The too many.
The stupid.
The spammers.
The blog spammers are still actively attempting to get their claws into my blog. Today the comments included:
marketing is my specialty becuse i like to promote new products”‘:
lead generation is the key to becoming a very successful internet marketer,~~
The only sensible thing to do is refer the commenter to today’s XKCD:
About a month ago I posted about receiving spam from a psychic attempting to sell me candles and stuff. The spammer was sending mail from a company called “Garden of Sound” using an ESP called OnLetterhead. A brief investigation led me to believe that unsubscribing from the mail was not going to do anything.
The post prompted an email from Scott B. the VP of Marketing of the company that is responsible for OnLetterhead. I replied to his email, pointing out a number of things he was doing that made his business look like an ESP front for spammers.
After he received my mail he called me to talk to me about the content of my post and the email and to assure me they were immediately implementing one of my suggestion (that they not put a generic “here’s how to unsubscribe” link on their 1000+ link domains, instead have those actually point to their AUP and corporate pages). He also assured me they took my complaint seriously and I would no longer be receiving email.
Guess what?
Garden of Sound is still spamming me from OnLetterhead. They’ve not even managed to implement the changes they pledged would be rolled out the same week as my blog post. Sure, the domain I’m getting spam from is different, the physical postal address is different, the product is different, the friendly from is different. But the preheader still says “this mail sent by Garden of Sound.” It’s all the same list, it’s all the same company, it’s all the same group of spammers.
Despite Scott’s attempt to convince me he wasn’t a spammer, it seems my initial impression was right. OnLetterhead is simply are a company attempting to look like they’re legitimate without actually taking any responsibility for the email going out from their network. They can’t even manage the bare minimum.
It’s companies like this that give the rest of ESPs a bad name.
I sign up at a lot of websites and liberally spray email addresses across the net. These signups are on behalf of one customer or another and each webform gets its own tagged and tracked email address. I always have a specific goal with each signup: getting a copy of a customer’s email, checking their signup process, auditing an affiliate on behalf of a customer or identifying where there might be a problem in a process. Because I have specific goals, I am pretty careful with these signups and usually uncheck every “share my email address” box I can find on the forms.
In every case the privacy policies of my clients and the things they tell me are explicit in that addresses will not be shared. It’s all opt-in, and email addresses are not shared without permission. Even in the cases where I am auditing affiliates, my clients assure me that if I follow this exact process my address will not be shared. Or so the affiliates have assured them.
Despite my care and the privacy policies on the websites, these addresses occasionally leak or are sold. This is actually very rare, and most of the websites I test never do anything with my address that I don’t expect. But in a couple cases these email addresses have ended up in the hands of some hard core spammers (hundreds of emails a day) and there was no useful tracking I could do. In other cases the volume has been lower, and I’ve watched the progression of my email addresses being bought and sold with morbid fascination.
Today an address I signed up at a website about a year ago got hit with multiple spams in a short time frame. All came from different IPs in the same /24. All had different domains with no websites. Whois showed all the domains were registered behind a privacy protection service. Interestingly, two of the domains used the same CAN SPAM address. The third had no CAN SPAM address at all. None of these addresses match the data I have on file related to the email signup.
It never ceases to amaze me how dishonest some address collection outfits. Their websites state clearly that addresses will not be bought an sold, and yet the addresses get lots of spam unrelated to the original signup. For those dishonest enough to do this they’ll never get caught unless recipients tags and tracks all their signups. Even worse, unless their partners test their signups or their mailing practices, the partners may end up unwittingly sending spam.
MessageLabs released their monthly report on email threats yesterday. Many media outlets picked up and reported that 41% of spam was from a the Rustock botnet.
Other highlights from the report include: