If you’ve reached the point of exhaustion trying to keep up with answering the mountain of e-mails that threatens to bury you alive every single day, you’re ready to learn about autoresponders.

The bad news is that people expect prompt replies to their e-mail inquiries. However, unless you can figure out how to work continual 24-hour shifts, or hire enough people to constantly monitor incoming e-mails (while they’re eating up your revenue), you have a problem. The good news is an autoresponder is an inexpensive—or even free—method of quickly responding to e-mails. What these programs do is automatically respond to incoming e-mails as soon as they are received.

E-mails are essential to your business for many different reasons. Most importantly, these invisible e-mail voices give you their feedback about your website—for free! However, if you spend all your working hours answering these e-mails, how are you supposed to run your business?

The answer is simple: use autoresponders.

Autoresponders are programs that automatically respond to your e-mails without you so much as having to click on your mouse.

There are a number of good reasons why you need an autoresponder besides just answering your e-mail. For example, autoresponders can be used if you need a way to send information about your services or products, price lists, or if there are repeated questions asked across large numbers of e-mails. Maybe you want to offer your site visitors a special bonus of some kind, such as advice or relevant articles. All of this can be handled by an autoresponder. Additionally, you can advertise your business and then build stable relationships with your customers by using autoresponders.

Autoresponder programs vary from software that runs with your e-mail program to a specialized script that runs on your web hosting company’s server. This kind of script may use a web page form or simply operate with your e-mail account. This kind of script is programmed to send out a standardized message whenever an e-mail is received. The message is sent to a particular script or e-mail address.

Some autoresponders can do more than simply send out standardized messages. They can send out an unlimited number of follow-up messages sent at predetermined interval of time. For example, you can set your autoresponder to send out a new message every day for as long a period as you desire.

There are numerous companies who offer autoresponders free of charge. Your website hosting company often provides autoresponders as a free service. If this is not the case with your web hosting company, there are numerous companies who offer this service for a small fee, or free of charge, providing you attach an advertisement for their company to your e-mails.

To personalize your autoresponder messages, you can attach a signature. Signatures in this case are much like business cards. You can include your name, company, all your contact numbers and addresses, and a brief message.

It’s a good idea to attach a signature to every e-mail that is sent out. This works as a repeated reminder of your business identity every time a customer sees it. The more they look at your signature, the more likely your company will spring to mind when your particular service or product is needed.

You can create a standardized signature that every employee in your business uses, or you can go wild, and let every staff member create their own personal signature. Of course, like everything in life, there are some rules and guidelines to creating a personal signature.

Keep the length of your signature between four to six lines of text, with no more than 70 characters in a single line. Make sure that your e-mail program does not cut off your text! The content should include your name, your company name, your e-mail address, fax number, and any other contact details, such as 800 numbers. Lastly, always include a short personal message about your company. It should be a subtle sell of your services or your products, and possibly your company’s reliability and longevity.

Another specialized use of autoresponders is to create courses that you can then offer your site visitors for free. You must choose a topic in which you are an expert and that precisely targets your potential customers.

Once you have carefully chosen your subject, divide it into a number of different sub-topics. Then offer your site visitor a free 10 or 15 day course, each day offering a different sub-topic. The first topic should always be a welcome message to your site visitor and an explanation about what is to follow. Your explanation should be enticing, getting the point across that you are offering free, quality information that your target audience will find of great value.

With every lesson, include the number of the lesson, the topic title, information about your company and its services or products. At the end, include a few blurbs about the next lesson to entice the subscriber to continue on.

Make sure each topic is packed with essential and valuable information, and leaves the visitor lusting to know more. Otherwise, you may lose them in the very beginning.

Of course, you have to write up your course before you can offer it. Once you have done this, and gone over the material carefully, employing a professional writer or editor if necessary, you must transfer your text to your autoresponder.

There are a number of quality autoresponders you can try out for a free or low-priced trial. Just go to Google and search ‘autoresponders’, then sign-up for your chosen autoresponder. Once you do, you will receive instructions as to how to set it up and transfer your text. You can also try-out the one I use myself, TrafficWave.

E-mail is an excellent marketing tool; it is inexpensive and it is fast. Use it to advertise your business by choosing your e-mail address carefully. Your website should contain different e-mail addresses for different contact requests. For example, use info@yourdomain.com for information requests, or sales@yourdomain.com for questions about sales. It’s a good idea to set up one for the owner, such as president@yourdomain.com. This presents your company in a personal, approachable light and insures that direct contact is provided.

Autoresponders are an effective and powerful marketing tool, allowing you to make contact with thousands of potential customers. This is an invaluable asset considering how many potential customers you usually have contact with before you make an actual sale. Essentially, an autoresponder allows you to automate part of your marketing campaign.

by Bob Sullivan

Almost everyone forgets a Web site password once in a while. When you do, you click on the familiar “Forgot your password?” link and, after entering your pet’s name, identifying your high school mascot or answering some other seemingly obscure questions, you can get back into your account.

But there’s a problem: A criminal can do that, too. With the help of social networking sites like Facebook and MySpace, personal trivia is getting less obscure all the time. You’d be surprised how easily someone can uncover Fido’s name or your alma mater with a little creative searching.

Some security researchers are beginning to sound the alarm about “password resetting” tools, suggesting they could be the weakest link in Web security.

As an experiment, Herbert Thompson, chief security strategist of People Security, recently asked a few friends for permission to “hack” into their bank accounts. Using only information gathered from Web sites, Thompson found his way in within minutes.

“This is a serious problem. It kind of blew me away,” Thompson said.

Here’s what Thompson did. Using only one friend’s name and place of employment, he found her blog and résumé. That provided a font of information on her grandparents, pets, hometown and more. He then visited her bank’s Web site, where her user name was simply her first initial and last name. He asked for a password reset. The bank sent an e-mail with that information to her Web mail account. Thompson then asked for a password reset there, which sent a link to her old college e-mail account. There, Thompson needed only supply the woman’s address, zip code, and birth date. Once successfully in the college account, Thompson hacked his way into the Web mail account – supplying her birthplace and father’s middle name — and ultimately entered her bank account by supplying her pet’s name.

“I did this a couple of times. But the scariest thing would be someone doing this with some scale,” Thompson said. A more detailed description of his romp through someone else’s identity can be read on the Scientific American Web site.

There are no known cases in which hackers have widely exploited “forgot your password” links, but there are indications that both researchers and criminals are training their eyes in this direction. Markus Jakobsson, principal scientist at the famed Palo Alto Research Center in California, said answers to password reset questions have become so valuable that a black market has developed for personal information like dog’s names. Criminals buy buckets of personal information, obviously with an eye towards foiling security systems, for about $15 per set, he said.

In most cases, such information sets are probably the result of successful phishing attempts, Jakobsson said, where a victim unwittingly supplied personal information in response to an e-mail. But he’s seen demonstrations of far more sophisticated tools designed to “scrape” information off blogs and social networking pages for later use by hackers.

“It’s an automatic dossier building tool,” he said.

Like Paris Hilton

Questions about hacking through password resets have been raised before. When Paris Hilton’s cell phone was famously hacked in 2005, some tech sites reported that criminals simply used her dog’s name, easily found online, to break in. That theory was later discredited, but it likely sent criminals scurrying to find famous people’s dog’s names.

It also prompted researchers to study the issue, which is also known as “fallback authentication.” Ariel Rabkin, a researcher at the University of California at Berkeley, is probably the first to attempt to quantify the problem. He recently published a research paper (PDF) titled in part, “Security Questions in the Era of Facebook.” It examined password reset questions at 20 banks. Of the 215 questions used by the banks, he classified only 75 as secure and usable. The others were either easy for hackers to guess or obtain, or simply too hard for consumers to remember.

“Security questions are getting weaker over time,” he said. Mother’s maiden name, for example, continues to be asked even though it’s often now available from various online sources. “We can’t seem to get rid of that question. … If we do nothing this will get steadily worse.”

In some situations, statistics give the criminal an advantage. For example, data published by some U.S. cities indicated about 1 percent of the nation’s dogs are named “Max,” making that a pretty good guess for a criminal trying to break into thousands of bank accounts. When a bank asks consumers who their favorite president was, it rarely takes more than two guesses, Rabkin said.

Even if the questions are more personal, and even if the subject doesn’t have their own blog, others might blog about their dog, car or high school. And search engines can easily unearth such minutiae.

“There is an arms race here between people who trying to ask obscure questions about (us) and people who are trying to answer obscure questions about (us),” Rabkin said.

Not a bad idea

Thompson, the People Security expert, said that asking “challenge” questions with so-called “out of wallet” answers – questions that even a criminal who stole your wallet couldn’t answer – once was a secure way to confirm someone’s identity.

“If you think about it, 10 years ago this didn’t seem like horrible idea, to ask for someone’s personal information,” he said. “You could say, ‘It’s probably unlikely that someone will know all of this information about me, or spent the time necessary to gather it.’ But now it’s really easy for someone who’s never met you to know all this about you.”

Coming up with secure challenge questions is no easy task. There are two problems to consider: The question must be difficult for a stranger to answer but it also must be easy enough so the customer doesn’t forget. Quick: What’s your kindergarten teacher’s name? Was it McFadden or MacFadden or Mcfadden?

“In some cases, it’s easier for an attacker with good data mining skills than the real person to answer these questions,” Jakobsson said. He is hard at work developing a new solution, one which relies on the answers to “preference” questions rather than fact-based personal questions. A consumer who requests a password reset might be confronted with questions like, “Do you like antique stores?” or “Do you like opera?”

Asking 16 questions like these would provide positive identification in better than 99 percent of cases, he said. “And preferences are rarely stored in databases.” (More on this idea can be found at I-Forgot-My-Password.com.)

Rabkin is all for improving the problem of forgotten passwords, but he is careful to not exaggerate the problem. In addition to the lack of proof that any widespread forgotten password hacking has occurred, he says banks have multiple systems in place to prevent thefts from online services. When a password reset is initiated, for example, banks automatically set a red flag on an account and watch it for suspicious behavior. Any large transactions following soon after would surely be stopped, he said.

“The problem is not as bad as you think,” he said. “It’s not so easy to match up a pet name from Facebook with another database of login names and another database of Social Security numbers,” and use that to withdraw cash, he said.

Still, there is another problem associated with the importance of personal questions in security. A consumer who falls for an extensive phishing e-mail or has their blog copied by a hacker, may find it nearly impossible to navigate the digital world in the future. How would such a person ever reclaim a password or otherwise authenticate their identity?

“It would be incredibly difficult to recover from something like that,” Thompson said. “You can’t really change your mother’s maiden name or these other things.”

RED TAPE WRESTLING TIPS

Researchers like Jakobsson are looking for new ways to authenticate consumers. One obvious area of potential is biometrics. The chief criticism of this technology, which uses people’s eyes, fingerprints, etc., to verify their identity, is the “doomsday” possibility that once such information is compromised, it could never be trusted again. You can’t change irises, for example. But Thompson points out that the same is true for personal information such as your first pet’s name or you mother’s middle name. While biometrics has potential flaws, new systems will soon be necessary, Thompson said.

Of course, these security enhancements are still in the future, so for now, consumers must fend for themselves. When answering password recovery questions while registering for online banking and other Web sites, don’t always pick the most obvious question. Consider what someone might be able to find about you on your blog. Better yet, consider not disclosing any personal information on your blog.

Alfred Huger, a security researcher at Symantec Corp., offers this suggestion: Some sites now allow consumers to make up their own question. While that might be a hassle, it’s probably much more secure. Again, think of a question only you can answer, and something that’s unlikely to be in any database. That probably means the name of your first girlfriend or boyfriend won’t cut it.