search engines are good, but directories are also valuable, because they are a permanent clickable link to your site, which the search engines then take into account in their measurement of link popularity.

Third, ncrease your "Link Popularity". Generally speaking, the search engines like websites which have a lot of other websites linking to them. Getting people to link to you can be a daunting task, and it takes months sometimes before the search engines even notice the links that others have given to you. If you want people to link to you, you need to make sure that your site has valuable content.

And, of course, if you provide valuable content, eventually people will link to you without you even asking. Because this site is filled with fun educational games, it has hundreds of school districts all over the world which have linked to it, and I never asked them to. Why? Because the teachers love the free educational games and resources!

Now, back to my Pay Per Click comment. Remember that search engines are hungry for sites with link popularity, and you might think that having Pay Per Click ads on other sites counts toward link popularity. But typically Pay Per Clicks are either hidden behind javascript, or redirects, or some other fancy footwork, so the search engines never even see your site through those links. So while Pay Per Clicks will drive traffic to your site, they won't get you any long-term ranking help (unless, of course, the people who visit your site from those ads then proceed to link you up on their own websites!)