Email attacks

Ken has an article up today about the ongoing attacks against ESPs and email marketers. In it he says:

Someone in permission-based email marketing should have sounded the alarm about the wedding-photo attacks months before Blumberg did.

The attacks were being talked about on at least 2 different private lists. One made up primarily of email marketers and most of them didn’t seem to take it very seriously. The other list, though, had a number of people sounding loud alarms, sharing IP addresses to block and reporting the information to various block lists and anti-spam vendors in order to protect their infrastructure. One of my clients has been aggressively chasing this for a few months, as well.
To the best of my knowledge, no one knew of any actual compromises that had happened. I only received my first phish last Wednesday. The only other company that had sent mail to that tagged address was Return Path and I immediately notified them that they appeared to be breached.
While I know nothing was made public and that may be a problem, to assert that no one sounded an alarm is untrue. There were a lot of people that were sounding alarms and sharing information to help other companies protect themselves from the phishing attacks. To the best of my knowledge the truly targeted spear phishing attacks on ESPs started about 6 weeks ago.
Ken touches briefly on something that I, and others, have been saying. Email is hostile traffic. Email marketers seem to not understand how much hostile traffic comes into the average users’ mailbox nor how many email marketing practices actually train users to be accepting of that traffic.
It’s something I will be blogging about over the next few days or months. Because it’s time for email marketers to understand just how malicious spammers are and how they can stop helping the criminals.

Related Posts

Don't be Amelia

I have an adorable cat that I ‘taught’ that I would pet her if she tapped me on the arm or shoulder with her paw. It was cute for a while, but then she got more and more demanding. Eventually, she was clawing at my clothes and skin to get attention and petting.
It’s gotten to the point where I have to put a stop to it. She’s just getting too destructive to me and my clothing. So over the last two weeks I’ve been trying to only reward those touches that don’t involve claws and giving her a stern “NO CLAWS” when she does try to claw me.
As I was sitting here this afternoon, going through yet another round of NO CLAWS with her, I realized that my interactions with her were eerily similar to email marketing.
You see, Amelia started using her claws to get my attention because I didn’t always respond to her gentle taps. But claws hurt, and were a problem, so I would respond. This is exactly like marketers who don’t see a response to their email marketing campaigns and thus up the aggressiveness of those campaigns. More mail, more frequency, stronger offers, anything to get a response out of recipients.
Eventually, though, the recipient finally gets annoyed. The aggressive “taps” result in spam complaints. The sender has pushed the recipient from “it’s not so bad” to “make this sender stop bugging me.”
Email marketing is interruption marketing and there is only so much recipients will tolerate. And, trust me, few email marketers are as cute as my Amelia Cat.

Read More

Ah, Spammers.

The too many.
The stupid.
The spammers.
The blog spammers are still actively attempting to get their claws into my blog. Today the comments included:

Read More

More information on arrests

Terry Zink has a more detailed post on some of the spammer arrests and takedowns that have happened recently.
In addition to the events I mentioned yesterday, authorities arrested an Armenian man suspected of running the Bredolab botnet. Unfortunately, the arrest has not stopped the spam with the malware payload.
These are issues that many ISP abuse and postmaster desks deal with on a daily basis. Their filtering schemes and policies are in place to protect customers from the mob, and criminals. I don’t think enough marketers and senders understand exactly how much the ISPs are dealing with and why many ISPs don’t really care that “mail is taking 12 hours to get to the inbox.” They are dealing with much more important things.

Read More