Note to self: ignore search results that say to install a plugin; the absolute fastest way to send a test email from a WordPress/ClassicPress installation (assuming you’re using WP-CLI) is just to run something like:
wp eval 'wp_mail("recipient@example.com", "Test Email", "A test email from WP-CLI");'
I have a credit card with HSBC1. It doesn’t see much use2, but I still get a monthly statement from them, and an email to say it’s available.
Not long ago I received a letter from them telling me that emails to me were being “returned undelivered” and they needed me to update the email address on my account.
I logged into my account, per the instructions in the letter, and discovered my correct email address already right there, much to my… lack of surprise3.
So I kicked off a live chat via their app, with an agent called Ankitha. Over the course of a drawn-out hour-long conversation, they repeatedly told to tell me how to update my email address (which was never my question). Eventually, when they understood that my email address was already correct, then they concluded the call, saying (emphasis mine):
I can understand your frustration, but if the bank has sent the letter, you will have to update the e-mail address.
This is the point at which a normal person would probably just change the email address in their online banking to a “spare” email address.
But aside from the fact that I’d rather not4, by this point I’d caught the scent of a deeper underlying issue. After all, didn’t I have a conversation a little like this one but with a different bank, about four years ago?
So I called Customer Services directly5, who told me that if my email address is already correct then I can ignore their letter.
I suggested that perhaps their letter template might need updating so it doesn’t say “action required” if action is not required. Or that perhaps what they mean to say is “action required: check your email address is correct”.
So anyway, apparently everything’s fine… although I reserved final judgement until I’d seen that they were still sending me emails!
I think I can place a solid guess about what went wrong here. But it makes me feel like we’re living in the Darkest Timeline.
I dissected HSBC’s latest email to me: it was of the “your latest statement is available” variety. Deep within the email, down at the bottom, is this code:
<img src="http://www.email1.hsbc.co.uk:8080/Tm90IHRoZSByZWFsIEhTQkMgcGF5bG9hZA==" width="1" height="1" alt=""> <img src="http://www.email1.hsbc.co.uk:8080/QWxzbyBub3QgcmVhbCBIU0JDIHBheWxvYWQ=" width="1" height="1" alt="">
What you’re seeing are two tracking pixels: tiny 1×1 pixel images, usually transparent or white-on-white to make them even-more invisible, used to surreptitiously track when somebody reads an email. When you open an email from HSBC – potentially every time you open an email from them – your email client connects to those web addresses to get the necessary images. The code at the end of each identifies the email they were contained within, which in turn can be linked back to the recipient.
You know how invasive a read-receipt feels? Tracking pixels are like those… but turned up to eleven. While a read-receipt only says “the recipient read this email” (usually only after the recipient gives consent for it to do so), a tracking pixel can often track when and how often you refer to an email6.
If I re-read a year-old email from HSBC, they’re saying that they want to know about it.
But it gets worse. Because HSBC are using http://, rather than https:// URLs for their tracking pixels, they’re also saying that every time you read an email
from them, they’d like everybody on the same network as you to be able to know that you did so, too. If you’re at my house, on my WiFi, and you open an email from HSBC, not
only might HSBC know about it, but I might know about it too.
An easily-avoidable security failure there, HSBC… which isn’t the kind of thing one hopes to hear about a bank!
But… tracking pixels don’t actually work. At least, they doesn’t work on me. Like many privacy-conscious individuals, my devices are configured to block tracking pixels (and a variety of other instruments of surveillance capitalism) right out of the gate.
This means that even though I do read most of the non-spam email that lands in my Inbox, the sender doesn’t get to know that I did so unless I choose to tell them. This is the way that email was designed to work, and is the only way that a sender can be confident that it will work.
But we’re in the Darkest Timeline. Tracking pixels have become so endemic that HSBC have clearly come to the opinion that if they can’t track when I open their emails, I must not be receiving their emails. So they wrote me a letter to tell me that my emails have been “returned undelivered” (which seems to be an outright lie).
Surveillance capitalism has become so ubiquitous that it’s become transparent. Transparent like the invisible spies at the bottom of your bank’s emails.
So in summary, with only a little speculation:
Instead of sending me a misleading letter about undelivered emails, perhaps a better approach for HSBC could be:
Also, to quote your own principles once more: when you make a mistake like assuming your spying is a flawless way to detect the validity of email addresses, perhaps you should “be transparent with our customers and other stakeholders about how we use their data”.
Wouldn’t that be better than writing to a customer to say that their emails are being returned undelivered (when they’re not)… and then having your staff tell them that having received such an email they have no choice but to change the email address they use (which is then disputed by your other staff)?
</rant>
1 You know, the bank with virtue-signalling multiculturalism that we used to joke about.
2 Long, long ago I also had a current account with HSBC which I forgot to close when I switched banks… 20 years ago… and I possibly still owe them for the six pence the account was in debt at the time.
3 After all, I’d been reading their emails!
4 After all, as I’ll stress again: the email address HSBC have for me, and are using, is already correct.
5 In future, I’ll just do this in the first instance. The benefits of live chat being able to be done “in the background” while one gets on with some work are totally outweighed when the entire exchange takes an hour only to reach an unsatisfactory conclusion, whereas a telephone call got things sorted (well hopefully…) within 10 minutes.
6 A tracking pixel can also collect additional personal information about you, such as your IP address at the time that you opened the email, which might disclose your location.
7 It could be even worse still, actually! A sophisticated attacker could “inject” images into the bottom of a HSBC email; those images could, for example, be pictures of text saying things like “You need to urgently call HSBC on [attacker’s phone number].” This would allow a scammer to hijack a legitimate HSBC email by injecting their own content into the bottom of it. Seriously, HSBC, you ought to fix this.
This post is also available as an article. So if you'd rather read a conventional blog post of this content, you can!
This is the video version of a joke that’s also available as a blog post and as a podcast episode. Watch it here, or find it:
This post is also available as a podcast. Listen here, download for later, or subscribe wherever you consume podcasts.
This post is also available as a video. If you'd prefer to watch/listen to me talk about this topic, give it a look.
I am tired. For a couple of years I’ve been blaming it on iron-poor blood, lack of vitamins, diet, and a dozen other maladies. But now I’ve found out the real reason: I’m tired because I’m overworked.
The population of the UK is 69 million1, of which the latest census has 37 million “of working age”2.
According to the latest statistics, 4,215,913 are unemployed3, leaving 32,784,087 people to do all the work.
19.2 million are in full time education4, 856,211 in the armed forces5, and collectively central, regional, and local government employs 4.987 million6. This leaves just 12,727,876 to do all of the real work.
Long term disabilities affect 6.9 million7. 393,000 are on visas that prohibit them from working8, and 108,0859 are working their way through the asylum process.
Of the remaining 339,791 people, a hundred thousand are in prison10 and 239,789 are in hospital11.
That leaves just two people to do all the work that keeps this country on its feet.
You and me.
And you’re sitting reading this.
This joke originally appeared aeons ago. I first saw it in a chain email in around 199612, when I adapted it from a US-centric version to a more British one and re-circulated it among some friends… taking the same kinds of liberties with the numbers that are required to make the gag work.
And now I’ve updated it with some updated population statistics13.
1 Source: Provisional population estimate for the UK: mid-2025, Office for National Statistics.
2 Source: Working age population, gov.uk.
3 Source: Unemployment, Office for National Statistics.
4 Source: Statistica for all the children, plus FE students from Education and training statistics for the UK, gov.uk, with some rounding.
5 Source: Hansard, here, plus other sources from the same time period.
6 Source: this informative article.
7 Source: UK disability statistics: Prevalence and life experiences, House of Commons Library.
8 Source: Reason for international migration, international students update: May 2025, Office for National Statistics.
9 Source: How many people claim asylum in the UK?, gov.uk.
10 Source: Prison population: weekly estate figures 2025, gov.uk.
11 Source: Bed Availability and Occupancy, Hansard Library.
12 In fact, I rediscovered it while looking through an old email backup from 1997, which inspired this blog post.
13 Using the same dodgy arithmetic, cherry-picking, double-counting, wild over-estimations, and hand-waving nonsense. Obviously this is a joke. Oh god, is somebody on the satire-blind Internet of 2026 going to assume any of these numbers are believable? (They’re not.) Or think I’m making some kind of political point? (I’m not.) What a minefield we live in, nowadays.
Obviously I wasn’t planning on going to the US anytime soon, but if I did… they might struggle with my visa application when I put every “email address I’ve used for the last 10 years” on, because I actively use a variety of catch-all domains/subdomains.
I’ve probably missed some addresses (e.g. to which I’ve only ever received spam that’s since been deleted), but a conservative estimate of the number of personal email addresses which I’ve sent mail from or to would be… 7,669 email addresses. 🤣
Since I relaunched freedeedpoll.org.uk three months ago (with new features) and made an explanatory demo video, the volume and kinds of questions I’ve been emailed has… become larger and more diverse.
I still get questions about childrens’ names and citizenship and gender recognition certificates and things.
But now I also get questions like “how do I print multiple copies of the PDF?” and “why does my homemade deed poll not have a serial number?” 😂
I find a lot of these “this company is tried to usurp your brand with Chinese domain name purchases” emails in my spam folder, corresponding to my (many) domains. They’re a scam, of course: the scammer is trying to goad me into saying “No, please help protect my brand identity, I’ll pay you over the odds for these .cn domains!”
But I’ve always wondered – what happens if you reply and say “Yes, Baokang Ltd DO represent my business interests in China, please go ahead and let them register these domains.” I’d know that was a lie, and the scammer would know that was a lie (the company, if it even exists, is under their control in the first place)… but they can’t admit that they know that.
Anybody tried baiting this kind of scammer in that way before? (With the usual scambaiting precautions, of course!)
This is a repost promoting content originally published elsewhere. See more things Dan's reposted.
Subject: “Re-Design and Promotion Strategy for Dead.Garden”
Subject: “About your Dead.Garden”
Subject: “Errors in your Dead.Garden”Dear Dead,
your website is not good enough, in fact, it is actively bad.
Don’t you know that you need Search Engine Optimization?
What are you, some kind of idiot?
Your site is currently ranked on page 1,000,000 of Google,
and if we know anything (in fact, we know everything),
this means that you are wasting not only your time,
but much more importantly
money.
We’ve had a quick look at your site
and noticed a few areas that could be improved.
We’ve discovered that your website’s UI is,
frankly,
complete ass.
Your mobile experience is bad, your CTAs should be shinier and rounder;
Maybe put a gradient here and there.
How are you ever going to get someone to buy your product
without manipulating their behaviour?You’re not selling anything?
Well then, what ARE you doing?…
A fantastic poem that feels exactly like the subtext of every one of these emails I ever receive.
My blog is for me, first and foremost; I suspect Jo feels a similar way about their digital garden. I’m not interested in making money with it, and I’m perfectly comfortable with the fact that it costs me money. These things are all fine. I don’t need an SEO merchant to tell me how they can improve it.
Anyway: go enjoy Jo’s poem.
There’s a question being floated around my corner of the blogosphere, but I think my experience of the answer differs from other bloggers:
It started when David Bushell observed that, despite having his email address unobscured on his website, he gets more spam via his contact form. Luke Harris followed-up, providing a potential explanation which basically boils down to the idea that it’s both more cost-effective and provides better return-on-investment to spam contact forms than email addresses. And then Kev Quirk described his experience of switching from contact forms to “bare” email addresses and the protections he put in place (like plus-addressing), only to discover that he didn’t need it at all.
It makes me sad to see the gradual disappearance of the contact form from personal websites. They generally feel more convenient than email addresses, although this is perhaps part of the reason that they come under attack from spammers in the first place! But also, they provide the potential for a new and different medium: the comments area (and its outdated-but-beautiful cousin the guestbook).
Comments are, of course, an even more-obvious target for spammers because they can result in immediate feedback and additional readers for your message. Plus – if they’re allowed to contain hyperlinks – a way of leeching some of the reputability off a legitimate site and redirecting it to the spammers’, in the eyes of search engines. Boo!
But I’ve got to admit: there have been many times that I’ve read an interesting article and not interacted with it simply because the bar to interaction (what… I have to open my email client!?) was too high. I’d prefer to write a response on my blog and hope that webmention/pingback/trackback do their thing, but will they? I don’t know in advance, unless the other party says so openly or I take a dive into their source code to check.
I’ve had both contact/comment forms and exposed email addresses on my website for many years… and I feel like I get aproximately the same amount of spam on both, after filtering. The vast majority of it gets “caught”. Here’s what works for me:
My contact/comments forms use one of a variety of unobtrustive “honeypot”-style traps. These “reverse CAPTCHAs” attempt to trick bots into interacting with them in some particular way while not inconveniencing humans.
I also publish email addresses all over the place, but they’re content-specific. Like Kev, I anticipated spam and so use unique email addresses on different pieces of content: if you want to reply-by-email to this post, for example, you’re encouraged to use the address b27404@danq.me. But this approach has actually provided secondary benefits that are more-valuable:
This strategy works for me: I get virtually no comment/contact form spam (though I do occasionally get a false positive and a human gets blocked as-if they were a robot), and very little email spam (after my regular email filters have done their job, although again I sometimes get false positives, often where humans choose their subject lines poorly).
It might sound like my approach is complicated, but it’s really not. Adding a contact form honeypot is not significantly more-difficult than exposing automatically-rotating email aliases, and for me it’s worth it: I love the convenience and ease-of-use of a good contact/comments form, and want to make that available to my visitors too!
(I also allow one-click reactions with emoji: did you see? Scroll down and send me a bumblebee! Nobody seems to have found a way to spam me with these, yet: it’s not a very expressive medium, I guess!)
A special level of accessibility failure on Egencia‘s mailing list subscription management page: the labels for choosing which individual mailing lists to subscribe to are properly-configured, but the “unsubscribe all” one isn’t. Click the words “unsubscribe all” and… nothing happens.
But it gets better: try keyboard-navigating through the form, and it’s hard not to unsubscribe from everything, even if you didn’t want to! As soon as the “unsubscribe all” checkbox gets focus, you get instantly unsubscribed: no interaction necessary.
I don’t want to withdraw any of our children from sec [sic] education lessons.
However they’re spelled, they’re a great idea, and I’m grateful to live in a part of the world where their existence isn’t the target of religious politics.
But if I can withdraw consent to receiving emails about sex education in Comic Sans then that’d be great, thanks. 😅
I’m travelling by train in just over a week, and I signed up an account with Avanti West Coast, who proudly show off their Shaw Trust accessibility certificate.
Clearly that certificate only applies to their website, though, and not to e.g. their emails. When you sign up an account with them, you need to verify your email address. They send you a (HTML-only) email with a link to click. Here’s what that link looks like to a sighted person:
So far, so good. But here’s the HTML code they’re using to create that button. Maybe you’ll spot
the problem:
<a href="https://www.avantiwestcoast.co.uk/train-tickets/verify-email?prospectId=12345678&customerKey=12345:1234567" target="_blank" style="font-family:Averta, Arial, Helvetica, sans-serif;"> <div class="mobile_image" style="font-family:Averta, Arial, Helvetica, sans-serif; display:none; border:none; text-align:center;"> <img width="40%" src="https://image.e.avantiwestcoast.co.uk/lib/fe371170756404747d1670/m/1/9069c7a2-b9ed-4188-9809-bf58592ec002.png" alt="" style="font-family:Averta, Arial, Helvetica, sans-serif;width:143px; height:40px;" /> </div> </a>
Despite specifying the font to use three times, they don’t actually have any alt text. So for somebody who can’t see that image, the link is completely unusable1.
This made me angry enough that I gave up on my transaction and bought my train tickets from LNER instead.
Accessibility matters. And that includes emails. Do better, Avanti.
1 Incidentally, this also makes the email unusable for privacy-conscious people who, like me, don’t routinely load remote images in emails. But that’s a secondary concern, really.
This is a reply to a post published elsewhere. Its content might be duplicated as a traditional comment at the original source.
Marc Thiele asked, in a post titled “Is Not Answering the Thing Now?”:
Maybe I am just seeing this wrong, but I experience that a lot of people simply don’t reply to emails/messages these days any more. I get that emails can be exhausting at times, but really, I am answering any email I get. Sometimes late, but I answer.
…
And it is so easy. I can really live with a short message stating no interest or even a “Fuck off”, which is way better as it does not leave me with nothing and not knowing whether my message arrived or not.
…
I try to reply to every personal (i.e. from a human, not an automated service, not not including spam) email, unless it very-clearly doesn’t need one: e.g. it’s the end of a conversation or was the response to my query. I suppose that I’m trying to say is that an initial contact with me – a new conversation – should always get a response, because that reassures you that it arrived.
But I see the trend, and I’ve been part of it. Thanks to my many points of presence on the Web, I receive messages on a great number of subjects. Sometimes, if – say – one arrives while I’m travelling, and then when I get around to properly reading it I think it deserves a well-thought out and researched and reasoned answer… I’ll save it for later. And that’s when the trouble starts.
Drifting down my Inbox, it falls out of sight and mind. Whenever I see it, I’m back to square one: having not yet made the time and space to give it the consideration it deserves. The longer it remains there, the more the pressure builds: if it took me three weeks to reply to this email, my reply has to be really good, right? Just firing off a “thanks for your email, sorry I haven’t given it a proper reply yet” now would just be awkward. So it sits longer and stagnates. Eventually, crushed under the weight of the emails above it and of my growing awkwardness with the situation, it gets deleted.
Usually that takes about six months, but in one particularly terrible case – a friend shared with me a draft of some fiction they’d been writing – it took eight years. Eight years of a message sitting in my Inbox, begging me to write a proper response, and me not doing so because any reply I could by-that-point produce nothing that would possibility justify the time it took to respond.
(At some points in my past I’ve had the same problem with blogging: if I take a month without writing a post, it feels like the pressure to produce a real banger is so high that it makes me stagnate. That’s part of the reason that nowadays I semi-automate the inclusion of so much of my life into my blog: ad-hoc notes, checkins to geocaches, etc. Blogging more helps fight the pressure.)
I’d like to think I do better nowadays. I don’t think I’ve got any unanswered personal email in my Inbox (though now I mention it, I think there’s a mailing list I feel like I’m overdue to chip in on).
But on behalf of the people who don’t reliably reply because it feels like too much pressure if you missed the opportunity to do so immediately, I have some empathy. I’ve been there, and the struggle is real. It’s possible, like me, to come out the other side of a mindset of letting email stagnate because you can’t find the words to justify the time it took to respond.
(Anybody who’s got different reasons to mine for failing to respond to personal emails can speak for themselves. Though – possibly – not by email.)
I noticed that automated emails from Steam weren’t doing alt-text very well. Some image links had no or inadequate alt-text. (Note that Steam don’t support opting for plain text rather than HTML emails.)
I’m fortunate enough to depend upon alt-text never-to-rarely. But I prefer not to load remote images, so I still benefit from alt-text.
I filled out a support request to Steam layout out the specific examples I’d found of where they weren’t doing very well, and stressing why it’s (morally, legally, etc.) important to do better.
And you know what: they quietly fixed it. When I received an email today telling me that something on my wishlist is on sale, it had reasonably-good alt-text throughout. Neat.
On Wednesday, Vodafone announced that they’d made the first ever satellite video call from a stock mobile phone in an area with no terrestrial signal. They used a mountain in Wales for their experiment.
It reminded me of an experiment of my own, way back in around 1999, which I probably should have made a bigger deal of. I believe that I was the first person to ever send an email from the top of Yr Wyddfa/Snowdon.
Nowadays, that’s an easy thing to do. You pull your phone out and send it. But back then, I needed to use a Psion 5mx palmtop, communicating over an infared link using a custom driver (if you ever wondered why I know my AT-commands by heart… well, this isn’t exactly why, but it’s a better story than the truth) to a Nokia 7110 (fortunately it was cloudy enough to not interfere with the 9,600 baud IrDA connection while I positioned the devices atop the trig point), which engaged a GSM 2G connection, over which I was able to send an email to myself, cc:’d to a few friends.
It’s not an exciting story. It’s not even much of a claim to fame. But there you have it: I was (probably) the first person to send an email from the summit of Yr Wyddfa. (If you beat me to it, let me know!)
RSS
Spotify
Pocket Casts
Apple Podcasts
YouTube