Spam from mainstream companies

Yesterday I wrote about spam I received advertising AARP and used it as an example of a mainstream group supporting spammers by hiring them (or hiring them through proxies) to send mail on their behalf.
My statement appears to have upset someone, though. There is one comment on the post, coming from an IP address allocated to the AARP.

This isn’t from AARP…this is a SPAM that’s been going around for years now. Did you bother looking into the source code to see where it sends you? My guess is it aint AARP…Do you know what your talking about?

What I’m talking about is one reason spam is such a problem. There are large number of mainstream companies, like AARP, that support spammers by hiring them either directly or indirectly.
Sure, the links in the email don’t point directly to the AARP. They go through multiple redirects and end up at https://www.aarpmembership.org/enroll/index.php<encodedlink>. I grabbed a screen shot of the website.

Screenshot of not-the-AARP spam landing page
Doesn't this look like an official AARP website?
If you pull off the encoded end of the link and just go to aarpmembership.com, then you get a 403 forbidden message. That’s what spammers do, put up partial websites to collect information. They don’t bother mirroring the customer’s whole website, they just put up a form to collect information.
Now, it’s certainly possible that this spam is from a group of phishers attempting to use the AARP brand. If that’s true, though, why is the commenter asking me if I know what I’m talking about? Why isn’t he concerned about the AARP brand being advertised in spam?
I’m not trying to pick specifically on the AARP, they’re not the only company to do this. Gerber hired spammers to sell me their baby-insurance package. Gevallia has been advertised by spam for years. The list of companies using spam goes on and on.
But this behaviour — hiring spammers to send mail while being able to claim it was the work of some spammer who just decided to send mail advertising AARP memberships, or Gerber baby insurance, or 500 business cards for a dollar is a major part of the spam problem. This is why the ISPs keep increasing their standards. This is why getting into the inbox is so difficult. This is why just being a legitimate company isn’t enough.

Related Posts

You want to sell me a list?

Over the years, some of my clients have found it expedient to give me email addresses at their domains. These addresses forward mail addressed to laura@clientsite to my own mailbox. Generally these are so I can be added to internal mailing lists and have access to their internal tools.
It’s often amusing to see the spam that comes through to those addresses. Over the last few weeks I’ve received multiple spams advertising an email appending service.
Let the irony sink in. An email appending service is sending me an email at a client company offering the client company the opportunity to append email addresses. “See how accurate our appending is!”
How accurate can a service be if they can’t even target their own spam correctly?
In addition to the appalling targeting they’re also violating CAN SPAM (no physical postal address), their website is a collection of broken links and they don’t provide any company name or information in the email or on the website.
To top it all off, the mail says, “if you’re not the right person to act on this mail, please forward this to the right person.” Followed by a standard legal disclaimer that says, “The information contained in this e-mail message and any attachments is confidential information intended only for the use of individuals or entities named above. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail at the originating address.”
I wonder if blogging about the utter email incompetence about mail from David Williams, Business Development (phone number: 800-961-5127) violates the confidentiality clause?

Read More

More on opt-out for B2B marketing

There is still a bit of discussion going on around the HBR article on how B2B mail should be opt-out not opt in on various delivery blogs. Over on the Blue Sky Factory blog new daddy (congratulations!) DJ writes a post about why he thinks opt-out in any context is a poor marketing decision.
One of his commenters follows up with a long comment about how recipients shouldn’t get angry when they get unsolicited email from a company they have interacted with.

Read More

We only mail people who sign up!

I get a lot of calls from clients who can’t understand why they have spamtraps on their lists. Most of them tell me that they never purchase or rent lists, and they only mail to people who sign up on their website. I believe them, but not all of the data that people input into webforms is correct.
While I don’t have any actual numbers for how many people lie in forms, there was a slashdot poll today that asked readers “How truthful are you when creating web accounts?”. The answer seems to be “not very” at least for the self-selected respondents.

Read More