Reaching targets, the wrong way

I’ve been increasingly annoyed by these drip automation campaigns. You know the ones I mean. Senders use some software to find some flimsy pretext to send a mail. Then there emails drop every few days. Sometimes this cycle goes on for months. Most of these messages violate CAN SPAM. It’s annoying. It’s illegal. It is spam.
I can even opt out of most of these messages, they don’t offer that ability.

Spammers Gonna Spam

I have so many examples of these emails. They’re all the same, really. They start out with a statement someone is reading my website. Then they mention they have an article that they or their customers wrote. This article is, of course, perfect for my site and the article.
Well that’s the theory anyway.  They tend to miss the mark pretty significantly.
There was this one example where the company found a post linking to a newspaper article.

Hi there,
I was just browsing Word To The Wise and saw you were interested in travel from this post (https://wordtothewise.com/2011/01/fines-for-not-honoring-unsubscribes/). So I thought you might also be interested in linking to a resource we put together on how travelling can improve your health.
Here is a link for your review:
This example is the first in the second series of emails from Eric. He’s changed his email address and got my name wrong on this round, but otherwise this is identical to the messages he sent me in late May. I can even predict the cadence. Three days after the first messages, I’ll get a “hey, did you get my email?” On the fourth and fifth days the message will change a bit. By day 7 he’ll start asking for the “right person” at my company.
Hey Lauren –
I hope everything is going well on your end 🙂
I just finished going through your article here: https://wordtothewise.com/2015/04/a-series-of-tubes/. Thanks for the resource!
My colleague Lavanya put together a pretty comprehensive piece on the net neutrality just last week.There is a lot of info out there about net neutrality, and it’s sort of a hot topic at the moment. Our guide was designed to cut through the noise a bit.
The article is here: [link removed]
Would you consider linking to it in the post of yours I mentioned above? I saw you linked to en.wikipedia.org in there, so I figured I’d see if you’d link to mine as well. Perhaps your visitors find it helpful, but hey, it’s up to you.
Thanks,- Eric
P.S. I respect the relationship you have with your readers, I wouldn’t ask you to link to anything I didn’t think was an excellent resource for your site.

B2B spam is still spam

I was recently contacted by one of the software companies that provides infrastructure for these types of emails. Surprisingly, they are having a difficult time getting their mail delivered. It seems no one wants their mail. The thing is, I can’t help them. No one can help them. They’re sending mostly unwanted mail. I’m sure even the bloggers who make their money from blogging hate these kinds of messages.
This was someone building software that is causing significant amount of annoyance. I get the messages this software company, and their competitors, are facilitating. I am not going to help their spam get through to people who don’t want it.
During the call, they did name some of their competitors and I fell down the rabbit hole of B2B spamware. The vendors go through all sorts of contortions to convince their users this isn’t spam. Many of the phrases used on the websites were the same I heard on the phone. It’s one-to-one mail. It’s targeted. It’s focused on the recipient. It’s important.
Guess what? I’m a frequent recipient of that kind of mail. I know the mail isn’t targeted and it’s not focused on the recipient. The two examples above show that clearly. One of them couldn’t even get my name right! Both of them missed the context of the links and posts. None of this has to do with me or my readers, other than an example of what not to do.

CAN SPAM applies

The above examples aren’t anything special, I picked out the first two I saw in my mailbox. I have dozens of examples of these campaigns.  In almost every case the messages violate CAN SPAM. Very rarely they’ll include an opt-out link, but they almost never include a physical postal address.  Sometimes they include an opt-out, but they almost never have a physical address.
CAN SPAM says nothing about bulk, it only mentions commercial email. Specifically the act says:
The term “commercial electronic mail message” means any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).
It’s clear to me that the messages I’m getting are commercial. CAN SPAM applies. They need to have a physical address and an opt-out link for every message. They don’t.

Unwanted mail doesn’t reach the inbox.

Last week’s phone call demonstrated I am not alone in hating this mail. The software company contacted me for help because they can’t get to the inbox. It seems no one wants their mail. Due to blocking problems many of the senders resort to tactics used by spammers. They use different domains for their unsolicited mail. Sometimes they’re analog or cousin domains, like a .co for the unsolicited messages and a .com domain for their response emails. In other cases, they use Office365 or Google apps or Gmail for their outbound mail stream. Most places won’t block @gmail.com, so it’s a fairly safe to use gmail addresses.

Some of the messages are upfront about their marketing strategy using the Gmail. Let’s be clear, this strategy is a way to avoid spam filters.

Permission is key to delivery

Marketing programs that rely on spammer tactics are doomed to failure long term. Mail sent without permission does not work, even in the B2B space. Companies relying on unsolicited email discover it’s not that simple. Spam filters block unsolicited email. That’s their job, it’s what they’re designed to do. The way they detect unsolicited varies, but filters target unsolicited email.
There are large companies, many of them clients of mine, who do get caught in filters, usually because some of their mail is unsolicited. This isn’t intentional. Their overall program is sending mail to people who have asked for it and want it. Permission is a central piece of the email strategy. But, particularly as programs age, we find grotty corners where permission is a little iffy. These are small parts of their database, but they can cause significant problems.
Good email marketers know that permission is key. They invest time, energy and resources into getting permission and maintaining data. They think long term. They know recipients don’t want spam and that any gains from spamming are fleeting.

Final migration of Verizon email addresses to AOL
The cycle goes on

Related Posts

Google and Amazon and B2B spam

Many of the operational goals of a commercial spammer aren’t related to email delivery at all, rather they revolve around optimizing ROI and minimizing costs. That’s even more true when the spammer isn’t trying to sell their own product, rather they’re making money by sending spam for other companies.
Most legitimate network providers pay at least lip service to not allowing abusive behaviour such as spam from their networks, so a spammer has to make a few choices about what infrastructure to use to optimize their costs.
They can be open about who they are and what they do, and host with a reputable network provider, and build out mailservers much as any legitimate ESP would do. But eventually they’ll get blacklisted by one of the more reputable reputation providers – leading to little of their mail being delivered, and increasing the pressure on their provider to terminate them. They social engineer their provider’s abuse desk, and drag their feet, and make small changes, but eventually they’ll need to move to another provider. Both the delaying tactics and the finally moving are expensive.
Or they can host with a network provider who doesn’t care about abuse from their network, and do the same thing. But they’ll still get blacklisted and, unlike on a more reputable network, they’re much less likely to get any benefit of the doubt from any reputation providers.
Every time they get blacklisted they can move to a new network provider. That’s easy to do if your infrastructure is virtual machine based and moving providers just involves buying a new hosting account. But as anyone who’s heard the phrase “ramping-up” knows mail from new network space is treated with suspicion, and as they’re continually moving their mail won’t reach the inbox much.
Preemptively spreading the sources of your spam across many different IP addresses on different providers, and sending spam out at low enough levels from each address that you’re less likely to be noticed is another approach. This is snowshoe spam and spam filters are getting better at detecting it.
What to do? In order to get mail delivered to the inbox the spammer needs to be sending from somewhere with a good reputation, ideally intermingled with lots of legitimate email, so that the false-positive induced pain of blocking the mailstream would be worse than their spam. That’s one reason a lot of spammers send through legitimate ESPs. They’re still having to jump from provider to provider as they’re terminated, but now they’re relying on the delivery reputation of the shared IP pools at each new ESP they jump to. But that still takes work to move between ESPs. And ESP policy enforcement people talk to each other…
As a spammer you want your mail to be sent from somewhere with good reputation, somewhere you can use many different accounts, so your spam is spread across many of them,  flying below the radar. Ideally you wouldn’t have any documented connection to those accounts, so your activity won’t show up on any aggregated monitoring or reporting.
If nothing in the mail sent out identifies you there is nowhere for recipients to focus their ire. And if recipients can’t tell that the hundreds of pieces of spam in their inbox came from a single spammer, they’re much less likely to focus efforts on blocking that mail stream.
Over the past couple of years I’ve seen a new approach from dedicated B2B spammers, the sort who sell “buy and upload a list, blast out something advertising your company, track responses, send multiple mails over a series of weeks” services to salespeople. They’re the ones who tend to have glossy, legitimate websites, talking about “lead nurturing”, “automated drip campaigns” or “outreach automation”.
They have each of their customers sign up for gmail or google apps accounts, or use their existing google apps accounts, and then the spammer funnels the spam sent on behalf of that customer through that google account. There’s no obvious connection between the spammer and the google account so there’s no risk to the spammer. Google is fairly unresponsive to spam complaints, so as long as the volume sent by each customer isn’t spectacularly high it’s going to be well below Google automation’s threshold of notice.
Google do record where mail that’s injected into their infrastructure in this way comes from, in the Received headers. But the spammers run their sending infrastructure – list management, message composition, tracking and so on – on anonymous, throwaway virtual machines hosted on Amazon’s EC2 cloud, so there’s nothing in the email that leads back to the spammer.
And, for recipients, that’s a problem. Spam filters aren’t going to block this sort of mail, as they can’t easily tell it is this sort of mail. It’s coming from Google MTAs, just like a lot of legitimate mail does. In terms of sheer volume it’s dwarfed by botnet sourced mail or dubious B2B manufacturing spam out of Shenzhen. But, unlike most of that, it’s in your inbox, in front of your eyeballs and costing you time and focus. And that’s much more expensive than network infrastructure or mailbox storage space.
I’m not sure what, if anything, Google or Amazon can do about it at scale, but it’s something that’s going to need to be dealt with eventually.
Meanwhile, if you receive some marginally personalized mail from a sales rep, one attempting to look like 1:1 mail, look at the headers. If you see something like this …

Read More

Random thoughts on spammers

I recently received a 419 spam that had a message at the top of the email.

Yup, a 419 spammer is trying to convince me there are millions of dollars waiting for me, but he won’t pay his software vendor 29.99 to comply with a license.
This is only the most recent in a long line of examples of spammers being cheap and attempting to steal services.
Back when I was working abuse almost every ISP had a story about a spammer who refused to pay their bill. Or spammers who were so high maintenance they cost the company money.
The company I worked for had a spammer that was on our system for far too long. Eventually they were cut off for non-payment and their hardware was confiscated. Still, the spammer came in and managed to remove the hardware before the building guards were alerted. It was disappointing, but at least they weren’t spamming off our network any longer.
Even now, ESPs share stories of customers who come in, spam and never pay their bill. Works for the spammer, they can get a few weeks of spamming in without having to pay for the service. They spew their stuff and leave a giant mess for the ESP to clean up. Next week, they’re on to the next ESP.
The real problem with this is that with enough ESPs and enough sends you can clean a list. This list can then be sold, or moved to a credible ESP without any of the tell tale signs of a purchased list. It’s so common it even has a name: waterfalling. It’s profitable, though, and there are enough small ESPs out there with little compliance experience that it can work.
I regularly get questions from folks who’ve worked themselves into a hole about swapping IPs or domains in order to get out of the hole. My answer is always the same. Changing identity might work in the short term, but it won’t work longer term. I also tell them that spammers have been trying to avoid filters for a lot longer than they have. Spammers are good at it, and still get caught in filters. Better to spend time trying to fix the underlying problem – typically users aren’t engaged with your mail – then trying to obfuscate who is sending the message to avoid filters.
Focus on sending good email that users want, rather than trying to avoid filters. That’s the key to getting into the inbox.

Read More

Malicious email terms defined.

Legitimate mailers need to distinguish themselves from spammers. One important piece of that is knowing what spammers do. SendGrid has put together some information on common scams and techniques spammers use to get email delivered.
Some of these terms, like doxxing and swatting, are not specifically email related. However, they are used against people who are fighting abuse on the Internet. People who are actively investigating darker portions of the internet face real danger. Brian Krebs has made some of the harassment he’s received public. I know other people in the space have been harassed but don’t make it so public.
I think it’s valuable for marketers to understand the malicious and criminal end of mail. It makes some filtering decisions less random when you know the types of bad traffic that the filters are trying to stop. The SendGrid document is a fantastic first stop to learn about them.

Read More