TWSD: breaking the law

I tell my clients that they should comply with CAN SPAM (physical postal address and unsubscribe option) even if the mail they are sending is technically exempt. The bar for legality is so low, there is no reason not to.
Sure, there is a lot of spam out there that does not comply with CAN SPAM. Everything you see from botnets and proxies is in violation, although many of those mails do actually meet the postal address and unsubscribe requirements.
One of my spams recently caught my eye today with their disclaimer on the bottom: “This email message is CAN SPAM ACT of 2003 Compliant.” The really funny bit is that it does not actually comply with the law. Even better, the address it was sent to is not published anywhere, so the company could also be nailed for a dictionary attack and face enhanced penalties.
It reminds me of the old spams that claimed they complied with S.1618.

In accordance with Bill S.1618 Title III passed by the 105th U. S. Congress, this letter can not be considered spam as long as we include: (1) Contact information and (2) a way to be removed from future mailings.

That bill was passed, but never signed into law. That did not stop spammers from adding the disclaimer to spam, though. When I was working as abuse@ we actually treated the presence of the Murkowski disclaimer (the original bill was sponsored by Senator Murkowski) as a defacto sign that our customer was spamming. It was not a bad rule of thumb, either. People who used that disclaimer usually did not have permission to send the mail they were sending. Murkowski disclaimers were common up until mid-2003, and every once in a while they will still be seen in spam.
All readers who may be thinking of actually buying SEO services, avoid Internet-marketing-one.com. They may tell you they will comply with the law, but if their spam is any evidence they do not.

Related Posts

Reunion.com sued under CA anti-spam law

Ethan Ackerman posted a rather long analysis of the class action lawsuit filed against Reunion.com over at Eric Goldman’s Technology and Law Blog. Part of the case is related to Reunion.com’s scraping of address books, something I have discussed here before.
The analysis goes through the case step by step and is well worth a read. There are a lot of issues being explored, including the applicability of CAN SPAM to “forward to a friend” email. This case also touches on CAN SPAM and preemption of state laws.
Definitely a post worth reading and a case worth keeping an eye on.

Read More

Alphabetical spammers

There have been a couple posts recently about a paper presented at the Fifth Conference on Email and Spam (CEAS). The paper showed how addresses beginning with different letters get different volumes of spam.
But this post is not really about the paper, although it is an interesting academic review of spam, it is more about a memory that the discussions triggered.
Long ago I was handling the abuse desk at the very large network provider. This was in the days before Feedback loops, so every complaint was an actual forwarded email from a recipient. Generally, we saw a couple dozen complaints about any individual spam problem. Not a huge volume by any means, but that meant that any volume of complaints was significant.
One afternoon I started seeing a spike in complaints about a customer who never received complaints before. I started looking a little deeper and discovered we had around 50 complaints about this mailing, many from people I knew, and all from individuals at domains that started with A. This was one of the few times we actually pulled the plug in the middle of a mailing.
I still remember going to my boss suggesting this was something to take action on now because we had over 50 complaints and they were still in the A‘s! The customer was mortified that the guaranteed opt-in list they purchased was so bad and promised never to spam again.
Have a good weekend everyone.

Read More

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More