Spam from mainstream companies

Yesterday I wrote about spam I received advertising AARP and used it as an example of a mainstream group supporting spammers by hiring them (or hiring them through proxies) to send mail on their behalf.
My statement appears to have upset someone, though. There is one comment on the post, coming from an IP address allocated to the AARP.

This isn’t from AARP…this is a SPAM that’s been going around for years now. Did you bother looking into the source code to see where it sends you? My guess is it aint AARP…Do you know what your talking about?

What I’m talking about is one reason spam is such a problem. There are large number of mainstream companies, like AARP, that support spammers by hiring them either directly or indirectly.
Sure, the links in the email don’t point directly to the AARP. They go through multiple redirects and end up at https://www.aarpmembership.org/enroll/index.php<encodedlink>. I grabbed a screen shot of the website.

Screenshot of not-the-AARP spam landing page
Doesn't this look like an official AARP website?
If you pull off the encoded end of the link and just go to aarpmembership.com, then you get a 403 forbidden message. That’s what spammers do, put up partial websites to collect information. They don’t bother mirroring the customer’s whole website, they just put up a form to collect information.
Now, it’s certainly possible that this spam is from a group of phishers attempting to use the AARP brand. If that’s true, though, why is the commenter asking me if I know what I’m talking about? Why isn’t he concerned about the AARP brand being advertised in spam?
I’m not trying to pick specifically on the AARP, they’re not the only company to do this. Gerber hired spammers to sell me their baby-insurance package. Gevallia has been advertised by spam for years. The list of companies using spam goes on and on.
But this behaviour — hiring spammers to send mail while being able to claim it was the work of some spammer who just decided to send mail advertising AARP memberships, or Gerber baby insurance, or 500 business cards for a dollar is a major part of the spam problem. This is why the ISPs keep increasing their standards. This is why getting into the inbox is so difficult. This is why just being a legitimate company isn’t enough.

Related Posts

Did anyone actually look at this email before sending?

I received spam advertising AARP recently. Yes, AARP. Oh, of course they didn’t send me spam, they hired someone who probably hired someone who contracted with an affiliate marketer to send mail.
The affiliates, while capable of bypassing spam filters, are incapable of actually sending readable mail.

Read More

Watch those role accounts

Ben at Mailchimp has a post up explaining what role accounts are and why mailing to them can be a problem.

Read More

Improving the email interface

Want an improved email interface? Then build it.
There’s been an ongoing discussion about adding thumbs up / thumbs down style buttons to email clients. While I am dubious this is a useful feature or something that recipients will use, if there are others in the industry that think it would be useful then I strongly suggest they go ahead and create it.
In fact, there are a couple things that have been asked for in email interfaces that aren’t currently provided. Last October I blogged about adding an unsubscribe button to email clients.

Read More