Marketing to businesses

“If you do stupid things, you’re going to get blocked,” says Jigsaw CEO Jim Fowler in an interview with Ken Magill earlier this week.
Jigsaw is a company that rewards members to input their valuable business contacts. Once the addresses are input into Jigsaw, they are sold to anyone who wants them. Jigsaw gets the money, the people providing information get… something, the people who provided business cards to Jigsaw members get spammed and the people who downloaded the lists get to deal with a delivery mess. Sounds like a lose for everyone but Jigsaw.
Except that now Jigsaw is listed on the SBL for spam support services. Well, that’s going to cause some business challenges, particularly given how many companies use the SBL as part of their filtering scheme.
It’s hard to think of a situation where I would appreciate someone I gave a business card to providing my information to a site that then turns around and lets anyone download it to send email to. I know, I know, there are a million companies out there I’ve never heard of that have The Product that will Solve All my Problems. But, really, I don’t want them in my work mailbox. The address I give out on my business cards is, for, y’know, people to contact me about what I’m selling or to contact me about things they’ve already purchased from me. That address is not for people to market to. I have other addresses for vendors, and even potential vendors, to contact me.
Jigsaw clearly facilitates spam to businesses by collecting email addresses and then selling them on. This is a drain on small businesses who now have inboxes full of valuable offers to wade through. Perhaps their stint on the SBL will make them reconsider their spam support services.
HT: Al

Related Posts

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More

Email as a PR problem

Email is a great way to connect to and engage with people. It is also a medium where the sender doesn’t get to control the message as well as they might in other media. This means that sometimes email campaigns go wrong in a way that drives a national news story about how you are a spammer.
In the stress and flurry of dealing with public accusations of spamming many companies overlook the fact that the underlying issue is they are sending mail that the recipients don’t want or don’t expect. If there is a public uproar about your mail as spam, then there is a good chance something in  your email strategy isn’t working.
Even in the recent White House as spammers strategy, there is a strong chance that they are actually using reasonable and industry standard methods to collect email addresses. However, in their case, they are a large target for people to forge email addresses in forms. “Bob doesn’t like the president, but I’ll sign him up for this list so he can learn how things really are.” or “Joe doesn’t like the democrats so I’ll sign him up for their mailings just to piss him off.”

When you are confronted with an email campaign that upsets a large number of people there are a number of steps you should take.
Step 1: Gather information
This includes information internally about what actually happened with the campaign and information from the people who are complaining.
Externally: Get copies of the emails with full headers. If you’re working with people who do not want to reveal any details of the mail they received then you may not be able to fully investigate it, but if they do you will have everything you need right there. Figure out where their address came from (you do have good audit trails for all your email addresses, right?).
Internally: Talk to everyone who worked on that particular campaign. This includes the geek down in the IT department who manages the database. Figure out if anything internally went wrong and mail was sent to people it wasn’t intended for. I know of at least 2 cases where a SQL query was incorrectly set up and the unsubscribe list was mailed by accident.
Step 2: Identify the underlying problem
Look at all the available information and identify what happened. Was there a bad source of email addresses? Did someone submit addresses of spamtraps to a webform? Was there a technical problem? Again, talk to your people internally. In many companies I have noticed a tendency to try and troubleshoot problems like this at very high levels (VP or C-level executives) without involving the employees who probably know exactly what happened. This sometimes leads to mis-identifying the problem. If you can’t identify it, you can’t fix it.
Step 3: Identify the solution
Once you know what the problem was, you can work out a solution. Sometimes these are fairly simple, sometimes not so much. On the simple end you may have to implement some data hygiene. On the more complex end, you may need to change how data is handled completely.
Step 4: Inform the relevant parties of the solution
Make a statement about the problem, that you’ve identified it and that you’ve taken steps to fix it. How you do this is a little outside my area of expertise, although I have participated in crafting the message, rely on your PR folks on how to communicate this. In the Internet space, honesty is prized over spin, so do remember that.
Every company is going to have the occasional problem. In the email space, that tends to result in the company being labeled a spammer. Instead of being defensive about the label, use the accusation to drive internal change to stop your mail from being labeled spam by the recipients.

Read More

Beware: Phishing and Spam in Social Networks

Trend Micro warns us today about how spam and phishing can hit you even in the closed ecosystem of a social networking system such as Facebook. Malware abounds. And in the social network arena, just like anywhere else, “using your account to send spam” is a common thing for the bad guys to want to do.
In Rik Ferguson’s investigation (which I read about on CNet News), he came across a link to a URL that asked for his Facebook credentials, supposedly necessary to allow installation of a specific Facebook application. Once the credentials were handed over, the app immediately spammed all of his Facebook friends, sending them a bogus notification, attempting to draw them into visiting the phishing/malware URL, with (one assumes) the hope of spreading the infection even wider.
He’s a researcher for Trend Micro, so he knows what he’s doing. But for the rest of us, this highlights how necessary it is to be careful with who you give your usernames and passwords to. In my opinion, it’s never safe to take your username and password from one site and hand it over to another site. Some social networking make the problem even worse by blurring the lines between safe and unsafe by asking for usernames and passwords to third party accounts, but you just can never know with 100% certainty which sites are legitimate and which ones aren’t.
— Al Iverson

Read More