TWSD: Run, hide and obfuscate

Spammers and spamming companies have elevated obfuscating their corporate identities to an artform. Some of the more dedicated, but just this side of legal, spammers set up 3 or 4 different front companies: one to sell advertising, one or more to actually send mail, one to get connectivity and one as a backup for when the first three fail. Because they use rotating domain names and IP addresses all hidden behind fake names or “privacy protection services”, the actual spammer can be impossible to track without court documents.
One example of this is Ken Magill’s ongoing series of reports about EmailAppenders.
Aug 5, 2008 Ouch: A List-Purchase Nighmare
Sept 9, 2008 Umm… About EmailAppenders’ NYC Office
Sept 15, 2008 E-mail Appending Plot Thickens
Nov 11, 2008 EmailAppenders Hawking Bogus List, Claims Publisher
Dec 23, 2008 Internet Retailer Sues EmailAppenders
Feb 1, 2009 EmailAppenders Update
Mar 10, 2009 Another Bogus E-mail List Claimed
April 14, 2009 EmailAppenders a Court No-Show, Says Internet Retailer
April 21, 2009 EmailAppenders Gone? New Firm Surfaces
May 5, 2009 EmailAppenders Back with New Web Site, New Name
Their actions, chronicled in his posts, are exactly what I see list providers, list brokers and “affiliate marketers” do every day. They hide, they lie, they cheat and they obfuscate. When someone finally decides to sue, they dissolve one company and start another. Every new article demonstrates what spammers do in order to stay one step ahead of their victims.
While Ken has chronicled one example of this, there are dozens of similar scammers. Many of them don’t have a persistent reporter documenting all the company changes, so normal due diligence searches fail to turn up any of the truth. Companies looking for affiliates or list sources often fall victim to scammers and spammers, and suffer delivery and reputation problems as a result.
Companies that insist on using list sellers, lead generation companies and affilates must protect themselves from these sorts of scammers. Due diligence can be a challenge, because of the many names, domains and businesses these companies hide behind. Those tasked with investigating affiliates, address sources or or mailing partners can use some of the same investigative techniques Ken did to identify potential problems.

  1. Whois records. Any company should have valid contact information in whois. Business addresses should never be hidden behind “privacy protection services.” Free email addresses and low cost DNS providers are also a warning sign.
  2. Phone numbers. Phone numbers can be a bit trickier to change than domain names or IP addresses, so look up phone numbers of potential partners. Make sure you check what’s on the callerID as well as any call back numbers.
  3. Website inconsistencies. Referring to multiple company names on the website can be a sign of hasty changes to move from one identity to another. Also look for recently registered domains, a company that claims to have been on the Internet for years, but has only a 3 month history on that domain is probably hiding something. Yes, domains change and rebrandings happen but often that will be documented somewhere on the website.
  4. Website incompleteness. “Coming soon” links should always raise a red flag. One of the most famous example of this is McColo’s “website coming soon” which was up for years with no actual content.

Probably the most important investigative technique, though, signing up for the list. This will let you see how much mail the recipients get, what kind of mail is being sent, the source IPs and what domains are used in the email. You can also evaluate if the other companies using this vendor are the type of companies you want to be associated with. When doing this, use unique addresses so you can clearly track what happens to that address. Do you get mail you expected? Is it a clean subscription process? All of this data is invaluable in deciding if this is a vendor you should be associated with.
Spammers lie is a maxim among some anti-spammers. They also run, hide and obfuscate, making it hard to tell the legitimate from the illegitimate.

Related Posts

How to devalue your mailing lists

This morning I got spam about college basketball – Subject: Inside: your ESPN Tourney Guide. That’s anything but unusual, but this spam got through my spam filters and into my inbox. That’s a rare enough event that I’m already annoyed before I click on the mail in order to mark it as spam.
Wait a second, the spam claims to be from Adobe. And it’s sent to a tagged address that I only gave to Adobe. Sure enough, it’s Adobe and ESPN co-branded spam about college basketball sent to an Adobe list.
Down at the bottom of the email there’s a blob of tiny illegible text, in very pale grey on white. Buried in there is an opt-out link: “If you’d prefer not to receive e-mail like this from Adobe in the future, please click here to unsusbscribe“.
I’d prefer not to receive college sports spam from anyone, including Adobe, so I click on it and find a big empty white webpage with this in the middle of it:

Read More

e360 sues a vendor

As if suing themselves out of business by going after Comcast and Spamhaus weren’t enough, e360 is now suing Choicepoint for breach of contract and CAN SPAM violations. As usual, Mickey has all the documents (complaint and answer) up at SpamSuite.
This may actually be an interesting case. On the surface it is a contractual dispute. Choicepoint sold e360 40,000,000 data records containing contact information including email addresses, snail mail addresses and phone numbers. Some of the records were marked “I” meaning they could be used for email. Some of the records were marked “O” meaning they could not be used for email.
Despite these terms being reasonably well defined in the contract, e360 sent email to addresses in records marked “O.” Some of those addresses resulted in e360 being sued by recipients. During the course of the suit, e360 contacted Choicepoint and asked for indemnification. Choicepoint refused for a number of reasons, including the fact that Choicepoint told e360 the addresses were not for mailing. In response, e360 filed suit.
The interesting and relevant part of this case is the CAN SPAM violation that e360 alleges.

Read More

TWSD: breaking the law

I tell my clients that they should comply with CAN SPAM (physical postal address and unsubscribe option) even if the mail they are sending is technically exempt. The bar for legality is so low, there is no reason not to.
Sure, there is a lot of spam out there that does not comply with CAN SPAM. Everything you see from botnets and proxies is in violation, although many of those mails do actually meet the postal address and unsubscribe requirements.
One of my spams recently caught my eye today with their disclaimer on the bottom: “This email message is CAN SPAM ACT of 2003 Compliant.” The really funny bit is that it does not actually comply with the law. Even better, the address it was sent to is not published anywhere, so the company could also be nailed for a dictionary attack and face enhanced penalties.
It reminds me of the old spams that claimed they complied with S.1618.

Read More