Al Iverson's Spam Resource

Classmates.com Settles Lawsuit over Deceptive Emails

2010-03-14T17:04:00.000-05:00

TechFlash reports: "Seattle-based Classmates.com has agreed to pay up to $9.5 million to its users to settle a lawsuit that accused the social network of sending emails that made people believe their old friends from high school were reaching out to connect -- only to discover, after paying for a membership, that their long-lost buddies were nowhere to be found."

Did you know that Classmates.com is owned by United Online, the same company that owns internet service providers Juno and Netzero?

(H/T: Slashdot)

On Defending Jigsaw & Similar...

2010-03-13T11:50:00.002-06:00

This morning, an anonymous commenter attempted to drop a truth bomb on my post about how Jigsaw was blacklisted by Spamhaus. (They still are, by the way.)

In his comment, he points out that postal junk mail sucks (which I agree with), but he doesn't make it clear why it was important to share that tidbit with us. That spam is a suitable substitute for junk mail? I'm not buying it.

Also, he points out that "e-mail is new, and shiny." Actually, no, email has been around since the 1960s, and Internet (then ARPANET) email in a form similar today, using @ signs in addresses, since 1971.

He then goes on to point out that business contact databases charge too much money for spammers to be able to utilize them. Your bargain basement with a "$99 millions list" bought on Ebay? Maybe. Somebody selling big ticket items, who can still make money even with a higher customer acquisition cost? Hardly. I have actually seen companies buy lists from entities like Zoominfo, Jigsaw, and Netprospex, mail to them, and get busted for spamming. Most recently, I saw a domain registrar threaten to take away a domain after it was used in spam email sent by somebody who bought and mailed to one of these lists.

But hey, I could be completely wrong. In a different comment on my post, somebody called KADIGIGURU wrote, "The DMA publishes a B2B Guide to Ethical Marketing Best Practices. I am a Jigsaw customer, and they've walked me through how to use their (and other sources) data while following both Can Spam AND the DMA Guide to the letter!"

I replied that I'd be happy to discuss in further detail, or even offer up the opportunity for a rebuttal post. He never responded.

Where is that rebuttal? What are those ethical guidelines to follow when marketing to a purchased list of email addresses? Does that even exist? Even if somebody tells you "don't spam this list," while selling it to you, is it said with a wink and a nod? Anybody care to tackle this? (I'm not looking to provide an opportunity for a company representative to shill, so that offer is not open to Zoominfo, Jigsaw, and Netprospex.)

Now Hiring: Cloudmark

2010-03-11T09:15:00.000-06:00

It's a good week to be looking for a job if you're a spam fighter or email expert. I've got yet another job posting to share! Jamie Tomasello kindly wrote in to let me know that Cloudmark is looking to hire an Abuse Operations Analyst.

From the posting: "Cloudmark's Security Operations Center provides customers with the peace of mind that a team of highly skilled engineers and analysts are monitoring their systems for new threats and reacting quickly when such threats occur. As a member of this team you will be working with some of the largest Service Providers and Mobile Operators to ensure the highest level of threat detection, analysis and response.

"[As an Abuse Operations Analyst,] you will participate in 24/7 monitoring customer systems for new threats and use best practices to ensure these threats are stopped quickly, provide customers with weekly and monthly reports detailing new threats and attacks, how those attacks were stopped and what impact they had on the customer system, and work closely with our Tactical Accuracy and Professional Services teams to provide customers with a multi-pronged approach to accuracy."

Click here for more information about this position or to apply.

Now Hiring: Sears

2010-03-11T09:08:00.000-06:00

(Hey, I know the job market is tough right now, and a lot of good email-savvy technology specialists, deliverability experts, and marketing managers are looking for work. To that end, I'm going to continue to share job postings periodically. Hope this helps folks with their job hunt. --Al )

Sears Holdings Corporation in Downtown Chicago is looking to hire a Production Director - Email.

The Production Director -- Email will be responsible for establishing and maintaining production processes and timelines for the addressable marketing channels. The incumbent is responsible for the development of long term relationship with multiple business units to maintain a high level of customer satisfaction in the production of e-mail advertising. Serves as the leadership interface in the production of e-mail advertising. Develops enhancements to production process and outcome as the primary resolution provider between IMC, planning teams, business teams and associated work teams.

RESPONSIBILITIES:

Manages the teams responsible for successful and timely handoff from planning to understand strategic messaging intent for assigned e-mail campaigns.
Directs all aspects of the email production process and systems that support email planning to ensure accuracy of data input.
Monitors production system (IMPACT) capabilities and actively initiates dynamic enhancements that support realization of operational opportunities.
Monitors advancements in email technology and makes recommendations regarding internal enhancements as appropriate.
Develops production flow enhancements that can be institutionalized across the function.
Review and monitor email production to ensure quality and standards are maintained across the process.

To apply for this position, please contact John Bertucci, Executive Recruiter for Sears Holdings, at jbertu0 AT searshc.com, or feel free to contact me if you need help getting in touch.

Now Hiring: Microsoft

2010-03-10T07:50:00.002-06:00

Someone dropped me a line to let me know that Microsoft is looking for a spam fighter. Since I know a lot of smart people looking for work thanks to the economic downturn, I figured it would be good to pass this along.

"'Do you have anything which doesn’t have quite so much SPAM in it?' We do, thanks to a global team of knowledge engineers who work to apply regular expression based rules to the inbound email of our Forefront Online Protection for Exchange customers. Anti-spam response is a team within the Microsoft Malware Protection Center whose expertise not only benefits the productivity of our corporate customers but also provides insights in to emerging malware, phishing and other threats which are distributed by email."

Think you've got the right stuff? Click here for more information or to apply.

Twitter Has Spammers, Too

2010-03-08T20:03:00.004-06:00

I'm a pretty heavy user of Twitter. I've got a few followers, I pay attention to what a lot of people say, and I know a number of people that follow what I say. I enjoy this new method of interacting with people-- it's been a lot of fun. But, like every other way of electronic communication, spammers were bound to discover it and attempt to exploit it eventually. In the Twitter-sphere, the way spam works might be a bit different than in email, but I'll be darned if it doesn't just jump right out at me, with my background in spam fighting and email best practices.

Here's a few of the different kinds of spam I've seen on Twitter.

Generic spambots. They follow everybody in the world until they get shut down. Since my Twitter handle starts with an "A", I'm guessing I show up somewhere relatively near the top of some huge list of Twitter usernames. Their tweets all seem to be things like, "Hello, I am from Russia and I am lonely, will you click on my profile?"
Targeted spambots. They watch for certain keywords that people tweet, then immediately follow those people. I learned this the hard way when I started talking about "payday loans" (as I'm tracking a number of co-reg email senders), and suddenly I've got a bunch of new followers who all want to help match me with the right instant loan.
Brainless content republishers. I watch a few different Twitter queries over time, to look for articles to link to, and to help find Twitter users that I might be interested in following. Here is an example of one of those. What they've done here is mis-used a neat tool called TwitterFeed. They're watching a whole bunch of RSS feeds for blogs other than their own and posting the first sentence or two of each blog post and linking to it. Why do this? It looks to me as though the intent is to make them look like an active Twitter user with knowledge to share. Except, they've got nothing; they're just blindly linking to other peoples' posts, via a robot, every time a new post is written. That's far different than manually choosing to re-tweet a link to a blog post you personally find interesting. (In case you're wondering about this person or company's respect for social customs, check out their fabulous Free Blast Offer: Send to 10,000 email messages to any list, even if it's not opt-in. Looks like an email spammer who found a new way to spam.)
Useless marketers who have no concept of personal space and try to inject themselves into conversations even when they've got nothing to add. Laura Atkins and I have noticed this a few times lately, and I ran into it again tonight. I asked on Twitter if anybody had any recommendations for a good thriller to read on my Kindle. From reading his stream, this guy clearly is watching for terms like "Amazon" and "Kindle" and then replying, with a link to Amazon with his affiliate link embedded. What is this guy actually adding to the conversation? Nothing, that's what.

What do you think - are there other kinds of Twitter spammers that I'm forgetting to include here?

Spamhaus: Waledac Botnet Culling Had Little Effect

2010-03-05T10:55:00.001-06:00

Tom Espiner of ZDNet UK Reports. "The throttling of Waledac, which Microsoft claimed to have achieved by means of legal action last week, has led to no appreciable reduction of junk mail coming from the botnet, anti-spam organisation Spamhaus told ZDNet UK on Tuesday.

"'The amount of spam coming from Waledac [before the takedown] was less than one percent [of all spam], and that hasn't changed much,' said Spamhaus chief information officer Richard Cox. 'There's been a slight change, nothing major, and we would expect it to be a lot different.'"

Alan Ralsky Goes to Jail, Does Not Pass Go

2010-03-04T10:51:00.000-06:00

Spamhaus reports: "Leaving a wake of over 12-years of criminal spamming and trillions of sent junk emails behind him, long time ROKSO listed spammer Alan Ralsky is finally behind the walls of a US Federal Prison. After pleading guilty to multiple federal criminal charges, and after time extensions to "get his affairs in order", Ralsky reported to FCI Morgantown in north-central West Virginia on March 1st to start serving his 4-year, 3-month sentence."

Ralsky was the guy who complained when angry spam recipients figured out his home address and signed him up for tons of junk mail, magazines, and catalogs. I wonder if he's wishing for that reading material now, to help pass the time for the next four years or so.

Is Online Anonymity a Bad Thing?

2010-03-02T21:58:00.002-06:00

My previous post talking about the Anonwhois.org project (of which I have no connection with whatsoever-- I just think it's neat) generated a lot of comments and feedback both in comments and in email. I thought I would take a few minutes here and answer a few of the more popular the comments and questions that were posed.

Let's start with somebody who misses the point. Somebody who runs an anonymous ISP suggests that I am against online anonymity. "What is it about anonymity," he asked, "that you find so problematic?"

Truth be told, I find nothing wrong with individual privacy or anonymity online. That's not the problem. The problem is that spammers and companies hide behind this easy layer of anonymity offered via registrar privacy services, making it harder to tell good guys from the bad guys. Domain privacy protect services are part of the problem; they're hugely imperfect and they give bad guys a place to hide. No legitimate company should ever have a need to mask their domain ownership information via privacy protect. Yet, I run into it periodically, significantly so, when trying to vet a potential email marketer or online store that I had otherwise never heard of -- or, worse yet, the only data I have so far about them suggests bad acts, and a lack of transparency implied by masking ownership info does nothing to address those concerns. This has become such a problem that companies like email service providers and ISPs are beginning to prohibit use of privacy protect on domains clients use via their services. Why? Because bad guys exploit it.

Also, mass anonymity of commercial domain ownership is damaging to efforts to stop bad guys. Many smart anti-virus, anti-spam and security researchers utilize WHOIS data in bulk to look for various data points that help to identify bad guys. Being able to denote things like commonality and similarities in that data help spam filterers figure out who to block; figure out what related senders, domains, entities, etc., relate to some other bad actor or bad act, sometimes allowing them to be proactively blocked before a bad actor has a chance to fire up that new domain or new spam cannon.

Smart spam fighters are telling me that it's gotten to the point where if they see evidence of bad activity and run into privacy protect when trying to trace ownership, to them, that screams "spammer!" Thank the spammers for ruining it for the rest of us.

I understand the need for personal online anonymity. I am instead pointing out that the current privacy protect-style process is both flawed and unnecessary.

A couple other folks who commented on that last post suggested that, "Anonymous domain registration is the only thing or the best thing that can protect me from people showing up at my door."

Keep in mind that I totally understand why you wouldn't want people to know your home address. I own around forty domains myself and none of them have my home address and phone number on them, and that's the way I'd like to keep it. I've managed to keep my home address and phone number hidden easily enough, and so can you, even without using privacy protect. Because of the number of domains I own, it'd be cheaper for me to go register a PO Box to use as the mailing address for all the domains than it would be to pay extra for privacy protect service on each domain. And the phone number in my domain registrations is a free Google Voice number. If I didn't want to use the post office, I could use a UPS Store or other "mailboxes for rent" type place. I could put my office address. I could put my friend's office address. None of these uses would constitute illegitimate data in your WHOIS entry, as long as you can actually receive mail at the address.

And if you're planning this as a legal shield, good luck with that. Whoever decides to sue you will just subpoena your domain registrar to find out who you really are.

I know some people say things are more difficult in other countries. Look, if you're in Iran, you don't even want to bother with privacy protect. Make up a totally fake address and break the rules. Don't risk the bad guys being able to subpoena or hack your info from the registrar and have the cops show up and take you away. ICANN's domain registration policies should be the least of your concerns.

If you really need to be anonymous on the internet, your best bet isn't to register a domain. Set up a website under a Blogspot.com domain or some other free service where they'll provide you a URL. Use free webmail providers for email service. You don't need to provide any sort of ownership info to a public registry in either instance.

I know that some people think that blocking mail from anonymously-registered domains is unfair.

Nobody even said they were blocking mail. This ANONWHOIS project recommends *against* being used as a blacklist. They recognize that non-spammers, non-badguys likely also use privacy protect service to some degree. I saw a complaint in Slashdot comments that the data shouldn't be published as a blacklist-- but I disagree with that. Being able to monitor for domain anonymity in a fashion like this is a boon to researchers working on spam filters and other measures of online reputation. It allows them to measure correlation between anonymized domain registrations and bad actors. It is clear to me that publishing this data set as a DNS-queryable RHSBL is the best way to make it accessible.

Also? If somebody starts blocking your mail because your domain registration is anonymized: too bad. That's the way the internet works. People can block mail for whatever reason they want, and if you don't like it, you can lump it. People regularly block mail from ISPs and companies they don't like. The internet email ecosystem is not one postal system; it is comprised of millions of them. They're all privately run, and they're all free to set their own rules.

This reminds me a lot of the "open relay blocking wars" going back over ten years ago. People started to notice that they were getting spam from open relaying mail servers, so they started rejecting mail from those open relays. Lots of people got mad, protesting that they absolutely needed to run open relays, blocking their legitimate mail just to stop spam is unfair, etc., etc. etc. Somehow, the internet continues on, and people manage to send email. You'll have a very hard time convincing me that you've truly been wronged because you weren't able to send me mail from your anonymous mail.

Arrests made in "Mariposa" botnet that infected 13 million PCs

2010-03-02T17:00:00.000-06:00

Boing Boing says: "AP reports that authorities in Spain have cracked one of the biggest botnet rings in history, with three arrests made and more coming. The so-called Mariposa botnet appeared in December, 2008." Read more...

Quick Hits

2010-03-02T08:06:00.010-06:00

Annalivia Ford, the AOL employee most senders interacted with if they had deliverability issues at that particular provider of mailboxes, has indicated that she's moving on; leaving AOL. A sad day, of sorts, but maybe not -- with AOL's recent layoffs and the world being a different place than it was ten years ago, it's been clear for a while now that mailboxes may no longer be one of AOL's primary points of focus. Her last day at AOL is March 5th. You'll be able to continue to keep up with whatever she's working on over at her blog, www.annaliviaford.com.

On March 1st, Spamhaus launched a new domain blacklist called the DBL. It sounds great, and I trust that the folks at Spamhaus know what they're doing. It's too new for me to have done any testing, so I haven't yet personally observed it being great at catching spam or not. They recommend using it both for from address (sender) and content (URI/URL) filtering. They also recommend continuing the previous practice of changing URI/URL FQDNs into IP addresses and checking those against the SBL as well, in a two-stage filtering process.

Identify anonymous domains with anonwhois.org

2010-03-01T08:31:00.002-06:00

Check out this neat new project at anonwhois.org: It's domain data, published in a format similar to a URI DNSBL or RHSBL (right-hand side BL). Meaning, in short, it's a DNS-based list that you can check domains against. What does it tell you? Whether or not a domain is registered anonymously; that is to say, whether or not a domain is registered behind a "privacy protect"-like service. Like many other spam fighters, I've long considered it a bad idea to hide ownership of your domain in this manner. And now, if you, like me, think it's a bad idea, you could use the ANONWHOIS data to help score or otherwise identify messages that come from such domains or use such domains in images or links.

Project creator Blaine Fleming is quick to caution that this is not a blacklist and wasn't meant to be used for outright rejection of mail. If you use it for that purpose, you're likely to encounter false positives; as certainly, a non-zero amount of non-spam mail comes from anonymized domains.

Blaine mines the DNS query data to look for domains that require querying and categorization. I think that means that there could be a scenario wherein the first time somebody queries about a given domain, there may be no data, but if you come back later, ANONWHOIS may have figured out by then that the domain ownership info is obscured and that therefore, it merits listing. I'm sure that they need to ration and space out WHOIS lookup requests; they don't want to get blocked for running thousands of WHOIS lookups in batch.

With the recent court ruling that masking domain ownership issue constitutes material falsification under CAN-SPAM, using this data to vet marketers and other mail-sending entities strikes me an exceptionally good idea. It wouldn't surprise me to find blacklists declining to remove entities from domain or IP address-based blacklists if the domains being used don't have transparent ownership information attached to them in WHOIS.

Visit the ANONWHOIS website at anonwhois.org for more information.

Update: What do spamfighters think of anonymous whois? I asked a few, and here's what they told me.

Update: Before commenting, read my follow up post here, where I answer some commonly raised questions.

More on Netprospex

2010-02-26T07:31:00.007-06:00

I thought I would take a moment to follow-up on my recent post (Bad Advice in the B2B Space) covering Netprospex's suggestion that "opt-out" is good enough. It seems as though more and more folks have been expressing opinions on Netprospex's advice and even the company's business model. Here's what they had to say.

Steven Champeon of Enemieslist points out data errors and flaws that can render this kind of data incorrect and useless. He writes, "[On the Netprospex website,] There's a way to search for business by name, so I searched. I got three results, two of which were applicable to my company. The first, rated at "94% accuracy", and which claimed to have been "verified" (that's the CEO's tagline for Netprospex, remember) on October 23, 2009, was the name of our former CFO, who left the company altogether in early 2007. The second, rated at "61% accuracy", was for me, ostensibly the "Chief Technology Officer" of our tiny Web dev shop, and claimed to have been "verified" August 24, 2009."

Laura Atkins of Word to the Wise jumps into the fray after a short delay, because, she says, "Dog bites man isn't a very compelling news story." She goes on to point out that while what Netprospex is advocating is likely legal, legality isn't the only concern, and goes on to share a story from an ESP about how a client mailing to a Netprospex list caused them grief.

Mickey Chandler of Spamtacular agrees that what Netprospex is doing is probably legal, but his opinion is that buying lists is still a bad idea. "We advocate things like 'get permission' because it’s the right thing to do for our customers and clients, not because it’s a legal requirement. Best practices are best practices for a reason, and that reason in the commercial email space is rarely because Miss Manners has suggested that it’s the proper thing to do. It is far more often found in the desires of the recipients and the ISPs they pay to process mail for them."

One of my favorite bits of feedback on this article, though, comes from Matt Sergeant, who identifies himself as "Symantec Hosted Services, Chief Anti-Spam Technologist" on an comment he left on the article in question. He writes: "Speaking as someone on the receiving end of this, specifically filtering for businesses, I can tell you quite frankly that we don't want this type of mail, and neither do our customers. They're VERY clear about that. Mail like this is spam, and you'll be treated as a spammer, plain and simple." Well said.

Internet email expert John Levine weighs in on his blog, as well. He says that "[Netprospex claims that all of their records] were 'verified' recently, but this database is garbage. They are 72% sure I am the Domain Assurance Council, even though we shut it down two years ago. They are 54% sure that the principal of the elementary school who retired five years ago is still there, and 'verified' it in September."

Ask Al: Additional Received Headers?

2010-02-24T11:38:00.000-06:00

Jeremy writes, "Hey, Al! I was wondering if you could help me make a case for adding additional received headers to outbound messages. At the company I work for, one of our technologists convinced the head guy that we should try adding additional unique received headers to every message, rotating through unique IP addresses and host names. Do you have any insight on whether or not this would be a good or bad practice? Thanks in advance."

Jeremy, I'm not exactly sure what they're going for here. Received headers are simple tracking mechanisms in internet email; they're meant only to show the path the email actually took to reach the recipient. They are widely used by various spam filtering appliances and ISP filters. You could, in theory, add additional received headers to the bottom of the "received header" chain, making it look like some other server handed off the mail to you. But, you wouldn't be able to modify, hide, or remove the received header that identifies your MTA (mail server) handing the mail off to an ISP's mail server. The remote ISP creates that header upon receipt of the message from you, meaning that any received headers you add would show up below this header in the received header chain.

Adding additional received headers has no legitimate purpose. Webmails sometimes add a received header to indicate that a message was injected into their mail system over HTTP, but that's not what we're talking about here.

Adding headers like that could confuse some less-refined spam filters into blacklisting other people (besides you) but it wouldn't prevent them from telling that a message came from your IP address or network. It could also make spam filters think you're infected or that your servers are acting as part of a botnet. It would probably increase spam blocking against you. And, most importantly, that this would pretty easily be construed as falsifying header information to hide the true source of the email. That would be a pretty blatant violation of the US federal anti-spam law (CAN-SPAM). Bad news, all around!

ClickZ: Goodmail CEO Steps Down

2010-02-23T13:08:00.000-06:00

ClickZ reported on February 18th that "Peter Horan's two-year run as Goodmail's CEO came to an end on Feb. 12, though the Internet marketing veteran will stay on as chairman for the certified e-mail service provider. Speaking with ClickZ late Thursday afternoon, Horan confirmed an Internet rumor that he had stepped down." Read the rest here.

Bad Advice in the B2B Space

2010-02-22T06:40:00.003-06:00

"B to B Online" shares some really awful advice from Gary Halliwell and Mark Feldman of NetProspex about how opt-out is supposedly the way to go in the B2B (business to business) email marketing realm. They start out by banging the CAN-SPAM drum (make sure you're compliant!! yawn) and then get side tracked into targeting and content.

The one thing missing: permission.

The comments are especially interesting; mostly from folks referencing non-existing surveys about how recipients supposedly aren't that irked by spam, and so forth.

I know from working with various B2B spam filterers that they look at what mail they accept (or don't) based on the same old criteria you all already know. Complaints, permission, relevance.

Or am I wrong on that? You tell me, o dear readers; I know some of you are spam filterers and work in the B2B space. What do you think of mailing without permission? Is it mail you'd want to knowingly accept?

And I'd also like to know what B2B recipients actively want this mail. I know at work, we tune our spam filters to reject non-permissioned mail, aka spam. If we didn't ask for it, it's a drain on our time. We're busy folks; we don't want you in our inbox unless we invited you there. I'd be surprised to find a lot of people who feel otherwise.

Update: Mickey Chandler just blogged about this as well, over on Spamtacular.

Don't Spam the Judge

2010-02-20T15:40:00.001-06:00

Kevin Trudeau, infomercial peddler of miracle cures (and who knows what else), narrowly avoided jail on Thursday after being cited for contempt over his recent attempt to incite friends and followers to harass the judge presiding over his trial.

According to the Chicago Sun-Times, U.S. District Judge Robert Gettleman found Trudeau in contempt after he "posted the judge’s e-mail address online and asked listeners of his radio show and those who visit his Web site to e-mail Gettleman. Gettleman said Trudeau falsely told listeners the judge wanted to burn all of his books and fine him tens of millions of dollars.

"Since 2003, Gettleman has presided over a civil case filed by the Federal Trade Commission involving deceptive ads for a Trudeau weight-loss book. Gettleman said Trudeau repeatedly deceived the public and flouted the court’s rules, leading to three contempt findings by the judge."

I'm assuming that all of these alleged harassers think the internet is anonymous. They're going to be in for a rude surprise once they find out it's not. Tracking down who sent these email messages isn't that hard to do, especially when you're about to wield the power of a subpoena. I'll be curious to see if the judge feels these messages (and their senders) warrant further investigation.

SpamResource/XNND Co-Reg Dashboard

2010-02-15T07:16:00.023-06:00

I've just completed my first-ever co-registration/lead generation signup tracking dashboard. You can find it at http://xnnd.com/cr/ and it will update daily. As time permits, I'll add additional information and detail to the dashboard.

Today, you can look at it and see the number of messages received at the handful of testing mailboxes I've used to track what mail co-registration and lead generation send to their list.

For example, if you look at my "freeipod1" signup, you can see that this mailbox has received 557 email advertisements since February 1st. If that was your personal Yahoo mailbox, would you feel overwhelmed? Would you expect that a single signup or a few buttons pushed on a "free ipod" site would generate so much mail?

Below that I provide a breakdown of the top 50 IP addresses seen in this mail stream; ranked by number of messages received by each IP address.

I created this process on February 1st, 2010. Every day or two I added another signup or two. Now I'm up to seven active signups, and those seven mailboxes have received over 2,900 messages. Average that out and it's about 414 messages per mailbox. The sending volume seems to vary across the streams, though, so some of the accounts have actually received many more messages than that. Ouch.

You can find a list of every IP address found in the mail stream, linked from the dashboard. There's also a very simple RSS feed that I created, showing the last 4 IPs to send mail into that mail stream.

If you're interested in some specific data in some format or other, feel free to drop me a line.

Tagged.com Wins Spam Lawsuit

2010-02-09T07:47:00.031-06:00

Laura Atkins hipped me to this report from SPAMFighter about Tagged.com winning a lawsuit against a spammer, somebody who was "victimizing members of Tagged.com by dispatching spam e-mails that contained web-links directing users to a dating site." Blah blah blah, spam is bad, etc. Enough about that.

What caught my eye comes at the end of the article, this snippet about Tagged's CEO: "Greg Tseng himself was former CEO and co-founder of Jumpstart Technologies, an Internet startup incubator, who during March 2006, was found guilty of violating the CAN-SPAM Act, and was thus fined $900,000. The penalty had amounted to the biggest-ever sum for illicit junk e-mailing."

Tagged, who has been accused of spam themselves, is run by the same guy whose prior enterprise seems to have the record for the largest to-date FTC settlement in relation to an alleged CAN-SPAM violation. Wow, what a small world it is.

As Laura points out, "Their victory against the spammer might be more compelling if they, themselves, were not repeatedly ending up at the defense table for customer unfriendly practices." I couldn't agree more.

Surprise! Internet filled with Junk

2010-02-08T10:44:00.001-06:00

Websense reports that in the latter half of 2009:

13.7 percent of searches for trending news/buzz words (as defined by Yahoo Buzz & Google Trends) lead to malware,
95 percent of user-generated comments to blogs, chat rooms and message boards are spam or malicious,
35 percent of malicious Web attacks included data-stealing code,
58 percent of data-stealing attacks are conducted over the Web, and
85.8 percent of all emails were spam.

WHOIS Privacy Protect -- What Spamfighters Think

2010-02-03T08:46:00.005-06:00

As others have mentioned, a recent court ruling suggests that when accompanied with "intentional spamming," hiding who owns a domain behind a "privacy protect" service (such as Domains by Proxy) could mean that the sender is in violation of the CAN-SPAM law. But let's set that aside for a moment. Even if there wasn't a potential legal issue, do recipient systems and anti-spam groups find privacy protect to be a reputable practice? Let's ask a few smart anti-spam experts what they think.

I started by asking Steve Linford, CEO of international spam stopping group Spamhaus, if he found WHOIS to be a useful tool for tracking spammers. Very much so, he says. "WHOIS is one of the many tools we use and is especially useful to see what the spammer wants investigators to see about him." What does he think about privacy protected domains? "A cloaked WHOIS for example screams 'Spammer!' to us, just one look at a WHOIS containing words like 'Domains by Proxy, Inc.' or 'Moniker Privacy Services' is enough for us to SBL instantly in situations where we suspect the domain is involved in spam. Additionally, spam involving a domain whose WHOIS says it was only registered last week is almost a no-brainer SBL listing. Use of certain 'blackhat' or 'greyhat' Registrars, use of PO Boxes and addresses of rent-a-mailbox places are other give-aways that talk loudly to us about the intention of the domain owner, as are freemail addresses used as domain contacts. For Spamhaus investigators, WHOIS or sometimes the lack of WHOIS (such as using TLDs that do not have WHOIS servers) can often be a picture that speaks a thousand words."

AOL's Senior Technical Account Manager Annalivia Ford sees a lot of spam, blocks even more of it, and works with senders to re-mediate issues. She agrees that hidden domain ownership information is probably a sign that somebody isn't likely to be a good sender. "I look for obfuscated/privacy domain registrations -- in my experience there are very, very few legitimate businesses that hide their whois data. I also use WHOIS to see if the registered information looks even close to realistic. Sometimes I call to see if someone answers the phone, and what they say."

Steve Atkins is a founding partner with Word to the Wise, a California-based consulting company specializing in email issues. Steve's very active in the realms of spam fighting and email best practices. He writes, "If I see spam advertising a domain then one of the first things I'll do is look at the domain registration. If the domain is registered using a 'privacy protection' service such as Domains By Proxy then I immediately know that the domain owner knows they're doing something wrong, and they're the actual perpetrator. At that point I know that I don't need to contact the domain owner, instead I need to identify their various service providers (who is providing them with DNS, web hosting, email, domain registration) and contact them with either takedown requests or (if it's done as part of legal action) with subpoenas for information about their customer."

Steve says that it's pretty rare that somebody in engaging in these practices is a good guy. "While legitimate businesses sometimes do stupid things with their network and domain setup it's incredibly rare that they'll do the same sort of things as spammers accidentally -- if their network footprint looks like a spammer it virtually always means that they're doing something unethical that upsets people to the degree that they need to hide. If it's not email spam, it's often things like SMS spam, fake affiliate programmes, eBay or Paypal fraud, things like that."

There you have it. Even if hiding domain ownership info behind privacy protect doesn't raise any legal issues (and if you send email marketing or manage email lists, that's not for certain), you're not likely to make any friends out of anybody taking a look into your email practices. Yet another reason to make everything about your company and email practices as transparent as possible.

What is this thing?

2010-02-01T23:49:00.000-06:00

If you're viewing this on www.spamresource.com, or if you click through to the site from your RSS reader, you'll now notice a "Co-reg Mail Received" section just to the right of the post on the site. This highlights IP addresses that have recently sent mail to the mailboxes that I use to track mail sent by "co-registration" or "lead generation" senders. Companies in this space often buy "feeds" or "feed paths" from other companies, and there is much data sharing back and forth. I just wanted to start tracking who's actively sending mail to my accounts, and this was a quick and easy way to do it. Keep an eye out as I update this section with more information over time. Might be neat to see how many emails this mailbox has received, how many times an IP address has been seen, etc.

I'm not alleging that this mail is spam, and most of the mail I see seems to comply with US federal law. That's not to say that senders in this space don't engage in practices that can cause significant deliverability issues. If you and a thousand other senders are all mailing to the same email lists, it seems as though a "tragedy of the commons" effect could apply, wherein ISPs find none of the senders to be sending desirable, wanted mail.

As always, your feedback is welcome.

Word to the Wise Delivery Wiki

2010-02-01T15:50:00.000-06:00

Laura Atkins just announced the Word to the Wise Delivery Wiki, a cool new deliverability resource. Very cool!

My Delicious links account isn't anywhere near as awesome as the WTTW Wiki, but it's still out there and it's something that I use every day. Looking for information about Comcast? Just add "comcast" to the URL. International ISP and legal links? Add the word "international." Etc.

Who is this Ken Magill guy anyway?

2010-01-28T08:11:00.000-06:00

A client asked me the other day, "Who is this Ken Magill guy anyway? Who reads his stuff? Does it matter?" I guess the answer to that is yeah, I've found what Ken has written to be highly insightful. After all, I've blogged about or linked to his articles more than two dozen times here on Spam Resource. Go see for yourself.

Engagement: Best Practice for Years

2010-01-27T16:54:00.003-06:00

I just stumbled across this link to an Email Diva column from early 2007, talking about how to improve your list hygiene through re-confirmation and dumping people that never open and click. In other words, keep your list engaged, and dump un-engaged segments, after salvaging what you can from them. I guess that means that the engagement train has apparently been heading toward us for quite a long time!