Spam from mainstream companies
Yesterday I wrote about spam I received advertising AARP and used it as an example of a mainstream group supporting spammers by hiring them (or hiring them through proxies) to send mail on their behalf.
My statement appears to have upset someone, though. There is one comment on the post, coming from an IP address allocated to the AARP.
This isn’t from AARP…this is a SPAM that’s been going around for years now. Did you bother looking into the source code to see where it sends you? My guess is it aint AARP…Do you know what your talking about?
What I’m talking about is one reason spam is such a problem. There are large number of mainstream companies, like AARP, that support spammers by hiring them either directly or indirectly.
Sure, the links in the email don’t point directly to the AARP. They go through multiple redirects and end up at https://www.aarpmembership.org/enroll/index.php<encodedlink>. I grabbed a screen shot of the website.
If you pull off the encoded end of the link and just go to aarpmembership.com, then you get a 403 forbidden message. That’s what spammers do, put up partial websites to collect information. They don’t bother mirroring the customer’s whole website, they just put up a form to collect information.
Now, it’s certainly possible that this spam is from a group of phishers attempting to use the AARP brand. If that’s true, though, why is the commenter asking me if I know what I’m talking about? Why isn’t he concerned about the AARP brand being advertised in spam?
I’m not trying to pick specifically on the AARP, they’re not the only company to do this. Gerber hired spammers to sell me their baby-insurance package. Gevallia has been advertised by spam for years. The list of companies using spam goes on and on.
But this behaviour — hiring spammers to send mail while being able to claim it was the work of some spammer who just decided to send mail advertising AARP memberships, or Gerber baby insurance, or 500 business cards for a dollar is a major part of the spam problem. This is why the ISPs keep increasing their standards. This is why getting into the inbox is so difficult. This is why just being a legitimate company isn’t enough.