Email attacks

Ken has an article up today about the ongoing attacks against ESPs and email marketers. In it he says:

Someone in permission-based email marketing should have sounded the alarm about the wedding-photo attacks months before Blumberg did.

The attacks were being talked about on at least 2 different private lists. One made up primarily of email marketers and most of them didn’t seem to take it very seriously. The other list, though, had a number of people sounding loud alarms, sharing IP addresses to block and reporting the information to various block lists and anti-spam vendors in order to protect their infrastructure. One of my clients has been aggressively chasing this for a few months, as well.
To the best of my knowledge, no one knew of any actual compromises that had happened. I only received my first phish last Wednesday. The only other company that had sent mail to that tagged address was Return Path and I immediately notified them that they appeared to be breached.
While I know nothing was made public and that may be a problem, to assert that no one sounded an alarm is untrue. There were a lot of people that were sounding alarms and sharing information to help other companies protect themselves from the phishing attacks. To the best of my knowledge the truly targeted spear phishing attacks on ESPs started about 6 weeks ago.
Ken touches briefly on something that I, and others, have been saying. Email is hostile traffic. Email marketers seem to not understand how much hostile traffic comes into the average users’ mailbox nor how many email marketing practices actually train users to be accepting of that traffic.
It’s something I will be blogging about over the next few days or months. Because it’s time for email marketers to understand just how malicious spammers are and how they can stop helping the criminals.

Related Posts

Email appending

Mickey talks about appending and why it’s not a good practice.

Read More

The myth of the low complaint rate

I have been reading the complaints filed by Holomaxx and will have some analysis and information about them probably Monday or Tuesday next week. I’ve been keeping an eye on the press and something that Ken Magill said caught my eye.

Read More

The dark side of email marketing

Everyone I talk to when dealing with issues inevitably has to tell me they are legitimate email marketers. They’re not spammers, they’re just business people. I often find it difficult to fathom why they need to tell me this. It’s not like email marketers are criminals or anything.
Two recent stories reminded me how evil some folks are. While I’ve not had any direct contact (that I know of) with any of the players on this end of things I have zero doubt that if they called me they would tell me that they were legitimate email marketers.
In one case, a members of a spam gang kidnapped the teenage daughter of someone investigating their activities. The gang held her for more than 5 years in horrific conditions. Yesterday Joseph Menn, author of “Fatal System Error” posted on Boing Boing that his friend got his daughter back. It is a heartbreaking story and incredibly sobering.
In another case, the Russian police arrested a man who ran spammit.com, a clearinghouse for viagra sellers to find spammers to send their mail. Reports say that mail volumes dropped by a fifth after the site was taken offline.
There is real evil in the email marketing industry. Sure, they’re spammers and we can all stand up and say they’re not legitimate. But, this is what the ISPs and Spamhaus and law enforcement are dealing with on a regular basis.

Read More