PC Magazine's Editors Choice & Top Pick for the SMB
How it worksFree TrialVIP RewardsCompare all vq Products
Company Products Features Partners Support The Lab Contact Us Home
 Vanquish Forum Index  FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

SurfMatch: Admit mail when you make a purchase
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Vanquish Forum Index -> List Management, SurfMatch, List-Server
View previous topic :: View next topic  
Author Message
--VQ--
Site Admin


Joined: 06 Jan 2003
Posts: 590

PostPosted: Sun Jan 09, 2005 3:25 pm    Post subject: SurfMatch: Admit mail when you make a purchase Reply with quote

Question: I've Heard a Lot About SurfMatch[TM] -What Is It?
How Does It Work? Is it spyware?

SurfMatch admits mail from web sites at which you made a purchase or entered a password or other personal data into an online form. For example, suppose you enter an email address or credit card number and you click Submit. Vanquish does not intercept your keystrokes. This is how it works...

When you visit a web site that operates a secure server, your data is encrypted (all the way from your PC to a vendor you trust). A market basket or other secure web page involves cost and overhead for the owner, including extra fees for hosting and for a certificate. It is a clear indication of a business relationship that you initiated. vqME cannot see this data. But it knows that you have entered into a secure area of the internet. vqME can optionally admit incoming mail that matches the domain of web sites at which you engaged in such "intimate" activity. Matching email addresses are admitted as a Domain Allow match, but only for 90 days. If they write to you in that time (for example to confirm a purchase), then the expiration restriction is removed.

But what if you log into secure areas of a popular web sites - especially one that also offers an email service, such as Yahoo, Google or AOL? Does this means that all mail claiming to be from Yahoo or AOL will slip into your mail box. No! This tip explains why you needn't worry.

Is SurfMatch a form of spyware? No... It's not even debatable. [details]

SurfMatch is a very popular feature of all Vanquish platforms. It dramatically enhances antispam accuracy by avoiding falsely intercepted messages. Mail from commercial organizations with whom you have an existing personal relationship is automatically admitted without requiring users to edit a whitelist. Along with Sender Bonds, you can get commercial mail for which you did not initiate a relationship (and which might otherwise be filtered), but only if the sender is willing to gurantee with cash your desire to receive it.
Back to top
View user's profile Send private message Visit poster's website
z



Joined: 01 Apr 2007
Posts: 3

PostPosted: Tue Apr 03, 2007 4:59 am    Post subject: Reply with quote

I gather that SurfMatch works only when you are engaged in secure sessions, and in general, I can see the rationale for this. But what about if I'm signing up for a newsletter, and am simply entering my email address? Such pages often aren't secure, and it's my understanding that SurfMach doesn't work with them. But I think that in this case, submitting my email address is a clear sign that I want to receive email from that site. Assuming this is an email address protected by Vanquish, shouldn't SurfMatch add this site to the Allowed list?
Back to top
View user's profile Send private message
--VQ--
Site Admin


Joined: 06 Jan 2003
Posts: 590

PostPosted: Tue Apr 03, 2007 9:28 am    Post subject: Reply with quote

Our response has three parts: (1) Clarification of the Surfmatch mechanism, (2) Response to your idea, (3) A better way for newsletters
  • Mechanism:
    You are correct about the primary mechansim of the SurfMatch feature. It catalogs and admit sites at which you enter a secure connection (the event of adding to the Domain Allow List occurs as you leave the secure connection). Of course, this typically includes any site at which you enter a password, or submit credit card number, a social security number, personal financial data, etc.

    The feature also looks for web transitions that incliude the HTML Get or Post command. This helps to pcik up we sites at which you enter data onto a form - but are not secure. However, this technique can pick up a lot of casual web browsing or even links that you click in spam email, becuase, because php pages and any link with data '?=' will be picked up as a post command. So we add a heuristic to determine if the page transition was likely to have been initiated by you after typing into an online form. We err on the side of avoidance, because nearly all sites that generate desirable follow up mail are covered by the first rule.

    Finally steps: If the entry is on your Domain Exclude List we ignore it (it is not added). Finally, we de-dup and encrypt the entries before sending up to your Domain Allow List which is maintained on the server.

  • Your Idea:
    Your idea is good. We have implemented it carefully - after extensive research. This is why we add sites at which you type data and then click a submit button. But again, our detection method picks up any get or post command, which could result in loading up on a lot of irrelevant web surfing. So we look for signs of certain intent. That is, we want to be sure that sites cannot wiggle onto your list unless you are clearly enganged in a transaction or "intimate relationship" with the web content.

  • Signing up for a Newsletter:
    To guarantee delivery of a newsletter or any trusted site at which you register your address, I urge you to use a much better method. Give the site a custom address and place it on your List Allow list.

    This is one of our most powerful and popular features. And the Vanquish implementation provides exceptional results. Read about it here or here. The 2nd explanation is more technical and appropriate for individuals who own their own domain.

    The technique has three advantages:
    • Admits desired content
    • Makes phishing scams transparent (if it slips through the server phishing filter)
    • If you own a custom domain, you can make up addresses for each sender - without even creating one
Back to top
View user's profile Send private message Visit poster's website
z



Joined: 01 Apr 2007
Posts: 3

PostPosted: Thu Apr 05, 2007 3:49 am    Post subject: Reply with quote

So far, so good. But what about the following example?

I surf over to [web page 'A'] on the recommendation of a friend. I'm interested in picking up some charcoal. So I click Charcoal on the left, and then click on the order button. But now I am at [web page 'B']. Eventually I come to the checkout page, and give my email address for a confirmation reply. But by this time I'm in the middle of the Yahoo stores Web site. Is SurfSmart smart enough to know that I'm going to be getting email that should be allowed from web site 'A'?
Back to top
View user's profile Send private message
--VQ--
Site Admin


Joined: 06 Jan 2003
Posts: 590

PostPosted: Thu Apr 05, 2007 5:02 pm    Post subject: Reply with quote

Hello Z. We like this question (because our answer shines!) Thank you for this follow up...

SurfMatch catalogues the exit event from the secure server. In ALMOST every case, the security certificate is with the party that the buyer associates with the certificate. After all, if you think you are giving your credit card data to Citibank, the seller knows that you may expect the URL to show citibank.com before any forward slash.

In fact, our credit card checkout page produces the entry form from the card processor. We don't want to collect or store our customers' card numbers. Even though the customer is transmitting data in a secure connection with LinkPoint, the URL shows https://vanquish.com. The chain of trust is preserved - but the expected party is presented. That's a fundamental tenant (and a benefit) of secure encrypted services.

But I will also add this. The smart filter in vqNow will most often release messages about products and services that you like - especially if they are rarely the topic of typical spam. Soon, the filter at vqME will work in the same way.
Back to top
View user's profile Send private message Visit poster's website
czyler



Joined: 26 Apr 2006
Posts: 69
Location: Shropshire, UK

PostPosted: Mon Jun 04, 2007 10:34 am    Post subject: Reply with quote

Please would you advise whether or not this surfmatching is still browser specific (i.e. MS Explorer) or is now compatible with most of the popular browsers (Firefox and Opera in particular)?
Back to top
View user's profile Send private message MSN Messenger
--VQ--
Site Admin


Joined: 06 Jan 2003
Posts: 590

PostPosted: Mon Jun 04, 2007 11:07 am    Post subject: Reply with quote

The quick answer is that SurfMatch requires Internet Explorer 5, 6 or 7. We are not currently working to expand it to other operating systems or browsers, although we may consider it in the future.

This is a good time to recap the hardware and applications compatibility of all Vanquish features. This applies to all of our security products: vqME, vqNow and vqSA:

Any PC, Any OS (Win/Mac/Linux), PDAs, Cell phones, etc
Primary "operational features" are available from any device and from anywhere. No software is needed
  • Anti-spam, Antivirus, Anti-Phishing
  • Auto-whitelist, Challenges, Personal Filter, Subject Match
  • Account management, Preferences, List management
Windows PCs - Mostly "1-time" convenience features. None are critical:
  • Quick configuration of Email Program Settings
  • Quick import from Email address book
  • Quick shortcuts to any list or account page
IE 5/6/7
  • SurfMatch feature
SurfMatch is the only operational feature of the optional Tray Wizard that is limited to a specific platform and browser. All other operational features of vqME work on any platform and any PC.
Back to top
View user's profile Send private message Visit poster's website
czyler



Joined: 26 Apr 2006
Posts: 69
Location: Shropshire, UK

PostPosted: Wed Jun 06, 2007 4:38 am    Post subject: Reply with quote

Thanks for clarification. I would urge you to rethink your browser position as many estimates place Firefox at at least 10% market share (perhaps your target customers are more technical, or at least more independently minded given they are looking for a better spam solution, and therefore more likely to use Firefox or Opera than IE) - of course, you probably have stats for your web email front end saying what the browser spread is.

I confess to self interest on this one: I use Opera mostly, Firefox some of the time and IE7 rarely (usually only when I MUST visit a site that does not follow web standards and will not work properly with the other browsers).

Stuart
Back to top
View user's profile Send private message MSN Messenger
--VQ--
Site Admin


Joined: 06 Jan 2003
Posts: 590

PostPosted: Wed Jun 06, 2007 8:50 am    Post subject: Reply with quote

YES, our users tend to be more likely to seek applications apart from the dominant ones. We see this even more in email applications. We have an unusually high percentage of users who prefer Eudora, The Bat, Opera M2 and even Incredimail.

We agree with you 100% - We need to add the widget to Firefox and Opera. For now, it is strictly a matter of engineering resources. It is definitely on our agenda - but will probably wait until we can grow our resources a bit more.
Back to top
View user's profile Send private message Visit poster's website
simonb



Joined: 02 Jan 2007
Posts: 17
Location: London, UK

PostPosted: Wed Jun 20, 2007 10:17 am    Post subject: Another Firefox vote Reply with quote

Just wanted to add my voice to the Firefox request
_________________
Thanks,

Simon
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Vanquish Forum Index -> List Management, SurfMatch, List-Server All times are GMT - 4 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2003 phpBB Group