AARP, SureClick, Offerweb and Spam

On Tuesday Laura wrote about receiving spam sent on behalf of the AARP. The point she was discussing was mostly just how incompetent the spammer was, and how badly they’d mangled the spam such that it was hardly legible.
One of AARPs interactive advertising managers posted in response denying that it was anything to do with the AARP.

This isn’t from AARP…this is a SPAM that’s been going around for years now. Did you bother looking into the source code to see where it sends you? My guess is it aint AARP…Do you know what your talking about?

Yes, Scott, we do know what we’re talking about, and we did look into the source code.
Yesterday Laura discussed in general principles how mainstream companies typically send spam by hiring a company who hires a company who hires a company to send spam.
We’re fairly familiar with how this works – one of the things Word to the Wise does is to provide forensics and expert witness services in email-related cases – so we dug into this email so as to work out what the story behind it was.
The story, as far as we can tell at a quick look, is that the AARP hired a company called SureClick to generate “Qualified Leads”.

SureClick homepage
You can see that they’re fairly proud to have the AARP as a flagship client.
What do SureClick do for their flagship client? They pay affiliates to drive traffic to their AARP membership signup page. I’m not sure exactly how much they’re paying for each signup, but it must be more than $12 as that’s how much SureClick’s affiliates are, in turn, offering to pay their affilliates.
In the case of the spam sent to Laura the affiliate SureClick hired was OfferWeb. What do OfferWeb do? They pay affiliates to drive traffic to their landing page. Seeing a pattern yet?
OfferWeb then hired a hard core spammer to actually send the spam on AARPs behalf. This guy, apparently based in Utah but spamming from a machine hosted in Pennsylvania, is doing everything he can to avoid his spam being recognised and blocked, using dozens of domains and IP addresses and sending messages stuffed full of hashbusters that have hardly any text, just images, to try and hide from spam filters.
One irony is that the Pennsylvania ISP who is hosting the spammer is also the same ISP who host the email account the spam was sent to. Sometimes the best place to start cleaning up is close to home.
So the spammer sends out millions of pieces of email to addresses he’s harvested or bought, most of which is blocked or ends up in the junk folder. When someone responds he passes them on to OfferWeb, who pass them on to SureClick who sign them up for the AARP. Then the AARP pays SureClick, who keep some of the money and pay OfferWeb, who keep some of the money and give the rest to the spammer.
It’s the advertising budget at AARP, and hundreds of companies like them, that makes this sort of spamming worthwhile.
If you’re interested in where all this data came from, check back tomorrow.

Related Posts

And the ugly…

Getting back to my series on the good, the typical and the ugly in the ESP field, and there is some very ugly out there. I have 3 examples of the ugliness out there and what ESPs and legitimate senders are competing with.
The fake ESP
A spammer approached me early on in my consulting career, asking me to help him set up a fake ESP. He wanted to set up his corporate network so that to an outsider it would look like he was selling ESP services and thus had a large number of customers. There wouldn’t be any customers, however, all the mail would be coming from his company. When the blocking got bad enough, and it would as he would purchase addresses from anywhere, he would “disconnect” the responsible customer. My role was to help him come up with a plausible sounding acceptable use policy and then contact the ISPs when he “disconnected” the customer. I declined to participate in this scheme. This doesn’t appear to have stopped him, though, if the rumors I hear are to be believed.
Waterfalling
Related to the fake ESP scheme is waterfalling. Spammers acquire lists of email addresses and then begin the process of cleaning them by mailing. In some cases, they mail through fake ESPs, as above. In other cases, they actually spread their traffic out across legitimate ISPs. As they mail the lists through the ESPs, they remove unsubscribes, bounces and complaints. When the list reaches a set cleanliness, they move it to another ESP. They repeat this, gradually moving through cleaner and cleaner ESPs. Eventually, they move the list to their own network and sell mailings to it as an opt-in list. It’s not opt-in, it’s just cleansed of all negative responders.
The companies abusing ESPs to clean their lists do tarnish the reputation of ESPs. While the responsible ESPs do disconnect the waterfallers, they usually do so after problems are detected. That being said, there are some companies that are constantly looking for “partnerships” at ESPs and the ESPs turn them away during the sales cycles.
Affiliates
While not necessarily an ESP problem there are some large companies out there that hire spammers to send acquisition email for them. They also send their own mail, both marketing and transactional, through ESPs. The issue for ESPs come when the URL blocks happen and the bad reputation of their customer’s mail bleeds back to the ESPs IP addresses. The ESP becomes known as “one of those places that mails for X” and their reputation falls accordingly. In some cases, even if the mail through the ESP is clean and opt-in, the ESP finds itself blocklisted for just doing business with a company that hires spammers.
I’ve had a couple clients recommended to me by ESPs because the ESP was dealing with a persistent spam block around this particular customer. The mail the customer sent through the ESP was opt-in, but the client was using an extensive network of affiliates to send spam for them. I collected a lot of examples of their spam from various affiliates, even gave them a couple of examples from my own email addresses. One of those addresses has not been actively used in 6 years. My client tells me they talked to their affiliates and that the affiliate assured them I had signed up, I just forgot. The client chose to believe the affiliate over me, despite the fact that I had many other examples. That client lost their ESP (and good for the ESP) but is still sending spam. I just got one advertising their stuff yesterday, at the same address I gave to them years ago, all images, hashbusters, domain hidden behind proxy, coming from a snowshoer network.
All of the companies I’ve talked about here describe themselves as legitimate email marketers. Even the company telling me I opted in to their mail was defending themselves and their affiliates as legitimate email marketers.

Read More

Important notification spammers break the law

I’m currently being inundated at multiple address with spam advertising spamming services. Most of these notices have the subject line: IMPORTANT NOTIFICATION. The text includes:

Read More

Did anyone actually look at this email before sending?

I received spam advertising AARP recently. Yes, AARP. Oh, of course they didn’t send me spam, they hired someone who probably hired someone who contracted with an affiliate marketer to send mail.
The affiliates, while capable of bypassing spam filters, are incapable of actually sending readable mail.

Read More