Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Dr. Libshitz Can't Get an E-Mail Address

Dr. Libshitz Can't Get an E-Mail Address

  • Comments 4

MSN had an article recently telling a story about a Dr. Libshitz, over in England.  In the story, Dr. Libshitz couldn't get an email address when he tried signing up for an email address from some ISPs.  Some excerpts:

If there's a subset of letters in your name that looks vulgar, you could be denied an e-mail address or a domain name. Just ask Dr. Herman Libshitz.

So what's in a name? Dr. Herman I. Libshitz is used to people teasing him about his name. The doctor, raised in Philadelphia and now living in Chestertown, Md., learned early on he'd have to defend his family's honor.

"When you're named Libshitz, you expect problems with your name," he says. "Can you imagine what a drill sergeant did with Libshitz?"

Still, Libshitz's foray into cyberspace proved more irksome than the teasing he had endured in his younger years. It started around 1998, when he bought a computer and tried to sign up for an AOL account.

"AOL told me my name was insulting and offensive," he remembers. "They wouldn't give me an e-mail address."

Libshitz fought and won that battle. But it was only the beginning. Fast-forward to July 2008, when Libshitz decided to upgrade their home Internet service from dial-up to broadband. They logged on to Verizon's Web site only to find that, once again, the ISP wouldn't accept their name for use in an e-mail address.

"Verizon could use my name in the phone book. They could use my name to bill me. Lord knows they cash my checks with my name on it," Libshitz says. "But somehow, as an e-mail address, it wasn't good. That offended me. I told them it was fine when Uncle Sam wanted me to be in the military, and I proudly served."

Four phone calls and a rotating lineup of unseen supervisors proved inadequate to the task of solving the Libshitz issue. Finally, a reporter from the Philadelphia Inquirer managed to get through to someone at Verizon to discuss the doctor's DSL purchase problems and ultimately to reverse the decision declaring his last name off-limits.

"They condescended to let me use my own name as an e-mail address. Wasn't that gracious?" Libshitz remarks.

What happened to Libshitz is hardly unique. Just ask Craig Cockburn, who has resorted to replacing the "o" in his last name with a zero to get around filters. Nor are the tastemeisters at Delicacy Central limiting their vetos to instances of buried accidental profanity. Until just a couple of years ago, according to reports, some providers banned names that contained the word "Allah"; eventually Yahoo reversed its ban, which had made addressing difficult for people named Callahan (among others).

Far be it from me to judge the efficacy of over-zealous spam filters, but seriously... I learned to avoid stuff like that within two weeks of starting my job as a spam analyst.  Here's the problem:

  1. Companies like Yahoo and AOL are trying to ban sensitive words in email addresses.  In these cases, they're trying to block the words sh*t, all*h and c*ck (in the interest of taste, I have obfuscated the words).  This is in order to avoid offensive email addresses like sh*t_for_brains@yahoo.com or suck_my_c*ck@aol.com (yes, I've seen email addresses like these).

  2. Yahoo and AOL put in basic syntax checks for those words, not realizing that those terms are part of compound words like Libshitz and Callahan.  People with those proper names cannot get their desired email addresses.

Like I said, I learned a long time ago that blocking on small words is rarely a good idea because there are plenty of cases that these words can be used in a legitimate context.  Just think of the word cumulative... how would you abbreviate this word?  It's even worse with proper names because just when you think a word can't be anything but offensive, it turns out that it can.  It gets worse when you start tossing in foreign languages.

I'm now going to offer these guys some free advice.  Use regular expressions to do your syntax checking and put word boundaries on them.  Observe:

\bsh*t\b
\bc*ck\b
\ball*h\b

This forces a term to not match as part of a larger compound word.  The word boundaries on either end prevent it.  People with sensitive terms in their names would be able to get their email addresses no problem.

Regular expressions are not the most efficient mechanism when doing the machine evaluation, but they are a lot more flexible than doing simple string comparisons.

Leave a Comment
  • Please add 7 and 5 and type the answer here:
  • Post
  • PingBack from http://blog.a-foton.ru/index.php/2009/01/14/dr-libshitz-cant-get-an-e-mail-address/

  • I'd register libshitz dot net and ask someone like godaddy to run it for $12.99/year. Keeping your email independent from your ISP is worth it's weight in gold.

    Does he live in Clithero or Peniston by any chance? ;)

  • Many names that are even less (accidentally) offensive often cause issues as well - consider the match on spam.  This takes care of missPam@ or mrsPam@, and I'm sure a hundred other combination can be identified.  Far to often regular expressions are written and then neglected until there is a need or an individual making enough noise to force a  review of them.

    Good luck Dr. I think you'll battle this one over and over again. :(

    Matt

    @emailkarma

  • Your regex example won't stop the offensive usernames either.  So, instead of getting "sh*t_for_brains", they'd just get "sh*tforbrains".  Or "sh1t_for_brains", or "shlt_for_brains", or "shiiit_for_brains", or whatever.  We've all long ago learnt that looking for specific words just doesn't work.

    If they *must* do something like that, the only proper way is to refuse it in the automated service and kick it to a human... and then make sure that the human can readily, quickly, and nicely approve the request.

    Long ago, in mainframe days, I was discussing this issue -- in terms of mainframe login names -- with some fellow VM/370 folks.  The question was how to assign a sh*tload (uh, sorry) of new usernames every semester, without driving yourself crazy.  One conversant, making the point that nothing you do will work automatically every time, told of the process at the college where he worked: the automaton would take the first three letter of the student's last name, the first three of the first name, and the middle initial.

    And then they encountered a student called Shirley T. Eaton.

Page 1 of 1 (4 items)