I recently had the privilege to work on upgrading a client’s website and after an initial run through the code I was horrified. It was strangely written and obtuse. For some reason each page was being displayed in an Iframe unnecessarily, etc. I then saw the culprit. It was built in Iweb, the built in Web Site Publishing tool by Apple as part of their ILife software suite.

The website looked good, it worked in all the browsers I tested, and it was even, to my great surprise. Standards Compliant.

I am a big supporter of Web Standards as a way to make the web a better place, but I also realize that any set of rules or standards can be gamed to the point of irrelevancy. Thats what this site was. Iweb produces nasty code that should only be used on a personal website. I am still amazed that the drag and drop interface of Iweb works so well across browsers and in such a rich graphical manner but when you start digging it gets really ugly. It also validates as XHMTL Transitional 1.0 perfectly, proving my point.

Validation as standards compliant is not and should never be the defining characteristic of quality code. A huge amount of other factors need to be considered when designing your website and obsessing over a validation is not where I want to spend my or my client’s time. Some of the web standards recommendations I don’t agree with and will break. The removal of the “target” attribute, for example, in the strict doctype is very annoying since this help controls how links work and is very important. There was no easy replacement for this functionality that was given.

Trying to get embedded youtube videos to validate requires rewriting the code even though it produces the same effect.

At some point the case for web standards comes down to a case of diminishing returns. It is easy to have a site validate when it is static and completely under the control of a web developer. If you add in a content management system of some kind and have users who don’t know web standards then it is just not worthwhile. Proper training is essential for the users but its not going to ever be perfect.

Standards are always the bar that I reach for with my websites; but for me, the real test of a website is everything besides that. Does it influence site visitors? Does it produce sales? Does the site have repeat visitors? These are the true criteria of success and ultimately what we are all after.

I made an error today, err, well actually an error many months back when this site was initially put together. I put my email address online.

Now I know that doesn’t sound like a big deal, and its not if your site isn’t getting any traffic. Recently however the site traffic has picked up, and I’m starting to get that wonderful spam email we all know and love.

What put me over the edge on this issue, and made me want to write about it was this bogus email I received from a spambot posing as Visa.

Dear Visa Cardholder,

Continuous Monitoring is an integral part of Visa's multiple layers of security. In addition to other fraud monitoring tools, we can often spot fraud based upon transactions on the card that are outside of cardholders typical purchasing pattern.
This allows us to spot fraudulent activity as quickly as possible and acts as an early-warning system to identify fraudulent activity.

During a recent checkout we detected suspicious activity and your Visa card may have been compromised. Fraudulent activity made it necessary to limit your card for online services.
Your Case ID Number is: DD7Q8QQ9EDR7
Conform to our security requirements and in order to continue online services with your card, we must validate your identity.

Please click here to verify your identity

Visa takes online security very seriously so that you can shop safely on the Internet. As part of our commitment to fighting fraud we have the right to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of the terms and conditions for using Visa.

Sincerely,
Visa Customer Service.

© Copyright 2001-2009, Visa All Rights Reserved.

At first glance this looks fairly legitimate, the email address that it is from has Visa in the name though it is not from visa itself. I knew that was wrong right off the bat. Then it goes on how this is about security, and who doesn’t want to be secure? Then it says that my recent activity was suspicious and it scares you into thinking that your card has been compromised.

The email then references a bogus Case ID number. This is somewhat clever. However no company would give you a case id without you requesting it and then send that id number to you in an unsecured email like this. After that the usual sign of spam occurs. Bad grammar, or spelling.

“Conform to our security requirements and in order to continue online services...”

Visa is not going to send you something like this.

The bogus email then ends with a link, more stuff about security and then claims that it is Visa with their copyright and everything. This was a fairly good email scam and they work, because people are gullible.

No company will ever request that you verify your identity through email. They just won’t, and its because of spam like this. Never listen to anything you get through email unless you requested it. If something was wrong with your credit card or bank account or anything else then the company would call you directly, not send you a crappy email message. Don’t trust email.

So my email address is no longer available on the about page. It is still available on my personal bio page because I want to keep it somewhere. The ideal situation though is to hide all of your personal emails behind contact forms. I will be making that transition during this site’s scheduled redesign in the summer.

So what does a contact form do?

It works better than a direct email link because it requires no third party software and can be done very simply within the browser. When a user submits the contact form they are greeted by a security Captcha. These are simple for humans to pass but many spambots get confused.
Contact forms are also helpful because you often get more information from them than with direct emails. You get to ask direct questions of people before they even contact you. This limits the amount of pointless requests you receive. For a business it lets you know immediately if someone is serious or just browsing.

“I’m thinking about building a website, sometime in the future. Some other colleagues said I needed one. How long would it take and how much does it cost?”

“My company is looking to build a promotional site. It will be about 10 pages. Our budget is about $2000 and we want it up in two months.”

Which email do you think I take more seriously?

Contact forms are not hard to setup and come included with all of Inlet Media’s web designs.

Unfortunately this method is not a magic bullet and won't stop all spam but its a good and simple way to start protecting yourself. So be sure to keep your email address secure by hiding it with contact forms. Like other pieces of contact information, your email address should only be available to people you trust.

Inlet Media .com has only existed in its current form since June of 2008 and already I don’t like it. All I can see is what’s wrong with it. The flaws, things I should have done differently and embarrassing errors. Now maybe thats just my obsessive nature taking over but I want to focus then on auditing my website, and why you should as well.

Every business goes through moves, changes in personnel and simply does things wrong. A website can be one of the worst aspects of this because it is so easy to put something online, publish it, and forget.

Take a look through your website in these first few weeks of this new year and make sure you have done some of these simple website chores.

• Make sure your contact information is correct, especially your email addresses.
• Go through all of your pages and check for spelling, grammar and layout issues.
• Make sure that your online marketing material online echoes your brand.
• Check the footer of your website where most of the copyright information is and update it to the next year. You would be surprised how often this information is totally wrong.
• Look over your old blog entries or other items you have written. I challenge you to read them all and see how you have developed over the year. What has improved, and what needs to be worked on.
• Check your links, both internal and external. Make sure that they are not broken. If the page you are linking to has disappeared, then remove it.
• Go over your Search Engine Optimization policy, what has worked and what has not?
• Is your site organized or do you feel lost? If you have problems with your site then your users do as well. Take the time to reorganize it now.
• Audit your passwords, this is something you should do with all of your computers and websites especially. Change your passwords to keep your data secure. This should be done more often than once a year, but I know people don’t do this.

The internet is a constantly moving environment and it is always incredibly surprising to see everything that has accumulated over the year. Try to clean up the gunk before another year goes by.